Examples with PermissionTicketStore org.keycloak.authorization.store.PermissionTicketStore used on opensource projects

Search in sources :

Example 11 with PermissionTicketStore

use of org.keycloak.authorization.store.PermissionTicketStore in project keycloak by keycloak.

the class JPAPermissionTicketStore method findByScope.

@Override
public List<PermissionTicket> findByScope(String scopeId, String resourceServerId) {
    if (scopeId == null) {
        return Collections.emptyList();
    }
    // Use separate subquery to handle DB2 and MSSSQL
    TypedQuery<String> query = entityManager.createNamedQuery("findPermissionIdByScope", String.class);
    query.setFlushMode(FlushModeType.COMMIT);
    query.setParameter("scopeId", scopeId);
    query.setParameter("serverId", resourceServerId);
    List<String> result = query.getResultList();
    List<PermissionTicket> list = new LinkedList<>();
    PermissionTicketStore ticketStore = provider.getStoreFactory().getPermissionTicketStore();
    for (String id : result) {
        PermissionTicket ticket = ticketStore.findById(id, resourceServerId);
        if (Objects.nonNull(ticket)) {
            list.add(ticket);
        }
    }
    return list;
}
Also used : PermissionTicket(org.keycloak.authorization.model.PermissionTicket) PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore) LinkedList(java.util.LinkedList)

Example 12 with PermissionTicketStore

use of org.keycloak.authorization.store.PermissionTicketStore in project keycloak by keycloak.

the class JPAPermissionTicketStore method find.

@Override
public List<PermissionTicket> find(Map<PermissionTicket.FilterOption, String> attributes, String resourceServerId, int firstResult, int maxResult) {
    CriteriaBuilder builder = entityManager.getCriteriaBuilder();
    CriteriaQuery<PermissionTicketEntity> querybuilder = builder.createQuery(PermissionTicketEntity.class);
    Root<PermissionTicketEntity> root = querybuilder.from(PermissionTicketEntity.class);
    querybuilder.select(root.get("id"));
    List<Predicate> predicates = getPredicates(builder, root, resourceServerId, attributes);
    querybuilder.where(predicates.toArray(new Predicate[predicates.size()])).orderBy(builder.asc(root.get("id")));
    TypedQuery query = entityManager.createQuery(querybuilder);
    List<String> result = paginateQuery(query, firstResult, maxResult).getResultList();
    List<PermissionTicket> list = new LinkedList<>();
    PermissionTicketStore ticketStore = provider.getStoreFactory().getPermissionTicketStore();
    for (String id : result) {
        PermissionTicket ticket = ticketStore.findById(id, resourceServerId);
        if (Objects.nonNull(ticket)) {
            list.add(ticket);
        }
    }
    return list;
}
Also used : CriteriaBuilder(javax.persistence.criteria.CriteriaBuilder) PermissionTicket(org.keycloak.authorization.model.PermissionTicket) TypedQuery(javax.persistence.TypedQuery) LinkedList(java.util.LinkedList) Predicate(javax.persistence.criteria.Predicate) PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore) PermissionTicketEntity(org.keycloak.authorization.jpa.entities.PermissionTicketEntity)

Example 13 with PermissionTicketStore

use of org.keycloak.authorization.store.PermissionTicketStore in project keycloak by keycloak.

the class ResourceAdapter method updateScopes.

@Override
public void updateScopes(Set<Scope> scopes) {
    Resource updated = getDelegateForUpdate();
    for (Scope scope : updated.getScopes()) {
        if (!scopes.contains(scope)) {
            PermissionTicketStore permissionStore = cacheSession.getPermissionTicketStore();
            List<PermissionTicket> permissions = permissionStore.findByScope(scope.getId(), getResourceServer());
            for (PermissionTicket permission : permissions) {
                permissionStore.delete(permission.getId());
            }
        }
    }
    PolicyStore policyStore = cacheSession.getPolicyStore();
    for (Scope scope : updated.getScopes()) {
        if (!scopes.contains(scope)) {
            policyStore.findByResource(getId(), getResourceServer(), policy -> policy.removeScope(scope));
        }
    }
    cacheSession.registerResourceInvalidation(cached.getId(), cached.getName(), cached.getType(), cached.getUris(modelSupplier), scopes.stream().map(scope1 -> scope1.getId()).collect(Collectors.toSet()), cached.getResourceServerId(), cached.getOwner());
    updated.updateScopes(scopes);
}
Also used : PermissionTicket(org.keycloak.authorization.model.PermissionTicket) Scope(org.keycloak.authorization.model.Scope) PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore) CachedResource(org.keycloak.models.cache.infinispan.authorization.entities.CachedResource) Resource(org.keycloak.authorization.model.Resource) PolicyStore(org.keycloak.authorization.store.PolicyStore)

Example 14 with PermissionTicketStore

use of org.keycloak.authorization.store.PermissionTicketStore in project keycloak by keycloak.

the class AuthorizationProvider method createScopeWrapper.

private ScopeStore createScopeWrapper(StoreFactory storeFactory) {
    return new ScopeStore() {

        ScopeStore delegate = storeFactory.getScopeStore();

        @Override
        public Scope create(String name, ResourceServer resourceServer) {
            return delegate.create(name, resourceServer);
        }

        @Override
        public Scope create(String id, String name, ResourceServer resourceServer) {
            return delegate.create(id, name, resourceServer);
        }

        @Override
        public void delete(String id) {
            Scope scope = findById(id, null);
            PermissionTicketStore ticketStore = AuthorizationProvider.this.getStoreFactory().getPermissionTicketStore();
            List<PermissionTicket> permissions = ticketStore.findByScope(id, scope.getResourceServer().getId());
            for (PermissionTicket permission : permissions) {
                ticketStore.delete(permission.getId());
            }
            delegate.delete(id);
        }

        @Override
        public Scope findById(String id, String resourceServerId) {
            return delegate.findById(id, resourceServerId);
        }

        @Override
        public Scope findByName(String name, String resourceServerId) {
            return delegate.findByName(name, resourceServerId);
        }

        @Override
        public List<Scope> findByResourceServer(String id) {
            return delegate.findByResourceServer(id);
        }

        @Override
        public List<Scope> findByResourceServer(Map<Scope.FilterOption, String[]> attributes, String resourceServerId, int firstResult, int maxResult) {
            return delegate.findByResourceServer(attributes, resourceServerId, firstResult, maxResult);
        }
    };
}
Also used : PermissionTicket(org.keycloak.authorization.model.PermissionTicket) Scope(org.keycloak.authorization.model.Scope) PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore) ScopeStore(org.keycloak.authorization.store.ScopeStore) ResourceServer(org.keycloak.authorization.model.ResourceServer) Map(java.util.Map)

Example 15 with PermissionTicketStore

use of org.keycloak.authorization.store.PermissionTicketStore in project keycloak by keycloak.

the class AccountFormService method processResourceActions.

@Path("resource")
@POST
public Response processResourceActions(@FormParam("resource_id") String[] resourceIds, @FormParam("action") String action) {
    MultivaluedMap<String, String> formData = request.getDecodedFormParameters();
    if (auth == null) {
        return login("resource");
    }
    auth.require(AccountRoles.MANAGE_ACCOUNT);
    csrfCheck(formData);
    AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
    PermissionTicketStore ticketStore = authorization.getStoreFactory().getPermissionTicketStore();
    if (action == null) {
        return ErrorResponse.error("Invalid action", Response.Status.BAD_REQUEST);
    }
    for (String resourceId : resourceIds) {
        Resource resource = authorization.getStoreFactory().getResourceStore().findById(resourceId, null);
        if (resource == null) {
            return ErrorResponse.error("Invalid resource", Response.Status.BAD_REQUEST);
        }
        Map<PermissionTicket.FilterOption, String> filters = new EnumMap<>(PermissionTicket.FilterOption.class);
        filters.put(PermissionTicket.FilterOption.REQUESTER, auth.getUser().getId());
        filters.put(PermissionTicket.FilterOption.RESOURCE_ID, resource.getId());
        if ("cancel".equals(action)) {
            filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString());
        } else if ("cancelRequest".equals(action)) {
            filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.FALSE.toString());
        }
        for (PermissionTicket ticket : ticketStore.find(filters, resource.getResourceServer(), -1, -1)) {
            ticketStore.delete(ticket.getId());
        }
    }
    return forwardToPage("authorization", AccountPages.RESOURCES);
}
Also used : PermissionTicket(org.keycloak.authorization.model.PermissionTicket) PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) RealmsResource(org.keycloak.services.resources.RealmsResource) Resource(org.keycloak.authorization.model.Resource) EnumMap(java.util.EnumMap) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST)

Aggregations

PermissionTicketStore (org.keycloak.authorization.store.PermissionTicketStore)21 PermissionTicket (org.keycloak.authorization.model.PermissionTicket)19 EnumMap (java.util.EnumMap)8 Resource (org.keycloak.authorization.model.Resource)7 Path (javax.ws.rs.Path)6 Scope (org.keycloak.authorization.model.Scope)6 LinkedList (java.util.LinkedList)5 POST (javax.ws.rs.POST)5 Consumes (javax.ws.rs.Consumes)4 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)4 ResourceServer (org.keycloak.authorization.model.ResourceServer)4 PolicyStore (org.keycloak.authorization.store.PolicyStore)4 ResourceStore (org.keycloak.authorization.store.ResourceStore)4 ScopeStore (org.keycloak.authorization.store.ScopeStore)4 StoreFactory (org.keycloak.authorization.store.StoreFactory)4 UserModel (org.keycloak.models.UserModel)4 ErrorResponseException (org.keycloak.services.ErrorResponseException)4 ArrayList (java.util.ArrayList)3 Map (java.util.Map)3 Produces (javax.ws.rs.Produces)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial