use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.
the class JPAPolicyStore method findByScopeIds.
@Override
public List<Policy> findByScopeIds(List<String> scopeIds, String resourceServerId) {
if (scopeIds == null || scopeIds.isEmpty()) {
return Collections.emptyList();
}
// Use separate subquery to handle DB2 and MSSSQL
TypedQuery<PolicyEntity> query = entityManager.createNamedQuery("findPolicyIdByScope", PolicyEntity.class);
query.setFlushMode(FlushModeType.COMMIT);
query.setParameter("scopeIds", scopeIds);
query.setParameter("serverId", resourceServerId);
List<Policy> list = new LinkedList<>();
PolicyStore storeFactory = provider.getStoreFactory().getPolicyStore();
for (PolicyEntity entity : query.getResultList()) {
list.add(storeFactory.findById(entity.getId(), resourceServerId));
}
return list;
}
use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.
the class JPAPolicyStore method findByResource.
@Override
public void findByResource(String resourceId, String resourceServerId, Consumer<Policy> consumer) {
TypedQuery<PolicyEntity> query = entityManager.createNamedQuery("findPolicyIdByResource", PolicyEntity.class);
query.setFlushMode(FlushModeType.COMMIT);
query.setParameter("resourceId", resourceId);
query.setParameter("serverId", resourceServerId);
PolicyStore storeFactory = provider.getStoreFactory().getPolicyStore();
closing(query.getResultStream().map(entity -> storeFactory.findById(entity.getId(), resourceServerId)).filter(Objects::nonNull)).forEach(consumer::accept);
}
use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.
the class ClientPolicyProviderFactory method postInit.
@Override
public void postInit(KeycloakSessionFactory factory) {
factory.register(event -> {
if (event instanceof ClientRemovedEvent) {
KeycloakSession keycloakSession = ((ClientRemovedEvent) event).getKeycloakSession();
AuthorizationProvider provider = keycloakSession.getProvider(AuthorizationProvider.class);
StoreFactory storeFactory = provider.getStoreFactory();
PolicyStore policyStore = storeFactory.getPolicyStore();
ClientModel removedClient = ((ClientRemovedEvent) event).getClient();
ResourceServerStore resourceServerStore = storeFactory.getResourceServerStore();
ResourceServer resourceServer = resourceServerStore.findByClient(removedClient);
if (resourceServer != null) {
policyStore.findByType(getId(), resourceServer.getId()).forEach(policy -> {
List<String> clients = new ArrayList<>();
for (String clientId : getClients(policy)) {
if (!clientId.equals(removedClient.getId())) {
clients.add(clientId);
}
}
try {
if (clients.isEmpty()) {
policyStore.delete(policy.getId());
} else {
policy.putConfig("clients", JsonSerialization.writeValueAsString(clients));
}
} catch (IOException e) {
throw new RuntimeException("Error while synchronizing clients with policy [" + policy.getName() + "].", e);
}
});
}
}
});
}
use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.
the class ClientScopePolicyProviderFactory method postInit.
@Override
public void postInit(KeycloakSessionFactory factory) {
factory.register(event -> {
if (event instanceof ClientScopeRemovedEvent) {
KeycloakSession keycloakSession = ((ClientScopeRemovedEvent) event).getKeycloakSession();
AuthorizationProvider provider = keycloakSession.getProvider(AuthorizationProvider.class);
StoreFactory storeFactory = provider.getStoreFactory();
PolicyStore policyStore = storeFactory.getPolicyStore();
ClientScopeModel removedClientScope = ((ClientScopeRemovedEvent) event).getClientScope();
Map<Policy.FilterOption, String[]> filters = new HashMap<>();
filters.put(Policy.FilterOption.TYPE, new String[] { getId() });
policyStore.findByResourceServer(filters, null, -1, -1).forEach(new Consumer<Policy>() {
@Override
public void accept(Policy policy) {
List<Map<String, Object>> clientScopes = new ArrayList<>();
for (Map<String, Object> clientScope : getClientScopes(policy)) {
if (!clientScope.get("id").equals(removedClientScope.getId())) {
Map<String, Object> updated = new HashMap<>();
updated.put("id", clientScope.get("id"));
Object required = clientScope.get("required");
if (required != null) {
updated.put("required", required);
}
clientScopes.add(updated);
}
}
if (clientScopes.isEmpty()) {
policyStore.delete(policy.getId());
} else {
try {
policy.putConfig("clientScopes", JsonSerialization.writeValueAsString(clientScopes));
} catch (IOException e) {
throw new RuntimeException("Error while synchronizing client scopes with policy [" + policy.getName() + "].", e);
}
}
}
});
}
});
}
use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.
the class UMAPolicyProviderFactory method onCreate.
@Override
public void onCreate(Policy policy, UmaPermissionRepresentation representation, AuthorizationProvider authorization) {
policy.setOwner(representation.getOwner());
PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
Set<String> roles = representation.getRoles();
if (roles != null) {
for (String role : roles) {
createRolePolicy(policy, policyStore, role, representation.getOwner());
}
}
Set<String> groups = representation.getGroups();
if (groups != null) {
for (String group : groups) {
createGroupPolicy(policy, policyStore, group, representation.getOwner());
}
}
Set<String> clients = representation.getClients();
if (clients != null) {
for (String client : clients) {
createClientPolicy(policy, policyStore, client, representation.getOwner());
}
}
Set<String> users = representation.getUsers();
if (users != null) {
for (String user : users) {
createUserPolicy(policy, policyStore, user, representation.getOwner());
}
}
String condition = representation.getCondition();
if (condition != null) {
createJSPolicy(policy, policyStore, condition, representation.getOwner());
}
}
Aggregations