Examples with Resource org.keycloak.authorization.model.Resource used on opensource projects

Search in sources :

Example 11 with Resource

use of org.keycloak.authorization.model.Resource in project keycloak by keycloak.

the class ClientPermissions method hasView.

private boolean hasView(ClientModel client) {
    if (canView())
        return true;
    if (!root.isAdminSameRealm()) {
        return false;
    }
    ResourceServer server = resourceServer(client);
    if (server == null)
        return false;
    Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId());
    if (resource == null)
        return false;
    Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getViewPermissionName(client), server.getId());
    if (policy == null) {
        return false;
    }
    Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
    // if no policies attached to permission then just do default behavior
    if (associatedPolicies == null || associatedPolicies.isEmpty()) {
        return false;
    }
    Scope scope = viewScope(server);
    return root.evaluatePermission(resource, server, scope);
}
Also used : Policy(org.keycloak.authorization.model.Policy) Scope(org.keycloak.authorization.model.Scope) Resource(org.keycloak.authorization.model.Resource) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Example 12 with Resource

use of org.keycloak.authorization.model.Resource in project keycloak by keycloak.

the class IdentityProviderPermissions method canExchangeTo.

@Override
public boolean canExchangeTo(ClientModel authorizedClient, IdentityProviderModel to) {
    ResourceServer server = root.initializeRealmResourceServer();
    if (server == null) {
        logger.debug("No resource server set up for target idp");
        return false;
    }
    Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(to), server.getId());
    if (resource == null) {
        logger.debug("No resource object set up for target idp");
        return false;
    }
    Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getExchangeToPermissionName(to), server.getId());
    if (policy == null) {
        logger.debug("No permission object set up for target idp");
        return false;
    }
    Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
    // if no policies attached to permission then just do default behavior
    if (associatedPolicies == null || associatedPolicies.isEmpty()) {
        logger.debug("No policies set up for permission on target idp");
        return false;
    }
    Scope scope = exchangeToScope(server);
    if (scope == null) {
        logger.debug(TOKEN_EXCHANGE + " not initialized");
        return false;
    }
    ClientModelIdentity identity = new ClientModelIdentity(session, authorizedClient);
    EvaluationContext context = new DefaultEvaluationContext(identity, session) {

        @Override
        public Map<String, Collection<String>> getBaseAttributes() {
            Map<String, Collection<String>> attributes = super.getBaseAttributes();
            attributes.put("kc.client.id", Arrays.asList(authorizedClient.getClientId()));
            return attributes;
        }
    };
    return root.evaluatePermission(resource, server, context, scope);
}
Also used : Policy(org.keycloak.authorization.model.Policy) Scope(org.keycloak.authorization.model.Scope) DefaultEvaluationContext(org.keycloak.authorization.common.DefaultEvaluationContext) Resource(org.keycloak.authorization.model.Resource) Collection(java.util.Collection) EvaluationContext(org.keycloak.authorization.policy.evaluation.EvaluationContext) DefaultEvaluationContext(org.keycloak.authorization.common.DefaultEvaluationContext) ResourceServer(org.keycloak.authorization.model.ResourceServer) ClientModelIdentity(org.keycloak.authorization.common.ClientModelIdentity)

Example 13 with Resource

use of org.keycloak.authorization.model.Resource in project keycloak by keycloak.

the class IdentityProviderPermissions method deletePermissions.

private void deletePermissions(IdentityProviderModel idp) {
    ResourceServer server = root.initializeRealmResourceServer();
    if (server == null)
        return;
    deletePolicy(getExchangeToPermissionName(idp), server);
    Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(idp), server.getId());
    ;
    if (resource != null)
        authz.getStoreFactory().getResourceStore().delete(resource.getId());
}
Also used : Resource(org.keycloak.authorization.model.Resource) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Example 14 with Resource

use of org.keycloak.authorization.model.Resource in project keycloak by keycloak.

the class RolePermissions method canMapRole.

/**
 * Is admin allowed to map this role?
 *
 * @param role
 * @return
 */
@Override
public boolean canMapRole(RoleModel role) {
    if (root.users().canManageDefault())
        return checkAdminRoles(role);
    if (!root.isAdminSameRealm()) {
        return false;
    }
    if (role.getContainer() instanceof ClientModel) {
        if (root.clients().canMapRoles((ClientModel) role.getContainer()))
            return true;
    }
    if (!isPermissionsEnabled(role)) {
        return false;
    }
    ResourceServer resourceServer = resourceServer(role);
    if (resourceServer == null)
        return false;
    Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getMapRolePermissionName(role), resourceServer.getId());
    if (policy == null || policy.getAssociatedPolicies().isEmpty()) {
        return false;
    }
    Resource roleResource = resource(role);
    Scope mapRoleScope = mapRoleScope(resourceServer);
    if (root.evaluatePermission(roleResource, resourceServer, mapRoleScope)) {
        return checkAdminRoles(role);
    } else {
        return false;
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) ClientModel(org.keycloak.models.ClientModel) Scope(org.keycloak.authorization.model.Scope) Resource(org.keycloak.authorization.model.Resource) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Example 15 with Resource

use of org.keycloak.authorization.model.Resource in project keycloak by keycloak.

the class PolicyAdapter method getResources.

@Override
public Set<Resource> getResources() {
    if (isUpdated())
        return updated.getResources();
    if (resources != null)
        return resources;
    resources = new HashSet<>();
    ResourceStore resourceStore = cacheSession.getResourceStore();
    for (String resourceId : cached.getResourcesIds(modelSupplier)) {
        String resourceServerId = cached.getResourceServerId();
        Resource resource = resourceStore.findById(resourceId, resourceServerId);
        cacheSession.cacheResource(resource);
        resources.add(resource);
    }
    return resources = Collections.unmodifiableSet(resources);
}
Also used : Resource(org.keycloak.authorization.model.Resource) ResourceStore(org.keycloak.authorization.store.ResourceStore)

Aggregations

Resource (org.keycloak.authorization.model.Resource)87 ResourceServer (org.keycloak.authorization.model.ResourceServer)51 Policy (org.keycloak.authorization.model.Policy)45 Scope (org.keycloak.authorization.model.Scope)44 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)27 ResourceStore (org.keycloak.authorization.store.ResourceStore)27 StoreFactory (org.keycloak.authorization.store.StoreFactory)26 ArrayList (java.util.ArrayList)22 ClientModel (org.keycloak.models.ClientModel)22 List (java.util.List)20 HashSet (java.util.HashSet)19 Map (java.util.Map)19 UserModel (org.keycloak.models.UserModel)18 RealmModel (org.keycloak.models.RealmModel)16 HashMap (java.util.HashMap)15 Set (java.util.Set)15 EnumMap (java.util.EnumMap)14 Collectors (java.util.stream.Collectors)14 Path (javax.ws.rs.Path)13 PolicyStore (org.keycloak.authorization.store.PolicyStore)13
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial