Examples with Policy org.keycloak.authorization.model.Policy used on opensource projects

Search in sources :

Example 56 with Policy

use of org.keycloak.authorization.model.Policy in project keycloak by keycloak.

the class JPAPolicyStore method findByResource.

@Override
public void findByResource(String resourceId, String resourceServerId, Consumer<Policy> consumer) {
    TypedQuery<PolicyEntity> query = entityManager.createNamedQuery("findPolicyIdByResource", PolicyEntity.class);
    query.setFlushMode(FlushModeType.COMMIT);
    query.setParameter("resourceId", resourceId);
    query.setParameter("serverId", resourceServerId);
    PolicyStore storeFactory = provider.getStoreFactory().getPolicyStore();
    closing(query.getResultStream().map(entity -> storeFactory.findById(entity.getId(), resourceServerId)).filter(Objects::nonNull)).forEach(consumer::accept);
}
Also used : AbstractPolicyRepresentation(org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation) KeycloakModelUtils(org.keycloak.models.utils.KeycloakModelUtils) StoreFactory(org.keycloak.authorization.store.StoreFactory) NoResultException(javax.persistence.NoResultException) FlushModeType(javax.persistence.FlushModeType) TypedQuery(javax.persistence.TypedQuery) ArrayList(java.util.ArrayList) Predicate(javax.persistence.criteria.Predicate) Map(java.util.Map) CriteriaBuilder(javax.persistence.criteria.CriteriaBuilder) LinkedList(java.util.LinkedList) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) Root(javax.persistence.criteria.Root) ResourceServer(org.keycloak.authorization.model.ResourceServer) CriteriaQuery(javax.persistence.criteria.CriteriaQuery) StreamsUtil.closing(org.keycloak.utils.StreamsUtil.closing) EntityManager(javax.persistence.EntityManager) PolicyStore(org.keycloak.authorization.store.PolicyStore) Objects(java.util.Objects) Consumer(java.util.function.Consumer) PaginationUtils.paginateQuery(org.keycloak.models.jpa.PaginationUtils.paginateQuery) Policy(org.keycloak.authorization.model.Policy) List(java.util.List) PolicyEntity(org.keycloak.authorization.jpa.entities.PolicyEntity) LockModeType(javax.persistence.LockModeType) Collections(java.util.Collections) PolicyEntity(org.keycloak.authorization.jpa.entities.PolicyEntity) Objects(java.util.Objects) PolicyStore(org.keycloak.authorization.store.PolicyStore)

Example 57 with Policy

use of org.keycloak.authorization.model.Policy in project keycloak by keycloak.

the class PolicyEvaluationCompositeRoleTest method setup.

public static void setup(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName(TEST);
    session.getContext().setRealm(realm);
    ClientModel client = session.clients().addClient(realm, "myclient");
    RoleModel role1 = client.addRole("client-role1");
    AuthorizationProviderFactory factory = (AuthorizationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class);
    AuthorizationProvider authz = factory.create(session, realm);
    ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().create(client);
    Policy policy = createRolePolicy(authz, resourceServer, role1);
    Scope scope = authz.getStoreFactory().getScopeStore().create("myscope", resourceServer);
    Resource resource = authz.getStoreFactory().getResourceStore().create("myresource", resourceServer, resourceServer.getId());
    addScopePermission(authz, resourceServer, "mypermission", resource, scope, policy);
    RoleModel composite = realm.addRole("composite");
    composite.addCompositeRole(role1);
    UserModel user = session.users().addUser(realm, "user");
    user.grantRole(composite);
}
Also used : RealmModel(org.keycloak.models.RealmModel) Policy(org.keycloak.authorization.model.Policy) UserModel(org.keycloak.models.UserModel) ClientModel(org.keycloak.models.ClientModel) Scope(org.keycloak.authorization.model.Scope) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) RealmResource(org.keycloak.admin.client.resource.RealmResource) Resource(org.keycloak.authorization.model.Resource) AuthorizationProviderFactory(org.keycloak.authorization.AuthorizationProviderFactory) RoleModel(org.keycloak.models.RoleModel) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Example 58 with Policy

use of org.keycloak.authorization.model.Policy in project keycloak by keycloak.

the class ClientScopePolicyProviderFactory method postInit.

@Override
public void postInit(KeycloakSessionFactory factory) {
    factory.register(event -> {
        if (event instanceof ClientScopeRemovedEvent) {
            KeycloakSession keycloakSession = ((ClientScopeRemovedEvent) event).getKeycloakSession();
            AuthorizationProvider provider = keycloakSession.getProvider(AuthorizationProvider.class);
            StoreFactory storeFactory = provider.getStoreFactory();
            PolicyStore policyStore = storeFactory.getPolicyStore();
            ClientScopeModel removedClientScope = ((ClientScopeRemovedEvent) event).getClientScope();
            Map<Policy.FilterOption, String[]> filters = new HashMap<>();
            filters.put(Policy.FilterOption.TYPE, new String[] { getId() });
            policyStore.findByResourceServer(filters, null, -1, -1).forEach(new Consumer<Policy>() {

                @Override
                public void accept(Policy policy) {
                    List<Map<String, Object>> clientScopes = new ArrayList<>();
                    for (Map<String, Object> clientScope : getClientScopes(policy)) {
                        if (!clientScope.get("id").equals(removedClientScope.getId())) {
                            Map<String, Object> updated = new HashMap<>();
                            updated.put("id", clientScope.get("id"));
                            Object required = clientScope.get("required");
                            if (required != null) {
                                updated.put("required", required);
                            }
                            clientScopes.add(updated);
                        }
                    }
                    if (clientScopes.isEmpty()) {
                        policyStore.delete(policy.getId());
                    } else {
                        try {
                            policy.putConfig("clientScopes", JsonSerialization.writeValueAsString(clientScopes));
                        } catch (IOException e) {
                            throw new RuntimeException("Error while synchronizing client scopes with policy [" + policy.getName() + "].", e);
                        }
                    }
                }
            });
        }
    });
}
Also used : Policy(org.keycloak.authorization.model.Policy) ClientScopeRemovedEvent(org.keycloak.models.ClientScopeModel.ClientScopeRemovedEvent) HashMap(java.util.HashMap) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) ClientScopeModel(org.keycloak.models.ClientScopeModel) IOException(java.io.IOException) StoreFactory(org.keycloak.authorization.store.StoreFactory) KeycloakSession(org.keycloak.models.KeycloakSession) PolicyStore(org.keycloak.authorization.store.PolicyStore) ArrayList(java.util.ArrayList) List(java.util.List) HashMap(java.util.HashMap) Map(java.util.Map)

Example 59 with Policy

use of org.keycloak.authorization.model.Policy in project keycloak by keycloak.

the class GroupPolicyProviderFactory method updatePolicy.

private void updatePolicy(Policy policy, String groupsClaim, Set<GroupPolicyRepresentation.GroupDefinition> groups, AuthorizationProvider authorization) {
    if (groups == null || groups.isEmpty()) {
        throw new RuntimeException("You must provide at least one group");
    }
    Map<String, String> config = new HashMap<>(policy.getConfig());
    if (groupsClaim != null) {
        config.put("groupsClaim", groupsClaim);
    }
    List<GroupModel> topLevelGroups = authorization.getRealm().getTopLevelGroupsStream().collect(Collectors.toList());
    for (GroupPolicyRepresentation.GroupDefinition definition : groups) {
        GroupModel group = null;
        if (definition.getId() != null) {
            group = authorization.getRealm().getGroupById(definition.getId());
        }
        String path = definition.getPath();
        if (group == null && path != null) {
            String canonicalPath = path.startsWith("/") ? path.substring(1, path.length()) : path;
            if (canonicalPath != null) {
                String[] parts = canonicalPath.split("/");
                GroupModel parent = null;
                for (String part : parts) {
                    if (parent == null) {
                        parent = topLevelGroups.stream().filter(groupModel -> groupModel.getName().equals(part)).findFirst().orElseThrow(() -> new RuntimeException("Top level group with name [" + part + "] not found"));
                    } else {
                        group = parent.getSubGroupsStream().filter(groupModel -> groupModel.getName().equals(part)).findFirst().orElseThrow(() -> new RuntimeException("Group with name [" + part + "] not found"));
                        parent = group;
                    }
                }
                if (parts.length == 1) {
                    group = parent;
                }
            }
        }
        if (group == null) {
            throw new RuntimeException("Group with id [" + definition.getId() + "] not found");
        }
        definition.setId(group.getId());
        definition.setPath(null);
    }
    try {
        config.put("groups", JsonSerialization.writeValueAsString(groups));
    } catch (IOException cause) {
        throw new RuntimeException("Failed to serialize groups", cause);
    }
    policy.setConfig(config);
}
Also used : Arrays(java.util.Arrays) PolicyProviderFactory(org.keycloak.authorization.policy.provider.PolicyProviderFactory) GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation) Set(java.util.Set) KeycloakSession(org.keycloak.models.KeycloakSession) IOException(java.io.IOException) HashMap(java.util.HashMap) Config(org.keycloak.Config) Collectors(java.util.stream.Collectors) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) HashSet(java.util.HashSet) JsonSerialization(org.keycloak.util.JsonSerialization) Policy(org.keycloak.authorization.model.Policy) List(java.util.List) ModelToRepresentation(org.keycloak.models.utils.ModelToRepresentation) Map(java.util.Map) KeycloakSessionFactory(org.keycloak.models.KeycloakSessionFactory) GroupModel(org.keycloak.models.GroupModel) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) PolicyProvider(org.keycloak.authorization.policy.provider.PolicyProvider) HashMap(java.util.HashMap) GroupModel(org.keycloak.models.GroupModel) IOException(java.io.IOException) GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation)

Example 60 with Policy

use of org.keycloak.authorization.model.Policy in project keycloak by keycloak.

the class UMAPolicyProviderFactory method createRolePolicy.

private void createRolePolicy(Policy policy, PolicyStore policyStore, String role, String owner) {
    RolePolicyRepresentation rep = new RolePolicyRepresentation();
    rep.setName(KeycloakModelUtils.generateId());
    rep.addRole(role, false);
    Policy associatedPolicy = policyStore.create(rep, policy.getResourceServer());
    associatedPolicy.setOwner(owner);
    policy.addAssociatedPolicy(associatedPolicy);
}
Also used : Policy(org.keycloak.authorization.model.Policy) RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation)

Aggregations

Policy (org.keycloak.authorization.model.Policy)106 ResourceServer (org.keycloak.authorization.model.ResourceServer)57 Resource (org.keycloak.authorization.model.Resource)38 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)37 ClientModel (org.keycloak.models.ClientModel)37 Scope (org.keycloak.authorization.model.Scope)33 StoreFactory (org.keycloak.authorization.store.StoreFactory)29 RealmModel (org.keycloak.models.RealmModel)27 PolicyStore (org.keycloak.authorization.store.PolicyStore)23 Map (java.util.Map)22 UserModel (org.keycloak.models.UserModel)20 HashMap (java.util.HashMap)19 HashSet (java.util.HashSet)17 ArrayList (java.util.ArrayList)15 PolicyProvider (org.keycloak.authorization.policy.provider.PolicyProvider)15 List (java.util.List)14 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)13 ClientPolicyRepresentation (org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)12 AdminPermissionManagement (org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)12 Set (java.util.Set)11
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial