Search in sources :

Example 1 with AbstractPolicyRepresentation

use of org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation in project keycloak by keycloak.

the class UMAPolicyProviderFactory method onUpdate.

@Override
public void onUpdate(Policy policy, UmaPermissionRepresentation representation, AuthorizationProvider authorization) {
    PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
    Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
    for (Policy associatedPolicy : associatedPolicies) {
        AbstractPolicyRepresentation associatedRep = ModelToRepresentation.toRepresentation(associatedPolicy, authorization, false, false);
        if ("role".equals(associatedRep.getType())) {
            RolePolicyRepresentation rep = RolePolicyRepresentation.class.cast(associatedRep);
            rep.setRoles(new HashSet<>());
            Set<String> updatedRoles = representation.getRoles();
            if (updatedRoles != null) {
                for (String role : updatedRoles) {
                    rep.addRole(role);
                }
            }
            if (rep.getRoles().isEmpty()) {
                policyStore.delete(associatedPolicy.getId());
            } else {
                RepresentationToModel.toModel(rep, authorization, associatedPolicy);
            }
        } else if ("js".equals(associatedRep.getType())) {
            JSPolicyRepresentation rep = JSPolicyRepresentation.class.cast(associatedRep);
            if (representation.getCondition() != null) {
                rep.setCode(representation.getCondition());
                RepresentationToModel.toModel(rep, authorization, associatedPolicy);
            } else {
                policyStore.delete(associatedPolicy.getId());
            }
        } else if ("group".equals(associatedRep.getType())) {
            GroupPolicyRepresentation rep = GroupPolicyRepresentation.class.cast(associatedRep);
            rep.setGroups(new HashSet<>());
            Set<String> updatedGroups = representation.getGroups();
            if (updatedGroups != null) {
                for (String group : updatedGroups) {
                    rep.addGroupPath(group);
                }
            }
            if (rep.getGroups().isEmpty()) {
                policyStore.delete(associatedPolicy.getId());
            } else {
                RepresentationToModel.toModel(rep, authorization, associatedPolicy);
            }
        } else if ("client".equals(associatedRep.getType())) {
            ClientPolicyRepresentation rep = ClientPolicyRepresentation.class.cast(associatedRep);
            rep.setClients(new HashSet<>());
            Set<String> updatedClients = representation.getClients();
            if (updatedClients != null) {
                for (String client : updatedClients) {
                    rep.addClient(client);
                }
            }
            if (rep.getClients().isEmpty()) {
                policyStore.delete(associatedPolicy.getId());
            } else {
                RepresentationToModel.toModel(rep, authorization, associatedPolicy);
            }
        } else if ("user".equals(associatedRep.getType())) {
            UserPolicyRepresentation rep = UserPolicyRepresentation.class.cast(associatedRep);
            rep.setUsers(new HashSet<>());
            Set<String> updatedUsers = representation.getUsers();
            if (updatedUsers != null) {
                for (String user : updatedUsers) {
                    rep.addUser(user);
                }
            }
            if (rep.getUsers().isEmpty()) {
                policyStore.delete(associatedPolicy.getId());
            } else {
                RepresentationToModel.toModel(rep, authorization, associatedPolicy);
            }
        }
    }
    Set<String> updatedRoles = representation.getRoles();
    if (updatedRoles != null) {
        boolean createPolicy = true;
        for (Policy associatedPolicy : associatedPolicies) {
            if ("role".equals(associatedPolicy.getType())) {
                createPolicy = false;
            }
        }
        if (createPolicy) {
            for (String role : updatedRoles) {
                createRolePolicy(policy, policyStore, role, policy.getOwner());
            }
        }
    }
    Set<String> updatedGroups = representation.getGroups();
    if (updatedGroups != null) {
        boolean createPolicy = true;
        for (Policy associatedPolicy : associatedPolicies) {
            if ("group".equals(associatedPolicy.getType())) {
                createPolicy = false;
            }
        }
        if (createPolicy) {
            for (String group : updatedGroups) {
                createGroupPolicy(policy, policyStore, group, policy.getOwner());
            }
        }
    }
    Set<String> updatedClients = representation.getClients();
    if (updatedClients != null) {
        boolean createPolicy = true;
        for (Policy associatedPolicy : associatedPolicies) {
            if ("client".equals(associatedPolicy.getType())) {
                createPolicy = false;
            }
        }
        if (createPolicy) {
            for (String client : updatedClients) {
                createClientPolicy(policy, policyStore, client, policy.getOwner());
            }
        }
    }
    Set<String> updatedUsers = representation.getUsers();
    if (updatedUsers != null) {
        boolean createPolicy = true;
        for (Policy associatedPolicy : associatedPolicies) {
            if ("user".equals(associatedPolicy.getType())) {
                createPolicy = false;
            }
        }
        if (createPolicy) {
            for (String user : updatedUsers) {
                createUserPolicy(policy, policyStore, user, policy.getOwner());
            }
        }
    }
    String condition = representation.getCondition();
    if (condition != null) {
        boolean createPolicy = true;
        for (Policy associatedPolicy : associatedPolicies) {
            if ("js".equals(associatedPolicy.getType())) {
                createPolicy = false;
            }
        }
        if (createPolicy) {
            createJSPolicy(policy, policyStore, condition, policy.getOwner());
        }
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) HashSet(java.util.HashSet) Set(java.util.Set) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation) AbstractPolicyRepresentation(org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) PolicyStore(org.keycloak.authorization.store.PolicyStore) HashSet(java.util.HashSet)

Example 2 with AbstractPolicyRepresentation

use of org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation in project keycloak by keycloak.

the class PolicyTypeResourceService method doCreateRepresentation.

@Override
protected AbstractPolicyRepresentation doCreateRepresentation(String payload) {
    String type = getPolicy().getType();
    Class<? extends AbstractPolicyRepresentation> representationType = authorization.getProviderFactory(type).getRepresentationType();
    if (representationType == null) {
        throw new RuntimeException("Policy provider for type [" + type + "] returned a null representation type.");
    }
    AbstractPolicyRepresentation representation;
    try {
        representation = JsonSerialization.readValue(payload, representationType);
    } catch (IOException e) {
        throw new RuntimeException("Failed to deserialize JSON using policy provider for type [" + type + "].", e);
    }
    representation.setType(type);
    return representation;
}
Also used : AbstractPolicyRepresentation(org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation) IOException(java.io.IOException)

Example 3 with AbstractPolicyRepresentation

use of org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation in project keycloak by keycloak.

the class UMAPolicyProviderFactory method toRepresentation.

@Override
public UmaPermissionRepresentation toRepresentation(Policy policy, AuthorizationProvider authorization) {
    UmaPermissionRepresentation representation = new UmaPermissionRepresentation();
    representation.setScopes(policy.getScopes().stream().map(Scope::getName).collect(Collectors.toSet()));
    representation.setOwner(policy.getOwner());
    for (Policy associatedPolicy : policy.getAssociatedPolicies()) {
        AbstractPolicyRepresentation associatedRep = ModelToRepresentation.toRepresentation(associatedPolicy, authorization, false, false);
        RealmModel realm = authorization.getRealm();
        if ("role".equals(associatedRep.getType())) {
            RolePolicyRepresentation rep = RolePolicyRepresentation.class.cast(associatedRep);
            for (RoleDefinition definition : rep.getRoles()) {
                RoleModel role = realm.getRoleById(definition.getId());
                if (role.isClientRole()) {
                    representation.addClientRole(ClientModel.class.cast(role.getContainer()).getClientId(), role.getName());
                } else {
                    representation.addRole(role.getName());
                }
            }
        } else if ("js".equals(associatedRep.getType())) {
            JSPolicyRepresentation rep = JSPolicyRepresentation.class.cast(associatedRep);
            representation.setCondition(rep.getCode());
        } else if ("group".equals(associatedRep.getType())) {
            GroupPolicyRepresentation rep = GroupPolicyRepresentation.class.cast(associatedRep);
            for (GroupDefinition definition : rep.getGroups()) {
                representation.addGroup(ModelToRepresentation.buildGroupPath(realm.getGroupById(definition.getId())));
            }
        } else if ("client".equals(associatedRep.getType())) {
            ClientPolicyRepresentation rep = ClientPolicyRepresentation.class.cast(associatedRep);
            for (String client : rep.getClients()) {
                representation.addClient(realm.getClientById(client).getClientId());
            }
        } else if ("user".equals(associatedPolicy.getType())) {
            UserPolicyRepresentation rep = UserPolicyRepresentation.class.cast(associatedRep);
            for (String user : rep.getUsers()) {
                representation.addUser(authorization.getKeycloakSession().users().getUserById(realm, user).getUsername());
            }
        }
    }
    return representation;
}
Also used : Policy(org.keycloak.authorization.model.Policy) RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) RoleDefinition(org.keycloak.representations.idm.authorization.RolePolicyRepresentation.RoleDefinition) RoleModel(org.keycloak.models.RoleModel) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation) AbstractPolicyRepresentation(org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation) RealmModel(org.keycloak.models.RealmModel) Scope(org.keycloak.authorization.model.Scope) GroupDefinition(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation.GroupDefinition) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation)

Example 4 with AbstractPolicyRepresentation

use of org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation in project keycloak by keycloak.

the class RepresentationToModel method toModel.

public static Policy toModel(AbstractPolicyRepresentation representation, AuthorizationProvider authorization, Policy model) {
    model.setName(representation.getName());
    model.setDescription(representation.getDescription());
    model.setDecisionStrategy(representation.getDecisionStrategy());
    model.setLogic(representation.getLogic());
    Set resources = representation.getResources();
    Set scopes = representation.getScopes();
    Set policies = representation.getPolicies();
    if (representation instanceof PolicyRepresentation) {
        PolicyRepresentation policy = PolicyRepresentation.class.cast(representation);
        if (resources == null) {
            String resourcesConfig = policy.getConfig().get("resources");
            if (resourcesConfig != null) {
                try {
                    resources = JsonSerialization.readValue(resourcesConfig, Set.class);
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            }
        }
        if (scopes == null) {
            String scopesConfig = policy.getConfig().get("scopes");
            if (scopesConfig != null) {
                try {
                    scopes = JsonSerialization.readValue(scopesConfig, Set.class);
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            }
        }
        if (policies == null) {
            String policiesConfig = policy.getConfig().get("applyPolicies");
            if (policiesConfig != null) {
                try {
                    policies = JsonSerialization.readValue(policiesConfig, Set.class);
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            }
        }
        model.setConfig(policy.getConfig());
    }
    StoreFactory storeFactory = authorization.getStoreFactory();
    updateResources(resources, model, storeFactory);
    updateScopes(scopes, model, storeFactory);
    updateAssociatedPolicies(policies, model, storeFactory);
    PolicyProviderFactory provider = authorization.getProviderFactory(model.getType());
    if (representation instanceof PolicyRepresentation) {
        provider.onImport(model, PolicyRepresentation.class.cast(representation), authorization);
    } else if (representation.getId() == null) {
        provider.onCreate(model, representation, authorization);
    } else {
        provider.onUpdate(model, representation, authorization);
    }
    representation.setId(model.getId());
    return model;
}
Also used : AbstractPolicyRepresentation(org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) Set(java.util.Set) HashSet(java.util.HashSet) PolicyProviderFactory(org.keycloak.authorization.policy.provider.PolicyProviderFactory) ArtifactBindingUtils.computeArtifactBindingIdentifierString(org.keycloak.protocol.saml.util.ArtifactBindingUtils.computeArtifactBindingIdentifierString) IOException(java.io.IOException) StoreFactory(org.keycloak.authorization.store.StoreFactory)

Example 5 with AbstractPolicyRepresentation

use of org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation in project keycloak by keycloak.

the class Policies method update.

public void update(String name, AbstractPolicyRepresentation representation) {
    for (WebElement row : policies().rows()) {
        PolicyRepresentation actual = policies().toRepresentation(row);
        if (actual.getName().equalsIgnoreCase(name)) {
            clickLink(row.findElements(tagName("a")).get(0));
            String type = representation.getType();
            if ("role".equals(type)) {
                rolePolicy.form().populate((RolePolicyRepresentation) representation, true);
            } else if ("user".equals(type)) {
                userPolicy.form().populate((UserPolicyRepresentation) representation, true);
            } else if ("aggregate".equals(type)) {
                aggregatePolicy.form().populate((AggregatePolicyRepresentation) representation, true);
            } else if ("js".equals(type)) {
                jsPolicy.form().populate((JSPolicyRepresentation) representation, true);
            } else if ("time".equals(type)) {
                timePolicy.form().populate((TimePolicyRepresentation) representation, true);
            } else if ("client".equals(type)) {
                clientPolicy.form().populate((ClientPolicyRepresentation) representation, true);
            } else if ("group".equals(type)) {
                groupPolicy.form().populate((GroupPolicyRepresentation) representation, true);
            }
            return;
        }
    }
}
Also used : RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation) AbstractPolicyRepresentation(org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation) GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation) TimePolicyRepresentation(org.keycloak.representations.idm.authorization.TimePolicyRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) AggregatePolicyRepresentation(org.keycloak.representations.idm.authorization.AggregatePolicyRepresentation) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) WebElement(org.openqa.selenium.WebElement)

Aggregations

AbstractPolicyRepresentation (org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation)10 Policy (org.keycloak.authorization.model.Policy)4 IOException (java.io.IOException)3 ClientPolicyRepresentation (org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)3 GroupPolicyRepresentation (org.keycloak.representations.idm.authorization.GroupPolicyRepresentation)3 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)3 PolicyRepresentation (org.keycloak.representations.idm.authorization.PolicyRepresentation)3 RolePolicyRepresentation (org.keycloak.representations.idm.authorization.RolePolicyRepresentation)3 UserPolicyRepresentation (org.keycloak.representations.idm.authorization.UserPolicyRepresentation)3 HashSet (java.util.HashSet)2 Set (java.util.Set)2 Consumes (javax.ws.rs.Consumes)2 Produces (javax.ws.rs.Produces)2 NoCache (org.jboss.resteasy.annotations.cache.NoCache)2 Scope (org.keycloak.authorization.model.Scope)2 PolicyProviderFactory (org.keycloak.authorization.policy.provider.PolicyProviderFactory)2 PolicyStore (org.keycloak.authorization.store.PolicyStore)2 WebElement (org.openqa.selenium.WebElement)2 List (java.util.List)1 Map (java.util.Map)1