Examples with PermissionTicket org.keycloak.authorization.model.PermissionTicket used on opensource projects

Search in sources :

Example 26 with PermissionTicket

use of org.keycloak.authorization.model.PermissionTicket in project keycloak by keycloak.

the class ResourcesService method getPendingRequests.

/**
 */
@GET
@Path("pending-requests")
@Produces(MediaType.APPLICATION_JSON)
public Response getPendingRequests() {
    Map<PermissionTicket.FilterOption, String> filters = new EnumMap<>(PermissionTicket.FilterOption.class);
    filters.put(PermissionTicket.FilterOption.REQUESTER, user.getId());
    filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.FALSE.toString());
    final List<PermissionTicket> permissionTickets = ticketStore.find(filters, null, -1, -1);
    final List<ResourcePermission> resourceList = new ArrayList<>(permissionTickets.size());
    for (PermissionTicket ticket : permissionTickets) {
        ResourcePermission resourcePermission = new ResourcePermission(ticket.getResource(), provider);
        resourcePermission.addScope(new Scope(ticket.getScope()));
        resourceList.add(resourcePermission);
    }
    return queryResponse((f, m) -> resourceList.stream(), -1, resourceList.size());
}
Also used : PermissionTicket(org.keycloak.authorization.model.PermissionTicket) ArrayList(java.util.ArrayList) EnumMap(java.util.EnumMap) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET)

Example 27 with PermissionTicket

use of org.keycloak.authorization.model.PermissionTicket in project keycloak by keycloak.

the class ResourcesService method toPermissions.

private Collection<ResourcePermission> toPermissions(List<org.keycloak.authorization.model.Resource> resources, boolean withRequesters) {
    Collection<ResourcePermission> permissions = new ArrayList<>();
    PermissionTicketStore ticketStore = provider.getStoreFactory().getPermissionTicketStore();
    for (org.keycloak.authorization.model.Resource resource : resources) {
        ResourcePermission permission = new ResourcePermission(resource, provider);
        List<PermissionTicket> tickets;
        if (withRequesters) {
            Map<PermissionTicket.FilterOption, String> filters = new EnumMap<>(PermissionTicket.FilterOption.class);
            filters.put(PermissionTicket.FilterOption.OWNER, user.getId());
            filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString());
            filters.put(PermissionTicket.FilterOption.RESOURCE_ID, resource.getId());
            tickets = ticketStore.find(filters, null, -1, -1);
        } else {
            tickets = ticketStore.findGranted(resource.getName(), user.getId(), null);
        }
        for (PermissionTicket ticket : tickets) {
            if (resource.equals(ticket.getResource())) {
                if (withRequesters) {
                    Permission user = permission.getPermission(ticket.getRequester());
                    if (user == null) {
                        permission.addPermission(ticket.getRequester(), user = new Permission(ticket.getRequester(), provider));
                    }
                    user.addScope(ticket.getScope().getName());
                } else {
                    permission.addScope(new Scope(ticket.getScope()));
                }
            }
        }
        permissions.add(permission);
    }
    return permissions;
}
Also used : PermissionTicket(org.keycloak.authorization.model.PermissionTicket) ArrayList(java.util.ArrayList) PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore) EnumMap(java.util.EnumMap)

Example 28 with PermissionTicket

use of org.keycloak.authorization.model.PermissionTicket in project keycloak by keycloak.

the class JPAPermissionTicketStore method create.

@Override
public PermissionTicket create(String resourceId, String scopeId, String requester, ResourceServer resourceServer) {
    PermissionTicketEntity entity = new PermissionTicketEntity();
    entity.setId(KeycloakModelUtils.generateId());
    entity.setResource(ResourceAdapter.toEntity(entityManager, provider.getStoreFactory().getResourceStore().findById(resourceId, resourceServer.getId())));
    entity.setRequester(requester);
    entity.setCreatedTimestamp(System.currentTimeMillis());
    if (scopeId != null) {
        entity.setScope(ScopeAdapter.toEntity(entityManager, provider.getStoreFactory().getScopeStore().findById(scopeId, resourceServer.getId())));
    }
    entity.setOwner(entity.getResource().getOwner());
    entity.setResourceServer(ResourceServerAdapter.toEntity(entityManager, resourceServer));
    this.entityManager.persist(entity);
    this.entityManager.flush();
    PermissionTicket model = new PermissionTicketAdapter(entity, entityManager, provider.getStoreFactory());
    return model;
}
Also used : PermissionTicket(org.keycloak.authorization.model.PermissionTicket) PermissionTicketEntity(org.keycloak.authorization.jpa.entities.PermissionTicketEntity)

Example 29 with PermissionTicket

use of org.keycloak.authorization.model.PermissionTicket in project keycloak by keycloak.

the class JPAPermissionTicketStore method findByOwner.

@Override
public List<PermissionTicket> findByOwner(String owner, String resourceServerId) {
    TypedQuery<String> query = entityManager.createNamedQuery("findPolicyIdByType", String.class);
    query.setFlushMode(FlushModeType.COMMIT);
    query.setParameter("serverId", resourceServerId);
    query.setParameter("owner", owner);
    List<String> result = query.getResultList();
    List<PermissionTicket> list = new LinkedList<>();
    PermissionTicketStore ticketStore = provider.getStoreFactory().getPermissionTicketStore();
    for (String id : result) {
        PermissionTicket ticket = ticketStore.findById(id, resourceServerId);
        if (Objects.nonNull(ticket)) {
            list.add(ticket);
        }
    }
    return list;
}
Also used : PermissionTicket(org.keycloak.authorization.model.PermissionTicket) PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore) LinkedList(java.util.LinkedList)

Example 30 with PermissionTicket

use of org.keycloak.authorization.model.PermissionTicket in project keycloak by keycloak.

the class PolicyEvaluationResponseBuilder method toRepresentation.

private static PolicyEvaluationResponse.PolicyResultRepresentation toRepresentation(Result.PolicyResult result, AuthorizationProvider authorization) {
    PolicyEvaluationResponse.PolicyResultRepresentation policyResultRep = new PolicyEvaluationResponse.PolicyResultRepresentation();
    PolicyRepresentation representation = new PolicyRepresentation();
    Policy policy = result.getPolicy();
    representation.setId(policy.getId());
    representation.setName(policy.getName());
    representation.setType(policy.getType());
    representation.setDecisionStrategy(policy.getDecisionStrategy());
    representation.setDescription(policy.getDescription());
    if ("uma".equals(representation.getType())) {
        Map<PermissionTicket.FilterOption, String> filters = new EnumMap<>(PermissionTicket.FilterOption.class);
        filters.put(PermissionTicket.FilterOption.POLICY_ID, policy.getId());
        List<PermissionTicket> tickets = authorization.getStoreFactory().getPermissionTicketStore().find(filters, policy.getResourceServer().getId(), -1, 1);
        if (!tickets.isEmpty()) {
            KeycloakSession keycloakSession = authorization.getKeycloakSession();
            RealmModel realm = authorization.getRealm();
            PermissionTicket ticket = tickets.get(0);
            UserModel userOwner = keycloakSession.users().getUserById(realm, ticket.getOwner());
            UserModel requester = keycloakSession.users().getUserById(realm, ticket.getRequester());
            String resourceOwner;
            if (userOwner != null) {
                resourceOwner = getUserEmailOrUserName(userOwner);
            } else {
                ClientModel clientOwner = realm.getClientById(ticket.getOwner());
                resourceOwner = clientOwner.getClientId();
            }
            representation.setDescription("Resource owner (" + resourceOwner + ") grants access to " + getUserEmailOrUserName(requester));
        } else {
            String description = representation.getDescription();
            if (description != null) {
                representation.setDescription(description + " (User-Managed Policy)");
            } else {
                representation.setDescription("User-Managed Policy");
            }
        }
    }
    representation.setResources(policy.getResources().stream().map(resource -> resource.getName()).collect(Collectors.toSet()));
    Set<String> scopeNames = policy.getScopes().stream().map(scope -> scope.getName()).collect(Collectors.toSet());
    representation.setScopes(scopeNames);
    policyResultRep.setPolicy(representation);
    if (result.getEffect() == Decision.Effect.DENY) {
        policyResultRep.setStatus(DecisionEffect.DENY);
        policyResultRep.setScopes(representation.getScopes());
    } else {
        policyResultRep.setStatus(DecisionEffect.PERMIT);
    }
    policyResultRep.setAssociatedPolicies(result.getAssociatedPolicies().stream().map(policy1 -> toRepresentation(policy1, authorization)).collect(Collectors.toList()));
    return policyResultRep;
}
Also used : Policy(org.keycloak.authorization.model.Policy) ClientModel(org.keycloak.models.ClientModel) Scope(org.keycloak.authorization.model.Scope) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Arrays(java.util.Arrays) PolicyResultRepresentation(org.keycloak.representations.idm.authorization.PolicyEvaluationResponse.PolicyResultRepresentation) HashMap(java.util.HashMap) Function(java.util.function.Function) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) PermissionTicket(org.keycloak.authorization.model.PermissionTicket) ArrayList(java.util.ArrayList) PolicyEvaluationService(org.keycloak.authorization.admin.PolicyEvaluationService) UserModel(org.keycloak.models.UserModel) AccessToken(org.keycloak.representations.AccessToken) Map(java.util.Map) ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) ResourceServer(org.keycloak.authorization.model.ResourceServer) RealmModel(org.keycloak.models.RealmModel) EnumMap(java.util.EnumMap) Collection(java.util.Collection) KeycloakSession(org.keycloak.models.KeycloakSession) Set(java.util.Set) Decision(org.keycloak.authorization.Decision) Collectors(java.util.stream.Collectors) KeycloakIdentity(org.keycloak.authorization.common.KeycloakIdentity) Policy(org.keycloak.authorization.model.Policy) List(java.util.List) Stream(java.util.stream.Stream) Result(org.keycloak.authorization.policy.evaluation.Result) PolicyEvaluationResponse(org.keycloak.representations.idm.authorization.PolicyEvaluationResponse) DecisionEffect(org.keycloak.representations.idm.authorization.DecisionEffect) Comparator(java.util.Comparator) PermissionTicket(org.keycloak.authorization.model.PermissionTicket) PolicyResultRepresentation(org.keycloak.representations.idm.authorization.PolicyEvaluationResponse.PolicyResultRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) ClientModel(org.keycloak.models.ClientModel) KeycloakSession(org.keycloak.models.KeycloakSession) PolicyEvaluationResponse(org.keycloak.representations.idm.authorization.PolicyEvaluationResponse) PolicyResultRepresentation(org.keycloak.representations.idm.authorization.PolicyEvaluationResponse.PolicyResultRepresentation) EnumMap(java.util.EnumMap)

Aggregations

PermissionTicket (org.keycloak.authorization.model.PermissionTicket)34 PermissionTicketStore (org.keycloak.authorization.store.PermissionTicketStore)20 EnumMap (java.util.EnumMap)17 Resource (org.keycloak.authorization.model.Resource)12 Scope (org.keycloak.authorization.model.Scope)12 UserModel (org.keycloak.models.UserModel)10 ArrayList (java.util.ArrayList)8 Map (java.util.Map)8 Path (javax.ws.rs.Path)8 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)8 HashMap (java.util.HashMap)7 List (java.util.List)7 Policy (org.keycloak.authorization.model.Policy)7 ResourceServer (org.keycloak.authorization.model.ResourceServer)7 ResourceStore (org.keycloak.authorization.store.ResourceStore)7 Consumes (javax.ws.rs.Consumes)6 StoreFactory (org.keycloak.authorization.store.StoreFactory)6 Collection (java.util.Collection)5 Collectors (java.util.stream.Collectors)5 POST (javax.ws.rs.POST)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial