Example 16 with PermissionTicket
use of org.keycloak.authorization.model.PermissionTicket in project keycloak by keycloak.
the class ResourceService method toPermissions.
private Collection<ResourcePermission> toPermissions(List<PermissionTicket> tickets) {
Map<String, ResourcePermission> permissions = new HashMap<>();
for (PermissionTicket ticket : tickets) {
ResourcePermission resource = permissions.computeIfAbsent(ticket.getResource().getId(), s -> new ResourcePermission(ticket, provider));
Permission user = resource.getPermission(ticket.getRequester());
if (user == null) {
resource.addPermission(ticket.getRequester(), user = new Permission(ticket.getRequester(), provider));
}
user.addScope(ticket.getScope().getName());
}
return permissions.values();
}
Also used :
PermissionTicket(org.keycloak.authorization.model.PermissionTicket)
HashMap(java.util.HashMap)
Example 17 with PermissionTicket
use of org.keycloak.authorization.model.PermissionTicket in project keycloak by keycloak.
the class ResourceService method getPermissionRequests.
/**
* Returns a list of {@link Permission} requests waiting for the {@link #user} approval.
*
* @return the permission requests waiting for the user approval
*/
@GET
@Path("permissions/requests")
@Produces(MediaType.APPLICATION_JSON)
public Collection<Permission> getPermissionRequests() {
Map<PermissionTicket.FilterOption, String> filters = new EnumMap<>(PermissionTicket.FilterOption.class);
filters.put(PermissionTicket.FilterOption.OWNER, user.getId());
filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.FALSE.toString());
filters.put(PermissionTicket.FilterOption.RESOURCE_ID, resource.getId());
Map<String, Permission> requests = new HashMap<>();
for (PermissionTicket ticket : ticketStore.find(filters, null, -1, -1)) {
requests.computeIfAbsent(ticket.getRequester(), requester -> new Permission(ticket, provider)).addScope(ticket.getScope().getName());
}
return requests.values();
}
Also used :
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
Path(javax.ws.rs.Path)
HashMap(java.util.HashMap)
PermissionTicket(org.keycloak.authorization.model.PermissionTicket)
QueryParam(javax.ws.rs.QueryParam)
Calendar(java.util.Calendar)
UserModel(org.keycloak.models.UserModel)
Consumes(javax.ws.rs.Consumes)
Map(java.util.Map)
ModelToRepresentation.toRepresentation(org.keycloak.models.utils.ModelToRepresentation.toRepresentation)
BadRequestException(javax.ws.rs.BadRequestException)
Auth(org.keycloak.services.managers.Auth)
ResourceServer(org.keycloak.authorization.model.ResourceServer)
Iterator(java.util.Iterator)
EnumMap(java.util.EnumMap)
Collection(java.util.Collection)
KeycloakSession(org.keycloak.models.KeycloakSession)
HttpRequest(org.jboss.resteasy.spi.HttpRequest)
NotFoundException(javax.ws.rs.NotFoundException)
UserProvider(org.keycloak.models.UserProvider)
List(java.util.List)
AccountRoles(org.keycloak.models.AccountRoles)
MediaType(org.keycloak.utils.MediaType)
Response(javax.ws.rs.core.Response)
PUT(javax.ws.rs.PUT)
Collections(java.util.Collections)
PermissionTicket(org.keycloak.authorization.model.PermissionTicket)
HashMap(java.util.HashMap)
EnumMap(java.util.EnumMap)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
Example 18 with PermissionTicket
use of org.keycloak.authorization.model.PermissionTicket in project keycloak by keycloak.
the class ResourceAdapter method updateScopes.
@Override
public void updateScopes(Set<Scope> scopes) {
Resource updated = getDelegateForUpdate();
for (Scope scope : updated.getScopes()) {
if (!scopes.contains(scope)) {
PermissionTicketStore permissionStore = cacheSession.getPermissionTicketStore();
List<PermissionTicket> permissions = permissionStore.findByScope(scope.getId(), getResourceServer());
for (PermissionTicket permission : permissions) {
permissionStore.delete(permission.getId());
}
}
}
PolicyStore policyStore = cacheSession.getPolicyStore();
for (Scope scope : updated.getScopes()) {
if (!scopes.contains(scope)) {
policyStore.findByResource(getId(), getResourceServer(), policy -> policy.removeScope(scope));
}
}
cacheSession.registerResourceInvalidation(cached.getId(), cached.getName(), cached.getType(), cached.getUris(modelSupplier), scopes.stream().map(scope1 -> scope1.getId()).collect(Collectors.toSet()), cached.getResourceServerId(), cached.getOwner());
updated.updateScopes(scopes);
}
Also used :
PermissionTicket(org.keycloak.authorization.model.PermissionTicket)
Scope(org.keycloak.authorization.model.Scope)
PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore)
CachedResource(org.keycloak.models.cache.infinispan.authorization.entities.CachedResource)
Resource(org.keycloak.authorization.model.Resource)
PolicyStore(org.keycloak.authorization.store.PolicyStore)
Example 19 with PermissionTicket
use of org.keycloak.authorization.model.PermissionTicket in project keycloak by keycloak.
the class AuthorizationProvider method createScopeWrapper.
private ScopeStore createScopeWrapper(StoreFactory storeFactory) {
return new ScopeStore() {
ScopeStore delegate = storeFactory.getScopeStore();
@Override
public Scope create(String name, ResourceServer resourceServer) {
return delegate.create(name, resourceServer);
}
@Override
public Scope create(String id, String name, ResourceServer resourceServer) {
return delegate.create(id, name, resourceServer);
}
@Override
public void delete(String id) {
Scope scope = findById(id, null);
PermissionTicketStore ticketStore = AuthorizationProvider.this.getStoreFactory().getPermissionTicketStore();
List<PermissionTicket> permissions = ticketStore.findByScope(id, scope.getResourceServer().getId());
for (PermissionTicket permission : permissions) {
ticketStore.delete(permission.getId());
}
delegate.delete(id);
}
@Override
public Scope findById(String id, String resourceServerId) {
return delegate.findById(id, resourceServerId);
}
@Override
public Scope findByName(String name, String resourceServerId) {
return delegate.findByName(name, resourceServerId);
}
@Override
public List<Scope> findByResourceServer(String id) {
return delegate.findByResourceServer(id);
}
@Override
public List<Scope> findByResourceServer(Map<Scope.FilterOption, String[]> attributes, String resourceServerId, int firstResult, int maxResult) {
return delegate.findByResourceServer(attributes, resourceServerId, firstResult, maxResult);
}
};
}
Also used :
PermissionTicket(org.keycloak.authorization.model.PermissionTicket)
Scope(org.keycloak.authorization.model.Scope)
PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore)
ScopeStore(org.keycloak.authorization.store.ScopeStore)
ResourceServer(org.keycloak.authorization.model.ResourceServer)
Map(java.util.Map)
Example 20 with PermissionTicket
use of org.keycloak.authorization.model.PermissionTicket in project keycloak by keycloak.
the class UserManagedPermissionUtil method removePolicy.
public static void removePolicy(PermissionTicket ticket, StoreFactory storeFactory) {
Policy policy = ticket.getPolicy();
if (policy != null) {
Map<PermissionTicket.FilterOption, String> filter = new EnumMap<>(PermissionTicket.FilterOption.class);
filter.put(PermissionTicket.FilterOption.OWNER, ticket.getOwner());
filter.put(PermissionTicket.FilterOption.REQUESTER, ticket.getRequester());
filter.put(PermissionTicket.FilterOption.RESOURCE_ID, ticket.getResource().getId());
filter.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString());
List<PermissionTicket> tickets = storeFactory.getPermissionTicketStore().find(filter, ticket.getResourceServer().getId(), -1, -1);
if (tickets.isEmpty()) {
PolicyStore policyStore = storeFactory.getPolicyStore();
for (Policy associatedPolicy : policy.getAssociatedPolicies()) {
policyStore.delete(associatedPolicy.getId());
}
policyStore.delete(policy.getId());
} else if (ticket.getScope() != null) {
policy.removeScope(ticket.getScope());
}
}
}
Also used :
Policy(org.keycloak.authorization.model.Policy)
PermissionTicket(org.keycloak.authorization.model.PermissionTicket)
PolicyStore(org.keycloak.authorization.store.PolicyStore)
EnumMap(java.util.EnumMap)
Aggregations
PermissionTicket (org.keycloak.authorization.model.PermissionTicket)34
PermissionTicketStore (org.keycloak.authorization.store.PermissionTicketStore)20
EnumMap (java.util.EnumMap)17
Resource (org.keycloak.authorization.model.Resource)12
Scope (org.keycloak.authorization.model.Scope)12
UserModel (org.keycloak.models.UserModel)10
ArrayList (java.util.ArrayList)8
Map (java.util.Map)8
Path (javax.ws.rs.Path)8
AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)8
HashMap (java.util.HashMap)7
List (java.util.List)7
Policy (org.keycloak.authorization.model.Policy)7
ResourceServer (org.keycloak.authorization.model.ResourceServer)7
ResourceStore (org.keycloak.authorization.store.ResourceStore)7
Consumes (javax.ws.rs.Consumes)6
StoreFactory (org.keycloak.authorization.store.StoreFactory)6
Collection (java.util.Collection)5
Collectors (java.util.stream.Collectors)5
POST (javax.ws.rs.POST)5
