Examples with ResourceStore org.keycloak.authorization.store.ResourceStore used on opensource projects

Search in sources :

Example 11 with ResourceStore

use of org.keycloak.authorization.store.ResourceStore in project keycloak by keycloak.

the class JPAResourceStore method findByUri.

@Override
public List<Resource> findByUri(String uri, String resourceServerId) {
    TypedQuery<String> query = entityManager.createNamedQuery("findResourceIdByUri", String.class);
    query.setFlushMode(FlushModeType.COMMIT);
    query.setParameter("uri", uri);
    query.setParameter("serverId", resourceServerId);
    List<String> result = query.getResultList();
    List<Resource> list = new LinkedList<>();
    ResourceStore resourceStore = provider.getStoreFactory().getResourceStore();
    for (String id : result) {
        Resource resource = resourceStore.findById(id, resourceServerId);
        if (resource != null) {
            list.add(resource);
        }
    }
    return list;
}
Also used : Resource(org.keycloak.authorization.model.Resource) ResourceStore(org.keycloak.authorization.store.ResourceStore) LinkedList(java.util.LinkedList)

Example 12 with ResourceStore

use of org.keycloak.authorization.store.ResourceStore in project keycloak by keycloak.

the class JPAResourceStore method findByResourceServer.

@Override
public List<Resource> findByResourceServer(String resourceServerId) {
    TypedQuery<String> query = entityManager.createNamedQuery("findResourceIdByServerId", String.class);
    query.setParameter("serverId", resourceServerId);
    List<String> result = query.getResultList();
    List<Resource> list = new LinkedList<>();
    ResourceStore resourceStore = provider.getStoreFactory().getResourceStore();
    for (String id : result) {
        Resource resource = resourceStore.findById(id, resourceServerId);
        if (resource != null) {
            list.add(resource);
        }
    }
    return list;
}
Also used : Resource(org.keycloak.authorization.model.Resource) ResourceStore(org.keycloak.authorization.store.ResourceStore) LinkedList(java.util.LinkedList)

Example 13 with ResourceStore

use of org.keycloak.authorization.store.ResourceStore in project keycloak by keycloak.

the class DecisionPermissionCollector method grantPermission.

protected void grantPermission(AuthorizationProvider authorizationProvider, Set<Permission> permissions, ResourcePermission permission, Collection<Scope> grantedScopes, ResourceServer resourceServer, AuthorizationRequest request, Result result) {
    Set<String> scopeNames = grantedScopes.stream().map(Scope::getName).collect(Collectors.toSet());
    Resource resource = permission.getResource();
    if (resource != null) {
        permissions.add(createPermission(resource, scopeNames, permission.getClaims(), request));
    } else if (!grantedScopes.isEmpty()) {
        ResourceStore resourceStore = authorizationProvider.getStoreFactory().getResourceStore();
        resourceStore.findByScope(grantedScopes.stream().map(Scope::getId).collect(Collectors.toList()), resourceServer.getId(), resource1 -> permissions.add(createPermission(resource, scopeNames, permission.getClaims(), request)));
        permissions.add(createPermission(null, scopeNames, permission.getClaims(), request));
    }
}
Also used : ResourceServer(org.keycloak.authorization.model.ResourceServer) ResourcePermission(org.keycloak.authorization.permission.ResourcePermission) Scope(org.keycloak.authorization.model.Scope) Permission(org.keycloak.representations.idm.authorization.Permission) Collection(java.util.Collection) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) Set(java.util.Set) DecisionStrategy(org.keycloak.representations.idm.authorization.DecisionStrategy) ResourceStore(org.keycloak.authorization.store.ResourceStore) Collectors(java.util.stream.Collectors) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) Policy(org.keycloak.authorization.model.Policy) List(java.util.List) Map(java.util.Map) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) LinkedHashSet(java.util.LinkedHashSet) Resource(org.keycloak.authorization.model.Resource) Resource(org.keycloak.authorization.model.Resource) ResourceStore(org.keycloak.authorization.store.ResourceStore)

Example 14 with ResourceStore

use of org.keycloak.authorization.store.ResourceStore in project keycloak by keycloak.

the class DefaultPolicyEvaluator method evaluate.

@Override
public void evaluate(ResourcePermission permission, AuthorizationProvider authorizationProvider, EvaluationContext executionContext, Decision decision, Map<Policy, Map<Object, Decision.Effect>> decisionCache) {
    StoreFactory storeFactory = authorizationProvider.getStoreFactory();
    PolicyStore policyStore = storeFactory.getPolicyStore();
    ResourceStore resourceStore = storeFactory.getResourceStore();
    ResourceServer resourceServer = permission.getResourceServer();
    PolicyEnforcementMode enforcementMode = resourceServer.getPolicyEnforcementMode();
    if (PolicyEnforcementMode.DISABLED.equals(enforcementMode)) {
        grantAndComplete(permission, authorizationProvider, executionContext, decision);
        return;
    }
    // if marked as granted we just complete the evaluation
    if (permission.isGranted()) {
        grantAndComplete(permission, authorizationProvider, executionContext, decision);
        return;
    }
    AtomicBoolean verified = new AtomicBoolean();
    Consumer<Policy> policyConsumer = createPolicyEvaluator(permission, authorizationProvider, executionContext, decision, verified, decisionCache);
    Resource resource = permission.getResource();
    if (resource != null) {
        policyStore.findByResource(resource.getId(), resourceServer.getId(), policyConsumer);
        if (resource.getType() != null) {
            policyStore.findByResourceType(resource.getType(), resourceServer.getId(), policyConsumer);
            if (!resource.getOwner().equals(resourceServer.getId())) {
                for (Resource typedResource : resourceStore.findByType(resource.getType(), resourceServer.getId())) {
                    policyStore.findByResource(typedResource.getId(), resourceServer.getId(), policyConsumer);
                }
            }
        }
    }
    Collection<Scope> scopes = permission.getScopes();
    if (!scopes.isEmpty()) {
        policyStore.findByScopeIds(scopes.stream().map(Scope::getId).collect(Collectors.toList()), null, resourceServer.getId(), policyConsumer);
    }
    if (verified.get()) {
        decision.onComplete(permission);
        return;
    }
    if (PolicyEnforcementMode.PERMISSIVE.equals(enforcementMode)) {
        grantAndComplete(permission, authorizationProvider, executionContext, decision);
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) Scope(org.keycloak.authorization.model.Scope) Resource(org.keycloak.authorization.model.Resource) PolicyStore(org.keycloak.authorization.store.PolicyStore) ResourceStore(org.keycloak.authorization.store.ResourceStore) StoreFactory(org.keycloak.authorization.store.StoreFactory) ResourceServer(org.keycloak.authorization.model.ResourceServer) PolicyEnforcementMode(org.keycloak.representations.idm.authorization.PolicyEnforcementMode)

Example 15 with ResourceStore

use of org.keycloak.authorization.store.ResourceStore in project keycloak by keycloak.

the class Permissions method populateTypedScopes.

private static Set<Scope> populateTypedScopes(Resource resource, ResourceServer resourceServer, List<Scope> defaultScopes, AuthorizationProvider authorization) {
    String type = resource.getType();
    if (type == null || resource.getOwner().equals(resourceServer.getId())) {
        return new LinkedHashSet<>(defaultScopes);
    }
    Set<Scope> scopes = new LinkedHashSet<>(defaultScopes);
    // check if there is a typed resource whose scopes are inherited by the resource being requested. In this case, we assume that parent resource
    // is owned by the resource server itself
    StoreFactory storeFactory = authorization.getStoreFactory();
    ResourceStore resourceStore = storeFactory.getResourceStore();
    resourceStore.findByType(type, resourceServer.getId(), resource1 -> {
        for (Scope typeScope : resource1.getScopes()) {
            if (!scopes.contains(typeScope)) {
                scopes.add(typeScope);
            }
        }
    });
    return scopes;
}
Also used : LinkedHashSet(java.util.LinkedHashSet) Scope(org.keycloak.authorization.model.Scope) ResourceStore(org.keycloak.authorization.store.ResourceStore) StoreFactory(org.keycloak.authorization.store.StoreFactory)

Aggregations

ResourceStore (org.keycloak.authorization.store.ResourceStore)29 Resource (org.keycloak.authorization.model.Resource)22 StoreFactory (org.keycloak.authorization.store.StoreFactory)12 Scope (org.keycloak.authorization.model.Scope)11 ResourceServer (org.keycloak.authorization.model.ResourceServer)9 ArrayList (java.util.ArrayList)8 EnumMap (java.util.EnumMap)7 List (java.util.List)7 Map (java.util.Map)7 Set (java.util.Set)7 Policy (org.keycloak.authorization.model.Policy)7 UserModel (org.keycloak.models.UserModel)7 ErrorResponseException (org.keycloak.services.ErrorResponseException)7 HashMap (java.util.HashMap)6 LinkedList (java.util.LinkedList)6 Collectors (java.util.stream.Collectors)6 Produces (javax.ws.rs.Produces)6 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)6 PermissionTicket (org.keycloak.authorization.model.PermissionTicket)6 PolicyStore (org.keycloak.authorization.store.PolicyStore)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial