use of org.keycloak.representations.idm.authorization.JSPolicyRepresentation in project keycloak by keycloak.
the class JSPolicyForm method toRepresentation.
public JSPolicyRepresentation toRepresentation() {
JSPolicyRepresentation representation = new JSPolicyRepresentation();
representation.setName(UIUtils.getTextInputValue(name));
representation.setDescription(UIUtils.getTextInputValue(description));
representation.setLogic(Logic.valueOf(UIUtils.getTextFromElement(logic.getFirstSelectedOption()).toUpperCase()));
JavascriptExecutor scriptExecutor = (JavascriptExecutor) driver;
representation.setCode((String) scriptExecutor.executeScript("return angular.element(document.getElementById('code')).scope().policy.code;"));
return representation;
}
use of org.keycloak.representations.idm.authorization.JSPolicyRepresentation in project keycloak by keycloak.
the class UMAPolicyProviderFactory method toRepresentation.
@Override
public UmaPermissionRepresentation toRepresentation(Policy policy, AuthorizationProvider authorization) {
UmaPermissionRepresentation representation = new UmaPermissionRepresentation();
representation.setScopes(policy.getScopes().stream().map(Scope::getName).collect(Collectors.toSet()));
representation.setOwner(policy.getOwner());
for (Policy associatedPolicy : policy.getAssociatedPolicies()) {
AbstractPolicyRepresentation associatedRep = ModelToRepresentation.toRepresentation(associatedPolicy, authorization, false, false);
RealmModel realm = authorization.getRealm();
if ("role".equals(associatedRep.getType())) {
RolePolicyRepresentation rep = RolePolicyRepresentation.class.cast(associatedRep);
for (RoleDefinition definition : rep.getRoles()) {
RoleModel role = realm.getRoleById(definition.getId());
if (role.isClientRole()) {
representation.addClientRole(ClientModel.class.cast(role.getContainer()).getClientId(), role.getName());
} else {
representation.addRole(role.getName());
}
}
} else if ("js".equals(associatedRep.getType())) {
JSPolicyRepresentation rep = JSPolicyRepresentation.class.cast(associatedRep);
representation.setCondition(rep.getCode());
} else if ("group".equals(associatedRep.getType())) {
GroupPolicyRepresentation rep = GroupPolicyRepresentation.class.cast(associatedRep);
for (GroupDefinition definition : rep.getGroups()) {
representation.addGroup(ModelToRepresentation.buildGroupPath(realm.getGroupById(definition.getId())));
}
} else if ("client".equals(associatedRep.getType())) {
ClientPolicyRepresentation rep = ClientPolicyRepresentation.class.cast(associatedRep);
for (String client : rep.getClients()) {
representation.addClient(realm.getClientById(client).getClientId());
}
} else if ("user".equals(associatedPolicy.getType())) {
UserPolicyRepresentation rep = UserPolicyRepresentation.class.cast(associatedRep);
for (String user : rep.getUsers()) {
representation.addUser(authorization.getKeycloakSession().users().getUserById(realm, user).getUsername());
}
}
}
return representation;
}
use of org.keycloak.representations.idm.authorization.JSPolicyRepresentation in project keycloak by keycloak.
the class DeployedScriptPolicyFactory method toRepresentation.
@Override
public JSPolicyRepresentation toRepresentation(Policy policy, AuthorizationProvider authorization) {
JSPolicyRepresentation representation = new JSPolicyRepresentation();
representation.setId(policy.getId());
representation.setName(policy.getName());
representation.setDescription(metadata.getDescription());
representation.setType(getId());
representation.setCode(metadata.getCode());
return representation;
}
use of org.keycloak.representations.idm.authorization.JSPolicyRepresentation in project keycloak by keycloak.
the class JSPolicyProviderFactory method toRepresentation.
@Override
public JSPolicyRepresentation toRepresentation(Policy policy, AuthorizationProvider authorization) {
JSPolicyRepresentation representation = new JSPolicyRepresentation();
representation.setCode(policy.getConfig().get("code"));
return representation;
}
use of org.keycloak.representations.idm.authorization.JSPolicyRepresentation in project keycloak by keycloak.
the class PolicyEvaluationTest method testCheckUserGroups.
public static void testCheckUserGroups(KeycloakSession session) {
session.getContext().setRealm(session.realms().getRealmByName("authz-test"));
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
policyRepresentation.setName("testCheckUserGroups");
StringBuilder builder = new StringBuilder();
builder.append("var realm = $evaluation.getRealm();");
builder.append("var groups = realm.getUserGroups('jdoe');");
builder.append("if (groups.size() == 2 && groups.contains('/Group A/Group B') && groups.contains('/Group A/Group D')) { $evaluation.grant(); }");
policyRepresentation.setCode(builder.toString());
Policy policy = storeFactory.getPolicyStore().create(policyRepresentation, resourceServer);
PolicyProvider provider = authorization.getProvider(policy.getType());
DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
provider.evaluate(evaluation);
Assert.assertEquals(Effect.PERMIT, evaluation.getEffect());
}
Aggregations