Examples with AuthorizationProvider org.keycloak.authorization.AuthorizationProvider used on opensource projects

Search in sources :

Example 1 with AuthorizationProvider

use of org.keycloak.authorization.AuthorizationProvider in project keycloak by keycloak.

the class JSPolicyProvider method evaluate.

@Override
public void evaluate(Evaluation evaluation) {
    Policy policy = evaluation.getPolicy();
    AuthorizationProvider authorization = evaluation.getAuthorizationProvider();
    EvaluatableScriptAdapter adapter = evaluatableScript.apply(authorization, policy);
    try {
        SimpleScriptContext context = new SimpleScriptContext();
        context.setAttribute("$evaluation", evaluation, ScriptContext.ENGINE_SCOPE);
        adapter.eval(context);
    } catch (Exception e) {
        throw new RuntimeException("Error evaluating JS Policy [" + policy.getName() + "].", e);
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) SimpleScriptContext(javax.script.SimpleScriptContext) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) EvaluatableScriptAdapter(org.keycloak.scripting.EvaluatableScriptAdapter)

Example 2 with AuthorizationProvider

use of org.keycloak.authorization.AuthorizationProvider in project keycloak by keycloak.

the class RolePolicyProviderFactory method postInit.

@Override
public void postInit(KeycloakSessionFactory factory) {
    factory.register(event -> {
        if (event instanceof RoleRemovedEvent) {
            KeycloakSession keycloakSession = ((RoleRemovedEvent) event).getKeycloakSession();
            AuthorizationProvider provider = keycloakSession.getProvider(AuthorizationProvider.class);
            StoreFactory storeFactory = provider.getStoreFactory();
            PolicyStore policyStore = storeFactory.getPolicyStore();
            RoleModel removedRole = ((RoleRemovedEvent) event).getRole();
            RoleContainerModel container = removedRole.getContainer();
            ResourceServerStore resourceServerStore = storeFactory.getResourceServerStore();
            if (container instanceof RealmModel) {
                RealmModel realm = (RealmModel) container;
                realm.getClientsStream().forEach(clientModel -> updateResourceServer(clientModel, removedRole, resourceServerStore, policyStore));
            } else {
                ClientModel clientModel = (ClientModel) container;
                updateResourceServer(clientModel, removedRole, resourceServerStore, policyStore);
            }
        }
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) ClientModel(org.keycloak.models.ClientModel) ResourceServerStore(org.keycloak.authorization.store.ResourceServerStore) KeycloakSession(org.keycloak.models.KeycloakSession) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) RoleRemovedEvent(org.keycloak.models.RoleContainerModel.RoleRemovedEvent) PolicyStore(org.keycloak.authorization.store.PolicyStore) RoleModel(org.keycloak.models.RoleModel) StoreFactory(org.keycloak.authorization.store.StoreFactory) RoleContainerModel(org.keycloak.models.RoleContainerModel)

Example 3 with AuthorizationProvider

use of org.keycloak.authorization.AuthorizationProvider in project keycloak by keycloak.

the class ClientPolicyProviderFactory method onExport.

@Override
public void onExport(Policy policy, PolicyRepresentation representation, AuthorizationProvider authorization) {
    ClientPolicyRepresentation userRep = toRepresentation(policy, authorization);
    Map<String, String> config = new HashMap<>();
    try {
        RealmModel realm = authorization.getRealm();
        config.put("clients", JsonSerialization.writeValueAsString(userRep.getClients().stream().map(id -> realm.getClientById(id).getClientId()).collect(Collectors.toList())));
    } catch (IOException cause) {
        throw new RuntimeException("Failed to export user policy [" + policy.getName() + "]", cause);
    }
    representation.setConfig(config);
}
Also used : RealmModel(org.keycloak.models.RealmModel) ClientModel(org.keycloak.models.ClientModel) Arrays(java.util.Arrays) StoreFactory(org.keycloak.authorization.store.StoreFactory) HashMap(java.util.HashMap) Config(org.keycloak.Config) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) Map(java.util.Map) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) ResourceServer(org.keycloak.authorization.model.ResourceServer) PolicyProviderFactory(org.keycloak.authorization.policy.provider.PolicyProviderFactory) RealmModel(org.keycloak.models.RealmModel) Set(java.util.Set) KeycloakSession(org.keycloak.models.KeycloakSession) IOException(java.io.IOException) PolicyStore(org.keycloak.authorization.store.PolicyStore) ClientRemovedEvent(org.keycloak.models.ClientModel.ClientRemovedEvent) Collectors(java.util.stream.Collectors) JsonSerialization(org.keycloak.util.JsonSerialization) Policy(org.keycloak.authorization.model.Policy) ResourceServerStore(org.keycloak.authorization.store.ResourceServerStore) List(java.util.List) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) KeycloakSessionFactory(org.keycloak.models.KeycloakSessionFactory) PolicyProvider(org.keycloak.authorization.policy.provider.PolicyProvider) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) HashMap(java.util.HashMap) IOException(java.io.IOException)

Example 4 with AuthorizationProvider

use of org.keycloak.authorization.AuthorizationProvider in project keycloak by keycloak.

the class AggregatePolicyProvider method evaluate.

@Override
public void evaluate(Evaluation evaluation) {
    DecisionResultCollector decision = new DecisionResultCollector() {

        @Override
        protected void onComplete(Result result) {
            if (isGranted(result.getResults().iterator().next())) {
                evaluation.grant();
            } else {
                evaluation.deny();
            }
        }
    };
    AuthorizationProvider authorization = evaluation.getAuthorizationProvider();
    Policy policy = evaluation.getPolicy();
    DefaultEvaluation defaultEvaluation = DefaultEvaluation.class.cast(evaluation);
    Map<Policy, Map<Object, Decision.Effect>> decisionCache = defaultEvaluation.getDecisionCache();
    ResourcePermission permission = evaluation.getPermission();
    for (Policy associatedPolicy : policy.getAssociatedPolicies()) {
        Map<Object, Decision.Effect> decisions = decisionCache.computeIfAbsent(associatedPolicy, p -> new HashMap<>());
        Decision.Effect effect = decisions.get(permission);
        DefaultEvaluation eval = new DefaultEvaluation(evaluation.getPermission(), evaluation.getContext(), policy, associatedPolicy, decision, authorization, decisionCache);
        if (effect == null) {
            PolicyProvider policyProvider = authorization.getProvider(associatedPolicy.getType());
            policyProvider.evaluate(eval);
            eval.denyIfNoEffect();
            decisions.put(permission, eval.getEffect());
        } else {
            eval.setEffect(effect);
        }
    }
    decision.onComplete(permission);
}
Also used : Policy(org.keycloak.authorization.model.Policy) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) DecisionResultCollector(org.keycloak.authorization.policy.evaluation.DecisionResultCollector) DefaultEvaluation(org.keycloak.authorization.policy.evaluation.DefaultEvaluation) Decision(org.keycloak.authorization.Decision) Result(org.keycloak.authorization.policy.evaluation.Result) PolicyProvider(org.keycloak.authorization.policy.provider.PolicyProvider) HashMap(java.util.HashMap) Map(java.util.Map) ResourcePermission(org.keycloak.authorization.permission.ResourcePermission)

Example 5 with AuthorizationProvider

use of org.keycloak.authorization.AuthorizationProvider in project keycloak by keycloak.

the class AbstractPermissionProvider method evaluate.

@Override
public void evaluate(Evaluation evaluation) {
    AuthorizationProvider authorization = evaluation.getAuthorizationProvider();
    DefaultEvaluation defaultEvaluation = DefaultEvaluation.class.cast(evaluation);
    Map<Policy, Map<Object, Decision.Effect>> decisionCache = defaultEvaluation.getDecisionCache();
    Policy policy = evaluation.getPolicy();
    ResourcePermission permission = evaluation.getPermission();
    for (Policy associatedPolicy : policy.getAssociatedPolicies()) {
        Map<Object, Decision.Effect> decisions = decisionCache.computeIfAbsent(associatedPolicy, p -> new HashMap<>());
        Decision.Effect effect = decisions.get(permission);
        defaultEvaluation.setPolicy(associatedPolicy);
        if (effect == null) {
            PolicyProvider policyProvider = authorization.getProvider(associatedPolicy.getType());
            if (policyProvider == null) {
                throw new RuntimeException("No policy provider found for policy [" + associatedPolicy.getType() + "]");
            }
            policyProvider.evaluate(defaultEvaluation);
            evaluation.denyIfNoEffect();
            decisions.put(permission, defaultEvaluation.getEffect());
        } else {
            defaultEvaluation.setEffect(effect);
        }
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) DefaultEvaluation(org.keycloak.authorization.policy.evaluation.DefaultEvaluation) Decision(org.keycloak.authorization.Decision) PolicyProvider(org.keycloak.authorization.policy.provider.PolicyProvider) Map(java.util.Map) HashMap(java.util.HashMap) ResourcePermission(org.keycloak.authorization.permission.ResourcePermission)

Aggregations

AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)60 Policy (org.keycloak.authorization.model.Policy)35 ClientModel (org.keycloak.models.ClientModel)35 ResourceServer (org.keycloak.authorization.model.ResourceServer)30 StoreFactory (org.keycloak.authorization.store.StoreFactory)24 RealmModel (org.keycloak.models.RealmModel)23 HashMap (java.util.HashMap)18 UserModel (org.keycloak.models.UserModel)18 Resource (org.keycloak.authorization.model.Resource)16 PolicyProvider (org.keycloak.authorization.policy.provider.PolicyProvider)15 ArrayList (java.util.ArrayList)14 Map (java.util.Map)14 Scope (org.keycloak.authorization.model.Scope)13 List (java.util.List)12 DefaultEvaluation (org.keycloak.authorization.policy.evaluation.DefaultEvaluation)12 KeycloakSession (org.keycloak.models.KeycloakSession)12 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)11 Set (java.util.Set)10 Collectors (java.util.stream.Collectors)10 HashSet (java.util.HashSet)9
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial