Example 26 with ResourceServer
use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.
the class ClientTokenExchangeTest method addDirectExchanger.
private static void addDirectExchanger(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName(TEST);
RoleModel exampleRole = realm.addRole("example");
AdminPermissionManagement management = AdminPermissions.management(session, realm);
ClientModel target = realm.addClient("target");
target.setName("target");
target.setClientId("target");
target.setDirectAccessGrantsEnabled(true);
target.setEnabled(true);
target.setSecret("secret");
target.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
target.setFullScopeAllowed(false);
target.addScopeMapping(exampleRole);
ClientModel directExchanger = realm.addClient("direct-exchanger");
directExchanger.setName("direct-exchanger");
directExchanger.setClientId("direct-exchanger");
directExchanger.setPublicClient(false);
directExchanger.setDirectAccessGrantsEnabled(true);
directExchanger.setEnabled(true);
directExchanger.setSecret("secret");
directExchanger.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
directExchanger.setFullScopeAllowed(false);
// permission for client to client exchange to "target" client
management.clients().setPermissionsEnabled(target, true);
ClientPolicyRepresentation clientImpersonateRep = new ClientPolicyRepresentation();
clientImpersonateRep.setName("clientImpersonatorsDirect");
clientImpersonateRep.addClient(directExchanger.getId());
ResourceServer server = management.realmResourceServer();
Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(clientImpersonateRep, server);
management.users().setPermissionsEnabled(true);
management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy);
management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
UserModel impersonatedUser = session.users().addUser(realm, "impersonated-user");
impersonatedUser.setEnabled(true);
session.userCredentialManager().updateCredential(realm, impersonatedUser, UserCredentialModel.password("password"));
impersonatedUser.grantRole(exampleRole);
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
Policy(org.keycloak.authorization.model.Policy)
UserModel(org.keycloak.models.UserModel)
ClientModel(org.keycloak.models.ClientModel)
ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)
RoleModel(org.keycloak.models.RoleModel)
ResourceServer(org.keycloak.authorization.model.ResourceServer)
AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)
Example 27 with ResourceServer
use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.
the class MigrateTo2_1_0 method migrateRolePolicies.
// KEYCLOAK-3338: Changes to how role policy config is stored"
private void migrateRolePolicies(RealmModel realm, KeycloakSession session) {
AuthorizationProvider authorizationProvider = session.getProvider(AuthorizationProvider.class);
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
PolicyStore policyStore = storeFactory.getPolicyStore();
realm.getClientsStream().forEach(clientModel -> {
ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
if (resourceServer != null) {
policyStore.findByType("role", resourceServer.getId()).forEach(policy -> {
Map<String, String> config = new HashMap(policy.getConfig());
String roles = config.get("roles");
List roleConfig;
try {
roleConfig = JsonSerialization.readValue(roles, List.class);
} catch (Exception e) {
throw new RuntimeException("Malformed configuration for role policy [" + policy.getName() + "].", e);
}
if (!roleConfig.isEmpty() && roleConfig.get(0) instanceof String) {
try {
config.put("roles", JsonSerialization.writeValueAsString(roleConfig.stream().map(new Function<String, Map>() {
@Override
public Map apply(String roleId) {
Map updated = new HashMap();
updated.put("id", roleId);
return updated;
}
}).collect(Collectors.toList())));
policy.setConfig(config);
} catch (Exception e) {
throw new RuntimeException("Failed to migrate role policy [" + policy.getName() + "].", e);
}
}
});
}
});
}
Also used :
Function(java.util.function.Function)
HashMap(java.util.HashMap)
AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider)
PolicyStore(org.keycloak.authorization.store.PolicyStore)
List(java.util.List)
StoreFactory(org.keycloak.authorization.store.StoreFactory)
ResourceServer(org.keycloak.authorization.model.ResourceServer)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 28 with ResourceServer
use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.
the class PolicyEvaluationResponseBuilder method build.
public static PolicyEvaluationResponse build(PolicyEvaluationService.EvaluationDecisionCollector decision, ResourceServer resourceServer, AuthorizationProvider authorization, KeycloakIdentity identity) {
PolicyEvaluationResponse response = new PolicyEvaluationResponse();
List<PolicyEvaluationResponse.EvaluationResultRepresentation> resultsRep = new ArrayList<>();
AccessToken accessToken = identity.getAccessToken();
AccessToken.Authorization authorizationData = new AccessToken.Authorization();
authorizationData.setPermissions(decision.results());
accessToken.setAuthorization(authorizationData);
ClientModel clientModel = authorization.getRealm().getClientById(resourceServer.getId());
if (!accessToken.hasAudience(clientModel.getClientId())) {
accessToken.audience(clientModel.getClientId());
}
response.setRpt(accessToken);
Collection<Result> results = decision.getResults();
if (results.stream().anyMatch(evaluationResult -> evaluationResult.getEffect().equals(Decision.Effect.DENY))) {
response.setStatus(DecisionEffect.DENY);
} else {
response.setStatus(DecisionEffect.PERMIT);
}
for (Result result : results) {
PolicyEvaluationResponse.EvaluationResultRepresentation rep = new PolicyEvaluationResponse.EvaluationResultRepresentation();
if (result.getEffect() == Decision.Effect.DENY) {
rep.setStatus(DecisionEffect.DENY);
} else {
rep.setStatus(DecisionEffect.PERMIT);
}
resultsRep.add(rep);
if (result.getPermission().getResource() != null) {
ResourceRepresentation resource = new ResourceRepresentation();
resource.setId(result.getPermission().getResource().getId());
resource.setName(result.getPermission().getResource().getName());
rep.setResource(resource);
} else {
ResourceRepresentation resource = new ResourceRepresentation();
resource.setName("Any Resource with Scopes " + result.getPermission().getScopes().stream().map(Scope::getName).collect(Collectors.toList()));
rep.setResource(resource);
}
rep.setScopes(result.getPermission().getScopes().stream().map(scope -> {
ScopeRepresentation representation = new ScopeRepresentation();
representation.setId(scope.getId());
representation.setName(scope.getName());
return representation;
}).collect(Collectors.toList()));
List<PolicyEvaluationResponse.PolicyResultRepresentation> policies = new ArrayList<>();
for (Result.PolicyResult policy : result.getResults()) {
PolicyResultRepresentation policyRep = toRepresentation(policy, authorization);
if ("resource".equals(policy.getPolicy().getType())) {
policyRep.getPolicy().setScopes(result.getPermission().getResource().getScopes().stream().map(Scope::getName).collect(Collectors.toSet()));
}
policies.add(policyRep);
}
rep.setPolicies(policies);
}
resultsRep.sort(Comparator.comparing(o -> o.getResource().getName()));
Map<String, PolicyEvaluationResponse.EvaluationResultRepresentation> groupedResults = new HashMap<>();
resultsRep.forEach(evaluationResultRepresentation -> {
PolicyEvaluationResponse.EvaluationResultRepresentation result = groupedResults.get(evaluationResultRepresentation.getResource().getId());
ResourceRepresentation resource = evaluationResultRepresentation.getResource();
if (result == null) {
groupedResults.put(resource.getId(), evaluationResultRepresentation);
result = evaluationResultRepresentation;
}
if (result.getStatus().equals(DecisionEffect.PERMIT) || (evaluationResultRepresentation.getStatus().equals(DecisionEffect.PERMIT) && result.getStatus().equals(DecisionEffect.DENY))) {
result.setStatus(DecisionEffect.PERMIT);
}
List<ScopeRepresentation> scopes = result.getScopes();
if (DecisionEffect.PERMIT.equals(result.getStatus())) {
result.setAllowedScopes(scopes);
}
if (resource.getId() != null) {
if (!scopes.isEmpty()) {
result.getResource().setName(evaluationResultRepresentation.getResource().getName() + " with scopes " + scopes.stream().flatMap((Function<ScopeRepresentation, Stream<?>>) scopeRepresentation -> Arrays.asList(scopeRepresentation.getName()).stream()).collect(Collectors.toList()));
} else {
result.getResource().setName(evaluationResultRepresentation.getResource().getName());
}
} else {
result.getResource().setName("Any Resource with Scopes " + scopes.stream().flatMap((Function<ScopeRepresentation, Stream<?>>) scopeRepresentation -> Arrays.asList(scopeRepresentation.getName()).stream()).collect(Collectors.toList()));
}
List<PolicyEvaluationResponse.PolicyResultRepresentation> policies = result.getPolicies();
for (PolicyEvaluationResponse.PolicyResultRepresentation policy : new ArrayList<>(evaluationResultRepresentation.getPolicies())) {
if (!policies.contains(policy)) {
policies.add(policy);
}
}
});
response.setResults(groupedResults.values().stream().collect(Collectors.toList()));
return response;
}
Also used :
ClientModel(org.keycloak.models.ClientModel)
Scope(org.keycloak.authorization.model.Scope)
ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)
Arrays(java.util.Arrays)
PolicyResultRepresentation(org.keycloak.representations.idm.authorization.PolicyEvaluationResponse.PolicyResultRepresentation)
HashMap(java.util.HashMap)
Function(java.util.function.Function)
PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation)
PermissionTicket(org.keycloak.authorization.model.PermissionTicket)
ArrayList(java.util.ArrayList)
PolicyEvaluationService(org.keycloak.authorization.admin.PolicyEvaluationService)
UserModel(org.keycloak.models.UserModel)
AccessToken(org.keycloak.representations.AccessToken)
Map(java.util.Map)
ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation)
AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider)
ResourceServer(org.keycloak.authorization.model.ResourceServer)
RealmModel(org.keycloak.models.RealmModel)
EnumMap(java.util.EnumMap)
Collection(java.util.Collection)
KeycloakSession(org.keycloak.models.KeycloakSession)
Set(java.util.Set)
Decision(org.keycloak.authorization.Decision)
Collectors(java.util.stream.Collectors)
KeycloakIdentity(org.keycloak.authorization.common.KeycloakIdentity)
Policy(org.keycloak.authorization.model.Policy)
List(java.util.List)
Stream(java.util.stream.Stream)
Result(org.keycloak.authorization.policy.evaluation.Result)
PolicyEvaluationResponse(org.keycloak.representations.idm.authorization.PolicyEvaluationResponse)
DecisionEffect(org.keycloak.representations.idm.authorization.DecisionEffect)
Comparator(java.util.Comparator)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
PolicyResultRepresentation(org.keycloak.representations.idm.authorization.PolicyEvaluationResponse.PolicyResultRepresentation)
Result(org.keycloak.authorization.policy.evaluation.Result)
ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)
ClientModel(org.keycloak.models.ClientModel)
Function(java.util.function.Function)
Scope(org.keycloak.authorization.model.Scope)
AccessToken(org.keycloak.representations.AccessToken)
PolicyEvaluationResponse(org.keycloak.representations.idm.authorization.PolicyEvaluationResponse)
ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation)
PolicyResultRepresentation(org.keycloak.representations.idm.authorization.PolicyEvaluationResponse.PolicyResultRepresentation)
Example 29 with ResourceServer
use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.
the class PolicyEvaluationService method createPermissions.
private List<ResourcePermission> createPermissions(PolicyEvaluationRequest representation, EvaluationContext evaluationContext, AuthorizationProvider authorization, AuthorizationRequest request) {
return representation.getResources().stream().flatMap((Function<ResourceRepresentation, Stream<ResourcePermission>>) resource -> {
StoreFactory storeFactory = authorization.getStoreFactory();
if (resource == null) {
resource = new ResourceRepresentation();
}
Set<ScopeRepresentation> givenScopes = resource.getScopes();
if (givenScopes == null) {
givenScopes = new HashSet<>();
}
ScopeStore scopeStore = storeFactory.getScopeStore();
Set<Scope> scopes = givenScopes.stream().map(scopeRepresentation -> scopeStore.findByName(scopeRepresentation.getName(), resourceServer.getId())).collect(Collectors.toSet());
if (resource.getId() != null) {
Resource resourceModel = storeFactory.getResourceStore().findById(resource.getId(), resourceServer.getId());
return new ArrayList<>(Arrays.asList(Permissions.createResourcePermissions(resourceModel, resourceServer, scopes, authorization, request))).stream();
} else if (resource.getType() != null) {
return storeFactory.getResourceStore().findByType(resource.getType(), resourceServer.getId()).stream().map(resource1 -> Permissions.createResourcePermissions(resource1, resourceServer, scopes, authorization, request));
} else {
if (scopes.isEmpty()) {
return Stream.empty();
}
List<Resource> resources = storeFactory.getResourceStore().findByScope(scopes.stream().map(Scope::getId).collect(Collectors.toList()), resourceServer.getId());
if (resources.isEmpty()) {
return scopes.stream().map(scope -> new ResourcePermission(null, new ArrayList<>(Arrays.asList(scope)), resourceServer));
}
return resources.stream().map(resource12 -> Permissions.createResourcePermissions(resource12, resourceServer, scopes, authorization, request));
}
}).collect(Collectors.toList());
}
Also used :
ResourcePermission(org.keycloak.authorization.permission.ResourcePermission)
Arrays(java.util.Arrays)
ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)
Produces(javax.ws.rs.Produces)
Permissions(org.keycloak.authorization.permission.Permissions)
OAuthErrorException(org.keycloak.OAuthErrorException)
Consumes(javax.ws.rs.Consumes)
AuthenticationManager(org.keycloak.services.managers.AuthenticationManager)
AccessToken(org.keycloak.representations.AccessToken)
DecisionPermissionCollector(org.keycloak.authorization.policy.evaluation.DecisionPermissionCollector)
ErrorResponseException(org.keycloak.services.ErrorResponseException)
Map(java.util.Map)
AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider)
AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel)
RealmModel(org.keycloak.models.RealmModel)
PolicyEvaluationResponseBuilder(org.keycloak.authorization.admin.representation.PolicyEvaluationResponseBuilder)
Collection(java.util.Collection)
AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest)
Set(java.util.Set)
Collectors(java.util.stream.Collectors)
KeycloakIdentity(org.keycloak.authorization.common.KeycloakIdentity)
List(java.util.List)
ScopeStore(org.keycloak.authorization.store.ScopeStore)
Stream(java.util.stream.Stream)
Response(javax.ws.rs.core.Response)
DefaultEvaluationContext(org.keycloak.authorization.common.DefaultEvaluationContext)
OIDCLoginProtocol(org.keycloak.protocol.oidc.OIDCLoginProtocol)
ClientModel(org.keycloak.models.ClientModel)
Scope(org.keycloak.authorization.model.Scope)
Attributes(org.keycloak.authorization.attribute.Attributes)
Permission(org.keycloak.representations.idm.authorization.Permission)
Logger(org.jboss.logging.Logger)
StoreFactory(org.keycloak.authorization.store.StoreFactory)
HashMap(java.util.HashMap)
TokenManager(org.keycloak.protocol.oidc.TokenManager)
Function(java.util.function.Function)
ArrayList(java.util.ArrayList)
HashSet(java.util.HashSet)
PolicyEvaluationRequest(org.keycloak.representations.idm.authorization.PolicyEvaluationRequest)
UserModel(org.keycloak.models.UserModel)
ClientSessionContext(org.keycloak.models.ClientSessionContext)
ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation)
Status(javax.ws.rs.core.Response.Status)
ResourceServer(org.keycloak.authorization.model.ResourceServer)
POST(javax.ws.rs.POST)
AdminPermissionEvaluator(org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator)
KeycloakSession(org.keycloak.models.KeycloakSession)
UserSessionModel(org.keycloak.models.UserSessionModel)
EvaluationContext(org.keycloak.authorization.policy.evaluation.EvaluationContext)
Result(org.keycloak.authorization.policy.evaluation.Result)
Urls(org.keycloak.services.Urls)
Collections(java.util.Collections)
Resource(org.keycloak.authorization.model.Resource)
Resource(org.keycloak.authorization.model.Resource)
ScopeStore(org.keycloak.authorization.store.ScopeStore)
StoreFactory(org.keycloak.authorization.store.StoreFactory)
ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)
Function(java.util.function.Function)
Scope(org.keycloak.authorization.model.Scope)
ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation)
List(java.util.List)
ArrayList(java.util.ArrayList)
ResourcePermission(org.keycloak.authorization.permission.ResourcePermission)
Example 30 with ResourceServer
use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.
the class AuthorizationTokenService method authorize.
public Response authorize(KeycloakAuthorizationRequest request) {
EventBuilder event = request.getEvent();
// it is not secure to allow public clients to push arbitrary claims because message can be tampered
if (isPublicClientRequestingEntitlementWithClaims(request)) {
CorsErrorResponseException forbiddenClientException = new CorsErrorResponseException(request.getCors(), OAuthErrorException.INVALID_GRANT, "Public clients are not allowed to send claims", Status.FORBIDDEN);
fireErrorEvent(event, Errors.INVALID_REQUEST, forbiddenClientException);
throw forbiddenClientException;
}
try {
PermissionTicketToken ticket = getPermissionTicket(request);
request.setClaims(ticket.getClaims());
EvaluationContext evaluationContext = createEvaluationContext(request);
KeycloakIdentity identity = KeycloakIdentity.class.cast(evaluationContext.getIdentity());
if (identity != null) {
event.user(identity.getId());
}
ResourceServer resourceServer = getResourceServer(ticket, request);
Collection<Permission> permissions;
if (request.getTicket() != null) {
permissions = evaluateUserManagedPermissions(request, ticket, resourceServer, evaluationContext);
} else if (ticket.getPermissions().isEmpty() && request.getRpt() == null) {
permissions = evaluateAllPermissions(request, resourceServer, evaluationContext);
} else {
permissions = evaluatePermissions(request, ticket, resourceServer, evaluationContext, identity);
}
if (isGranted(ticket, request, permissions)) {
AuthorizationProvider authorization = request.getAuthorization();
ClientModel targetClient = authorization.getRealm().getClientById(resourceServer.getId());
Metadata metadata = request.getMetadata();
String responseMode = metadata != null ? metadata.getResponseMode() : null;
if (responseMode != null) {
if (RESPONSE_MODE_DECISION.equals(metadata.getResponseMode())) {
Map<String, Object> responseClaims = new HashMap<>();
responseClaims.put(RESPONSE_MODE_DECISION_RESULT, true);
return createSuccessfulResponse(responseClaims, request);
} else if (RESPONSE_MODE_PERMISSIONS.equals(metadata.getResponseMode())) {
return createSuccessfulResponse(permissions, request);
} else {
CorsErrorResponseException invalidResponseModeException = new CorsErrorResponseException(request.getCors(), OAuthErrorException.INVALID_REQUEST, "Invalid response_mode", Status.BAD_REQUEST);
fireErrorEvent(event, Errors.INVALID_REQUEST, invalidResponseModeException);
throw invalidResponseModeException;
}
} else {
return createSuccessfulResponse(createAuthorizationResponse(identity, permissions, request, targetClient), request);
}
}
if (request.isSubmitRequest()) {
CorsErrorResponseException submittedRequestException = new CorsErrorResponseException(request.getCors(), OAuthErrorException.ACCESS_DENIED, "request_submitted", Status.FORBIDDEN);
fireErrorEvent(event, Errors.ACCESS_DENIED, submittedRequestException);
throw submittedRequestException;
} else {
CorsErrorResponseException notAuthorizedException = new CorsErrorResponseException(request.getCors(), OAuthErrorException.ACCESS_DENIED, "not_authorized", Status.FORBIDDEN);
fireErrorEvent(event, Errors.ACCESS_DENIED, notAuthorizedException);
throw notAuthorizedException;
}
} catch (ErrorResponseException | CorsErrorResponseException cause) {
if (logger.isDebugEnabled()) {
logger.debug("Error while evaluating permissions", cause);
}
throw cause;
} catch (Exception cause) {
logger.error("Unexpected error while evaluating permissions", cause);
throw new CorsErrorResponseException(request.getCors(), OAuthErrorException.SERVER_ERROR, "Unexpected error while evaluating permissions", Status.INTERNAL_SERVER_ERROR);
}
}
Also used :
PermissionTicketToken(org.keycloak.representations.idm.authorization.PermissionTicketToken)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider)
Metadata(org.keycloak.representations.idm.authorization.AuthorizationRequest.Metadata)
OAuthErrorException(org.keycloak.OAuthErrorException)
ErrorResponseException(org.keycloak.services.ErrorResponseException)
CorsErrorResponseException(org.keycloak.services.CorsErrorResponseException)
ClientModel(org.keycloak.models.ClientModel)
EventBuilder(org.keycloak.events.EventBuilder)
KeycloakIdentity(org.keycloak.authorization.common.KeycloakIdentity)
ResourcePermission(org.keycloak.authorization.permission.ResourcePermission)
Permission(org.keycloak.representations.idm.authorization.Permission)
ErrorResponseException(org.keycloak.services.ErrorResponseException)
CorsErrorResponseException(org.keycloak.services.CorsErrorResponseException)
CorsErrorResponseException(org.keycloak.services.CorsErrorResponseException)
DefaultEvaluationContext(org.keycloak.authorization.common.DefaultEvaluationContext)
EvaluationContext(org.keycloak.authorization.policy.evaluation.EvaluationContext)
ResourceServer(org.keycloak.authorization.model.ResourceServer)
Aggregations
ResourceServer (org.keycloak.authorization.model.ResourceServer)81
Policy (org.keycloak.authorization.model.Policy)50
Resource (org.keycloak.authorization.model.Resource)40
ClientModel (org.keycloak.models.ClientModel)37
Scope (org.keycloak.authorization.model.Scope)30
AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)26
StoreFactory (org.keycloak.authorization.store.StoreFactory)21
RealmModel (org.keycloak.models.RealmModel)20
UserModel (org.keycloak.models.UserModel)13
HashSet (java.util.HashSet)12
JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)11
Map (java.util.Map)10
DefaultEvaluation (org.keycloak.authorization.policy.evaluation.DefaultEvaluation)10
PolicyProvider (org.keycloak.authorization.policy.provider.PolicyProvider)10
List (java.util.List)9
AdminPermissionManagement (org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)9
ArrayList (java.util.ArrayList)8
Collection (java.util.Collection)8
HashMap (java.util.HashMap)8
ResourcePermission (org.keycloak.authorization.permission.ResourcePermission)8
