Example 51 with ResourceServer
use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.
the class ExportUtils method exportAuthorizationSettings.
public static ResourceServerRepresentation exportAuthorizationSettings(KeycloakSession session, ClientModel client) {
AuthorizationProviderFactory providerFactory = (AuthorizationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class);
AuthorizationProvider authorization = providerFactory.create(session, client.getRealm());
StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer settingsModel = authorization.getStoreFactory().getResourceServerStore().findByClient(client);
if (settingsModel == null) {
return null;
}
ResourceServerRepresentation representation = toRepresentation(settingsModel, client);
representation.setId(null);
representation.setName(null);
representation.setClientId(null);
List<ResourceRepresentation> resources = storeFactory.getResourceStore().findByResourceServer(settingsModel.getId()).stream().map(resource -> {
ResourceRepresentation rep = toRepresentation(resource, settingsModel.getId(), authorization);
if (rep.getOwner().getId().equals(settingsModel.getId())) {
rep.setOwner((ResourceOwnerRepresentation) null);
} else {
rep.getOwner().setId(null);
}
rep.getScopes().forEach(scopeRepresentation -> {
scopeRepresentation.setId(null);
scopeRepresentation.setIconUri(null);
});
return rep;
}).collect(Collectors.toList());
representation.setResources(resources);
List<PolicyRepresentation> policies = new ArrayList<>();
PolicyStore policyStore = storeFactory.getPolicyStore();
policies.addAll(policyStore.findByResourceServer(settingsModel.getId()).stream().filter(policy -> !policy.getType().equals("resource") && !policy.getType().equals("scope") && policy.getOwner() == null).map(policy -> createPolicyRepresentation(authorization, policy)).collect(Collectors.toList()));
policies.addAll(policyStore.findByResourceServer(settingsModel.getId()).stream().filter(policy -> (policy.getType().equals("resource") || policy.getType().equals("scope") && policy.getOwner() == null)).map(policy -> createPolicyRepresentation(authorization, policy)).collect(Collectors.toList()));
representation.setPolicies(policies);
List<ScopeRepresentation> scopes = storeFactory.getScopeStore().findByResourceServer(settingsModel.getId()).stream().map(scope -> {
ScopeRepresentation rep = toRepresentation(scope);
rep.setPolicies(null);
rep.setResources(null);
return rep;
}).collect(Collectors.toList());
representation.setScopes(scopes);
return representation;
}
Also used :
ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)
Version(org.keycloak.common.Version)
RoleContainerModel(org.keycloak.models.RoleContainerModel)
Map(java.util.Map)
ModelToRepresentation.toRepresentation(org.keycloak.models.utils.ModelToRepresentation.toRepresentation)
CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation)
UserConsentRepresentation(org.keycloak.representations.idm.UserConsentRepresentation)
ResourceOwnerRepresentation(org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation)
AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider)
ClientScopeModel(org.keycloak.models.ClientScopeModel)
RealmModel(org.keycloak.models.RealmModel)
FederatedIdentityRepresentation(org.keycloak.representations.idm.FederatedIdentityRepresentation)
Collection(java.util.Collection)
AuthorizationProviderFactory(org.keycloak.authorization.AuthorizationProviderFactory)
Set(java.util.Set)
RoleModel(org.keycloak.models.RoleModel)
PolicyStore(org.keycloak.authorization.store.PolicyStore)
Collectors(java.util.stream.Collectors)
RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
ModelToRepresentation(org.keycloak.models.utils.ModelToRepresentation)
ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation)
List(java.util.List)
Stream(java.util.stream.Stream)
ClientModel(org.keycloak.models.ClientModel)
Scope(org.keycloak.authorization.model.Scope)
Profile(org.keycloak.common.Profile)
JsonGenerator(com.fasterxml.jackson.core.JsonGenerator)
ScopeMappingRepresentation(org.keycloak.representations.idm.ScopeMappingRepresentation)
StoreFactory(org.keycloak.authorization.store.StoreFactory)
HashMap(java.util.HashMap)
PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation)
ArrayList(java.util.ArrayList)
HashSet(java.util.HashSet)
UserModel(org.keycloak.models.UserModel)
ComponentExportRepresentation(org.keycloak.representations.idm.ComponentExportRepresentation)
JsonEncoding(com.fasterxml.jackson.core.JsonEncoding)
ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation)
LinkedList(java.util.LinkedList)
RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation)
ResourceServer(org.keycloak.authorization.model.ResourceServer)
FederatedIdentityModel(org.keycloak.models.FederatedIdentityModel)
OutputStream(java.io.OutputStream)
RolesRepresentation(org.keycloak.representations.idm.RolesRepresentation)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
CredentialModel(org.keycloak.credential.CredentialModel)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
KeycloakSession(org.keycloak.models.KeycloakSession)
IOException(java.io.IOException)
JsonSerialization(org.keycloak.util.JsonSerialization)
Policy(org.keycloak.authorization.model.Policy)
JsonFactory(com.fasterxml.jackson.core.JsonFactory)
SerializationFeature(com.fasterxml.jackson.databind.SerializationFeature)
MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap)
Resource(org.keycloak.authorization.model.Resource)
ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation)
AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider)
ArrayList(java.util.ArrayList)
ResourceOwnerRepresentation(org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation)
StoreFactory(org.keycloak.authorization.store.StoreFactory)
ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)
PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation)
AuthorizationProviderFactory(org.keycloak.authorization.AuthorizationProviderFactory)
ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation)
PolicyStore(org.keycloak.authorization.store.PolicyStore)
ResourceServer(org.keycloak.authorization.model.ResourceServer)
Example 52 with ResourceServer
use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.
the class ImportTest method importAuthorizationSettings.
// KEYCLOAK-12640
@Test
public void importAuthorizationSettings() throws Exception {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
RealmRepresentation testRealm = loadJson(getClass().getResourceAsStream("/model/authz-bug.json"), RealmRepresentation.class);
adminClient.realms().create(testRealm);
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealmByName("authz-bug");
AuthorizationProvider authz = session.getProvider(AuthorizationProvider.class);
ClientModel client = realm.getClientByClientId("appserver");
ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().findByClient(client);
Assert.assertEquals("AFFIRMATIVE", resourceServer.getDecisionStrategy().name());
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
ClientModel(org.keycloak.models.ClientModel)
RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation)
AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider)
ResourceServer(org.keycloak.authorization.model.ResourceServer)
Test(org.junit.Test)
AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)
Example 53 with ResourceServer
use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.
the class BrokerLinkAndTokenExchangeTest method setupRealm.
public static void setupRealm(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName(CHILD_IDP);
ClientModel client = realm.getClientByClientId(ClientApp.DEPLOYMENT_NAME);
IdentityProviderModel idp = realm.getIdentityProviderByAlias(PARENT_IDP);
Assert.assertNotNull(idp);
ClientModel directExchanger = realm.addClient("direct-exchanger");
directExchanger.setClientId("direct-exchanger");
directExchanger.setPublicClient(false);
directExchanger.setDirectAccessGrantsEnabled(true);
directExchanger.setEnabled(true);
directExchanger.setSecret("secret");
directExchanger.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
directExchanger.setFullScopeAllowed(false);
AdminPermissionManagement management = AdminPermissions.management(session, realm);
management.idps().setPermissionsEnabled(idp, true);
ClientPolicyRepresentation clientRep = new ClientPolicyRepresentation();
clientRep.setName("toIdp");
clientRep.addClient(client.getId());
clientRep.addClient(directExchanger.getId());
ResourceServer server = management.realmResourceServer();
Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(clientRep, server);
management.idps().exchangeToPermission(idp).addAssociatedPolicy(clientPolicy);
// permission for user impersonation for a client
ClientPolicyRepresentation clientImpersonateRep = new ClientPolicyRepresentation();
clientImpersonateRep.setName("clientImpersonators");
clientImpersonateRep.addClient(directExchanger.getId());
server = management.realmResourceServer();
Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(clientImpersonateRep, server);
management.users().setPermissionsEnabled(true);
management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy);
management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
Policy(org.keycloak.authorization.model.Policy)
ClientModel(org.keycloak.models.ClientModel)
ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)
IdentityProviderModel(org.keycloak.models.IdentityProviderModel)
ResourceServer(org.keycloak.authorization.model.ResourceServer)
AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)
Example 54 with ResourceServer
use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.
