Examples with PermissionTicketStore org.keycloak.authorization.store.PermissionTicketStore used on opensource projects

Search in sources :

Example 1 with PermissionTicketStore

use of org.keycloak.authorization.store.PermissionTicketStore in project keycloak by keycloak.

the class AuthorizationProvider method createResourceStoreWrapper.

private ResourceStore createResourceStoreWrapper(StoreFactory storeFactory) {
    return new ResourceStore() {

        ResourceStore delegate = storeFactory.getResourceStore();

        @Override
        public Resource create(String name, ResourceServer resourceServer, String owner) {
            return delegate.create(name, resourceServer, owner);
        }

        @Override
        public Resource create(String id, String name, ResourceServer resourceServer, String owner) {
            return delegate.create(id, name, resourceServer, owner);
        }

        @Override
        public void delete(String id) {
            Resource resource = findById(id, null);
            StoreFactory storeFactory = AuthorizationProvider.this.getStoreFactory();
            PermissionTicketStore ticketStore = storeFactory.getPermissionTicketStore();
            List<PermissionTicket> permissions = ticketStore.findByResource(id, resource.getResourceServer());
            for (PermissionTicket permission : permissions) {
                ticketStore.delete(permission.getId());
            }
            PolicyStore policyStore = storeFactory.getPolicyStore();
            List<Policy> policies = policyStore.findByResource(id, resource.getResourceServer());
            for (Policy policyModel : policies) {
                if (policyModel.getResources().size() == 1) {
                    policyStore.delete(policyModel.getId());
                } else {
                    policyModel.removeResource(resource);
                }
            }
            delegate.delete(id);
        }

        @Override
        public Resource findById(String id, String resourceServerId) {
            return delegate.findById(id, resourceServerId);
        }

        @Override
        public List<Resource> findByOwner(String ownerId, String resourceServerId) {
            return delegate.findByOwner(ownerId, resourceServerId);
        }

        @Override
        public void findByOwner(String ownerId, String resourceServerId, Consumer<Resource> consumer) {
            delegate.findByOwner(ownerId, resourceServerId, consumer);
        }

        @Override
        public List<Resource> findByOwner(String ownerId, String resourceServerId, int first, int max) {
            return delegate.findByOwner(ownerId, resourceServerId, first, max);
        }

        @Override
        public List<Resource> findByUri(String uri, String resourceServerId) {
            return delegate.findByUri(uri, resourceServerId);
        }

        @Override
        public List<Resource> findByResourceServer(String resourceServerId) {
            return delegate.findByResourceServer(resourceServerId);
        }

        @Override
        public List<Resource> findByResourceServer(Map<Resource.FilterOption, String[]> attributes, String resourceServerId, int firstResult, int maxResult) {
            return delegate.findByResourceServer(attributes, resourceServerId, firstResult, maxResult);
        }

        @Override
        public List<Resource> findByScope(List<String> id, String resourceServerId) {
            return delegate.findByScope(id, resourceServerId);
        }

        @Override
        public void findByScope(List<String> scopes, String resourceServerId, Consumer<Resource> consumer) {
            delegate.findByScope(scopes, resourceServerId, consumer);
        }

        @Override
        public Resource findByName(String name, String resourceServerId) {
            return delegate.findByName(name, resourceServerId);
        }

        @Override
        public Resource findByName(String name, String ownerId, String resourceServerId) {
            return delegate.findByName(name, ownerId, resourceServerId);
        }

        @Override
        public List<Resource> findByType(String type, String resourceServerId) {
            return delegate.findByType(type, resourceServerId);
        }

        @Override
        public void findByType(String type, String resourceServerId, Consumer<Resource> consumer) {
            delegate.findByType(type, resourceServerId, consumer);
        }

        @Override
        public void findByType(String type, String owner, String resourceServerId, Consumer<Resource> consumer) {
            delegate.findByType(type, owner, resourceServerId, consumer);
        }

        @Override
        public List<Resource> findByType(String type, String owner, String resourceServerId) {
            return delegate.findByType(type, resourceServerId);
        }

        @Override
        public List<Resource> findByTypeInstance(String type, String resourceServerId) {
            return delegate.findByTypeInstance(type, resourceServerId);
        }

        @Override
        public void findByTypeInstance(String type, String resourceServerId, Consumer<Resource> consumer) {
            delegate.findByTypeInstance(type, resourceServerId, consumer);
        }
    };
}
Also used : Policy(org.keycloak.authorization.model.Policy) PermissionTicket(org.keycloak.authorization.model.PermissionTicket) Resource(org.keycloak.authorization.model.Resource) ResourceStore(org.keycloak.authorization.store.ResourceStore) StoreFactory(org.keycloak.authorization.store.StoreFactory) Consumer(java.util.function.Consumer) PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore) PolicyStore(org.keycloak.authorization.store.PolicyStore) List(java.util.List) ResourceServer(org.keycloak.authorization.model.ResourceServer) Map(java.util.Map)

Example 2 with PermissionTicketStore

use of org.keycloak.authorization.store.PermissionTicketStore in project keycloak by keycloak.

the class AuthorizationBean method getSharedResources.

public Collection<ResourceBean> getSharedResources() {
    if (userSharedResources == null) {
        Map<PermissionTicket.FilterOption, String> filters = new EnumMap<>(PermissionTicket.FilterOption.class);
        filters.put(PermissionTicket.FilterOption.REQUESTER, user.getId());
        filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString());
        PermissionTicketStore ticketStore = authorization.getStoreFactory().getPermissionTicketStore();
        userSharedResources = toResourceRepresentation(ticketStore.find(filters, null, -1, -1));
    }
    return userSharedResources;
}
Also used : PermissionTicket(org.keycloak.authorization.model.PermissionTicket) PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore) EnumMap(java.util.EnumMap)

Example 3 with PermissionTicketStore

use of org.keycloak.authorization.store.PermissionTicketStore in project keycloak by keycloak.

the class RepresentationToModel method toModel.

public static PermissionTicket toModel(PermissionTicketRepresentation representation, String resourceServerId, AuthorizationProvider authorization) {
    PermissionTicketStore ticketStore = authorization.getStoreFactory().getPermissionTicketStore();
    PermissionTicket ticket = ticketStore.findById(representation.getId(), resourceServerId);
    boolean granted = representation.isGranted();
    if (granted && !ticket.isGranted()) {
        ticket.setGrantedTimestamp(System.currentTimeMillis());
    } else if (!granted) {
        ticketStore.delete(ticket.getId());
    }
    return ticket;
}
Also used : PermissionTicket(org.keycloak.authorization.model.PermissionTicket) PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore)

Example 4 with PermissionTicketStore

use of org.keycloak.authorization.store.PermissionTicketStore in project keycloak by keycloak.

the class UserSynchronizer method removeFromUserPermissionTickets.

private void removeFromUserPermissionTickets(UserRemovedEvent event, AuthorizationProvider authorizationProvider) {
    StoreFactory storeFactory = authorizationProvider.getStoreFactory();
    PermissionTicketStore ticketStore = storeFactory.getPermissionTicketStore();
    UserModel userModel = event.getUser();
    Map<PermissionTicket.FilterOption, String> attributes = new EnumMap<>(PermissionTicket.FilterOption.class);
    attributes.put(PermissionTicket.FilterOption.OWNER, userModel.getId());
    for (PermissionTicket ticket : ticketStore.find(attributes, null, -1, -1)) {
        ticketStore.delete(ticket.getId());
    }
    attributes.clear();
    attributes.put(PermissionTicket.FilterOption.REQUESTER, userModel.getId());
    for (PermissionTicket ticket : ticketStore.find(attributes, null, -1, -1)) {
        ticketStore.delete(ticket.getId());
    }
}
Also used : UserModel(org.keycloak.models.UserModel) PermissionTicket(org.keycloak.authorization.model.PermissionTicket) PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore) StoreFactory(org.keycloak.authorization.store.StoreFactory) EnumMap(java.util.EnumMap)

Example 5 with PermissionTicketStore

use of org.keycloak.authorization.store.PermissionTicketStore in project keycloak by keycloak.

the class PermissionTicketService method delete.

@Path("{id}")
@DELETE
@Consumes("application/json")
public Response delete(@PathParam("id") String id) {
    if (id == null) {
        throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "invalid_ticket", Response.Status.BAD_REQUEST);
    }
    PermissionTicketStore ticketStore = authorization.getStoreFactory().getPermissionTicketStore();
    PermissionTicket ticket = ticketStore.findById(id, resourceServer.getId());
    if (ticket == null) {
        throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "invalid_ticket", Response.Status.BAD_REQUEST);
    }
    if (!ticket.getOwner().equals(this.identity.getId()) && !this.identity.isResourceServer() && !ticket.getRequester().equals(this.identity.getId()))
        throw new ErrorResponseException("not_authorised", "permissions for [" + ticket.getResource() + "] can be deleted only by the owner, the requester, or the resource server", Response.Status.FORBIDDEN);
    ticketStore.delete(id);
    return Response.noContent().build();
}
Also used : PermissionTicket(org.keycloak.authorization.model.PermissionTicket) PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore) ErrorResponseException(org.keycloak.services.ErrorResponseException) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE) Consumes(javax.ws.rs.Consumes)

Aggregations

PermissionTicketStore (org.keycloak.authorization.store.PermissionTicketStore)21 PermissionTicket (org.keycloak.authorization.model.PermissionTicket)19 EnumMap (java.util.EnumMap)8 Resource (org.keycloak.authorization.model.Resource)7 Path (javax.ws.rs.Path)6 Scope (org.keycloak.authorization.model.Scope)6 LinkedList (java.util.LinkedList)5 POST (javax.ws.rs.POST)5 Consumes (javax.ws.rs.Consumes)4 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)4 ResourceServer (org.keycloak.authorization.model.ResourceServer)4 PolicyStore (org.keycloak.authorization.store.PolicyStore)4 ResourceStore (org.keycloak.authorization.store.ResourceStore)4 ScopeStore (org.keycloak.authorization.store.ScopeStore)4 StoreFactory (org.keycloak.authorization.store.StoreFactory)4 UserModel (org.keycloak.models.UserModel)4 ErrorResponseException (org.keycloak.services.ErrorResponseException)4 ArrayList (java.util.ArrayList)3 Map (java.util.Map)3 Produces (javax.ws.rs.Produces)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial