Examples with DecisionStrategy org.keycloak.representations.idm.authorization.DecisionStrategy used on opensource projects

Example 1 with DecisionStrategy

use of org.keycloak.representations.idm.authorization.DecisionStrategy in project keycloak by keycloak.

the class RepresentationToModel method toModel.

public static ResourceServer toModel(ResourceServerRepresentation rep, AuthorizationProvider authorization, ClientModel client) {
    ResourceServerStore resourceServerStore = authorization.getStoreFactory().getResourceServerStore();
    ResourceServer resourceServer;
    ResourceServer existing = resourceServerStore.findByClient(client);
    if (existing == null) {
        resourceServer = resourceServerStore.create(client);
        resourceServer.setAllowRemoteResourceManagement(true);
        resourceServer.setPolicyEnforcementMode(PolicyEnforcementMode.ENFORCING);
    } else {
        resourceServer = existing;
    }
    resourceServer.setPolicyEnforcementMode(rep.getPolicyEnforcementMode());
    resourceServer.setAllowRemoteResourceManagement(rep.isAllowRemoteResourceManagement());
    DecisionStrategy decisionStrategy = rep.getDecisionStrategy();
    if (decisionStrategy == null) {
        decisionStrategy = DecisionStrategy.UNANIMOUS;
    }
    resourceServer.setDecisionStrategy(decisionStrategy);
    for (ScopeRepresentation scope : rep.getScopes()) {
        toModel(scope, resourceServer, authorization);
    }
    KeycloakSession session = authorization.getKeycloakSession();
    RealmModel realm = authorization.getRealm();
    for (ResourceRepresentation resource : rep.getResources()) {
        ResourceOwnerRepresentation owner = resource.getOwner();
        if (owner == null) {
            owner = new ResourceOwnerRepresentation();
            owner.setId(resourceServer.getId());
            resource.setOwner(owner);
        } else if (owner.getName() != null) {
            UserModel user = session.users().getUserByUsername(realm, owner.getName());
            if (user != null) {
                owner.setId(user.getId());
            }
        }
        toModel(resource, resourceServer, authorization);
    }
    importPolicies(authorization, resourceServer, rep.getPolicies(), null);
    return resourceServer;
}

Example 2 with DecisionStrategy

use of org.keycloak.representations.idm.authorization.DecisionStrategy in project keycloak by keycloak.

the class AbstractDecisionCollector method isGranted.

protected boolean isGranted(Result.PolicyResult policyResult) {
    Policy policy = policyResult.getPolicy();
    DecisionStrategy decisionStrategy = policy.getDecisionStrategy();
    switch(decisionStrategy) {
        case AFFIRMATIVE:
            for (Result.PolicyResult decision : policyResult.getAssociatedPolicies()) {
                if (Effect.PERMIT.equals(decision.getEffect())) {
                    return true;
                }
            }
            return false;
        case CONSENSUS:
            int grantCount = 0;
            int denyCount = policy.getAssociatedPolicies().size();
            for (Result.PolicyResult decision : policyResult.getAssociatedPolicies()) {
                if (decision.getEffect().equals(Effect.PERMIT)) {
                    grantCount++;
                    denyCount--;
                }
            }
            return grantCount > denyCount;
        default:
            // defaults to UNANIMOUS
            for (Result.PolicyResult decision : policyResult.getAssociatedPolicies()) {
                if (Effect.DENY.equals(decision.getEffect())) {
                    return false;
                }
            }
            return true;
    }
}