use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.
the class AuthorizationTokenService method getResourceServer.
private ResourceServer getResourceServer(PermissionTicketToken ticket, KeycloakAuthorizationRequest request) {
AuthorizationProvider authorization = request.getAuthorization();
StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServerStore resourceServerStore = storeFactory.getResourceServerStore();
String issuedFor = ticket.getIssuedFor();
if (issuedFor == null) {
CorsErrorResponseException missingIssuedForException = new CorsErrorResponseException(request.getCors(), OAuthErrorException.INVALID_REQUEST, "You must provide the issuedFor", Status.BAD_REQUEST);
fireErrorEvent(request.getEvent(), Errors.INVALID_REQUEST, missingIssuedForException);
throw missingIssuedForException;
}
ClientModel clientModel = request.getRealm().getClientByClientId(issuedFor);
if (clientModel == null) {
CorsErrorResponseException unknownServerIdException = new CorsErrorResponseException(request.getCors(), OAuthErrorException.INVALID_REQUEST, "Unknown resource server id: [" + issuedFor + "]", Status.BAD_REQUEST);
fireErrorEvent(request.getEvent(), Errors.INVALID_REQUEST, unknownServerIdException);
throw unknownServerIdException;
}
ResourceServer resourceServer = resourceServerStore.findByClient(clientModel);
if (resourceServer == null) {
CorsErrorResponseException unsupportedPermissionsException = new CorsErrorResponseException(request.getCors(), OAuthErrorException.INVALID_REQUEST, "Client does not support permissions", Status.BAD_REQUEST);
fireErrorEvent(request.getEvent(), Errors.INVALID_REQUEST, unsupportedPermissionsException);
throw unsupportedPermissionsException;
}
return resourceServer;
}
use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.
the class AuthorizationTokenService method createPermissions.
private Collection<ResourcePermission> createPermissions(PermissionTicketToken ticket, KeycloakAuthorizationRequest request, ResourceServer resourceServer, AuthorizationProvider authorization, EvaluationContext context) {
KeycloakIdentity identity = (KeycloakIdentity) context.getIdentity();
StoreFactory storeFactory = authorization.getStoreFactory();
Map<String, ResourcePermission> permissionsToEvaluate = new LinkedHashMap<>();
ResourceStore resourceStore = storeFactory.getResourceStore();
ScopeStore scopeStore = storeFactory.getScopeStore();
Metadata metadata = request.getMetadata();
final AtomicInteger limit = metadata != null && metadata.getLimit() != null ? new AtomicInteger(metadata.getLimit()) : null;
for (Permission permission : ticket.getPermissions()) {
if (limit != null && limit.get() <= 0) {
break;
}
Set<Scope> requestedScopesModel = resolveRequestedScopes(request, resourceServer, scopeStore, permission);
String resourceId = permission.getResourceId();
if (resourceId != null) {
resolveResourcePermission(request, resourceServer, identity, authorization, storeFactory, permissionsToEvaluate, resourceStore, limit, permission, requestedScopesModel, resourceId);
} else {
resolveScopePermissions(request, resourceServer, authorization, permissionsToEvaluate, resourceStore, limit, requestedScopesModel);
}
}
resolvePreviousGrantedPermissions(ticket, request, resourceServer, permissionsToEvaluate, resourceStore, scopeStore, limit);
return permissionsToEvaluate.values();
}
use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.
the class PermissionTicketService method find.
@GET
@Produces("application/json")
public Response find(@QueryParam("scopeId") String scopeId, @QueryParam("resourceId") String resourceId, @QueryParam("owner") String owner, @QueryParam("requester") String requester, @QueryParam("granted") Boolean granted, @QueryParam("returnNames") Boolean returnNames, @QueryParam("first") Integer firstResult, @QueryParam("max") Integer maxResult) {
StoreFactory storeFactory = authorization.getStoreFactory();
PermissionTicketStore permissionTicketStore = storeFactory.getPermissionTicketStore();
Map<PermissionTicket.FilterOption, String> filters = getFilters(storeFactory, resourceId, scopeId, owner, requester, granted);
return Response.ok().entity(permissionTicketStore.find(filters, resourceServer.getId(), firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS).stream().map(permissionTicket -> ModelToRepresentation.toRepresentation(permissionTicket, authorization, returnNames == null ? false : returnNames)).collect(Collectors.toList())).build();
}
use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.
the class PolicyResourceService method delete.
@DELETE
public Response delete() {
if (auth != null) {
this.auth.realm().requireManageAuthorization();
}
if (policy == null) {
return Response.status(Status.NOT_FOUND).build();
}
StoreFactory storeFactory = authorization.getStoreFactory();
PolicyStore policyStore = storeFactory.getPolicyStore();
PolicyProviderFactory resource = getProviderFactory(policy.getType());
if (resource != null) {
resource.onRemove(policy, authorization);
}
policyStore.delete(policy.getId());
audit(toRepresentation(policy, authorization), OperationType.DELETE);
return Response.noContent().build();
}
use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.
the class ScopeService method getPermissions.
@Path("{id}/permissions")
@GET
@NoCache
@Produces(MediaType.APPLICATION_JSON)
public Response getPermissions(@PathParam("id") String id) {
this.auth.realm().requireViewAuthorization();
StoreFactory storeFactory = this.authorization.getStoreFactory();
Scope model = storeFactory.getScopeStore().findById(id, resourceServer.getId());
if (model == null) {
return Response.status(Status.NOT_FOUND).build();
}
PolicyStore policyStore = storeFactory.getPolicyStore();
return Response.ok(policyStore.findByScopeIds(Arrays.asList(model.getId()), resourceServer.getId()).stream().map(policy -> {
PolicyRepresentation representation = new PolicyRepresentation();
representation.setId(policy.getId());
representation.setName(policy.getName());
representation.setType(policy.getType());
return representation;
}).collect(Collectors.toList())).build();
}
Aggregations