Examples with Identity org.keycloak.authorization.identity.Identity used on opensource projects

Search in sources :

Example 1 with Identity

use of org.keycloak.authorization.identity.Identity in project keycloak by keycloak.

the class UMAPolicyProvider method evaluate.

@Override
public void evaluate(Evaluation evaluation) {
    ResourcePermission permission = evaluation.getPermission();
    Resource resource = permission.getResource();
    if (resource != null) {
        Identity identity = evaluation.getContext().getIdentity();
        // no need to evaluate UMA permissions to resource owner resources
        if (resource.getOwner().equals(identity.getId())) {
            evaluation.grant();
            return;
        }
    }
    super.evaluate(evaluation);
}
Also used : Resource(org.keycloak.authorization.model.Resource) Identity(org.keycloak.authorization.identity.Identity) ResourcePermission(org.keycloak.authorization.permission.ResourcePermission)

Example 2 with Identity

use of org.keycloak.authorization.identity.Identity in project keycloak by keycloak.

the class ClientScopePolicyProvider method evaluate.

@Override
public void evaluate(Evaluation evaluation) {
    Policy policy = evaluation.getPolicy();
    Set<ClientScopePolicyRepresentation.ClientScopeDefinition> clientScopeIds = representationFunction.apply(policy, evaluation.getAuthorizationProvider()).getClientScopes();
    AuthorizationProvider authorizationProvider = evaluation.getAuthorizationProvider();
    RealmModel realm = authorizationProvider.getKeycloakSession().getContext().getRealm();
    Identity identity = evaluation.getContext().getIdentity();
    for (ClientScopePolicyRepresentation.ClientScopeDefinition clientScopeDefinition : clientScopeIds) {
        ClientScopeModel clientScope = realm.getClientScopeById(clientScopeDefinition.getId());
        if (clientScope != null) {
            boolean hasClientScope = hasClientScope(identity, clientScope);
            if (!hasClientScope && clientScopeDefinition.isRequired()) {
                evaluation.deny();
                return;
            } else if (hasClientScope) {
                evaluation.grant();
            }
        }
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) RealmModel(org.keycloak.models.RealmModel) ClientScopePolicyRepresentation(org.keycloak.representations.idm.authorization.ClientScopePolicyRepresentation) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) ClientScopeModel(org.keycloak.models.ClientScopeModel) Identity(org.keycloak.authorization.identity.Identity)

Example 3 with Identity

use of org.keycloak.authorization.identity.Identity in project keycloak by keycloak.

the class RolePolicyProvider method evaluate.

@Override
public void evaluate(Evaluation evaluation) {
    Policy policy = evaluation.getPolicy();
    Set<RolePolicyRepresentation.RoleDefinition> roleIds = representationFunction.apply(policy, evaluation.getAuthorizationProvider()).getRoles();
    AuthorizationProvider authorizationProvider = evaluation.getAuthorizationProvider();
    RealmModel realm = authorizationProvider.getKeycloakSession().getContext().getRealm();
    Identity identity = evaluation.getContext().getIdentity();
    for (RolePolicyRepresentation.RoleDefinition roleDefinition : roleIds) {
        RoleModel role = realm.getRoleById(roleDefinition.getId());
        if (role != null) {
            boolean hasRole = hasRole(identity, role, realm);
            if (!hasRole && roleDefinition.isRequired()) {
                evaluation.deny();
                return;
            } else if (hasRole) {
                evaluation.grant();
            }
        }
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) RealmModel(org.keycloak.models.RealmModel) RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) RoleModel(org.keycloak.models.RoleModel) Identity(org.keycloak.authorization.identity.Identity)

Aggregations

Identity (org.keycloak.authorization.identity.Identity)3 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)2 Policy (org.keycloak.authorization.model.Policy)2 RealmModel (org.keycloak.models.RealmModel)2 Resource (org.keycloak.authorization.model.Resource)1 ResourcePermission (org.keycloak.authorization.permission.ResourcePermission)1 ClientScopeModel (org.keycloak.models.ClientScopeModel)1 RoleModel (org.keycloak.models.RoleModel)1 ClientScopePolicyRepresentation (org.keycloak.representations.idm.authorization.ClientScopePolicyRepresentation)1 RolePolicyRepresentation (org.keycloak.representations.idm.authorization.RolePolicyRepresentation)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial