Examples with Scope org.keycloak.authorization.model.Scope used on opensource projects

Search in sources :

Example 56 with Scope

use of org.keycloak.authorization.model.Scope in project keycloak by keycloak.

the class ClientPermissions method initialize.

private void initialize(ClientModel client) {
    ResourceServer server = root.findOrCreateResourceServer(client);
    Scope manageScope = manageScope(server);
    if (manageScope == null) {
        manageScope = authz.getStoreFactory().getScopeStore().create(AdminPermissionManagement.MANAGE_SCOPE, server);
    }
    Scope viewScope = viewScope(server);
    if (viewScope == null) {
        viewScope = authz.getStoreFactory().getScopeStore().create(AdminPermissionManagement.VIEW_SCOPE, server);
    }
    Scope mapRoleScope = mapRolesScope(server);
    if (mapRoleScope == null) {
        mapRoleScope = authz.getStoreFactory().getScopeStore().create(MAP_ROLES_SCOPE, server);
    }
    Scope mapRoleClientScope = root.initializeScope(MAP_ROLES_CLIENT_SCOPE, server);
    Scope mapRoleCompositeScope = root.initializeScope(MAP_ROLES_COMPOSITE_SCOPE, server);
    Scope configureScope = root.initializeScope(CONFIGURE_SCOPE, server);
    Scope exchangeToScope = root.initializeScope(TOKEN_EXCHANGE, server);
    String resourceName = getResourceName(client);
    Resource resource = authz.getStoreFactory().getResourceStore().findByName(resourceName, server.getId());
    if (resource == null) {
        resource = authz.getStoreFactory().getResourceStore().create(resourceName, server, server.getId());
        resource.setType("Client");
        Set<Scope> scopeset = new HashSet<>();
        scopeset.add(configureScope);
        scopeset.add(manageScope);
        scopeset.add(viewScope);
        scopeset.add(mapRoleScope);
        scopeset.add(mapRoleClientScope);
        scopeset.add(mapRoleCompositeScope);
        scopeset.add(exchangeToScope);
        resource.updateScopes(scopeset);
    }
    String managePermissionName = getManagePermissionName(client);
    Policy managePermission = authz.getStoreFactory().getPolicyStore().findByName(managePermissionName, server.getId());
    if (managePermission == null) {
        Helper.addEmptyScopePermission(authz, server, managePermissionName, resource, manageScope);
    }
    String configurePermissionName = getConfigurePermissionName(client);
    Policy configurePermission = authz.getStoreFactory().getPolicyStore().findByName(configurePermissionName, server.getId());
    if (configurePermission == null) {
        Helper.addEmptyScopePermission(authz, server, configurePermissionName, resource, configureScope);
    }
    String viewPermissionName = getViewPermissionName(client);
    Policy viewPermission = authz.getStoreFactory().getPolicyStore().findByName(viewPermissionName, server.getId());
    if (viewPermission == null) {
        Helper.addEmptyScopePermission(authz, server, viewPermissionName, resource, viewScope);
    }
    String mapRolePermissionName = getMapRolesPermissionName(client);
    Policy mapRolePermission = authz.getStoreFactory().getPolicyStore().findByName(mapRolePermissionName, server.getId());
    if (mapRolePermission == null) {
        Helper.addEmptyScopePermission(authz, server, mapRolePermissionName, resource, mapRoleScope);
    }
    String mapRoleClientScopePermissionName = getMapRolesClientScopePermissionName(client);
    Policy mapRoleClientScopePermission = authz.getStoreFactory().getPolicyStore().findByName(mapRoleClientScopePermissionName, server.getId());
    if (mapRoleClientScopePermission == null) {
        Helper.addEmptyScopePermission(authz, server, mapRoleClientScopePermissionName, resource, mapRoleClientScope);
    }
    String mapRoleCompositePermissionName = getMapRolesCompositePermissionName(client);
    Policy mapRoleCompositePermission = authz.getStoreFactory().getPolicyStore().findByName(mapRoleCompositePermissionName, server.getId());
    if (mapRoleCompositePermission == null) {
        Helper.addEmptyScopePermission(authz, server, mapRoleCompositePermissionName, resource, mapRoleCompositeScope);
    }
    String exchangeToPermissionName = getExchangeToPermissionName(client);
    Policy exchangeToPermission = authz.getStoreFactory().getPolicyStore().findByName(exchangeToPermissionName, server.getId());
    if (exchangeToPermission == null) {
        Helper.addEmptyScopePermission(authz, server, exchangeToPermissionName, resource, exchangeToScope);
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) Scope(org.keycloak.authorization.model.Scope) Resource(org.keycloak.authorization.model.Resource) ResourceServer(org.keycloak.authorization.model.ResourceServer) HashSet(java.util.HashSet)

Example 57 with Scope

use of org.keycloak.authorization.model.Scope in project keycloak by keycloak.

the class ClientPermissions method canManage.

@Override
public boolean canManage(ClientModel client) {
    if (canManageClientsDefault())
        return true;
    if (!root.isAdminSameRealm()) {
        return false;
    }
    ResourceServer server = resourceServer(client);
    if (server == null)
        return false;
    Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId());
    if (resource == null)
        return false;
    Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getManagePermissionName(client), server.getId());
    if (policy == null) {
        return false;
    }
    Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
    // if no policies attached to permission then just do default behavior
    if (associatedPolicies == null || associatedPolicies.isEmpty()) {
        return false;
    }
    Scope scope = manageScope(server);
    return root.evaluatePermission(resource, server, scope);
}
Also used : Policy(org.keycloak.authorization.model.Policy) Scope(org.keycloak.authorization.model.Scope) Resource(org.keycloak.authorization.model.Resource) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Example 58 with Scope

use of org.keycloak.authorization.model.Scope in project keycloak by keycloak.

the class IdentityProviderPermissions method initialize.

private void initialize(IdentityProviderModel idp) {
    ResourceServer server = root.initializeRealmResourceServer();
    Scope exchangeToScope = root.initializeScope(TOKEN_EXCHANGE, server);
    String resourceName = getResourceName(idp);
    Resource resource = authz.getStoreFactory().getResourceStore().findByName(resourceName, server.getId());
    if (resource == null) {
        resource = authz.getStoreFactory().getResourceStore().create(resourceName, server, server.getId());
        resource.setType("IdentityProvider");
        Set<Scope> scopeset = new HashSet<>();
        scopeset.add(exchangeToScope);
        resource.updateScopes(scopeset);
    }
    String exchangeToPermissionName = getExchangeToPermissionName(idp);
    Policy exchangeToPermission = authz.getStoreFactory().getPolicyStore().findByName(exchangeToPermissionName, server.getId());
    if (exchangeToPermission == null) {
        Helper.addEmptyScopePermission(authz, server, exchangeToPermissionName, resource, exchangeToScope);
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) Scope(org.keycloak.authorization.model.Scope) Resource(org.keycloak.authorization.model.Resource) ResourceServer(org.keycloak.authorization.model.ResourceServer) HashSet(java.util.HashSet)

Example 59 with Scope

use of org.keycloak.authorization.model.Scope in project keycloak by keycloak.

the class RolePermissions method initialize.

private void initialize(RoleModel role) {
    ResourceServer server = resourceServer(role);
    if (server == null) {
        ClientModel client = getRoleClient(role);
        server = root.findOrCreateResourceServer(client);
    }
    Scope mapRoleScope = mapRoleScope(server);
    if (mapRoleScope == null) {
        mapRoleScope = authz.getStoreFactory().getScopeStore().create(MAP_ROLE_SCOPE, server);
    }
    Scope mapClientScope = mapClientScope(server);
    if (mapClientScope == null) {
        mapClientScope = authz.getStoreFactory().getScopeStore().create(MAP_ROLE_CLIENT_SCOPE_SCOPE, server);
    }
    Scope mapCompositeScope = mapCompositeScope(server);
    if (mapCompositeScope == null) {
        mapCompositeScope = authz.getStoreFactory().getScopeStore().create(MAP_ROLE_COMPOSITE_SCOPE, server);
    }
    String roleResourceName = getRoleResourceName(role);
    Resource resource = authz.getStoreFactory().getResourceStore().findByName(roleResourceName, server.getId());
    if (resource == null) {
        resource = authz.getStoreFactory().getResourceStore().create(roleResourceName, server, server.getId());
        Set<Scope> scopeset = new HashSet<>();
        scopeset.add(mapClientScope);
        scopeset.add(mapCompositeScope);
        scopeset.add(mapRoleScope);
        resource.updateScopes(scopeset);
        resource.setType("Role");
    }
    Policy mapRolePermission = mapRolePermission(role);
    if (mapRolePermission == null) {
        mapRolePermission = Helper.addEmptyScopePermission(authz, server, getMapRolePermissionName(role), resource, mapRoleScope);
        mapRolePermission.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
    }
    Policy mapClientScopePermission = mapClientScopePermission(role);
    if (mapClientScopePermission == null) {
        mapClientScopePermission = Helper.addEmptyScopePermission(authz, server, getMapClientScopePermissionName(role), resource, mapClientScope);
        mapClientScopePermission.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
    }
    Policy mapCompositePermission = mapCompositePermission(role);
    if (mapCompositePermission == null) {
        mapCompositePermission = Helper.addEmptyScopePermission(authz, server, getMapCompositePermissionName(role), resource, mapCompositeScope);
        mapCompositePermission.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) ClientModel(org.keycloak.models.ClientModel) Scope(org.keycloak.authorization.model.Scope) Resource(org.keycloak.authorization.model.Resource) ResourceServer(org.keycloak.authorization.model.ResourceServer) HashSet(java.util.HashSet)

Example 60 with Scope

use of org.keycloak.authorization.model.Scope in project keycloak by keycloak.

the class RolePermissions method canMapClientScope.

@Override
public boolean canMapClientScope(RoleModel role) {
    if (root.clients().canManageClientsDefault())
        return true;
    if (!root.isAdminSameRealm()) {
        return false;
    }
    if (role.getContainer() instanceof ClientModel) {
        if (root.clients().canMapClientScopeRoles((ClientModel) role.getContainer()))
            return true;
    }
    if (!isPermissionsEnabled(role)) {
        return false;
    }
    ResourceServer resourceServer = resourceServer(role);
    if (resourceServer == null)
        return false;
    Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getMapClientScopePermissionName(role), resourceServer.getId());
    if (policy == null || policy.getAssociatedPolicies().isEmpty()) {
        return false;
    }
    Resource roleResource = resource(role);
    Scope scope = mapClientScope(resourceServer);
    return root.evaluatePermission(roleResource, resourceServer, scope);
}
Also used : Policy(org.keycloak.authorization.model.Policy) ClientModel(org.keycloak.models.ClientModel) Scope(org.keycloak.authorization.model.Scope) Resource(org.keycloak.authorization.model.Resource) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Aggregations

Scope (org.keycloak.authorization.model.Scope)65 Resource (org.keycloak.authorization.model.Resource)43 ResourceServer (org.keycloak.authorization.model.ResourceServer)39 Policy (org.keycloak.authorization.model.Policy)38 StoreFactory (org.keycloak.authorization.store.StoreFactory)21 HashSet (java.util.HashSet)19 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)19 ArrayList (java.util.ArrayList)18 List (java.util.List)17 ClientModel (org.keycloak.models.ClientModel)17 Map (java.util.Map)16 EnumMap (java.util.EnumMap)14 Collectors (java.util.stream.Collectors)14 PolicyStore (org.keycloak.authorization.store.PolicyStore)14 Collection (java.util.Collection)13 Set (java.util.Set)13 UserModel (org.keycloak.models.UserModel)13 Produces (javax.ws.rs.Produces)12 ResourceStore (org.keycloak.authorization.store.ResourceStore)12 KeycloakSession (org.keycloak.models.KeycloakSession)12
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial