Examples with PolicyStore org.keycloak.authorization.store.PolicyStore used on opensource projects

Search in sources :

Example 1 with PolicyStore

use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.

the class AuthorizationProvider method createResourceStoreWrapper.

private ResourceStore createResourceStoreWrapper(StoreFactory storeFactory) {
    return new ResourceStore() {

        ResourceStore delegate = storeFactory.getResourceStore();

        @Override
        public Resource create(String name, ResourceServer resourceServer, String owner) {
            return delegate.create(name, resourceServer, owner);
        }

        @Override
        public Resource create(String id, String name, ResourceServer resourceServer, String owner) {
            return delegate.create(id, name, resourceServer, owner);
        }

        @Override
        public void delete(String id) {
            Resource resource = findById(id, null);
            StoreFactory storeFactory = AuthorizationProvider.this.getStoreFactory();
            PermissionTicketStore ticketStore = storeFactory.getPermissionTicketStore();
            List<PermissionTicket> permissions = ticketStore.findByResource(id, resource.getResourceServer());
            for (PermissionTicket permission : permissions) {
                ticketStore.delete(permission.getId());
            }
            PolicyStore policyStore = storeFactory.getPolicyStore();
            List<Policy> policies = policyStore.findByResource(id, resource.getResourceServer());
            for (Policy policyModel : policies) {
                if (policyModel.getResources().size() == 1) {
                    policyStore.delete(policyModel.getId());
                } else {
                    policyModel.removeResource(resource);
                }
            }
            delegate.delete(id);
        }

        @Override
        public Resource findById(String id, String resourceServerId) {
            return delegate.findById(id, resourceServerId);
        }

        @Override
        public List<Resource> findByOwner(String ownerId, String resourceServerId) {
            return delegate.findByOwner(ownerId, resourceServerId);
        }

        @Override
        public void findByOwner(String ownerId, String resourceServerId, Consumer<Resource> consumer) {
            delegate.findByOwner(ownerId, resourceServerId, consumer);
        }

        @Override
        public List<Resource> findByOwner(String ownerId, String resourceServerId, int first, int max) {
            return delegate.findByOwner(ownerId, resourceServerId, first, max);
        }

        @Override
        public List<Resource> findByUri(String uri, String resourceServerId) {
            return delegate.findByUri(uri, resourceServerId);
        }

        @Override
        public List<Resource> findByResourceServer(String resourceServerId) {
            return delegate.findByResourceServer(resourceServerId);
        }

        @Override
        public List<Resource> findByResourceServer(Map<Resource.FilterOption, String[]> attributes, String resourceServerId, int firstResult, int maxResult) {
            return delegate.findByResourceServer(attributes, resourceServerId, firstResult, maxResult);
        }

        @Override
        public List<Resource> findByScope(List<String> id, String resourceServerId) {
            return delegate.findByScope(id, resourceServerId);
        }

        @Override
        public void findByScope(List<String> scopes, String resourceServerId, Consumer<Resource> consumer) {
            delegate.findByScope(scopes, resourceServerId, consumer);
        }

        @Override
        public Resource findByName(String name, String resourceServerId) {
            return delegate.findByName(name, resourceServerId);
        }

        @Override
        public Resource findByName(String name, String ownerId, String resourceServerId) {
            return delegate.findByName(name, ownerId, resourceServerId);
        }

        @Override
        public List<Resource> findByType(String type, String resourceServerId) {
            return delegate.findByType(type, resourceServerId);
        }

        @Override
        public void findByType(String type, String resourceServerId, Consumer<Resource> consumer) {
            delegate.findByType(type, resourceServerId, consumer);
        }

        @Override
        public void findByType(String type, String owner, String resourceServerId, Consumer<Resource> consumer) {
            delegate.findByType(type, owner, resourceServerId, consumer);
        }

        @Override
        public List<Resource> findByType(String type, String owner, String resourceServerId) {
            return delegate.findByType(type, resourceServerId);
        }

        @Override
        public List<Resource> findByTypeInstance(String type, String resourceServerId) {
            return delegate.findByTypeInstance(type, resourceServerId);
        }

        @Override
        public void findByTypeInstance(String type, String resourceServerId, Consumer<Resource> consumer) {
            delegate.findByTypeInstance(type, resourceServerId, consumer);
        }
    };
}
Also used : Policy(org.keycloak.authorization.model.Policy) PermissionTicket(org.keycloak.authorization.model.PermissionTicket) Resource(org.keycloak.authorization.model.Resource) ResourceStore(org.keycloak.authorization.store.ResourceStore) StoreFactory(org.keycloak.authorization.store.StoreFactory) Consumer(java.util.function.Consumer) PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore) PolicyStore(org.keycloak.authorization.store.PolicyStore) List(java.util.List) ResourceServer(org.keycloak.authorization.model.ResourceServer) Map(java.util.Map)

Example 2 with PolicyStore

use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.

the class RepresentationToModel method updateAssociatedPolicies.

private static void updateAssociatedPolicies(Set<String> policyIds, Policy policy, StoreFactory storeFactory) {
    ResourceServer resourceServer = policy.getResourceServer();
    if (policyIds != null) {
        if (policyIds.isEmpty()) {
            for (Policy associated : new HashSet<Policy>(policy.getAssociatedPolicies())) {
                policy.removeAssociatedPolicy(associated);
            }
            return;
        }
        PolicyStore policyStore = storeFactory.getPolicyStore();
        for (String policyId : policyIds) {
            boolean hasPolicy = false;
            for (Policy policyModel : new HashSet<Policy>(policy.getAssociatedPolicies())) {
                if (policyModel.getId().equals(policyId) || policyModel.getName().equals(policyId)) {
                    hasPolicy = true;
                }
            }
            if (!hasPolicy) {
                Policy associatedPolicy = policyStore.findById(policyId, resourceServer.getId());
                if (associatedPolicy == null) {
                    associatedPolicy = policyStore.findByName(policyId, resourceServer.getId());
                    if (associatedPolicy == null) {
                        throw new RuntimeException("Policy with id or name [" + policyId + "] does not exist");
                    }
                }
                policy.addAssociatedPolicy(associatedPolicy);
            }
        }
        for (Policy policyModel : new HashSet<Policy>(policy.getAssociatedPolicies())) {
            boolean hasPolicy = false;
            for (String policyId : policyIds) {
                if (policyModel.getId().equals(policyId) || policyModel.getName().equals(policyId)) {
                    hasPolicy = true;
                }
            }
            if (!hasPolicy) {
                policy.removeAssociatedPolicy(policyModel);
            }
        }
    }
    policy.removeConfig("applyPolicies");
}
Also used : WebAuthnPolicy(org.keycloak.models.WebAuthnPolicy) OTPPolicy(org.keycloak.models.OTPPolicy) Policy(org.keycloak.authorization.model.Policy) PasswordPolicy(org.keycloak.models.PasswordPolicy) PolicyStore(org.keycloak.authorization.store.PolicyStore) ArtifactBindingUtils.computeArtifactBindingIdentifierString(org.keycloak.protocol.saml.util.ArtifactBindingUtils.computeArtifactBindingIdentifierString) ResourceServer(org.keycloak.authorization.model.ResourceServer) HashSet(java.util.HashSet)

Example 3 with PolicyStore

use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.

the class MigrateTo2_1_0 method migrateRolePolicies.

// KEYCLOAK-3338: Changes to how role policy config is stored"
private void migrateRolePolicies(RealmModel realm, KeycloakSession session) {
    AuthorizationProvider authorizationProvider = session.getProvider(AuthorizationProvider.class);
    StoreFactory storeFactory = authorizationProvider.getStoreFactory();
    PolicyStore policyStore = storeFactory.getPolicyStore();
    realm.getClientsStream().forEach(clientModel -> {
        ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
        if (resourceServer != null) {
            policyStore.findByType("role", resourceServer.getId()).forEach(policy -> {
                Map<String, String> config = new HashMap(policy.getConfig());
                String roles = config.get("roles");
                List roleConfig;
                try {
                    roleConfig = JsonSerialization.readValue(roles, List.class);
                } catch (Exception e) {
                    throw new RuntimeException("Malformed configuration for role policy [" + policy.getName() + "].", e);
                }
                if (!roleConfig.isEmpty() && roleConfig.get(0) instanceof String) {
                    try {
                        config.put("roles", JsonSerialization.writeValueAsString(roleConfig.stream().map(new Function<String, Map>() {

                            @Override
                            public Map apply(String roleId) {
                                Map updated = new HashMap();
                                updated.put("id", roleId);
                                return updated;
                            }
                        }).collect(Collectors.toList())));
                        policy.setConfig(config);
                    } catch (Exception e) {
                        throw new RuntimeException("Failed to migrate role policy [" + policy.getName() + "].", e);
                    }
                }
            });
        }
    });
}
Also used : Function(java.util.function.Function) HashMap(java.util.HashMap) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) PolicyStore(org.keycloak.authorization.store.PolicyStore) List(java.util.List) StoreFactory(org.keycloak.authorization.store.StoreFactory) ResourceServer(org.keycloak.authorization.model.ResourceServer) HashMap(java.util.HashMap) Map(java.util.Map)

Example 4 with PolicyStore

use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.

the class JPAPolicyStore method findByScopeIds.

@Override
public List<Policy> findByScopeIds(List<String> scopeIds, String resourceServerId) {
    if (scopeIds == null || scopeIds.isEmpty()) {
        return Collections.emptyList();
    }
    // Use separate subquery to handle DB2 and MSSSQL
    TypedQuery<PolicyEntity> query = entityManager.createNamedQuery("findPolicyIdByScope", PolicyEntity.class);
    query.setFlushMode(FlushModeType.COMMIT);
    query.setParameter("scopeIds", scopeIds);
    query.setParameter("serverId", resourceServerId);
    List<Policy> list = new LinkedList<>();
    PolicyStore storeFactory = provider.getStoreFactory().getPolicyStore();
    for (PolicyEntity entity : query.getResultList()) {
        list.add(storeFactory.findById(entity.getId(), resourceServerId));
    }
    return list;
}
Also used : Policy(org.keycloak.authorization.model.Policy) PolicyEntity(org.keycloak.authorization.jpa.entities.PolicyEntity) PolicyStore(org.keycloak.authorization.store.PolicyStore) LinkedList(java.util.LinkedList)

Example 5 with PolicyStore

use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.

the class JPAPolicyStore method findByResource.

@Override
public void findByResource(String resourceId, String resourceServerId, Consumer<Policy> consumer) {
    TypedQuery<PolicyEntity> query = entityManager.createNamedQuery("findPolicyIdByResource", PolicyEntity.class);
    query.setFlushMode(FlushModeType.COMMIT);
    query.setParameter("resourceId", resourceId);
    query.setParameter("serverId", resourceServerId);
    PolicyStore storeFactory = provider.getStoreFactory().getPolicyStore();
    closing(query.getResultStream().map(entity -> storeFactory.findById(entity.getId(), resourceServerId)).filter(Objects::nonNull)).forEach(consumer::accept);
}
Also used : AbstractPolicyRepresentation(org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation) KeycloakModelUtils(org.keycloak.models.utils.KeycloakModelUtils) StoreFactory(org.keycloak.authorization.store.StoreFactory) NoResultException(javax.persistence.NoResultException) FlushModeType(javax.persistence.FlushModeType) TypedQuery(javax.persistence.TypedQuery) ArrayList(java.util.ArrayList) Predicate(javax.persistence.criteria.Predicate) Map(java.util.Map) CriteriaBuilder(javax.persistence.criteria.CriteriaBuilder) LinkedList(java.util.LinkedList) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) Root(javax.persistence.criteria.Root) ResourceServer(org.keycloak.authorization.model.ResourceServer) CriteriaQuery(javax.persistence.criteria.CriteriaQuery) StreamsUtil.closing(org.keycloak.utils.StreamsUtil.closing) EntityManager(javax.persistence.EntityManager) PolicyStore(org.keycloak.authorization.store.PolicyStore) Objects(java.util.Objects) Consumer(java.util.function.Consumer) PaginationUtils.paginateQuery(org.keycloak.models.jpa.PaginationUtils.paginateQuery) Policy(org.keycloak.authorization.model.Policy) List(java.util.List) PolicyEntity(org.keycloak.authorization.jpa.entities.PolicyEntity) LockModeType(javax.persistence.LockModeType) Collections(java.util.Collections) PolicyEntity(org.keycloak.authorization.jpa.entities.PolicyEntity) Objects(java.util.Objects) PolicyStore(org.keycloak.authorization.store.PolicyStore)

Aggregations

PolicyStore (org.keycloak.authorization.store.PolicyStore)28 Policy (org.keycloak.authorization.model.Policy)20 StoreFactory (org.keycloak.authorization.store.StoreFactory)16 ResourceServer (org.keycloak.authorization.model.ResourceServer)11 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)10 Resource (org.keycloak.authorization.model.Resource)10 Scope (org.keycloak.authorization.model.Scope)10 List (java.util.List)9 Map (java.util.Map)9 ArrayList (java.util.ArrayList)7 HashSet (java.util.HashSet)7 EnumMap (java.util.EnumMap)6 ResourceStore (org.keycloak.authorization.store.ResourceStore)6 KeycloakSession (org.keycloak.models.KeycloakSession)5 PolicyRepresentation (org.keycloak.representations.idm.authorization.PolicyRepresentation)5 IOException (java.io.IOException)4 HashMap (java.util.HashMap)4 LinkedList (java.util.LinkedList)4 Set (java.util.Set)4 Collectors (java.util.stream.Collectors)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial