103 lines
5.6 KiB
Java
103 lines
5.6 KiB
Java
package org.gcube.oidc.keycloak;
|
|
|
|
import java.io.IOException;
|
|
import java.net.MalformedURLException;
|
|
import java.security.KeyManagementException;
|
|
import java.security.NoSuchAlgorithmException;
|
|
import java.util.Arrays;
|
|
import java.util.Collections;
|
|
import java.util.HashMap;
|
|
import java.util.HashSet;
|
|
import java.util.Map;
|
|
import java.util.Set;
|
|
|
|
import org.keycloak.admin.client.Keycloak;
|
|
import org.keycloak.admin.client.resource.ClientResource;
|
|
import org.keycloak.admin.client.resource.GroupResource;
|
|
import org.keycloak.admin.client.resource.PolicyResource;
|
|
import org.keycloak.admin.client.resource.RealmResource;
|
|
import org.keycloak.admin.client.resource.ResourceResource;
|
|
import org.keycloak.admin.client.resource.RoleResource;
|
|
import org.keycloak.common.VerificationException;
|
|
import org.keycloak.representations.idm.authorization.DecisionStrategy;
|
|
import org.keycloak.representations.idm.authorization.Logic;
|
|
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
|
|
|
|
public class UglyKeycloakHelperTest {
|
|
|
|
static String clientPrefix = "client";
|
|
static String realm = "d4science";
|
|
|
|
public UglyKeycloakHelperTest() {
|
|
}
|
|
|
|
public static void maino(String[] args) throws KeyManagementException, NoSuchAlgorithmException,
|
|
VerificationException, MalformedURLException, IOException, KeycloakResourceCreationException {
|
|
|
|
KeycloakHelper kh = KeycloakHelper.getInstance("https://nubis2.int.d4science.net/auth");
|
|
// KeycloakHelper kh = getInstance("http://localhost:8080/auth");
|
|
Keycloak keycloak = kh.newKeycloakAdmin("admin", "4dm1n");
|
|
// Keycloak keycloak = keycloakHelper.newKeycloak(realm, "/gcube/devsec/devVRE",
|
|
// "12184fe2-f174-4c87-afac-b2d2bfaae4c0");
|
|
|
|
// RealmResource realmResource = kh.addRealm(keycloak, realm, realm, "<h2>" + realm + "</h2><p>Welcome</p>", true);
|
|
RealmResource realmResource = keycloak.realm(realm);
|
|
|
|
for (int clientNum = 0; clientNum < 10; clientNum++) {
|
|
String clientName = clientPrefix + clientNum;
|
|
ClientResource client = kh.addClient(realmResource, clientName, clientName, clientName, null);
|
|
|
|
RoleResource dataManager = kh.addRole(client, true, "Data-Manager", "Data-Manager", "Data-Manager", null);
|
|
RoleResource dataMinerManager = kh.addRole(client, true, "DataMiner-Manager", "DataMiner-Manager",
|
|
"DataMiner-Manager", null);
|
|
ScopeRepresentation read = new ScopeRepresentation("read");
|
|
|
|
ScopeRepresentation list = new ScopeRepresentation("list");
|
|
ScopeRepresentation write = new ScopeRepresentation("write");
|
|
ScopeRepresentation execute = new ScopeRepresentation("execute");
|
|
Set<ScopeRepresentation> resourceScopes = new HashSet<>(Arrays.asList(read, write, list, execute));
|
|
ResourceResource resource1 = kh.addResource(client, "resource1", null, "resource1", false, resourceScopes,
|
|
null);
|
|
ResourceResource resource2 = kh.addResource(client, "resource2", null, "resource2", false, resourceScopes,
|
|
null);
|
|
Set<String> resources = new HashSet<>(
|
|
Arrays.asList(resource1.toRepresentation().getName(), resource2.toRepresentation().getName()));
|
|
|
|
Map<String, Set<String>> policyClientRoles = new HashMap<>();
|
|
policyClientRoles.put(clientName, Collections.singleton(dataManager.toRepresentation().getName()));
|
|
PolicyResource dataManagerCanRead = kh.addRoleResourcePolicy(client, resources,
|
|
Collections.singleton(list.getName()), "canRead", Logic.POSITIVE,
|
|
policyClientRoles);
|
|
|
|
kh.addResourcePermission(client, resources, "read", DecisionStrategy.UNANIMOUS,
|
|
Collections.singleton(dataManagerCanRead.toRepresentation().getName()));
|
|
|
|
}
|
|
//// keycloakHelper.addClient(realmResource, "Gino", "gino", "Gino client", "http://gino.stilla.it");
|
|
// UserResource user = keycloakHelper.findUser(realmResource, "mauro");
|
|
// Map<String, Object> impersonation = user.impersonate();
|
|
// System.out.println(impersonation);
|
|
// Keycloak keycloak = keycloakHelper.newKeycloak(realm, "lino", "lino", "portal");
|
|
// TokenManager tokenManager = keycloak.tokenManager();
|
|
// AccessToken accessToken = keycloakHelper.verifyAndGetToken(AccessToken.class, tokenManager.getAccessTokenString(), keycloakHelper.getRealmSigPublicKey(realm));
|
|
// System.out.println(new ObjectMapper().writeValueAsString(accessToken));
|
|
// for (String resourceAccess : accessToken.getResourceAccess().keySet()) {
|
|
// if ("account".equals(resourceAccess)) {
|
|
// continue;
|
|
// }
|
|
// Access access = accessToken.getResourceAccess(resourceAccess);
|
|
// System.out.println(resourceAccess + " -> " + access.getRoles());
|
|
// }
|
|
// keycloak.realm(realm).
|
|
}
|
|
|
|
public static void main(String[] args) throws Exception {
|
|
KeycloakHelper kh = KeycloakHelper.getInstance("https://accounts.dev.d4science.org/auth");
|
|
Keycloak keycloak = kh.newKeycloakAdmin("kadmin", "bb67fba2f32d3bd");
|
|
RealmResource realmResource = keycloak.realm(realm);
|
|
GroupResource groupResource = kh.findGroupByPath(realmResource, "gcube/devNext/NextNext");
|
|
ClientResource clientResource = kh.findClient(realmResource, "/gcube");
|
|
kh.mapGroupToCLientRole(groupResource, clientResource, "Member");
|
|
}
|
|
}
|