Examples with StoreFactory org.keycloak.authorization.store.StoreFactory used on opensource projects

Search in sources :

Example 36 with StoreFactory

use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.

the class ClientApplicationSynchronizer method removeFromClientPolicies.

private void removeFromClientPolicies(ClientRemovedEvent event, AuthorizationProvider authorizationProvider) {
    StoreFactory storeFactory = authorizationProvider.getStoreFactory();
    ResourceServerStore store = storeFactory.getResourceServerStore();
    ResourceServer resourceServer = store.findByClient(event.getClient());
    if (resourceServer != null) {
        storeFactory.getResourceServerStore().delete(event.getClient());
    }
    Map<Policy.FilterOption, String[]> attributes = new EnumMap<>(Policy.FilterOption.class);
    attributes.put(Policy.FilterOption.TYPE, new String[] { "client" });
    attributes.put(Policy.FilterOption.CONFIG, new String[] { "clients", event.getClient().getId() });
    attributes.put(Policy.FilterOption.ANY_OWNER, Policy.FilterOption.EMPTY_FILTER);
    List<Policy> search = storeFactory.getPolicyStore().findByResourceServer(attributes, null, -1, -1);
    for (Policy policy : search) {
        PolicyProviderFactory policyFactory = authorizationProvider.getProviderFactory(policy.getType());
        ClientPolicyRepresentation representation = ClientPolicyRepresentation.class.cast(policyFactory.toRepresentation(policy, authorizationProvider));
        Set<String> clients = representation.getClients();
        clients.remove(event.getClient().getId());
        if (clients.isEmpty()) {
            policyFactory.onRemove(policy, authorizationProvider);
            authorizationProvider.getStoreFactory().getPolicyStore().delete(policy.getId());
        } else {
            policyFactory.onUpdate(policy, representation, authorizationProvider);
        }
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) ResourceServerStore(org.keycloak.authorization.store.ResourceServerStore) PolicyProviderFactory(org.keycloak.authorization.policy.provider.PolicyProviderFactory) StoreFactory(org.keycloak.authorization.store.StoreFactory) ResourceServer(org.keycloak.authorization.model.ResourceServer) EnumMap(java.util.EnumMap)

Example 37 with StoreFactory

use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.

the class RealmSynchronizer method synchronize.

@Override
public void synchronize(RealmRemovedEvent event, KeycloakSessionFactory factory) {
    ProviderFactory<AuthorizationProvider> providerFactory = factory.getProviderFactory(AuthorizationProvider.class);
    AuthorizationProvider authorizationProvider = providerFactory.create(event.getKeycloakSession());
    StoreFactory storeFactory = authorizationProvider.getStoreFactory();
    ResourceServerStore resourceServerStore = storeFactory.getResourceServerStore();
    event.getRealm().getClientsStream().forEach(resourceServerStore::delete);
}
Also used : ResourceServerStore(org.keycloak.authorization.store.ResourceServerStore) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) StoreFactory(org.keycloak.authorization.store.StoreFactory)

Example 38 with StoreFactory

use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.

the class DefaultPolicyEvaluator method evaluate.

@Override
public void evaluate(ResourcePermission permission, AuthorizationProvider authorizationProvider, EvaluationContext executionContext, Decision decision, Map<Policy, Map<Object, Decision.Effect>> decisionCache) {
    StoreFactory storeFactory = authorizationProvider.getStoreFactory();
    PolicyStore policyStore = storeFactory.getPolicyStore();
    ResourceStore resourceStore = storeFactory.getResourceStore();
    ResourceServer resourceServer = permission.getResourceServer();
    PolicyEnforcementMode enforcementMode = resourceServer.getPolicyEnforcementMode();
    if (PolicyEnforcementMode.DISABLED.equals(enforcementMode)) {
        grantAndComplete(permission, authorizationProvider, executionContext, decision);
        return;
    }
    // if marked as granted we just complete the evaluation
    if (permission.isGranted()) {
        grantAndComplete(permission, authorizationProvider, executionContext, decision);
        return;
    }
    AtomicBoolean verified = new AtomicBoolean();
    Consumer<Policy> policyConsumer = createPolicyEvaluator(permission, authorizationProvider, executionContext, decision, verified, decisionCache);
    Resource resource = permission.getResource();
    if (resource != null) {
        policyStore.findByResource(resource.getId(), resourceServer.getId(), policyConsumer);
        if (resource.getType() != null) {
            policyStore.findByResourceType(resource.getType(), resourceServer.getId(), policyConsumer);
            if (!resource.getOwner().equals(resourceServer.getId())) {
                for (Resource typedResource : resourceStore.findByType(resource.getType(), resourceServer.getId())) {
                    policyStore.findByResource(typedResource.getId(), resourceServer.getId(), policyConsumer);
                }
            }
        }
    }
    Collection<Scope> scopes = permission.getScopes();
    if (!scopes.isEmpty()) {
        policyStore.findByScopeIds(scopes.stream().map(Scope::getId).collect(Collectors.toList()), null, resourceServer.getId(), policyConsumer);
    }
    if (verified.get()) {
        decision.onComplete(permission);
        return;
    }
    if (PolicyEnforcementMode.PERMISSIVE.equals(enforcementMode)) {
        grantAndComplete(permission, authorizationProvider, executionContext, decision);
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) Scope(org.keycloak.authorization.model.Scope) Resource(org.keycloak.authorization.model.Resource) PolicyStore(org.keycloak.authorization.store.PolicyStore) ResourceStore(org.keycloak.authorization.store.ResourceStore) StoreFactory(org.keycloak.authorization.store.StoreFactory) ResourceServer(org.keycloak.authorization.model.ResourceServer) PolicyEnforcementMode(org.keycloak.representations.idm.authorization.PolicyEnforcementMode)

Example 39 with StoreFactory

use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.

the class Permissions method populateTypedScopes.

private static Set<Scope> populateTypedScopes(Resource resource, ResourceServer resourceServer, List<Scope> defaultScopes, AuthorizationProvider authorization) {
    String type = resource.getType();
    if (type == null || resource.getOwner().equals(resourceServer.getId())) {
        return new LinkedHashSet<>(defaultScopes);
    }
    Set<Scope> scopes = new LinkedHashSet<>(defaultScopes);
    // check if there is a typed resource whose scopes are inherited by the resource being requested. In this case, we assume that parent resource
    // is owned by the resource server itself
    StoreFactory storeFactory = authorization.getStoreFactory();
    ResourceStore resourceStore = storeFactory.getResourceStore();
    resourceStore.findByType(type, resourceServer.getId(), resource1 -> {
        for (Scope typeScope : resource1.getScopes()) {
            if (!scopes.contains(typeScope)) {
                scopes.add(typeScope);
            }
        }
    });
    return scopes;
}
Also used : LinkedHashSet(java.util.LinkedHashSet) Scope(org.keycloak.authorization.model.Scope) ResourceStore(org.keycloak.authorization.store.ResourceStore) StoreFactory(org.keycloak.authorization.store.StoreFactory)

Example 40 with StoreFactory

use of org.keycloak.authorization.store.StoreFactory in project keycloak by keycloak.

the class ExportUtils method exportAuthorizationSettings.

public static ResourceServerRepresentation exportAuthorizationSettings(KeycloakSession session, ClientModel client) {
    AuthorizationProviderFactory providerFactory = (AuthorizationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class);
    AuthorizationProvider authorization = providerFactory.create(session, client.getRealm());
    StoreFactory storeFactory = authorization.getStoreFactory();
    ResourceServer settingsModel = authorization.getStoreFactory().getResourceServerStore().findByClient(client);
    if (settingsModel == null) {
        return null;
    }
    ResourceServerRepresentation representation = toRepresentation(settingsModel, client);
    representation.setId(null);
    representation.setName(null);
    representation.setClientId(null);
    List<ResourceRepresentation> resources = storeFactory.getResourceStore().findByResourceServer(settingsModel.getId()).stream().map(resource -> {
        ResourceRepresentation rep = toRepresentation(resource, settingsModel.getId(), authorization);
        if (rep.getOwner().getId().equals(settingsModel.getId())) {
            rep.setOwner((ResourceOwnerRepresentation) null);
        } else {
            rep.getOwner().setId(null);
        }
        rep.getScopes().forEach(scopeRepresentation -> {
            scopeRepresentation.setId(null);
            scopeRepresentation.setIconUri(null);
        });
        return rep;
    }).collect(Collectors.toList());
    representation.setResources(resources);
    List<PolicyRepresentation> policies = new ArrayList<>();
    PolicyStore policyStore = storeFactory.getPolicyStore();
    policies.addAll(policyStore.findByResourceServer(settingsModel.getId()).stream().filter(policy -> !policy.getType().equals("resource") && !policy.getType().equals("scope") && policy.getOwner() == null).map(policy -> createPolicyRepresentation(authorization, policy)).collect(Collectors.toList()));
    policies.addAll(policyStore.findByResourceServer(settingsModel.getId()).stream().filter(policy -> (policy.getType().equals("resource") || policy.getType().equals("scope") && policy.getOwner() == null)).map(policy -> createPolicyRepresentation(authorization, policy)).collect(Collectors.toList()));
    representation.setPolicies(policies);
    List<ScopeRepresentation> scopes = storeFactory.getScopeStore().findByResourceServer(settingsModel.getId()).stream().map(scope -> {
        ScopeRepresentation rep = toRepresentation(scope);
        rep.setPolicies(null);
        rep.setResources(null);
        return rep;
    }).collect(Collectors.toList());
    representation.setScopes(scopes);
    return representation;
}
Also used : ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Version(org.keycloak.common.Version) RoleContainerModel(org.keycloak.models.RoleContainerModel) Map(java.util.Map) ModelToRepresentation.toRepresentation(org.keycloak.models.utils.ModelToRepresentation.toRepresentation) CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation) UserConsentRepresentation(org.keycloak.representations.idm.UserConsentRepresentation) ResourceOwnerRepresentation(org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) ClientScopeModel(org.keycloak.models.ClientScopeModel) RealmModel(org.keycloak.models.RealmModel) FederatedIdentityRepresentation(org.keycloak.representations.idm.FederatedIdentityRepresentation) Collection(java.util.Collection) AuthorizationProviderFactory(org.keycloak.authorization.AuthorizationProviderFactory) Set(java.util.Set) RoleModel(org.keycloak.models.RoleModel) PolicyStore(org.keycloak.authorization.store.PolicyStore) Collectors(java.util.stream.Collectors) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) ModelToRepresentation(org.keycloak.models.utils.ModelToRepresentation) ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) List(java.util.List) Stream(java.util.stream.Stream) ClientModel(org.keycloak.models.ClientModel) Scope(org.keycloak.authorization.model.Scope) Profile(org.keycloak.common.Profile) JsonGenerator(com.fasterxml.jackson.core.JsonGenerator) ScopeMappingRepresentation(org.keycloak.representations.idm.ScopeMappingRepresentation) StoreFactory(org.keycloak.authorization.store.StoreFactory) HashMap(java.util.HashMap) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) UserModel(org.keycloak.models.UserModel) ComponentExportRepresentation(org.keycloak.representations.idm.ComponentExportRepresentation) JsonEncoding(com.fasterxml.jackson.core.JsonEncoding) ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation) LinkedList(java.util.LinkedList) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) ResourceServer(org.keycloak.authorization.model.ResourceServer) FederatedIdentityModel(org.keycloak.models.FederatedIdentityModel) OutputStream(java.io.OutputStream) RolesRepresentation(org.keycloak.representations.idm.RolesRepresentation) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) CredentialModel(org.keycloak.credential.CredentialModel) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) KeycloakSession(org.keycloak.models.KeycloakSession) IOException(java.io.IOException) JsonSerialization(org.keycloak.util.JsonSerialization) Policy(org.keycloak.authorization.model.Policy) JsonFactory(com.fasterxml.jackson.core.JsonFactory) SerializationFeature(com.fasterxml.jackson.databind.SerializationFeature) MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap) Resource(org.keycloak.authorization.model.Resource) ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) ArrayList(java.util.ArrayList) ResourceOwnerRepresentation(org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation) StoreFactory(org.keycloak.authorization.store.StoreFactory) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) AuthorizationProviderFactory(org.keycloak.authorization.AuthorizationProviderFactory) ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation) PolicyStore(org.keycloak.authorization.store.PolicyStore) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Aggregations

StoreFactory (org.keycloak.authorization.store.StoreFactory)61 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)33 ResourceServer (org.keycloak.authorization.model.ResourceServer)32 Policy (org.keycloak.authorization.model.Policy)31 Resource (org.keycloak.authorization.model.Resource)26 ClientModel (org.keycloak.models.ClientModel)21 Scope (org.keycloak.authorization.model.Scope)20 PolicyStore (org.keycloak.authorization.store.PolicyStore)20 Map (java.util.Map)19 List (java.util.List)17 ResourceStore (org.keycloak.authorization.store.ResourceStore)17 Path (javax.ws.rs.Path)15 Produces (javax.ws.rs.Produces)15 ArrayList (java.util.ArrayList)14 EnumMap (java.util.EnumMap)12 HashMap (java.util.HashMap)12 GET (javax.ws.rs.GET)12 KeycloakSession (org.keycloak.models.KeycloakSession)11 UserModel (org.keycloak.models.UserModel)11 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)11
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial