Search in sources :

Example 11 with PolicyStore

use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.

the class JPAPolicyStore method findByScopeIds.

@Override
public List<Policy> findByScopeIds(List<String> scopeIds, String resourceServerId) {
    if (scopeIds == null || scopeIds.isEmpty()) {
        return Collections.emptyList();
    }
    // Use separate subquery to handle DB2 and MSSSQL
    TypedQuery<PolicyEntity> query = entityManager.createNamedQuery("findPolicyIdByScope", PolicyEntity.class);
    query.setFlushMode(FlushModeType.COMMIT);
    query.setParameter("scopeIds", scopeIds);
    query.setParameter("serverId", resourceServerId);
    List<Policy> list = new LinkedList<>();
    PolicyStore storeFactory = provider.getStoreFactory().getPolicyStore();
    for (PolicyEntity entity : query.getResultList()) {
        list.add(storeFactory.findById(entity.getId(), resourceServerId));
    }
    return list;
}
Also used : Policy(org.keycloak.authorization.model.Policy) PolicyEntity(org.keycloak.authorization.jpa.entities.PolicyEntity) PolicyStore(org.keycloak.authorization.store.PolicyStore) LinkedList(java.util.LinkedList)

Example 12 with PolicyStore

use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.

the class JPAPolicyStore method findByResource.

@Override
public void findByResource(String resourceId, String resourceServerId, Consumer<Policy> consumer) {
    TypedQuery<PolicyEntity> query = entityManager.createNamedQuery("findPolicyIdByResource", PolicyEntity.class);
    query.setFlushMode(FlushModeType.COMMIT);
    query.setParameter("resourceId", resourceId);
    query.setParameter("serverId", resourceServerId);
    PolicyStore storeFactory = provider.getStoreFactory().getPolicyStore();
    closing(query.getResultStream().map(entity -> storeFactory.findById(entity.getId(), resourceServerId)).filter(Objects::nonNull)).forEach(consumer::accept);
}
Also used : AbstractPolicyRepresentation(org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation) KeycloakModelUtils(org.keycloak.models.utils.KeycloakModelUtils) StoreFactory(org.keycloak.authorization.store.StoreFactory) NoResultException(javax.persistence.NoResultException) FlushModeType(javax.persistence.FlushModeType) TypedQuery(javax.persistence.TypedQuery) ArrayList(java.util.ArrayList) Predicate(javax.persistence.criteria.Predicate) Map(java.util.Map) CriteriaBuilder(javax.persistence.criteria.CriteriaBuilder) LinkedList(java.util.LinkedList) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) Root(javax.persistence.criteria.Root) ResourceServer(org.keycloak.authorization.model.ResourceServer) CriteriaQuery(javax.persistence.criteria.CriteriaQuery) StreamsUtil.closing(org.keycloak.utils.StreamsUtil.closing) EntityManager(javax.persistence.EntityManager) PolicyStore(org.keycloak.authorization.store.PolicyStore) Objects(java.util.Objects) Consumer(java.util.function.Consumer) PaginationUtils.paginateQuery(org.keycloak.models.jpa.PaginationUtils.paginateQuery) Policy(org.keycloak.authorization.model.Policy) List(java.util.List) PolicyEntity(org.keycloak.authorization.jpa.entities.PolicyEntity) LockModeType(javax.persistence.LockModeType) Collections(java.util.Collections) PolicyEntity(org.keycloak.authorization.jpa.entities.PolicyEntity) Objects(java.util.Objects) PolicyStore(org.keycloak.authorization.store.PolicyStore)

Example 13 with PolicyStore

use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.

the class ClientPolicyProviderFactory method postInit.

@Override
public void postInit(KeycloakSessionFactory factory) {
    factory.register(event -> {
        if (event instanceof ClientRemovedEvent) {
            KeycloakSession keycloakSession = ((ClientRemovedEvent) event).getKeycloakSession();
            AuthorizationProvider provider = keycloakSession.getProvider(AuthorizationProvider.class);
            StoreFactory storeFactory = provider.getStoreFactory();
            PolicyStore policyStore = storeFactory.getPolicyStore();
            ClientModel removedClient = ((ClientRemovedEvent) event).getClient();
            ResourceServerStore resourceServerStore = storeFactory.getResourceServerStore();
            ResourceServer resourceServer = resourceServerStore.findByClient(removedClient);
            if (resourceServer != null) {
                policyStore.findByType(getId(), resourceServer.getId()).forEach(policy -> {
                    List<String> clients = new ArrayList<>();
                    for (String clientId : getClients(policy)) {
                        if (!clientId.equals(removedClient.getId())) {
                            clients.add(clientId);
                        }
                    }
                    try {
                        if (clients.isEmpty()) {
                            policyStore.delete(policy.getId());
                        } else {
                            policy.putConfig("clients", JsonSerialization.writeValueAsString(clients));
                        }
                    } catch (IOException e) {
                        throw new RuntimeException("Error while synchronizing clients with policy [" + policy.getName() + "].", e);
                    }
                });
            }
        }
    });
}
Also used : ClientRemovedEvent(org.keycloak.models.ClientModel.ClientRemovedEvent) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) ArrayList(java.util.ArrayList) IOException(java.io.IOException) StoreFactory(org.keycloak.authorization.store.StoreFactory) ClientModel(org.keycloak.models.ClientModel) ResourceServerStore(org.keycloak.authorization.store.ResourceServerStore) KeycloakSession(org.keycloak.models.KeycloakSession) PolicyStore(org.keycloak.authorization.store.PolicyStore) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Example 14 with PolicyStore

use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.

the class ClientScopePolicyProviderFactory method postInit.

@Override
public void postInit(KeycloakSessionFactory factory) {
    factory.register(event -> {
        if (event instanceof ClientScopeRemovedEvent) {
            KeycloakSession keycloakSession = ((ClientScopeRemovedEvent) event).getKeycloakSession();
            AuthorizationProvider provider = keycloakSession.getProvider(AuthorizationProvider.class);
            StoreFactory storeFactory = provider.getStoreFactory();
            PolicyStore policyStore = storeFactory.getPolicyStore();
            ClientScopeModel removedClientScope = ((ClientScopeRemovedEvent) event).getClientScope();
            Map<Policy.FilterOption, String[]> filters = new HashMap<>();
            filters.put(Policy.FilterOption.TYPE, new String[] { getId() });
            policyStore.findByResourceServer(filters, null, -1, -1).forEach(new Consumer<Policy>() {

                @Override
                public void accept(Policy policy) {
                    List<Map<String, Object>> clientScopes = new ArrayList<>();
                    for (Map<String, Object> clientScope : getClientScopes(policy)) {
                        if (!clientScope.get("id").equals(removedClientScope.getId())) {
                            Map<String, Object> updated = new HashMap<>();
                            updated.put("id", clientScope.get("id"));
                            Object required = clientScope.get("required");
                            if (required != null) {
                                updated.put("required", required);
                            }
                            clientScopes.add(updated);
                        }
                    }
                    if (clientScopes.isEmpty()) {
                        policyStore.delete(policy.getId());
                    } else {
                        try {
                            policy.putConfig("clientScopes", JsonSerialization.writeValueAsString(clientScopes));
                        } catch (IOException e) {
                            throw new RuntimeException("Error while synchronizing client scopes with policy [" + policy.getName() + "].", e);
                        }
                    }
                }
            });
        }
    });
}
Also used : Policy(org.keycloak.authorization.model.Policy) ClientScopeRemovedEvent(org.keycloak.models.ClientScopeModel.ClientScopeRemovedEvent) HashMap(java.util.HashMap) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) ClientScopeModel(org.keycloak.models.ClientScopeModel) IOException(java.io.IOException) StoreFactory(org.keycloak.authorization.store.StoreFactory) KeycloakSession(org.keycloak.models.KeycloakSession) PolicyStore(org.keycloak.authorization.store.PolicyStore) ArrayList(java.util.ArrayList) List(java.util.List) HashMap(java.util.HashMap) Map(java.util.Map)

Example 15 with PolicyStore

use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.

the class UMAPolicyProviderFactory method onCreate.

@Override
public void onCreate(Policy policy, UmaPermissionRepresentation representation, AuthorizationProvider authorization) {
    policy.setOwner(representation.getOwner());
    PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
    Set<String> roles = representation.getRoles();
    if (roles != null) {
        for (String role : roles) {
            createRolePolicy(policy, policyStore, role, representation.getOwner());
        }
    }
    Set<String> groups = representation.getGroups();
    if (groups != null) {
        for (String group : groups) {
            createGroupPolicy(policy, policyStore, group, representation.getOwner());
        }
    }
    Set<String> clients = representation.getClients();
    if (clients != null) {
        for (String client : clients) {
            createClientPolicy(policy, policyStore, client, representation.getOwner());
        }
    }
    Set<String> users = representation.getUsers();
    if (users != null) {
        for (String user : users) {
            createUserPolicy(policy, policyStore, user, representation.getOwner());
        }
    }
    String condition = representation.getCondition();
    if (condition != null) {
        createJSPolicy(policy, policyStore, condition, representation.getOwner());
    }
}
Also used : PolicyStore(org.keycloak.authorization.store.PolicyStore)

Aggregations

PolicyStore (org.keycloak.authorization.store.PolicyStore)28 Policy (org.keycloak.authorization.model.Policy)20 StoreFactory (org.keycloak.authorization.store.StoreFactory)16 ResourceServer (org.keycloak.authorization.model.ResourceServer)11 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)10 Resource (org.keycloak.authorization.model.Resource)10 Scope (org.keycloak.authorization.model.Scope)10 List (java.util.List)9 Map (java.util.Map)9 ArrayList (java.util.ArrayList)7 HashSet (java.util.HashSet)7 EnumMap (java.util.EnumMap)6 ResourceStore (org.keycloak.authorization.store.ResourceStore)6 KeycloakSession (org.keycloak.models.KeycloakSession)5 PolicyRepresentation (org.keycloak.representations.idm.authorization.PolicyRepresentation)5 IOException (java.io.IOException)4 HashMap (java.util.HashMap)4 LinkedList (java.util.LinkedList)4 Set (java.util.Set)4 Collectors (java.util.stream.Collectors)4