Search in sources :

Example 1 with PolicyProviderFactory

use of org.keycloak.authorization.policy.provider.PolicyProviderFactory in project keycloak by keycloak.

the class ModelToRepresentation method toRepresentation.

public static <R extends AbstractPolicyRepresentation> R toRepresentation(Policy policy, AuthorizationProvider authorization, boolean genericRepresentation, boolean export, boolean allFields) {
    PolicyProviderFactory providerFactory = authorization.getProviderFactory(policy.getType());
    R representation;
    if (genericRepresentation || export) {
        representation = (R) new PolicyRepresentation();
        PolicyRepresentation.class.cast(representation).setConfig(policy.getConfig());
        if (export) {
            providerFactory.onExport(policy, PolicyRepresentation.class.cast(representation), authorization);
        }
    } else {
        try {
            representation = (R) providerFactory.toRepresentation(policy, authorization);
        } catch (Exception cause) {
            throw new RuntimeException("Could not create policy [" + policy.getType() + "] representation", cause);
        }
    }
    representation.setId(policy.getId());
    representation.setName(policy.getName());
    representation.setDescription(policy.getDescription());
    representation.setType(policy.getType());
    representation.setDecisionStrategy(policy.getDecisionStrategy());
    representation.setLogic(policy.getLogic());
    if (allFields) {
        representation.setResourcesData(policy.getResources().stream().map(resource -> toRepresentation(resource, resource.getResourceServer(), authorization, true)).collect(Collectors.toSet()));
        representation.setScopesData(policy.getScopes().stream().map(resource -> toRepresentation(resource)).collect(Collectors.toSet()));
    }
    return representation;
}
Also used : PolicyProviderFactory(org.keycloak.authorization.policy.provider.PolicyProviderFactory)

Example 2 with PolicyProviderFactory

use of org.keycloak.authorization.policy.provider.PolicyProviderFactory in project keycloak by keycloak.

the class UserSynchronizer method removeFromUserPolicies.

private void removeFromUserPolicies(UserRemovedEvent event, AuthorizationProvider authorizationProvider) {
    StoreFactory storeFactory = authorizationProvider.getStoreFactory();
    PolicyStore policyStore = storeFactory.getPolicyStore();
    UserModel userModel = event.getUser();
    Map<Policy.FilterOption, String[]> attributes = new EnumMap<>(Policy.FilterOption.class);
    attributes.put(Policy.FilterOption.TYPE, new String[] { "user" });
    attributes.put(Policy.FilterOption.CONFIG, new String[] { "users", userModel.getId() });
    List<Policy> search = policyStore.findByResourceServer(attributes, null, -1, -1);
    for (Policy policy : search) {
        PolicyProviderFactory policyFactory = authorizationProvider.getProviderFactory(policy.getType());
        UserPolicyRepresentation representation = UserPolicyRepresentation.class.cast(policyFactory.toRepresentation(policy, authorizationProvider));
        Set<String> users = representation.getUsers();
        users.remove(userModel.getId());
        if (users.isEmpty()) {
            policyFactory.onRemove(policy, authorizationProvider);
            policyStore.delete(policy.getId());
        } else {
            policyFactory.onUpdate(policy, representation, authorizationProvider);
        }
    }
}
Also used : UserModel(org.keycloak.models.UserModel) Policy(org.keycloak.authorization.model.Policy) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) PolicyProviderFactory(org.keycloak.authorization.policy.provider.PolicyProviderFactory) PolicyStore(org.keycloak.authorization.store.PolicyStore) StoreFactory(org.keycloak.authorization.store.StoreFactory) EnumMap(java.util.EnumMap)

Example 3 with PolicyProviderFactory

use of org.keycloak.authorization.policy.provider.PolicyProviderFactory in project keycloak by keycloak.

the class GroupSynchronizer method synchronize.

@Override
public void synchronize(GroupModel.GroupRemovedEvent event, KeycloakSessionFactory factory) {
    ProviderFactory<AuthorizationProvider> providerFactory = factory.getProviderFactory(AuthorizationProvider.class);
    AuthorizationProvider authorizationProvider = providerFactory.create(event.getKeycloakSession());
    StoreFactory storeFactory = authorizationProvider.getStoreFactory();
    PolicyStore policyStore = storeFactory.getPolicyStore();
    GroupModel group = event.getGroup();
    Map<Policy.FilterOption, String[]> attributes = new EnumMap<>(Policy.FilterOption.class);
    attributes.put(Policy.FilterOption.TYPE, new String[] { "group" });
    attributes.put(Policy.FilterOption.CONFIG, new String[] { "groups", group.getId() });
    attributes.put(Policy.FilterOption.ANY_OWNER, Policy.FilterOption.EMPTY_FILTER);
    List<Policy> search = policyStore.findByResourceServer(attributes, null, -1, -1);
    for (Policy policy : search) {
        PolicyProviderFactory policyFactory = authorizationProvider.getProviderFactory(policy.getType());
        GroupPolicyRepresentation representation = GroupPolicyRepresentation.class.cast(policyFactory.toRepresentation(policy, authorizationProvider));
        Set<GroupPolicyRepresentation.GroupDefinition> groups = representation.getGroups();
        groups.removeIf(groupDefinition -> groupDefinition.getId().equals(group.getId()));
        if (groups.isEmpty()) {
            policyFactory.onRemove(policy, authorizationProvider);
            policyStore.delete(policy.getId());
        } else {
            policyFactory.onUpdate(policy, representation, authorizationProvider);
        }
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) PolicyProviderFactory(org.keycloak.authorization.policy.provider.PolicyProviderFactory) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) GroupModel(org.keycloak.models.GroupModel) StoreFactory(org.keycloak.authorization.store.StoreFactory) GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation) PolicyStore(org.keycloak.authorization.store.PolicyStore) EnumMap(java.util.EnumMap)

Example 4 with PolicyProviderFactory

use of org.keycloak.authorization.policy.provider.PolicyProviderFactory in project keycloak by keycloak.

the class PolicyService method getResource.

@Path("{type}")
public Object getResource(@PathParam("type") String type) {
    PolicyProviderFactory providerFactory = getPolicyProviderFactory(type);
    if (providerFactory != null) {
        return doCreatePolicyTypeResource(type);
    }
    Policy policy = authorization.getStoreFactory().getPolicyStore().findById(type, resourceServer.getId());
    return doCreatePolicyResource(policy);
}
Also used : Policy(org.keycloak.authorization.model.Policy) PolicyProviderFactory(org.keycloak.authorization.policy.provider.PolicyProviderFactory) Path(javax.ws.rs.Path)

Example 5 with PolicyProviderFactory

use of org.keycloak.authorization.policy.provider.PolicyProviderFactory in project keycloak by keycloak.

the class ClientApplicationSynchronizer method removeFromClientPolicies.

private void removeFromClientPolicies(ClientRemovedEvent event, AuthorizationProvider authorizationProvider) {
    StoreFactory storeFactory = authorizationProvider.getStoreFactory();
    ResourceServerStore store = storeFactory.getResourceServerStore();
    ResourceServer resourceServer = store.findByClient(event.getClient());
    if (resourceServer != null) {
        storeFactory.getResourceServerStore().delete(event.getClient());
    }
    Map<Policy.FilterOption, String[]> attributes = new EnumMap<>(Policy.FilterOption.class);
    attributes.put(Policy.FilterOption.TYPE, new String[] { "client" });
    attributes.put(Policy.FilterOption.CONFIG, new String[] { "clients", event.getClient().getId() });
    attributes.put(Policy.FilterOption.ANY_OWNER, Policy.FilterOption.EMPTY_FILTER);
    List<Policy> search = storeFactory.getPolicyStore().findByResourceServer(attributes, null, -1, -1);
    for (Policy policy : search) {
        PolicyProviderFactory policyFactory = authorizationProvider.getProviderFactory(policy.getType());
        ClientPolicyRepresentation representation = ClientPolicyRepresentation.class.cast(policyFactory.toRepresentation(policy, authorizationProvider));
        Set<String> clients = representation.getClients();
        clients.remove(event.getClient().getId());
        if (clients.isEmpty()) {
            policyFactory.onRemove(policy, authorizationProvider);
            authorizationProvider.getStoreFactory().getPolicyStore().delete(policy.getId());
        } else {
            policyFactory.onUpdate(policy, representation, authorizationProvider);
        }
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) ResourceServerStore(org.keycloak.authorization.store.ResourceServerStore) PolicyProviderFactory(org.keycloak.authorization.policy.provider.PolicyProviderFactory) StoreFactory(org.keycloak.authorization.store.StoreFactory) ResourceServer(org.keycloak.authorization.model.ResourceServer) EnumMap(java.util.EnumMap)

Aggregations

PolicyProviderFactory (org.keycloak.authorization.policy.provider.PolicyProviderFactory)8 StoreFactory (org.keycloak.authorization.store.StoreFactory)5 Policy (org.keycloak.authorization.model.Policy)4 EnumMap (java.util.EnumMap)3 PolicyStore (org.keycloak.authorization.store.PolicyStore)3 IOException (java.io.IOException)2 AbstractPolicyRepresentation (org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation)2 HashSet (java.util.HashSet)1 Set (java.util.Set)1 DELETE (javax.ws.rs.DELETE)1 Path (javax.ws.rs.Path)1 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)1 ResourceServer (org.keycloak.authorization.model.ResourceServer)1 ResourceServerStore (org.keycloak.authorization.store.ResourceServerStore)1 GroupModel (org.keycloak.models.GroupModel)1 UserModel (org.keycloak.models.UserModel)1 ArtifactBindingUtils.computeArtifactBindingIdentifierString (org.keycloak.protocol.saml.util.ArtifactBindingUtils.computeArtifactBindingIdentifierString)1 ClientPolicyRepresentation (org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)1 GroupPolicyRepresentation (org.keycloak.representations.idm.authorization.GroupPolicyRepresentation)1 PolicyRepresentation (org.keycloak.representations.idm.authorization.PolicyRepresentation)1