Examples with UserConsentModel org.keycloak.models.UserConsentModel used on opensource projects

Search in sources :

Example 21 with UserConsentModel

use of org.keycloak.models.UserConsentModel in project keycloak by keycloak.

the class JpaUserFederatedStorageProvider method toConsentModel.

private UserConsentModel toConsentModel(RealmModel realm, FederatedUserConsentEntity entity) {
    if (entity == null) {
        return null;
    }
    StorageId clientStorageId = null;
    if (entity.getClientId() == null) {
        clientStorageId = new StorageId(entity.getClientStorageProvider(), entity.getExternalClientId());
    } else {
        clientStorageId = new StorageId(entity.getClientId());
    }
    ClientModel client = realm.getClientById(clientStorageId.getId());
    UserConsentModel model = new UserConsentModel(client);
    model.setCreatedDate(entity.getCreatedDate());
    model.setLastUpdatedDate(entity.getLastUpdatedDate());
    Collection<FederatedUserConsentClientScopeEntity> grantedClientScopeEntities = entity.getGrantedClientScopes();
    if (grantedClientScopeEntities != null) {
        for (FederatedUserConsentClientScopeEntity grantedClientScope : grantedClientScopeEntities) {
            ClientScopeModel grantedClientScopeModel = realm.getClientScopeById(grantedClientScope.getScopeId());
            if (grantedClientScopeModel == null) {
                grantedClientScopeModel = realm.getClientById(grantedClientScope.getScopeId());
            }
            if (grantedClientScopeModel != null) {
                model.addGrantedClientScope(grantedClientScopeModel);
            }
        }
    }
    return model;
}
Also used : ClientModel(org.keycloak.models.ClientModel) FederatedUserConsentClientScopeEntity(org.keycloak.storage.jpa.entity.FederatedUserConsentClientScopeEntity) ClientScopeModel(org.keycloak.models.ClientScopeModel) StorageId(org.keycloak.storage.StorageId) UserConsentModel(org.keycloak.models.UserConsentModel)

Example 22 with UserConsentModel

use of org.keycloak.models.UserConsentModel in project keycloak by keycloak.

the class LoginActionsService method processConsent.

/**
 * OAuth grant page.  You should not invoked this directly!
 *
 * @return
 */
@Path("consent")
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public Response processConsent() {
    MultivaluedMap<String, String> formData = request.getDecodedFormParameters();
    event.event(EventType.LOGIN);
    String code = formData.getFirst(SESSION_CODE);
    String clientId = session.getContext().getUri().getQueryParameters().getFirst(Constants.CLIENT_ID);
    String tabId = session.getContext().getUri().getQueryParameters().getFirst(Constants.TAB_ID);
    SessionCodeChecks checks = checksForCode(null, code, null, clientId, tabId, REQUIRED_ACTION);
    if (!checks.verifyRequiredAction(AuthenticationSessionModel.Action.OAUTH_GRANT.name())) {
        return checks.getResponse();
    }
    AuthenticationSessionModel authSession = checks.getAuthenticationSession();
    initLoginEvent(authSession);
    UserModel user = authSession.getAuthenticatedUser();
    ClientModel client = authSession.getClient();
    if (formData.containsKey("cancel")) {
        LoginProtocol protocol = session.getProvider(LoginProtocol.class, authSession.getProtocol());
        protocol.setRealm(realm).setHttpHeaders(headers).setUriInfo(session.getContext().getUri()).setEventBuilder(event);
        Response response = protocol.sendError(authSession, Error.CONSENT_DENIED);
        event.error(Errors.REJECTED_BY_USER);
        return response;
    }
    UserConsentModel grantedConsent = session.users().getConsentByClient(realm, user.getId(), client.getId());
    if (grantedConsent == null) {
        grantedConsent = new UserConsentModel(client);
        session.users().addConsent(realm, user.getId(), grantedConsent);
    }
    // Update may not be required if all clientScopes were already granted (May happen for example with prompt=consent)
    boolean updateConsentRequired = false;
    for (String clientScopeId : authSession.getClientScopes()) {
        ClientScopeModel clientScope = KeycloakModelUtils.findClientScopeById(realm, client, clientScopeId);
        if (clientScope != null) {
            if (!grantedConsent.isClientScopeGranted(clientScope) && clientScope.isDisplayOnConsentScreen()) {
                grantedConsent.addGrantedClientScope(clientScope);
                updateConsentRequired = true;
            }
        } else {
            logger.warnf("Client scope or client with ID '%s' not found", clientScopeId);
        }
    }
    if (updateConsentRequired) {
        session.users().updateConsent(realm, user.getId(), grantedConsent);
    }
    event.detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED);
    event.success();
    ClientSessionContext clientSessionCtx = AuthenticationProcessor.attachSession(authSession, null, session, realm, clientConnection, event);
    return AuthenticationManager.redirectAfterSuccessfulFlow(session, realm, clientSessionCtx.getClientSession().getUserSession(), clientSessionCtx, request, session.getContext().getUri(), clientConnection, event, authSession);
}
Also used : UserModel(org.keycloak.models.UserModel) Response(javax.ws.rs.core.Response) ClientModel(org.keycloak.models.ClientModel) AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel) RootAuthenticationSessionModel(org.keycloak.sessions.RootAuthenticationSessionModel) ClientSessionContext(org.keycloak.models.ClientSessionContext) ClientScopeModel(org.keycloak.models.ClientScopeModel) OIDCLoginProtocol(org.keycloak.protocol.oidc.OIDCLoginProtocol) LoginProtocol(org.keycloak.protocol.LoginProtocol) UserConsentModel(org.keycloak.models.UserConsentModel) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes)

Example 23 with UserConsentModel

use of org.keycloak.models.UserConsentModel in project keycloak by keycloak.

the class UserCacheSession method getConsentsStream.

@Override
public Stream<UserConsentModel> getConsentsStream(RealmModel realm, String userId) {
    logger.tracev("getConsents: {0}", userId);
    String cacheKey = getConsentCacheKey(userId);
    if (realmInvalidations.contains(realm.getId()) || invalidations.contains(userId) || invalidations.contains(cacheKey)) {
        return getDelegate().getConsentsStream(realm, userId);
    }
    CachedUserConsents cached = cache.get(cacheKey, CachedUserConsents.class);
    if (cached == null) {
        Long loaded = cache.getCurrentRevision(cacheKey);
        List<UserConsentModel> consents = getDelegate().getConsentsStream(realm, userId).collect(Collectors.toList());
        cached = new CachedUserConsents(loaded, cacheKey, realm, consents);
        cache.addRevisioned(cached, startupRevision);
        return consents.stream();
    } else {
        return cached.getConsents().values().stream().map(cachedConsent -> toConsentModel(realm, cachedConsent)).filter(Objects::nonNull);
    }
}
Also used : InvalidationEvent(org.keycloak.models.cache.infinispan.events.InvalidationEvent) ClientModel(org.keycloak.models.ClientModel) ReadOnlyUserModelDelegate(org.keycloak.models.utils.ReadOnlyUserModelDelegate) CachedUser(org.keycloak.models.cache.infinispan.entities.CachedUser) ClientStorageProvider(org.keycloak.storage.client.ClientStorageProvider) ProtocolMapperModel(org.keycloak.models.ProtocolMapperModel) UserConsentsUpdatedEvent(org.keycloak.models.cache.infinispan.events.UserConsentsUpdatedEvent) KeycloakModelUtils(org.keycloak.models.utils.KeycloakModelUtils) Logger(org.jboss.logging.Logger) CacheableStorageProviderModel(org.keycloak.storage.CacheableStorageProviderModel) HashMap(java.util.HashMap) OnUserCache(org.keycloak.models.cache.OnUserCache) UserFederationLinkRemovedEvent(org.keycloak.models.cache.infinispan.events.UserFederationLinkRemovedEvent) StorageId(org.keycloak.storage.StorageId) KeycloakTransaction(org.keycloak.models.KeycloakTransaction) UserCacheRealmInvalidationEvent(org.keycloak.models.cache.infinispan.events.UserCacheRealmInvalidationEvent) HashSet(java.util.HashSet) ClusterProvider(org.keycloak.cluster.ClusterProvider) UserUpdatedEvent(org.keycloak.models.cache.infinispan.events.UserUpdatedEvent) UserModel(org.keycloak.models.UserModel) UserListQuery(org.keycloak.models.cache.infinispan.entities.UserListQuery) CachedUserConsent(org.keycloak.models.cache.infinispan.entities.CachedUserConsent) UserConsentModel(org.keycloak.models.UserConsentModel) Map(java.util.Map) ComponentModel(org.keycloak.component.ComponentModel) CachedUserConsents(org.keycloak.models.cache.infinispan.entities.CachedUserConsents) GroupModel(org.keycloak.models.GroupModel) UserStorageProviderModel(org.keycloak.storage.UserStorageProviderModel) FederatedIdentityModel(org.keycloak.models.FederatedIdentityModel) ClientScopeModel(org.keycloak.models.ClientScopeModel) RealmModel(org.keycloak.models.RealmModel) CachedFederatedIdentityLinks(org.keycloak.models.cache.infinispan.entities.CachedFederatedIdentityLinks) InIdentityProviderPredicate(org.keycloak.models.cache.infinispan.stream.InIdentityProviderPredicate) UserStorageProvider(org.keycloak.storage.UserStorageProvider) UserFederationLinkUpdatedEvent(org.keycloak.models.cache.infinispan.events.UserFederationLinkUpdatedEvent) KeycloakSession(org.keycloak.models.KeycloakSession) Set(java.util.Set) RoleModel(org.keycloak.models.RoleModel) IdentityProviderModel(org.keycloak.models.IdentityProviderModel) CachedUserModel(org.keycloak.models.cache.CachedUserModel) Collectors(java.util.stream.Collectors) UserFullInvalidationEvent(org.keycloak.models.cache.infinispan.events.UserFullInvalidationEvent) Objects(java.util.Objects) UserProvider(org.keycloak.models.UserProvider) ServiceAccountConstants(org.keycloak.common.constants.ServiceAccountConstants) List(java.util.List) Stream(java.util.stream.Stream) UserCache(org.keycloak.models.cache.UserCache) Objects(java.util.Objects) CachedUserConsents(org.keycloak.models.cache.infinispan.entities.CachedUserConsents) UserConsentModel(org.keycloak.models.UserConsentModel)

Example 24 with UserConsentModel

use of org.keycloak.models.UserConsentModel in project keycloak by keycloak.

the class UserCacheSession method toConsentModel.

private UserConsentModel toConsentModel(RealmModel realm, CachedUserConsent cachedConsent) {
    ClientModel client = session.clients().getClientById(realm, cachedConsent.getClientDbId());
    if (client == null) {
        return null;
    }
    UserConsentModel consentModel = new UserConsentModel(client);
    consentModel.setCreatedDate(cachedConsent.getCreatedDate());
    consentModel.setLastUpdatedDate(cachedConsent.getLastUpdatedDate());
    for (String clientScopeId : cachedConsent.getClientScopeIds()) {
        ClientScopeModel clientScope = KeycloakModelUtils.findClientScopeById(realm, client, clientScopeId);
        if (clientScope != null) {
            consentModel.addGrantedClientScope(clientScope);
        }
    }
    return consentModel;
}
Also used : ClientModel(org.keycloak.models.ClientModel) ClientScopeModel(org.keycloak.models.ClientScopeModel) UserConsentModel(org.keycloak.models.UserConsentModel)

Example 25 with UserConsentModel

use of org.keycloak.models.UserConsentModel in project keycloak by keycloak.

the class UserCacheSession method getConsentByClient.

@Override
public UserConsentModel getConsentByClient(RealmModel realm, String userId, String clientId) {
    logger.tracev("getConsentByClient: {0}", userId);
    String cacheKey = getConsentCacheKey(userId);
    if (realmInvalidations.contains(realm.getId()) || invalidations.contains(userId) || invalidations.contains(cacheKey)) {
        return getDelegate().getConsentByClient(realm, userId, clientId);
    }
    CachedUserConsents cached = cache.get(cacheKey, CachedUserConsents.class);
    if (cached == null) {
        Long loaded = cache.getCurrentRevision(cacheKey);
        List<UserConsentModel> consents = getDelegate().getConsentsStream(realm, userId).collect(Collectors.toList());
        cached = new CachedUserConsents(loaded, cacheKey, realm, consents);
        cache.addRevisioned(cached, startupRevision);
    }
    CachedUserConsent cachedConsent = cached.getConsents().get(clientId);
    if (cachedConsent == null)
        return null;
    return toConsentModel(realm, cachedConsent);
}
Also used : CachedUserConsents(org.keycloak.models.cache.infinispan.entities.CachedUserConsents) CachedUserConsent(org.keycloak.models.cache.infinispan.entities.CachedUserConsent) UserConsentModel(org.keycloak.models.UserConsentModel)

Aggregations

UserConsentModel (org.keycloak.models.UserConsentModel)32 ClientModel (org.keycloak.models.ClientModel)26 UserModel (org.keycloak.models.UserModel)20 RealmModel (org.keycloak.models.RealmModel)17 ClientScopeModel (org.keycloak.models.ClientScopeModel)16 KeycloakSession (org.keycloak.models.KeycloakSession)15 Test (org.junit.Test)10 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)10 ModelTest (org.keycloak.testsuite.arquillian.annotation.ModelTest)10 ArrayList (java.util.ArrayList)5 LinkedList (java.util.LinkedList)5 List (java.util.List)5 HashMap (java.util.HashMap)4 Map (java.util.Map)4 MultivaluedHashMap (org.keycloak.common.util.MultivaluedHashMap)4 ModelException (org.keycloak.models.ModelException)4 StorageId (org.keycloak.storage.StorageId)4 Objects (java.util.Objects)3 Set (java.util.Set)3 Collectors (java.util.stream.Collectors)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial