Examples with StoreFactory org.keycloak.authorization.store.StoreFactory used on opensource projects

Search in sources :

Example 46 with StoreFactory

use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.

the class AuthorizationTokenService method getResourceServer.

private ResourceServer getResourceServer(PermissionTicketToken ticket, KeycloakAuthorizationRequest request) {
    AuthorizationProvider authorization = request.getAuthorization();
    StoreFactory storeFactory = authorization.getStoreFactory();
    ResourceServerStore resourceServerStore = storeFactory.getResourceServerStore();
    String issuedFor = ticket.getIssuedFor();
    if (issuedFor == null) {
        CorsErrorResponseException missingIssuedForException = new CorsErrorResponseException(request.getCors(), OAuthErrorException.INVALID_REQUEST, "You must provide the issuedFor", Status.BAD_REQUEST);
        fireErrorEvent(request.getEvent(), Errors.INVALID_REQUEST, missingIssuedForException);
        throw missingIssuedForException;
    }
    ClientModel clientModel = request.getRealm().getClientByClientId(issuedFor);
    if (clientModel == null) {
        CorsErrorResponseException unknownServerIdException = new CorsErrorResponseException(request.getCors(), OAuthErrorException.INVALID_REQUEST, "Unknown resource server id: [" + issuedFor + "]", Status.BAD_REQUEST);
        fireErrorEvent(request.getEvent(), Errors.INVALID_REQUEST, unknownServerIdException);
        throw unknownServerIdException;
    }
    ResourceServer resourceServer = resourceServerStore.findByClient(clientModel);
    if (resourceServer == null) {
        CorsErrorResponseException unsupportedPermissionsException = new CorsErrorResponseException(request.getCors(), OAuthErrorException.INVALID_REQUEST, "Client does not support permissions", Status.BAD_REQUEST);
        fireErrorEvent(request.getEvent(), Errors.INVALID_REQUEST, unsupportedPermissionsException);
        throw unsupportedPermissionsException;
    }
    return resourceServer;
}
Also used : ClientModel(org.keycloak.models.ClientModel) ResourceServerStore(org.keycloak.authorization.store.ResourceServerStore) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) CorsErrorResponseException(org.keycloak.services.CorsErrorResponseException) StoreFactory(org.keycloak.authorization.store.StoreFactory) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Example 47 with StoreFactory

use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.

the class AuthorizationTokenService method createPermissions.

private Collection<ResourcePermission> createPermissions(PermissionTicketToken ticket, KeycloakAuthorizationRequest request, ResourceServer resourceServer, AuthorizationProvider authorization, EvaluationContext context) {
    KeycloakIdentity identity = (KeycloakIdentity) context.getIdentity();
    StoreFactory storeFactory = authorization.getStoreFactory();
    Map<String, ResourcePermission> permissionsToEvaluate = new LinkedHashMap<>();
    ResourceStore resourceStore = storeFactory.getResourceStore();
    ScopeStore scopeStore = storeFactory.getScopeStore();
    Metadata metadata = request.getMetadata();
    final AtomicInteger limit = metadata != null && metadata.getLimit() != null ? new AtomicInteger(metadata.getLimit()) : null;
    for (Permission permission : ticket.getPermissions()) {
        if (limit != null && limit.get() <= 0) {
            break;
        }
        Set<Scope> requestedScopesModel = resolveRequestedScopes(request, resourceServer, scopeStore, permission);
        String resourceId = permission.getResourceId();
        if (resourceId != null) {
            resolveResourcePermission(request, resourceServer, identity, authorization, storeFactory, permissionsToEvaluate, resourceStore, limit, permission, requestedScopesModel, resourceId);
        } else {
            resolveScopePermissions(request, resourceServer, authorization, permissionsToEvaluate, resourceStore, limit, requestedScopesModel);
        }
    }
    resolvePreviousGrantedPermissions(ticket, request, resourceServer, permissionsToEvaluate, resourceStore, scopeStore, limit);
    return permissionsToEvaluate.values();
}
Also used : Metadata(org.keycloak.representations.idm.authorization.AuthorizationRequest.Metadata) ScopeStore(org.keycloak.authorization.store.ScopeStore) ResourceStore(org.keycloak.authorization.store.ResourceStore) StoreFactory(org.keycloak.authorization.store.StoreFactory) LinkedHashMap(java.util.LinkedHashMap) Scope(org.keycloak.authorization.model.Scope) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) KeycloakIdentity(org.keycloak.authorization.common.KeycloakIdentity) ResourcePermission(org.keycloak.authorization.permission.ResourcePermission) Permission(org.keycloak.representations.idm.authorization.Permission) ResourcePermission(org.keycloak.authorization.permission.ResourcePermission)

Example 48 with StoreFactory

use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.

the class PermissionTicketService method find.

@GET
@Produces("application/json")
public Response find(@QueryParam("scopeId") String scopeId, @QueryParam("resourceId") String resourceId, @QueryParam("owner") String owner, @QueryParam("requester") String requester, @QueryParam("granted") Boolean granted, @QueryParam("returnNames") Boolean returnNames, @QueryParam("first") Integer firstResult, @QueryParam("max") Integer maxResult) {
    StoreFactory storeFactory = authorization.getStoreFactory();
    PermissionTicketStore permissionTicketStore = storeFactory.getPermissionTicketStore();
    Map<PermissionTicket.FilterOption, String> filters = getFilters(storeFactory, resourceId, scopeId, owner, requester, granted);
    return Response.ok().entity(permissionTicketStore.find(filters, resourceServer.getId(), firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS).stream().map(permissionTicket -> ModelToRepresentation.toRepresentation(permissionTicket, authorization, returnNames == null ? false : returnNames)).collect(Collectors.toList())).build();
}
Also used : Scope(org.keycloak.authorization.model.Scope) PathParam(javax.ws.rs.PathParam) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) StoreFactory(org.keycloak.authorization.store.StoreFactory) Constants(org.keycloak.models.Constants) Path(javax.ws.rs.Path) PermissionTicket(org.keycloak.authorization.model.PermissionTicket) RepresentationToModel(org.keycloak.models.utils.RepresentationToModel) OAuthErrorException(org.keycloak.OAuthErrorException) UserModel(org.keycloak.models.UserModel) QueryParam(javax.ws.rs.QueryParam) Consumes(javax.ws.rs.Consumes) ErrorResponseException(org.keycloak.services.ErrorResponseException) Map(java.util.Map) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) DELETE(javax.ws.rs.DELETE) ResourceServer(org.keycloak.authorization.model.ResourceServer) RealmModel(org.keycloak.models.RealmModel) POST(javax.ws.rs.POST) EnumMap(java.util.EnumMap) ResourceStore(org.keycloak.authorization.store.ResourceStore) Collectors(java.util.stream.Collectors) KeycloakIdentity(org.keycloak.authorization.common.KeycloakIdentity) PermissionTicketRepresentation(org.keycloak.representations.idm.authorization.PermissionTicketRepresentation) UserProvider(org.keycloak.models.UserProvider) ScopeStore(org.keycloak.authorization.store.ScopeStore) ModelToRepresentation(org.keycloak.models.utils.ModelToRepresentation) Response(javax.ws.rs.core.Response) PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore) PUT(javax.ws.rs.PUT) Resource(org.keycloak.authorization.model.Resource) PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore) StoreFactory(org.keycloak.authorization.store.StoreFactory) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET)

Example 49 with StoreFactory

use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.

the class PolicyResourceService method delete.

@DELETE
public Response delete() {
    if (auth != null) {
        this.auth.realm().requireManageAuthorization();
    }
    if (policy == null) {
        return Response.status(Status.NOT_FOUND).build();
    }
    StoreFactory storeFactory = authorization.getStoreFactory();
    PolicyStore policyStore = storeFactory.getPolicyStore();
    PolicyProviderFactory resource = getProviderFactory(policy.getType());
    if (resource != null) {
        resource.onRemove(policy, authorization);
    }
    policyStore.delete(policy.getId());
    audit(toRepresentation(policy, authorization), OperationType.DELETE);
    return Response.noContent().build();
}
Also used : PolicyProviderFactory(org.keycloak.authorization.policy.provider.PolicyProviderFactory) PolicyStore(org.keycloak.authorization.store.PolicyStore) StoreFactory(org.keycloak.authorization.store.StoreFactory) DELETE(javax.ws.rs.DELETE)

Example 50 with StoreFactory

use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.

the class ScopeService method getPermissions.

@Path("{id}/permissions")
@GET
@NoCache
@Produces(MediaType.APPLICATION_JSON)
public Response getPermissions(@PathParam("id") String id) {
    this.auth.realm().requireViewAuthorization();
    StoreFactory storeFactory = this.authorization.getStoreFactory();
    Scope model = storeFactory.getScopeStore().findById(id, resourceServer.getId());
    if (model == null) {
        return Response.status(Status.NOT_FOUND).build();
    }
    PolicyStore policyStore = storeFactory.getPolicyStore();
    return Response.ok(policyStore.findByScopeIds(Arrays.asList(model.getId()), resourceServer.getId()).stream().map(policy -> {
        PolicyRepresentation representation = new PolicyRepresentation();
        representation.setId(policy.getId());
        representation.setName(policy.getName());
        representation.setType(policy.getType());
        return representation;
    }).collect(Collectors.toList())).build();
}
Also used : OperationType(org.keycloak.events.admin.OperationType) Scope(org.keycloak.authorization.model.Scope) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) PathParam(javax.ws.rs.PathParam) Arrays(java.util.Arrays) ResourceType(org.keycloak.events.admin.ResourceType) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) StoreFactory(org.keycloak.authorization.store.StoreFactory) Constants(org.keycloak.models.Constants) Path(javax.ws.rs.Path) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) MediaType(javax.ws.rs.core.MediaType) QueryParam(javax.ws.rs.QueryParam) Consumes(javax.ws.rs.Consumes) Map(java.util.Map) ModelToRepresentation.toRepresentation(org.keycloak.models.utils.ModelToRepresentation.toRepresentation) ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) Status(javax.ws.rs.core.Response.Status) DELETE(javax.ws.rs.DELETE) ResourceServer(org.keycloak.authorization.model.ResourceServer) POST(javax.ws.rs.POST) EnumMap(java.util.EnumMap) AdminPermissionEvaluator(org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator) KeycloakSession(org.keycloak.models.KeycloakSession) PolicyStore(org.keycloak.authorization.store.PolicyStore) Collectors(java.util.stream.Collectors) Policy(org.keycloak.authorization.model.Policy) List(java.util.List) NoCache(org.jboss.resteasy.annotations.cache.NoCache) Response(javax.ws.rs.core.Response) RepresentationToModel.toModel(org.keycloak.models.utils.RepresentationToModel.toModel) PUT(javax.ws.rs.PUT) Resource(org.keycloak.authorization.model.Resource) ErrorResponse(org.keycloak.services.ErrorResponse) AdminEventBuilder(org.keycloak.services.resources.admin.AdminEventBuilder) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) Scope(org.keycloak.authorization.model.Scope) PolicyStore(org.keycloak.authorization.store.PolicyStore) StoreFactory(org.keycloak.authorization.store.StoreFactory) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) NoCache(org.jboss.resteasy.annotations.cache.NoCache)

Aggregations

StoreFactory (org.keycloak.authorization.store.StoreFactory)61 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)33 ResourceServer (org.keycloak.authorization.model.ResourceServer)32 Policy (org.keycloak.authorization.model.Policy)31 Resource (org.keycloak.authorization.model.Resource)26 ClientModel (org.keycloak.models.ClientModel)21 Scope (org.keycloak.authorization.model.Scope)20 PolicyStore (org.keycloak.authorization.store.PolicyStore)20 Map (java.util.Map)19 List (java.util.List)17 ResourceStore (org.keycloak.authorization.store.ResourceStore)17 Path (javax.ws.rs.Path)15 Produces (javax.ws.rs.Produces)15 ArrayList (java.util.ArrayList)14 EnumMap (java.util.EnumMap)12 HashMap (java.util.HashMap)12 GET (javax.ws.rs.GET)12 KeycloakSession (org.keycloak.models.KeycloakSession)11 UserModel (org.keycloak.models.UserModel)11 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)11
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial