Examples with Entry org.keycloak.authorization.attribute.Attributes.Entry used on opensource projects

Search in sources :

Example 1 with Entry

use of org.keycloak.authorization.attribute.Attributes.Entry in project keycloak by keycloak.

the class GroupPolicyProvider method evaluate.

@Override
public void evaluate(Evaluation evaluation) {
    AuthorizationProvider authorizationProvider = evaluation.getAuthorizationProvider();
    GroupPolicyRepresentation policy = representationFunction.apply(evaluation.getPolicy(), authorizationProvider);
    RealmModel realm = authorizationProvider.getRealm();
    Attributes.Entry groupsClaim = evaluation.getContext().getIdentity().getAttributes().getValue(policy.getGroupsClaim());
    if (groupsClaim == null || groupsClaim.isEmpty()) {
        List<String> userGroups = evaluation.getRealm().getUserGroups(evaluation.getContext().getIdentity().getId());
        groupsClaim = new Entry(policy.getGroupsClaim(), userGroups);
    }
    for (GroupPolicyRepresentation.GroupDefinition definition : policy.getGroups()) {
        GroupModel allowedGroup = realm.getGroupById(definition.getId());
        for (int i = 0; i < groupsClaim.size(); i++) {
            String group = groupsClaim.asString(i);
            if (group.indexOf('/') != -1) {
                String allowedGroupPath = buildGroupPath(allowedGroup);
                if (group.equals(allowedGroupPath) || (definition.isExtendChildren() && group.startsWith(allowedGroupPath))) {
                    evaluation.grant();
                    return;
                }
            }
            // in case the group from the claim does not represent a path, we just check an exact name match
            if (group.equals(allowedGroup.getName())) {
                evaluation.grant();
                return;
            }
        }
    }
}
Also used : RealmModel(org.keycloak.models.RealmModel) Entry(org.keycloak.authorization.attribute.Attributes.Entry) Entry(org.keycloak.authorization.attribute.Attributes.Entry) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) Attributes(org.keycloak.authorization.attribute.Attributes) GroupModel(org.keycloak.models.GroupModel) GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation)

Aggregations

AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)1 Attributes (org.keycloak.authorization.attribute.Attributes)1 Entry (org.keycloak.authorization.attribute.Attributes.Entry)1 GroupModel (org.keycloak.models.GroupModel)1 RealmModel (org.keycloak.models.RealmModel)1 GroupPolicyRepresentation (org.keycloak.representations.idm.authorization.GroupPolicyRepresentation)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial