use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class RolePolicyProviderFactory method postInit.
@Override
public void postInit(KeycloakSessionFactory factory) {
factory.register(event -> {
if (event instanceof RoleRemovedEvent) {
KeycloakSession keycloakSession = ((RoleRemovedEvent) event).getKeycloakSession();
AuthorizationProvider provider = keycloakSession.getProvider(AuthorizationProvider.class);
StoreFactory storeFactory = provider.getStoreFactory();
PolicyStore policyStore = storeFactory.getPolicyStore();
RoleModel removedRole = ((RoleRemovedEvent) event).getRole();
RoleContainerModel container = removedRole.getContainer();
ResourceServerStore resourceServerStore = storeFactory.getResourceServerStore();
if (container instanceof RealmModel) {
RealmModel realm = (RealmModel) container;
realm.getClientsStream().forEach(clientModel -> updateResourceServer(clientModel, removedRole, resourceServerStore, policyStore));
} else {
ClientModel clientModel = (ClientModel) container;
updateResourceServer(clientModel, removedRole, resourceServerStore, policyStore);
}
}
});
}
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class KeycloakOIDCClientInstallation method configureAuthorizationSettings.
private void configureAuthorizationSettings(KeycloakSession session, ClientModel client, ClientManager.InstallationAdapterConfig rep) {
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION) && new AuthorizationService(session, client, null, null).isEnabled()) {
PolicyEnforcerConfig enforcerConfig = new PolicyEnforcerConfig();
enforcerConfig.setEnforcementMode(null);
enforcerConfig.setLazyLoadPaths(null);
rep.setEnforcerConfig(enforcerConfig);
Iterator<RoleModel> it = client.getRolesStream().iterator();
RoleModel role = hasOnlyOne(it);
if (role != null && role.getName().equals(Constants.AUTHZ_UMA_PROTECTION)) {
rep.setUseResourceRoleMappings(null);
}
}
}
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class ScopeMappedResource method deleteRealmScopeMappings.
/**
* Remove a set of realm-level roles from the client's scope
*
* @param roles
*/
@Path("realm")
@DELETE
@Consumes(MediaType.APPLICATION_JSON)
public void deleteRealmScopeMappings(List<RoleRepresentation> roles) {
managePermission.require();
if (scopeContainer == null) {
throw new NotFoundException("Could not find client");
}
if (roles == null) {
roles = scopeContainer.getRealmScopeMappingsStream().peek(scopeContainer::deleteScopeMapping).map(ModelToRepresentation::toBriefRepresentation).collect(Collectors.toList());
} else {
for (RoleRepresentation role : roles) {
RoleModel roleModel = realm.getRoleById(role.getId());
if (roleModel == null) {
throw new NotFoundException("Role not found");
}
scopeContainer.deleteScopeMapping(roleModel);
}
}
adminEvent.operation(OperationType.DELETE).resourcePath(session.getContext().getUri()).representation(roles).success();
}
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class ScopeMappedResource method addRealmScopeMappings.
/**
* Add a set of realm-level roles to the client's scope
*
* @param roles
*/
@Path("realm")
@POST
@Consumes(MediaType.APPLICATION_JSON)
public void addRealmScopeMappings(List<RoleRepresentation> roles) {
managePermission.require();
if (scopeContainer == null) {
throw new NotFoundException("Could not find client");
}
for (RoleRepresentation role : roles) {
RoleModel roleModel = realm.getRoleById(role.getId());
if (roleModel == null) {
throw new NotFoundException("Role not found");
}
scopeContainer.addScopeMapping(roleModel);
}
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri()).representation(roles).success();
}
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class RoleByIdResource method getRealmRoleComposites.
/**
* Get realm-level roles that are in the role's composite
*
* @param id
* @return
*/
@Path("{role-id}/composites/realm")
@GET
@NoCache
@Produces(MediaType.APPLICATION_JSON)
public Stream<RoleRepresentation> getRealmRoleComposites(@PathParam("role-id") final String id) {
RoleModel role = getRoleModel(id);
auth.roles().requireView(role);
return getRealmRoleComposites(role);
}
Aggregations