diff --git a/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java b/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java index 90043ace2d..8e9242cf6d 100755 --- a/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java +++ b/examples/as7-eap-demo/server/src/main/java/org/keycloak/example/demo/DemoApplication.java @@ -66,7 +66,7 @@ public class DemoApplication extends KeycloakApplication { manager.generateRealmKeys(defaultRealm); defaultRealm.updateRealm(); defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD); - defaultRealm.getIdm().add(new SimpleRole(RegistrationService.REALM_CREATOR_ROLE)); + defaultRealm.addRole(RegistrationService.REALM_CREATOR_ROLE); RealmRepresentation rep = loadJson("META-INF/testrealm.json"); RealmModel realm = manager.createRealm("demo", rep.getRealm()); diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java index 00c8bd22e7..24a9225a0d 100755 --- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java +++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java @@ -72,7 +72,7 @@ public class AuthenticationManager { expireIdentityCookie(realm, uriInfo); return null; } - User user = realm.getIdm().getUser(token.getPrincipal()); + User user = realm.getUser(token.getPrincipal()); if (user == null || !user.isEnabled()) { logger.info("Unknown user in identity cookie"); expireIdentityCookie(realm, uriInfo); @@ -104,7 +104,7 @@ public class AuthenticationManager { if (!token.isActive()) { throw new NotAuthorizedException("token_expired"); } - User user = realm.getIdm().getUser(token.getPrincipal()); + User user = realm.getUser(token.getPrincipal()); if (user == null || !user.isEnabled()) { throw new NotAuthorizedException("invalid_user"); } @@ -136,25 +136,13 @@ public class AuthenticationManager { logger.warn("TOTP token not provided"); return false; } - TOTPCredentials creds = new TOTPCredentials(); - creds.setToken(token); - creds.setUsername(username); - creds.setPassword(new Password(password)); - realm.getIdm().validateCredentials(creds); - if (creds.getStatus() != Credentials.Status.VALID) { - return false; - } + return realm.validateTOTP(user, password, token); } else { - UsernamePasswordCredentials creds = new UsernamePasswordCredentials(username, new Password(password)); - realm.getIdm().validateCredentials(creds); - if (creds.getStatus() != Credentials.Status.VALID) { - return false; - } + return realm.validatePassword(user, password); } } else { logger.warn("Do not know how to authenticate user"); return false; } - return true; } } diff --git a/services/src/main/java/org/keycloak/services/managers/InstallationManager.java b/services/src/main/java/org/keycloak/services/managers/InstallationManager.java index 0cb0efcaf3..1da60e7158 100755 --- a/services/src/main/java/org/keycloak/services/managers/InstallationManager.java +++ b/services/src/main/java/org/keycloak/services/managers/InstallationManager.java @@ -23,7 +23,7 @@ public class InstallationManager { manager.generateRealmKeys(defaultRealm); defaultRealm.updateRealm(); defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD); - defaultRealm.getIdm().add(new SimpleRole(RegistrationService.REALM_CREATOR_ROLE)); + defaultRealm.addRole(RegistrationService.REALM_CREATOR_ROLE); } public boolean isInstalled(RealmManager manager) { diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java index d2a512ed32..69b6b2de04 100755 --- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java +++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java @@ -139,7 +139,7 @@ public class RealmManager { user.setAttribute(new Attribute(entry.getKey(), entry.getValue())); } } - newRealm.getIdm().add(user); + newRealm.addUser(user); if (userRep.getCredentials() != null) { for (CredentialRepresentation cred : userRep.getCredentials()) { UserCredentialModel credential = new UserCredentialModel(); @@ -155,7 +155,7 @@ public class RealmManager { for (RoleRepresentation roleRep : rep.getRoles()) { SimpleRole role = new SimpleRole(roleRep.getName()); if (roleRep.getDescription() != null) role.setAttribute(new Attribute("description", roleRep.getDescription())); - newRealm.getIdm().add(role); + newRealm.addRole(role); } } @@ -167,12 +167,12 @@ public class RealmManager { for (RoleMappingRepresentation mapping : rep.getRoleMappings()) { User user = userMap.get(mapping.getUsername()); for (String roleString : mapping.getRoles()) { - Role role = newRealm.getIdm().getRole(roleString.trim()); + Role role = newRealm.getRole(roleString.trim()); if (role == null) { role = new SimpleRole(roleString.trim()); - newRealm.getIdm().add(role); + newRealm.addRole(role); } - newRealm.getIdm().grantRole(user, role); + newRealm.grantRole(user, role); } } } @@ -180,10 +180,10 @@ public class RealmManager { if (rep.getScopeMappings() != null) { for (ScopeMappingRepresentation scope : rep.getScopeMappings()) { for (String roleString : scope.getRoles()) { - Role role = newRealm.getIdm().getRole(roleString.trim()); + Role role = newRealm.getRole(roleString.trim()); if (role == null) { role = new SimpleRole(roleString.trim()); - newRealm.getIdm().add(role); + newRealm.addRole(role); } User user = userMap.get(scope.getUsername()); newRealm.addScope(user, role.getName()); @@ -194,7 +194,7 @@ public class RealmManager { } protected void createResources(RealmRepresentation rep, RealmModel realm, Map userMap) { - Role loginRole = realm.getIdm().getRole(RealmManager.RESOURCE_ROLE); + Role loginRole = realm.getRole(RealmManager.RESOURCE_ROLE); for (ResourceRepresentation resourceRep : rep.getResources()) { ResourceModel resource = realm.addResource(resourceRep.getName()); resource.setManagementUrl(resourceRep.getAdminUrl()); @@ -211,26 +211,26 @@ public class RealmManager { } } userMap.put(resourceUser.getLoginName(), resourceUser); - realm.getIdm().grantRole(resourceUser, loginRole); + realm.grantRole(resourceUser, loginRole); if (resourceRep.getRoles() != null) { for (RoleRepresentation roleRep : resourceRep.getRoles()) { SimpleRole role = new SimpleRole(roleRep.getName()); if (roleRep.getDescription() != null) role.setAttribute(new Attribute("description", roleRep.getDescription())); - resource.getIdm().add(role); + resource.addRole(role); } } if (resourceRep.getRoleMappings() != null) { for (RoleMappingRepresentation mapping : resourceRep.getRoleMappings()) { User user = userMap.get(mapping.getUsername()); for (String roleString : mapping.getRoles()) { - Role role = resource.getIdm().getRole(roleString.trim()); + Role role = resource.getRole(roleString.trim()); if (role == null) { role = new SimpleRole(roleString.trim()); - resource.getIdm().add(role); + resource.addRole(role); } - realm.getIdm().grantRole(user, role); + realm.grantRole(user, role); } } } @@ -238,10 +238,10 @@ public class RealmManager { for (ScopeMappingRepresentation mapping : resourceRep.getScopeMappings()) { User user = userMap.get(mapping.getUsername()); for (String roleString : mapping.getRoles()) { - Role role = resource.getIdm().getRole(roleString.trim()); + Role role = resource.getRole(roleString.trim()); if (role == null) { role = new SimpleRole(roleString.trim()); - resource.getIdm().add(role); + resource.addRole(role); } resource.addScope(user, role.getName()); } diff --git a/services/src/main/java/org/keycloak/services/managers/TokenManager.java b/services/src/main/java/org/keycloak/services/managers/TokenManager.java index a50fbff45b..881f88aa20 100755 --- a/services/src/main/java/org/keycloak/services/managers/TokenManager.java +++ b/services/src/main/java/org/keycloak/services/managers/TokenManager.java @@ -75,7 +75,7 @@ public class TokenManager { (scopeRequest == null || scopeRequest.contains(role)) && (scope.contains("*") || scope.contains(role)) ) - realmRolesRequested.add(realm.getIdm().getRole(role)); + realmRolesRequested.add(realm.getRole(role)); } } } @@ -94,7 +94,7 @@ public class TokenManager { (scopeRequest == null || scopeRequest.contains(role)) && (scope.contains("*") || scope.contains(role)) ) - resourceRolesRequested.add(resource.getName(), resource.getIdm().getRole(role)); + resourceRolesRequested.add(resource.getName(), resource.getRole(role)); } } } diff --git a/services/src/main/java/org/keycloak/services/models/KeycloakSession.java b/services/src/main/java/org/keycloak/services/models/KeycloakSession.java new file mode 100755 index 0000000000..d245db93ef --- /dev/null +++ b/services/src/main/java/org/keycloak/services/models/KeycloakSession.java @@ -0,0 +1,11 @@ +package org.keycloak.services.models; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +public interface KeycloakSession { + KeycloakTransaction getTransaction(); + + void close(); +} diff --git a/services/src/main/java/org/keycloak/services/models/KeycloakSessionFactory.java b/services/src/main/java/org/keycloak/services/models/KeycloakSessionFactory.java new file mode 100755 index 0000000000..28b326ef13 --- /dev/null +++ b/services/src/main/java/org/keycloak/services/models/KeycloakSessionFactory.java @@ -0,0 +1,8 @@ +package org.keycloak.services.models; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +public interface KeycloakSessionFactory { +} diff --git a/services/src/main/java/org/keycloak/services/models/KeycloakTransaction.java b/services/src/main/java/org/keycloak/services/models/KeycloakTransaction.java new file mode 100755 index 0000000000..bc2e08d05c --- /dev/null +++ b/services/src/main/java/org/keycloak/services/models/KeycloakTransaction.java @@ -0,0 +1,13 @@ +package org.keycloak.services.models; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +public interface KeycloakTransaction { + void begin(); + void commit(); + void rollback(); + void setRollbackOnly(); + boolean getRollbackOnly(); + boolean isActive();} diff --git a/services/src/main/java/org/keycloak/services/models/RealmModel.java b/services/src/main/java/org/keycloak/services/models/RealmModel.java index 171e57dba3..6020194715 100755 --- a/services/src/main/java/org/keycloak/services/models/RealmModel.java +++ b/services/src/main/java/org/keycloak/services/models/RealmModel.java @@ -10,8 +10,11 @@ import org.keycloak.services.models.relationships.RequiredCredentialRelationship import org.keycloak.services.models.relationships.ScopeRelationship; import org.picketlink.idm.IdentitySession; import org.picketlink.idm.IdentityManager; +import org.picketlink.idm.credential.Credentials; import org.picketlink.idm.credential.Password; import org.picketlink.idm.credential.TOTPCredential; +import org.picketlink.idm.credential.TOTPCredentials; +import org.picketlink.idm.credential.UsernamePasswordCredentials; import org.picketlink.idm.credential.X509CertificateCredentials; import org.picketlink.idm.model.Agent; import org.picketlink.idm.model.Attribute; @@ -67,7 +70,7 @@ public class RealmModel { realmAgent = getIdm().getAgent(REALM_AGENT_ID); } - public IdentityManager getIdm() { + protected IdentityManager getIdm() { if (idm == null) idm = identitySession.createIdentityManager(realm); return idm; } @@ -236,6 +239,21 @@ public class RealmModel { idm.add(relationship); } + public boolean validatePassword(User user, String password) { + UsernamePasswordCredentials creds = new UsernamePasswordCredentials(user.getLoginName(), new Password(password)); + getIdm().validateCredentials(creds); + return creds.getStatus() == Credentials.Status.VALID; + } + + public boolean validateTOTP(User user, String password, String token) { + TOTPCredentials creds = new TOTPCredentials(); + creds.setToken(token); + creds.setUsername(user.getLoginName()); + creds.setPassword(new Password(password)); + getIdm().validateCredentials(creds); + return creds.getStatus() == Credentials.Status.VALID; + } + public void updateCredential(User user, UserCredentialModel cred) { IdentityManager idm = getIdm(); if (cred.getType().equals(RequiredCredentialRepresentation.PASSWORD)) { @@ -256,6 +274,28 @@ public class RealmModel { } } + public User getUser(String name) { + return getIdm().getUser(name); + } + + public void addUser(User user) { + getIdm().add(user); + } + + public Role getRole(String name) { + return getIdm().getRole(name); + } + + public Role addRole(String name) { + Role role = new SimpleRole(name); + getIdm().add(role); + return role; + } + + public void addRole(Role role) { + getIdm().add(role); + } + public List getRoles() { IdentityManager idm = getIdm(); IdentityQuery query = idm.createIdentityQuery(Role.class); @@ -305,11 +345,19 @@ public class RealmModel { relationship.setResourceUser(resourceUser); idm.add(relationship); ResourceModel resource = new ResourceModel(newTier, relationship, this, identitySession); - resource.getIdm().add(new SimpleRole("*")); + resource.addRole(new SimpleRole("*")); resource.addScope(resourceUser, "*"); return resource; } + public boolean hasRole(User user, Role role) { + return getIdm().hasRole(user, role); + } + + public void grantRole(User user, Role role) { + getIdm().grantRole(user, role); + } + public Set getRoleMappings(User user) { RelationshipQuery query = getIdm().createRelationshipQuery(Grant.class); query.setParameter(Grant.ASSIGNEE, user); diff --git a/services/src/main/java/org/keycloak/services/models/ResourceModel.java b/services/src/main/java/org/keycloak/services/models/ResourceModel.java index f9b5ca3834..ee07bbadd0 100755 --- a/services/src/main/java/org/keycloak/services/models/ResourceModel.java +++ b/services/src/main/java/org/keycloak/services/models/ResourceModel.java @@ -7,6 +7,7 @@ import org.picketlink.idm.IdentityManager; import org.picketlink.idm.model.Agent; import org.picketlink.idm.model.Grant; import org.picketlink.idm.model.Role; +import org.picketlink.idm.model.SimpleRole; import org.picketlink.idm.model.Tier; import org.picketlink.idm.model.User; import org.picketlink.idm.query.IdentityQuery; @@ -34,7 +35,7 @@ public class ResourceModel { this.identitySession = session; } - public IdentityManager getIdm() { + protected IdentityManager getIdm() { if (idm == null) idm = identitySession.createIdentityManager(tier); return idm; } @@ -83,6 +84,28 @@ public class ResourceModel { agent.setManagementUrl(url); } + public User getUser(String name) { + return getIdm().getUser(name); + } + + public void addUser(User user) { + getIdm().add(user); + } + + public Role getRole(String name) { + return getIdm().getRole(name); + } + + public Role addRole(String name) { + Role role = new SimpleRole(name); + getIdm().add(role); + return role; + } + + public void addRole(Role role) { + getIdm().add(role); + } + public List getRoles() { IdentityQuery query = getIdm().createIdentityQuery(Role.class); query.setParameter(Role.PARTITION, tier); diff --git a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java index f5cef80df2..69a2b4757e 100755 --- a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java @@ -94,8 +94,8 @@ public class RealmsResource { RealmManager realmManager = new RealmManager(identitySession); RealmModel defaultRealm = realmManager.getRealm(Realm.DEFAULT_REALM); User realmCreator = new AuthenticationManager().authenticateBearerToken(defaultRealm, headers); - Role creatorRole = defaultRealm.getIdm().getRole(RegistrationService.REALM_CREATOR_ROLE); - if (!defaultRealm.getIdm().hasRole(realmCreator, creatorRole)) { + Role creatorRole = defaultRealm.getRole(RegistrationService.REALM_CREATOR_ROLE); + if (!defaultRealm.hasRole(realmCreator, creatorRole)) { logger.warn("not a realm creator"); throw new NotAuthorizedException("Bearer"); } diff --git a/services/src/main/java/org/keycloak/services/resources/RegistrationService.java b/services/src/main/java/org/keycloak/services/resources/RegistrationService.java index 7bd38fe9e4..7dbc9cc32f 100755 --- a/services/src/main/java/org/keycloak/services/resources/RegistrationService.java +++ b/services/src/main/java/org/keycloak/services/resources/RegistrationService.java @@ -49,21 +49,21 @@ public class RegistrationService { if (!defaultRealm.isRegistrationAllowed()) { throw new ForbiddenException(); } - User user = defaultRealm.getIdm().getUser(newUser.getUsername()); + User user = defaultRealm.getUser(newUser.getUsername()); if (user != null) { return Response.status(400).type("text/plain").entity("user exists").build(); } user = new SimpleUser(newUser.getUsername()); - defaultRealm.getIdm().add(user); + defaultRealm.addUser(user); for (CredentialRepresentation cred : newUser.getCredentials()) { UserCredentialModel credModel = new UserCredentialModel(); credModel.setType(cred.getType()); credModel.setValue(cred.getValue()); defaultRealm.updateCredential(user, credModel); } - Role realmCreator = defaultRealm.getIdm().getRole(REALM_CREATOR_ROLE); - defaultRealm.getIdm().grantRole(user, realmCreator); + Role realmCreator = defaultRealm.getRole(REALM_CREATOR_ROLE); + defaultRealm.grantRole(user, realmCreator); identitySession.getTransaction().commit(); URI uri = uriInfo.getBaseUriBuilder().path(RealmsResource.class).path(user.getLoginName()).build(); return Response.created(uri).build(); diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java index 8fc87af4c6..7274dc0dc3 100755 --- a/services/src/main/java/org/keycloak/services/resources/TokenService.java +++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java @@ -125,7 +125,7 @@ public class TokenService { if (!realm.isEnabled()) { throw new NotAuthorizedException("Disabled realm"); } - User user = realm.getIdm().getUser(username); + User user = realm.getUser(username); if (user == null) { throw new NotAuthorizedException("No user"); } @@ -154,7 +154,7 @@ public class TokenService { if (!realm.isEnabled()) { throw new NotAuthorizedException("Disabled realm"); } - User user = realm.getIdm().getUser(username); + User user = realm.getUser(username); if (user == null) { throw new NotAuthorizedException("No user"); } @@ -183,7 +183,7 @@ public class TokenService { securityFailureForward("Realm not enabled."); return null; } - User client = realm.getIdm().getUser(clientId); + User client = realm.getUser(clientId); if (client == null) { securityFailureForward("Unknown login requester."); return null; @@ -193,7 +193,7 @@ public class TokenService { return null; } String username = formData.getFirst("username"); - User user = realm.getIdm().getUser(username); + User user = realm.getUser(username); if (user == null) { logger.error("Incorrect user name."); request.setAttribute("KEYCLOAK_LOGIN_ERROR_MESSAGE", "Incorrect user name."); @@ -217,10 +217,10 @@ public class TokenService { } protected Response processAccessCode(String scopeParam, String state, String redirect, User client, User user) { - Role resourceRole = realm.getIdm().getRole(RealmManager.RESOURCE_ROLE); - Role identityRequestRole = realm.getIdm().getRole(RealmManager.IDENTITY_REQUESTER_ROLE); - boolean isResource = realm.getIdm().hasRole(client, resourceRole); - if (!isResource && !realm.getIdm().hasRole(client, identityRequestRole)) { + Role resourceRole = realm.getRole(RealmManager.RESOURCE_ROLE); + Role identityRequestRole = realm.getRole(RealmManager.IDENTITY_REQUESTER_ROLE); + boolean isResource = realm.hasRole(client, resourceRole); + if (!isResource && !realm.hasRole(client, identityRequestRole)) { securityFailureForward("Login requester not allowed to request login."); identitySession.close(); return null; @@ -274,7 +274,7 @@ public class TokenService { error.put("error_description", "client_id not specified"); return Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build(); } - User client = realm.getIdm().getUser(client_id); + User client = realm.getUser(client_id); if (client == null) { logger.debug("Could not find user"); Map error = new HashMap(); @@ -403,7 +403,7 @@ public class TokenService { securityFailureForward("Realm not enabled"); return null; } - User client = realm.getIdm().getUser(clientId); + User client = realm.getUser(clientId); if (client == null) { securityFailureForward("Unknown login requester."); return null; @@ -415,10 +415,10 @@ public class TokenService { return null; } - Role resourceRole = realm.getIdm().getRole(RealmManager.RESOURCE_ROLE); - Role identityRequestRole = realm.getIdm().getRole(RealmManager.IDENTITY_REQUESTER_ROLE); - boolean isResource = realm.getIdm().hasRole(client, resourceRole); - if (!isResource && !realm.getIdm().hasRole(client, identityRequestRole)) { + Role resourceRole = realm.getRole(RealmManager.RESOURCE_ROLE); + Role identityRequestRole = realm.getRole(RealmManager.IDENTITY_REQUESTER_ROLE); + boolean isResource = realm.hasRole(client, resourceRole); + if (!isResource && !realm.hasRole(client, identityRequestRole)) { securityFailureForward("Login requester not allowed to request login."); identitySession.close(); return null; diff --git a/services/src/test/java/org/keycloak/test/AdapterTest.java b/services/src/test/java/org/keycloak/test/AdapterTest.java index 1bcbca6c29..8b8b5aed77 100755 --- a/services/src/test/java/org/keycloak/test/AdapterTest.java +++ b/services/src/test/java/org/keycloak/test/AdapterTest.java @@ -148,30 +148,26 @@ public class AdapterTest { public void testCredentialValidation() throws Exception { test1CreateRealm(); User user = new SimpleUser("bburke"); - realmModel.getIdm().add(user); + realmModel.addUser(user); UserCredentialModel cred = new UserCredentialModel(); cred.setType(RequiredCredentialRepresentation.PASSWORD); cred.setValue("geheim"); realmModel.updateCredential(user, cred); - IdentityManager idm = realmModel.getIdm(); - UsernamePasswordCredentials creds = new UsernamePasswordCredentials(user.getLoginName(), new Password("geheim")); - idm.validateCredentials(creds); - Assert.assertEquals(creds.getStatus(), Credentials.Status.VALID); + Assert.assertTrue(realmModel.validatePassword(user, "geheim")); } @Test public void testRoles() throws Exception { test1CreateRealm(); - IdentityManager idm = realmModel.getIdm(); - idm.add(new SimpleRole("admin")); - idm.add(new SimpleRole("user")); + realmModel.addRole(new SimpleRole("admin")); + realmModel.addRole(new SimpleRole("user")); List roles = realmModel.getRoles(); Assert.assertEquals(5, roles.size()); SimpleUser user = new SimpleUser("bburke"); - idm.add(user); - Role role = idm.getRole("user"); - idm.grantRole(user, role); - Assert.assertTrue(idm.hasRole(user, role)); + realmModel.addUser(user); + Role role = realmModel.getRole("user"); + realmModel.grantRole(user, role); + Assert.assertTrue(realmModel.hasRole(user, role)); } diff --git a/services/src/test/java/org/keycloak/test/ImportTest.java b/services/src/test/java/org/keycloak/test/ImportTest.java index c785e21108..850708f461 100755 --- a/services/src/test/java/org/keycloak/test/ImportTest.java +++ b/services/src/test/java/org/keycloak/test/ImportTest.java @@ -96,13 +96,13 @@ public class ImportTest { manager.generateRealmKeys(defaultRealm); defaultRealm.updateRealm(); defaultRealm.addRequiredCredential(RequiredCredentialModel.PASSWORD); - defaultRealm.getIdm().add(new SimpleRole(RegistrationService.REALM_CREATOR_ROLE)); + defaultRealm.addRole(new SimpleRole(RegistrationService.REALM_CREATOR_ROLE)); RealmRepresentation rep = KeycloakTestBase.loadJson("testrealm.json"); RealmModel realm = manager.createRealm("demo", rep.getRealm()); manager.importRealm(rep, realm); - User user = realm.getIdm().getUser("loginclient"); + User user = realm.getUser("loginclient"); Assert.assertNotNull(user); Set scopes = realm.getScope(user); System.out.println("Scopes size: " + scopes.size());