Examples with StoreFactory org.keycloak.authorization.store.StoreFactory used on opensource projects

Search in sources :

Example 56 with StoreFactory

use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.

the class PolicyEvaluationTest method testCheckUserAttributes.

public static void testCheckUserAttributes(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName("authz-test");
    UserModel jdoe = session.users().getUserByUsername(realm, "jdoe");
    jdoe.setAttribute("a1", Arrays.asList("1", "2"));
    jdoe.setSingleAttribute("a2", "3");
    session.getContext().setRealm(realm);
    AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
    ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
    StoreFactory storeFactory = authorization.getStoreFactory();
    ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
    JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
    policyRepresentation.setName("testCheckUserAttributes");
    StringBuilder builder = new StringBuilder();
    builder.append("var realm = $evaluation.getRealm();");
    builder.append("var attributes = realm.getUserAttributes('jdoe');");
    builder.append("if (attributes.size() == 6 && attributes.containsKey('a1') && attributes.containsKey('a2') && attributes.get('a1').size() == 2 && attributes.get('a2').get(0).equals('3')) { $evaluation.grant(); }");
    policyRepresentation.setCode(builder.toString());
    Policy policy = storeFactory.getPolicyStore().create(policyRepresentation, resourceServer);
    PolicyProvider provider = authorization.getProvider(policy.getType());
    DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
    provider.evaluate(evaluation);
    Assert.assertEquals(Effect.PERMIT, evaluation.getEffect());
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) Policy(org.keycloak.authorization.model.Policy) ClientModel(org.keycloak.models.ClientModel) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) PolicyProvider(org.keycloak.authorization.policy.provider.PolicyProvider) StoreFactory(org.keycloak.authorization.store.StoreFactory) ResourceServer(org.keycloak.authorization.model.ResourceServer) DefaultEvaluation(org.keycloak.authorization.policy.evaluation.DefaultEvaluation)

Example 57 with StoreFactory

use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.

the class PolicyEvaluationTest method testCheckResourceAttributes.

public static void testCheckResourceAttributes(KeycloakSession session) {
    session.getContext().setRealm(session.realms().getRealmByName("authz-test"));
    AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
    ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
    StoreFactory storeFactory = authorization.getStoreFactory();
    ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
    JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
    policyRepresentation.setName("testCheckResourceAttributes");
    StringBuilder builder = new StringBuilder();
    builder.append("var permission = $evaluation.getPermission();");
    builder.append("var resource = permission.getResource();");
    builder.append("var attributes = resource.getAttributes();");
    builder.append("if (attributes.size() == 2 && attributes.containsKey('a1') && attributes.containsKey('a2') && attributes.get('a1').size() == 2 && attributes.get('a2').get(0).equals('3') && resource.getAttribute('a1').size() == 2 && resource.getSingleAttribute('a2').equals('3')) { $evaluation.grant(); }");
    policyRepresentation.setCode(builder.toString());
    Policy policy = storeFactory.getPolicyStore().create(policyRepresentation, resourceServer);
    PolicyProvider provider = authorization.getProvider(policy.getType());
    Resource resource = storeFactory.getResourceStore().create("testCheckResourceAttributesResource", resourceServer, resourceServer.getId());
    resource.setAttribute("a1", Arrays.asList("1", "2"));
    resource.setAttribute("a2", Arrays.asList("3"));
    DefaultEvaluation evaluation = createEvaluation(session, authorization, resource, resourceServer, policy);
    provider.evaluate(evaluation);
    Assert.assertEquals(Effect.PERMIT, evaluation.getEffect());
}
Also used : Policy(org.keycloak.authorization.model.Policy) ClientModel(org.keycloak.models.ClientModel) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) PolicyProvider(org.keycloak.authorization.policy.provider.PolicyProvider) Resource(org.keycloak.authorization.model.Resource) StoreFactory(org.keycloak.authorization.store.StoreFactory) ResourceServer(org.keycloak.authorization.model.ResourceServer) DefaultEvaluation(org.keycloak.authorization.policy.evaluation.DefaultEvaluation)

Example 58 with StoreFactory

use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.

the class PolicyEvaluationTest method testCachedDecisionsWithNegativePolicies.

public static void testCachedDecisionsWithNegativePolicies(KeycloakSession session) {
    session.getContext().setRealm(session.realms().getRealmByName("authz-test"));
    AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
    ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
    StoreFactory storeFactory = authorization.getStoreFactory();
    ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
    Scope readScope = storeFactory.getScopeStore().create("read", resourceServer);
    Scope writeScope = storeFactory.getScopeStore().create("write", resourceServer);
    JSPolicyRepresentation policy = new JSPolicyRepresentation();
    policy.setName(KeycloakModelUtils.generateId());
    policy.setCode("$evaluation.grant()");
    policy.setLogic(Logic.NEGATIVE);
    storeFactory.getPolicyStore().create(policy, resourceServer);
    ScopePermissionRepresentation readPermission = new ScopePermissionRepresentation();
    readPermission.setName(KeycloakModelUtils.generateId());
    readPermission.addScope(readScope.getId());
    readPermission.addPolicy(policy.getName());
    storeFactory.getPolicyStore().create(readPermission, resourceServer);
    ScopePermissionRepresentation writePermission = new ScopePermissionRepresentation();
    writePermission.setName(KeycloakModelUtils.generateId());
    writePermission.addScope(writeScope.getId());
    writePermission.addPolicy(policy.getName());
    storeFactory.getPolicyStore().create(writePermission, resourceServer);
    Resource resource = storeFactory.getResourceStore().create(KeycloakModelUtils.generateId(), resourceServer, resourceServer.getId());
    PermissionEvaluator evaluator = authorization.evaluators().from(Arrays.asList(new ResourcePermission(resource, Arrays.asList(readScope, writeScope), resourceServer)), createEvaluationContext(session, Collections.emptyMap()));
    Collection<Permission> permissions = evaluator.evaluate(resourceServer, null);
    Assert.assertEquals(0, permissions.size());
}
Also used : ClientModel(org.keycloak.models.ClientModel) PermissionEvaluator(org.keycloak.authorization.permission.evaluator.PermissionEvaluator) Scope(org.keycloak.authorization.model.Scope) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) Resource(org.keycloak.authorization.model.Resource) ResourcePermission(org.keycloak.authorization.permission.ResourcePermission) Permission(org.keycloak.representations.idm.authorization.Permission) StoreFactory(org.keycloak.authorization.store.StoreFactory) ResourceServer(org.keycloak.authorization.model.ResourceServer) ResourcePermission(org.keycloak.authorization.permission.ResourcePermission) ScopePermissionRepresentation(org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)

Example 59 with StoreFactory

use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.

the class RepresentationToModel method toModel.

public static Policy toModel(AbstractPolicyRepresentation representation, AuthorizationProvider authorization, Policy model) {
    model.setName(representation.getName());
    model.setDescription(representation.getDescription());
    model.setDecisionStrategy(representation.getDecisionStrategy());
    model.setLogic(representation.getLogic());
    Set resources = representation.getResources();
    Set scopes = representation.getScopes();
    Set policies = representation.getPolicies();
    if (representation instanceof PolicyRepresentation) {
        PolicyRepresentation policy = PolicyRepresentation.class.cast(representation);
        if (resources == null) {
            String resourcesConfig = policy.getConfig().get("resources");
            if (resourcesConfig != null) {
                try {
                    resources = JsonSerialization.readValue(resourcesConfig, Set.class);
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            }
        }
        if (scopes == null) {
            String scopesConfig = policy.getConfig().get("scopes");
            if (scopesConfig != null) {
                try {
                    scopes = JsonSerialization.readValue(scopesConfig, Set.class);
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            }
        }
        if (policies == null) {
            String policiesConfig = policy.getConfig().get("applyPolicies");
            if (policiesConfig != null) {
                try {
                    policies = JsonSerialization.readValue(policiesConfig, Set.class);
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            }
        }
        model.setConfig(policy.getConfig());
    }
    StoreFactory storeFactory = authorization.getStoreFactory();
    updateResources(resources, model, storeFactory);
    updateScopes(scopes, model, storeFactory);
    updateAssociatedPolicies(policies, model, storeFactory);
    PolicyProviderFactory provider = authorization.getProviderFactory(model.getType());
    if (representation instanceof PolicyRepresentation) {
        provider.onImport(model, PolicyRepresentation.class.cast(representation), authorization);
    } else if (representation.getId() == null) {
        provider.onCreate(model, representation, authorization);
    } else {
        provider.onUpdate(model, representation, authorization);
    }
    representation.setId(model.getId());
    return model;
}
Also used : AbstractPolicyRepresentation(org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) Set(java.util.Set) HashSet(java.util.HashSet) PolicyProviderFactory(org.keycloak.authorization.policy.provider.PolicyProviderFactory) ArtifactBindingUtils.computeArtifactBindingIdentifierString(org.keycloak.protocol.saml.util.ArtifactBindingUtils.computeArtifactBindingIdentifierString) IOException(java.io.IOException) StoreFactory(org.keycloak.authorization.store.StoreFactory)

Example 60 with StoreFactory

use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.

the class RepresentationToModel method toModel.

public static Scope toModel(ScopeRepresentation scope, ResourceServer resourceServer, AuthorizationProvider authorization, boolean updateIfExists) {
    StoreFactory storeFactory = authorization.getStoreFactory();
    ScopeStore scopeStore = storeFactory.getScopeStore();
    Scope existing;
    if (scope.getId() != null) {
        existing = scopeStore.findById(scope.getId(), resourceServer.getId());
    } else {
        existing = scopeStore.findByName(scope.getName(), resourceServer.getId());
    }
    if (existing != null) {
        if (updateIfExists) {
            existing.setName(scope.getName());
            existing.setDisplayName(scope.getDisplayName());
            existing.setIconUri(scope.getIconUri());
        }
        return existing;
    }
    Scope model = scopeStore.create(scope.getId(), scope.getName(), resourceServer);
    model.setDisplayName(scope.getDisplayName());
    model.setIconUri(scope.getIconUri());
    scope.setId(model.getId());
    return model;
}
Also used : Scope(org.keycloak.authorization.model.Scope) ScopeStore(org.keycloak.authorization.store.ScopeStore) StoreFactory(org.keycloak.authorization.store.StoreFactory)

Aggregations

StoreFactory (org.keycloak.authorization.store.StoreFactory)61 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)33 ResourceServer (org.keycloak.authorization.model.ResourceServer)32 Policy (org.keycloak.authorization.model.Policy)31 Resource (org.keycloak.authorization.model.Resource)26 ClientModel (org.keycloak.models.ClientModel)21 Scope (org.keycloak.authorization.model.Scope)20 PolicyStore (org.keycloak.authorization.store.PolicyStore)20 Map (java.util.Map)19 List (java.util.List)17 ResourceStore (org.keycloak.authorization.store.ResourceStore)17 Path (javax.ws.rs.Path)15 Produces (javax.ws.rs.Produces)15 ArrayList (java.util.ArrayList)14 EnumMap (java.util.EnumMap)12 HashMap (java.util.HashMap)12 GET (javax.ws.rs.GET)12 KeycloakSession (org.keycloak.models.KeycloakSession)11 UserModel (org.keycloak.models.UserModel)11 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)11
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial