Examples with ResourceServer org.keycloak.authorization.model.ResourceServer used on opensource projects

Example 76 with ResourceServer

use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.

the class RolePermissions method resource.

@Override
public Resource resource(RoleModel role) {
    ResourceStore resourceStore = authz.getStoreFactory().getResourceStore();
    ResourceServer server = resourceServer(role);
    if (server == null)
        return null;
    return resourceStore.findByName(getRoleResourceName(role), server.getId());
}

Example 77 with ResourceServer

use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.

the class RolePermissions method canMapComposite.

@Override
public boolean canMapComposite(RoleModel role) {
    if (canManageDefault(role))
        return checkAdminRoles(role);
    if (!root.isAdminSameRealm()) {
        return false;
    }
    if (role.getContainer() instanceof ClientModel) {
        if (root.clients().canMapCompositeRoles((ClientModel) role.getContainer()))
            return true;
    }
    if (!isPermissionsEnabled(role)) {
        return false;
    }
    ResourceServer resourceServer = resourceServer(role);
    if (resourceServer == null)
        return false;
    Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getMapCompositePermissionName(role), resourceServer.getId());
    if (policy == null || policy.getAssociatedPolicies().isEmpty()) {
        return false;
    }
    Resource roleResource = resource(role);
    Scope scope = mapCompositeScope(resourceServer);
    if (root.evaluatePermission(roleResource, resourceServer, scope)) {
        return checkAdminRoles(role);
    } else {
        return false;
    }
}

Example 78 with ResourceServer

use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.

the class MgmtPermissions method initializeRealmScope.

public Scope initializeRealmScope(String name) {
    ResourceServer server = initializeRealmResourceServer();
    Scope scope = authz.getStoreFactory().getScopeStore().findByName(name, server.getId());
    if (scope == null) {
        scope = authz.getStoreFactory().getScopeStore().create(name, server);
    }
    return scope;
}

Example 79 with ResourceServer

use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.

the class RepresentationToModel method updateScopes.

private static void updateScopes(Set<String> scopeIds, Policy policy, StoreFactory storeFactory) {
    if (scopeIds != null) {
        if (scopeIds.isEmpty()) {
            for (Scope scope : new HashSet<Scope>(policy.getScopes())) {
                policy.removeScope(scope);
            }
            return;
        }
        for (String scopeId : scopeIds) {
            boolean hasScope = false;
            for (Scope scopeModel : new HashSet<Scope>(policy.getScopes())) {
                if (scopeModel.getId().equals(scopeId) || scopeModel.getName().equals(scopeId)) {
                    hasScope = true;
                }
            }
            if (!hasScope) {
                ResourceServer resourceServer = policy.getResourceServer();
                Scope scope = storeFactory.getScopeStore().findById(scopeId, resourceServer.getId());
                if (scope == null) {
                    scope = storeFactory.getScopeStore().findByName(scopeId, resourceServer.getId());
                    if (scope == null) {
                        throw new RuntimeException("Scope with id or name [" + scopeId + "] does not exist");
                    }
                }
                policy.addScope(scope);
            }
        }
        for (Scope scopeModel : new HashSet<Scope>(policy.getScopes())) {
            boolean hasScope = false;
            for (String scopeId : scopeIds) {
                if (scopeModel.getId().equals(scopeId) || scopeModel.getName().equals(scopeId)) {
                    hasScope = true;
                }
            }
            if (!hasScope) {
                policy.removeScope(scopeModel);
            }
        }
    }
    policy.removeConfig("scopes");
}

Example 80 with ResourceServer

use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.

the class ModelToRepresentation method toRepresentation.

public static ClientRepresentation toRepresentation(ClientModel clientModel, KeycloakSession session) {
    ClientRepresentation rep = new ClientRepresentation();
    rep.setId(clientModel.getId());
    String providerId = StorageId.resolveProviderId(clientModel);
    rep.setOrigin(providerId);
    rep.setClientId(clientModel.getClientId());
    rep.setName(clientModel.getName());
    rep.setDescription(clientModel.getDescription());
    rep.setEnabled(clientModel.isEnabled());
    rep.setAlwaysDisplayInConsole(clientModel.isAlwaysDisplayInConsole());
    rep.setAdminUrl(clientModel.getManagementUrl());
    rep.setPublicClient(clientModel.isPublicClient());
    rep.setFrontchannelLogout(clientModel.isFrontchannelLogout());
    rep.setProtocol(clientModel.getProtocol());
    rep.setAttributes(clientModel.getAttributes());
    rep.setAuthenticationFlowBindingOverrides(clientModel.getAuthenticationFlowBindingOverrides());
    rep.setFullScopeAllowed(clientModel.isFullScopeAllowed());
    rep.setBearerOnly(clientModel.isBearerOnly());
    rep.setConsentRequired(clientModel.isConsentRequired());
    rep.setStandardFlowEnabled(clientModel.isStandardFlowEnabled());
    rep.setImplicitFlowEnabled(clientModel.isImplicitFlowEnabled());
    rep.setDirectAccessGrantsEnabled(clientModel.isDirectAccessGrantsEnabled());
    rep.setServiceAccountsEnabled(clientModel.isServiceAccountsEnabled());
    rep.setSurrogateAuthRequired(clientModel.isSurrogateAuthRequired());
    rep.setRootUrl(clientModel.getRootUrl());
    rep.setBaseUrl(clientModel.getBaseUrl());
    rep.setNotBefore(clientModel.getNotBefore());
    rep.setNodeReRegistrationTimeout(clientModel.getNodeReRegistrationTimeout());
    rep.setClientAuthenticatorType(clientModel.getClientAuthenticatorType());
    rep.setDefaultClientScopes(new LinkedList<>(clientModel.getClientScopes(true).keySet()));
    rep.setOptionalClientScopes(new LinkedList<>(clientModel.getClientScopes(false).keySet()));
    Set<String> redirectUris = clientModel.getRedirectUris();
    if (redirectUris != null) {
        rep.setRedirectUris(new LinkedList<>(redirectUris));
    }
    Set<String> webOrigins = clientModel.getWebOrigins();
    if (webOrigins != null) {
        rep.setWebOrigins(new LinkedList<>(webOrigins));
    }
    if (!clientModel.getRegisteredNodes().isEmpty()) {
        rep.setRegisteredNodes(new HashMap<>(clientModel.getRegisteredNodes()));
    }
    List<ProtocolMapperRepresentation> mappings = clientModel.getProtocolMappersStream().map(ModelToRepresentation::toRepresentation).collect(Collectors.toList());
    if (!mappings.isEmpty())
        rep.setProtocolMappers(mappings);
    if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
        AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
        ResourceServer resourceServer = authorization.getStoreFactory().getResourceServerStore().findByClient(clientModel);
        if (resourceServer != null) {
            rep.setAuthorizationServicesEnabled(true);
        }
    }
    return rep;
}