Examples with Policy org.keycloak.authorization.model.Policy used on opensource projects

Search in sources :

Example 91 with Policy

use of org.keycloak.authorization.model.Policy in project keycloak by keycloak.

the class MapPolicyStore method create.

@Override
public Policy create(AbstractPolicyRepresentation representation, ResourceServer resourceServer) {
    LOG.tracef("create(%s, %s, %s)%s", representation.getId(), resourceServer.getId(), resourceServer, getShortStackTrace());
    // @UniqueConstraint(columnNames = {"NAME", "RESOURCE_SERVER_ID"})
    DefaultModelCriteria<Policy> mcb = forResourceServer(resourceServer.getId()).compare(SearchableFields.NAME, Operator.EQ, representation.getName());
    if (tx.getCount(withCriteria(mcb)) > 0) {
        throw new ModelDuplicateException("Policy with name '" + representation.getName() + "' for " + resourceServer.getId() + " already exists");
    }
    String uid = representation.getId();
    MapPolicyEntity entity = new MapPolicyEntityImpl();
    entity.setId(uid);
    entity.setType(representation.getType());
    entity.setName(representation.getName());
    entity.setResourceServerId(resourceServer.getId());
    entity = tx.create(entity);
    return entityToAdapter(entity);
}
Also used : Policy(org.keycloak.authorization.model.Policy) MapPolicyEntityImpl(org.keycloak.models.map.authorization.entity.MapPolicyEntityImpl) ModelDuplicateException(org.keycloak.models.ModelDuplicateException) MapPolicyEntity(org.keycloak.models.map.authorization.entity.MapPolicyEntity)

Example 92 with Policy

use of org.keycloak.authorization.model.Policy in project keycloak by keycloak.

the class GroupPermissions method initialize.

private void initialize(GroupModel group) {
    root.initializeRealmResourceServer();
    root.initializeRealmDefaultScopes();
    ResourceServer server = root.realmResourceServer();
    Scope manageScope = root.realmManageScope();
    Scope viewScope = root.realmViewScope();
    Scope manageMembersScope = root.initializeRealmScope(MANAGE_MEMBERS_SCOPE);
    Scope viewMembersScope = root.initializeRealmScope(VIEW_MEMBERS_SCOPE);
    Scope manageMembershipScope = root.initializeRealmScope(MANAGE_MEMBERSHIP_SCOPE);
    String groupResourceName = getGroupResourceName(group);
    Resource groupResource = resourceStore.findByName(groupResourceName, server.getId());
    if (groupResource == null) {
        groupResource = resourceStore.create(groupResourceName, server, server.getId());
        Set<Scope> scopeset = new HashSet<>();
        scopeset.add(manageScope);
        scopeset.add(viewScope);
        scopeset.add(viewMembersScope);
        scopeset.add(manageMembershipScope);
        scopeset.add(manageMembersScope);
        groupResource.updateScopes(scopeset);
        groupResource.setType("Group");
    }
    String managePermissionName = getManagePermissionGroup(group);
    Policy managePermission = policyStore.findByName(managePermissionName, server.getId());
    if (managePermission == null) {
        Helper.addEmptyScopePermission(authz, server, managePermissionName, groupResource, manageScope);
    }
    String viewPermissionName = getViewPermissionGroup(group);
    Policy viewPermission = policyStore.findByName(viewPermissionName, server.getId());
    if (viewPermission == null) {
        Helper.addEmptyScopePermission(authz, server, viewPermissionName, groupResource, viewScope);
    }
    String manageMembersPermissionName = getManageMembersPermissionGroup(group);
    Policy manageMembersPermission = policyStore.findByName(manageMembersPermissionName, server.getId());
    if (manageMembersPermission == null) {
        Helper.addEmptyScopePermission(authz, server, manageMembersPermissionName, groupResource, manageMembersScope);
    }
    String viewMembersPermissionName = getViewMembersPermissionGroup(group);
    Policy viewMembersPermission = policyStore.findByName(viewMembersPermissionName, server.getId());
    if (viewMembersPermission == null) {
        Helper.addEmptyScopePermission(authz, server, viewMembersPermissionName, groupResource, viewMembersScope);
    }
    String manageMembershipPermissionName = getManageMembershipPermissionGroup(group);
    Policy manageMembershipPermission = policyStore.findByName(manageMembershipPermissionName, server.getId());
    if (manageMembershipPermission == null) {
        Helper.addEmptyScopePermission(authz, server, manageMembershipPermissionName, groupResource, manageMembershipScope);
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) Scope(org.keycloak.authorization.model.Scope) Resource(org.keycloak.authorization.model.Resource) ResourceServer(org.keycloak.authorization.model.ResourceServer) HashSet(java.util.HashSet)

Example 93 with Policy

use of org.keycloak.authorization.model.Policy in project keycloak by keycloak.

the class GroupPermissions method deletePermissions.

private void deletePermissions(GroupModel group) {
    ResourceServer server = root.realmResourceServer();
    if (server == null)
        return;
    Policy managePermission = managePermission(group);
    if (managePermission != null) {
        policyStore.delete(managePermission.getId());
    }
    Policy viewPermission = viewPermission(group);
    if (viewPermission != null) {
        policyStore.delete(viewPermission.getId());
    }
    Policy manageMembersPermission = manageMembersPermission(group);
    if (manageMembersPermission != null) {
        policyStore.delete(manageMembersPermission.getId());
    }
    Policy viewMembersPermission = viewMembersPermission(group);
    if (viewMembersPermission != null) {
        policyStore.delete(viewMembersPermission.getId());
    }
    Policy manageMembershipPermission = manageMembershipPermission(group);
    if (manageMembershipPermission != null) {
        policyStore.delete(manageMembershipPermission.getId());
    }
    Resource resource = groupResource(group);
    if (resource != null)
        resourceStore.delete(resource.getId());
}
Also used : Policy(org.keycloak.authorization.model.Policy) Resource(org.keycloak.authorization.model.Resource) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Example 94 with Policy

use of org.keycloak.authorization.model.Policy in project keycloak by keycloak.

the class ClientPermissions method canMapCompositeRoles.

@Override
public boolean canMapCompositeRoles(ClientModel client) {
    ResourceServer server = resourceServer(client);
    if (server == null)
        return false;
    Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId());
    if (resource == null)
        return false;
    Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getMapRolesCompositePermissionName(client), server.getId());
    if (policy == null) {
        return false;
    }
    Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
    // if no policies attached to permission then just do default behavior
    if (associatedPolicies == null || associatedPolicies.isEmpty()) {
        return false;
    }
    Scope scope = authz.getStoreFactory().getScopeStore().findByName(MAP_ROLES_COMPOSITE_SCOPE, server.getId());
    return root.evaluatePermission(resource, server, scope);
}
Also used : Policy(org.keycloak.authorization.model.Policy) Scope(org.keycloak.authorization.model.Scope) Resource(org.keycloak.authorization.model.Resource) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Example 95 with Policy

use of org.keycloak.authorization.model.Policy in project keycloak by keycloak.

the class ClientPermissions method canMapRoles.

@Override
public boolean canMapRoles(ClientModel client) {
    ResourceServer server = resourceServer(client);
    if (server == null)
        return false;
    Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId());
    if (resource == null)
        return false;
    Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getMapRolesPermissionName(client), server.getId());
    if (policy == null) {
        return false;
    }
    Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
    // if no policies attached to permission then just do default behavior
    if (associatedPolicies == null || associatedPolicies.isEmpty()) {
        return false;
    }
    Scope scope = mapRolesScope(server);
    return root.evaluatePermission(resource, server, scope);
}
Also used : Policy(org.keycloak.authorization.model.Policy) Scope(org.keycloak.authorization.model.Scope) Resource(org.keycloak.authorization.model.Resource) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Aggregations

Policy (org.keycloak.authorization.model.Policy)106 ResourceServer (org.keycloak.authorization.model.ResourceServer)57 Resource (org.keycloak.authorization.model.Resource)38 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)37 ClientModel (org.keycloak.models.ClientModel)37 Scope (org.keycloak.authorization.model.Scope)33 StoreFactory (org.keycloak.authorization.store.StoreFactory)29 RealmModel (org.keycloak.models.RealmModel)27 PolicyStore (org.keycloak.authorization.store.PolicyStore)23 Map (java.util.Map)22 UserModel (org.keycloak.models.UserModel)20 HashMap (java.util.HashMap)19 HashSet (java.util.HashSet)17 ArrayList (java.util.ArrayList)15 PolicyProvider (org.keycloak.authorization.policy.provider.PolicyProvider)15 List (java.util.List)14 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)13 ClientPolicyRepresentation (org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)12 AdminPermissionManagement (org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)12 Set (java.util.Set)11
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial