Package org.keycloak.services.resources.admin

Class RealmAdminResource

  • public class RealmAdminResource
extends Object
    Base resource class for the admin REST api of one realm
    Version:
    $Revision: 1 $
    Author:
    Bill Burke

    • Field Detail

      • logger

        protected static final org.jboss.logging.Logger logger

      • realm

        protected org.keycloak.models.RealmModel realm

      • session

        @Context
protected org.keycloak.models.KeycloakSession session

      • connection

        @Context
protected org.keycloak.common.ClientConnection connection

      • headers

        @Context
protected javax.ws.rs.core.HttpHeaders headers

    • Method Detail

      • convertClientDescription

        @Path("client-description-converter")
@Consumes({"application/json","application/xml","text/plain"})
@POST
@Produces("application/json")
public org.keycloak.representations.idm.ClientRepresentation convertClientDescription​(String description)
        Base path for importing clients under this realm.
        Returns:

      • getAttackDetection

        @Path("attack-detection")
public AttackDetectionResource getAttackDetection()
        Base path for managing attack detection.
        Returns:

      • getClients

        @Path("clients")
public ClientsResource getClients()
        Base path for managing clients under this realm.
        Returns:

      • getClientTemplates

        @Deprecated
@Path("client-templates")
public ClientScopesResource getClientTemplates()
        Deprecated.
        This endpoint is deprecated. It's here just because of backwards compatibility. Use getClientScopes() instead
        Returns:

      • getClientScopes

        @Path("client-scopes")
public ClientScopesResource getClientScopes()
        Base path for managing client scopes under this realm.
        Returns:

      • getLocalization

        @Path("localization")
public RealmLocalizationResource getLocalization()
        Base path for managing localization under this realm.

      • getDefaultDefaultClientScopes

        @GET
@Produces("application/json")
@Path("default-default-client-scopes")
public Stream<org.keycloak.representations.idm.ClientScopeRepresentation> getDefaultDefaultClientScopes()
        Get realm default client scopes. Only name and ids are returned.
        Returns:

      • addDefaultDefaultClientScope

        @PUT
@Path("default-default-client-scopes/{clientScopeId}")
public void addDefaultDefaultClientScope​(@PathParam("clientScopeId")
                                         String clientScopeId)

      • removeDefaultDefaultClientScope

        @DELETE
@Path("default-default-client-scopes/{clientScopeId}")
public void removeDefaultDefaultClientScope​(@PathParam("clientScopeId")
                                            String clientScopeId)

      • getDefaultOptionalClientScopes

        @GET
@Produces("application/json")
@Path("default-optional-client-scopes")
public Stream<org.keycloak.representations.idm.ClientScopeRepresentation> getDefaultOptionalClientScopes()
        Get realm optional client scopes. Only name and ids are returned.
        Returns:

      • addDefaultOptionalClientScope

        @PUT
@Path("default-optional-client-scopes/{clientScopeId}")
public void addDefaultOptionalClientScope​(@PathParam("clientScopeId")
                                          String clientScopeId)

      • removeDefaultOptionalClientScope

        @DELETE
@Path("default-optional-client-scopes/{clientScopeId}")
public void removeDefaultOptionalClientScope​(@PathParam("clientScopeId")
                                             String clientScopeId)

      • getClientInitialAccess

        @Path("clients-initial-access")
public ClientInitialAccessResource getClientInitialAccess()
        Base path for managing client initial access tokens
        Returns:

      • getComponents

        @Path("components")
public ComponentResource getComponents()
        Base path for managing components under this realm.
        Returns:

      • getRoleContainerResource

        @Path("roles")
public RoleContainerResource getRoleContainerResource()
        base path for managing realm-level roles of this realm
        Returns:

      • getRealm

        @GET
@Produces("application/json")
public org.keycloak.representations.idm.RealmRepresentation getRealm()
        Get the top-level representation of the realm It will not include nested information like User and Client representations.
        Returns:

      • updateRealm

        @PUT
@Consumes("application/json")
public javax.ws.rs.core.Response updateRealm​(org.keycloak.representations.idm.RealmRepresentation rep)
        Update the top-level information of the realm Any user, roles or client information in the representation will be ignored. This will only update top-level attributes of the realm.
        Parameters:
        rep -
        Returns:

      • deleteRealm

        @DELETE
public void deleteRealm()
        Delete the realm

      • users

        @Path("users")
public UsersResource users()
        Base path for managing users in this realm.
        Returns:

      • getUserMgmtPermissions

        @GET
@Produces("application/json")
@Path("users-management-permissions")
public org.keycloak.representations.idm.ManagementPermissionReference getUserMgmtPermissions()

      • setUsersManagementPermissionsEnabled

        @PUT
@Produces("application/json")
@Consumes("application/json")
@Path("users-management-permissions")
public org.keycloak.representations.idm.ManagementPermissionReference setUsersManagementPermissionsEnabled​(org.keycloak.representations.idm.ManagementPermissionReference ref)

      • toUsersMgmtRef

        public static org.keycloak.representations.idm.ManagementPermissionReference toUsersMgmtRef​(AdminPermissionManagement permissions)

      • rolesById

        @Path("roles-by-id")
public RoleByIdResource rolesById()
        Path for managing all realm-level or client-level roles defined in this realm by its id.
        Returns:

      • pushRevocation

        @Path("push-revocation")
@POST
public org.keycloak.representations.adapters.action.GlobalRequestResult pushRevocation()
        Push the realm's revocation policy to any client that has an admin url associated with it.

      • logoutAll

        @Path("logout-all")
@POST
@Produces("application/json")
public org.keycloak.representations.adapters.action.GlobalRequestResult logoutAll()
        Removes all user sessions. Any client that has an admin url will also be told to invalidate any sessions they have.

      • deleteSession

        @Path("sessions/{session}")
@DELETE
public void deleteSession​(@PathParam("session")
                          String sessionId)
        Remove a specific user session. Any client that has an admin url will also be told to invalidate this particular session.
        Parameters:
        sessionId -

      • getClientSessionStats

        @Path("client-session-stats")
@GET
@Produces("application/json")
public Stream<Map<String,​String>> getClientSessionStats()
        Get client session stats Returns a JSON map. The key is the client id, the value is the number of sessions that currently are active with that client. Only clients that actually have a session associated with them will be in this map.
        Returns:

      • getRealmEventsConfig

        @GET
@Path("events/config")
@Produces("application/json")
public org.keycloak.representations.idm.RealmEventsConfigRepresentation getRealmEventsConfig()
        Get the events provider configuration Returns JSON object with events provider configuration
        Returns:

      • updateRealmEventsConfig

        @PUT
@Path("events/config")
@Consumes("application/json")
public void updateRealmEventsConfig​(org.keycloak.representations.idm.RealmEventsConfigRepresentation rep)
        Update the events provider Change the events provider and/or its configuration
        Parameters:
        rep -

      • getEvents

        @Path("events")
@GET
@Produces("application/json")
public Stream<org.keycloak.representations.idm.EventRepresentation> getEvents​(@QueryParam("type")
                                                                              List<String> types,
                                                                              @QueryParam("client")
                                                                              String client,
                                                                              @QueryParam("user")
                                                                              String user,
                                                                              @QueryParam("dateFrom")
                                                                              String dateFrom,
                                                                              @QueryParam("dateTo")
                                                                              String dateTo,
                                                                              @QueryParam("ipAddress")
                                                                              String ipAddress,
                                                                              @QueryParam("first")
                                                                              Integer firstResult,
                                                                              @QueryParam("max")
                                                                              Integer maxResults)
        Get events Returns all events, or filters them based on URL query parameters listed here
        Parameters:
        types - The types of events to return
        client - App or oauth client name
        user - User id
        ipAddress - IP address
        dateTo - To date
        dateFrom - From date
        firstResult - Paging offset
        maxResults - Maximum results size (defaults to 100)
        Returns:

      • getEvents

        @Path("admin-events")
@GET
@Produces("application/json")
public Stream<org.keycloak.representations.idm.AdminEventRepresentation> getEvents​(@QueryParam("operationTypes")
                                                                                   List<String> operationTypes,
                                                                                   @QueryParam("authRealm")
                                                                                   String authRealm,
                                                                                   @QueryParam("authClient")
                                                                                   String authClient,
                                                                                   @QueryParam("authUser")
                                                                                   String authUser,
                                                                                   @QueryParam("authIpAddress")
                                                                                   String authIpAddress,
                                                                                   @QueryParam("resourcePath")
                                                                                   String resourcePath,
                                                                                   @QueryParam("dateFrom")
                                                                                   String dateFrom,
                                                                                   @QueryParam("dateTo")
                                                                                   String dateTo,
                                                                                   @QueryParam("first")
                                                                                   Integer firstResult,
                                                                                   @QueryParam("max")
                                                                                   Integer maxResults,
                                                                                   @QueryParam("resourceTypes")
                                                                                   List<String> resourceTypes)
        Get admin events Returns all admin events, or filters events based on URL query parameters listed here
        Parameters:
        operationTypes -
        authRealm -
        authClient -
        authUser - user id
        authIpAddress -
        resourcePath -
        dateTo -
        dateFrom -
        firstResult -
        maxResults - Maximum results size (defaults to 100)
        Returns:

      • clearEvents

        @Path("events")
@DELETE
public void clearEvents()
        Delete all events

      • clearAdminEvents

        @Path("admin-events")
@DELETE
public void clearAdminEvents()
        Delete all admin events

      • testLDAPConnection

        @Path("testLDAPConnection")
@POST
@Consumes("application/x-www-form-urlencoded")
@Deprecated
public javax.ws.rs.core.Response testLDAPConnection​(@FormParam("action")
                                                    String action,
                                                    @FormParam("connectionUrl")
                                                    String connectionUrl,
                                                    @FormParam("bindDn")
                                                    String bindDn,
                                                    @FormParam("bindCredential")
                                                    String bindCredential,
                                                    @FormParam("useTruststoreSpi")
                                                    String useTruststoreSpi,
                                                    @FormParam("connectionTimeout")
                                                    String connectionTimeout,
                                                    @FormParam("componentId")
                                                    String componentId,
                                                    @FormParam("startTls")
                                                    String startTls)
        Deprecated.
        Test LDAP connection
        Parameters:
        action -
        connectionUrl -
        bindDn -
        bindCredential -
        Returns:

      • testLDAPConnection

        @Path("testLDAPConnection")
@POST
@Consumes("application/json")
public javax.ws.rs.core.Response testLDAPConnection​(org.keycloak.representations.idm.TestLdapConnectionRepresentation config)
        Test LDAP connection
        Returns:

      • ldapServerCapabilities

        @POST
@Path("ldap-server-capabilities")
@Consumes("application/json")
@Produces("application/json")
public javax.ws.rs.core.Response ldapServerCapabilities​(org.keycloak.representations.idm.TestLdapConnectionRepresentation config)
        Get LDAP supported extensions.
        Parameters:
        config - LDAP configuration
        Returns:

      • testSMTPConnection

        @Path("testSMTPConnection")
@POST
@Consumes("application/x-www-form-urlencoded")
@Deprecated
public javax.ws.rs.core.Response testSMTPConnection​(@FormParam("config")
                                                    String config)
                                             throws Exception
        Deprecated.
        Test SMTP connection with current logged in user
        Parameters:
        config - SMTP server configuration
        Returns:
        Throws:
        Exception

      • testSMTPConnection

        @Path("testSMTPConnection")
@POST
@Consumes("application/json")
public javax.ws.rs.core.Response testSMTPConnection​(Map<String,​String> settings)
                                             throws Exception
        Throws:
        Exception

      • getDefaultGroups

        @GET
@Produces("application/json")
@Path("default-groups")
public Stream<org.keycloak.representations.idm.GroupRepresentation> getDefaultGroups()
        Get group hierarchy. Only name and ids are returned.
        Returns:

      • addDefaultGroup

        @PUT
@Path("default-groups/{groupId}")
public void addDefaultGroup​(@PathParam("groupId")
                            String groupId)

      • removeDefaultGroup

        @DELETE
@Path("default-groups/{groupId}")
public void removeDefaultGroup​(@PathParam("groupId")
                               String groupId)

      • getGroupByPath

        @GET
@Path("group-by-path/{path: .*}")
@Produces("application/json")
public org.keycloak.representations.idm.GroupRepresentation getGroupByPath​(@PathParam("path")
                                                                           String path)

      • partialImport

        @Path("partialImport")
@POST
@Consumes("application/json")
public javax.ws.rs.core.Response partialImport​(org.keycloak.representations.idm.PartialImportRepresentation rep)
        Partial import from a JSON file to an existing realm.
        Parameters:
        rep -
        Returns:

      • partialExport

        @Path("partial-export")
@POST
@Produces("application/json")
public org.keycloak.representations.idm.RealmRepresentation partialExport​(@QueryParam("exportGroupsAndRoles")
                                                                          Boolean exportGroupsAndRoles,
                                                                          @QueryParam("exportClients")
                                                                          Boolean exportClients)
        Partial export of existing realm into a JSON file.
        Parameters:
        exportGroupsAndRoles -
        exportClients -
        Returns:

      • clearRealmCache

        @Path("clear-realm-cache")
@POST
public void clearRealmCache()
        Clear realm cache

      • clearUserCache

        @Path("clear-user-cache")
@POST
public void clearUserCache()
        Clear user cache

      • clearKeysCache

        @Path("clear-keys-cache")
@POST
public void clearKeysCache()
        Clear cache of external public keys (Public keys of clients or Identity providers)

      • getCredentialRegistrators

        @GET
@Path("credential-registrators")
@Produces("application/json")
public Stream<String> getCredentialRegistrators()

      • getClientPoliciesResource

        @Path("client-policies/policies")
public ClientPoliciesResource getClientPoliciesResource()

      • getClientProfilesResource

        @Path("client-policies/profiles")
public ClientProfilesResource getClientProfilesResource()