Examples with PermissionTicket org.keycloak.authorization.model.PermissionTicket used on opensource projects

Search in sources :

Example 11 with PermissionTicket

use of org.keycloak.authorization.model.PermissionTicket in project keycloak by keycloak.

the class JPAPermissionTicketStore method findByResource.

@Override
public List<PermissionTicket> findByResource(final String resourceId, String resourceServerId) {
    TypedQuery<String> query = entityManager.createNamedQuery("findPermissionIdByResource", String.class);
    query.setFlushMode(FlushModeType.COMMIT);
    query.setParameter("resourceId", resourceId);
    query.setParameter("serverId", resourceServerId);
    List<String> result = query.getResultList();
    List<PermissionTicket> list = new LinkedList<>();
    PermissionTicketStore ticketStore = provider.getStoreFactory().getPermissionTicketStore();
    for (String id : result) {
        PermissionTicket ticket = ticketStore.findById(id, resourceServerId);
        if (Objects.nonNull(ticket)) {
            list.add(ticket);
        }
    }
    return list;
}
Also used : PermissionTicket(org.keycloak.authorization.model.PermissionTicket) PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore) LinkedList(java.util.LinkedList)

Example 12 with PermissionTicket

use of org.keycloak.authorization.model.PermissionTicket in project keycloak by keycloak.

the class JPAPermissionTicketStore method findByResourceServer.

@Override
public List<PermissionTicket> findByResourceServer(final String resourceServerId) {
    TypedQuery<String> query = entityManager.createNamedQuery("findPolicyIdByServerId", String.class);
    query.setParameter("serverId", resourceServerId);
    List<String> result = query.getResultList();
    List<PermissionTicket> list = new LinkedList<>();
    PermissionTicketStore ticketStore = provider.getStoreFactory().getPermissionTicketStore();
    for (String id : result) {
        PermissionTicket ticket = ticketStore.findById(id, resourceServerId);
        if (Objects.nonNull(ticket)) {
            list.add(ticket);
        }
    }
    return list;
}
Also used : PermissionTicket(org.keycloak.authorization.model.PermissionTicket) PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore) LinkedList(java.util.LinkedList)

Example 13 with PermissionTicket

use of org.keycloak.authorization.model.PermissionTicket in project keycloak by keycloak.

the class JPAPermissionTicketStore method findByScope.

@Override
public List<PermissionTicket> findByScope(String scopeId, String resourceServerId) {
    if (scopeId == null) {
        return Collections.emptyList();
    }
    // Use separate subquery to handle DB2 and MSSSQL
    TypedQuery<String> query = entityManager.createNamedQuery("findPermissionIdByScope", String.class);
    query.setFlushMode(FlushModeType.COMMIT);
    query.setParameter("scopeId", scopeId);
    query.setParameter("serverId", resourceServerId);
    List<String> result = query.getResultList();
    List<PermissionTicket> list = new LinkedList<>();
    PermissionTicketStore ticketStore = provider.getStoreFactory().getPermissionTicketStore();
    for (String id : result) {
        PermissionTicket ticket = ticketStore.findById(id, resourceServerId);
        if (Objects.nonNull(ticket)) {
            list.add(ticket);
        }
    }
    return list;
}
Also used : PermissionTicket(org.keycloak.authorization.model.PermissionTicket) PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore) LinkedList(java.util.LinkedList)

Example 14 with PermissionTicket

use of org.keycloak.authorization.model.PermissionTicket in project keycloak by keycloak.

the class JPAPermissionTicketStore method find.

@Override
public List<PermissionTicket> find(Map<PermissionTicket.FilterOption, String> attributes, String resourceServerId, int firstResult, int maxResult) {
    CriteriaBuilder builder = entityManager.getCriteriaBuilder();
    CriteriaQuery<PermissionTicketEntity> querybuilder = builder.createQuery(PermissionTicketEntity.class);
    Root<PermissionTicketEntity> root = querybuilder.from(PermissionTicketEntity.class);
    querybuilder.select(root.get("id"));
    List<Predicate> predicates = getPredicates(builder, root, resourceServerId, attributes);
    querybuilder.where(predicates.toArray(new Predicate[predicates.size()])).orderBy(builder.asc(root.get("id")));
    TypedQuery query = entityManager.createQuery(querybuilder);
    List<String> result = paginateQuery(query, firstResult, maxResult).getResultList();
    List<PermissionTicket> list = new LinkedList<>();
    PermissionTicketStore ticketStore = provider.getStoreFactory().getPermissionTicketStore();
    for (String id : result) {
        PermissionTicket ticket = ticketStore.findById(id, resourceServerId);
        if (Objects.nonNull(ticket)) {
            list.add(ticket);
        }
    }
    return list;
}
Also used : CriteriaBuilder(javax.persistence.criteria.CriteriaBuilder) PermissionTicket(org.keycloak.authorization.model.PermissionTicket) TypedQuery(javax.persistence.TypedQuery) LinkedList(java.util.LinkedList) Predicate(javax.persistence.criteria.Predicate) PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore) PermissionTicketEntity(org.keycloak.authorization.jpa.entities.PermissionTicketEntity)

Example 15 with PermissionTicket

use of org.keycloak.authorization.model.PermissionTicket in project keycloak by keycloak.

the class ResourceService method revoke.

/**
 * Updates the permission set for a resource based on the given {@code permissions}.
 *
 * @param permissions the permissions that should be updated
 * @return if successful, a {@link Response.Status#NO_CONTENT} response
 */
@PUT
@Path("permissions")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Response revoke(List<Permission> permissions) {
    auth.require(AccountRoles.MANAGE_ACCOUNT);
    if (permissions == null || permissions.isEmpty()) {
        throw new BadRequestException("invalid_permissions");
    }
    Map<PermissionTicket.FilterOption, String> filters = new EnumMap<>(PermissionTicket.FilterOption.class);
    filters.put(PermissionTicket.FilterOption.RESOURCE_ID, resource.getId());
    for (Permission permission : permissions) {
        UserModel user = getUser(permission.getUsername());
        filters.put(PermissionTicket.FilterOption.REQUESTER, user.getId());
        List<PermissionTicket> tickets = ticketStore.find(filters, resource.getResourceServer(), -1, -1);
        // grants all requested permissions
        if (tickets.isEmpty()) {
            for (String scope : permission.getScopes()) {
                grantPermission(user, scope);
            }
        } else {
            Iterator<String> scopesIterator = permission.getScopes().iterator();
            while (scopesIterator.hasNext()) {
                org.keycloak.authorization.model.Scope scope = getScope(scopesIterator.next(), resourceServer);
                Iterator<PermissionTicket> ticketIterator = tickets.iterator();
                while (ticketIterator.hasNext()) {
                    PermissionTicket ticket = ticketIterator.next();
                    if (scope.getId().equals(ticket.getScope().getId())) {
                        if (!ticket.isGranted()) {
                            ticket.setGrantedTimestamp(System.currentTimeMillis());
                        }
                        // permission exists, remove from the list to avoid deletion
                        ticketIterator.remove();
                        // scope already granted, remove from the list to avoid creating it again
                        scopesIterator.remove();
                    }
                }
            }
            // only create permissions for the scopes that don't have a tocket
            for (String scope : permission.getScopes()) {
                grantPermission(user, scope);
            }
            // remove all tickets that are not within the requested permissions
            for (PermissionTicket ticket : tickets) {
                ticketStore.delete(ticket.getId());
            }
        }
    }
    return Response.noContent().build();
}
Also used : PermissionTicket(org.keycloak.authorization.model.PermissionTicket) UserModel(org.keycloak.models.UserModel) BadRequestException(javax.ws.rs.BadRequestException) EnumMap(java.util.EnumMap) Path(javax.ws.rs.Path) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) PUT(javax.ws.rs.PUT)

Aggregations

PermissionTicket (org.keycloak.authorization.model.PermissionTicket)34 PermissionTicketStore (org.keycloak.authorization.store.PermissionTicketStore)20 EnumMap (java.util.EnumMap)17 Resource (org.keycloak.authorization.model.Resource)12 Scope (org.keycloak.authorization.model.Scope)12 UserModel (org.keycloak.models.UserModel)10 ArrayList (java.util.ArrayList)8 Map (java.util.Map)8 Path (javax.ws.rs.Path)8 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)8 HashMap (java.util.HashMap)7 List (java.util.List)7 Policy (org.keycloak.authorization.model.Policy)7 ResourceServer (org.keycloak.authorization.model.ResourceServer)7 ResourceStore (org.keycloak.authorization.store.ResourceStore)7 Consumes (javax.ws.rs.Consumes)6 StoreFactory (org.keycloak.authorization.store.StoreFactory)6 Collection (java.util.Collection)5 Collectors (java.util.stream.Collectors)5 POST (javax.ws.rs.POST)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial