use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.
the class GroupSynchronizer method synchronize.
@Override
public void synchronize(GroupModel.GroupRemovedEvent event, KeycloakSessionFactory factory) {
ProviderFactory<AuthorizationProvider> providerFactory = factory.getProviderFactory(AuthorizationProvider.class);
AuthorizationProvider authorizationProvider = providerFactory.create(event.getKeycloakSession());
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
PolicyStore policyStore = storeFactory.getPolicyStore();
GroupModel group = event.getGroup();
Map<Policy.FilterOption, String[]> attributes = new EnumMap<>(Policy.FilterOption.class);
attributes.put(Policy.FilterOption.TYPE, new String[] { "group" });
attributes.put(Policy.FilterOption.CONFIG, new String[] { "groups", group.getId() });
attributes.put(Policy.FilterOption.ANY_OWNER, Policy.FilterOption.EMPTY_FILTER);
List<Policy> search = policyStore.findByResourceServer(attributes, null, -1, -1);
for (Policy policy : search) {
PolicyProviderFactory policyFactory = authorizationProvider.getProviderFactory(policy.getType());
GroupPolicyRepresentation representation = GroupPolicyRepresentation.class.cast(policyFactory.toRepresentation(policy, authorizationProvider));
Set<GroupPolicyRepresentation.GroupDefinition> groups = representation.getGroups();
groups.removeIf(groupDefinition -> groupDefinition.getId().equals(group.getId()));
if (groups.isEmpty()) {
policyFactory.onRemove(policy, authorizationProvider);
policyStore.delete(policy.getId());
} else {
policyFactory.onUpdate(policy, representation, authorizationProvider);
}
}
}
use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.
the class ResourceSetService method delete.
@Path("{id}")
@DELETE
public Response delete(@PathParam("id") String id) {
requireManage();
StoreFactory storeFactory = authorization.getStoreFactory();
Resource resource = storeFactory.getResourceStore().findById(id, resourceServer.getId());
if (resource == null) {
return Response.status(Status.NOT_FOUND).build();
}
storeFactory.getResourceStore().delete(id);
audit(toRepresentation(resource, resourceServer.getId(), authorization), OperationType.DELETE);
return Response.noContent().build();
}
use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.
the class ResourceSetService method find.
public Response find(@QueryParam("_id") String id, @QueryParam("name") String name, @QueryParam("uri") String uri, @QueryParam("owner") String owner, @QueryParam("type") String type, @QueryParam("scope") String scope, @QueryParam("matchingUri") Boolean matchingUri, @QueryParam("exactName") Boolean exactName, @QueryParam("deep") Boolean deep, @QueryParam("first") Integer firstResult, @QueryParam("max") Integer maxResult, BiFunction<Resource, Boolean, ?> toRepresentation) {
requireView();
StoreFactory storeFactory = authorization.getStoreFactory();
if (deep == null) {
deep = true;
}
Map<Resource.FilterOption, String[]> search = new EnumMap<>(Resource.FilterOption.class);
if (id != null && !"".equals(id.trim())) {
search.put(Resource.FilterOption.ID, new String[] { id });
}
if (name != null && !"".equals(name.trim())) {
search.put(exactName != null && exactName ? Resource.FilterOption.EXACT_NAME : Resource.FilterOption.NAME, new String[] { name });
}
if (uri != null && !"".equals(uri.trim())) {
search.put(Resource.FilterOption.URI, new String[] { uri });
}
if (owner != null && !"".equals(owner.trim())) {
RealmModel realm = authorization.getKeycloakSession().getContext().getRealm();
ClientModel clientModel = realm.getClientByClientId(owner);
if (clientModel != null) {
owner = clientModel.getId();
} else {
UserModel user = authorization.getKeycloakSession().users().getUserByUsername(realm, owner);
if (user != null) {
owner = user.getId();
}
}
search.put(Resource.FilterOption.OWNER, new String[] { owner });
}
if (type != null && !"".equals(type.trim())) {
search.put(Resource.FilterOption.TYPE, new String[] { type });
}
if (scope != null && !"".equals(scope.trim())) {
Map<Scope.FilterOption, String[]> scopeFilter = new EnumMap<>(Scope.FilterOption.class);
scopeFilter.put(Scope.FilterOption.NAME, new String[] { scope });
List<Scope> scopes = authorization.getStoreFactory().getScopeStore().findByResourceServer(scopeFilter, resourceServer.getId(), -1, -1);
if (scopes.isEmpty()) {
return Response.ok(Collections.emptyList()).build();
}
search.put(Resource.FilterOption.SCOPE_ID, scopes.stream().map(Scope::getId).toArray(String[]::new));
}
List<Resource> resources = storeFactory.getResourceStore().findByResourceServer(search, this.resourceServer.getId(), firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS);
if (matchingUri != null && matchingUri && resources.isEmpty()) {
Map<Resource.FilterOption, String[]> attributes = new EnumMap<>(Resource.FilterOption.class);
attributes.put(Resource.FilterOption.URI_NOT_NULL, new String[] { "true" });
attributes.put(Resource.FilterOption.OWNER, new String[] { resourceServer.getId() });
List<Resource> serverResources = storeFactory.getResourceStore().findByResourceServer(attributes, this.resourceServer.getId(), firstResult != null ? firstResult : -1, maxResult != null ? maxResult : -1);
PathMatcher<Map.Entry<String, Resource>> pathMatcher = new PathMatcher<Map.Entry<String, Resource>>() {
@Override
protected String getPath(Map.Entry<String, Resource> entry) {
return entry.getKey();
}
@Override
protected Collection<Map.Entry<String, Resource>> getPaths() {
Map<String, Resource> result = new HashMap<>();
serverResources.forEach(resource -> resource.getUris().forEach(uri -> {
result.put(uri, resource);
}));
return result.entrySet();
}
};
Map.Entry<String, Resource> matches = pathMatcher.matches(uri);
if (matches != null) {
resources = Collections.singletonList(matches.getValue());
}
}
Boolean finalDeep = deep;
return Response.ok(resources.stream().map(resource -> toRepresentation.apply(resource, finalDeep)).collect(Collectors.toList())).build();
}
use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.
the class PolicyEvaluationService method createPermissions.
private List<ResourcePermission> createPermissions(PolicyEvaluationRequest representation, EvaluationContext evaluationContext, AuthorizationProvider authorization, AuthorizationRequest request) {
return representation.getResources().stream().flatMap((Function<ResourceRepresentation, Stream<ResourcePermission>>) resource -> {
StoreFactory storeFactory = authorization.getStoreFactory();
if (resource == null) {
resource = new ResourceRepresentation();
}
Set<ScopeRepresentation> givenScopes = resource.getScopes();
if (givenScopes == null) {
givenScopes = new HashSet<>();
}
ScopeStore scopeStore = storeFactory.getScopeStore();
Set<Scope> scopes = givenScopes.stream().map(scopeRepresentation -> scopeStore.findByName(scopeRepresentation.getName(), resourceServer.getId())).collect(Collectors.toSet());
if (resource.getId() != null) {
Resource resourceModel = storeFactory.getResourceStore().findById(resource.getId(), resourceServer.getId());
return new ArrayList<>(Arrays.asList(Permissions.createResourcePermissions(resourceModel, resourceServer, scopes, authorization, request))).stream();
} else if (resource.getType() != null) {
return storeFactory.getResourceStore().findByType(resource.getType(), resourceServer.getId()).stream().map(resource1 -> Permissions.createResourcePermissions(resource1, resourceServer, scopes, authorization, request));
} else {
if (scopes.isEmpty()) {
return Stream.empty();
}
List<Resource> resources = storeFactory.getResourceStore().findByScope(scopes.stream().map(Scope::getId).collect(Collectors.toList()), resourceServer.getId());
if (resources.isEmpty()) {
return scopes.stream().map(scope -> new ResourcePermission(null, new ArrayList<>(Arrays.asList(scope)), resourceServer));
}
return resources.stream().map(resource12 -> Permissions.createResourcePermissions(resource12, resourceServer, scopes, authorization, request));
}
}).collect(Collectors.toList());
}
use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.
the class PolicyService method findByName.
@Path("/search")
@GET
@Produces(MediaType.APPLICATION_JSON)
@NoCache
public Response findByName(@QueryParam("name") String name, @QueryParam("fields") String fields) {
if (auth != null) {
this.auth.realm().requireViewAuthorization();
}
StoreFactory storeFactory = authorization.getStoreFactory();
if (name == null) {
return Response.status(Status.BAD_REQUEST).build();
}
Policy model = storeFactory.getPolicyStore().findByName(name, this.resourceServer.getId());
if (model == null) {
return Response.noContent().build();
}
return Response.ok(toRepresentation(model, fields, authorization)).build();
}
Aggregations