Examples with Policy org.keycloak.authorization.model.Policy used on opensource projects

Search in sources :

Example 1 with Policy

use of org.keycloak.authorization.model.Policy in project keycloak by keycloak.

the class JSPolicyProvider method evaluate.

@Override
public void evaluate(Evaluation evaluation) {
    Policy policy = evaluation.getPolicy();
    AuthorizationProvider authorization = evaluation.getAuthorizationProvider();
    EvaluatableScriptAdapter adapter = evaluatableScript.apply(authorization, policy);
    try {
        SimpleScriptContext context = new SimpleScriptContext();
        context.setAttribute("$evaluation", evaluation, ScriptContext.ENGINE_SCOPE);
        adapter.eval(context);
    } catch (Exception e) {
        throw new RuntimeException("Error evaluating JS Policy [" + policy.getName() + "].", e);
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) SimpleScriptContext(javax.script.SimpleScriptContext) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) EvaluatableScriptAdapter(org.keycloak.scripting.EvaluatableScriptAdapter)

Example 2 with Policy

use of org.keycloak.authorization.model.Policy in project keycloak by keycloak.

the class ResourcePolicyProvider method evaluate.

@Override
public void evaluate(Evaluation evaluation) {
    DefaultEvaluation defaultEvaluation = DefaultEvaluation.class.cast(evaluation);
    Map<Policy, Map<Object, Decision.Effect>> decisionCache = defaultEvaluation.getDecisionCache();
    Policy policy = defaultEvaluation.getParentPolicy();
    Map<Object, Decision.Effect> decisions = decisionCache.computeIfAbsent(policy, p -> new HashMap<>());
    ResourcePermission permission = evaluation.getPermission();
    Decision.Effect effect = decisions.get(permission.getResource());
    if (effect != null) {
        defaultEvaluation.setEffect(effect);
        return;
    }
    super.evaluate(evaluation);
    decisions.put(permission.getResource(), defaultEvaluation.getEffect());
}
Also used : Policy(org.keycloak.authorization.model.Policy) Map(java.util.Map) HashMap(java.util.HashMap) DefaultEvaluation(org.keycloak.authorization.policy.evaluation.DefaultEvaluation) Decision(org.keycloak.authorization.Decision) ResourcePermission(org.keycloak.authorization.permission.ResourcePermission)

Example 3 with Policy

use of org.keycloak.authorization.model.Policy in project keycloak by keycloak.

the class ScopePolicyProvider method evaluate.

@Override
public void evaluate(Evaluation evaluation) {
    DefaultEvaluation defaultEvaluation = DefaultEvaluation.class.cast(evaluation);
    Map<Policy, Map<Object, Decision.Effect>> decisionCache = defaultEvaluation.getDecisionCache();
    Policy policy = defaultEvaluation.getParentPolicy();
    Map<Object, Decision.Effect> decisions = decisionCache.computeIfAbsent(policy, p -> new HashMap<>());
    ResourcePermission permission = evaluation.getPermission();
    Decision.Effect effect = decisions.get(permission);
    if (effect != null) {
        defaultEvaluation.setEffect(effect);
        return;
    }
    Decision.Effect decision = defaultEvaluation.getEffect();
    if (decision == null) {
        super.evaluate(evaluation);
        decisions.put(permission, defaultEvaluation.getEffect());
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) Map(java.util.Map) HashMap(java.util.HashMap) DefaultEvaluation(org.keycloak.authorization.policy.evaluation.DefaultEvaluation) Decision(org.keycloak.authorization.Decision) ResourcePermission(org.keycloak.authorization.permission.ResourcePermission)

Example 4 with Policy

use of org.keycloak.authorization.model.Policy in project keycloak by keycloak.

the class UMAPolicyProviderFactory method onUpdate.

@Override
public void onUpdate(Policy policy, UmaPermissionRepresentation representation, AuthorizationProvider authorization) {
    PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
    Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
    for (Policy associatedPolicy : associatedPolicies) {
        AbstractPolicyRepresentation associatedRep = ModelToRepresentation.toRepresentation(associatedPolicy, authorization, false, false);
        if ("role".equals(associatedRep.getType())) {
            RolePolicyRepresentation rep = RolePolicyRepresentation.class.cast(associatedRep);
            rep.setRoles(new HashSet<>());
            Set<String> updatedRoles = representation.getRoles();
            if (updatedRoles != null) {
                for (String role : updatedRoles) {
                    rep.addRole(role);
                }
            }
            if (rep.getRoles().isEmpty()) {
                policyStore.delete(associatedPolicy.getId());
            } else {
                RepresentationToModel.toModel(rep, authorization, associatedPolicy);
            }
        } else if ("js".equals(associatedRep.getType())) {
            JSPolicyRepresentation rep = JSPolicyRepresentation.class.cast(associatedRep);
            if (representation.getCondition() != null) {
                rep.setCode(representation.getCondition());
                RepresentationToModel.toModel(rep, authorization, associatedPolicy);
            } else {
                policyStore.delete(associatedPolicy.getId());
            }
        } else if ("group".equals(associatedRep.getType())) {
            GroupPolicyRepresentation rep = GroupPolicyRepresentation.class.cast(associatedRep);
            rep.setGroups(new HashSet<>());
            Set<String> updatedGroups = representation.getGroups();
            if (updatedGroups != null) {
                for (String group : updatedGroups) {
                    rep.addGroupPath(group);
                }
            }
            if (rep.getGroups().isEmpty()) {
                policyStore.delete(associatedPolicy.getId());
            } else {
                RepresentationToModel.toModel(rep, authorization, associatedPolicy);
            }
        } else if ("client".equals(associatedRep.getType())) {
            ClientPolicyRepresentation rep = ClientPolicyRepresentation.class.cast(associatedRep);
            rep.setClients(new HashSet<>());
            Set<String> updatedClients = representation.getClients();
            if (updatedClients != null) {
                for (String client : updatedClients) {
                    rep.addClient(client);
                }
            }
            if (rep.getClients().isEmpty()) {
                policyStore.delete(associatedPolicy.getId());
            } else {
                RepresentationToModel.toModel(rep, authorization, associatedPolicy);
            }
        } else if ("user".equals(associatedRep.getType())) {
            UserPolicyRepresentation rep = UserPolicyRepresentation.class.cast(associatedRep);
            rep.setUsers(new HashSet<>());
            Set<String> updatedUsers = representation.getUsers();
            if (updatedUsers != null) {
                for (String user : updatedUsers) {
                    rep.addUser(user);
                }
            }
            if (rep.getUsers().isEmpty()) {
                policyStore.delete(associatedPolicy.getId());
            } else {
                RepresentationToModel.toModel(rep, authorization, associatedPolicy);
            }
        }
    }
    Set<String> updatedRoles = representation.getRoles();
    if (updatedRoles != null) {
        boolean createPolicy = true;
        for (Policy associatedPolicy : associatedPolicies) {
            if ("role".equals(associatedPolicy.getType())) {
                createPolicy = false;
            }
        }
        if (createPolicy) {
            for (String role : updatedRoles) {
                createRolePolicy(policy, policyStore, role, policy.getOwner());
            }
        }
    }
    Set<String> updatedGroups = representation.getGroups();
    if (updatedGroups != null) {
        boolean createPolicy = true;
        for (Policy associatedPolicy : associatedPolicies) {
            if ("group".equals(associatedPolicy.getType())) {
                createPolicy = false;
            }
        }
        if (createPolicy) {
            for (String group : updatedGroups) {
                createGroupPolicy(policy, policyStore, group, policy.getOwner());
            }
        }
    }
    Set<String> updatedClients = representation.getClients();
    if (updatedClients != null) {
        boolean createPolicy = true;
        for (Policy associatedPolicy : associatedPolicies) {
            if ("client".equals(associatedPolicy.getType())) {
                createPolicy = false;
            }
        }
        if (createPolicy) {
            for (String client : updatedClients) {
                createClientPolicy(policy, policyStore, client, policy.getOwner());
            }
        }
    }
    Set<String> updatedUsers = representation.getUsers();
    if (updatedUsers != null) {
        boolean createPolicy = true;
        for (Policy associatedPolicy : associatedPolicies) {
            if ("user".equals(associatedPolicy.getType())) {
                createPolicy = false;
            }
        }
        if (createPolicy) {
            for (String user : updatedUsers) {
                createUserPolicy(policy, policyStore, user, policy.getOwner());
            }
        }
    }
    String condition = representation.getCondition();
    if (condition != null) {
        boolean createPolicy = true;
        for (Policy associatedPolicy : associatedPolicies) {
            if ("js".equals(associatedPolicy.getType())) {
                createPolicy = false;
            }
        }
        if (createPolicy) {
            createJSPolicy(policy, policyStore, condition, policy.getOwner());
        }
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) HashSet(java.util.HashSet) Set(java.util.Set) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation) AbstractPolicyRepresentation(org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) PolicyStore(org.keycloak.authorization.store.PolicyStore) HashSet(java.util.HashSet)

Example 5 with Policy

use of org.keycloak.authorization.model.Policy in project keycloak by keycloak.

the class UMAPolicyProviderFactory method createClientPolicy.

private void createClientPolicy(Policy policy, PolicyStore policyStore, String client, String owner) {
    ClientPolicyRepresentation rep = new ClientPolicyRepresentation();
    rep.setName(KeycloakModelUtils.generateId());
    rep.addClient(client);
    Policy associatedPolicy = policyStore.create(rep, policy.getResourceServer());
    associatedPolicy.setOwner(owner);
    policy.addAssociatedPolicy(associatedPolicy);
}
Also used : Policy(org.keycloak.authorization.model.Policy) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)

Aggregations

Policy (org.keycloak.authorization.model.Policy)106 ResourceServer (org.keycloak.authorization.model.ResourceServer)57 Resource (org.keycloak.authorization.model.Resource)38 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)37 ClientModel (org.keycloak.models.ClientModel)37 Scope (org.keycloak.authorization.model.Scope)33 StoreFactory (org.keycloak.authorization.store.StoreFactory)29 RealmModel (org.keycloak.models.RealmModel)27 PolicyStore (org.keycloak.authorization.store.PolicyStore)23 Map (java.util.Map)22 UserModel (org.keycloak.models.UserModel)20 HashMap (java.util.HashMap)19 HashSet (java.util.HashSet)17 ArrayList (java.util.ArrayList)15 PolicyProvider (org.keycloak.authorization.policy.provider.PolicyProvider)15 List (java.util.List)14 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)13 ClientPolicyRepresentation (org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)12 AdminPermissionManagement (org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)12 Set (java.util.Set)11
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial