Examples with Policy org.keycloak.authorization.model.Policy used on opensource projects

Search in sources :

Example 96 with Policy

use of org.keycloak.authorization.model.Policy in project keycloak by keycloak.

the class ClientPermissions method initialize.

private void initialize(ClientModel client) {
    ResourceServer server = root.findOrCreateResourceServer(client);
    Scope manageScope = manageScope(server);
    if (manageScope == null) {
        manageScope = authz.getStoreFactory().getScopeStore().create(AdminPermissionManagement.MANAGE_SCOPE, server);
    }
    Scope viewScope = viewScope(server);
    if (viewScope == null) {
        viewScope = authz.getStoreFactory().getScopeStore().create(AdminPermissionManagement.VIEW_SCOPE, server);
    }
    Scope mapRoleScope = mapRolesScope(server);
    if (mapRoleScope == null) {
        mapRoleScope = authz.getStoreFactory().getScopeStore().create(MAP_ROLES_SCOPE, server);
    }
    Scope mapRoleClientScope = root.initializeScope(MAP_ROLES_CLIENT_SCOPE, server);
    Scope mapRoleCompositeScope = root.initializeScope(MAP_ROLES_COMPOSITE_SCOPE, server);
    Scope configureScope = root.initializeScope(CONFIGURE_SCOPE, server);
    Scope exchangeToScope = root.initializeScope(TOKEN_EXCHANGE, server);
    String resourceName = getResourceName(client);
    Resource resource = authz.getStoreFactory().getResourceStore().findByName(resourceName, server.getId());
    if (resource == null) {
        resource = authz.getStoreFactory().getResourceStore().create(resourceName, server, server.getId());
        resource.setType("Client");
        Set<Scope> scopeset = new HashSet<>();
        scopeset.add(configureScope);
        scopeset.add(manageScope);
        scopeset.add(viewScope);
        scopeset.add(mapRoleScope);
        scopeset.add(mapRoleClientScope);
        scopeset.add(mapRoleCompositeScope);
        scopeset.add(exchangeToScope);
        resource.updateScopes(scopeset);
    }
    String managePermissionName = getManagePermissionName(client);
    Policy managePermission = authz.getStoreFactory().getPolicyStore().findByName(managePermissionName, server.getId());
    if (managePermission == null) {
        Helper.addEmptyScopePermission(authz, server, managePermissionName, resource, manageScope);
    }
    String configurePermissionName = getConfigurePermissionName(client);
    Policy configurePermission = authz.getStoreFactory().getPolicyStore().findByName(configurePermissionName, server.getId());
    if (configurePermission == null) {
        Helper.addEmptyScopePermission(authz, server, configurePermissionName, resource, configureScope);
    }
    String viewPermissionName = getViewPermissionName(client);
    Policy viewPermission = authz.getStoreFactory().getPolicyStore().findByName(viewPermissionName, server.getId());
    if (viewPermission == null) {
        Helper.addEmptyScopePermission(authz, server, viewPermissionName, resource, viewScope);
    }
    String mapRolePermissionName = getMapRolesPermissionName(client);
    Policy mapRolePermission = authz.getStoreFactory().getPolicyStore().findByName(mapRolePermissionName, server.getId());
    if (mapRolePermission == null) {
        Helper.addEmptyScopePermission(authz, server, mapRolePermissionName, resource, mapRoleScope);
    }
    String mapRoleClientScopePermissionName = getMapRolesClientScopePermissionName(client);
    Policy mapRoleClientScopePermission = authz.getStoreFactory().getPolicyStore().findByName(mapRoleClientScopePermissionName, server.getId());
    if (mapRoleClientScopePermission == null) {
        Helper.addEmptyScopePermission(authz, server, mapRoleClientScopePermissionName, resource, mapRoleClientScope);
    }
    String mapRoleCompositePermissionName = getMapRolesCompositePermissionName(client);
    Policy mapRoleCompositePermission = authz.getStoreFactory().getPolicyStore().findByName(mapRoleCompositePermissionName, server.getId());
    if (mapRoleCompositePermission == null) {
        Helper.addEmptyScopePermission(authz, server, mapRoleCompositePermissionName, resource, mapRoleCompositeScope);
    }
    String exchangeToPermissionName = getExchangeToPermissionName(client);
    Policy exchangeToPermission = authz.getStoreFactory().getPolicyStore().findByName(exchangeToPermissionName, server.getId());
    if (exchangeToPermission == null) {
        Helper.addEmptyScopePermission(authz, server, exchangeToPermissionName, resource, exchangeToScope);
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) Scope(org.keycloak.authorization.model.Scope) Resource(org.keycloak.authorization.model.Resource) ResourceServer(org.keycloak.authorization.model.ResourceServer) HashSet(java.util.HashSet)

Example 97 with Policy

use of org.keycloak.authorization.model.Policy in project keycloak by keycloak.

the class ClientPermissions method canManage.

@Override
public boolean canManage(ClientModel client) {
    if (canManageClientsDefault())
        return true;
    if (!root.isAdminSameRealm()) {
        return false;
    }
    ResourceServer server = resourceServer(client);
    if (server == null)
        return false;
    Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId());
    if (resource == null)
        return false;
    Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getManagePermissionName(client), server.getId());
    if (policy == null) {
        return false;
    }
    Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
    // if no policies attached to permission then just do default behavior
    if (associatedPolicies == null || associatedPolicies.isEmpty()) {
        return false;
    }
    Scope scope = manageScope(server);
    return root.evaluatePermission(resource, server, scope);
}
Also used : Policy(org.keycloak.authorization.model.Policy) Scope(org.keycloak.authorization.model.Scope) Resource(org.keycloak.authorization.model.Resource) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Example 98 with Policy

use of org.keycloak.authorization.model.Policy in project keycloak by keycloak.

the class IdentityProviderPermissions method initialize.

private void initialize(IdentityProviderModel idp) {
    ResourceServer server = root.initializeRealmResourceServer();
    Scope exchangeToScope = root.initializeScope(TOKEN_EXCHANGE, server);
    String resourceName = getResourceName(idp);
    Resource resource = authz.getStoreFactory().getResourceStore().findByName(resourceName, server.getId());
    if (resource == null) {
        resource = authz.getStoreFactory().getResourceStore().create(resourceName, server, server.getId());
        resource.setType("IdentityProvider");
        Set<Scope> scopeset = new HashSet<>();
        scopeset.add(exchangeToScope);
        resource.updateScopes(scopeset);
    }
    String exchangeToPermissionName = getExchangeToPermissionName(idp);
    Policy exchangeToPermission = authz.getStoreFactory().getPolicyStore().findByName(exchangeToPermissionName, server.getId());
    if (exchangeToPermission == null) {
        Helper.addEmptyScopePermission(authz, server, exchangeToPermissionName, resource, exchangeToScope);
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) Scope(org.keycloak.authorization.model.Scope) Resource(org.keycloak.authorization.model.Resource) ResourceServer(org.keycloak.authorization.model.ResourceServer) HashSet(java.util.HashSet)

Example 99 with Policy

use of org.keycloak.authorization.model.Policy in project keycloak by keycloak.

the class RolePermissions method disablePermissions.

private void disablePermissions(RoleModel role) {
    ResourceServer server = resourceServer(role);
    if (server == null)
        return;
    Policy policy = mapRolePermission(role);
    if (policy != null)
        authz.getStoreFactory().getPolicyStore().delete(policy.getId());
    policy = mapClientScopePermission(role);
    if (policy != null)
        authz.getStoreFactory().getPolicyStore().delete(policy.getId());
    policy = mapCompositePermission(role);
    if (policy != null)
        authz.getStoreFactory().getPolicyStore().delete(policy.getId());
    Resource resource = authz.getStoreFactory().getResourceStore().findByName(getRoleResourceName(role), server.getId());
    if (resource != null)
        authz.getStoreFactory().getResourceStore().delete(resource.getId());
}
Also used : Policy(org.keycloak.authorization.model.Policy) Resource(org.keycloak.authorization.model.Resource) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Example 100 with Policy

use of org.keycloak.authorization.model.Policy in project keycloak by keycloak.

the class RolePermissions method initialize.

private void initialize(RoleModel role) {
    ResourceServer server = resourceServer(role);
    if (server == null) {
        ClientModel client = getRoleClient(role);
        server = root.findOrCreateResourceServer(client);
    }
    Scope mapRoleScope = mapRoleScope(server);
    if (mapRoleScope == null) {
        mapRoleScope = authz.getStoreFactory().getScopeStore().create(MAP_ROLE_SCOPE, server);
    }
    Scope mapClientScope = mapClientScope(server);
    if (mapClientScope == null) {
        mapClientScope = authz.getStoreFactory().getScopeStore().create(MAP_ROLE_CLIENT_SCOPE_SCOPE, server);
    }
    Scope mapCompositeScope = mapCompositeScope(server);
    if (mapCompositeScope == null) {
        mapCompositeScope = authz.getStoreFactory().getScopeStore().create(MAP_ROLE_COMPOSITE_SCOPE, server);
    }
    String roleResourceName = getRoleResourceName(role);
    Resource resource = authz.getStoreFactory().getResourceStore().findByName(roleResourceName, server.getId());
    if (resource == null) {
        resource = authz.getStoreFactory().getResourceStore().create(roleResourceName, server, server.getId());
        Set<Scope> scopeset = new HashSet<>();
        scopeset.add(mapClientScope);
        scopeset.add(mapCompositeScope);
        scopeset.add(mapRoleScope);
        resource.updateScopes(scopeset);
        resource.setType("Role");
    }
    Policy mapRolePermission = mapRolePermission(role);
    if (mapRolePermission == null) {
        mapRolePermission = Helper.addEmptyScopePermission(authz, server, getMapRolePermissionName(role), resource, mapRoleScope);
        mapRolePermission.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
    }
    Policy mapClientScopePermission = mapClientScopePermission(role);
    if (mapClientScopePermission == null) {
        mapClientScopePermission = Helper.addEmptyScopePermission(authz, server, getMapClientScopePermissionName(role), resource, mapClientScope);
        mapClientScopePermission.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
    }
    Policy mapCompositePermission = mapCompositePermission(role);
    if (mapCompositePermission == null) {
        mapCompositePermission = Helper.addEmptyScopePermission(authz, server, getMapCompositePermissionName(role), resource, mapCompositeScope);
        mapCompositePermission.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) ClientModel(org.keycloak.models.ClientModel) Scope(org.keycloak.authorization.model.Scope) Resource(org.keycloak.authorization.model.Resource) ResourceServer(org.keycloak.authorization.model.ResourceServer) HashSet(java.util.HashSet)

Aggregations

Policy (org.keycloak.authorization.model.Policy)106 ResourceServer (org.keycloak.authorization.model.ResourceServer)57 Resource (org.keycloak.authorization.model.Resource)38 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)37 ClientModel (org.keycloak.models.ClientModel)37 Scope (org.keycloak.authorization.model.Scope)33 StoreFactory (org.keycloak.authorization.store.StoreFactory)29 RealmModel (org.keycloak.models.RealmModel)27 PolicyStore (org.keycloak.authorization.store.PolicyStore)23 Map (java.util.Map)22 UserModel (org.keycloak.models.UserModel)20 HashMap (java.util.HashMap)19 HashSet (java.util.HashSet)17 ArrayList (java.util.ArrayList)15 PolicyProvider (org.keycloak.authorization.policy.provider.PolicyProvider)15 List (java.util.List)14 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)13 ClientPolicyRepresentation (org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)12 AdminPermissionManagement (org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)12 Set (java.util.Set)11
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial