Examples with StoreFactory org.keycloak.authorization.store.StoreFactory used on opensource projects

Search in sources :

Example 21 with StoreFactory

use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.

the class PermissionTicketService method getPermissionCount.

@Path("/count")
@GET
@Produces("application/json")
public Response getPermissionCount(@QueryParam("scopeId") String scopeId, @QueryParam("resourceId") String resourceId, @QueryParam("owner") String owner, @QueryParam("requester") String requester, @QueryParam("granted") Boolean granted, @QueryParam("returnNames") Boolean returnNames) {
    StoreFactory storeFactory = authorization.getStoreFactory();
    PermissionTicketStore permissionTicketStore = storeFactory.getPermissionTicketStore();
    Map<PermissionTicket.FilterOption, String> filters = getFilters(storeFactory, resourceId, scopeId, owner, requester, granted);
    long count = permissionTicketStore.count(filters, resourceServer.getId());
    return Response.ok().entity(count).build();
}
Also used : PermissionTicketStore(org.keycloak.authorization.store.PermissionTicketStore) StoreFactory(org.keycloak.authorization.store.StoreFactory) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET)

Example 22 with StoreFactory

use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.

the class PolicyEvaluationTest method testCheckUserClientRoles.

public static void testCheckUserClientRoles(KeycloakSession session) {
    session.getContext().setRealm(session.realms().getRealmByName("authz-test"));
    AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
    ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
    StoreFactory storeFactory = authorization.getStoreFactory();
    ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
    JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
    policyRepresentation.setName("testCheckUserClientRoles");
    StringBuilder builder = new StringBuilder();
    builder.append("var realm = $evaluation.getRealm();");
    builder.append("var roles = realm.getUserClientRoles('trinity', 'role-mapping-client');");
    builder.append("if (roles.size() == 1 && roles.contains('client-role-a')) { $evaluation.grant(); }");
    policyRepresentation.setCode(builder.toString());
    Policy policy = storeFactory.getPolicyStore().create(policyRepresentation, resourceServer);
    PolicyProvider provider = authorization.getProvider(policy.getType());
    DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
    provider.evaluate(evaluation);
    Assert.assertEquals(Effect.PERMIT, evaluation.getEffect());
}
Also used : Policy(org.keycloak.authorization.model.Policy) ClientModel(org.keycloak.models.ClientModel) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) PolicyProvider(org.keycloak.authorization.policy.provider.PolicyProvider) StoreFactory(org.keycloak.authorization.store.StoreFactory) ResourceServer(org.keycloak.authorization.model.ResourceServer) DefaultEvaluation(org.keycloak.authorization.policy.evaluation.DefaultEvaluation)

Example 23 with StoreFactory

use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.

the class PolicyEvaluationTest method testCheckDateAndTime.

public static void testCheckDateAndTime(KeycloakSession session) {
    session.getContext().setRealm(session.realms().getRealmByName("authz-test"));
    AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
    ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
    StoreFactory storeFactory = authorization.getStoreFactory();
    ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
    TimePolicyRepresentation policyRepresentation = new TimePolicyRepresentation();
    policyRepresentation.setName("testCheckDateAndTime");
    // set the notOnOrAfter for 1 hour from now
    long notOnOrAfter = System.currentTimeMillis() + 3600000;
    Date notOnOrAfterDate = new Date(notOnOrAfter);
    policyRepresentation.setNotOnOrAfter(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(notOnOrAfterDate));
    // evaluation should succeed with the default context as it uses the current time as the date to be compared.
    Policy policy = storeFactory.getPolicyStore().create(policyRepresentation, resourceServer);
    PolicyProvider provider = authorization.getProvider(policy.getType());
    DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
    provider.evaluate(evaluation);
    Assert.assertEquals(Effect.PERMIT, evaluation.getEffect());
    // lets now override the context to use a time that exceeds the time that was set in the policy.
    long contextTime = System.currentTimeMillis() + 5400000;
    Map<String, Collection<String>> attributes = new HashMap<>();
    attributes.put("kc.time.date_time", Arrays.asList(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(new Date(contextTime))));
    evaluation = createEvaluation(session, authorization, null, resourceServer, policy, attributes);
    provider.evaluate(evaluation);
    Assert.assertEquals(Effect.DENY, evaluation.getEffect());
}
Also used : Policy(org.keycloak.authorization.model.Policy) HashMap(java.util.HashMap) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) StoreFactory(org.keycloak.authorization.store.StoreFactory) Date(java.util.Date) DefaultEvaluation(org.keycloak.authorization.policy.evaluation.DefaultEvaluation) ClientModel(org.keycloak.models.ClientModel) TimePolicyRepresentation(org.keycloak.representations.idm.authorization.TimePolicyRepresentation) PolicyProvider(org.keycloak.authorization.policy.provider.PolicyProvider) Collection(java.util.Collection) ResourceServer(org.keycloak.authorization.model.ResourceServer) SimpleDateFormat(java.text.SimpleDateFormat)

Example 24 with StoreFactory

use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.

the class PolicyEvaluationTest method testCheckReadOnlyInstances.

public static void testCheckReadOnlyInstances(KeycloakSession session) {
    session.getContext().setRealm(session.realms().getRealmByName("authz-test"));
    AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
    ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
    StoreFactory storeFactory = authorization.getStoreFactory();
    ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
    JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
    policyRepresentation.setName("testCheckReadOnlyInstances");
    StringBuilder builder = new StringBuilder();
    builder.append("$evaluation.getPermission().getResource().setName('test')");
    policyRepresentation.setCode(builder.toString());
    Policy policy = storeFactory.getPolicyStore().create(policyRepresentation, resourceServer);
    Resource resource = storeFactory.getResourceStore().create("Resource A", resourceServer, resourceServer.getId());
    Scope scope = storeFactory.getScopeStore().create("Scope A", resourceServer);
    resource.updateScopes(new HashSet<>(Arrays.asList(scope)));
    ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
    permission.setName("testCheckReadOnlyInstances permission");
    permission.addPolicy(policy.getId());
    permission.addResource(resource.getId());
    storeFactory.getPolicyStore().create(permission, resourceServer);
    session.getTransactionManager().commit();
    PermissionEvaluator evaluator = authorization.evaluators().from(Arrays.asList(new ResourcePermission(resource, Arrays.asList(scope), resourceServer)), createEvaluationContext(session, Collections.emptyMap()));
    try {
        evaluator.evaluate(resourceServer, null);
        Assert.fail("Instances should be marked as read-only");
    } catch (Exception ignore) {
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) PermissionEvaluator(org.keycloak.authorization.permission.evaluator.PermissionEvaluator) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) Resource(org.keycloak.authorization.model.Resource) StoreFactory(org.keycloak.authorization.store.StoreFactory) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) ClientModel(org.keycloak.models.ClientModel) Scope(org.keycloak.authorization.model.Scope) ResourceServer(org.keycloak.authorization.model.ResourceServer) ResourcePermission(org.keycloak.authorization.permission.ResourcePermission)

Example 25 with StoreFactory

use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.

the class PolicyEvaluationTest method testCheckUserInGroup.

public static void testCheckUserInGroup(KeycloakSession session) {
    session.getContext().setRealm(session.realms().getRealmByName("authz-test"));
    AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
    ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
    StoreFactory storeFactory = authorization.getStoreFactory();
    ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
    JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
    policyRepresentation.setName("testCheckUserInGroup");
    StringBuilder builder = new StringBuilder();
    builder.append("var realm = $evaluation.getRealm();");
    builder.append("if (realm.isUserInGroup('marta', 'Group C')) { $evaluation.grant(); }");
    policyRepresentation.setCode(builder.toString());
    Policy policy = storeFactory.getPolicyStore().create(policyRepresentation, resourceServer);
    PolicyProvider provider = authorization.getProvider(policy.getType());
    DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
    provider.evaluate(evaluation);
    Assert.assertNull(evaluation.getEffect());
    builder = new StringBuilder();
    builder.append("var realm = $evaluation.getRealm();");
    builder.append("if (realm.isUserInGroup('marta', 'Group A')) { $evaluation.grant(); }");
    policyRepresentation.setCode(builder.toString());
    policyRepresentation.setId(policy.getId());
    policy = RepresentationToModel.toModel(policyRepresentation, authorization, policy);
    evaluation = createEvaluation(session, authorization, resourceServer, policy);
    provider.evaluate(evaluation);
    Assert.assertEquals(Effect.PERMIT, evaluation.getEffect());
    builder = new StringBuilder();
    builder.append("var realm = $evaluation.getRealm();");
    builder.append("if (realm.isUserInGroup('marta', '/Group A')) { $evaluation.grant(); }");
    policyRepresentation.setCode(builder.toString());
    policyRepresentation.setId(policy.getId());
    policy = RepresentationToModel.toModel(policyRepresentation, authorization, policy);
    evaluation = createEvaluation(session, authorization, resourceServer, policy);
    provider.evaluate(evaluation);
    Assert.assertEquals(Effect.PERMIT, evaluation.getEffect());
    builder = new StringBuilder();
    builder.append("var realm = $evaluation.getRealm();");
    builder.append("if (realm.isUserInGroup('marta', '/Group A/Group B')) { $evaluation.grant(); }");
    policyRepresentation.setCode(builder.toString());
    policyRepresentation.setId(policy.getId());
    policy = RepresentationToModel.toModel(policyRepresentation, authorization, policy);
    evaluation = createEvaluation(session, authorization, resourceServer, policy);
    provider.evaluate(evaluation);
    Assert.assertNull(evaluation.getEffect());
    builder = new StringBuilder();
    builder.append("var realm = $evaluation.getRealm();");
    builder.append("if (realm.isUserInGroup('alice', '/Group A/Group B/Group E')) { $evaluation.grant(); }");
    policyRepresentation.setCode(builder.toString());
    policyRepresentation.setId(policy.getId());
    policy = RepresentationToModel.toModel(policyRepresentation, authorization, policy);
    evaluation = createEvaluation(session, authorization, resourceServer, policy);
    provider.evaluate(evaluation);
    Assert.assertEquals(Effect.PERMIT, evaluation.getEffect());
    builder = new StringBuilder();
    builder.append("var realm = $evaluation.getRealm();");
    builder.append("if (realm.isUserInGroup('alice', '/Group A')) { $evaluation.grant(); }");
    policyRepresentation.setCode(builder.toString());
    policyRepresentation.setId(policy.getId());
    policy = RepresentationToModel.toModel(policyRepresentation, authorization, policy);
    evaluation = createEvaluation(session, authorization, resourceServer, policy);
    provider.evaluate(evaluation);
    Assert.assertEquals(Effect.PERMIT, evaluation.getEffect());
    builder = new StringBuilder();
    builder.append("var realm = $evaluation.getRealm();");
    builder.append("if (!realm.isUserInGroup('alice', '/Group A', false)) { $evaluation.grant(); }");
    policyRepresentation.setCode(builder.toString());
    policyRepresentation.setId(policy.getId());
    policy = RepresentationToModel.toModel(policyRepresentation, authorization, policy);
    evaluation = createEvaluation(session, authorization, resourceServer, policy);
    provider.evaluate(evaluation);
    Assert.assertNull(evaluation.getEffect());
    builder = new StringBuilder();
    builder.append("var realm = $evaluation.getRealm();");
    builder.append("if (realm.isUserInGroup('alice', '/Group E')) { $evaluation.grant(); }");
    policyRepresentation.setCode(builder.toString());
    policyRepresentation.setId(policy.getId());
    policy = RepresentationToModel.toModel(policyRepresentation, authorization, policy);
    evaluation = createEvaluation(session, authorization, resourceServer, policy);
    provider.evaluate(evaluation);
    Assert.assertNull(evaluation.getEffect());
    builder = new StringBuilder();
    builder.append("var realm = $evaluation.getRealm();");
    builder.append("if (realm.isUserInGroup('alice', 'Group E')) { $evaluation.grant(); }");
    policyRepresentation.setCode(builder.toString());
    policyRepresentation.setId(policy.getId());
    policy = RepresentationToModel.toModel(policyRepresentation, authorization, policy);
    evaluation = createEvaluation(session, authorization, resourceServer, policy);
    provider.evaluate(evaluation);
    Assert.assertNull(evaluation.getEffect());
}
Also used : Policy(org.keycloak.authorization.model.Policy) ClientModel(org.keycloak.models.ClientModel) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) PolicyProvider(org.keycloak.authorization.policy.provider.PolicyProvider) StoreFactory(org.keycloak.authorization.store.StoreFactory) ResourceServer(org.keycloak.authorization.model.ResourceServer) DefaultEvaluation(org.keycloak.authorization.policy.evaluation.DefaultEvaluation)

Aggregations

StoreFactory (org.keycloak.authorization.store.StoreFactory)61 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)33 ResourceServer (org.keycloak.authorization.model.ResourceServer)32 Policy (org.keycloak.authorization.model.Policy)31 Resource (org.keycloak.authorization.model.Resource)26 ClientModel (org.keycloak.models.ClientModel)21 Scope (org.keycloak.authorization.model.Scope)20 PolicyStore (org.keycloak.authorization.store.PolicyStore)20 Map (java.util.Map)19 List (java.util.List)17 ResourceStore (org.keycloak.authorization.store.ResourceStore)17 Path (javax.ws.rs.Path)15 Produces (javax.ws.rs.Produces)15 ArrayList (java.util.ArrayList)14 EnumMap (java.util.EnumMap)12 HashMap (java.util.HashMap)12 GET (javax.ws.rs.GET)12 KeycloakSession (org.keycloak.models.KeycloakSession)11 UserModel (org.keycloak.models.UserModel)11 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)11
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial