Example 26 with PolicyStore
use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.
the class ScopeService method getPermissions.
@Path("{id}/permissions")
@GET
@NoCache
@Produces(MediaType.APPLICATION_JSON)
public Response getPermissions(@PathParam("id") String id) {
this.auth.realm().requireViewAuthorization();
StoreFactory storeFactory = this.authorization.getStoreFactory();
Scope model = storeFactory.getScopeStore().findById(id, resourceServer.getId());
if (model == null) {
return Response.status(Status.NOT_FOUND).build();
}
PolicyStore policyStore = storeFactory.getPolicyStore();
return Response.ok(policyStore.findByScopeIds(Arrays.asList(model.getId()), resourceServer.getId()).stream().map(policy -> {
PolicyRepresentation representation = new PolicyRepresentation();
representation.setId(policy.getId());
representation.setName(policy.getName());
representation.setType(policy.getType());
return representation;
}).collect(Collectors.toList())).build();
}
Also used :
OperationType(org.keycloak.events.admin.OperationType)
Scope(org.keycloak.authorization.model.Scope)
ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)
PathParam(javax.ws.rs.PathParam)
Arrays(java.util.Arrays)
ResourceType(org.keycloak.events.admin.ResourceType)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
StoreFactory(org.keycloak.authorization.store.StoreFactory)
Constants(org.keycloak.models.Constants)
Path(javax.ws.rs.Path)
PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation)
MediaType(javax.ws.rs.core.MediaType)
QueryParam(javax.ws.rs.QueryParam)
Consumes(javax.ws.rs.Consumes)
Map(java.util.Map)
ModelToRepresentation.toRepresentation(org.keycloak.models.utils.ModelToRepresentation.toRepresentation)
ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation)
AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider)
Status(javax.ws.rs.core.Response.Status)
DELETE(javax.ws.rs.DELETE)
ResourceServer(org.keycloak.authorization.model.ResourceServer)
POST(javax.ws.rs.POST)
EnumMap(java.util.EnumMap)
AdminPermissionEvaluator(org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator)
KeycloakSession(org.keycloak.models.KeycloakSession)
PolicyStore(org.keycloak.authorization.store.PolicyStore)
Collectors(java.util.stream.Collectors)
Policy(org.keycloak.authorization.model.Policy)
List(java.util.List)
NoCache(org.jboss.resteasy.annotations.cache.NoCache)
Response(javax.ws.rs.core.Response)
RepresentationToModel.toModel(org.keycloak.models.utils.RepresentationToModel.toModel)
PUT(javax.ws.rs.PUT)
Resource(org.keycloak.authorization.model.Resource)
ErrorResponse(org.keycloak.services.ErrorResponse)
AdminEventBuilder(org.keycloak.services.resources.admin.AdminEventBuilder)
PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation)
Scope(org.keycloak.authorization.model.Scope)
PolicyStore(org.keycloak.authorization.store.PolicyStore)
StoreFactory(org.keycloak.authorization.store.StoreFactory)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
NoCache(org.jboss.resteasy.annotations.cache.NoCache)
Example 27 with PolicyStore
use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.
the class MapResourceServerStore method delete.
@Override
public void delete(ClientModel client) {
String id = client.getId();
LOG.tracef("delete(%s, %s)%s", id, getShortStackTrace());
if (id == null)
return;
// TODO: Simplify the following, ideally by leveraging triggers, stored procedures or ref integrity
PolicyStore policyStore = authorizationProvider.getStoreFactory().getPolicyStore();
policyStore.findByResourceServer(id).stream().map(Policy::getId).forEach(policyStore::delete);
PermissionTicketStore permissionTicketStore = authorizationProvider.getStoreFactory().getPermissionTicketStore();
permissionTicketStore.findByResourceServer(id).stream().map(PermissionTicket::getId).forEach(permissionTicketStore::delete);
ResourceStore resourceStore = authorizationProvider.getStoreFactory().getResourceStore();
resourceStore.findByResourceServer(id).stream().map(Resource::getId).forEach(resourceStore::delete);
ScopeStore scopeStore = authorizationProvider.getStoreFactory().getScopeStore();
scopeStore.findByResourceServer(id).stream().map(Scope::getId).forEach(scopeStore::delete);
tx.delete(id);
}
Also used :
PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore)
ScopeStore(org.keycloak.authorization.store.ScopeStore)
PolicyStore(org.keycloak.authorization.store.PolicyStore)
ResourceStore(org.keycloak.authorization.store.ResourceStore)
Example 28 with PolicyStore
use of org.keycloak.authorization.store.PolicyStore in project keycloak by keycloak.
the class RepresentationToModel method importPolicies.
private static Policy importPolicies(AuthorizationProvider authorization, ResourceServer resourceServer, List<PolicyRepresentation> policiesToImport, String parentPolicyName) {
StoreFactory storeFactory = authorization.getStoreFactory();
for (PolicyRepresentation policyRepresentation : policiesToImport) {
if (parentPolicyName != null && !parentPolicyName.equals(policyRepresentation.getName())) {
continue;
}
Map<String, String> config = policyRepresentation.getConfig();
String applyPolicies = config.get("applyPolicies");
if (applyPolicies != null && !applyPolicies.isEmpty()) {
PolicyStore policyStore = storeFactory.getPolicyStore();
try {
List<String> policies = (List<String>) JsonSerialization.readValue(applyPolicies, List.class);
Set<String> policyIds = new HashSet<>();
for (String policyName : policies) {
Policy policy = policyStore.findByName(policyName, resourceServer.getId());
if (policy == null) {
policy = policyStore.findById(policyName, resourceServer.getId());
}
if (policy == null) {
policy = importPolicies(authorization, resourceServer, policiesToImport, policyName);
if (policy == null) {
throw new RuntimeException("Policy with name [" + policyName + "] not defined.");
}
}
policyIds.add(policy.getId());
}
config.put("applyPolicies", JsonSerialization.writeValueAsString(policyIds));
} catch (Exception e) {
throw new RuntimeException("Error while importing policy [" + policyRepresentation.getName() + "].", e);
}
}
PolicyStore policyStore = storeFactory.getPolicyStore();
Policy policy = policyStore.findById(policyRepresentation.getId(), resourceServer.getId());
if (policy == null) {
policy = policyStore.findByName(policyRepresentation.getName(), resourceServer.getId());
}
if (policy == null) {
policy = policyStore.create(policyRepresentation, resourceServer);
} else {
policy = toModel(policyRepresentation, authorization, policy);
}
if (parentPolicyName != null && parentPolicyName.equals(policyRepresentation.getName())) {
return policy;
}
}
return null;
}
Also used :
AbstractPolicyRepresentation(org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation)
PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation)
WebAuthnPolicy(org.keycloak.models.WebAuthnPolicy)
OTPPolicy(org.keycloak.models.OTPPolicy)
Policy(org.keycloak.authorization.model.Policy)
PasswordPolicy(org.keycloak.models.PasswordPolicy)
PolicyStore(org.keycloak.authorization.store.PolicyStore)
ArrayList(java.util.ArrayList)
List(java.util.List)
LinkedList(java.util.LinkedList)
ArtifactBindingUtils.computeArtifactBindingIdentifierString(org.keycloak.protocol.saml.util.ArtifactBindingUtils.computeArtifactBindingIdentifierString)
StoreFactory(org.keycloak.authorization.store.StoreFactory)
IOException(java.io.IOException)
PasswordPolicyNotMetException(org.keycloak.policy.PasswordPolicyNotMetException)
ModelException(org.keycloak.models.ModelException)
HashSet(java.util.HashSet)
Aggregations
PolicyStore (org.keycloak.authorization.store.PolicyStore)28
Policy (org.keycloak.authorization.model.Policy)20
StoreFactory (org.keycloak.authorization.store.StoreFactory)16
ResourceServer (org.keycloak.authorization.model.ResourceServer)11
AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)10
Resource (org.keycloak.authorization.model.Resource)10
Scope (org.keycloak.authorization.model.Scope)10
List (java.util.List)9
Map (java.util.Map)9
ArrayList (java.util.ArrayList)7
HashSet (java.util.HashSet)7
EnumMap (java.util.EnumMap)6
ResourceStore (org.keycloak.authorization.store.ResourceStore)6
KeycloakSession (org.keycloak.models.KeycloakSession)5
PolicyRepresentation (org.keycloak.representations.idm.authorization.PolicyRepresentation)5
IOException (java.io.IOException)4
HashMap (java.util.HashMap)4
LinkedList (java.util.LinkedList)4
Set (java.util.Set)4
Collectors (java.util.stream.Collectors)4
