Examples with PolicyStore org.keycloak.authorization.store.PolicyStore used on opensource projects

Search in sources :

Example 6 with PolicyStore

use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.

the class UserSynchronizer method removeUserResources.

private void removeUserResources(UserRemovedEvent event, AuthorizationProvider authorizationProvider) {
    StoreFactory storeFactory = authorizationProvider.getStoreFactory();
    PolicyStore policyStore = storeFactory.getPolicyStore();
    ResourceStore resourceStore = storeFactory.getResourceStore();
    UserModel userModel = event.getUser();
    resourceStore.findByOwner(userModel.getId(), null, resource -> {
        String resourceId = resource.getId();
        policyStore.findByResource(resourceId, resource.getResourceServer()).forEach(policy -> {
            if (policy.getResources().size() == 1) {
                policyStore.delete(policy.getId());
            } else {
                policy.removeResource(resource);
            }
        });
        resourceStore.delete(resourceId);
    });
}
Also used : UserModel(org.keycloak.models.UserModel) PolicyStore(org.keycloak.authorization.store.PolicyStore) ResourceStore(org.keycloak.authorization.store.ResourceStore) StoreFactory(org.keycloak.authorization.store.StoreFactory)

Example 7 with PolicyStore

use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.

the class UserSynchronizer method removeFromUserPolicies.

private void removeFromUserPolicies(UserRemovedEvent event, AuthorizationProvider authorizationProvider) {
    StoreFactory storeFactory = authorizationProvider.getStoreFactory();
    PolicyStore policyStore = storeFactory.getPolicyStore();
    UserModel userModel = event.getUser();
    Map<Policy.FilterOption, String[]> attributes = new EnumMap<>(Policy.FilterOption.class);
    attributes.put(Policy.FilterOption.TYPE, new String[] { "user" });
    attributes.put(Policy.FilterOption.CONFIG, new String[] { "users", userModel.getId() });
    List<Policy> search = policyStore.findByResourceServer(attributes, null, -1, -1);
    for (Policy policy : search) {
        PolicyProviderFactory policyFactory = authorizationProvider.getProviderFactory(policy.getType());
        UserPolicyRepresentation representation = UserPolicyRepresentation.class.cast(policyFactory.toRepresentation(policy, authorizationProvider));
        Set<String> users = representation.getUsers();
        users.remove(userModel.getId());
        if (users.isEmpty()) {
            policyFactory.onRemove(policy, authorizationProvider);
            policyStore.delete(policy.getId());
        } else {
            policyFactory.onUpdate(policy, representation, authorizationProvider);
        }
    }
}
Also used : UserModel(org.keycloak.models.UserModel) Policy(org.keycloak.authorization.model.Policy) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) PolicyProviderFactory(org.keycloak.authorization.policy.provider.PolicyProviderFactory) PolicyStore(org.keycloak.authorization.store.PolicyStore) StoreFactory(org.keycloak.authorization.store.StoreFactory) EnumMap(java.util.EnumMap)

Example 8 with PolicyStore

use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.

the class GroupSynchronizer method synchronize.

@Override
public void synchronize(GroupModel.GroupRemovedEvent event, KeycloakSessionFactory factory) {
    ProviderFactory<AuthorizationProvider> providerFactory = factory.getProviderFactory(AuthorizationProvider.class);
    AuthorizationProvider authorizationProvider = providerFactory.create(event.getKeycloakSession());
    StoreFactory storeFactory = authorizationProvider.getStoreFactory();
    PolicyStore policyStore = storeFactory.getPolicyStore();
    GroupModel group = event.getGroup();
    Map<Policy.FilterOption, String[]> attributes = new EnumMap<>(Policy.FilterOption.class);
    attributes.put(Policy.FilterOption.TYPE, new String[] { "group" });
    attributes.put(Policy.FilterOption.CONFIG, new String[] { "groups", group.getId() });
    attributes.put(Policy.FilterOption.ANY_OWNER, Policy.FilterOption.EMPTY_FILTER);
    List<Policy> search = policyStore.findByResourceServer(attributes, null, -1, -1);
    for (Policy policy : search) {
        PolicyProviderFactory policyFactory = authorizationProvider.getProviderFactory(policy.getType());
        GroupPolicyRepresentation representation = GroupPolicyRepresentation.class.cast(policyFactory.toRepresentation(policy, authorizationProvider));
        Set<GroupPolicyRepresentation.GroupDefinition> groups = representation.getGroups();
        groups.removeIf(groupDefinition -> groupDefinition.getId().equals(group.getId()));
        if (groups.isEmpty()) {
            policyFactory.onRemove(policy, authorizationProvider);
            policyStore.delete(policy.getId());
        } else {
            policyFactory.onUpdate(policy, representation, authorizationProvider);
        }
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) PolicyProviderFactory(org.keycloak.authorization.policy.provider.PolicyProviderFactory) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) GroupModel(org.keycloak.models.GroupModel) StoreFactory(org.keycloak.authorization.store.StoreFactory) GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation) PolicyStore(org.keycloak.authorization.store.PolicyStore) EnumMap(java.util.EnumMap)

Example 9 with PolicyStore

use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.

the class PolicyService method create.

public Policy create(AbstractPolicyRepresentation representation) {
    PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
    Policy existing = policyStore.findByName(representation.getName(), resourceServer.getId());
    if (existing != null) {
        throw new ErrorResponseException("Policy with name [" + representation.getName() + "] already exists", "Conflicting policy", Status.CONFLICT);
    }
    return policyStore.create(representation, resourceServer);
}
Also used : Policy(org.keycloak.authorization.model.Policy) PolicyStore(org.keycloak.authorization.store.PolicyStore) ErrorResponseException(org.keycloak.services.ErrorResponseException)

Example 10 with PolicyStore

use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.

the class ScopeService method delete.

@Path("{id}")
@DELETE
public Response delete(@PathParam("id") String id) {
    this.auth.realm().requireManageAuthorization();
    StoreFactory storeFactory = authorization.getStoreFactory();
    List<Resource> resources = storeFactory.getResourceStore().findByScope(Arrays.asList(id), resourceServer.getId());
    if (!resources.isEmpty()) {
        return ErrorResponse.error("Scopes can not be removed while associated with resources.", Status.BAD_REQUEST);
    }
    Scope scope = storeFactory.getScopeStore().findById(id, resourceServer.getId());
    if (scope == null) {
        return Response.status(Status.NOT_FOUND).build();
    }
    PolicyStore policyStore = storeFactory.getPolicyStore();
    List<Policy> policies = policyStore.findByScopeIds(Arrays.asList(scope.getId()), resourceServer.getId());
    for (Policy policyModel : policies) {
        if (policyModel.getScopes().size() == 1) {
            policyStore.delete(policyModel.getId());
        } else {
            policyModel.removeScope(scope);
        }
    }
    storeFactory.getScopeStore().delete(id);
    audit(toRepresentation(scope), OperationType.DELETE);
    return Response.noContent().build();
}
Also used : Policy(org.keycloak.authorization.model.Policy) Scope(org.keycloak.authorization.model.Scope) Resource(org.keycloak.authorization.model.Resource) PolicyStore(org.keycloak.authorization.store.PolicyStore) StoreFactory(org.keycloak.authorization.store.StoreFactory) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE)

Aggregations

PolicyStore (org.keycloak.authorization.store.PolicyStore)28 Policy (org.keycloak.authorization.model.Policy)20 StoreFactory (org.keycloak.authorization.store.StoreFactory)16 ResourceServer (org.keycloak.authorization.model.ResourceServer)11 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)10 Resource (org.keycloak.authorization.model.Resource)10 Scope (org.keycloak.authorization.model.Scope)10 List (java.util.List)9 Map (java.util.Map)9 ArrayList (java.util.ArrayList)7 HashSet (java.util.HashSet)7 EnumMap (java.util.EnumMap)6 ResourceStore (org.keycloak.authorization.store.ResourceStore)6 KeycloakSession (org.keycloak.models.KeycloakSession)5 PolicyRepresentation (org.keycloak.representations.idm.authorization.PolicyRepresentation)5 IOException (java.io.IOException)4 HashMap (java.util.HashMap)4 LinkedList (java.util.LinkedList)4 Set (java.util.Set)4 Collectors (java.util.stream.Collectors)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial