Examples with GroupPolicyRepresentation org.keycloak.representations.idm.authorization.GroupPolicyRepresentation used on opensource projects

Search in sources :

Example 16 with GroupPolicyRepresentation

use of org.keycloak.representations.idm.authorization.GroupPolicyRepresentation in project keycloak by keycloak.

the class UMAPolicyProviderFactory method toRepresentation.

@Override
public UmaPermissionRepresentation toRepresentation(Policy policy, AuthorizationProvider authorization) {
    UmaPermissionRepresentation representation = new UmaPermissionRepresentation();
    representation.setScopes(policy.getScopes().stream().map(Scope::getName).collect(Collectors.toSet()));
    representation.setOwner(policy.getOwner());
    for (Policy associatedPolicy : policy.getAssociatedPolicies()) {
        AbstractPolicyRepresentation associatedRep = ModelToRepresentation.toRepresentation(associatedPolicy, authorization, false, false);
        RealmModel realm = authorization.getRealm();
        if ("role".equals(associatedRep.getType())) {
            RolePolicyRepresentation rep = RolePolicyRepresentation.class.cast(associatedRep);
            for (RoleDefinition definition : rep.getRoles()) {
                RoleModel role = realm.getRoleById(definition.getId());
                if (role.isClientRole()) {
                    representation.addClientRole(ClientModel.class.cast(role.getContainer()).getClientId(), role.getName());
                } else {
                    representation.addRole(role.getName());
                }
            }
        } else if ("js".equals(associatedRep.getType())) {
            JSPolicyRepresentation rep = JSPolicyRepresentation.class.cast(associatedRep);
            representation.setCondition(rep.getCode());
        } else if ("group".equals(associatedRep.getType())) {
            GroupPolicyRepresentation rep = GroupPolicyRepresentation.class.cast(associatedRep);
            for (GroupDefinition definition : rep.getGroups()) {
                representation.addGroup(ModelToRepresentation.buildGroupPath(realm.getGroupById(definition.getId())));
            }
        } else if ("client".equals(associatedRep.getType())) {
            ClientPolicyRepresentation rep = ClientPolicyRepresentation.class.cast(associatedRep);
            for (String client : rep.getClients()) {
                representation.addClient(realm.getClientById(client).getClientId());
            }
        } else if ("user".equals(associatedPolicy.getType())) {
            UserPolicyRepresentation rep = UserPolicyRepresentation.class.cast(associatedRep);
            for (String user : rep.getUsers()) {
                representation.addUser(authorization.getKeycloakSession().users().getUserById(realm, user).getUsername());
            }
        }
    }
    return representation;
}
Also used : Policy(org.keycloak.authorization.model.Policy) RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) RoleDefinition(org.keycloak.representations.idm.authorization.RolePolicyRepresentation.RoleDefinition) RoleModel(org.keycloak.models.RoleModel) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation) AbstractPolicyRepresentation(org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation) RealmModel(org.keycloak.models.RealmModel) Scope(org.keycloak.authorization.model.Scope) GroupDefinition(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation.GroupDefinition) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation)

Example 17 with GroupPolicyRepresentation

use of org.keycloak.representations.idm.authorization.GroupPolicyRepresentation in project keycloak by keycloak.

the class UMAPolicyProviderFactory method createGroupPolicy.

private void createGroupPolicy(Policy policy, PolicyStore policyStore, String group, String owner) {
    GroupPolicyRepresentation rep = new GroupPolicyRepresentation();
    rep.setName(KeycloakModelUtils.generateId());
    rep.addGroupPath(group);
    Policy associatedPolicy = policyStore.create(rep, policy.getResourceServer());
    associatedPolicy.setOwner(owner);
    policy.addAssociatedPolicy(associatedPolicy);
}
Also used : Policy(org.keycloak.authorization.model.Policy) GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation)

Example 18 with GroupPolicyRepresentation

use of org.keycloak.representations.idm.authorization.GroupPolicyRepresentation in project keycloak by keycloak.

the class GroupPolicyProvider method evaluate.

@Override
public void evaluate(Evaluation evaluation) {
    AuthorizationProvider authorizationProvider = evaluation.getAuthorizationProvider();
    GroupPolicyRepresentation policy = representationFunction.apply(evaluation.getPolicy(), authorizationProvider);
    RealmModel realm = authorizationProvider.getRealm();
    Attributes.Entry groupsClaim = evaluation.getContext().getIdentity().getAttributes().getValue(policy.getGroupsClaim());
    if (groupsClaim == null || groupsClaim.isEmpty()) {
        List<String> userGroups = evaluation.getRealm().getUserGroups(evaluation.getContext().getIdentity().getId());
        groupsClaim = new Entry(policy.getGroupsClaim(), userGroups);
    }
    for (GroupPolicyRepresentation.GroupDefinition definition : policy.getGroups()) {
        GroupModel allowedGroup = realm.getGroupById(definition.getId());
        for (int i = 0; i < groupsClaim.size(); i++) {
            String group = groupsClaim.asString(i);
            if (group.indexOf('/') != -1) {
                String allowedGroupPath = buildGroupPath(allowedGroup);
                if (group.equals(allowedGroupPath) || (definition.isExtendChildren() && group.startsWith(allowedGroupPath))) {
                    evaluation.grant();
                    return;
                }
            }
            // in case the group from the claim does not represent a path, we just check an exact name match
            if (group.equals(allowedGroup.getName())) {
                evaluation.grant();
                return;
            }
        }
    }
}
Also used : RealmModel(org.keycloak.models.RealmModel) Entry(org.keycloak.authorization.attribute.Attributes.Entry) Entry(org.keycloak.authorization.attribute.Attributes.Entry) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) Attributes(org.keycloak.authorization.attribute.Attributes) GroupModel(org.keycloak.models.GroupModel) GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation)

Example 19 with GroupPolicyRepresentation

use of org.keycloak.representations.idm.authorization.GroupPolicyRepresentation in project keycloak by keycloak.

the class GroupPolicyManagementTest method testGenericConfig.

@Test
public void testGenericConfig() {
    AuthorizationResource authorization = getClient().authorization();
    GroupPolicyRepresentation representation = new GroupPolicyRepresentation();
    representation.setName("Test Generic Config Permission");
    representation.setGroupsClaim("groups");
    representation.addGroupPath("/Group A");
    GroupPoliciesResource policies = authorization.policies().group();
    try (Response response = policies.create(representation)) {
        GroupPolicyRepresentation created = response.readEntity(GroupPolicyRepresentation.class);
        PolicyResource policy = authorization.policies().policy(created.getId());
        PolicyRepresentation genericConfig = policy.toRepresentation();
        assertNotNull(genericConfig.getConfig());
        assertNotNull(genericConfig.getConfig().get("groups"));
        GroupRepresentation group = getRealm().groups().groups().stream().filter(groupRepresentation -> groupRepresentation.getName().equals("Group A")).findFirst().get();
        assertTrue(genericConfig.getConfig().get("groups").contains(group.getId()));
    }
}
Also used : Response(javax.ws.rs.core.Response) GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) PolicyResource(org.keycloak.admin.client.resource.PolicyResource) GroupPolicyResource(org.keycloak.admin.client.resource.GroupPolicyResource) GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation) GroupPoliciesResource(org.keycloak.admin.client.resource.GroupPoliciesResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) Test(org.junit.Test)

Example 20 with GroupPolicyRepresentation

use of org.keycloak.representations.idm.authorization.GroupPolicyRepresentation in project keycloak by keycloak.

the class GroupPolicyManagementTest method testCreateWithoutGroupsClaim.

@Test
public void testCreateWithoutGroupsClaim() {
    AuthorizationResource authorization = getClient().authorization();
    GroupPolicyRepresentation representation = new GroupPolicyRepresentation();
    representation.setName(KeycloakModelUtils.generateId());
    representation.setDescription("description");
    representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
    representation.setLogic(Logic.NEGATIVE);
    representation.addGroupPath("/Group A/Group B/Group C", true);
    representation.addGroupPath("Group F");
    assertCreated(authorization, representation);
}
Also used : GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) Test(org.junit.Test)

Aggregations

GroupPolicyRepresentation (org.keycloak.representations.idm.authorization.GroupPolicyRepresentation)28 Test (org.junit.Test)13 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)6 GroupPoliciesResource (org.keycloak.admin.client.resource.GroupPoliciesResource)4 GroupPolicyResource (org.keycloak.admin.client.resource.GroupPolicyResource)4 Policy (org.keycloak.authorization.model.Policy)4 ClientPolicyRepresentation (org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)4 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)4 RolePolicyRepresentation (org.keycloak.representations.idm.authorization.RolePolicyRepresentation)4 UserPolicyRepresentation (org.keycloak.representations.idm.authorization.UserPolicyRepresentation)4 HashSet (java.util.HashSet)3 Response (javax.ws.rs.core.Response)3 GroupModel (org.keycloak.models.GroupModel)3 AbstractPolicyRepresentation (org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation)3 WebElement (org.openqa.selenium.WebElement)3 IOException (java.io.IOException)2 List (java.util.List)2 NotFoundException (javax.ws.rs.NotFoundException)2 Drone (org.jboss.arquillian.drone.api.annotation.Drone)2 Page (org.jboss.arquillian.graphene.page.Page)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial