use of org.keycloak.authorization.policy.provider.PolicyProviderFactory in project keycloak by keycloak.
the class ModelToRepresentation method toRepresentation.
public static <R extends AbstractPolicyRepresentation> R toRepresentation(Policy policy, AuthorizationProvider authorization, boolean genericRepresentation, boolean export, boolean allFields) {
PolicyProviderFactory providerFactory = authorization.getProviderFactory(policy.getType());
R representation;
if (genericRepresentation || export) {
representation = (R) new PolicyRepresentation();
PolicyRepresentation.class.cast(representation).setConfig(policy.getConfig());
if (export) {
providerFactory.onExport(policy, PolicyRepresentation.class.cast(representation), authorization);
}
} else {
try {
representation = (R) providerFactory.toRepresentation(policy, authorization);
} catch (Exception cause) {
throw new RuntimeException("Could not create policy [" + policy.getType() + "] representation", cause);
}
}
representation.setId(policy.getId());
representation.setName(policy.getName());
representation.setDescription(policy.getDescription());
representation.setType(policy.getType());
representation.setDecisionStrategy(policy.getDecisionStrategy());
representation.setLogic(policy.getLogic());
if (allFields) {
representation.setResourcesData(policy.getResources().stream().map(resource -> toRepresentation(resource, resource.getResourceServer(), authorization, true)).collect(Collectors.toSet()));
representation.setScopesData(policy.getScopes().stream().map(resource -> toRepresentation(resource)).collect(Collectors.toSet()));
}
return representation;
}
use of org.keycloak.authorization.policy.provider.PolicyProviderFactory in project keycloak by keycloak.
the class UserSynchronizer method removeFromUserPolicies.
private void removeFromUserPolicies(UserRemovedEvent event, AuthorizationProvider authorizationProvider) {
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
PolicyStore policyStore = storeFactory.getPolicyStore();
UserModel userModel = event.getUser();
Map<Policy.FilterOption, String[]> attributes = new EnumMap<>(Policy.FilterOption.class);
attributes.put(Policy.FilterOption.TYPE, new String[] { "user" });
attributes.put(Policy.FilterOption.CONFIG, new String[] { "users", userModel.getId() });
List<Policy> search = policyStore.findByResourceServer(attributes, null, -1, -1);
for (Policy policy : search) {
PolicyProviderFactory policyFactory = authorizationProvider.getProviderFactory(policy.getType());
UserPolicyRepresentation representation = UserPolicyRepresentation.class.cast(policyFactory.toRepresentation(policy, authorizationProvider));
Set<String> users = representation.getUsers();
users.remove(userModel.getId());
if (users.isEmpty()) {
policyFactory.onRemove(policy, authorizationProvider);
policyStore.delete(policy.getId());
} else {
policyFactory.onUpdate(policy, representation, authorizationProvider);
}
}
}
use of org.keycloak.authorization.policy.provider.PolicyProviderFactory in project keycloak by keycloak.
the class GroupSynchronizer method synchronize.
@Override
public void synchronize(GroupModel.GroupRemovedEvent event, KeycloakSessionFactory factory) {
ProviderFactory<AuthorizationProvider> providerFactory = factory.getProviderFactory(AuthorizationProvider.class);
AuthorizationProvider authorizationProvider = providerFactory.create(event.getKeycloakSession());
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
PolicyStore policyStore = storeFactory.getPolicyStore();
GroupModel group = event.getGroup();
Map<Policy.FilterOption, String[]> attributes = new EnumMap<>(Policy.FilterOption.class);
attributes.put(Policy.FilterOption.TYPE, new String[] { "group" });
attributes.put(Policy.FilterOption.CONFIG, new String[] { "groups", group.getId() });
attributes.put(Policy.FilterOption.ANY_OWNER, Policy.FilterOption.EMPTY_FILTER);
List<Policy> search = policyStore.findByResourceServer(attributes, null, -1, -1);
for (Policy policy : search) {
PolicyProviderFactory policyFactory = authorizationProvider.getProviderFactory(policy.getType());
GroupPolicyRepresentation representation = GroupPolicyRepresentation.class.cast(policyFactory.toRepresentation(policy, authorizationProvider));
Set<GroupPolicyRepresentation.GroupDefinition> groups = representation.getGroups();
groups.removeIf(groupDefinition -> groupDefinition.getId().equals(group.getId()));
if (groups.isEmpty()) {
policyFactory.onRemove(policy, authorizationProvider);
policyStore.delete(policy.getId());
} else {
policyFactory.onUpdate(policy, representation, authorizationProvider);
}
}
}
use of org.keycloak.authorization.policy.provider.PolicyProviderFactory in project keycloak by keycloak.
the class PolicyService method getResource.
@Path("{type}")
public Object getResource(@PathParam("type") String type) {
PolicyProviderFactory providerFactory = getPolicyProviderFactory(type);
if (providerFactory != null) {
return doCreatePolicyTypeResource(type);
}
Policy policy = authorization.getStoreFactory().getPolicyStore().findById(type, resourceServer.getId());
return doCreatePolicyResource(policy);
}
use of org.keycloak.authorization.policy.provider.PolicyProviderFactory in project keycloak by keycloak.
the class ClientApplicationSynchronizer method removeFromClientPolicies.
private void removeFromClientPolicies(ClientRemovedEvent event, AuthorizationProvider authorizationProvider) {
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
ResourceServerStore store = storeFactory.getResourceServerStore();
ResourceServer resourceServer = store.findByClient(event.getClient());
if (resourceServer != null) {
storeFactory.getResourceServerStore().delete(event.getClient());
}
Map<Policy.FilterOption, String[]> attributes = new EnumMap<>(Policy.FilterOption.class);
attributes.put(Policy.FilterOption.TYPE, new String[] { "client" });
attributes.put(Policy.FilterOption.CONFIG, new String[] { "clients", event.getClient().getId() });
attributes.put(Policy.FilterOption.ANY_OWNER, Policy.FilterOption.EMPTY_FILTER);
List<Policy> search = storeFactory.getPolicyStore().findByResourceServer(attributes, null, -1, -1);
for (Policy policy : search) {
PolicyProviderFactory policyFactory = authorizationProvider.getProviderFactory(policy.getType());
ClientPolicyRepresentation representation = ClientPolicyRepresentation.class.cast(policyFactory.toRepresentation(policy, authorizationProvider));
Set<String> clients = representation.getClients();
clients.remove(event.getClient().getId());
if (clients.isEmpty()) {
policyFactory.onRemove(policy, authorizationProvider);
authorizationProvider.getStoreFactory().getPolicyStore().delete(policy.getId());
} else {
policyFactory.onUpdate(policy, representation, authorizationProvider);
}
}
}
Aggregations