Example 6 with PermissionTicketStore
use of org.keycloak.authorization.store.PermissionTicketStore in project keycloak by keycloak.
the class PermissionTicketService method update.
@PUT
@Consumes("application/json")
public Response update(PermissionTicketRepresentation representation) {
if (representation == null || representation.getId() == null) {
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "invalid_ticket", Response.Status.BAD_REQUEST);
}
PermissionTicketStore ticketStore = authorization.getStoreFactory().getPermissionTicketStore();
PermissionTicket ticket = ticketStore.findById(representation.getId(), resourceServer.getId());
if (ticket == null) {
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "invalid_ticket", Response.Status.BAD_REQUEST);
}
if (!ticket.getOwner().equals(this.identity.getId()) && !this.identity.isResourceServer())
throw new ErrorResponseException("not_authorised", "permissions for [" + representation.getResource() + "] can be updated only by the owner or by the resource server", Response.Status.FORBIDDEN);
RepresentationToModel.toModel(representation, resourceServer.getId(), authorization);
return Response.noContent().build();
}
Also used :
PermissionTicket(org.keycloak.authorization.model.PermissionTicket)
PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore)
ErrorResponseException(org.keycloak.services.ErrorResponseException)
Consumes(javax.ws.rs.Consumes)
PUT(javax.ws.rs.PUT)
Example 7 with PermissionTicketStore
use of org.keycloak.authorization.store.PermissionTicketStore in project keycloak by keycloak.
the class PermissionTicketService method getPermissionCount.
@Path("/count")
@GET
@Produces("application/json")
public Response getPermissionCount(@QueryParam("scopeId") String scopeId, @QueryParam("resourceId") String resourceId, @QueryParam("owner") String owner, @QueryParam("requester") String requester, @QueryParam("granted") Boolean granted, @QueryParam("returnNames") Boolean returnNames) {
StoreFactory storeFactory = authorization.getStoreFactory();
PermissionTicketStore permissionTicketStore = storeFactory.getPermissionTicketStore();
Map<PermissionTicket.FilterOption, String> filters = getFilters(storeFactory, resourceId, scopeId, owner, requester, granted);
long count = permissionTicketStore.count(filters, resourceServer.getId());
return Response.ok().entity(count).build();
}
Also used :
PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore)
StoreFactory(org.keycloak.authorization.store.StoreFactory)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
Example 8 with PermissionTicketStore
use of org.keycloak.authorization.store.PermissionTicketStore in project keycloak by keycloak.
the class AccountFormService method shareResource.
@Path("resource/{resource_id}/share")
@POST
public Response shareResource(@PathParam("resource_id") String resourceId, @FormParam("user_id") String[] userIds, @FormParam("scope_id") String[] scopes) {
MultivaluedMap<String, String> formData = request.getDecodedFormParameters();
if (auth == null) {
return login("resource");
}
auth.require(AccountRoles.MANAGE_ACCOUNT);
csrfCheck(formData);
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
PermissionTicketStore ticketStore = authorization.getStoreFactory().getPermissionTicketStore();
Resource resource = authorization.getStoreFactory().getResourceStore().findById(resourceId, null);
ResourceServer resourceServer = authorization.getStoreFactory().getResourceServerStore().findById(resource.getResourceServer());
if (resource == null) {
return ErrorResponse.error("Invalid resource", Response.Status.BAD_REQUEST);
}
if (userIds == null || userIds.length == 0) {
setReferrerOnPage();
return account.setError(Status.BAD_REQUEST, Messages.MISSING_PASSWORD).createResponse(AccountPages.PASSWORD);
}
for (String id : userIds) {
UserModel user = session.users().getUserById(realm, id);
if (user == null) {
user = session.users().getUserByUsername(realm, id);
}
if (user == null) {
user = session.users().getUserByEmail(realm, id);
}
if (user == null) {
setReferrerOnPage();
return account.setError(Status.BAD_REQUEST, Messages.INVALID_USER).createResponse(AccountPages.RESOURCE_DETAIL);
}
Map<PermissionTicket.FilterOption, String> filters = new EnumMap<>(PermissionTicket.FilterOption.class);
filters.put(PermissionTicket.FilterOption.RESOURCE_ID, resource.getId());
filters.put(PermissionTicket.FilterOption.OWNER, auth.getUser().getId());
filters.put(PermissionTicket.FilterOption.REQUESTER, user.getId());
List<PermissionTicket> tickets = ticketStore.find(filters, resource.getResourceServer(), -1, -1);
if (tickets.isEmpty()) {
if (scopes != null && scopes.length > 0) {
for (String scope : scopes) {
PermissionTicket ticket = ticketStore.create(resourceId, scope, user.getId(), resourceServer);
ticket.setGrantedTimestamp(System.currentTimeMillis());
}
} else {
if (resource.getScopes().isEmpty()) {
PermissionTicket ticket = ticketStore.create(resourceId, null, user.getId(), resourceServer);
ticket.setGrantedTimestamp(System.currentTimeMillis());
} else {
for (Scope scope : resource.getScopes()) {
PermissionTicket ticket = ticketStore.create(resourceId, scope.getId(), user.getId(), resourceServer);
ticket.setGrantedTimestamp(System.currentTimeMillis());
}
}
}
} else if (scopes != null && scopes.length > 0) {
List<String> grantScopes = new ArrayList<>(Arrays.asList(scopes));
for (PermissionTicket ticket : tickets) {
Scope scope = ticket.getScope();
if (scope != null) {
grantScopes.remove(scope.getId());
}
}
for (String grantScope : grantScopes) {
PermissionTicket ticket = ticketStore.create(resourceId, grantScope, user.getId(), resourceServer);
ticket.setGrantedTimestamp(System.currentTimeMillis());
}
}
}
return forwardToPage("resource", AccountPages.RESOURCE_DETAIL);
}
Also used :
PermissionTicket(org.keycloak.authorization.model.PermissionTicket)
AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider)
RealmsResource(org.keycloak.services.resources.RealmsResource)
Resource(org.keycloak.authorization.model.Resource)
UserModel(org.keycloak.models.UserModel)
Scope(org.keycloak.authorization.model.Scope)
PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore)
List(java.util.List)
ArrayList(java.util.ArrayList)
ResourceServer(org.keycloak.authorization.model.ResourceServer)
EnumMap(java.util.EnumMap)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Example 9 with PermissionTicketStore
use of org.keycloak.authorization.store.PermissionTicketStore in project keycloak by keycloak.
the class JPAPermissionTicketStore method findByResource.
@Override
public List<PermissionTicket> findByResource(final String resourceId, String resourceServerId) {
TypedQuery<String> query = entityManager.createNamedQuery("findPermissionIdByResource", String.class);
query.setFlushMode(FlushModeType.COMMIT);
query.setParameter("resourceId", resourceId);
query.setParameter("serverId", resourceServerId);
List<String> result = query.getResultList();
List<PermissionTicket> list = new LinkedList<>();
PermissionTicketStore ticketStore = provider.getStoreFactory().getPermissionTicketStore();
for (String id : result) {
PermissionTicket ticket = ticketStore.findById(id, resourceServerId);
if (Objects.nonNull(ticket)) {
list.add(ticket);
}
}
return list;
}
Also used :
PermissionTicket(org.keycloak.authorization.model.PermissionTicket)
PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore)
LinkedList(java.util.LinkedList)
Example 10 with PermissionTicketStore
use of org.keycloak.authorization.store.PermissionTicketStore in project keycloak by keycloak.
the class JPAPermissionTicketStore method findByResourceServer.
@Override
public List<PermissionTicket> findByResourceServer(final String resourceServerId) {
TypedQuery<String> query = entityManager.createNamedQuery("findPolicyIdByServerId", String.class);
query.setParameter("serverId", resourceServerId);
List<String> result = query.getResultList();
List<PermissionTicket> list = new LinkedList<>();
PermissionTicketStore ticketStore = provider.getStoreFactory().getPermissionTicketStore();
for (String id : result) {
PermissionTicket ticket = ticketStore.findById(id, resourceServerId);
if (Objects.nonNull(ticket)) {
list.add(ticket);
}
}
return list;
}
Also used :
PermissionTicket(org.keycloak.authorization.model.PermissionTicket)
PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore)
LinkedList(java.util.LinkedList)
Aggregations
PermissionTicketStore (org.keycloak.authorization.store.PermissionTicketStore)21
PermissionTicket (org.keycloak.authorization.model.PermissionTicket)19
EnumMap (java.util.EnumMap)8
Resource (org.keycloak.authorization.model.Resource)7
Path (javax.ws.rs.Path)6
Scope (org.keycloak.authorization.model.Scope)6
LinkedList (java.util.LinkedList)5
POST (javax.ws.rs.POST)5
Consumes (javax.ws.rs.Consumes)4
AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)4
ResourceServer (org.keycloak.authorization.model.ResourceServer)4
PolicyStore (org.keycloak.authorization.store.PolicyStore)4
ResourceStore (org.keycloak.authorization.store.ResourceStore)4
ScopeStore (org.keycloak.authorization.store.ScopeStore)4
StoreFactory (org.keycloak.authorization.store.StoreFactory)4
UserModel (org.keycloak.models.UserModel)4
ErrorResponseException (org.keycloak.services.ErrorResponseException)4
ArrayList (java.util.ArrayList)3
Map (java.util.Map)3
Produces (javax.ws.rs.Produces)3
