use of org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation in project keycloak by keycloak.
the class UMAPolicyProviderFactory method onUpdate.
@Override
public void onUpdate(Policy policy, UmaPermissionRepresentation representation, AuthorizationProvider authorization) {
PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
for (Policy associatedPolicy : associatedPolicies) {
AbstractPolicyRepresentation associatedRep = ModelToRepresentation.toRepresentation(associatedPolicy, authorization, false, false);
if ("role".equals(associatedRep.getType())) {
RolePolicyRepresentation rep = RolePolicyRepresentation.class.cast(associatedRep);
rep.setRoles(new HashSet<>());
Set<String> updatedRoles = representation.getRoles();
if (updatedRoles != null) {
for (String role : updatedRoles) {
rep.addRole(role);
}
}
if (rep.getRoles().isEmpty()) {
policyStore.delete(associatedPolicy.getId());
} else {
RepresentationToModel.toModel(rep, authorization, associatedPolicy);
}
} else if ("js".equals(associatedRep.getType())) {
JSPolicyRepresentation rep = JSPolicyRepresentation.class.cast(associatedRep);
if (representation.getCondition() != null) {
rep.setCode(representation.getCondition());
RepresentationToModel.toModel(rep, authorization, associatedPolicy);
} else {
policyStore.delete(associatedPolicy.getId());
}
} else if ("group".equals(associatedRep.getType())) {
GroupPolicyRepresentation rep = GroupPolicyRepresentation.class.cast(associatedRep);
rep.setGroups(new HashSet<>());
Set<String> updatedGroups = representation.getGroups();
if (updatedGroups != null) {
for (String group : updatedGroups) {
rep.addGroupPath(group);
}
}
if (rep.getGroups().isEmpty()) {
policyStore.delete(associatedPolicy.getId());
} else {
RepresentationToModel.toModel(rep, authorization, associatedPolicy);
}
} else if ("client".equals(associatedRep.getType())) {
ClientPolicyRepresentation rep = ClientPolicyRepresentation.class.cast(associatedRep);
rep.setClients(new HashSet<>());
Set<String> updatedClients = representation.getClients();
if (updatedClients != null) {
for (String client : updatedClients) {
rep.addClient(client);
}
}
if (rep.getClients().isEmpty()) {
policyStore.delete(associatedPolicy.getId());
} else {
RepresentationToModel.toModel(rep, authorization, associatedPolicy);
}
} else if ("user".equals(associatedRep.getType())) {
UserPolicyRepresentation rep = UserPolicyRepresentation.class.cast(associatedRep);
rep.setUsers(new HashSet<>());
Set<String> updatedUsers = representation.getUsers();
if (updatedUsers != null) {
for (String user : updatedUsers) {
rep.addUser(user);
}
}
if (rep.getUsers().isEmpty()) {
policyStore.delete(associatedPolicy.getId());
} else {
RepresentationToModel.toModel(rep, authorization, associatedPolicy);
}
}
}
Set<String> updatedRoles = representation.getRoles();
if (updatedRoles != null) {
boolean createPolicy = true;
for (Policy associatedPolicy : associatedPolicies) {
if ("role".equals(associatedPolicy.getType())) {
createPolicy = false;
}
}
if (createPolicy) {
for (String role : updatedRoles) {
createRolePolicy(policy, policyStore, role, policy.getOwner());
}
}
}
Set<String> updatedGroups = representation.getGroups();
if (updatedGroups != null) {
boolean createPolicy = true;
for (Policy associatedPolicy : associatedPolicies) {
if ("group".equals(associatedPolicy.getType())) {
createPolicy = false;
}
}
if (createPolicy) {
for (String group : updatedGroups) {
createGroupPolicy(policy, policyStore, group, policy.getOwner());
}
}
}
Set<String> updatedClients = representation.getClients();
if (updatedClients != null) {
boolean createPolicy = true;
for (Policy associatedPolicy : associatedPolicies) {
if ("client".equals(associatedPolicy.getType())) {
createPolicy = false;
}
}
if (createPolicy) {
for (String client : updatedClients) {
createClientPolicy(policy, policyStore, client, policy.getOwner());
}
}
}
Set<String> updatedUsers = representation.getUsers();
if (updatedUsers != null) {
boolean createPolicy = true;
for (Policy associatedPolicy : associatedPolicies) {
if ("user".equals(associatedPolicy.getType())) {
createPolicy = false;
}
}
if (createPolicy) {
for (String user : updatedUsers) {
createUserPolicy(policy, policyStore, user, policy.getOwner());
}
}
}
String condition = representation.getCondition();
if (condition != null) {
boolean createPolicy = true;
for (Policy associatedPolicy : associatedPolicies) {
if ("js".equals(associatedPolicy.getType())) {
createPolicy = false;
}
}
if (createPolicy) {
createJSPolicy(policy, policyStore, condition, policy.getOwner());
}
}
}
use of org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation in project keycloak by keycloak.
the class PolicyTypeResourceService method doCreateRepresentation.
@Override
protected AbstractPolicyRepresentation doCreateRepresentation(String payload) {
String type = getPolicy().getType();
Class<? extends AbstractPolicyRepresentation> representationType = authorization.getProviderFactory(type).getRepresentationType();
if (representationType == null) {
throw new RuntimeException("Policy provider for type [" + type + "] returned a null representation type.");
}
AbstractPolicyRepresentation representation;
try {
representation = JsonSerialization.readValue(payload, representationType);
} catch (IOException e) {
throw new RuntimeException("Failed to deserialize JSON using policy provider for type [" + type + "].", e);
}
representation.setType(type);
return representation;
}
use of org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation in project keycloak by keycloak.
the class UMAPolicyProviderFactory method toRepresentation.
@Override
public UmaPermissionRepresentation toRepresentation(Policy policy, AuthorizationProvider authorization) {
UmaPermissionRepresentation representation = new UmaPermissionRepresentation();
representation.setScopes(policy.getScopes().stream().map(Scope::getName).collect(Collectors.toSet()));
representation.setOwner(policy.getOwner());
for (Policy associatedPolicy : policy.getAssociatedPolicies()) {
AbstractPolicyRepresentation associatedRep = ModelToRepresentation.toRepresentation(associatedPolicy, authorization, false, false);
RealmModel realm = authorization.getRealm();
if ("role".equals(associatedRep.getType())) {
RolePolicyRepresentation rep = RolePolicyRepresentation.class.cast(associatedRep);
for (RoleDefinition definition : rep.getRoles()) {
RoleModel role = realm.getRoleById(definition.getId());
if (role.isClientRole()) {
representation.addClientRole(ClientModel.class.cast(role.getContainer()).getClientId(), role.getName());
} else {
representation.addRole(role.getName());
}
}
} else if ("js".equals(associatedRep.getType())) {
JSPolicyRepresentation rep = JSPolicyRepresentation.class.cast(associatedRep);
representation.setCondition(rep.getCode());
} else if ("group".equals(associatedRep.getType())) {
GroupPolicyRepresentation rep = GroupPolicyRepresentation.class.cast(associatedRep);
for (GroupDefinition definition : rep.getGroups()) {
representation.addGroup(ModelToRepresentation.buildGroupPath(realm.getGroupById(definition.getId())));
}
} else if ("client".equals(associatedRep.getType())) {
ClientPolicyRepresentation rep = ClientPolicyRepresentation.class.cast(associatedRep);
for (String client : rep.getClients()) {
representation.addClient(realm.getClientById(client).getClientId());
}
} else if ("user".equals(associatedPolicy.getType())) {
UserPolicyRepresentation rep = UserPolicyRepresentation.class.cast(associatedRep);
for (String user : rep.getUsers()) {
representation.addUser(authorization.getKeycloakSession().users().getUserById(realm, user).getUsername());
}
}
}
return representation;
}
use of org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation in project keycloak by keycloak.
the class RepresentationToModel method toModel.
public static Policy toModel(AbstractPolicyRepresentation representation, AuthorizationProvider authorization, Policy model) {
model.setName(representation.getName());
model.setDescription(representation.getDescription());
model.setDecisionStrategy(representation.getDecisionStrategy());
model.setLogic(representation.getLogic());
Set resources = representation.getResources();
Set scopes = representation.getScopes();
Set policies = representation.getPolicies();
if (representation instanceof PolicyRepresentation) {
PolicyRepresentation policy = PolicyRepresentation.class.cast(representation);
if (resources == null) {
String resourcesConfig = policy.getConfig().get("resources");
if (resourcesConfig != null) {
try {
resources = JsonSerialization.readValue(resourcesConfig, Set.class);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
}
if (scopes == null) {
String scopesConfig = policy.getConfig().get("scopes");
if (scopesConfig != null) {
try {
scopes = JsonSerialization.readValue(scopesConfig, Set.class);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
}
if (policies == null) {
String policiesConfig = policy.getConfig().get("applyPolicies");
if (policiesConfig != null) {
try {
policies = JsonSerialization.readValue(policiesConfig, Set.class);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
}
model.setConfig(policy.getConfig());
}
StoreFactory storeFactory = authorization.getStoreFactory();
updateResources(resources, model, storeFactory);
updateScopes(scopes, model, storeFactory);
updateAssociatedPolicies(policies, model, storeFactory);
PolicyProviderFactory provider = authorization.getProviderFactory(model.getType());
if (representation instanceof PolicyRepresentation) {
provider.onImport(model, PolicyRepresentation.class.cast(representation), authorization);
} else if (representation.getId() == null) {
provider.onCreate(model, representation, authorization);
} else {
provider.onUpdate(model, representation, authorization);
}
representation.setId(model.getId());
return model;
}
use of org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation in project keycloak by keycloak.
the class Policies method update.
public void update(String name, AbstractPolicyRepresentation representation) {
for (WebElement row : policies().rows()) {
PolicyRepresentation actual = policies().toRepresentation(row);
if (actual.getName().equalsIgnoreCase(name)) {
clickLink(row.findElements(tagName("a")).get(0));
String type = representation.getType();
if ("role".equals(type)) {
rolePolicy.form().populate((RolePolicyRepresentation) representation, true);
} else if ("user".equals(type)) {
userPolicy.form().populate((UserPolicyRepresentation) representation, true);
} else if ("aggregate".equals(type)) {
aggregatePolicy.form().populate((AggregatePolicyRepresentation) representation, true);
} else if ("js".equals(type)) {
jsPolicy.form().populate((JSPolicyRepresentation) representation, true);
} else if ("time".equals(type)) {
timePolicy.form().populate((TimePolicyRepresentation) representation, true);
} else if ("client".equals(type)) {
clientPolicy.form().populate((ClientPolicyRepresentation) representation, true);
} else if ("group".equals(type)) {
groupPolicy.form().populate((GroupPolicyRepresentation) representation, true);
}
return;
}
}
}
Aggregations