Examples with Policy org.keycloak.authorization.model.Policy used on opensource projects

Search in sources :

Example 21 with Policy

use of org.keycloak.authorization.model.Policy in project keycloak by keycloak.

the class RolePermissions method rolePolicy.

@Override
public Policy rolePolicy(ResourceServer server, RoleModel role) {
    String policyName = Helper.getRolePolicyName(role);
    Policy policy = authz.getStoreFactory().getPolicyStore().findByName(policyName, server.getId());
    if (policy != null)
        return policy;
    return Helper.createRolePolicy(authz, server, role, policyName);
}
Also used : Policy(org.keycloak.authorization.model.Policy)

Example 22 with Policy

use of org.keycloak.authorization.model.Policy in project keycloak by keycloak.

the class ClientTokenExchangeSAML2Test method addDirectExchanger.

private static void addDirectExchanger(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName(TEST);
    RoleModel exampleRole = realm.addRole("example");
    AdminPermissionManagement management = AdminPermissions.management(session, realm);
    ClientModel directExchanger = realm.addClient("direct-exchanger");
    directExchanger.setName("direct-exchanger");
    directExchanger.setClientId("direct-exchanger");
    directExchanger.setPublicClient(false);
    directExchanger.setDirectAccessGrantsEnabled(true);
    directExchanger.setEnabled(true);
    directExchanger.setSecret("secret");
    directExchanger.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    directExchanger.setFullScopeAllowed(false);
    // permission for client to client exchange to "target" client
    management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_SIGNED_TARGET), true);
    management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_ENCRYPTED_TARGET), true);
    management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_SIGNED_AND_ENCRYPTED_TARGET), true);
    management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_UNSIGNED_AND_UNENCRYPTED_TARGET), true);
    ClientPolicyRepresentation clientImpersonateRep = new ClientPolicyRepresentation();
    clientImpersonateRep.setName("clientImpersonatorsDirect");
    clientImpersonateRep.addClient(directExchanger.getId());
    ResourceServer server = management.realmResourceServer();
    Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(clientImpersonateRep, server);
    management.users().setPermissionsEnabled(true);
    management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy);
    management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
    UserModel impersonatedUser = session.users().addUser(realm, "impersonated-user");
    impersonatedUser.setEnabled(true);
    session.userCredentialManager().updateCredential(realm, impersonatedUser, UserCredentialModel.password("password"));
    impersonatedUser.grantRole(exampleRole);
}
Also used : RealmModel(org.keycloak.models.RealmModel) Policy(org.keycloak.authorization.model.Policy) UserModel(org.keycloak.models.UserModel) ClientModel(org.keycloak.models.ClientModel) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) RoleModel(org.keycloak.models.RoleModel) ResourceServer(org.keycloak.authorization.model.ResourceServer) AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)

Example 23 with Policy

use of org.keycloak.authorization.model.Policy in project keycloak by keycloak.

the class IterablePermissionEvaluator method evaluate.

@Override
public Decision evaluate(Decision decision) {
    StoreFactory storeFactory = authorizationProvider.getStoreFactory();
    try {
        Map<Policy, Map<Object, Decision.Effect>> decisionCache = new HashMap<>();
        storeFactory.setReadOnly(true);
        Iterator<ResourcePermission> permissions = getPermissions();
        while (permissions.hasNext()) {
            this.policyEvaluator.evaluate(permissions.next(), authorizationProvider, executionContext, decision, decisionCache);
        }
        decision.onComplete();
    } catch (Throwable cause) {
        decision.onError(cause);
    } finally {
        storeFactory.setReadOnly(false);
    }
    return decision;
}
Also used : Policy(org.keycloak.authorization.model.Policy) HashMap(java.util.HashMap) StoreFactory(org.keycloak.authorization.store.StoreFactory) HashMap(java.util.HashMap) Map(java.util.Map) Decision(org.keycloak.authorization.Decision) ResourcePermission(org.keycloak.authorization.permission.ResourcePermission)

Example 24 with Policy

use of org.keycloak.authorization.model.Policy in project keycloak by keycloak.

the class UnboundedPermissionEvaluator method evaluate.

@Override
public Decision evaluate(Decision decision) {
    StoreFactory storeFactory = authorizationProvider.getStoreFactory();
    try {
        Map<Policy, Map<Object, Decision.Effect>> decisionCache = new HashMap<>();
        storeFactory.setReadOnly(true);
        Permissions.all(resourceServer, executionContext.getIdentity(), authorizationProvider, request, permission -> policyEvaluator.evaluate(permission, authorizationProvider, executionContext, decision, decisionCache));
        decision.onComplete();
    } catch (Throwable cause) {
        decision.onError(cause);
    } finally {
        storeFactory.setReadOnly(false);
    }
    return decision;
}
Also used : Policy(org.keycloak.authorization.model.Policy) HashMap(java.util.HashMap) StoreFactory(org.keycloak.authorization.store.StoreFactory) HashMap(java.util.HashMap) Map(java.util.Map) Decision(org.keycloak.authorization.Decision)

Example 25 with Policy

use of org.keycloak.authorization.model.Policy in project keycloak by keycloak.

the class AuthorizationProvider method createResourceStoreWrapper.

private ResourceStore createResourceStoreWrapper(StoreFactory storeFactory) {
    return new ResourceStore() {

        ResourceStore delegate = storeFactory.getResourceStore();

        @Override
        public Resource create(String name, ResourceServer resourceServer, String owner) {
            return delegate.create(name, resourceServer, owner);
        }

        @Override
        public Resource create(String id, String name, ResourceServer resourceServer, String owner) {
            return delegate.create(id, name, resourceServer, owner);
        }

        @Override
        public void delete(String id) {
            Resource resource = findById(id, null);
            StoreFactory storeFactory = AuthorizationProvider.this.getStoreFactory();
            PermissionTicketStore ticketStore = storeFactory.getPermissionTicketStore();
            List<PermissionTicket> permissions = ticketStore.findByResource(id, resource.getResourceServer());
            for (PermissionTicket permission : permissions) {
                ticketStore.delete(permission.getId());
            }
            PolicyStore policyStore = storeFactory.getPolicyStore();
            List<Policy> policies = policyStore.findByResource(id, resource.getResourceServer());
            for (Policy policyModel : policies) {
                if (policyModel.getResources().size() == 1) {
                    policyStore.delete(policyModel.getId());
                } else {
                    policyModel.removeResource(resource);
                }
            }
            delegate.delete(id);
        }

        @Override
        public Resource findById(String id, String resourceServerId) {
            return delegate.findById(id, resourceServerId);
        }

        @Override
        public List<Resource> findByOwner(String ownerId, String resourceServerId) {
            return delegate.findByOwner(ownerId, resourceServerId);
        }

        @Override
        public void findByOwner(String ownerId, String resourceServerId, Consumer<Resource> consumer) {
            delegate.findByOwner(ownerId, resourceServerId, consumer);
        }

        @Override
        public List<Resource> findByOwner(String ownerId, String resourceServerId, int first, int max) {
            return delegate.findByOwner(ownerId, resourceServerId, first, max);
        }

        @Override
        public List<Resource> findByUri(String uri, String resourceServerId) {
            return delegate.findByUri(uri, resourceServerId);
        }

        @Override
        public List<Resource> findByResourceServer(String resourceServerId) {
            return delegate.findByResourceServer(resourceServerId);
        }

        @Override
        public List<Resource> findByResourceServer(Map<Resource.FilterOption, String[]> attributes, String resourceServerId, int firstResult, int maxResult) {
            return delegate.findByResourceServer(attributes, resourceServerId, firstResult, maxResult);
        }

        @Override
        public List<Resource> findByScope(List<String> id, String resourceServerId) {
            return delegate.findByScope(id, resourceServerId);
        }

        @Override
        public void findByScope(List<String> scopes, String resourceServerId, Consumer<Resource> consumer) {
            delegate.findByScope(scopes, resourceServerId, consumer);
        }

        @Override
        public Resource findByName(String name, String resourceServerId) {
            return delegate.findByName(name, resourceServerId);
        }

        @Override
        public Resource findByName(String name, String ownerId, String resourceServerId) {
            return delegate.findByName(name, ownerId, resourceServerId);
        }

        @Override
        public List<Resource> findByType(String type, String resourceServerId) {
            return delegate.findByType(type, resourceServerId);
        }

        @Override
        public void findByType(String type, String resourceServerId, Consumer<Resource> consumer) {
            delegate.findByType(type, resourceServerId, consumer);
        }

        @Override
        public void findByType(String type, String owner, String resourceServerId, Consumer<Resource> consumer) {
            delegate.findByType(type, owner, resourceServerId, consumer);
        }

        @Override
        public List<Resource> findByType(String type, String owner, String resourceServerId) {
            return delegate.findByType(type, resourceServerId);
        }

        @Override
        public List<Resource> findByTypeInstance(String type, String resourceServerId) {
            return delegate.findByTypeInstance(type, resourceServerId);
        }

        @Override
        public void findByTypeInstance(String type, String resourceServerId, Consumer<Resource> consumer) {
            delegate.findByTypeInstance(type, resourceServerId, consumer);
        }
    };
}
Also used : Policy(org.keycloak.authorization.model.Policy) PermissionTicket(org.keycloak.authorization.model.PermissionTicket) Resource(org.keycloak.authorization.model.Resource) ResourceStore(org.keycloak.authorization.store.ResourceStore) StoreFactory(org.keycloak.authorization.store.StoreFactory) Consumer(java.util.function.Consumer) PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore) PolicyStore(org.keycloak.authorization.store.PolicyStore) List(java.util.List) ResourceServer(org.keycloak.authorization.model.ResourceServer) Map(java.util.Map)

Aggregations

Policy (org.keycloak.authorization.model.Policy)106 ResourceServer (org.keycloak.authorization.model.ResourceServer)57 Resource (org.keycloak.authorization.model.Resource)38 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)37 ClientModel (org.keycloak.models.ClientModel)37 Scope (org.keycloak.authorization.model.Scope)33 StoreFactory (org.keycloak.authorization.store.StoreFactory)29 RealmModel (org.keycloak.models.RealmModel)27 PolicyStore (org.keycloak.authorization.store.PolicyStore)23 Map (java.util.Map)22 UserModel (org.keycloak.models.UserModel)20 HashMap (java.util.HashMap)19 HashSet (java.util.HashSet)17 ArrayList (java.util.ArrayList)15 PolicyProvider (org.keycloak.authorization.policy.provider.PolicyProvider)15 List (java.util.List)14 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)13 ClientPolicyRepresentation (org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)12 AdminPermissionManagement (org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)12 Set (java.util.Set)11
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial