Example 1 with AuthorizationService
use of org.keycloak.authorization.admin.AuthorizationService in project keycloak by keycloak.
the class KeycloakOIDCClientInstallation method configureAuthorizationSettings.
private void configureAuthorizationSettings(KeycloakSession session, ClientModel client, ClientManager.InstallationAdapterConfig rep) {
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION) && new AuthorizationService(session, client, null, null).isEnabled()) {
PolicyEnforcerConfig enforcerConfig = new PolicyEnforcerConfig();
enforcerConfig.setEnforcementMode(null);
enforcerConfig.setLazyLoadPaths(null);
rep.setEnforcerConfig(enforcerConfig);
Iterator<RoleModel> it = client.getRolesStream().iterator();
RoleModel role = hasOnlyOne(it);
if (role != null && role.getName().equals(Constants.AUTHZ_UMA_PROTECTION)) {
rep.setUseResourceRoleMappings(null);
}
}
}
Also used :
AuthorizationService(org.keycloak.authorization.admin.AuthorizationService)
RoleModel(org.keycloak.models.RoleModel)
PolicyEnforcerConfig(org.keycloak.representations.adapters.config.PolicyEnforcerConfig)
Example 2 with AuthorizationService
use of org.keycloak.authorization.admin.AuthorizationService in project keycloak by keycloak.
the class ClientResource method authorization.
@Path("/authz")
public AuthorizationService authorization() {
ProfileHelper.requireFeature(Profile.Feature.AUTHORIZATION);
AuthorizationService resource = new AuthorizationService(this.session, this.client, this.auth, adminEvent);
ResteasyProviderFactory.getInstance().injectProperties(resource);
return resource;
}
Also used :
AuthorizationService(org.keycloak.authorization.admin.AuthorizationService)
Path(javax.ws.rs.Path)
Example 3 with AuthorizationService
use of org.keycloak.authorization.admin.AuthorizationService in project keycloak by keycloak.
the class ClientsResource method createClient.
/**
* Create a new client
*
* Client's client_id must be unique!
*
* @param rep
* @return
*/
@POST
@Consumes(MediaType.APPLICATION_JSON)
public Response createClient(final ClientRepresentation rep) {
auth.clients().requireManage();
try {
session.clientPolicy().triggerOnEvent(new AdminClientRegisterContext(rep, auth.adminAuth()));
ClientModel clientModel = ClientManager.createClient(session, realm, rep);
if (TRUE.equals(rep.isServiceAccountsEnabled())) {
UserModel serviceAccount = session.users().getServiceAccount(clientModel);
if (serviceAccount == null) {
new ClientManager(new RealmManager(session)).enableServiceAccount(clientModel);
}
}
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), clientModel.getId()).representation(rep).success();
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION) && TRUE.equals(rep.getAuthorizationServicesEnabled())) {
AuthorizationService authorizationService = getAuthorizationService(clientModel);
authorizationService.enable(true);
ResourceServerRepresentation authorizationSettings = rep.getAuthorizationSettings();
if (authorizationSettings != null) {
authorizationService.resourceServer().importSettings(authorizationSettings);
}
}
ValidationUtil.validateClient(session, clientModel, true, r -> {
session.getTransactionManager().setRollbackOnly();
throw new ErrorResponseException(Errors.INVALID_INPUT, r.getAllLocalizedErrorsAsString(AdminRoot.getMessages(session, realm, auth.adminAuth().getToken().getLocale())), Response.Status.BAD_REQUEST);
});
session.clientPolicy().triggerOnEvent(new AdminClientRegisteredContext(clientModel, auth.adminAuth()));
return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(clientModel.getId()).build()).build();
} catch (ModelDuplicateException e) {
return ErrorResponse.exists("Client " + rep.getClientId() + " already exists");
} catch (ClientPolicyException cpe) {
throw new ErrorResponseException(cpe.getError(), cpe.getErrorDetail(), Response.Status.BAD_REQUEST);
}
}
Also used :
UserModel(org.keycloak.models.UserModel)
ClientModel(org.keycloak.models.ClientModel)
AdminClientRegisteredContext(org.keycloak.services.clientpolicy.context.AdminClientRegisteredContext)
AuthorizationService(org.keycloak.authorization.admin.AuthorizationService)
ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation)
ClientManager(org.keycloak.services.managers.ClientManager)
ModelDuplicateException(org.keycloak.models.ModelDuplicateException)
ErrorResponseException(org.keycloak.services.ErrorResponseException)
RealmManager(org.keycloak.services.managers.RealmManager)
AdminClientRegisterContext(org.keycloak.services.clientpolicy.context.AdminClientRegisterContext)
ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Aggregations
AuthorizationService (org.keycloak.authorization.admin.AuthorizationService)3
Consumes (javax.ws.rs.Consumes)1
POST (javax.ws.rs.POST)1
Path (javax.ws.rs.Path)1
ClientModel (org.keycloak.models.ClientModel)1
ModelDuplicateException (org.keycloak.models.ModelDuplicateException)1
RoleModel (org.keycloak.models.RoleModel)1
UserModel (org.keycloak.models.UserModel)1
PolicyEnforcerConfig (org.keycloak.representations.adapters.config.PolicyEnforcerConfig)1
ResourceServerRepresentation (org.keycloak.representations.idm.authorization.ResourceServerRepresentation)1
ErrorResponseException (org.keycloak.services.ErrorResponseException)1
ClientPolicyException (org.keycloak.services.clientpolicy.ClientPolicyException)1
AdminClientRegisterContext (org.keycloak.services.clientpolicy.context.AdminClientRegisterContext)1
AdminClientRegisteredContext (org.keycloak.services.clientpolicy.context.AdminClientRegisteredContext)1
ClientManager (org.keycloak.services.managers.ClientManager)1
RealmManager (org.keycloak.services.managers.RealmManager)1
