Examples with AuthorizationProvider org.keycloak.authorization.AuthorizationProvider used on opensource projects

Search in sources :

Example 26 with AuthorizationProvider

use of org.keycloak.authorization.AuthorizationProvider in project keycloak by keycloak.

the class UmaRepresentationTest method testCanRepresentResourceBeanOfResourceOwnedByUser.

public static void testCanRepresentResourceBeanOfResourceOwnedByUser(KeycloakSession session) {
    session.getContext().setRealm(session.realms().getRealmByName("authz-test"));
    AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
    AuthorizationBean authorizationBean = new AuthorizationBean(session, null, session.getContext().getUri());
    ClientModel client = session.getContext().getRealm().getClientByClientId("resource-server-test");
    UserModel user = session.userStorageManager().getUserByUsername(session.getContext().getRealm(), "marta");
    ResourceBean resourceBean = authorizationBean.new ResourceBean(authorization.getStoreFactory().getResourceStore().findByName("Resource A", user.getId(), client.getId()));
    Assert.assertEquals("Resource A", resourceBean.getName());
    Assert.assertEquals("marta", resourceBean.getOwnerName());
    Assert.assertNotNull(resourceBean.getUserOwner());
    Assert.assertEquals("marta", resourceBean.getUserOwner().getUsername());
    Assert.assertNull(resourceBean.getClientOwner());
}
Also used : UserModel(org.keycloak.models.UserModel) ClientModel(org.keycloak.models.ClientModel) ResourceBean(org.keycloak.forms.account.freemarker.model.AuthorizationBean.ResourceBean) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) AuthorizationBean(org.keycloak.forms.account.freemarker.model.AuthorizationBean)

Example 27 with AuthorizationProvider

use of org.keycloak.authorization.AuthorizationProvider in project keycloak by keycloak.

the class UmaRepresentationTest method testCanRepresentResourceBeanOfResourceOwnedByClient.

public static void testCanRepresentResourceBeanOfResourceOwnedByClient(KeycloakSession session) {
    session.getContext().setRealm(session.realms().getRealmByName("authz-test"));
    AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
    AuthorizationBean authorizationBean = new AuthorizationBean(session, null, session.getContext().getUri());
    ClientModel client = session.getContext().getRealm().getClientByClientId("resource-server-test");
    ResourceBean resourceBean = authorizationBean.new ResourceBean(authorization.getStoreFactory().getResourceStore().findByName("Resource A", client.getId(), client.getId()));
    Assert.assertEquals("Resource A", resourceBean.getName());
    Assert.assertEquals("resource-server-test", resourceBean.getOwnerName());
    Assert.assertNotNull(resourceBean.getClientOwner());
    Assert.assertEquals("resource-server-test", resourceBean.getClientOwner().getClientId());
    Assert.assertNull(resourceBean.getUserOwner());
}
Also used : ClientModel(org.keycloak.models.ClientModel) ResourceBean(org.keycloak.forms.account.freemarker.model.AuthorizationBean.ResourceBean) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) AuthorizationBean(org.keycloak.forms.account.freemarker.model.AuthorizationBean)

Example 28 with AuthorizationProvider

use of org.keycloak.authorization.AuthorizationProvider in project keycloak by keycloak.

the class PolicyEvaluationCompositeRoleTest method setup.

public static void setup(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName(TEST);
    session.getContext().setRealm(realm);
    ClientModel client = session.clients().addClient(realm, "myclient");
    RoleModel role1 = client.addRole("client-role1");
    AuthorizationProviderFactory factory = (AuthorizationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class);
    AuthorizationProvider authz = factory.create(session, realm);
    ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().create(client);
    Policy policy = createRolePolicy(authz, resourceServer, role1);
    Scope scope = authz.getStoreFactory().getScopeStore().create("myscope", resourceServer);
    Resource resource = authz.getStoreFactory().getResourceStore().create("myresource", resourceServer, resourceServer.getId());
    addScopePermission(authz, resourceServer, "mypermission", resource, scope, policy);
    RoleModel composite = realm.addRole("composite");
    composite.addCompositeRole(role1);
    UserModel user = session.users().addUser(realm, "user");
    user.grantRole(composite);
}
Also used : RealmModel(org.keycloak.models.RealmModel) Policy(org.keycloak.authorization.model.Policy) UserModel(org.keycloak.models.UserModel) ClientModel(org.keycloak.models.ClientModel) Scope(org.keycloak.authorization.model.Scope) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) RealmResource(org.keycloak.admin.client.resource.RealmResource) Resource(org.keycloak.authorization.model.Resource) AuthorizationProviderFactory(org.keycloak.authorization.AuthorizationProviderFactory) RoleModel(org.keycloak.models.RoleModel) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Example 29 with AuthorizationProvider

use of org.keycloak.authorization.AuthorizationProvider in project keycloak by keycloak.

the class ClientPolicyProviderFactory method postInit.

@Override
public void postInit(KeycloakSessionFactory factory) {
    factory.register(event -> {
        if (event instanceof ClientRemovedEvent) {
            KeycloakSession keycloakSession = ((ClientRemovedEvent) event).getKeycloakSession();
            AuthorizationProvider provider = keycloakSession.getProvider(AuthorizationProvider.class);
            StoreFactory storeFactory = provider.getStoreFactory();
            PolicyStore policyStore = storeFactory.getPolicyStore();
            ClientModel removedClient = ((ClientRemovedEvent) event).getClient();
            ResourceServerStore resourceServerStore = storeFactory.getResourceServerStore();
            ResourceServer resourceServer = resourceServerStore.findByClient(removedClient);
            if (resourceServer != null) {
                policyStore.findByType(getId(), resourceServer.getId()).forEach(policy -> {
                    List<String> clients = new ArrayList<>();
                    for (String clientId : getClients(policy)) {
                        if (!clientId.equals(removedClient.getId())) {
                            clients.add(clientId);
                        }
                    }
                    try {
                        if (clients.isEmpty()) {
                            policyStore.delete(policy.getId());
                        } else {
                            policy.putConfig("clients", JsonSerialization.writeValueAsString(clients));
                        }
                    } catch (IOException e) {
                        throw new RuntimeException("Error while synchronizing clients with policy [" + policy.getName() + "].", e);
                    }
                });
            }
        }
    });
}
Also used : ClientRemovedEvent(org.keycloak.models.ClientModel.ClientRemovedEvent) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) ArrayList(java.util.ArrayList) IOException(java.io.IOException) StoreFactory(org.keycloak.authorization.store.StoreFactory) ClientModel(org.keycloak.models.ClientModel) ResourceServerStore(org.keycloak.authorization.store.ResourceServerStore) KeycloakSession(org.keycloak.models.KeycloakSession) PolicyStore(org.keycloak.authorization.store.PolicyStore) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Example 30 with AuthorizationProvider

use of org.keycloak.authorization.AuthorizationProvider in project keycloak by keycloak.

the class ClientScopePolicyProviderFactory method postInit.

@Override
public void postInit(KeycloakSessionFactory factory) {
    factory.register(event -> {
        if (event instanceof ClientScopeRemovedEvent) {
            KeycloakSession keycloakSession = ((ClientScopeRemovedEvent) event).getKeycloakSession();
            AuthorizationProvider provider = keycloakSession.getProvider(AuthorizationProvider.class);
            StoreFactory storeFactory = provider.getStoreFactory();
            PolicyStore policyStore = storeFactory.getPolicyStore();
            ClientScopeModel removedClientScope = ((ClientScopeRemovedEvent) event).getClientScope();
            Map<Policy.FilterOption, String[]> filters = new HashMap<>();
            filters.put(Policy.FilterOption.TYPE, new String[] { getId() });
            policyStore.findByResourceServer(filters, null, -1, -1).forEach(new Consumer<Policy>() {

                @Override
                public void accept(Policy policy) {
                    List<Map<String, Object>> clientScopes = new ArrayList<>();
                    for (Map<String, Object> clientScope : getClientScopes(policy)) {
                        if (!clientScope.get("id").equals(removedClientScope.getId())) {
                            Map<String, Object> updated = new HashMap<>();
                            updated.put("id", clientScope.get("id"));
                            Object required = clientScope.get("required");
                            if (required != null) {
                                updated.put("required", required);
                            }
                            clientScopes.add(updated);
                        }
                    }
                    if (clientScopes.isEmpty()) {
                        policyStore.delete(policy.getId());
                    } else {
                        try {
                            policy.putConfig("clientScopes", JsonSerialization.writeValueAsString(clientScopes));
                        } catch (IOException e) {
                            throw new RuntimeException("Error while synchronizing client scopes with policy [" + policy.getName() + "].", e);
                        }
                    }
                }
            });
        }
    });
}
Also used : Policy(org.keycloak.authorization.model.Policy) ClientScopeRemovedEvent(org.keycloak.models.ClientScopeModel.ClientScopeRemovedEvent) HashMap(java.util.HashMap) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) ClientScopeModel(org.keycloak.models.ClientScopeModel) IOException(java.io.IOException) StoreFactory(org.keycloak.authorization.store.StoreFactory) KeycloakSession(org.keycloak.models.KeycloakSession) PolicyStore(org.keycloak.authorization.store.PolicyStore) ArrayList(java.util.ArrayList) List(java.util.List) HashMap(java.util.HashMap) Map(java.util.Map)

Aggregations

AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)60 Policy (org.keycloak.authorization.model.Policy)35 ClientModel (org.keycloak.models.ClientModel)35 ResourceServer (org.keycloak.authorization.model.ResourceServer)30 StoreFactory (org.keycloak.authorization.store.StoreFactory)24 RealmModel (org.keycloak.models.RealmModel)23 HashMap (java.util.HashMap)18 UserModel (org.keycloak.models.UserModel)18 Resource (org.keycloak.authorization.model.Resource)16 PolicyProvider (org.keycloak.authorization.policy.provider.PolicyProvider)15 ArrayList (java.util.ArrayList)14 Map (java.util.Map)14 Scope (org.keycloak.authorization.model.Scope)13 List (java.util.List)12 DefaultEvaluation (org.keycloak.authorization.policy.evaluation.DefaultEvaluation)12 KeycloakSession (org.keycloak.models.KeycloakSession)12 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)11 Set (java.util.Set)10 Collectors (java.util.stream.Collectors)10 HashSet (java.util.HashSet)9
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial