Examples with PolicyStore org.keycloak.authorization.store.PolicyStore used on opensource projects

Search in sources :

Example 16 with PolicyStore

use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.

the class ResourceAdapter method updateScopes.

@Override
public void updateScopes(Set<Scope> scopes) {
    Resource updated = getDelegateForUpdate();
    for (Scope scope : updated.getScopes()) {
        if (!scopes.contains(scope)) {
            PermissionTicketStore permissionStore = cacheSession.getPermissionTicketStore();
            List<PermissionTicket> permissions = permissionStore.findByScope(scope.getId(), getResourceServer());
            for (PermissionTicket permission : permissions) {
                permissionStore.delete(permission.getId());
            }
        }
    }
    PolicyStore policyStore = cacheSession.getPolicyStore();
    for (Scope scope : updated.getScopes()) {
        if (!scopes.contains(scope)) {
            policyStore.findByResource(getId(), getResourceServer(), policy -> policy.removeScope(scope));
        }
    }
    cacheSession.registerResourceInvalidation(cached.getId(), cached.getName(), cached.getType(), cached.getUris(modelSupplier), scopes.stream().map(scope1 -> scope1.getId()).collect(Collectors.toSet()), cached.getResourceServerId(), cached.getOwner());
    updated.updateScopes(scopes);
}
Also used : PermissionTicket(org.keycloak.authorization.model.PermissionTicket) Scope(org.keycloak.authorization.model.Scope) PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore) CachedResource(org.keycloak.models.cache.infinispan.authorization.entities.CachedResource) Resource(org.keycloak.authorization.model.Resource) PolicyStore(org.keycloak.authorization.store.PolicyStore)

Example 17 with PolicyStore

use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.

the class PolicyAdapter method getAssociatedPolicies.

@Override
public Set<Policy> getAssociatedPolicies() {
    if (isUpdated()) {
        return updated.getAssociatedPolicies().stream().map(policy -> new PolicyAdapter(cacheSession.createCachedPolicy(policy, policy.getId()), cacheSession)).collect(Collectors.toSet());
    }
    if (associatedPolicies != null)
        return associatedPolicies;
    associatedPolicies = new HashSet<>();
    PolicyStore policyStore = cacheSession.getPolicyStore();
    String resourceServerId = cached.getResourceServerId();
    for (String id : cached.getAssociatedPoliciesIds(modelSupplier)) {
        Policy policy = policyStore.findById(id, resourceServerId);
        cacheSession.cachePolicy(policy);
        associatedPolicies.add(policy);
    }
    return associatedPolicies = Collections.unmodifiableSet(associatedPolicies);
}
Also used : ResourceServer(org.keycloak.authorization.model.ResourceServer) CachedModel(org.keycloak.authorization.model.CachedModel) Scope(org.keycloak.authorization.model.Scope) Arrays(java.util.Arrays) Set(java.util.Set) DecisionStrategy(org.keycloak.representations.idm.authorization.DecisionStrategy) PolicyStore(org.keycloak.authorization.store.PolicyStore) ResourceStore(org.keycloak.authorization.store.ResourceStore) Supplier(java.util.function.Supplier) Collectors(java.util.stream.Collectors) HashSet(java.util.HashSet) Policy(org.keycloak.authorization.model.Policy) ScopeStore(org.keycloak.authorization.store.ScopeStore) Logic(org.keycloak.representations.idm.authorization.Logic) Map(java.util.Map) CachedPolicy(org.keycloak.models.cache.infinispan.authorization.entities.CachedPolicy) Collections(java.util.Collections) Resource(org.keycloak.authorization.model.Resource) Policy(org.keycloak.authorization.model.Policy) CachedPolicy(org.keycloak.models.cache.infinispan.authorization.entities.CachedPolicy) PolicyStore(org.keycloak.authorization.store.PolicyStore)

Example 18 with PolicyStore

use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.

the class AuthorizationProvider method createPolicyWrapper.

private PolicyStore createPolicyWrapper(StoreFactory storeFactory) {
    return new PolicyStore() {

        PolicyStore policyStore = storeFactory.getPolicyStore();

        @Override
        public Policy create(AbstractPolicyRepresentation representation, ResourceServer resourceServer) {
            Set<String> resources = representation.getResources();
            if (resources != null) {
                representation.setResources(resources.stream().map(id -> {
                    Resource resource = storeFactory.getResourceStore().findById(id, resourceServer.getId());
                    if (resource == null) {
                        resource = storeFactory.getResourceStore().findByName(id, resourceServer.getId());
                    }
                    if (resource == null) {
                        throw new RuntimeException("Resource [" + id + "] does not exist or is not owned by the resource server.");
                    }
                    return resource.getId();
                }).collect(Collectors.toSet()));
            }
            Set<String> scopes = representation.getScopes();
            if (scopes != null) {
                representation.setScopes(scopes.stream().map(id -> {
                    Scope scope = storeFactory.getScopeStore().findById(id, resourceServer.getId());
                    if (scope == null) {
                        scope = storeFactory.getScopeStore().findByName(id, resourceServer.getId());
                    }
                    if (scope == null) {
                        throw new RuntimeException("Scope [" + id + "] does not exist");
                    }
                    return scope.getId();
                }).collect(Collectors.toSet()));
            }
            Set<String> policies = representation.getPolicies();
            if (policies != null) {
                representation.setPolicies(policies.stream().map(id -> {
                    Policy policy = storeFactory.getPolicyStore().findById(id, resourceServer.getId());
                    if (policy == null) {
                        policy = storeFactory.getPolicyStore().findByName(id, resourceServer.getId());
                    }
                    if (policy == null) {
                        throw new RuntimeException("Policy [" + id + "] does not exist");
                    }
                    return policy.getId();
                }).collect(Collectors.toSet()));
            }
            return RepresentationToModel.toModel(representation, AuthorizationProvider.this, policyStore.create(representation, resourceServer));
        }

        @Override
        public void delete(String id) {
            Policy policy = findById(id, null);
            if (policy != null) {
                ResourceServer resourceServer = policy.getResourceServer();
                // if uma policy (owned by a user) also remove associated policies
                if (policy.getOwner() != null) {
                    for (Policy associatedPolicy : policy.getAssociatedPolicies()) {
                        // only remove associated policies created from the policy being deleted
                        if (associatedPolicy.getOwner() != null) {
                            policy.removeAssociatedPolicy(associatedPolicy);
                            policyStore.delete(associatedPolicy.getId());
                        }
                    }
                }
                findDependentPolicies(policy.getId(), resourceServer.getId()).forEach(dependentPolicy -> {
                    dependentPolicy.removeAssociatedPolicy(policy);
                    if (dependentPolicy.getAssociatedPolicies().isEmpty()) {
                        delete(dependentPolicy.getId());
                    }
                });
                policyStore.delete(id);
            }
        }

        @Override
        public Policy findById(String id, String resourceServerId) {
            return policyStore.findById(id, resourceServerId);
        }

        @Override
        public Policy findByName(String name, String resourceServerId) {
            return policyStore.findByName(name, resourceServerId);
        }

        @Override
        public List<Policy> findByResourceServer(String resourceServerId) {
            return policyStore.findByResourceServer(resourceServerId);
        }

        @Override
        public List<Policy> findByResourceServer(Map<Policy.FilterOption, String[]> attributes, String resourceServerId, int firstResult, int maxResult) {
            return policyStore.findByResourceServer(attributes, resourceServerId, firstResult, maxResult);
        }

        @Override
        public List<Policy> findByResource(String resourceId, String resourceServerId) {
            return policyStore.findByResource(resourceId, resourceServerId);
        }

        @Override
        public void findByResource(String resourceId, String resourceServerId, Consumer<Policy> consumer) {
            policyStore.findByResource(resourceId, resourceServerId, consumer);
        }

        @Override
        public List<Policy> findByResourceType(String resourceType, String resourceServerId) {
            return policyStore.findByResourceType(resourceType, resourceServerId);
        }

        @Override
        public List<Policy> findByScopeIds(List<String> scopeIds, String resourceServerId) {
            return policyStore.findByScopeIds(scopeIds, resourceServerId);
        }

        @Override
        public List<Policy> findByScopeIds(List<String> scopeIds, String resourceId, String resourceServerId) {
            return policyStore.findByScopeIds(scopeIds, resourceId, resourceServerId);
        }

        @Override
        public void findByScopeIds(List<String> scopeIds, String resourceId, String resourceServerId, Consumer<Policy> consumer) {
            policyStore.findByScopeIds(scopeIds, resourceId, resourceServerId, consumer);
        }

        @Override
        public List<Policy> findByType(String type, String resourceServerId) {
            return policyStore.findByType(type, resourceServerId);
        }

        @Override
        public List<Policy> findDependentPolicies(String id, String resourceServerId) {
            return policyStore.findDependentPolicies(id, resourceServerId);
        }

        @Override
        public void findByResourceType(String type, String id, Consumer<Policy> policyConsumer) {
            policyStore.findByResourceType(type, id, policyConsumer);
        }
    };
}
Also used : AbstractPolicyRepresentation(org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation) Policy(org.keycloak.authorization.model.Policy) Scope(org.keycloak.authorization.model.Scope) Consumer(java.util.function.Consumer) Resource(org.keycloak.authorization.model.Resource) PolicyStore(org.keycloak.authorization.store.PolicyStore) List(java.util.List) ResourceServer(org.keycloak.authorization.model.ResourceServer) Map(java.util.Map)

Example 19 with PolicyStore

use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.

the class UserManagedPermissionUtil method removePolicy.

public static void removePolicy(PermissionTicket ticket, StoreFactory storeFactory) {
    Policy policy = ticket.getPolicy();
    if (policy != null) {
        Map<PermissionTicket.FilterOption, String> filter = new EnumMap<>(PermissionTicket.FilterOption.class);
        filter.put(PermissionTicket.FilterOption.OWNER, ticket.getOwner());
        filter.put(PermissionTicket.FilterOption.REQUESTER, ticket.getRequester());
        filter.put(PermissionTicket.FilterOption.RESOURCE_ID, ticket.getResource().getId());
        filter.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString());
        List<PermissionTicket> tickets = storeFactory.getPermissionTicketStore().find(filter, ticket.getResourceServer().getId(), -1, -1);
        if (tickets.isEmpty()) {
            PolicyStore policyStore = storeFactory.getPolicyStore();
            for (Policy associatedPolicy : policy.getAssociatedPolicies()) {
                policyStore.delete(associatedPolicy.getId());
            }
            policyStore.delete(policy.getId());
        } else if (ticket.getScope() != null) {
            policy.removeScope(ticket.getScope());
        }
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) PermissionTicket(org.keycloak.authorization.model.PermissionTicket) PolicyStore(org.keycloak.authorization.store.PolicyStore) EnumMap(java.util.EnumMap)

Example 20 with PolicyStore

use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.

the class UserManagedPermissionUtil method createUserManagedPermission.

private static Policy createUserManagedPermission(PermissionTicket ticket, StoreFactory storeFactory) {
    PolicyStore policyStore = storeFactory.getPolicyStore();
    UserPolicyRepresentation userPolicyRep = new UserPolicyRepresentation();
    userPolicyRep.setName(KeycloakModelUtils.generateId());
    userPolicyRep.addUser(ticket.getRequester());
    Policy userPolicy = policyStore.create(userPolicyRep, ticket.getResourceServer());
    userPolicy.setOwner(ticket.getOwner());
    PolicyRepresentation policyRep = new PolicyRepresentation();
    policyRep.setName(KeycloakModelUtils.generateId());
    policyRep.setType("uma");
    policyRep.addPolicy(userPolicy.getId());
    Policy policy = policyStore.create(policyRep, ticket.getResourceServer());
    policy.setOwner(ticket.getOwner());
    policy.addResource(ticket.getResource());
    Scope scope = ticket.getScope();
    if (scope != null) {
        policy.addScope(scope);
    }
    return policy;
}
Also used : Policy(org.keycloak.authorization.model.Policy) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) Scope(org.keycloak.authorization.model.Scope) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) PolicyStore(org.keycloak.authorization.store.PolicyStore)

Aggregations

PolicyStore (org.keycloak.authorization.store.PolicyStore)28 Policy (org.keycloak.authorization.model.Policy)20 StoreFactory (org.keycloak.authorization.store.StoreFactory)16 ResourceServer (org.keycloak.authorization.model.ResourceServer)11 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)10 Resource (org.keycloak.authorization.model.Resource)10 Scope (org.keycloak.authorization.model.Scope)10 List (java.util.List)9 Map (java.util.Map)9 ArrayList (java.util.ArrayList)7 HashSet (java.util.HashSet)7 EnumMap (java.util.EnumMap)6 ResourceStore (org.keycloak.authorization.store.ResourceStore)6 KeycloakSession (org.keycloak.models.KeycloakSession)5 PolicyRepresentation (org.keycloak.representations.idm.authorization.PolicyRepresentation)5 IOException (java.io.IOException)4 HashMap (java.util.HashMap)4 LinkedList (java.util.LinkedList)4 Set (java.util.Set)4 Collectors (java.util.stream.Collectors)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial