Class RealmAdminResource
- java.lang.Object
-
- org.keycloak.services.resources.admin.RealmAdminResource
-
public class RealmAdminResource extends Object
Base resource class for the admin REST api of one realm- Version:
- $Revision: 1 $
- Author:
- Bill Burke
-
-
Field Summary
Fields Modifier and Type Field Description protected AdminPermissionEvaluator
auth
protected ClientConnection
connection
protected javax.ws.rs.core.HttpHeaders
headers
protected static org.jboss.logging.Logger
logger
protected RealmModel
realm
protected KeycloakSession
session
-
Constructor Summary
Constructors Constructor Description RealmAdminResource(KeycloakSession session, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description void
addDefaultDefaultClientScope(String clientScopeId)
void
addDefaultGroup(String groupId)
void
addDefaultOptionalClientScope(String clientScopeId)
void
clearAdminEvents()
Delete all admin eventsvoid
clearEvents()
Delete all eventsClientRepresentation
convertClientDescription(String description)
Base path for importing clients under this realm.void
deleteRealm()
Delete the realmvoid
deleteSession(String sessionId)
Remove a specific user session.Object
extension(String extension)
AuthenticationManagementResource
flows()
AttackDetectionResource
getAttackDetection()
Base path for managing attack detection.ClientInitialAccessResource
getClientInitialAccess()
Base path for managing client initial access tokensClientPoliciesResource
getClientPoliciesResource()
ClientProfilesResource
getClientProfilesResource()
ClientRegistrationPolicyResource
getClientRegistrationPolicy()
ClientsResource
getClients()
Base path for managing clients under this realm.ClientScopesResource
getClientScopes()
Base path for managing client scopes under this realm.Stream<Map<String,String>>
getClientSessionStats()
Get client session stats Returns a JSON map.ClientScopesResource
getClientTemplates()
Deprecated.ComponentResource
getComponents()
Base path for managing components under this realm.Stream<String>
getCredentialRegistrators()
Stream<ClientScopeRepresentation>
getDefaultDefaultClientScopes()
Get realm default client scopes.Stream<GroupRepresentation>
getDefaultGroups()
Get group hierarchy.Stream<ClientScopeRepresentation>
getDefaultOptionalClientScopes()
Get realm optional client scopes.Stream<EventRepresentation>
getEvents(List<String> types, String client, String user, String dateFrom, String dateTo, String ipAddress, Integer firstResult, Integer maxResults)
Get events Returns all events, or filters them based on URL query parameters listed hereStream<AdminEventRepresentation>
getEvents(List<String> operationTypes, String authRealm, String authClient, String authUser, String authIpAddress, String resourcePath, String dateFrom, String dateTo, Integer firstResult, Integer maxResults, List<String> resourceTypes)
Get admin events Returns all admin events, or filters events based on URL query parameters listed hereGroupRepresentation
getGroupByPath(String path)
GroupsResource
getGroups()
IdentityProvidersResource
getIdentityProviderResource()
RealmLocalizationResource
getLocalization()
Base path for managing localization under this realm.RealmRepresentation
getRealm()
Get the top-level representation of the realm It will not include nested information like User and Client representations.RealmEventsConfigRepresentation
getRealmEventsConfig()
Get the events provider configuration Returns JSON object with events provider configurationRoleContainerResource
getRoleContainerResource()
base path for managing realm-level roles of this realmManagementPermissionReference
getUserMgmtPermissions()
KeyResource
keys()
GlobalRequestResult
logoutAll()
Removes all user sessions.javax.ws.rs.core.Response
partialExport(Boolean exportGroupsAndRoles, Boolean exportClients)
Partial export of existing realm into a JSON file.javax.ws.rs.core.Response
partialImport(InputStream requestBody)
Partial import from a JSON file to an existing realm.GlobalRequestResult
pushRevocation()
Push the realm's revocation policy to any client that has an admin url associated with it.void
removeDefaultDefaultClientScope(String clientScopeId)
void
removeDefaultGroup(String groupId)
void
removeDefaultOptionalClientScope(String clientScopeId)
RoleByIdResource
rolesById()
Path for managing all realm-level or client-level roles defined in this realm by its id.ManagementPermissionReference
setUsersManagementPermissionsEnabled(ManagementPermissionReference ref)
javax.ws.rs.core.Response
testSMTPConnection(String config)
Deprecated.javax.ws.rs.core.Response
testSMTPConnection(Map<String,String> settings)
static ManagementPermissionReference
toUsersMgmtRef(AdminPermissionManagement permissions)
javax.ws.rs.core.Response
updateRealm(RealmRepresentation rep)
Update the top-level information of the realm Any user, roles or client information in the representation will be ignored.void
updateRealmEventsConfig(RealmEventsConfigRepresentation rep)
Update the events provider Change the events provider and/or its configurationUsersResource
users()
Base path for managing users in this realm.
-
-
-
Field Detail
-
logger
protected static final org.jboss.logging.Logger logger
-
auth
protected final AdminPermissionEvaluator auth
-
realm
protected final RealmModel realm
-
session
protected final KeycloakSession session
-
connection
protected final ClientConnection connection
-
headers
protected final javax.ws.rs.core.HttpHeaders headers
-
-
Constructor Detail
-
RealmAdminResource
public RealmAdminResource(KeycloakSession session, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent)
-
-
Method Detail
-
convertClientDescription
@Path("client-description-converter") @Consumes({"application/json","application/xml","text/plain"}) @POST @Produces("application/json") public ClientRepresentation convertClientDescription(String description)
Base path for importing clients under this realm.- Returns:
-
getAttackDetection
@Path("attack-detection") public AttackDetectionResource getAttackDetection()
Base path for managing attack detection.- Returns:
-
getClients
@Path("clients") public ClientsResource getClients()
Base path for managing clients under this realm.- Returns:
-
getClientTemplates
@Deprecated @Path("client-templates") public ClientScopesResource getClientTemplates()
Deprecated.This endpoint is deprecated. It's here just because of backwards compatibility. UsegetClientScopes()
instead- Returns:
-
getClientScopes
@Path("client-scopes") public ClientScopesResource getClientScopes()
Base path for managing client scopes under this realm.- Returns:
-
getLocalization
@Path("localization") public RealmLocalizationResource getLocalization()
Base path for managing localization under this realm.
-
getDefaultDefaultClientScopes
@GET @Produces("application/json") @Path("default-default-client-scopes") public Stream<ClientScopeRepresentation> getDefaultDefaultClientScopes()
Get realm default client scopes. Only name and ids are returned.- Returns:
-
addDefaultDefaultClientScope
@PUT @Path("default-default-client-scopes/{clientScopeId}") public void addDefaultDefaultClientScope(@PathParam("clientScopeId") String clientScopeId)
-
removeDefaultDefaultClientScope
@DELETE @Path("default-default-client-scopes/{clientScopeId}") public void removeDefaultDefaultClientScope(@PathParam("clientScopeId") String clientScopeId)
-
getDefaultOptionalClientScopes
@GET @Produces("application/json") @Path("default-optional-client-scopes") public Stream<ClientScopeRepresentation> getDefaultOptionalClientScopes()
Get realm optional client scopes. Only name and ids are returned.- Returns:
-
addDefaultOptionalClientScope
@PUT @Path("default-optional-client-scopes/{clientScopeId}") public void addDefaultOptionalClientScope(@PathParam("clientScopeId") String clientScopeId)
-
removeDefaultOptionalClientScope
@DELETE @Path("default-optional-client-scopes/{clientScopeId}") public void removeDefaultOptionalClientScope(@PathParam("clientScopeId") String clientScopeId)
-
getClientInitialAccess
@Path("clients-initial-access") public ClientInitialAccessResource getClientInitialAccess()
Base path for managing client initial access tokens- Returns:
-
getClientRegistrationPolicy
@Path("client-registration-policy") public ClientRegistrationPolicyResource getClientRegistrationPolicy()
-
getComponents
@Path("components") public ComponentResource getComponents()
Base path for managing components under this realm.- Returns:
-
getRoleContainerResource
@Path("roles") public RoleContainerResource getRoleContainerResource()
base path for managing realm-level roles of this realm- Returns:
-
getRealm
@GET @Produces("application/json") public RealmRepresentation getRealm()
Get the top-level representation of the realm It will not include nested information like User and Client representations.- Returns:
-
updateRealm
@PUT @Consumes("application/json") public javax.ws.rs.core.Response updateRealm(RealmRepresentation rep)
Update the top-level information of the realm Any user, roles or client information in the representation will be ignored. This will only update top-level attributes of the realm.- Parameters:
rep
-- Returns:
-
deleteRealm
@DELETE public void deleteRealm()
Delete the realm
-
users
@Path("users") public UsersResource users()
Base path for managing users in this realm.- Returns:
-
getUserMgmtPermissions
@GET @Produces("application/json") @Path("users-management-permissions") public ManagementPermissionReference getUserMgmtPermissions()
-
setUsersManagementPermissionsEnabled
@PUT @Produces("application/json") @Consumes("application/json") @Path("users-management-permissions") public ManagementPermissionReference setUsersManagementPermissionsEnabled(ManagementPermissionReference ref)
-
toUsersMgmtRef
public static ManagementPermissionReference toUsersMgmtRef(AdminPermissionManagement permissions)
-
flows
@Path("authentication") public AuthenticationManagementResource flows()
-
rolesById
@Path("roles-by-id") public RoleByIdResource rolesById()
Path for managing all realm-level or client-level roles defined in this realm by its id.- Returns:
-
pushRevocation
@Path("push-revocation") @Produces("application/json") @POST public GlobalRequestResult pushRevocation()
Push the realm's revocation policy to any client that has an admin url associated with it.
-
logoutAll
@Path("logout-all") @POST @Produces("application/json") public GlobalRequestResult logoutAll()
Removes all user sessions. Any client that has an admin url will also be told to invalidate any sessions they have.
-
deleteSession
@Path("sessions/{session}") @DELETE public void deleteSession(@PathParam("session") String sessionId)
Remove a specific user session. Any client that has an admin url will also be told to invalidate this particular session.- Parameters:
sessionId
-
-
getClientSessionStats
@Path("client-session-stats") @GET @Produces("application/json") public Stream<Map<String,String>> getClientSessionStats()
Get client session stats Returns a JSON map. The key is the client id, the value is the number of sessions that currently are active with that client. Only clients that actually have a session associated with them will be in this map.- Returns:
-
getRealmEventsConfig
@GET @Path("events/config") @Produces("application/json") public RealmEventsConfigRepresentation getRealmEventsConfig()
Get the events provider configuration Returns JSON object with events provider configuration- Returns:
-
updateRealmEventsConfig
@PUT @Path("events/config") @Consumes("application/json") public void updateRealmEventsConfig(RealmEventsConfigRepresentation rep)
Update the events provider Change the events provider and/or its configuration- Parameters:
rep
-
-
getEvents
@Path("events") @GET @Produces("application/json") public Stream<EventRepresentation> getEvents(@QueryParam("type") List<String> types, @QueryParam("client") String client, @QueryParam("user") String user, @QueryParam("dateFrom") String dateFrom, @QueryParam("dateTo") String dateTo, @QueryParam("ipAddress") String ipAddress, @QueryParam("first") Integer firstResult, @QueryParam("max") Integer maxResults)
Get events Returns all events, or filters them based on URL query parameters listed here- Parameters:
types
- The types of events to returnclient
- App or oauth client nameuser
- User idipAddress
- IP addressdateTo
- To datedateFrom
- From datefirstResult
- Paging offsetmaxResults
- Maximum results size (defaults to 100)- Returns:
-
getEvents
@Path("admin-events") @GET @Produces("application/json") public Stream<AdminEventRepresentation> getEvents(@QueryParam("operationTypes") List<String> operationTypes, @QueryParam("authRealm") String authRealm, @QueryParam("authClient") String authClient, @QueryParam("authUser") String authUser, @QueryParam("authIpAddress") String authIpAddress, @QueryParam("resourcePath") String resourcePath, @QueryParam("dateFrom") String dateFrom, @QueryParam("dateTo") String dateTo, @QueryParam("first") Integer firstResult, @QueryParam("max") Integer maxResults, @QueryParam("resourceTypes") List<String> resourceTypes)
Get admin events Returns all admin events, or filters events based on URL query parameters listed here- Parameters:
operationTypes
-authRealm
-authClient
-authUser
- user idauthIpAddress
-resourcePath
-dateTo
-dateFrom
-firstResult
-maxResults
- Maximum results size (defaults to 100)- Returns:
-
clearEvents
@Path("events") @DELETE public void clearEvents()
Delete all events
-
clearAdminEvents
@Path("admin-events") @DELETE public void clearAdminEvents()
Delete all admin events
-
testSMTPConnection
@Path("testSMTPConnection") @POST @Consumes("application/x-www-form-urlencoded") @Deprecated public javax.ws.rs.core.Response testSMTPConnection(@FormParam("config") String config) throws Exception
Deprecated.Test SMTP connection with current logged in user- Parameters:
config
- SMTP server configuration- Returns:
- Throws:
Exception
-
testSMTPConnection
@Path("testSMTPConnection") @POST @Consumes("application/json") public javax.ws.rs.core.Response testSMTPConnection(Map<String,String> settings) throws Exception
- Throws:
Exception
-
getIdentityProviderResource
@Path("identity-provider") public IdentityProvidersResource getIdentityProviderResource()
-
getDefaultGroups
@GET @Produces("application/json") @Path("default-groups") public Stream<GroupRepresentation> getDefaultGroups()
Get group hierarchy. Only name and ids are returned.- Returns:
-
addDefaultGroup
@PUT @Path("default-groups/{groupId}") public void addDefaultGroup(@PathParam("groupId") String groupId)
-
removeDefaultGroup
@DELETE @Path("default-groups/{groupId}") public void removeDefaultGroup(@PathParam("groupId") String groupId)
-
getGroups
@Path("groups") public GroupsResource getGroups()
-
getGroupByPath
@GET @Path("group-by-path/{path: .*}") @Produces("application/json") public GroupRepresentation getGroupByPath(@PathParam("path") String path)
-
partialImport
@Path("partialImport") @POST @Produces("application/json") @Consumes("application/json") public javax.ws.rs.core.Response partialImport(InputStream requestBody)
Partial import from a JSON file to an existing realm.
-
partialExport
@Path("partial-export") @Produces("application/json") @POST public javax.ws.rs.core.Response partialExport(@QueryParam("exportGroupsAndRoles") Boolean exportGroupsAndRoles, @QueryParam("exportClients") Boolean exportClients)
Partial export of existing realm into a JSON file.- Parameters:
exportGroupsAndRoles
-exportClients
-- Returns:
-
keys
@Path("keys") public KeyResource keys()
-
getCredentialRegistrators
@GET @Path("credential-registrators") @Produces("application/json") public Stream<String> getCredentialRegistrators()
-
getClientPoliciesResource
@Path("client-policies/policies") public ClientPoliciesResource getClientPoliciesResource()
-
getClientProfilesResource
@Path("client-policies/profiles") public ClientProfilesResource getClientProfilesResource()
-
-