Examples with ResourceServer org.keycloak.authorization.model.ResourceServer used on opensource projects

Search in sources :

Example 71 with ResourceServer

use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.

the class IdentityProviderPermissions method initialize.

private void initialize(IdentityProviderModel idp) {
    ResourceServer server = root.initializeRealmResourceServer();
    Scope exchangeToScope = root.initializeScope(TOKEN_EXCHANGE, server);
    String resourceName = getResourceName(idp);
    Resource resource = authz.getStoreFactory().getResourceStore().findByName(resourceName, server.getId());
    if (resource == null) {
        resource = authz.getStoreFactory().getResourceStore().create(resourceName, server, server.getId());
        resource.setType("IdentityProvider");
        Set<Scope> scopeset = new HashSet<>();
        scopeset.add(exchangeToScope);
        resource.updateScopes(scopeset);
    }
    String exchangeToPermissionName = getExchangeToPermissionName(idp);
    Policy exchangeToPermission = authz.getStoreFactory().getPolicyStore().findByName(exchangeToPermissionName, server.getId());
    if (exchangeToPermission == null) {
        Helper.addEmptyScopePermission(authz, server, exchangeToPermissionName, resource, exchangeToScope);
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) Scope(org.keycloak.authorization.model.Scope) Resource(org.keycloak.authorization.model.Resource) ResourceServer(org.keycloak.authorization.model.ResourceServer) HashSet(java.util.HashSet)

Example 72 with ResourceServer

use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.

the class IdentityProviderPermissions method resource.

@Override
public Resource resource(IdentityProviderModel idp) {
    ResourceServer server = root.initializeRealmResourceServer();
    if (server == null)
        return null;
    Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(idp), server.getId());
    if (resource == null)
        return null;
    return resource;
}
Also used : Resource(org.keycloak.authorization.model.Resource) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Example 73 with ResourceServer

use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.

the class RolePermissions method disablePermissions.

private void disablePermissions(RoleModel role) {
    ResourceServer server = resourceServer(role);
    if (server == null)
        return;
    Policy policy = mapRolePermission(role);
    if (policy != null)
        authz.getStoreFactory().getPolicyStore().delete(policy.getId());
    policy = mapClientScopePermission(role);
    if (policy != null)
        authz.getStoreFactory().getPolicyStore().delete(policy.getId());
    policy = mapCompositePermission(role);
    if (policy != null)
        authz.getStoreFactory().getPolicyStore().delete(policy.getId());
    Resource resource = authz.getStoreFactory().getResourceStore().findByName(getRoleResourceName(role), server.getId());
    if (resource != null)
        authz.getStoreFactory().getResourceStore().delete(resource.getId());
}
Also used : Policy(org.keycloak.authorization.model.Policy) Resource(org.keycloak.authorization.model.Resource) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Example 74 with ResourceServer

use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.

the class RolePermissions method initialize.

private void initialize(RoleModel role) {
    ResourceServer server = resourceServer(role);
    if (server == null) {
        ClientModel client = getRoleClient(role);
        server = root.findOrCreateResourceServer(client);
    }
    Scope mapRoleScope = mapRoleScope(server);
    if (mapRoleScope == null) {
        mapRoleScope = authz.getStoreFactory().getScopeStore().create(MAP_ROLE_SCOPE, server);
    }
    Scope mapClientScope = mapClientScope(server);
    if (mapClientScope == null) {
        mapClientScope = authz.getStoreFactory().getScopeStore().create(MAP_ROLE_CLIENT_SCOPE_SCOPE, server);
    }
    Scope mapCompositeScope = mapCompositeScope(server);
    if (mapCompositeScope == null) {
        mapCompositeScope = authz.getStoreFactory().getScopeStore().create(MAP_ROLE_COMPOSITE_SCOPE, server);
    }
    String roleResourceName = getRoleResourceName(role);
    Resource resource = authz.getStoreFactory().getResourceStore().findByName(roleResourceName, server.getId());
    if (resource == null) {
        resource = authz.getStoreFactory().getResourceStore().create(roleResourceName, server, server.getId());
        Set<Scope> scopeset = new HashSet<>();
        scopeset.add(mapClientScope);
        scopeset.add(mapCompositeScope);
        scopeset.add(mapRoleScope);
        resource.updateScopes(scopeset);
        resource.setType("Role");
    }
    Policy mapRolePermission = mapRolePermission(role);
    if (mapRolePermission == null) {
        mapRolePermission = Helper.addEmptyScopePermission(authz, server, getMapRolePermissionName(role), resource, mapRoleScope);
        mapRolePermission.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
    }
    Policy mapClientScopePermission = mapClientScopePermission(role);
    if (mapClientScopePermission == null) {
        mapClientScopePermission = Helper.addEmptyScopePermission(authz, server, getMapClientScopePermissionName(role), resource, mapClientScope);
        mapClientScopePermission.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
    }
    Policy mapCompositePermission = mapCompositePermission(role);
    if (mapCompositePermission == null) {
        mapCompositePermission = Helper.addEmptyScopePermission(authz, server, getMapCompositePermissionName(role), resource, mapCompositeScope);
        mapCompositePermission.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) ClientModel(org.keycloak.models.ClientModel) Scope(org.keycloak.authorization.model.Scope) Resource(org.keycloak.authorization.model.Resource) ResourceServer(org.keycloak.authorization.model.ResourceServer) HashSet(java.util.HashSet)

Example 75 with ResourceServer

use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.

the class RolePermissions method canMapClientScope.

@Override
public boolean canMapClientScope(RoleModel role) {
    if (root.clients().canManageClientsDefault())
        return true;
    if (!root.isAdminSameRealm()) {
        return false;
    }
    if (role.getContainer() instanceof ClientModel) {
        if (root.clients().canMapClientScopeRoles((ClientModel) role.getContainer()))
            return true;
    }
    if (!isPermissionsEnabled(role)) {
        return false;
    }
    ResourceServer resourceServer = resourceServer(role);
    if (resourceServer == null)
        return false;
    Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getMapClientScopePermissionName(role), resourceServer.getId());
    if (policy == null || policy.getAssociatedPolicies().isEmpty()) {
        return false;
    }
    Resource roleResource = resource(role);
    Scope scope = mapClientScope(resourceServer);
    return root.evaluatePermission(roleResource, resourceServer, scope);
}
Also used : Policy(org.keycloak.authorization.model.Policy) ClientModel(org.keycloak.models.ClientModel) Scope(org.keycloak.authorization.model.Scope) Resource(org.keycloak.authorization.model.Resource) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Aggregations

ResourceServer (org.keycloak.authorization.model.ResourceServer)81 Policy (org.keycloak.authorization.model.Policy)50 Resource (org.keycloak.authorization.model.Resource)40 ClientModel (org.keycloak.models.ClientModel)37 Scope (org.keycloak.authorization.model.Scope)30 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)26 StoreFactory (org.keycloak.authorization.store.StoreFactory)21 RealmModel (org.keycloak.models.RealmModel)20 UserModel (org.keycloak.models.UserModel)13 HashSet (java.util.HashSet)12 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)11 Map (java.util.Map)10 DefaultEvaluation (org.keycloak.authorization.policy.evaluation.DefaultEvaluation)10 PolicyProvider (org.keycloak.authorization.policy.provider.PolicyProvider)10 List (java.util.List)9 AdminPermissionManagement (org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)9 ArrayList (java.util.ArrayList)8 Collection (java.util.Collection)8 HashMap (java.util.HashMap)8 ResourcePermission (org.keycloak.authorization.permission.ResourcePermission)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial