Examples with Resource org.keycloak.authorization.model.Resource used on opensource projects

Search in sources :

Example 81 with Resource

use of org.keycloak.authorization.model.Resource in project keycloak by keycloak.

the class RolePermissions method disablePermissions.

private void disablePermissions(RoleModel role) {
    ResourceServer server = resourceServer(role);
    if (server == null)
        return;
    Policy policy = mapRolePermission(role);
    if (policy != null)
        authz.getStoreFactory().getPolicyStore().delete(policy.getId());
    policy = mapClientScopePermission(role);
    if (policy != null)
        authz.getStoreFactory().getPolicyStore().delete(policy.getId());
    policy = mapCompositePermission(role);
    if (policy != null)
        authz.getStoreFactory().getPolicyStore().delete(policy.getId());
    Resource resource = authz.getStoreFactory().getResourceStore().findByName(getRoleResourceName(role), server.getId());
    if (resource != null)
        authz.getStoreFactory().getResourceStore().delete(resource.getId());
}
Also used : Policy(org.keycloak.authorization.model.Policy) Resource(org.keycloak.authorization.model.Resource) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Example 82 with Resource

use of org.keycloak.authorization.model.Resource in project keycloak by keycloak.

the class RolePermissions method initialize.

private void initialize(RoleModel role) {
    ResourceServer server = resourceServer(role);
    if (server == null) {
        ClientModel client = getRoleClient(role);
        server = root.findOrCreateResourceServer(client);
    }
    Scope mapRoleScope = mapRoleScope(server);
    if (mapRoleScope == null) {
        mapRoleScope = authz.getStoreFactory().getScopeStore().create(MAP_ROLE_SCOPE, server);
    }
    Scope mapClientScope = mapClientScope(server);
    if (mapClientScope == null) {
        mapClientScope = authz.getStoreFactory().getScopeStore().create(MAP_ROLE_CLIENT_SCOPE_SCOPE, server);
    }
    Scope mapCompositeScope = mapCompositeScope(server);
    if (mapCompositeScope == null) {
        mapCompositeScope = authz.getStoreFactory().getScopeStore().create(MAP_ROLE_COMPOSITE_SCOPE, server);
    }
    String roleResourceName = getRoleResourceName(role);
    Resource resource = authz.getStoreFactory().getResourceStore().findByName(roleResourceName, server.getId());
    if (resource == null) {
        resource = authz.getStoreFactory().getResourceStore().create(roleResourceName, server, server.getId());
        Set<Scope> scopeset = new HashSet<>();
        scopeset.add(mapClientScope);
        scopeset.add(mapCompositeScope);
        scopeset.add(mapRoleScope);
        resource.updateScopes(scopeset);
        resource.setType("Role");
    }
    Policy mapRolePermission = mapRolePermission(role);
    if (mapRolePermission == null) {
        mapRolePermission = Helper.addEmptyScopePermission(authz, server, getMapRolePermissionName(role), resource, mapRoleScope);
        mapRolePermission.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
    }
    Policy mapClientScopePermission = mapClientScopePermission(role);
    if (mapClientScopePermission == null) {
        mapClientScopePermission = Helper.addEmptyScopePermission(authz, server, getMapClientScopePermissionName(role), resource, mapClientScope);
        mapClientScopePermission.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
    }
    Policy mapCompositePermission = mapCompositePermission(role);
    if (mapCompositePermission == null) {
        mapCompositePermission = Helper.addEmptyScopePermission(authz, server, getMapCompositePermissionName(role), resource, mapCompositeScope);
        mapCompositePermission.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) ClientModel(org.keycloak.models.ClientModel) Scope(org.keycloak.authorization.model.Scope) Resource(org.keycloak.authorization.model.Resource) ResourceServer(org.keycloak.authorization.model.ResourceServer) HashSet(java.util.HashSet)

Example 83 with Resource

use of org.keycloak.authorization.model.Resource in project keycloak by keycloak.

the class RolePermissions method canMapClientScope.

@Override
public boolean canMapClientScope(RoleModel role) {
    if (root.clients().canManageClientsDefault())
        return true;
    if (!root.isAdminSameRealm()) {
        return false;
    }
    if (role.getContainer() instanceof ClientModel) {
        if (root.clients().canMapClientScopeRoles((ClientModel) role.getContainer()))
            return true;
    }
    if (!isPermissionsEnabled(role)) {
        return false;
    }
    ResourceServer resourceServer = resourceServer(role);
    if (resourceServer == null)
        return false;
    Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getMapClientScopePermissionName(role), resourceServer.getId());
    if (policy == null || policy.getAssociatedPolicies().isEmpty()) {
        return false;
    }
    Resource roleResource = resource(role);
    Scope scope = mapClientScope(resourceServer);
    return root.evaluatePermission(roleResource, resourceServer, scope);
}
Also used : Policy(org.keycloak.authorization.model.Policy) ClientModel(org.keycloak.models.ClientModel) Scope(org.keycloak.authorization.model.Scope) Resource(org.keycloak.authorization.model.Resource) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Example 84 with Resource

use of org.keycloak.authorization.model.Resource in project keycloak by keycloak.

the class RolePermissions method canMapComposite.

@Override
public boolean canMapComposite(RoleModel role) {
    if (canManageDefault(role))
        return checkAdminRoles(role);
    if (!root.isAdminSameRealm()) {
        return false;
    }
    if (role.getContainer() instanceof ClientModel) {
        if (root.clients().canMapCompositeRoles((ClientModel) role.getContainer()))
            return true;
    }
    if (!isPermissionsEnabled(role)) {
        return false;
    }
    ResourceServer resourceServer = resourceServer(role);
    if (resourceServer == null)
        return false;
    Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getMapCompositePermissionName(role), resourceServer.getId());
    if (policy == null || policy.getAssociatedPolicies().isEmpty()) {
        return false;
    }
    Resource roleResource = resource(role);
    Scope scope = mapCompositeScope(resourceServer);
    if (root.evaluatePermission(roleResource, resourceServer, scope)) {
        return checkAdminRoles(role);
    } else {
        return false;
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) ClientModel(org.keycloak.models.ClientModel) Scope(org.keycloak.authorization.model.Scope) Resource(org.keycloak.authorization.model.Resource) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Example 85 with Resource

use of org.keycloak.authorization.model.Resource in project keycloak by keycloak.

the class FineGrainAdminUnitTest method invokeDelete.

public static void invokeDelete(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName(TEST);
    AdminPermissionManagement management = AdminPermissions.management(session, realm);
    List<Resource> byResourceServer = management.authz().getStoreFactory().getResourceStore().findByResourceServer(management.realmResourceServer().getId());
    Assert.assertEquals(5, byResourceServer.size());
    RoleModel removedRole = realm.getRole("removedRole");
    realm.removeRole(removedRole);
    ClientModel client = realm.getClientByClientId("removedClient");
    RoleModel removedClientRole = client.getRole("removedClientRole");
    client.removeRole(removedClientRole);
    GroupModel group = KeycloakModelUtils.findGroupByPath(realm, "removedGroup");
    realm.removeGroup(group);
    byResourceServer = management.authz().getStoreFactory().getResourceStore().findByResourceServer(management.realmResourceServer().getId());
    Assert.assertEquals(2, byResourceServer.size());
    realm.removeClient(client.getId());
    byResourceServer = management.authz().getStoreFactory().getResourceStore().findByResourceServer(management.realmResourceServer().getId());
    Assert.assertEquals(1, byResourceServer.size());
    management.users().setPermissionsEnabled(false);
    Resource userResource = management.authz().getStoreFactory().getResourceStore().findByName("Users", management.realmResourceServer().getId());
    Assert.assertNull(userResource);
    byResourceServer = management.authz().getStoreFactory().getResourceStore().findByResourceServer(management.realmResourceServer().getId());
    Assert.assertEquals(0, byResourceServer.size());
}
Also used : RealmModel(org.keycloak.models.RealmModel) ClientModel(org.keycloak.models.ClientModel) Resource(org.keycloak.authorization.model.Resource) GroupModel(org.keycloak.models.GroupModel) RoleModel(org.keycloak.models.RoleModel) AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)

Aggregations

Resource (org.keycloak.authorization.model.Resource)87 ResourceServer (org.keycloak.authorization.model.ResourceServer)51 Policy (org.keycloak.authorization.model.Policy)45 Scope (org.keycloak.authorization.model.Scope)44 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)27 ResourceStore (org.keycloak.authorization.store.ResourceStore)27 StoreFactory (org.keycloak.authorization.store.StoreFactory)26 ArrayList (java.util.ArrayList)22 ClientModel (org.keycloak.models.ClientModel)22 List (java.util.List)20 HashSet (java.util.HashSet)19 Map (java.util.Map)19 UserModel (org.keycloak.models.UserModel)18 RealmModel (org.keycloak.models.RealmModel)16 HashMap (java.util.HashMap)15 Set (java.util.Set)15 EnumMap (java.util.EnumMap)14 Collectors (java.util.stream.Collectors)14 Path (javax.ws.rs.Path)13 PolicyStore (org.keycloak.authorization.store.PolicyStore)13
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial