Examples with PathConfig org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig used on opensource projects

Search in sources :

Example 1 with PathConfig

use of org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig in project keycloak by keycloak.

the class AbstractPolicyEnforcer method authorize.

public AuthorizationContext authorize(OIDCHttpFacade httpFacade) {
    EnforcementMode enforcementMode = getEnforcerConfig().getEnforcementMode();
    KeycloakSecurityContext securityContext = httpFacade.getSecurityContext();
    if (EnforcementMode.DISABLED.equals(enforcementMode)) {
        if (securityContext == null) {
            httpFacade.getResponse().sendError(401, "Invalid bearer");
        }
        return createEmptyAuthorizationContext(true);
    }
    Request request = httpFacade.getRequest();
    PathConfig pathConfig = getPathConfig(request);
    if (securityContext == null) {
        if (!isDefaultAccessDeniedUri(request)) {
            if (pathConfig != null) {
                if (EnforcementMode.DISABLED.equals(pathConfig.getEnforcementMode())) {
                    return createEmptyAuthorizationContext(true);
                } else {
                    challenge(pathConfig, getRequiredScopes(pathConfig, request), httpFacade);
                }
            } else {
                handleAccessDenied(httpFacade);
            }
        }
        return createEmptyAuthorizationContext(false);
    }
    AccessToken accessToken = securityContext.getToken();
    if (accessToken != null) {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debugf("Checking permissions for path [%s] with config [%s].", request.getURI(), pathConfig);
        }
        if (pathConfig == null) {
            if (EnforcementMode.PERMISSIVE.equals(enforcementMode)) {
                return createAuthorizationContext(accessToken, null);
            }
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debugf("Could not find a configuration for path [%s]", getPath(request));
            }
            if (isDefaultAccessDeniedUri(request)) {
                return createAuthorizationContext(accessToken, null);
            }
            handleAccessDenied(httpFacade);
            return createEmptyAuthorizationContext(false);
        }
        if (EnforcementMode.DISABLED.equals(pathConfig.getEnforcementMode())) {
            return createAuthorizationContext(accessToken, pathConfig);
        }
        MethodConfig methodConfig = getRequiredScopes(pathConfig, request);
        Map<String, List<String>> claims = resolveClaims(pathConfig, httpFacade);
        if (isAuthorized(pathConfig, methodConfig, accessToken, httpFacade, claims)) {
            try {
                return createAuthorizationContext(accessToken, pathConfig);
            } catch (Exception e) {
                throw new RuntimeException("Error processing path [" + pathConfig.getPath() + "].", e);
            }
        }
        if (methodConfig != null && ScopeEnforcementMode.DISABLED.equals(methodConfig.getScopesEnforcementMode())) {
            return createEmptyAuthorizationContext(true);
        }
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debugf("Sending challenge to the client. Path [%s]", pathConfig);
        }
        if (!challenge(pathConfig, methodConfig, httpFacade)) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debugf("Challenge not sent, sending default forbidden response. Path [%s]", pathConfig);
            }
            handleAccessDenied(httpFacade);
        }
    }
    return createEmptyAuthorizationContext(false);
}
Also used : MethodConfig(org.keycloak.representations.adapters.config.PolicyEnforcerConfig.MethodConfig) PathConfig(org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig) KeycloakSecurityContext(org.keycloak.KeycloakSecurityContext) AccessToken(org.keycloak.representations.AccessToken) ScopeEnforcementMode(org.keycloak.representations.adapters.config.PolicyEnforcerConfig.ScopeEnforcementMode) EnforcementMode(org.keycloak.representations.adapters.config.PolicyEnforcerConfig.EnforcementMode) Request(org.keycloak.adapters.spi.HttpFacade.Request) ArrayList(java.util.ArrayList) List(java.util.List)

Example 2 with PathConfig

use of org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig in project keycloak by keycloak.

the class PolicyEnforcer method configureDefinedPaths.

private Map<String, PathConfig> configureDefinedPaths(ProtectedResource protectedResource, PolicyEnforcerConfig enforcerConfig) {
    Map<String, PathConfig> paths = Collections.synchronizedMap(new LinkedHashMap<String, PathConfig>());
    for (PathConfig pathConfig : enforcerConfig.getPaths()) {
        ResourceRepresentation resource;
        String resourceName = pathConfig.getName();
        String path = pathConfig.getPath();
        if (resourceName != null) {
            LOGGER.debugf("Trying to find resource with name [%s] for path [%s].", resourceName, path);
            resource = protectedResource.findByName(resourceName);
        } else {
            LOGGER.debugf("Trying to find resource with uri [%s] for path [%s].", path, path);
            List<ResourceRepresentation> resources = protectedResource.findByUri(path);
            if (resources.isEmpty()) {
                resources = protectedResource.findByMatchingUri(path);
            }
            if (resources.size() == 1) {
                resource = resources.get(0);
            } else if (resources.size() > 1) {
                throw new RuntimeException("Multiple resources found with the same uri");
            } else {
                resource = null;
            }
        }
        if (resource != null) {
            pathConfig.setId(resource.getId());
            // if the resource is staticly bound to a resource it means the config can not be invalidated
            if (resourceName != null) {
                pathConfig.setStatic(true);
            }
        }
        PathConfig existingPath = null;
        for (PathConfig current : paths.values()) {
            if (current.getPath().equals(pathConfig.getPath())) {
                existingPath = current;
                break;
            }
        }
        if (existingPath == null) {
            paths.put(pathConfig.getPath(), pathConfig);
        } else {
            existingPath.getMethods().addAll(pathConfig.getMethods());
            existingPath.getScopes().addAll(pathConfig.getScopes());
        }
    }
    return paths;
}
Also used : PathConfig(org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 3 with PathConfig

use of org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig in project keycloak by keycloak.

the class PolicyEnforcer method configureAllPathsForResourceServer.

private Map<String, PathConfig> configureAllPathsForResourceServer(ProtectedResource protectedResource) {
    LOGGER.info("Querying the server for all resources associated with this application.");
    Map<String, PathConfig> paths = Collections.synchronizedMap(new HashMap<String, PathConfig>());
    if (!enforcerConfig.getLazyLoadPaths()) {
        for (String id : protectedResource.findAll()) {
            ResourceRepresentation resourceDescription = protectedResource.findById(id);
            if (resourceDescription.getUris() != null && !resourceDescription.getUris().isEmpty()) {
                for (PathConfig pathConfig : PathConfig.createPathConfigs(resourceDescription)) {
                    paths.put(pathConfig.getPath(), pathConfig);
                }
            }
        }
    }
    return paths;
}
Also used : PathConfig(org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 4 with PathConfig

use of org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig in project keycloak by keycloak.

the class ClaimInformationPointProviderTest method getClaimInformationProviderForPath.

private ClaimInformationPointProvider getClaimInformationProviderForPath(String path, String providerName) {
    KeycloakDeployment deployment = KeycloakDeploymentBuilder.build(getClass().getResourceAsStream("/authorization-test/enforcer-config-claims-provider.json"));
    deployment.setClient(HttpClients.createDefault());
    PolicyEnforcer policyEnforcer = deployment.getPolicyEnforcer();
    Map<String, ClaimInformationPointProviderFactory> providers = policyEnforcer.getClaimInformationPointProviderFactories();
    PathConfig pathConfig = policyEnforcer.getPaths().get(path);
    assertNotNull(pathConfig);
    Map<String, Map<String, Object>> cipConfig = pathConfig.getClaimInformationPointConfig();
    assertNotNull(cipConfig);
    ClaimInformationPointProviderFactory factory = providers.get(providerName);
    assertNotNull(factory);
    Map<String, Object> claimsConfig = cipConfig.get(providerName);
    return factory.create(claimsConfig);
}
Also used : PathConfig(org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment) PolicyEnforcer(org.keycloak.adapters.authorization.PolicyEnforcer) ClaimInformationPointProviderFactory(org.keycloak.adapters.authorization.ClaimInformationPointProviderFactory) HashMap(java.util.HashMap) Map(java.util.Map)

Example 5 with PathConfig

use of org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig in project keycloak by keycloak.

the class EnforcerConfigTest method testPathConfigClaimInformationPoint.

@Test
public void testPathConfigClaimInformationPoint() {
    KeycloakDeployment deployment = KeycloakDeploymentBuilder.build(getClass().getResourceAsStream("/authorization-test/enforcer-config-path-cip.json"));
    PolicyEnforcer policyEnforcer = deployment.getPolicyEnforcer();
    Map<String, PolicyEnforcerConfig.PathConfig> paths = policyEnforcer.getPaths();
    assertEquals(1, paths.size());
    PathConfig pathConfig = paths.values().iterator().next();
    Map<String, Map<String, Object>> cipConfig = pathConfig.getClaimInformationPointConfig();
    assertEquals(1, cipConfig.size());
    Map<String, Object> claims = cipConfig.get("claims");
    assertNotNull(claims);
    assertEquals(3, claims.size());
    assertEquals("{request.parameter['a']}", claims.get("claim-a"));
    assertEquals("{request.header['b']}", claims.get("claim-b"));
    assertEquals("{request.cookie['c']}", claims.get("claim-c"));
}
Also used : PathConfig(org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment) PolicyEnforcer(org.keycloak.adapters.authorization.PolicyEnforcer) Map(java.util.Map) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)

Aggregations

PathConfig (org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig)6 Map (java.util.Map)2 KeycloakDeployment (org.keycloak.adapters.KeycloakDeployment)2 PolicyEnforcer (org.keycloak.adapters.authorization.PolicyEnforcer)2 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)2 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 List (java.util.List)1 Test (org.junit.Test)1 KeycloakSecurityContext (org.keycloak.KeycloakSecurityContext)1 ClaimInformationPointProviderFactory (org.keycloak.adapters.authorization.ClaimInformationPointProviderFactory)1 Request (org.keycloak.adapters.spi.HttpFacade.Request)1 AccessToken (org.keycloak.representations.AccessToken)1 EnforcementMode (org.keycloak.representations.adapters.config.PolicyEnforcerConfig.EnforcementMode)1 MethodConfig (org.keycloak.representations.adapters.config.PolicyEnforcerConfig.MethodConfig)1 ScopeEnforcementMode (org.keycloak.representations.adapters.config.PolicyEnforcerConfig.ScopeEnforcementMode)1 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial