Java Code Examples for org.keycloak.models.RealmModel#getMasterAdminClient()

The following examples show how to use org.keycloak.models.RealmModel#getMasterAdminClient() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: MigrateTo3_2_0.java    From keycloak with Apache License 2.0 6 votes vote down vote up 
protected void migrateRealm(KeycloakSession session, RealmModel realm) {
    PasswordPolicy.Builder builder = realm.getPasswordPolicy().toBuilder();
    if (!builder.contains(PasswordPolicy.HASH_ALGORITHM_ID) && "20000".equals(builder.get(PasswordPolicy.HASH_ITERATIONS_ID))) {
        realm.setPasswordPolicy(builder.remove(PasswordPolicy.HASH_ITERATIONS_ID).build(session));
    }

    if (realm.getDockerAuthenticationFlow() == null) {
        DefaultAuthenticationFlows.dockerAuthenticationFlow(realm);
    }

    ClientModel realmAccess = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
    if (realmAccess != null) {
        addRoles(realmAccess);
    }
    ClientModel masterAdminClient = realm.getMasterAdminClient();
    if (masterAdminClient != null) {
        addRoles(masterAdminClient);

    }
}
Example 2
Source File: ExportResourceProvider.java    From keycloak-export with GNU Affero General Public License v3.0 5 votes vote down vote up 
private void grantPermissionsToRealmCreator(AdminAuth auth, RealmModel realm) {
    if (auth.hasRealmRole(AdminRoles.ADMIN)) {
        return;
    }

    new RealmManager(session).getKeycloakAdminstrationRealm();
    ClientModel realmAdminApp = realm.getMasterAdminClient();
    for (String r : AdminRoles.ALL_REALM_ROLES) {
        RoleModel role = realmAdminApp.getRole(r);
        auth.getUser().grantRole(role);
    }
}
Example 3
Source File: IllegalAdminUpgradeTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up 
public static void setupUsers(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName(TEST);
    RealmModel master = session.realms().getRealmByName("master");
    ClientModel realmAdminClient = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
    ClientModel realmMasterAdminClient = realm.getMasterAdminClient();
    RoleModel realmManageUsers = realmAdminClient.getRole(AdminRoles.MANAGE_USERS);
    RoleModel masterManageUsers = realmMasterAdminClient.getRole(AdminRoles.MANAGE_USERS);
    RoleModel masterMasterManageUSers = master.getMasterAdminClient().getRole(AdminRoles.MANAGE_USERS);

    UserModel realmUser = session.users().addUser(realm, "userAdmin");
    realmUser.grantRole(realmManageUsers);
    realmUser.setEnabled(true);
    session.userCredentialManager().updateCredential(realm, realmUser, UserCredentialModel.password("password"));

    UserModel masterUser = session.users().addUser(master, "userAdmin");
    masterUser.grantRole(masterManageUsers);
    masterUser.setEnabled(true);
    session.userCredentialManager().updateCredential(master, masterUser, UserCredentialModel.password("password"));

    UserModel masterAdmin = session.users().addUser(master, "masterAdmin");
    masterAdmin.grantRole(masterMasterManageUSers);
    masterAdmin.setEnabled(true);
    session.userCredentialManager().updateCredential(master, masterAdmin, UserCredentialModel.password("password"));

    UserModel user = session.users().addUser(master, "user");
    user.grantRole(masterManageUsers);
    user.setEnabled(true);
    session.userCredentialManager().updateCredential(master, user, UserCredentialModel.password("password"));

    user = session.users().addUser(realm, "user");
    user.grantRole(realmManageUsers);
    user.setEnabled(true);
    session.userCredentialManager().updateCredential(realm, user, UserCredentialModel.password("password"));
}
Example 4
Source File: RealmsAdminResource.java    From keycloak with Apache License 2.0 5 votes vote down vote up 
private void grantPermissionsToRealmCreator(RealmModel realm) {
    if (auth.hasRealmRole(AdminRoles.ADMIN)) {
        return;
    }

    RealmModel adminRealm = new RealmManager(session).getKeycloakAdminstrationRealm();
    ClientModel realmAdminApp = realm.getMasterAdminClient();
    for (String r : AdminRoles.ALL_REALM_ROLES) {
        RoleModel role = realmAdminApp.getRole(r);
        auth.getUser().grantRole(role);
    }
}
Example 5
Source File: AdminConsole.java    From keycloak with Apache License 2.0 5 votes vote down vote up 
private void addMasterRealmAccess(RealmModel masterRealm, UserModel user, Map<String, Set<String>> realmAdminAccess) {
    List<RealmModel> realms = session.realms().getRealms();
    for (RealmModel realm : realms) {
        ClientModel realmAdminApp = realm.getMasterAdminClient();
        Set<RoleModel> roles = realmAdminApp.getRoles();
        for (RoleModel role : roles) {
            if (!user.hasRole(role)) continue;
            if (!realmAdminAccess.containsKey(realm.getName())) {
                realmAdminAccess.put(realm.getName(), new HashSet<String>());
            }
            realmAdminAccess.get(realm.getName()).add(role.getName());
        }
    }
}
Example 6
Source File: RealmManager.java    From keycloak with Apache License 2.0 5 votes vote down vote up 
public boolean removeRealm(RealmModel realm) {

        ClientModel masterAdminClient = realm.getMasterAdminClient();
        boolean removed = model.removeRealm(realm.getId());
        if (removed) {
            if (masterAdminClient != null) {
                new ClientManager(this).removeClient(getKeycloakAdminstrationRealm(), masterAdminClient);
            }

            UserSessionProvider sessions = session.sessions();
            if (sessions != null) {
                sessions.onRealmRemoved(realm);
            }

            UserSessionPersisterProvider sessionsPersister = session.getProvider(UserSessionPersisterProvider.class);
            if (sessionsPersister != null) {
                sessionsPersister.onRealmRemoved(realm);
            }

            AuthenticationSessionProvider authSessions = session.authenticationSessions();
            if (authSessions != null) {
                authSessions.onRealmRemoved(realm);
            }

          // Refresh periodic sync tasks for configured storageProviders
            List<UserStorageProviderModel> storageProviders = realm.getUserStorageProviders();
            UserStorageSyncManager storageSync = new UserStorageSyncManager();
            for (UserStorageProviderModel provider : storageProviders) {
                storageSync.notifyToRefreshPeriodicSync(session, realm, provider, true);
            }

        }
        return removed;
    }
Example 7
Source File: RealmManager.java    From keycloak with Apache License 2.0 5 votes vote down vote up 
private void checkMasterAdminManagementRoles(RealmModel realm) {
    RealmModel adminRealm = model.getRealmByName(Config.getAdminRealm());
    RoleModel adminRole = adminRealm.getRole(AdminRoles.ADMIN);

    ClientModel masterAdminClient = realm.getMasterAdminClient();
    for (String r : AdminRoles.ALL_REALM_ROLES) {
        RoleModel found = masterAdminClient.getRole(r);
        if (found == null) {
            addAndSetAdminRole(r, masterAdminClient, adminRole);
        }
    }
    addQueryCompositeRoles(masterAdminClient);
}