Search in sources :

Example 1 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class RolePolicyProviderFactory method postInit.

@Override
public void postInit(KeycloakSessionFactory factory) {
    factory.register(event -> {
        if (event instanceof RoleRemovedEvent) {
            KeycloakSession keycloakSession = ((RoleRemovedEvent) event).getKeycloakSession();
            AuthorizationProvider provider = keycloakSession.getProvider(AuthorizationProvider.class);
            StoreFactory storeFactory = provider.getStoreFactory();
            PolicyStore policyStore = storeFactory.getPolicyStore();
            RoleModel removedRole = ((RoleRemovedEvent) event).getRole();
            RoleContainerModel container = removedRole.getContainer();
            ResourceServerStore resourceServerStore = storeFactory.getResourceServerStore();
            if (container instanceof RealmModel) {
                RealmModel realm = (RealmModel) container;
                realm.getClientsStream().forEach(clientModel -> updateResourceServer(clientModel, removedRole, resourceServerStore, policyStore));
            } else {
                ClientModel clientModel = (ClientModel) container;
                updateResourceServer(clientModel, removedRole, resourceServerStore, policyStore);
            }
        }
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) ClientModel(org.keycloak.models.ClientModel) ResourceServerStore(org.keycloak.authorization.store.ResourceServerStore) KeycloakSession(org.keycloak.models.KeycloakSession) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) RoleRemovedEvent(org.keycloak.models.RoleContainerModel.RoleRemovedEvent) PolicyStore(org.keycloak.authorization.store.PolicyStore) RoleModel(org.keycloak.models.RoleModel) StoreFactory(org.keycloak.authorization.store.StoreFactory) RoleContainerModel(org.keycloak.models.RoleContainerModel)

Example 2 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class KeycloakOIDCClientInstallation method configureAuthorizationSettings.

private void configureAuthorizationSettings(KeycloakSession session, ClientModel client, ClientManager.InstallationAdapterConfig rep) {
    if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION) && new AuthorizationService(session, client, null, null).isEnabled()) {
        PolicyEnforcerConfig enforcerConfig = new PolicyEnforcerConfig();
        enforcerConfig.setEnforcementMode(null);
        enforcerConfig.setLazyLoadPaths(null);
        rep.setEnforcerConfig(enforcerConfig);
        Iterator<RoleModel> it = client.getRolesStream().iterator();
        RoleModel role = hasOnlyOne(it);
        if (role != null && role.getName().equals(Constants.AUTHZ_UMA_PROTECTION)) {
            rep.setUseResourceRoleMappings(null);
        }
    }
}
Also used : AuthorizationService(org.keycloak.authorization.admin.AuthorizationService) RoleModel(org.keycloak.models.RoleModel) PolicyEnforcerConfig(org.keycloak.representations.adapters.config.PolicyEnforcerConfig)

Example 3 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class ScopeMappedResource method deleteRealmScopeMappings.

/**
 * Remove a set of realm-level roles from the client's scope
 *
 * @param roles
 */
@Path("realm")
@DELETE
@Consumes(MediaType.APPLICATION_JSON)
public void deleteRealmScopeMappings(List<RoleRepresentation> roles) {
    managePermission.require();
    if (scopeContainer == null) {
        throw new NotFoundException("Could not find client");
    }
    if (roles == null) {
        roles = scopeContainer.getRealmScopeMappingsStream().peek(scopeContainer::deleteScopeMapping).map(ModelToRepresentation::toBriefRepresentation).collect(Collectors.toList());
    } else {
        for (RoleRepresentation role : roles) {
            RoleModel roleModel = realm.getRoleById(role.getId());
            if (roleModel == null) {
                throw new NotFoundException("Role not found");
            }
            scopeContainer.deleteScopeMapping(roleModel);
        }
    }
    adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).representation(roles).success();
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) NotFoundException(javax.ws.rs.NotFoundException) RoleModel(org.keycloak.models.RoleModel) ModelToRepresentation(org.keycloak.models.utils.ModelToRepresentation) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE) Consumes(javax.ws.rs.Consumes)

Example 4 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class ScopeMappedResource method addRealmScopeMappings.

/**
 * Add a set of realm-level roles to the client's scope
 *
 * @param roles
 */
@Path("realm")
@POST
@Consumes(MediaType.APPLICATION_JSON)
public void addRealmScopeMappings(List<RoleRepresentation> roles) {
    managePermission.require();
    if (scopeContainer == null) {
        throw new NotFoundException("Could not find client");
    }
    for (RoleRepresentation role : roles) {
        RoleModel roleModel = realm.getRoleById(role.getId());
        if (roleModel == null) {
            throw new NotFoundException("Role not found");
        }
        scopeContainer.addScopeMapping(roleModel);
    }
    adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri()).representation(roles).success();
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) NotFoundException(javax.ws.rs.NotFoundException) RoleModel(org.keycloak.models.RoleModel) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes)

Example 5 with RoleModel

use of org.keycloak.models.RoleModel in project keycloak by keycloak.

the class RoleByIdResource method getRealmRoleComposites.

/**
 * Get realm-level roles that are in the role's composite
 *
 * @param id
 * @return
 */
@Path("{role-id}/composites/realm")
@GET
@NoCache
@Produces(MediaType.APPLICATION_JSON)
public Stream<RoleRepresentation> getRealmRoleComposites(@PathParam("role-id") final String id) {
    RoleModel role = getRoleModel(id);
    auth.roles().requireView(role);
    return getRealmRoleComposites(role);
}
Also used : RoleModel(org.keycloak.models.RoleModel) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) NoCache(org.jboss.resteasy.annotations.cache.NoCache)

Aggregations

RoleModel (org.keycloak.models.RoleModel)153 ClientModel (org.keycloak.models.ClientModel)73 RealmModel (org.keycloak.models.RealmModel)69 UserModel (org.keycloak.models.UserModel)36 Path (javax.ws.rs.Path)29 Test (org.junit.Test)29 NotFoundException (javax.ws.rs.NotFoundException)25 NoCache (org.jboss.resteasy.annotations.cache.NoCache)20 KeycloakSession (org.keycloak.models.KeycloakSession)19 Consumes (javax.ws.rs.Consumes)17 List (java.util.List)16 GET (javax.ws.rs.GET)16 Produces (javax.ws.rs.Produces)16 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)15 LinkedList (java.util.LinkedList)14 HashMap (java.util.HashMap)13 ArrayList (java.util.ArrayList)12 GroupModel (org.keycloak.models.GroupModel)12 RoleContainerModel (org.keycloak.models.RoleContainerModel)12 Policy (org.keycloak.authorization.model.Policy)11