the class ClientTokenExchangeSAML2Test method setupRealm.
public static void setupRealm(KeycloakSession session) {
addTargetClients(session);
addDirectExchanger(session);
RealmModel realm = session.realms().getRealmByName(TEST);
RoleModel exampleRole = realm.getRole("example");
AdminPermissionManagement management = AdminPermissions.management(session, realm);
RoleModel impersonateRole = management.getRealmManagementClient().getRole(ImpersonationConstants.IMPERSONATION_ROLE);
ClientModel clientExchanger = realm.addClient("client-exchanger");
clientExchanger.setClientId("client-exchanger");
clientExchanger.setPublicClient(false);
clientExchanger.setDirectAccessGrantsEnabled(true);
clientExchanger.setEnabled(true);
clientExchanger.setSecret("secret");
clientExchanger.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
clientExchanger.setFullScopeAllowed(false);
clientExchanger.addScopeMapping(impersonateRole);
clientExchanger.addProtocolMapper(UserSessionNoteMapper.createUserSessionNoteMapper(IMPERSONATOR_ID));
clientExchanger.addProtocolMapper(UserSessionNoteMapper.createUserSessionNoteMapper(IMPERSONATOR_USERNAME));
ClientModel illegal = realm.addClient("illegal");
illegal.setClientId("illegal");
illegal.setPublicClient(false);
illegal.setDirectAccessGrantsEnabled(true);
illegal.setEnabled(true);
illegal.setSecret("secret");
illegal.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
illegal.setFullScopeAllowed(false);
ClientModel legal = realm.addClient("legal");
legal.setClientId("legal");
legal.setPublicClient(false);
legal.setDirectAccessGrantsEnabled(true);
legal.setEnabled(true);
legal.setSecret("secret");
legal.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
legal.setFullScopeAllowed(false);
ClientModel directLegal = realm.addClient("direct-legal");
directLegal.setClientId("direct-legal");
directLegal.setPublicClient(false);
directLegal.setDirectAccessGrantsEnabled(true);
directLegal.setEnabled(true);
directLegal.setSecret("secret");
directLegal.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
directLegal.setFullScopeAllowed(false);
ClientModel directPublic = realm.addClient("direct-public");
directPublic.setClientId("direct-public");
directPublic.setPublicClient(true);
directPublic.setDirectAccessGrantsEnabled(true);
directPublic.setEnabled(true);
directPublic.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
directPublic.setFullScopeAllowed(false);
ClientModel directNoSecret = realm.addClient("direct-no-secret");
directNoSecret.setClientId("direct-no-secret");
directNoSecret.setPublicClient(false);
directNoSecret.setDirectAccessGrantsEnabled(true);
directNoSecret.setEnabled(true);
directNoSecret.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
directNoSecret.setFullScopeAllowed(false);
// permission for client to client exchange to "target" client
ClientPolicyRepresentation clientRep = new ClientPolicyRepresentation();
clientRep.setName("to");
clientRep.addClient(clientExchanger.getId());
clientRep.addClient(legal.getId());
clientRep.addClient(directLegal.getId());
ClientModel samlSignedTarget = realm.getClientByClientId(SAML_SIGNED_TARGET);
ClientModel samlEncryptedTarget = realm.getClientByClientId(SAML_ENCRYPTED_TARGET);
ClientModel samlSignedAndEncryptedTarget = realm.getClientByClientId(SAML_SIGNED_AND_ENCRYPTED_TARGET);
ClientModel samlUnsignedAndUnencryptedTarget = realm.getClientByClientId(SAML_UNSIGNED_AND_UNENCRYPTED_TARGET);
assertNotNull(samlSignedTarget);
assertNotNull(samlEncryptedTarget);
assertNotNull(samlSignedAndEncryptedTarget);
assertNotNull(samlUnsignedAndUnencryptedTarget);
ResourceServer server = management.realmResourceServer();
Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(clientRep, server);
management.clients().exchangeToPermission(samlSignedTarget).addAssociatedPolicy(clientPolicy);
management.clients().exchangeToPermission(samlEncryptedTarget).addAssociatedPolicy(clientPolicy);
management.clients().exchangeToPermission(samlSignedAndEncryptedTarget).addAssociatedPolicy(clientPolicy);
management.clients().exchangeToPermission(samlUnsignedAndUnencryptedTarget).addAssociatedPolicy(clientPolicy);
// permission for user impersonation for a client
ClientPolicyRepresentation clientImpersonateRep = new ClientPolicyRepresentation();
clientImpersonateRep.setName("clientImpersonators");
clientImpersonateRep.addClient(directLegal.getId());
clientImpersonateRep.addClient(directPublic.getId());
clientImpersonateRep.addClient(directNoSecret.getId());
server = management.realmResourceServer();
Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(clientImpersonateRep, server);
management.users().setPermissionsEnabled(true);
management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy);
management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
UserModel user = session.users().addUser(realm, "user");
user.setEnabled(true);
session.userCredentialManager().updateCredential(realm, user, UserCredentialModel.password("password"));
user.grantRole(exampleRole);
user.grantRole(impersonateRole);
UserModel bad = session.users().addUser(realm, "bad-impersonator");
bad.setEnabled(true);
session.userCredentialManager().updateCredential(realm, bad, UserCredentialModel.password("password"));
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
Policy(org.keycloak.authorization.model.Policy)
UserModel(org.keycloak.models.UserModel)
ClientModel(org.keycloak.models.ClientModel)
ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)
RoleModel(org.keycloak.models.RoleModel)
ResourceServer(org.keycloak.authorization.model.ResourceServer)
AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)
Example 55 with ResourceServer
use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.
the class AuthorizationTokenService method resolveResourcePermission.
private void resolveResourcePermission(KeycloakAuthorizationRequest request, ResourceServer resourceServer, KeycloakIdentity identity, AuthorizationProvider authorization, StoreFactory storeFactory, Map<String, ResourcePermission> permissionsToEvaluate, ResourceStore resourceStore, AtomicInteger limit, Permission permission, Set<Scope> requestedScopesModel, String resourceId) {
Resource resource;
if (resourceId.indexOf('-') != -1) {
resource = resourceStore.findById(resourceId, resourceServer.getId());
} else {
resource = null;
}
if (resource != null) {
addPermission(request, resourceServer, authorization, permissionsToEvaluate, limit, requestedScopesModel, resource);
} else if (resourceId.startsWith("resource-type:")) {
// only resource types, no resource instances. resource types are owned by the resource server
String resourceType = resourceId.substring("resource-type:".length());
resourceStore.findByType(resourceType, resourceServer.getId(), resourceServer.getId(), resource1 -> addPermission(request, resourceServer, authorization, permissionsToEvaluate, limit, requestedScopesModel, resource1));
} else if (resourceId.startsWith("resource-type-any:")) {
// any resource with a given type
String resourceType = resourceId.substring("resource-type-any:".length());
resourceStore.findByType(resourceType, null, resourceServer.getId(), resource12 -> addPermission(request, resourceServer, authorization, permissionsToEvaluate, limit, requestedScopesModel, resource12));
} else if (resourceId.startsWith("resource-type-instance:")) {
// only resource instances with a given type
String resourceType = resourceId.substring("resource-type-instance:".length());
resourceStore.findByTypeInstance(resourceType, resourceServer.getId(), resource13 -> addPermission(request, resourceServer, authorization, permissionsToEvaluate, limit, requestedScopesModel, resource13));
} else if (resourceId.startsWith("resource-type-owner:")) {
// only resources where the current identity is the owner
String resourceType = resourceId.substring("resource-type-owner:".length());
resourceStore.findByType(resourceType, identity.getId(), resourceServer.getId(), resource14 -> addPermission(request, resourceServer, authorization, permissionsToEvaluate, limit, requestedScopesModel, resource14));
} else {
Resource ownerResource = resourceStore.findByName(resourceId, identity.getId(), resourceServer.getId());
if (ownerResource != null) {
permission.setResourceId(ownerResource.getId());
addPermission(request, resourceServer, authorization, permissionsToEvaluate, limit, requestedScopesModel, ownerResource);
}
if (!identity.isResourceServer() || !identity.getId().equals(resourceServer.getId())) {
List<PermissionTicket> tickets = storeFactory.getPermissionTicketStore().findGranted(resourceId, identity.getId(), resourceServer.getId());
if (!tickets.isEmpty()) {
List<Scope> scopes = new ArrayList<>();
Resource grantedResource = null;
for (PermissionTicket permissionTicket : tickets) {
if (grantedResource == null) {
grantedResource = permissionTicket.getResource();
}
scopes.add(permissionTicket.getScope());
}
requestedScopesModel.retainAll(scopes);
ResourcePermission resourcePermission = addPermission(request, resourceServer, authorization, permissionsToEvaluate, limit, requestedScopesModel, grantedResource);
// the permission is explicitly granted by the owner, mark this permission as granted so that we don't run the evaluation engine on it
resourcePermission.setGranted(true);
}
Resource serverResource = resourceStore.findByName(resourceId, resourceServer.getId());
if (serverResource != null) {
permission.setResourceId(serverResource.getId());
addPermission(request, resourceServer, authorization, permissionsToEvaluate, limit, requestedScopesModel, serverResource);
}
}
}
if (permissionsToEvaluate.isEmpty()) {
CorsErrorResponseException invalidResourceException = new CorsErrorResponseException(request.getCors(), "invalid_resource", "Resource with id [" + resourceId + "] does not exist.", Status.BAD_REQUEST);
fireErrorEvent(request.getEvent(), Errors.INVALID_REQUEST, invalidResourceException);
throw invalidResourceException;
}
}
Also used :
ResourcePermission(org.keycloak.authorization.permission.ResourcePermission)
Arrays(java.util.Arrays)
Tokens(org.keycloak.authorization.util.Tokens)
UserSessionProvider(org.keycloak.models.UserSessionProvider)
DefaultClientSessionContext(org.keycloak.services.util.DefaultClientSessionContext)
BiFunction(java.util.function.BiFunction)
Permissions(org.keycloak.authorization.permission.Permissions)
PermissionTicketAwareDecisionResultCollector(org.keycloak.authorization.policy.evaluation.PermissionTicketAwareDecisionResultCollector)
AuthenticationSessionManager(org.keycloak.services.managers.AuthenticationSessionManager)
Metadata(org.keycloak.representations.idm.authorization.AuthorizationRequest.Metadata)
MediaType(javax.ws.rs.core.MediaType)
OAuthErrorException(org.keycloak.OAuthErrorException)
AuthenticationManager(org.keycloak.services.managers.AuthenticationManager)
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
AccessToken(org.keycloak.representations.AccessToken)
AuthenticatedClientSessionModel(org.keycloak.models.AuthenticatedClientSessionModel)
ErrorResponseException(org.keycloak.services.ErrorResponseException)
Map(java.util.Map)
ClientConnection(org.keycloak.common.ClientConnection)
AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider)
AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel)
RealmModel(org.keycloak.models.RealmModel)
Collection(java.util.Collection)
AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest)
Set(java.util.Set)
ResourceStore(org.keycloak.authorization.store.ResourceStore)
CorsErrorResponseException(org.keycloak.services.CorsErrorResponseException)
Collectors(java.util.stream.Collectors)
IDToken(org.keycloak.representations.IDToken)
