use of org.keycloak.authorization.store.ResourceStore in project keycloak by keycloak.
the class MapPermissionTicketStore method findGrantedResources.
@Override
public List<Resource> findGrantedResources(String requester, String name, int first, int max) {
DefaultModelCriteria<PermissionTicket> mcb = criteria();
mcb = mcb.compare(SearchableFields.REQUESTER, Operator.EQ, requester).compare(SearchableFields.GRANTED_TIMESTAMP, Operator.EXISTS);
Function<MapPermissionTicketEntity, Resource> ticketResourceMapper;
ResourceStore resourceStore = authorizationProvider.getStoreFactory().getResourceStore();
if (name != null) {
ticketResourceMapper = ticket -> {
Map<Resource.FilterOption, String[]> filterOptionMap = new EnumMap<>(Resource.FilterOption.class);
filterOptionMap.put(Resource.FilterOption.ID, new String[] { ticket.getResourceId() });
filterOptionMap.put(Resource.FilterOption.NAME, new String[] { name });
List<Resource> resource = resourceStore.findByResourceServer(filterOptionMap, ticket.getResourceServerId(), -1, 1);
return resource.isEmpty() ? null : resource.get(0);
};
} else {
ticketResourceMapper = ticket -> resourceStore.findById(ticket.getResourceId(), ticket.getResourceServerId());
}
return paginatedStream(tx.read(withCriteria(mcb).orderBy(SearchableFields.RESOURCE_ID, ASCENDING)).filter(distinctByKey(MapPermissionTicketEntity::getResourceId)).map(ticketResourceMapper).filter(Objects::nonNull), first, max).collect(Collectors.toList());
}
use of org.keycloak.authorization.store.ResourceStore in project keycloak by keycloak.
the class MapResourceServerStore method delete.
@Override
public void delete(ClientModel client) {
String id = client.getId();
LOG.tracef("delete(%s, %s)%s", id, getShortStackTrace());
if (id == null)
return;
// TODO: Simplify the following, ideally by leveraging triggers, stored procedures or ref integrity
PolicyStore policyStore = authorizationProvider.getStoreFactory().getPolicyStore();
policyStore.findByResourceServer(id).stream().map(Policy::getId).forEach(policyStore::delete);
PermissionTicketStore permissionTicketStore = authorizationProvider.getStoreFactory().getPermissionTicketStore();
permissionTicketStore.findByResourceServer(id).stream().map(PermissionTicket::getId).forEach(permissionTicketStore::delete);
ResourceStore resourceStore = authorizationProvider.getStoreFactory().getResourceStore();
resourceStore.findByResourceServer(id).stream().map(Resource::getId).forEach(resourceStore::delete);
ScopeStore scopeStore = authorizationProvider.getStoreFactory().getScopeStore();
scopeStore.findByResourceServer(id).stream().map(Scope::getId).forEach(scopeStore::delete);
tx.delete(id);
}
use of org.keycloak.authorization.store.ResourceStore in project keycloak by keycloak.
the class RolePermissions method resource.
@Override
public Resource resource(RoleModel role) {
ResourceStore resourceStore = authz.getStoreFactory().getResourceStore();
ResourceServer server = resourceServer(role);
if (server == null)
return null;
return resourceStore.findByName(getRoleResourceName(role), server.getId());
}
use of org.keycloak.authorization.store.ResourceStore in project keycloak by keycloak.
the class RepresentationToModel method toModel.
public static Resource toModel(ResourceRepresentation resource, ResourceServer resourceServer, AuthorizationProvider authorization) {
ResourceStore resourceStore = authorization.getStoreFactory().getResourceStore();
ResourceOwnerRepresentation owner = resource.getOwner();
if (owner == null) {
owner = new ResourceOwnerRepresentation();
owner.setId(resourceServer.getId());
}
String ownerId = owner.getId();
if (ownerId == null) {
ownerId = resourceServer.getId();
}
if (!resourceServer.getId().equals(ownerId)) {
RealmModel realm = authorization.getRealm();
KeycloakSession keycloakSession = authorization.getKeycloakSession();
UserProvider users = keycloakSession.users();
UserModel ownerModel = users.getUserById(realm, ownerId);
if (ownerModel == null) {
ownerModel = users.getUserByUsername(realm, ownerId);
}
if (ownerModel == null) {
throw new RuntimeException("Owner must be a valid username or user identifier. If the resource server, the client id or null.");
}
ownerId = ownerModel.getId();
}
Resource existing;
if (resource.getId() != null) {
existing = resourceStore.findById(resource.getId(), resourceServer.getId());
} else {
existing = resourceStore.findByName(resource.getName(), ownerId, resourceServer.getId());
}
if (existing != null) {
existing.setName(resource.getName());
existing.setDisplayName(resource.getDisplayName());
existing.setType(resource.getType());
existing.updateUris(resource.getUris());
existing.setIconUri(resource.getIconUri());
existing.setOwnerManagedAccess(Boolean.TRUE.equals(resource.getOwnerManagedAccess()));
existing.updateScopes(resource.getScopes().stream().map((ScopeRepresentation scope) -> toModel(scope, resourceServer, authorization, false)).collect(Collectors.toSet()));
Map<String, List<String>> attributes = resource.getAttributes();
if (attributes != null) {
Set<String> existingAttrNames = existing.getAttributes().keySet();
for (String name : existingAttrNames) {
if (attributes.containsKey(name)) {
existing.setAttribute(name, attributes.get(name));
attributes.remove(name);
} else {
existing.removeAttribute(name);
}
}
for (String name : attributes.keySet()) {
existing.setAttribute(name, attributes.get(name));
}
}
return existing;
}
Resource model = resourceStore.create(resource.getId(), resource.getName(), resourceServer, ownerId);
model.setDisplayName(resource.getDisplayName());
model.setType(resource.getType());
model.updateUris(resource.getUris());
model.setIconUri(resource.getIconUri());
model.setOwnerManagedAccess(Boolean.TRUE.equals(resource.getOwnerManagedAccess()));
Set<ScopeRepresentation> scopes = resource.getScopes();
if (scopes != null) {
model.updateScopes(scopes.stream().map(scope -> toModel(scope, resourceServer, authorization, false)).collect(Collectors.toSet()));
}
Map<String, List<String>> attributes = resource.getAttributes();
if (attributes != null) {
for (Entry<String, List<String>> entry : attributes.entrySet()) {
model.setAttribute(entry.getKey(), entry.getValue());
}
}
resource.setId(model.getId());
return model;
}
Aggregations