protected void addRealmRep(
List<RealmRepresentation> reps, RealmModel realm, ClientModel realmManagementClient) {
if (auth.hasAppRole(realmManagementClient, AdminRoles.VIEW_REALM)) {
reps.add(ModelToRepresentation.toRepresentation(realm, false));
} else if (auth.hasOneOfAppRole(realmManagementClient, AdminRoles.ALL_REALM_ROLES)) {
RealmRepresentation rep = new RealmRepresentation();
rep.setRealm(realm.getName());
reps.add(rep);
}
}
@GET
@NoCache
@Produces("application/json")
public RealmRepresentation getRealm() {
if (auth.hasView()) {
return ModelToRepresentation.toRepresentation(realm);
} else {
auth.requireAny();
RealmRepresentation rep = new RealmRepresentation();
rep.setRealm(realm.getName());
return rep;
}
}
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
RealmRepresentation rep = new RealmRepresentation();
rep.setEnabled(true);
rep.setRealm(REALM_NAME);
rep.setUsers(new LinkedList<UserRepresentation>());
LinkedList<CredentialRepresentation> credentials = new LinkedList<>();
CredentialRepresentation password = new CredentialRepresentation();
password.setType(CredentialRepresentation.PASSWORD);
password.setValue("password");
credentials.add(password);
UserRepresentation user = new UserRepresentation();
user.setEnabled(true);
user.setUsername("manage-clients");
user.setCredentials(credentials);
user.setClientRoles(
Collections.singletonMap(
Constants.REALM_MANAGEMENT_CLIENT_ID,
Collections.singletonList(AdminRoles.MANAGE_CLIENTS)));
rep.getUsers().add(user);
UserRepresentation user2 = new UserRepresentation();
user2.setEnabled(true);
user2.setUsername("create-clients");
user2.setCredentials(credentials);
user2.setClientRoles(
Collections.singletonMap(
Constants.REALM_MANAGEMENT_CLIENT_ID,
Collections.singletonList(AdminRoles.CREATE_CLIENT)));
rep.getUsers().add(user2);
UserRepresentation user3 = new UserRepresentation();
user3.setEnabled(true);
user3.setUsername("no-access");
user3.setCredentials(credentials);
rep.getUsers().add(user3);
testRealms.add(rep);
}
/**
* Get the top-level representation of the realm
*
* <p>It will not include nested information like User and Client representations.
*
* @return
*/
@GET
@NoCache
@Produces(MediaType.APPLICATION_JSON)
public RealmRepresentation getRealm() {
if (auth.hasView()) {
return ModelToRepresentation.toRepresentation(realm, false);
} else {
auth.requireAny();
RealmRepresentation rep = new RealmRepresentation();
rep.setRealm(realm.getName());
if (auth.init(Resource.IDENTITY_PROVIDER).hasView()) {
RealmRepresentation r = ModelToRepresentation.toRepresentation(realm, false);
rep.setIdentityProviders(r.getIdentityProviders());
rep.setIdentityProviderMappers(r.getIdentityProviderMappers());
}
return rep;
}
}
/**
* Get the top-level representation of the realm
*
* <p>It will not include nested information like User and Client representations.
*
* @return
*/
@GET
@NoCache
@Produces(MediaType.APPLICATION_JSON)
public RealmRepresentation getRealm() {
if (auth.hasView()) {
RealmRepresentation rep = ModelToRepresentation.toRepresentation(realm, false);
if (session.realms() instanceof CacheRealmProvider) {
CacheRealmProvider cacheRealmProvider = (CacheRealmProvider) session.realms();
rep.setRealmCacheEnabled(cacheRealmProvider.isEnabled());
}
if (session.userStorage() instanceof CacheUserProvider) {
CacheUserProvider cache = (CacheUserProvider) session.userStorage();
rep.setUserCacheEnabled(cache.isEnabled());
}
return rep;
} else {
auth.requireAny();
RealmRepresentation rep = new RealmRepresentation();
rep.setRealm(realm.getName());
return rep;
}
}
@Test
public void addUserTest() throws Throwable {
AddUser.main(new String[] {"-u", "addusertest-admin", "-p", "password"});
assertEquals(1, dir.listFiles().length);
List<RealmRepresentation> realms =
JsonSerialization.readValue(
new FileInputStream(new File(dir, "keycloak-add-user.json")),
new TypeReference<List<RealmRepresentation>>() {});
assertEquals(1, realms.size());
assertEquals(1, realms.get(0).getUsers().size());
UserRepresentation user = realms.get(0).getUsers().get(0);
assertEquals(new Integer(100000), user.getCredentials().get(0).getHashIterations());
assertNull(user.getCredentials().get(0).getValue());
CredentialRepresentation credentials = user.getCredentials().get(0);
assertEquals(Pbkdf2PasswordHashProvider.ID, credentials.getAlgorithm());
assertEquals(new Integer(100000), credentials.getHashIterations());
KeycloakServer server = new KeycloakServer();
try {
server.start();
Keycloak keycloak =
Keycloak.getInstance(
"http://localhost:8081/auth",
"master",
"addusertest-admin",
"password",
Constants.ADMIN_CLI_CLIENT_ID);
keycloak.realms().findAll();
RealmRepresentation testRealm = new RealmRepresentation();
testRealm.setEnabled(true);
testRealm.setId("test");
testRealm.setRealm("test");
keycloak.realms().create(testRealm);
RealmResource realm = keycloak.realm("master");
List<UserRepresentation> users =
realm.users().search("addusertest-admin", null, null, null, null, null);
assertEquals(1, users.size());
UserRepresentation created = users.get(0);
assertNotNull(created.getCreatedTimestamp());
UserResource userResource = realm.users().get(created.getId());
List<RoleRepresentation> realmRoles = userResource.roles().realmLevel().listAll();
assertRoles(realmRoles, "admin", "offline_access");
List<ClientRepresentation> clients = realm.clients().findAll();
String accountId = null;
for (ClientRepresentation c : clients) {
if (c.getClientId().equals("account")) {
accountId = c.getId();
}
}
List<RoleRepresentation> accountRoles = userResource.roles().clientLevel(accountId).listAll();
assertRoles(accountRoles, "view-profile", "manage-account");
keycloak.close();
assertEquals(0, dir.listFiles().length);
} finally {
server.stop();
}
}