KeycloakIdentity(org.keycloak.authorization.common.KeycloakIdentity)
Objects(java.util.Objects)
List(java.util.List)
ScopeStore(org.keycloak.authorization.store.ScopeStore)
ServiceAccountConstants(org.keycloak.common.constants.ServiceAccountConstants)
Response(javax.ws.rs.core.Response)
Details(org.keycloak.events.Details)
DefaultEvaluationContext(org.keycloak.authorization.common.DefaultEvaluationContext)
RootAuthenticationSessionModel(org.keycloak.sessions.RootAuthenticationSessionModel)
Entry(java.util.Map.Entry)
OIDCLoginProtocol(org.keycloak.protocol.oidc.OIDCLoginProtocol)
ClientModel(org.keycloak.models.ClientModel)
Scope(org.keycloak.authorization.model.Scope)
KeycloakModelUtils(org.keycloak.models.utils.KeycloakModelUtils)
Permission(org.keycloak.representations.idm.authorization.Permission)
Logger(org.jboss.logging.Logger)
StoreFactory(org.keycloak.authorization.store.StoreFactory)
AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean)
HashMap(java.util.HashMap)
RefreshToken(org.keycloak.representations.RefreshToken)
TokenManager(org.keycloak.protocol.oidc.TokenManager)
HttpMethod(javax.ws.rs.HttpMethod)
ArrayList(java.util.ArrayList)
PermissionTicket(org.keycloak.authorization.model.PermissionTicket)
HashSet(java.util.HashSet)
LinkedHashMap(java.util.LinkedHashMap)
UserModel(org.keycloak.models.UserModel)
ClientSessionContext(org.keycloak.models.ClientSessionContext)
EventBuilder(org.keycloak.events.EventBuilder)
OIDCAdvancedConfigWrapper(org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper)
PermissionTicketToken(org.keycloak.representations.idm.authorization.PermissionTicketToken)
Cors(org.keycloak.services.resources.Cors)
Status(javax.ws.rs.core.Response.Status)
Base64Url(org.keycloak.common.util.Base64Url)
ResourceServer(org.keycloak.authorization.model.ResourceServer)
Errors(org.keycloak.events.Errors)
Authorization(org.keycloak.representations.AccessToken.Authorization)
KeycloakSession(org.keycloak.models.KeycloakSession)
HttpRequest(org.jboss.resteasy.spi.HttpRequest)
UserSessionModel(org.keycloak.models.UserSessionModel)
AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse)
JsonSerialization(org.keycloak.util.JsonSerialization)
EvaluationContext(org.keycloak.authorization.policy.evaluation.EvaluationContext)
ResourceServerStore(org.keycloak.authorization.store.ResourceServerStore)
Urls(org.keycloak.services.Urls)
AccessTokenResponseBuilder(org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder)
Resource(org.keycloak.authorization.model.Resource)
PermissionTicket(org.keycloak.authorization.model.PermissionTicket)
Scope(org.keycloak.authorization.model.Scope)
Resource(org.keycloak.authorization.model.Resource)
ArrayList(java.util.ArrayList)
CorsErrorResponseException(org.keycloak.services.CorsErrorResponseException)
ResourcePermission(org.keycloak.authorization.permission.ResourcePermission)
Aggregations
ResourceServer (org.keycloak.authorization.model.ResourceServer)81
Policy (org.keycloak.authorization.model.Policy)50
Resource (org.keycloak.authorization.model.Resource)40
ClientModel (org.keycloak.models.ClientModel)37
Scope (org.keycloak.authorization.model.Scope)30
AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)26
StoreFactory (org.keycloak.authorization.store.StoreFactory)21
RealmModel (org.keycloak.models.RealmModel)20
UserModel (org.keycloak.models.UserModel)13
HashSet (java.util.HashSet)12
JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)11
Map (java.util.Map)10
DefaultEvaluation (org.keycloak.authorization.policy.evaluation.DefaultEvaluation)10
PolicyProvider (org.keycloak.authorization.policy.provider.PolicyProvider)10
List (java.util.List)9
AdminPermissionManagement (org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)9
ArrayList (java.util.ArrayList)8
Collection (java.util.Collection)8
HashMap (java.util.HashMap)8
ResourcePermission (org.keycloak.authorization.permission.ResourcePermission)8
