Example 66 with ResourceServer
use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.
the class ClientPermissions method deletePermissions.
private void deletePermissions(ClientModel client) {
ResourceServer server = resourceServer(client);
if (server == null)
return;
deletePolicy(getManagePermissionName(client), server);
deletePolicy(getViewPermissionName(client), server);
deletePolicy(getMapRolesPermissionName(client), server);
deletePolicy(getMapRolesClientScopePermissionName(client), server);
deletePolicy(getMapRolesCompositePermissionName(client), server);
deletePolicy(getConfigurePermissionName(client), server);
deletePolicy(getExchangeToPermissionName(client), server);
Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId());
;
if (resource != null)
authz.getStoreFactory().getResourceStore().delete(resource.getId());
}
Also used :
Resource(org.keycloak.authorization.model.Resource)
ResourceServer(org.keycloak.authorization.model.ResourceServer)
Example 67 with ResourceServer
use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.
the class ClientPermissions method canMapRoles.
@Override
public boolean canMapRoles(ClientModel client) {
ResourceServer server = resourceServer(client);
if (server == null)
return false;
Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId());
if (resource == null)
return false;
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getMapRolesPermissionName(client), server.getId());
if (policy == null) {
return false;
}
Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
// if no policies attached to permission then just do default behavior
if (associatedPolicies == null || associatedPolicies.isEmpty()) {
return false;
}
Scope scope = mapRolesScope(server);
return root.evaluatePermission(resource, server, scope);
}
Also used :
Policy(org.keycloak.authorization.model.Policy)
Scope(org.keycloak.authorization.model.Scope)
Resource(org.keycloak.authorization.model.Resource)
ResourceServer(org.keycloak.authorization.model.ResourceServer)
Example 68 with ResourceServer
use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.
the class ClientPermissions method resource.
@Override
public Resource resource(ClientModel client) {
ResourceServer server = resourceServer(client);
if (server == null)
return null;
Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId());
if (resource == null)
return null;
return resource;
}
Also used :
Resource(org.keycloak.authorization.model.Resource)
ResourceServer(org.keycloak.authorization.model.ResourceServer)
Example 69 with ResourceServer
use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.
the class ClientPermissions method initialize.
private void initialize(ClientModel client) {
ResourceServer server = root.findOrCreateResourceServer(client);
Scope manageScope = manageScope(server);
if (manageScope == null) {
manageScope = authz.getStoreFactory().getScopeStore().create(AdminPermissionManagement.MANAGE_SCOPE, server);
}
Scope viewScope = viewScope(server);
if (viewScope == null) {
viewScope = authz.getStoreFactory().getScopeStore().create(AdminPermissionManagement.VIEW_SCOPE, server);
}
Scope mapRoleScope = mapRolesScope(server);
if (mapRoleScope == null) {
mapRoleScope = authz.getStoreFactory().getScopeStore().create(MAP_ROLES_SCOPE, server);
}
Scope mapRoleClientScope = root.initializeScope(MAP_ROLES_CLIENT_SCOPE, server);
Scope mapRoleCompositeScope = root.initializeScope(MAP_ROLES_COMPOSITE_SCOPE, server);
Scope configureScope = root.initializeScope(CONFIGURE_SCOPE, server);
Scope exchangeToScope = root.initializeScope(TOKEN_EXCHANGE, server);
String resourceName = getResourceName(client);
Resource resource = authz.getStoreFactory().getResourceStore().findByName(resourceName, server.getId());
if (resource == null) {
resource = authz.getStoreFactory().getResourceStore().create(resourceName, server, server.getId());
resource.setType("Client");
Set<Scope> scopeset = new HashSet<>();
scopeset.add(configureScope);
scopeset.add(manageScope);
scopeset.add(viewScope);
scopeset.add(mapRoleScope);
scopeset.add(mapRoleClientScope);
scopeset.add(mapRoleCompositeScope);
scopeset.add(exchangeToScope);
resource.updateScopes(scopeset);
}
String managePermissionName = getManagePermissionName(client);
Policy managePermission = authz.getStoreFactory().getPolicyStore().findByName(managePermissionName, server.getId());
if (managePermission == null) {
Helper.addEmptyScopePermission(authz, server, managePermissionName, resource, manageScope);
}
String configurePermissionName = getConfigurePermissionName(client);
Policy configurePermission = authz.getStoreFactory().getPolicyStore().findByName(configurePermissionName, server.getId());
if (configurePermission == null) {
Helper.addEmptyScopePermission(authz, server, configurePermissionName, resource, configureScope);
}
String viewPermissionName = getViewPermissionName(client);
Policy viewPermission = authz.getStoreFactory().getPolicyStore().findByName(viewPermissionName, server.getId());
if (viewPermission == null) {
Helper.addEmptyScopePermission(authz, server, viewPermissionName, resource, viewScope);
}
String mapRolePermissionName = getMapRolesPermissionName(client);
Policy mapRolePermission = authz.getStoreFactory().getPolicyStore().findByName(mapRolePermissionName, server.getId());
if (mapRolePermission == null) {
Helper.addEmptyScopePermission(authz, server, mapRolePermissionName, resource, mapRoleScope);
}
String mapRoleClientScopePermissionName = getMapRolesClientScopePermissionName(client);
Policy mapRoleClientScopePermission = authz.getStoreFactory().getPolicyStore().findByName(mapRoleClientScopePermissionName, server.getId());
if (mapRoleClientScopePermission == null) {
Helper.addEmptyScopePermission(authz, server, mapRoleClientScopePermissionName, resource, mapRoleClientScope);
}
String mapRoleCompositePermissionName = getMapRolesCompositePermissionName(client);
Policy mapRoleCompositePermission = authz.getStoreFactory().getPolicyStore().findByName(mapRoleCompositePermissionName, server.getId());
if (mapRoleCompositePermission == null) {
Helper.addEmptyScopePermission(authz, server, mapRoleCompositePermissionName, resource, mapRoleCompositeScope);
}
String exchangeToPermissionName = getExchangeToPermissionName(client);
Policy exchangeToPermission = authz.getStoreFactory().getPolicyStore().findByName(exchangeToPermissionName, server.getId());
if (exchangeToPermission == null) {
Helper.addEmptyScopePermission(authz, server, exchangeToPermissionName, resource, exchangeToScope);
}
}
Also used :
Policy(org.keycloak.authorization.model.Policy)
Scope(org.keycloak.authorization.model.Scope)
Resource(org.keycloak.authorization.model.Resource)
ResourceServer(org.keycloak.authorization.model.ResourceServer)
HashSet(java.util.HashSet)
Example 70 with ResourceServer
use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.
the class ClientPermissions method canManage.
@Override
public boolean canManage(ClientModel client) {
if (canManageClientsDefault())
return true;
if (!root.isAdminSameRealm()) {
return false;
}
ResourceServer server = resourceServer(client);
if (server == null)
return false;
Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId());
if (resource == null)
return false;
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getManagePermissionName(client), server.getId());
if (policy == null) {
return false;
}
Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
// if no policies attached to permission then just do default behavior
if (associatedPolicies == null || associatedPolicies.isEmpty()) {
return false;
}
Scope scope = manageScope(server);
return root.evaluatePermission(resource, server, scope);
}
Also used :
Policy(org.keycloak.authorization.model.Policy)
Scope(org.keycloak.authorization.model.Scope)
Resource(org.keycloak.authorization.model.Resource)
ResourceServer(org.keycloak.authorization.model.ResourceServer)
Aggregations
ResourceServer (org.keycloak.authorization.model.ResourceServer)81
Policy (org.keycloak.authorization.model.Policy)50
Resource (org.keycloak.authorization.model.Resource)40
ClientModel (org.keycloak.models.ClientModel)37
Scope (org.keycloak.authorization.model.Scope)30
AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)26
StoreFactory (org.keycloak.authorization.store.StoreFactory)21
RealmModel (org.keycloak.models.RealmModel)20
UserModel (org.keycloak.models.UserModel)13
HashSet (java.util.HashSet)12
JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)11
Map (java.util.Map)10
DefaultEvaluation (org.keycloak.authorization.policy.evaluation.DefaultEvaluation)10
PolicyProvider (org.keycloak.authorization.policy.provider.PolicyProvider)10
List (java.util.List)9
AdminPermissionManagement (org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)9
ArrayList (java.util.ArrayList)8
Collection (java.util.Collection)8
HashMap (java.util.HashMap)8
ResourcePermission (org.keycloak.authorization.permission.ResourcePermission)8
