Examples with ResourceServer org.keycloak.authorization.model.ResourceServer used on opensource projects

Search in sources :

Example 41 with ResourceServer

use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.

the class PolicyEvaluationTest method testCheckUserInRole.

public static void testCheckUserInRole(KeycloakSession session) {
    session.getContext().setRealm(session.realms().getRealmByName("authz-test"));
    AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
    ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
    StoreFactory storeFactory = authorization.getStoreFactory();
    ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
    JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
    policyRepresentation.setName("testCheckUserInRole");
    StringBuilder builder = new StringBuilder();
    builder.append("var realm = $evaluation.getRealm();");
    builder.append("if (realm.isUserInRealmRole('marta', 'role-a')) { $evaluation.grant(); }");
    policyRepresentation.setCode(builder.toString());
    Policy policy = storeFactory.getPolicyStore().create(policyRepresentation, resourceServer);
    PolicyProvider provider = authorization.getProvider(policy.getType());
    DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
    provider.evaluate(evaluation);
    Assert.assertEquals(Effect.PERMIT, evaluation.getEffect());
    builder = new StringBuilder();
    builder.append("var realm = $evaluation.getRealm();");
    builder.append("if (realm.isUserInRealmRole('marta', 'role-b')) { $evaluation.grant(); }");
    policyRepresentation.setCode(builder.toString());
    policyRepresentation.setId(policy.getId());
    policy = RepresentationToModel.toModel(policyRepresentation, authorization, policy);
    evaluation = createEvaluation(session, authorization, resourceServer, policy);
    provider.evaluate(evaluation);
    Assert.assertNull(evaluation.getEffect());
}
Also used : Policy(org.keycloak.authorization.model.Policy) ClientModel(org.keycloak.models.ClientModel) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) PolicyProvider(org.keycloak.authorization.policy.provider.PolicyProvider) StoreFactory(org.keycloak.authorization.store.StoreFactory) ResourceServer(org.keycloak.authorization.model.ResourceServer) DefaultEvaluation(org.keycloak.authorization.policy.evaluation.DefaultEvaluation)

Example 42 with ResourceServer

use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.

the class PolicyEvaluationTest method testCheckUserRealmRoles.

public static void testCheckUserRealmRoles(KeycloakSession session) {
    session.getContext().setRealm(session.realms().getRealmByName("authz-test"));
    AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
    ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
    StoreFactory storeFactory = authorization.getStoreFactory();
    ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
    JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
    policyRepresentation.setName("testCheckUserRealmRoles");
    StringBuilder builder = new StringBuilder();
    builder.append("var realm = $evaluation.getRealm();");
    builder.append("var roles = realm.getUserRealmRoles('marta');");
    builder.append("if (roles.size() == 2 && roles.contains('uma_authorization') && roles.contains('role-a')) { $evaluation.grant(); }");
    policyRepresentation.setCode(builder.toString());
    Policy policy = storeFactory.getPolicyStore().create(policyRepresentation, resourceServer);
    PolicyProvider provider = authorization.getProvider(policy.getType());
    DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
    provider.evaluate(evaluation);
    Assert.assertEquals(Effect.PERMIT, evaluation.getEffect());
}
Also used : Policy(org.keycloak.authorization.model.Policy) ClientModel(org.keycloak.models.ClientModel) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) PolicyProvider(org.keycloak.authorization.policy.provider.PolicyProvider) StoreFactory(org.keycloak.authorization.store.StoreFactory) ResourceServer(org.keycloak.authorization.model.ResourceServer) DefaultEvaluation(org.keycloak.authorization.policy.evaluation.DefaultEvaluation)

Example 43 with ResourceServer

use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.

the class PolicyEvaluationCompositeRoleTest method setup.

public static void setup(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName(TEST);
    session.getContext().setRealm(realm);
    ClientModel client = session.clients().addClient(realm, "myclient");
    RoleModel role1 = client.addRole("client-role1");
    AuthorizationProviderFactory factory = (AuthorizationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class);
    AuthorizationProvider authz = factory.create(session, realm);
    ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().create(client);
    Policy policy = createRolePolicy(authz, resourceServer, role1);
    Scope scope = authz.getStoreFactory().getScopeStore().create("myscope", resourceServer);
    Resource resource = authz.getStoreFactory().getResourceStore().create("myresource", resourceServer, resourceServer.getId());
    addScopePermission(authz, resourceServer, "mypermission", resource, scope, policy);
    RoleModel composite = realm.addRole("composite");
    composite.addCompositeRole(role1);
    UserModel user = session.users().addUser(realm, "user");
    user.grantRole(composite);
}
Also used : RealmModel(org.keycloak.models.RealmModel) Policy(org.keycloak.authorization.model.Policy) UserModel(org.keycloak.models.UserModel) ClientModel(org.keycloak.models.ClientModel) Scope(org.keycloak.authorization.model.Scope) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) RealmResource(org.keycloak.admin.client.resource.RealmResource) Resource(org.keycloak.authorization.model.Resource) AuthorizationProviderFactory(org.keycloak.authorization.AuthorizationProviderFactory) RoleModel(org.keycloak.models.RoleModel) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Example 44 with ResourceServer

use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.

the class ClientPolicyProviderFactory method postInit.

@Override
public void postInit(KeycloakSessionFactory factory) {
    factory.register(event -> {
        if (event instanceof ClientRemovedEvent) {
            KeycloakSession keycloakSession = ((ClientRemovedEvent) event).getKeycloakSession();
            AuthorizationProvider provider = keycloakSession.getProvider(AuthorizationProvider.class);
            StoreFactory storeFactory = provider.getStoreFactory();
            PolicyStore policyStore = storeFactory.getPolicyStore();
            ClientModel removedClient = ((ClientRemovedEvent) event).getClient();
            ResourceServerStore resourceServerStore = storeFactory.getResourceServerStore();
            ResourceServer resourceServer = resourceServerStore.findByClient(removedClient);
            if (resourceServer != null) {
                policyStore.findByType(getId(), resourceServer.getId()).forEach(policy -> {
                    List<String> clients = new ArrayList<>();
                    for (String clientId : getClients(policy)) {
                        if (!clientId.equals(removedClient.getId())) {
                            clients.add(clientId);
                        }
                    }
                    try {
                        if (clients.isEmpty()) {
                            policyStore.delete(policy.getId());
                        } else {
                            policy.putConfig("clients", JsonSerialization.writeValueAsString(clients));
                        }
                    } catch (IOException e) {
                        throw new RuntimeException("Error while synchronizing clients with policy [" + policy.getName() + "].", e);
                    }
                });
            }
        }
    });
}
Also used : ClientRemovedEvent(org.keycloak.models.ClientModel.ClientRemovedEvent) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) ArrayList(java.util.ArrayList) IOException(java.io.IOException) StoreFactory(org.keycloak.authorization.store.StoreFactory) ClientModel(org.keycloak.models.ClientModel) ResourceServerStore(org.keycloak.authorization.store.ResourceServerStore) KeycloakSession(org.keycloak.models.KeycloakSession) PolicyStore(org.keycloak.authorization.store.PolicyStore) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Example 45 with ResourceServer

use of org.keycloak.authorization.model.ResourceServer in project keycloak by keycloak.

the class RolePolicyProviderFactory method updateResourceServer.

private void updateResourceServer(ClientModel clientModel, RoleModel removedRole, ResourceServerStore resourceServerStore, PolicyStore policyStore) {
    ResourceServer resourceServer = resourceServerStore.findByClient(clientModel);
    if (resourceServer != null) {
        policyStore.findByType(getId(), resourceServer.getId()).forEach(policy -> {
            List<Map> roles = new ArrayList<>();
            for (Map<String, Object> role : getRoles(policy)) {
                if (!role.get("id").equals(removedRole.getId())) {
                    Map updated = new HashMap();
                    updated.put("id", role.get("id"));
                    Object required = role.get("required");
                    if (required != null) {
                        updated.put("required", required);
                    }
                    roles.add(updated);
                }
            }
            try {
                if (roles.isEmpty()) {
                    policyStore.delete(policy.getId());
                } else {
                    policy.putConfig("roles", JsonSerialization.writeValueAsString(roles));
                }
            } catch (IOException e) {
                throw new RuntimeException("Error while synchronizing roles with policy [" + policy.getName() + "].", e);
            }
        });
    }
}
Also used : HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) IOException(java.io.IOException) ResourceServer(org.keycloak.authorization.model.ResourceServer) HashMap(java.util.HashMap) Map(java.util.Map)

Aggregations

ResourceServer (org.keycloak.authorization.model.ResourceServer)81 Policy (org.keycloak.authorization.model.Policy)50 Resource (org.keycloak.authorization.model.Resource)40 ClientModel (org.keycloak.models.ClientModel)37 Scope (org.keycloak.authorization.model.Scope)30 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)26 StoreFactory (org.keycloak.authorization.store.StoreFactory)21 RealmModel (org.keycloak.models.RealmModel)20 UserModel (org.keycloak.models.UserModel)13 HashSet (java.util.HashSet)12 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)11 Map (java.util.Map)10 DefaultEvaluation (org.keycloak.authorization.policy.evaluation.DefaultEvaluation)10 PolicyProvider (org.keycloak.authorization.policy.provider.PolicyProvider)10 List (java.util.List)9 AdminPermissionManagement (org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)9 ArrayList (java.util.ArrayList)8 Collection (java.util.Collection)8 HashMap (java.util.HashMap)8 ResourcePermission (org.keycloak.authorization.permission.ResourcePermission)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial