@Override public List<ClientModel> getClients() { if (updated != null) return updated.getClients(); List<ClientModel> apps = new LinkedList<ClientModel>(); for (String id : cached.getClients().values()) { ClientModel model = cacheSession.getClientById(id, this); if (model == null) { throw new IllegalStateException("Cached application not found: " + id); } apps.add(model); } return apps; }
public static Set<RoleModel> getDefaultRoles(RealmModel realm) { Set<RoleModel> set = new HashSet<>(); for (String r : realm.getDefaultRoles()) { set.add(realm.getRole(r)); } for (ClientModel application : realm.getClients()) { for (String r : application.getDefaultRoles()) { set.add(application.getRole(r)); } } return set; } public static void addDefaultRoles(RealmModel realm, UserModel userModel) {
private void checkClient(String service) { if (service == null) { return; } client = realm.getClients().stream() .filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol())) .filter(c -> RedirectUtils.verifyRedirectUri(session.getContext().getUri(), service, realm, c) != null) .findFirst().orElse(null); if (client != null) { redirectUri = RedirectUtils.verifyRedirectUri(session.getContext().getUri(), service, realm, client); session.getContext().setClient(client); } } }
@Override public boolean removeRole(RealmModel realm, RoleModel role) { session.users().preRemove(realm, role); RoleContainerModel container = role.getContainer(); if (container.getDefaultRoles().contains(role.getName())) { container.removeDefaultRoles(role.getName()); } RoleEntity roleEntity = em.getReference(RoleEntity.class, role.getId()); String compositeRoleTable = JpaUtils.getTableNameForNativeQuery("COMPOSITE_ROLE", em); em.createNativeQuery("delete from " + compositeRoleTable + " where CHILD_ROLE = :role").setParameter("role", roleEntity).executeUpdate(); realm.getClients().forEach(c -> c.deleteScopeMapping(role)); em.createNamedQuery("deleteClientScopeRoleMappingByRole").setParameter("role", roleEntity).executeUpdate(); int val = em.createNamedQuery("deleteGroupRoleMappingsByRole").setParameter("roleId", roleEntity.getId()).executeUpdate(); em.flush(); em.remove(roleEntity); session.getKeycloakSessionFactory().publish(new RoleContainerModel.RoleRemovedEvent() { @Override public RoleModel getRole() { return role; } @Override public KeycloakSession getKeycloakSession() { return session; } }); em.flush(); return true; }
role = realm.getClients().stream().map(clientModel -> clientModel.getRole(finalRoleName)).filter(roleModel -> roleModel != null) .findFirst().orElse(null);
protected void checkClient(String service) { if (service == null) { event.error(Errors.INVALID_REQUEST); throw new CASValidationException(CASErrorCode.INVALID_REQUEST, "Missing parameter: " + CASLoginProtocol.SERVICE_PARAM, Response.Status.BAD_REQUEST); } client = realm.getClients().stream() .filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol())) .filter(c -> RedirectUtils.verifyRedirectUri(session.getContext().getUri(), service, realm, c) != null) .findFirst().orElse(null); if (client == null) { event.error(Errors.CLIENT_NOT_FOUND); throw new CASValidationException(CASErrorCode.INVALID_SERVICE, "Client not found", Response.Status.BAD_REQUEST); } if (!client.isEnabled()) { event.error(Errors.CLIENT_DISABLED); throw new CASValidationException(CASErrorCode.INVALID_SERVICE, "Client disabled", Response.Status.BAD_REQUEST); } event.client(client.getClientId()); session.getContext().setClient(client); }
List<ClientModel> realmClients = realm.getClients(); for (ClientModel client : realmClients) {
private void checkClient(String service) { if (service == null) { event.error(Errors.INVALID_REQUEST); throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.MISSING_PARAMETER, CASLoginProtocol.SERVICE_PARAM); } client = realm.getClients().stream() .filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol())) .filter(c -> RedirectUtils.verifyRedirectUri(session.getContext().getUri(), service, realm, c) != null) .findFirst().orElse(null); if (client == null) { event.error(Errors.CLIENT_NOT_FOUND); throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.CLIENT_NOT_FOUND); } if (!client.isEnabled()) { event.error(Errors.CLIENT_DISABLED); throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.CLIENT_DISABLED); } redirectUri = RedirectUtils.verifyRedirectUri(session.getContext().getUri(), service, realm, client); event.client(client.getClientId()); event.detail(Details.REDIRECT_URI, redirectUri); session.getContext().setClient(client); }
RealmModel realm = ((UserRemovedEvent) event).getRealm(); ResourceServerStore resourceServerStore = storeFactory.getResourceServerStore(); realm.getClients().forEach(clientModel -> { ResourceServer resourceServer = resourceServerStore.findById(clientModel.getId());
List<ClientModel> clients = realm.getClients(); List<ClientRepresentation> clientReps = new ArrayList<>(); for (ClientModel app : clients) {
@Override public void postInit(KeycloakSessionFactory factory) { factory.register(event -> { if (event instanceof RoleRemovedEvent) { KeycloakSession keycloakSession = ((RoleRemovedEvent) event).getKeycloakSession(); AuthorizationProvider provider = keycloakSession.getProvider(AuthorizationProvider.class); StoreFactory storeFactory = provider.getStoreFactory(); PolicyStore policyStore = storeFactory.getPolicyStore(); RoleModel removedRole = ((RoleRemovedEvent) event).getRole(); RoleContainerModel container = removedRole.getContainer(); ResourceServerStore resourceServerStore = storeFactory.getResourceServerStore(); if (container instanceof RealmModel) { RealmModel realm = (RealmModel) container; realm.getClients().forEach(clientModel -> updateResourceServer(clientModel, removedRole, resourceServerStore, policyStore)); } else { ClientModel clientModel = (ClientModel) container; updateResourceServer(clientModel, removedRole, resourceServerStore, policyStore); } } }); }
@Override public UserAdapter addUser(RealmModel realm, String id, String username, boolean addDefaultRoles, boolean addDefaultRequiredActions) { UserAdapter userModel = addUserEntity(realm, id, username.toLowerCase()); if (addDefaultRoles) { for (String r : realm.getDefaultRoles()) { userModel.grantRole(realm.getRole(r)); } for (ClientModel application : realm.getClients()) { for (String r : application.getDefaultRoles()) { userModel.grantRole(application.getRole(r)); } } for (GroupModel g : realm.getDefaultGroups()) { userModel.joinGroup(g); } } if (addDefaultRequiredActions) { for (RequiredActionProviderModel r : realm.getRequiredActionProviders()) { if (r.isEnabled() && r.isDefaultAction()) { userModel.addRequiredAction(r.getAlias()); } } } return userModel; }
for (ClientModel client : model.getClients()) { clients.put(client.getClientId(), client.getId()); CachedClient cachedClient = new CachedClient(cache, delegate, model, client);
public void migrate(KeycloakSession session) { List<RealmModel> realms = session.realms().getRealms(); for (RealmModel realm : realms) { DefaultAuthenticationFlows.migrateFlows(realm); // add reset credentials flo realm.setOTPPolicy(OTPPolicy.DEFAULT_POLICY); realm.setBrowserFlow(realm.getFlowByAlias(DefaultAuthenticationFlows.BROWSER_FLOW)); realm.setRegistrationFlow(realm.getFlowByAlias(DefaultAuthenticationFlows.REGISTRATION_FLOW)); realm.setDirectGrantFlow(realm.getFlowByAlias(DefaultAuthenticationFlows.DIRECT_GRANT_FLOW)); AuthenticationFlowModel resetFlow = realm.getFlowByAlias(DefaultAuthenticationFlows.RESET_CREDENTIALS_FLOW); if (resetFlow == null) { DefaultAuthenticationFlows.resetCredentialsFlow(realm); } else { realm.setResetCredentialsFlow(resetFlow); } AuthenticationFlowModel clientAuthFlow = realm.getFlowByAlias(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW); if (clientAuthFlow == null) { DefaultAuthenticationFlows.clientAuthFlow(realm); } else { realm.setClientAuthenticationFlow(clientAuthFlow); } for (ClientModel client : realm.getClients()) { client.setClientAuthenticatorType(KeycloakModelUtils.getDefaultClientAuthenticatorType()); } } } }
realmRole.setScopeParamRequired(false); for (ClientModel client : realm.getClients()) { for (RoleModel clientRole : client.getRoles()) { clientRole.setScopeParamRequired(false);