Example 61 with Scope
use of org.keycloak.authorization.model.Scope in project keycloak by keycloak.
the class RolePermissions method canMapComposite.
@Override
public boolean canMapComposite(RoleModel role) {
if (canManageDefault(role))
return checkAdminRoles(role);
if (!root.isAdminSameRealm()) {
return false;
}
if (role.getContainer() instanceof ClientModel) {
if (root.clients().canMapCompositeRoles((ClientModel) role.getContainer()))
return true;
}
if (!isPermissionsEnabled(role)) {
return false;
}
ResourceServer resourceServer = resourceServer(role);
if (resourceServer == null)
return false;
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getMapCompositePermissionName(role), resourceServer.getId());
if (policy == null || policy.getAssociatedPolicies().isEmpty()) {
return false;
}
Resource roleResource = resource(role);
Scope scope = mapCompositeScope(resourceServer);
if (root.evaluatePermission(roleResource, resourceServer, scope)) {
return checkAdminRoles(role);
} else {
return false;
}
}
Also used :
Policy(org.keycloak.authorization.model.Policy)
ClientModel(org.keycloak.models.ClientModel)
Scope(org.keycloak.authorization.model.Scope)
Resource(org.keycloak.authorization.model.Resource)
ResourceServer(org.keycloak.authorization.model.ResourceServer)
Example 62 with Scope
use of org.keycloak.authorization.model.Scope in project keycloak by keycloak.
the class MgmtPermissions method initializeRealmScope.
public Scope initializeRealmScope(String name) {
ResourceServer server = initializeRealmResourceServer();
Scope scope = authz.getStoreFactory().getScopeStore().findByName(name, server.getId());
if (scope == null) {
scope = authz.getStoreFactory().getScopeStore().create(name, server);
}
return scope;
}
Also used :
Scope(org.keycloak.authorization.model.Scope)
ResourceServer(org.keycloak.authorization.model.ResourceServer)
Example 63 with Scope
use of org.keycloak.authorization.model.Scope in project keycloak by keycloak.
the class RepresentationToModel method updateScopes.
private static void updateScopes(Set<String> scopeIds, Policy policy, StoreFactory storeFactory) {
if (scopeIds != null) {
if (scopeIds.isEmpty()) {
for (Scope scope : new HashSet<Scope>(policy.getScopes())) {
policy.removeScope(scope);
}
return;
}
for (String scopeId : scopeIds) {
boolean hasScope = false;
for (Scope scopeModel : new HashSet<Scope>(policy.getScopes())) {
if (scopeModel.getId().equals(scopeId) || scopeModel.getName().equals(scopeId)) {
hasScope = true;
}
}
if (!hasScope) {
ResourceServer resourceServer = policy.getResourceServer();
Scope scope = storeFactory.getScopeStore().findById(scopeId, resourceServer.getId());
if (scope == null) {
scope = storeFactory.getScopeStore().findByName(scopeId, resourceServer.getId());
if (scope == null) {
throw new RuntimeException("Scope with id or name [" + scopeId + "] does not exist");
}
}
policy.addScope(scope);
}
}
for (Scope scopeModel : new HashSet<Scope>(policy.getScopes())) {
boolean hasScope = false;
for (String scopeId : scopeIds) {
if (scopeModel.getId().equals(scopeId) || scopeModel.getName().equals(scopeId)) {
hasScope = true;
}
}
if (!hasScope) {
policy.removeScope(scopeModel);
}
}
}
policy.removeConfig("scopes");
}
Also used :
Scope(org.keycloak.authorization.model.Scope)
ArtifactBindingUtils.computeArtifactBindingIdentifierString(org.keycloak.protocol.saml.util.ArtifactBindingUtils.computeArtifactBindingIdentifierString)
ResourceServer(org.keycloak.authorization.model.ResourceServer)
HashSet(java.util.HashSet)
Example 64 with Scope
use of org.keycloak.authorization.model.Scope in project keycloak by keycloak.
the class RepresentationToModel method toModel.
public static Scope toModel(ScopeRepresentation scope, ResourceServer resourceServer, AuthorizationProvider authorization, boolean updateIfExists) {
StoreFactory storeFactory = authorization.getStoreFactory();
ScopeStore scopeStore = storeFactory.getScopeStore();
Scope existing;
if (scope.getId() != null) {
existing = scopeStore.findById(scope.getId(), resourceServer.getId());
} else {
existing = scopeStore.findByName(scope.getName(), resourceServer.getId());
}
if (existing != null) {
if (updateIfExists) {
existing.setName(scope.getName());
existing.setDisplayName(scope.getDisplayName());
existing.setIconUri(scope.getIconUri());
}
return existing;
}
Scope model = scopeStore.create(scope.getId(), scope.getName(), resourceServer);
model.setDisplayName(scope.getDisplayName());
model.setIconUri(scope.getIconUri());
scope.setId(model.getId());
return model;
}
Also used :
Scope(org.keycloak.authorization.model.Scope)
ScopeStore(org.keycloak.authorization.store.ScopeStore)
StoreFactory(org.keycloak.authorization.store.StoreFactory)
Example 65 with Scope
use of org.keycloak.authorization.model.Scope in project keycloak by keycloak.
the class ModelToRepresentation method toRepresentation.
public static PermissionTicketRepresentation toRepresentation(PermissionTicket ticket, AuthorizationProvider authorization, boolean returnNames) {
PermissionTicketRepresentation representation = new PermissionTicketRepresentation();
representation.setId(ticket.getId());
representation.setGranted(ticket.isGranted());
representation.setOwner(ticket.getOwner());
representation.setRequester(ticket.getRequester());
Resource resource = ticket.getResource();
representation.setResource(resource.getId());
if (returnNames) {
representation.setResourceName(resource.getName());
KeycloakSession keycloakSession = authorization.getKeycloakSession();
RealmModel realm = authorization.getRealm();
UserModel userOwner = keycloakSession.users().getUserById(realm, ticket.getOwner());
UserModel requester = keycloakSession.users().getUserById(realm, ticket.getRequester());
representation.setRequesterName(requester.getUsername());
if (userOwner != null) {
representation.setOwnerName(userOwner.getUsername());
} else {
ClientModel clientOwner = realm.getClientById(ticket.getOwner());
representation.setOwnerName(clientOwner.getClientId());
}
}
Scope scope = ticket.getScope();
if (scope != null) {
representation.setScope(scope.getId());
if (returnNames) {
representation.setScopeName(scope.getName());
}
}
return representation;
}Aggregations
Scope (org.keycloak.authorization.model.Scope)65
Resource (org.keycloak.authorization.model.Resource)43
ResourceServer (org.keycloak.authorization.model.ResourceServer)39
Policy (org.keycloak.authorization.model.Policy)38
StoreFactory (org.keycloak.authorization.store.StoreFactory)21
HashSet (java.util.HashSet)19
AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)19
ArrayList (java.util.ArrayList)18
List (java.util.List)17
ClientModel (org.keycloak.models.ClientModel)17
Map (java.util.Map)16
EnumMap (java.util.EnumMap)14
Collectors (java.util.stream.Collectors)14
PolicyStore (org.keycloak.authorization.store.PolicyStore)14
Collection (java.util.Collection)13
Set (java.util.Set)13
UserModel (org.keycloak.models.UserModel)13
Produces (javax.ws.rs.Produces)12
ResourceStore (org.keycloak.authorization.store.ResourceStore)12
KeycloakSession (org.keycloak.models.KeycloakSession)12
