@Override public String getClientId() { if (updated != null) return updated.getClientId(); return cached.getClientId(); }
public Audit client(ClientModel client) { event.setClientId(client.getClientId()); return this; }
public EventBuilder client(ClientModel client) { event.setClientId(client.getClientId()); return this; }
private static Map<String, ClientModel> createClients(KeycloakSession session, RealmRepresentation rep, RealmModel realm) { Map<String, ClientModel> appMap = new HashMap<String, ClientModel>(); for (ClientRepresentation resourceRep : rep.getClients()) { ClientModel app = createClient(session, realm, resourceRep, false); appMap.put(app.getClientId(), app); } return appMap; }
public Set<String> getClients() { Set<String> clients = new HashSet<String>(); for (ClientSessionModel clientSession : session.getClientSessions()) { ClientModel client = clientSession.getClient(); clients.add(client.getClientId()); } return clients; } }
@Override public Map<String, ClientModel> getClientNameMap() { if (updated != null) return updated.getClientNameMap(); Map<String, ClientModel> map = new HashMap<String, ClientModel>(); for (String id : cached.getClients().values()) { ClientModel model = cacheSession.getClientById(id, this); if (model == null) { throw new IllegalStateException("Cached application not found: " + id); } map.put(model.getClientId(), model); } return map; }
@Override default String getConsentScreenText() { String consentScreenText = ClientScopeModel.super.getConsentScreenText(); if (ObjectUtil.isBlank(consentScreenText)) { consentScreenText = getClientId(); } return consentScreenText; } }
@Override public String getClientId() { if (isUpdated()) return updated.getClientId(); return cached.getClientId(); }
@Override public UserModel getServiceAccount(ClientModel client) { TypedQuery<UserEntity> query = em.createNamedQuery("getRealmUserByServiceAccount", UserEntity.class); query.setParameter("realmId", client.getRealm().getId()); query.setParameter("clientInternalId", client.getId()); List<UserEntity> results = query.getResultList(); if (results.isEmpty()) { return null; } else if (results.size() > 1) { throw new IllegalStateException("More service account linked users found for client=" + client.getClientId() + ", results=" + results); } else { UserEntity user = results.get(0); return new UserAdapter(session, client.getRealm(), em, user); } }
@Override public void onExport(Policy policy, PolicyRepresentation representation, AuthorizationProvider authorization) { ClientPolicyRepresentation userRep = toRepresentation(policy, authorization); Map<String, String> config = new HashMap<>(); try { RealmModel realm = authorization.getRealm(); config.put("clients", JsonSerialization.writeValueAsString(userRep.getClients().stream().map(id -> realm.getClientById(id).getClientId()).collect(Collectors.toList()))); } catch (IOException cause) { throw new RuntimeException("Failed to export user policy [" + policy.getName() + "]", cause); } representation.setConfig(config); }
private void processRoles(Set<RoleModel> inputRoles, List<RoleModel> realmRoles, MultivaluedHashMap<String, ClientRoleEntry> clientRoles) { for (RoleModel role : inputRoles) { if (role.getContainer() instanceof RealmModel) { realmRoles.add(role); } else { ClientModel currentClient = (ClientModel) role.getContainer(); ClientRoleEntry clientRole = new ClientRoleEntry(currentClient.getClientId(), currentClient.getName(), role.getName(), role.getDescription()); clientRoles.add(currentClient.getClientId(), clientRole); } } }
private ClientModel addedClient(RealmModel realm, ClientModel client) { logger.trace("added Client....."); invalidateClient(client.getId()); // this is needed so that a client that hasn't been committed isn't cached in a query listInvalidations.add(realm.getId()); invalidationEvents.add(ClientAddedEvent.create(client.getId(), client.getClientId(), realm.getId())); cache.clientAdded(realm.getId(), client.getId(), client.getClientId(), invalidations); return client; }
public static ClientRemovedEvent create(ClientModel client) { ClientRemovedEvent event = new ClientRemovedEvent(); event.realmId = client.getRealm().getId(); event.clientUuid = client.getId(); event.clientId = client.getClientId(); event.clientRoles = new HashMap<>(); for (RoleModel clientRole : client.getRoles()) { event.clientRoles.put(clientRole.getId(), clientRole.getName()); } return event; }
protected void checkClient(String service) { if (service == null) { event.error(Errors.INVALID_REQUEST); throw new CASValidationException(CASErrorCode.INVALID_REQUEST, "Missing parameter: " + CASLoginProtocol.SERVICE_PARAM, Response.Status.BAD_REQUEST); } client = realm.getClients().stream() .filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol())) .filter(c -> RedirectUtils.verifyRedirectUri(session.getContext().getUri(), service, realm, c) != null) .findFirst().orElse(null); if (client == null) { event.error(Errors.CLIENT_NOT_FOUND); throw new CASValidationException(CASErrorCode.INVALID_SERVICE, "Client not found", Response.Status.BAD_REQUEST); } if (!client.isEnabled()) { event.error(Errors.CLIENT_DISABLED); throw new CASValidationException(CASErrorCode.INVALID_SERVICE, "Client disabled", Response.Status.BAD_REQUEST); } event.client(client.getClientId()); session.getContext().setClient(client); }
private boolean hasRole(Identity identity, RoleModel role, RealmModel realm) { String roleName = role.getName(); if (role.isClientRole()) { ClientModel clientModel = realm.getClientById(role.getContainerId()); return identity.hasClientRole(clientModel.getClientId(), roleName); } return identity.hasRealmRole(roleName); }
@Override public void onExport(Policy policy, PolicyRepresentation representation, AuthorizationProvider authorizationProvider) { Map<String, String> config = new HashMap<>(); Set<RolePolicyRepresentation.RoleDefinition> roles = toRepresentation(policy, authorizationProvider).getRoles(); for (RolePolicyRepresentation.RoleDefinition roleDefinition : roles) { RoleModel role = authorizationProvider.getRealm().getRoleById(roleDefinition.getId()); if (role.isClientRole()) { roleDefinition.setId(ClientModel.class.cast(role.getContainer()).getClientId() + "/" + role.getName()); } else { roleDefinition.setId(role.getName()); } } try { config.put("roles", JsonSerialization.writeValueAsString(roles)); } catch (IOException cause) { throw new RuntimeException("Failed to export role policy [" + policy.getName() + "]", cause); } representation.setConfig(config); }
@Override public boolean removeClient(String id, RealmModel realm) { ClientModel client = getClientById(id, realm); if (client == null) return false; invalidateClient(client.getId()); // this is needed so that a client that hasn't been committed isn't cached in a query listInvalidations.add(realm.getId()); invalidationEvents.add(ClientRemovedEvent.create(client)); cache.clientRemoval(realm.getId(), id, client.getClientId(), invalidations); for (RoleModel role : client.getRoles()) { roleRemovalInvalidations(role.getId(), role.getName(), client.getId()); } return getRealmDelegate().removeClient(id, realm); }
@Override public void evaluate(Evaluation evaluation) { ClientPolicyRepresentation representation = representationFunction.apply(evaluation.getPolicy(), evaluation.getAuthorizationProvider()); AuthorizationProvider authorizationProvider = evaluation.getAuthorizationProvider(); RealmModel realm = authorizationProvider.getKeycloakSession().getContext().getRealm(); EvaluationContext context = evaluation.getContext(); for (String client : representation.getClients()) { ClientModel clientModel = realm.getClientById(client); if (context.getAttributes().containsValue("kc.client.id", clientModel.getClientId())) { evaluation.grant(); return; } } }
public static UserSessionRepresentation toRepresentation(UserSessionModel session) { UserSessionRepresentation rep = new UserSessionRepresentation(); rep.setId(session.getId()); rep.setStart(Time.toMillis(session.getStarted())); rep.setLastAccess(Time.toMillis(session.getLastSessionRefresh())); rep.setUsername(session.getUser().getUsername()); rep.setUserId(session.getUser().getId()); rep.setIpAddress(session.getIpAddress()); for (ClientSessionModel clientSession : session.getClientSessions()) { ClientModel client = clientSession.getClient(); rep.getClients().put(client.getId(), client.getClientId()); } return rep; }
@Override public void authenticate(AuthenticationFlowContext context) { context.getEvent().detail(Details.USERNAME, username) .detail(Details.REGISTER_METHOD, "form") .detail(Details.EMAIL, email) ; UserModel user = context.getSession().users().addUser(context.getRealm(), username); user.setEnabled(true); user.setEmail(email); context.getClientSession().setNote(OIDCLoginProtocol.LOGIN_HINT_PARAM, username); context.setUser(user); context.getEvent().user(user); context.getEvent().success(); context.newEvent().event(EventType.LOGIN); context.getEvent().client(context.getClientSession().getClient().getClientId()) .detail(Details.REDIRECT_URI, context.getClientSession().getRedirectUri()) .detail(Details.AUTH_METHOD, context.getClientSession().getAuthMethod()); String authType = context.getClientSession().getNote(Details.AUTH_TYPE); if (authType != null) { context.getEvent().detail(Details.AUTH_TYPE, authType); } context.success(); }