use of org.keycloak.authorization.model.Scope in project keycloak by keycloak.
the class ExportUtils method exportAuthorizationSettings.
public static ResourceServerRepresentation exportAuthorizationSettings(KeycloakSession session, ClientModel client) {
AuthorizationProviderFactory providerFactory = (AuthorizationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class);
AuthorizationProvider authorization = providerFactory.create(session, client.getRealm());
StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer settingsModel = authorization.getStoreFactory().getResourceServerStore().findByClient(client);
if (settingsModel == null) {
return null;
}
ResourceServerRepresentation representation = toRepresentation(settingsModel, client);
representation.setId(null);
representation.setName(null);
representation.setClientId(null);
List<ResourceRepresentation> resources = storeFactory.getResourceStore().findByResourceServer(settingsModel.getId()).stream().map(resource -> {
ResourceRepresentation rep = toRepresentation(resource, settingsModel.getId(), authorization);
if (rep.getOwner().getId().equals(settingsModel.getId())) {
rep.setOwner((ResourceOwnerRepresentation) null);
} else {
rep.getOwner().setId(null);
}
rep.getScopes().forEach(scopeRepresentation -> {
scopeRepresentation.setId(null);
scopeRepresentation.setIconUri(null);
});
return rep;
}).collect(Collectors.toList());
representation.setResources(resources);
List<PolicyRepresentation> policies = new ArrayList<>();
PolicyStore policyStore = storeFactory.getPolicyStore();
policies.addAll(policyStore.findByResourceServer(settingsModel.getId()).stream().filter(policy -> !policy.getType().equals("resource") && !policy.getType().equals("scope") && policy.getOwner() == null).map(policy -> createPolicyRepresentation(authorization, policy)).collect(Collectors.toList()));
policies.addAll(policyStore.findByResourceServer(settingsModel.getId()).stream().filter(policy -> (policy.getType().equals("resource") || policy.getType().equals("scope") && policy.getOwner() == null)).map(policy -> createPolicyRepresentation(authorization, policy)).collect(Collectors.toList()));
representation.setPolicies(policies);
List<ScopeRepresentation> scopes = storeFactory.getScopeStore().findByResourceServer(settingsModel.getId()).stream().map(scope -> {
ScopeRepresentation rep = toRepresentation(scope);
rep.setPolicies(null);
rep.setResources(null);
return rep;
}).collect(Collectors.toList());
representation.setScopes(scopes);
return representation;
}
use of org.keycloak.authorization.model.Scope in project keycloak by keycloak.
the class JPAScopeStore method findByResourceServer.
@Override
public List<Scope> findByResourceServer(Map<Scope.FilterOption, String[]> attributes, String resourceServerId, int firstResult, int maxResult) {
CriteriaBuilder builder = entityManager.getCriteriaBuilder();
CriteriaQuery<ScopeEntity> querybuilder = builder.createQuery(ScopeEntity.class);
Root<ScopeEntity> root = querybuilder.from(ScopeEntity.class);
querybuilder.select(root.get("id"));
List<Predicate> predicates = new ArrayList();
predicates.add(builder.equal(root.get("resourceServer").get("id"), resourceServerId));
attributes.forEach((filterOption, value) -> {
switch(filterOption) {
case ID:
predicates.add(root.get(filterOption.getName()).in(value));
break;
case NAME:
predicates.add(builder.like(builder.lower(root.get(filterOption.getName())), "%" + value[0].toLowerCase() + "%"));
break;
default:
throw new IllegalArgumentException("Unsupported filter [" + filterOption + "]");
}
});
querybuilder.where(predicates.toArray(new Predicate[predicates.size()])).orderBy(builder.asc(root.get("name")));
TypedQuery query = entityManager.createQuery(querybuilder);
List result = paginateQuery(query, firstResult, maxResult).getResultList();
List<Scope> list = new LinkedList<>();
for (Object id : result) {
list.add(provider.getStoreFactory().getScopeStore().findById((String) id, resourceServerId));
}
return list;
}
use of org.keycloak.authorization.model.Scope in project keycloak by keycloak.
the class ResourceAdapter method updateScopes.
@Override
public void updateScopes(Set<Scope> toUpdate) {
throwExceptionIfReadonly();
Set<String> ids = new HashSet<>();
for (Scope scope : toUpdate) {
ids.add(scope.getId());
}
Iterator<ScopeEntity> it = entity.getScopes().iterator();
while (it.hasNext()) {
ScopeEntity next = it.next();
if (!ids.contains(next.getId()))
it.remove();
else
ids.remove(next.getId());
}
for (String addId : ids) {
entity.getScopes().add(em.getReference(ScopeEntity.class, addId));
}
}
use of org.keycloak.authorization.model.Scope in project keycloak by keycloak.
the class AccountFormService method grantPermission.
@Path("resource/{resource_id}/grant")
@POST
public Response grantPermission(@PathParam("resource_id") String resourceId, @FormParam("action") String action, @FormParam("permission_id") String[] permissionId, @FormParam("requester") String requester) {
MultivaluedMap<String, String> formData = request.getDecodedFormParameters();
if (auth == null) {
return login("resource");
}
auth.require(AccountRoles.MANAGE_ACCOUNT);
csrfCheck(formData);
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
PermissionTicketStore ticketStore = authorization.getStoreFactory().getPermissionTicketStore();
Resource resource = authorization.getStoreFactory().getResourceStore().findById(resourceId, null);
if (resource == null) {
return ErrorResponse.error("Invalid resource", Response.Status.BAD_REQUEST);
}
if (action == null) {
return ErrorResponse.error("Invalid action", Response.Status.BAD_REQUEST);
}
boolean isGrant = "grant".equals(action);
boolean isDeny = "deny".equals(action);
boolean isRevoke = "revoke".equals(action);
boolean isRevokePolicy = "revokePolicy".equals(action);
boolean isRevokePolicyAll = "revokePolicyAll".equals(action);
if (isRevokePolicy || isRevokePolicyAll) {
List<String> ids = new ArrayList<>(Arrays.asList(permissionId));
Iterator<String> iterator = ids.iterator();
PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
Policy policy = null;
while (iterator.hasNext()) {
String id = iterator.next();
if (!id.contains(":")) {
policy = policyStore.findById(id, client.getId());
iterator.remove();
break;
}
}
Set<Scope> scopesToKeep = new HashSet<>();
if (isRevokePolicyAll) {
for (Scope scope : policy.getScopes()) {
policy.removeScope(scope);
}
} else {
for (String id : ids) {
scopesToKeep.add(authorization.getStoreFactory().getScopeStore().findById(id.split(":")[1], client.getId()));
}
for (Scope scope : policy.getScopes()) {
if (!scopesToKeep.contains(scope)) {
policy.removeScope(scope);
}
}
}
if (policy.getScopes().isEmpty()) {
for (Policy associated : policy.getAssociatedPolicies()) {
policyStore.delete(associated.getId());
}
policyStore.delete(policy.getId());
}
} else {
Map<PermissionTicket.FilterOption, String> filters = new EnumMap<>(PermissionTicket.FilterOption.class);
filters.put(PermissionTicket.FilterOption.RESOURCE_ID, resource.getId());
filters.put(PermissionTicket.FilterOption.REQUESTER, session.users().getUserByUsername(realm, requester).getId());
if (isRevoke) {
filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString());
} else {
filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.FALSE.toString());
}
List<PermissionTicket> tickets = ticketStore.find(filters, resource.getResourceServer(), -1, -1);
Iterator<PermissionTicket> iterator = tickets.iterator();
while (iterator.hasNext()) {
PermissionTicket ticket = iterator.next();
if (isGrant) {
if (permissionId != null && permissionId.length > 0 && !Arrays.asList(permissionId).contains(ticket.getId())) {
continue;
}
}
if (isGrant && !ticket.isGranted()) {
ticket.setGrantedTimestamp(System.currentTimeMillis());
iterator.remove();
} else if (isDeny || isRevoke) {
if (permissionId != null && permissionId.length > 0 && Arrays.asList(permissionId).contains(ticket.getId())) {
iterator.remove();
}
}
}
for (PermissionTicket ticket : tickets) {
ticketStore.delete(ticket.getId());
}
}
if (isRevoke || isRevokePolicy || isRevokePolicyAll) {
return forwardToPage("resource", AccountPages.RESOURCE_DETAIL);
}
return forwardToPage("resource", AccountPages.RESOURCES);
}
use of org.keycloak.authorization.model.Scope in project keycloak by keycloak.
the class ResourceSetService method getPermissions.
@Path("{id}/permissions")
@GET
@NoCache
@Produces("application/json")
public Response getPermissions(@PathParam("id") String id) {
requireView();
StoreFactory storeFactory = authorization.getStoreFactory();
ResourceStore resourceStore = storeFactory.getResourceStore();
Resource model = resourceStore.findById(id, resourceServer.getId());
if (model == null) {
return Response.status(Status.NOT_FOUND).build();
}
PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
Set<Policy> policies = new HashSet<>();
policies.addAll(policyStore.findByResource(model.getId(), resourceServer.getId()));
if (model.getType() != null) {
policies.addAll(policyStore.findByResourceType(model.getType(), resourceServer.getId()));
Map<Resource.FilterOption, String[]> resourceFilter = new EnumMap<>(Resource.FilterOption.class);
resourceFilter.put(Resource.FilterOption.OWNER, new String[] { resourceServer.getId() });
resourceFilter.put(Resource.FilterOption.TYPE, new String[] { model.getType() });
for (Resource resourceType : resourceStore.findByResourceServer(resourceFilter, resourceServer.getId(), -1, -1)) {
policies.addAll(policyStore.findByResource(resourceType.getId(), resourceServer.getId()));
}
}
policies.addAll(policyStore.findByScopeIds(model.getScopes().stream().map(scope -> scope.getId()).collect(Collectors.toList()), id, resourceServer.getId()));
policies.addAll(policyStore.findByScopeIds(model.getScopes().stream().map(scope -> scope.getId()).collect(Collectors.toList()), null, resourceServer.getId()));
List<PolicyRepresentation> representation = new ArrayList<>();
for (Policy policyModel : policies) {
if (!"uma".equalsIgnoreCase(policyModel.getType())) {
PolicyRepresentation policy = new PolicyRepresentation();
policy.setId(policyModel.getId());
policy.setName(policyModel.getName());
policy.setType(policyModel.getType());
if (!representation.contains(policy)) {
representation.add(policy);
}
}
}
return Response.ok(representation).build();
}
Aggregations