Search in sources :

Example 26 with ResourceStore

use of org.keycloak.authorization.store.ResourceStore in project keycloak by keycloak.

the class MapPermissionTicketStore method findGrantedResources.

@Override
public List<Resource> findGrantedResources(String requester, String name, int first, int max) {
    DefaultModelCriteria<PermissionTicket> mcb = criteria();
    mcb = mcb.compare(SearchableFields.REQUESTER, Operator.EQ, requester).compare(SearchableFields.GRANTED_TIMESTAMP, Operator.EXISTS);
    Function<MapPermissionTicketEntity, Resource> ticketResourceMapper;
    ResourceStore resourceStore = authorizationProvider.getStoreFactory().getResourceStore();
    if (name != null) {
        ticketResourceMapper = ticket -> {
            Map<Resource.FilterOption, String[]> filterOptionMap = new EnumMap<>(Resource.FilterOption.class);
            filterOptionMap.put(Resource.FilterOption.ID, new String[] { ticket.getResourceId() });
            filterOptionMap.put(Resource.FilterOption.NAME, new String[] { name });
            List<Resource> resource = resourceStore.findByResourceServer(filterOptionMap, ticket.getResourceServerId(), -1, 1);
            return resource.isEmpty() ? null : resource.get(0);
        };
    } else {
        ticketResourceMapper = ticket -> resourceStore.findById(ticket.getResourceId(), ticket.getResourceServerId());
    }
    return paginatedStream(tx.read(withCriteria(mcb).orderBy(SearchableFields.RESOURCE_ID, ASCENDING)).filter(distinctByKey(MapPermissionTicketEntity::getResourceId)).map(ticketResourceMapper).filter(Objects::nonNull), first, max).collect(Collectors.toList());
}
Also used : PermissionTicket(org.keycloak.authorization.model.PermissionTicket) Resource(org.keycloak.authorization.model.Resource) Objects(java.util.Objects) ResourceStore(org.keycloak.authorization.store.ResourceStore) MapPermissionTicketEntity(org.keycloak.models.map.authorization.entity.MapPermissionTicketEntity) EnumMap(java.util.EnumMap)

Example 27 with ResourceStore

use of org.keycloak.authorization.store.ResourceStore in project keycloak by keycloak.

the class MapResourceServerStore method delete.

@Override
public void delete(ClientModel client) {
    String id = client.getId();
    LOG.tracef("delete(%s, %s)%s", id, getShortStackTrace());
    if (id == null)
        return;
    // TODO: Simplify the following, ideally by leveraging triggers, stored procedures or ref integrity
    PolicyStore policyStore = authorizationProvider.getStoreFactory().getPolicyStore();
    policyStore.findByResourceServer(id).stream().map(Policy::getId).forEach(policyStore::delete);
    PermissionTicketStore permissionTicketStore = authorizationProvider.getStoreFactory().getPermissionTicketStore();
    permissionTicketStore.findByResourceServer(id).stream().map(PermissionTicket::getId).forEach(permissionTicketStore::delete);
    ResourceStore resourceStore = authorizationProvider.getStoreFactory().getResourceStore();
    resourceStore.findByResourceServer(id).stream().map(Resource::getId).forEach(resourceStore::delete);
    ScopeStore scopeStore = authorizationProvider.getStoreFactory().getScopeStore();
    scopeStore.findByResourceServer(id).stream().map(Scope::getId).forEach(scopeStore::delete);
    tx.delete(id);
}
Also used : PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore) ScopeStore(org.keycloak.authorization.store.ScopeStore) PolicyStore(org.keycloak.authorization.store.PolicyStore) ResourceStore(org.keycloak.authorization.store.ResourceStore)

Example 28 with ResourceStore

use of org.keycloak.authorization.store.ResourceStore in project keycloak by keycloak.

the class RolePermissions method resource.

@Override
public Resource resource(RoleModel role) {
    ResourceStore resourceStore = authz.getStoreFactory().getResourceStore();
    ResourceServer server = resourceServer(role);
    if (server == null)
        return null;
    return resourceStore.findByName(getRoleResourceName(role), server.getId());
}
Also used : ResourceStore(org.keycloak.authorization.store.ResourceStore) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Example 29 with ResourceStore

use of org.keycloak.authorization.store.ResourceStore in project keycloak by keycloak.

the class RepresentationToModel method toModel.

public static Resource toModel(ResourceRepresentation resource, ResourceServer resourceServer, AuthorizationProvider authorization) {
    ResourceStore resourceStore = authorization.getStoreFactory().getResourceStore();
    ResourceOwnerRepresentation owner = resource.getOwner();
    if (owner == null) {
        owner = new ResourceOwnerRepresentation();
        owner.setId(resourceServer.getId());
    }
    String ownerId = owner.getId();
    if (ownerId == null) {
        ownerId = resourceServer.getId();
    }
    if (!resourceServer.getId().equals(ownerId)) {
        RealmModel realm = authorization.getRealm();
        KeycloakSession keycloakSession = authorization.getKeycloakSession();
        UserProvider users = keycloakSession.users();
        UserModel ownerModel = users.getUserById(realm, ownerId);
        if (ownerModel == null) {
            ownerModel = users.getUserByUsername(realm, ownerId);
        }
        if (ownerModel == null) {
            throw new RuntimeException("Owner must be a valid username or user identifier. If the resource server, the client id or null.");
        }
        ownerId = ownerModel.getId();
    }
    Resource existing;
    if (resource.getId() != null) {
        existing = resourceStore.findById(resource.getId(), resourceServer.getId());
    } else {
        existing = resourceStore.findByName(resource.getName(), ownerId, resourceServer.getId());
    }
    if (existing != null) {
        existing.setName(resource.getName());
        existing.setDisplayName(resource.getDisplayName());
        existing.setType(resource.getType());
        existing.updateUris(resource.getUris());
        existing.setIconUri(resource.getIconUri());
        existing.setOwnerManagedAccess(Boolean.TRUE.equals(resource.getOwnerManagedAccess()));
        existing.updateScopes(resource.getScopes().stream().map((ScopeRepresentation scope) -> toModel(scope, resourceServer, authorization, false)).collect(Collectors.toSet()));
        Map<String, List<String>> attributes = resource.getAttributes();
        if (attributes != null) {
            Set<String> existingAttrNames = existing.getAttributes().keySet();
            for (String name : existingAttrNames) {
                if (attributes.containsKey(name)) {
                    existing.setAttribute(name, attributes.get(name));
                    attributes.remove(name);
                } else {
                    existing.removeAttribute(name);
                }
            }
            for (String name : attributes.keySet()) {
                existing.setAttribute(name, attributes.get(name));
            }
        }
        return existing;
    }
    Resource model = resourceStore.create(resource.getId(), resource.getName(), resourceServer, ownerId);
    model.setDisplayName(resource.getDisplayName());
    model.setType(resource.getType());
    model.updateUris(resource.getUris());
    model.setIconUri(resource.getIconUri());
    model.setOwnerManagedAccess(Boolean.TRUE.equals(resource.getOwnerManagedAccess()));
    Set<ScopeRepresentation> scopes = resource.getScopes();
    if (scopes != null) {
        model.updateScopes(scopes.stream().map(scope -> toModel(scope, resourceServer, authorization, false)).collect(Collectors.toSet()));
    }
    Map<String, List<String>> attributes = resource.getAttributes();
    if (attributes != null) {
        for (Entry<String, List<String>> entry : attributes.entrySet()) {
            model.setAttribute(entry.getKey(), entry.getValue());
        }
    }
    resource.setId(model.getId());
    return model;
}
Also used : Resource(org.keycloak.authorization.model.Resource) ResourceStore(org.keycloak.authorization.store.ResourceStore) ResourceOwnerRepresentation(org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation) ArtifactBindingUtils.computeArtifactBindingIdentifierString(org.keycloak.protocol.saml.util.ArtifactBindingUtils.computeArtifactBindingIdentifierString) RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) UserProvider(org.keycloak.models.UserProvider) KeycloakSession(org.keycloak.models.KeycloakSession) ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) ArrayList(java.util.ArrayList) List(java.util.List) LinkedList(java.util.LinkedList)

Aggregations

ResourceStore (org.keycloak.authorization.store.ResourceStore)29 Resource (org.keycloak.authorization.model.Resource)22 StoreFactory (org.keycloak.authorization.store.StoreFactory)12 Scope (org.keycloak.authorization.model.Scope)11 ResourceServer (org.keycloak.authorization.model.ResourceServer)9 ArrayList (java.util.ArrayList)8 EnumMap (java.util.EnumMap)7 List (java.util.List)7 Map (java.util.Map)7 Set (java.util.Set)7 Policy (org.keycloak.authorization.model.Policy)7 UserModel (org.keycloak.models.UserModel)7 ErrorResponseException (org.keycloak.services.ErrorResponseException)7 HashMap (java.util.HashMap)6 LinkedList (java.util.LinkedList)6 Collectors (java.util.stream.Collectors)6 Produces (javax.ws.rs.Produces)6 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)6 PermissionTicket (org.keycloak.authorization.model.PermissionTicket)6 PolicyStore (org.keycloak.authorization.store.PolicyStore)6