public CachedClient(Long revision, RealmModel realm, ClientModel model) { super(revision, model.getId()); clientAuthenticatorType = model.getClientAuthenticatorType(); secret = model.getSecret(); registrationToken = model.getRegistrationToken(); clientId = model.getClientId(); name = model.getName(); description = model.getDescription(); this.realm = realm.getId(); enabled = model.isEnabled(); protocol = model.getProtocol(); attributes.putAll(model.getAttributes()); authFlowBindings.putAll(model.getAuthenticationFlowBindingOverrides()); notBefore = model.getNotBefore(); frontchannelLogout = model.isFrontchannelLogout(); publicClient = model.isPublicClient(); fullScopeAllowed = model.isFullScopeAllowed(); redirectUris.addAll(model.getRedirectUris()); webOrigins.addAll(model.getWebOrigins()); for (RoleModel role : model.getScopeMappings()) { scope.add(role.getId()); for (ProtocolMapperModel mapper : model.getProtocolMappers()) { this.protocolMappers.add(mapper); surrogateAuthRequired = model.isSurrogateAuthRequired(); managementUrl = model.getManagementUrl(); rootUrl = model.getRootUrl(); baseUrl = model.getBaseUrl(); defaultRoles.addAll(model.getDefaultRoles());
public static ClientRemovedEvent create(ClientModel client) { ClientRemovedEvent event = new ClientRemovedEvent(); event.realmId = client.getRealm().getId(); event.clientUuid = client.getId(); event.clientId = client.getClientId(); event.clientRoles = new HashMap<>(); for (RoleModel clientRole : client.getRoles()) { event.clientRoles.put(clientRole.getId(), clientRole.getName()); } return event; }
public static void createClientRoleMappings(ClientModel clientModel, UserModel user, List<String> roleNames) { if (user == null) { throw new RuntimeException("User not found"); } for (String roleName : roleNames) { RoleModel role = clientModel.getRole(roleName.trim()); if (role == null) { role = clientModel.addRole(roleName.trim()); } user.grantRole(role); } }
if (resourceRep.getName() != null) client.setName(resourceRep.getName()); if(resourceRep.getDescription() != null) client.setDescription(resourceRep.getDescription()); if (resourceRep.isEnabled() != null) client.setEnabled(resourceRep.isEnabled()); client.setManagementUrl(resourceRep.getAdminUrl()); if (resourceRep.isSurrogateAuthRequired() != null) client.setSurrogateAuthRequired(resourceRep.isSurrogateAuthRequired()); if (resourceRep.getRootUrl() != null) client.setRootUrl(resourceRep.getRootUrl()); if (resourceRep.getBaseUrl() != null) client.setBaseUrl(resourceRep.getBaseUrl()); if (resourceRep.isBearerOnly() != null) client.setBearerOnly(resourceRep.isBearerOnly()); if (resourceRep.isConsentRequired() != null) client.setConsentRequired(resourceRep.isConsentRequired()); client.setStandardFlowEnabled(!resourceRep.isDirectGrantsOnly()); client.setDirectAccessGrantsEnabled(resourceRep.isDirectGrantsOnly()); if (resourceRep.isStandardFlowEnabled() != null) client.setStandardFlowEnabled(resourceRep.isStandardFlowEnabled()); if (resourceRep.isImplicitFlowEnabled() != null) client.setImplicitFlowEnabled(resourceRep.isImplicitFlowEnabled()); if (resourceRep.isDirectAccessGrantsEnabled() != null) client.setDirectAccessGrantsEnabled(resourceRep.isDirectAccessGrantsEnabled()); if (resourceRep.isServiceAccountsEnabled() != null) client.setServiceAccountsEnabled(resourceRep.isServiceAccountsEnabled()); if (resourceRep.isPublicClient() != null) client.setPublicClient(resourceRep.isPublicClient()); if (resourceRep.isFrontchannelLogout() != null) client.setFrontchannelLogout(resourceRep.isFrontchannelLogout()); if (resourceRep.getProtocol() != null) client.setProtocol(resourceRep.getProtocol()); if (resourceRep.getNodeReRegistrationTimeout() != null) { client.setNodeReRegistrationTimeout(resourceRep.getNodeReRegistrationTimeout()); } else { client.setNodeReRegistrationTimeout(-1); client.updateClient();
@Override public boolean equals(Object o) { if (this == o) return true; if (o == null || !(o instanceof ClientModel)) return false; ClientModel that = (ClientModel) o; return that.getId().equals(getId()); }
public Audit client(ClientModel client) { event.setClientId(client.getClientId()); return this; }
private ClientModel addedClient(RealmModel realm, ClientModel client) { logger.trace("added Client....."); invalidateClient(client.getId()); // this is needed so that a client that hasn't been committed isn't cached in a query listInvalidations.add(realm.getId()); invalidationEvents.add(ClientAddedEvent.create(client.getId(), client.getClientId(), realm.getId())); cache.clientAdded(realm.getId(), client.getId(), client.getClientId(), invalidations); return client; }
@Override public boolean removeClient(String id, RealmModel realm) { ClientModel client = getClientById(id, realm); if (client == null) return false; invalidateClient(client.getId()); // this is needed so that a client that hasn't been committed isn't cached in a query listInvalidations.add(realm.getId()); invalidationEvents.add(ClientRemovedEvent.create(client)); cache.clientRemoval(realm.getId(), id, client.getClientId(), invalidations); for (RoleModel role : client.getRoles()) { roleRemovalInvalidations(role.getId(), role.getName(), client.getId()); } return getRealmDelegate().removeClient(id, realm); }
@Override public UserModel getServiceAccount(ClientModel client) { TypedQuery<UserEntity> query = em.createNamedQuery("getRealmUserByServiceAccount", UserEntity.class); query.setParameter("realmId", client.getRealm().getId()); query.setParameter("clientInternalId", client.getId()); List<UserEntity> results = query.getResultList(); if (results.isEmpty()) { return null; } else if (results.size() > 1) { throw new IllegalStateException("More service account linked users found for client=" + client.getClientId() + ", results=" + results); } else { UserEntity user = results.get(0); return new UserAdapter(session, client.getRealm(), em, user); } }
protected void checkClient(String service) { if (service == null) { event.error(Errors.INVALID_REQUEST); throw new CASValidationException(CASErrorCode.INVALID_REQUEST, "Missing parameter: " + CASLoginProtocol.SERVICE_PARAM, Response.Status.BAD_REQUEST); } client = realm.getClients().stream() .filter(c -> CASLoginProtocol.LOGIN_PROTOCOL.equals(c.getProtocol())) .filter(c -> RedirectUtils.verifyRedirectUri(session.getContext().getUri(), service, realm, c) != null) .findFirst().orElse(null); if (client == null) { event.error(Errors.CLIENT_NOT_FOUND); throw new CASValidationException(CASErrorCode.INVALID_SERVICE, "Client not found", Response.Status.BAD_REQUEST); } if (!client.isEnabled()) { event.error(Errors.CLIENT_DISABLED); throw new CASValidationException(CASErrorCode.INVALID_SERVICE, "Client disabled", Response.Status.BAD_REQUEST); } event.client(client.getClientId()); session.getContext().setClient(client); }
Set<RoleModel> currentAppRoles = client.getRoles(); List<RoleRepresentation> currentAppRoleReps = exportRoles(currentAppRoles); clientRolesReps.put(client.getClientId(), currentAppRoleReps); Set<RoleModel> clientScopes = client.getScopeMappings(); ScopeMappingRepresentation scopeMappingRep = null; for (RoleModel scope : clientScopes) { if (scope.getContainer() instanceof RealmModel) { if (scopeMappingRep == null) { scopeMappingRep = rep.scopeMapping(client.getClientId()); String appName = app.getClientId(); List<ScopeMappingRepresentation> currentAppScopes = clientScopeReps.get(appName); if (currentAppScopes == null) { if (scopeMapping.getClient().equals(client.getClientId())) { currentClientScope = scopeMapping; break; currentClientScope.setClient(client.getClientId()); currentAppScopes.add(currentClientScope);
for (RoleModel clientRole : client.getRoles()) { clientRole.setScopeParamRequired(false); adminConsoleClient.addProtocolMapper(localeMapper); if (client.getRole(AdminRoles.CREATE_CLIENT) == null) { RoleModel role = client.addRole(AdminRoles.CREATE_CLIENT); role.setDescription("${role_" + AdminRoles.CREATE_CLIENT + "}"); role.setScopeParamRequired(false); client.getRealm().getRole(AdminRoles.ADMIN).addCompositeRole(role); if (client.getRole(AdminRoles.CREATE_CLIENT) == null) { RoleModel role = client.addRole(AdminRoles.CREATE_CLIENT); role.setDescription("${role_" + AdminRoles.CREATE_CLIENT + "}"); role.setScopeParamRequired(false); client.getRole(AdminRoles.REALM_ADMIN).addCompositeRole(role);
for (RoleModel role : client.getRoles()) { em.flush(); } catch (RuntimeException e) { logger.errorv("Unable to delete client entity: {0} from realm {1}", client.getClientId(), realm.getName()); throw e;
private void processRoles(Set<RoleModel> inputRoles, List<RoleModel> realmRoles, MultivaluedHashMap<String, ClientRoleEntry> clientRoles) { for (RoleModel role : inputRoles) { if (role.getContainer() instanceof RealmModel) { realmRoles.add(role); } else { ClientModel currentClient = (ClientModel) role.getContainer(); ClientRoleEntry clientRole = new ClientRoleEntry(currentClient.getClientId(), currentClient.getName(), role.getName(), role.getDescription()); clientRoles.add(currentClient.getClientId(), clientRole); } } }
@Override public void preRemove(RealmModel realm, ClientModel client) { // Remove all role mappings and consents mapped to all roles of this client for (RoleModel role : client.getRoles()) { preRemove(realm, role); } // Finally remove all consents of this client DBObject query = new QueryBuilder() .and("clientId").is(client.getId()) .get(); getMongoStore().removeEntities(MongoUserConsentEntity.class, query, false, invocationContext); }
public UserModel findServiceAccount(ClientModel client) { String username = ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + client.getClientId(); logger.tracev("getServiceAccount: {0}", username); username = username.toLowerCase(); RealmModel realm = client.getRealm(); if (realmInvalidations.contains(realm.getId())) { logger.tracev("realmInvalidations");
public static Set<RoleModel> getDefaultRoles(RealmModel realm) { Set<RoleModel> set = new HashSet<>(); for (String r : realm.getDefaultRoles()) { set.add(realm.getRole(r)); } for (ClientModel application : realm.getClients()) { for (String r : application.getDefaultRoles()) { set.add(application.getRole(r)); } } return set; } public static void addDefaultRoles(RealmModel realm, UserModel userModel) {
public static void createClientScopeMappings(RealmModel realm, ClientModel clientModel, List<ScopeMappingRepresentation> mappings) { for (ScopeMappingRepresentation mapping : mappings) { ClientModel client = realm.getClientByClientId(mapping.getClient()); if (client == null) { throw new RuntimeException("Unknown client specified in client scope mappings"); } for (String roleString : mapping.getRoles()) { RoleModel role = clientModel.getRole(roleString.trim()); if (role == null) { role = clientModel.addRole(roleString.trim()); } client.addScopeMapping(role); } } }
private void updatePairwiseSubMappers(ClientModel clientModel, SubjectType subjectType, String sectorIdentifierUri) { Set<ProtocolMapperModel> protocolMappers = clientModel.getProtocolMappers(); if (subjectType == SubjectType.PAIRWISE) { // See if we have existing pairwise mapper and update it. Otherwise // create new AtomicBoolean foundPairwise = new AtomicBoolean(false); for (ProtocolMapperModel mapping : protocolMappers) { if (mapping.getProtocolMapper().endsWith(AbstractPairwiseSubMapper.PROVIDER_ID_SUFFIX)) { foundPairwise.set(true); PairwiseSubMapperHelper.setSectorIdentifierUri(mapping, sectorIdentifierUri); clientModel.updateProtocolMapper(mapping); } } // We don't have existing pairwise mapper. So create new if (!foundPairwise.get()) { ProtocolMapperRepresentation newPairwise = SHA256PairwiseSubMapper .createPairwiseMapper(sectorIdentifierUri, null); clientModel.addProtocolMapper(RepresentationToModel.toModel(newPairwise)); } } else { // Rather find and remove all pairwise mappers for (ProtocolMapperModel mapping : protocolMappers) { if (mapping.getProtocolMapper().endsWith(AbstractPairwiseSubMapper.PROVIDER_ID_SUFFIX)) { protocolMappers.remove(mapping); } } } }