/**
   * Update the top-level information of the realm
   *
   * <p>Any user, roles or client information in the representation will be ignored. This will only
   * update top-level attributes of the realm.
   *
   * @param rep
   * @return
   */
  @PUT
  @Consumes(MediaType.APPLICATION_JSON)
  public Response updateRealm(final RealmRepresentation rep) {
    auth.requireManage();

    logger.debug("updating realm: " + realm.getName());

    if (Config.getAdminRealm().equals(realm.getName())
        && (rep.getRealm() != null && !rep.getRealm().equals(Config.getAdminRealm()))) {
      return ErrorResponse.error("Can't rename master realm", Status.BAD_REQUEST);
    }

    try {
      if (!Constants.GENERATE.equals(rep.getPublicKey())
          && (rep.getPrivateKey() != null && rep.getPublicKey() != null)) {
        try {
          KeyPairVerifier.verify(rep.getPrivateKey(), rep.getPublicKey());
        } catch (VerificationException e) {
          return ErrorResponse.error(e.getMessage(), Status.BAD_REQUEST);
        }
      }

      if (!Constants.GENERATE.equals(rep.getPublicKey()) && (rep.getCertificate() != null)) {
        try {
          X509Certificate cert = PemUtils.decodeCertificate(rep.getCertificate());
          if (cert == null) {
            return ErrorResponse.error("Failed to decode certificate", Status.BAD_REQUEST);
          }
        } catch (Exception e) {
          return ErrorResponse.error("Failed to decode certificate", Status.BAD_REQUEST);
        }
      }

      RepresentationToModel.updateRealm(rep, realm, session);

      // Refresh periodic sync tasks for configured federationProviders
      List<UserStorageProviderModel> federationProviders = realm.getUserStorageProviders();
      UserStorageSyncManager usersSyncManager = new UserStorageSyncManager();
      for (final UserStorageProviderModel fedProvider : federationProviders) {
        usersSyncManager.notifyToRefreshPeriodicSync(session, realm, fedProvider, false);
      }

      adminEvent
          .operation(OperationType.UPDATE)
          .representation(StripSecretsUtils.strip(rep))
          .success();
      return Response.noContent().build();
    } catch (PatternSyntaxException e) {
      return ErrorResponse.error(
          "Specified regex pattern(s) is invalid.", Response.Status.BAD_REQUEST);
    } catch (ModelDuplicateException e) {
      return ErrorResponse.exists("Realm with same name exists");
    } catch (Exception e) {
      logger.error(e.getMessage(), e);
      return ErrorResponse.error("Failed to update realm", Response.Status.INTERNAL_SERVER_ERROR);
    }
  }
 public ExtendingThemeManager(
     KeycloakSession session,
     ConcurrentHashMap<ExtendingThemeManagerFactory.ThemeKey, Theme> themeCache) {
   this.session = session;
   this.themeCache = themeCache;
   this.defaultTheme = Config.scope("theme").get("default", Version.NAME.toLowerCase());
 }
  protected void addNewMasterAdminRoles() throws SQLException, DatabaseException {
    // Retrieve ID of admin role of master realm
    String adminRoleId = getAdminRoleId();
    String masterRealmId = Config.getAdminRealm();

    PreparedStatement statement = jdbcConnection.prepareStatement("select NAME from REALM");
    try {
      ResultSet resultSet = statement.executeQuery();
      try {
        while (resultSet.next()) {
          String realmName = resultSet.getString("NAME");
          String masterAdminAppName = realmName + "-realm";

          PreparedStatement statement2 =
              jdbcConnection.prepareStatement(
                  "select ID from CLIENT where REALM_ID = ? AND NAME = ?");
          statement2.setString(1, masterRealmId);
          statement2.setString(2, masterAdminAppName);

          try {
            ResultSet resultSet2 = statement2.executeQuery();
            try {
              if (resultSet2.next()) {
                String masterAdminAppId = resultSet2.getString("ID");

                addAdminRole(
                    AdminRoles.VIEW_IDENTITY_PROVIDERS,
                    masterRealmId,
                    masterAdminAppId,
                    adminRoleId);
                addAdminRole(
                    AdminRoles.MANAGE_IDENTITY_PROVIDERS,
                    masterRealmId,
                    masterAdminAppId,
                    adminRoleId);
              } else {
                throw new IllegalStateException(
                    "Couldn't find ID of '"
                        + masterAdminAppName
                        + "' application in 'master' realm. ");
              }
            } finally {
              resultSet2.close();
            }
          } finally {
            statement2.close();
          }
        }
      } finally {
        resultSet.close();
      }
    } finally {
      statement.close();
    }
  }
  private void addNewAdminRoles() {
    DBCollection realms = db.getCollection("realms");
    String adminRealmName = Config.getAdminRealm();

    DBCursor realmsCursor = realms.find();
    try {
      while (realmsCursor.hasNext()) {
        BasicDBObject realm = (BasicDBObject) realmsCursor.next();
        if (adminRealmName.equals(realm.get("name"))) {
          addNewAdminRolesToMasterRealm(realm);
        } else {
          addNewAdminRolesToRealm(realm);
        }
      }
    } finally {
      realmsCursor.close();
    }
  }
  private String getAdminRoleId() throws SQLException, DatabaseException {
    PreparedStatement statement =
        jdbcConnection.prepareStatement(
            "select ID from KEYCLOAK_ROLE where NAME = ? AND REALM = ?");
    statement.setString(1, AdminRoles.ADMIN);
    statement.setString(2, Config.getAdminRealm());

    try {
      ResultSet resultSet = statement.executeQuery();
      try {
        if (resultSet.next()) {
          return resultSet.getString("ID");
        } else {
          throw new IllegalStateException("Couldn't find ID of 'admin' role in 'master' realm");
        }
      } finally {
        resultSet.close();
      }
    } finally {
      statement.close();
    }
  }
Beispiel #6
0
  private static String createToken() {
    KeycloakSession session = keycloakRule.startSession();
    try {
      RealmManager manager = new RealmManager(session);

      RealmModel adminRealm = manager.getRealm(Config.getAdminRealm());
      ApplicationModel adminConsole =
          adminRealm.getApplicationByName(Constants.ADMIN_CONSOLE_APPLICATION);
      TokenManager tm = new TokenManager();
      UserModel admin = session.users().getUserByUsername("admin", adminRealm);
      UserSessionModel userSession =
          session.sessions().createUserSession(adminRealm, admin, "admin", null, "form", false);
      AccessToken token =
          tm.createClientAccessToken(
              tm.getAccess(null, adminConsole, admin),
              adminRealm,
              adminConsole,
              admin,
              userSession);
      return tm.encodeToken(adminRealm, token);
    } finally {
      keycloakRule.stopSession(session, true);
    }
  }
 @Test
 public void testImpersonateByMastertBadImpersonator() {
   testForbiddenImpersonation("master-bad-impersonator", Config.getAdminRealm());
 }
 @Test
 public void testImpersonateByMasterImpersonator() {
   testSuccessfulImpersonation("master-impersonator", Config.getAdminRealm());
 }
 @Test
 public void testImpersonateByMasterAdmin() {
   // test that composite is set up right for impersonation role
   testSuccessfulImpersonation("admin", Config.getAdminRealm());
 }
 @Override
 public void init(Config.Scope config) {
   if (Config.scope("theme").getBoolean("cacheThemes", true)) {
     themeCache = new ConcurrentHashMap<>();
   }
 }