Example 81 with RoleModel
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class RolePolicyProviderFactory method updateRoles.
private void updateRoles(Policy policy, AuthorizationProvider authorization, Set<RolePolicyRepresentation.RoleDefinition> roles) {
KeycloakSession session = authorization.getKeycloakSession();
RealmModel realm = authorization.getRealm();
Set<RolePolicyRepresentation.RoleDefinition> updatedRoles = new HashSet<>();
if (roles != null) {
for (RolePolicyRepresentation.RoleDefinition definition : roles) {
String roleName = definition.getId();
String clientId = null;
int clientIdSeparator = roleName.indexOf("/");
if (clientIdSeparator != -1) {
clientId = roleName.substring(0, clientIdSeparator);
roleName = roleName.substring(clientIdSeparator + 1);
}
RoleModel role;
if (clientId == null) {
role = realm.getRole(roleName);
if (role == null) {
role = realm.getRoleById(roleName);
}
} else {
ClientModel client = realm.getClientByClientId(clientId);
if (client == null) {
throw new RuntimeException("Client with id [" + clientId + "] not found.");
}
role = client.getRole(roleName);
}
if (role == null) {
throw new RuntimeException("Error while updating policy [" + policy.getName() + "]. Role [" + roleName + "] could not be found.");
}
definition.setId(role.getId());
updatedRoles.add(definition);
}
}
try {
policy.putConfig("roles", JsonSerialization.writeValueAsString(updatedRoles));
} catch (IOException cause) {
throw new RuntimeException("Failed to serialize roles", cause);
}
}
Also used :
RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation)
RoleModel(org.keycloak.models.RoleModel)
IOException(java.io.IOException)
RealmModel(org.keycloak.models.RealmModel)
ClientModel(org.keycloak.models.ClientModel)
KeycloakSession(org.keycloak.models.KeycloakSession)
HashSet(java.util.HashSet)
Example 82 with RoleModel
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class RolePolicyProviderFactory method onExport.
@Override
public void onExport(Policy policy, PolicyRepresentation representation, AuthorizationProvider authorizationProvider) {
Map<String, String> config = new HashMap<>();
Set<RolePolicyRepresentation.RoleDefinition> roles = toRepresentation(policy, authorizationProvider).getRoles();
for (RolePolicyRepresentation.RoleDefinition roleDefinition : roles) {
RoleModel role = authorizationProvider.getRealm().getRoleById(roleDefinition.getId());
if (role.isClientRole()) {
roleDefinition.setId(ClientModel.class.cast(role.getContainer()).getClientId() + "/" + role.getName());
} else {
roleDefinition.setId(role.getName());
}
}
try {
config.put("roles", JsonSerialization.writeValueAsString(roles));
} catch (IOException cause) {
throw new RuntimeException("Failed to export role policy [" + policy.getName() + "]", cause);
}
representation.setConfig(config);
}
Also used :
RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation)
HashMap(java.util.HashMap)
RoleModel(org.keycloak.models.RoleModel)
IOException(java.io.IOException)
Example 83 with RoleModel
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class RolePolicyProvider method evaluate.
@Override
public void evaluate(Evaluation evaluation) {
Policy policy = evaluation.getPolicy();
Set<RolePolicyRepresentation.RoleDefinition> roleIds = representationFunction.apply(policy, evaluation.getAuthorizationProvider()).getRoles();
AuthorizationProvider authorizationProvider = evaluation.getAuthorizationProvider();
RealmModel realm = authorizationProvider.getKeycloakSession().getContext().getRealm();
Identity identity = evaluation.getContext().getIdentity();
for (RolePolicyRepresentation.RoleDefinition roleDefinition : roleIds) {
RoleModel role = realm.getRoleById(roleDefinition.getId());
if (role != null) {
boolean hasRole = hasRole(identity, role, realm);
if (!hasRole && roleDefinition.isRequired()) {
evaluation.deny();
return;
} else if (hasRole) {
evaluation.grant();
}
}
}
}
Also used :
Policy(org.keycloak.authorization.model.Policy)
RealmModel(org.keycloak.models.RealmModel)
RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation)
AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider)
RoleModel(org.keycloak.models.RoleModel)
Identity(org.keycloak.authorization.identity.Identity)
Example 84 with RoleModel
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class HardcodedLDAPRoleStorageMapper method proxy.
@Override
public UserModel proxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm) {
return new UserModelDelegate(delegate) {
@Override
public Stream<RoleModel> getRealmRoleMappingsStream() {
Stream<RoleModel> realmRoleMappings = super.getRealmRoleMappingsStream();
RoleModel role = getRole(realm);
if (role != null && role.getContainer().equals(realm)) {
realmRoleMappings = Stream.concat(realmRoleMappings, Stream.of(role));
}
return realmRoleMappings;
}
@Override
public Stream<RoleModel> getClientRoleMappingsStream(ClientModel app) {
Stream<RoleModel> clientRoleMappings = super.getClientRoleMappingsStream(app);
RoleModel role = getRole(realm);
if (role != null && role.getContainer().equals(app)) {
return Stream.concat(clientRoleMappings, Stream.of(role));
}
return clientRoleMappings;
}
@Override
public boolean hasDirectRole(RoleModel role) {
return super.hasDirectRole(role) || role.equals(getRole(realm));
}
@Override
public boolean hasRole(RoleModel role) {
return super.hasRole(role) || role.equals(getRole(realm));
}
@Override
public Stream<RoleModel> getRoleMappingsStream() {
Stream<RoleModel> roleMappings = super.getRoleMappingsStream();
RoleModel role = getRole(realm);
if (role != null) {
roleMappings = Stream.concat(roleMappings, Stream.of(role));
}
return roleMappings;
}
@Override
public void deleteRoleMapping(RoleModel role) {
if (role.equals(getRole(realm))) {
throw new ModelException("Not possible to delete role. It's hardcoded by LDAP mapper");
} else {
super.deleteRoleMapping(role);
}
}
};
}
Also used :
ClientModel(org.keycloak.models.ClientModel)
UserModelDelegate(org.keycloak.models.utils.UserModelDelegate)
ModelException(org.keycloak.models.ModelException)
RoleModel(org.keycloak.models.RoleModel)
Example 85 with RoleModel
use of org.keycloak.models.RoleModel in project keycloak by keycloak.
the class HardcodedLDAPRoleStorageMapperFactory method validateConfiguration.
@Override
public void validateConfiguration(KeycloakSession session, RealmModel realm, ComponentModel config) throws ComponentValidationException {
String roleName = config.getConfig().getFirst(HardcodedLDAPRoleStorageMapper.ROLE);
if (roleName == null) {
throw new ComponentValidationException("Role can't be null");
}
RoleModel role = KeycloakModelUtils.getRoleFromString(realm, roleName);
if (role == null) {
throw new ComponentValidationException("There is no role corresponding to configured value");
}
}
Also used :
ComponentValidationException(org.keycloak.component.ComponentValidationException)
RoleModel(org.keycloak.models.RoleModel)
Aggregations
RoleModel (org.keycloak.models.RoleModel)153
ClientModel (org.keycloak.models.ClientModel)73
RealmModel (org.keycloak.models.RealmModel)69
UserModel (org.keycloak.models.UserModel)36
Path (javax.ws.rs.Path)29
Test (org.junit.Test)29
NotFoundException (javax.ws.rs.NotFoundException)25
NoCache (org.jboss.resteasy.annotations.cache.NoCache)20
KeycloakSession (org.keycloak.models.KeycloakSession)19
Consumes (javax.ws.rs.Consumes)17
List (java.util.List)16
GET (javax.ws.rs.GET)16
Produces (javax.ws.rs.Produces)16
RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)15
LinkedList (java.util.LinkedList)14
HashMap (java.util.HashMap)13
ArrayList (java.util.ArrayList)12
GroupModel (org.keycloak.models.GroupModel)12
RoleContainerModel (org.keycloak.models.RoleContainerModel)12
Policy (org.keycloak.authorization.model.Policy)11
