Examples with PolicyRepresentation org.keycloak.representations.idm.authorization.PolicyRepresentation used on opensource projects

Search in sources :

Example 26 with PolicyRepresentation

use of org.keycloak.representations.idm.authorization.PolicyRepresentation in project keycloak by keycloak.

the class UserPolicyProviderFactory method onExport.

@Override
public void onExport(Policy policy, PolicyRepresentation representation, AuthorizationProvider authorizationProvider) {
    UserPolicyRepresentation userRep = toRepresentation(policy, authorizationProvider);
    Map<String, String> config = new HashMap<>();
    try {
        UserProvider userProvider = authorizationProvider.getKeycloakSession().users();
        RealmModel realm = authorizationProvider.getRealm();
        config.put("users", JsonSerialization.writeValueAsString(userRep.getUsers().stream().map(id -> userProvider.getUserById(realm, id).getUsername()).collect(Collectors.toList())));
    } catch (IOException cause) {
        throw new RuntimeException("Failed to export user policy [" + policy.getName() + "]", cause);
    }
    representation.setConfig(config);
}
Also used : RealmModel(org.keycloak.models.RealmModel) PolicyProviderFactory(org.keycloak.authorization.policy.provider.PolicyProviderFactory) RealmModel(org.keycloak.models.RealmModel) Set(java.util.Set) KeycloakSession(org.keycloak.models.KeycloakSession) IOException(java.io.IOException) HashMap(java.util.HashMap) Config(org.keycloak.Config) Collectors(java.util.stream.Collectors) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) HashSet(java.util.HashSet) JsonSerialization(org.keycloak.util.JsonSerialization) Policy(org.keycloak.authorization.model.Policy) UserProvider(org.keycloak.models.UserProvider) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) UserModel(org.keycloak.models.UserModel) Map(java.util.Map) KeycloakSessionFactory(org.keycloak.models.KeycloakSessionFactory) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) PolicyProvider(org.keycloak.authorization.policy.provider.PolicyProvider) HashMap(java.util.HashMap) UserProvider(org.keycloak.models.UserProvider) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) IOException(java.io.IOException)

Example 27 with PolicyRepresentation

use of org.keycloak.representations.idm.authorization.PolicyRepresentation in project keycloak by keycloak.

the class UserManagedPermissionUtil method createUserManagedPermission.

private static Policy createUserManagedPermission(PermissionTicket ticket, StoreFactory storeFactory) {
    PolicyStore policyStore = storeFactory.getPolicyStore();
    UserPolicyRepresentation userPolicyRep = new UserPolicyRepresentation();
    userPolicyRep.setName(KeycloakModelUtils.generateId());
    userPolicyRep.addUser(ticket.getRequester());
    Policy userPolicy = policyStore.create(userPolicyRep, ticket.getResourceServer());
    userPolicy.setOwner(ticket.getOwner());
    PolicyRepresentation policyRep = new PolicyRepresentation();
    policyRep.setName(KeycloakModelUtils.generateId());
    policyRep.setType("uma");
    policyRep.addPolicy(userPolicy.getId());
    Policy policy = policyStore.create(policyRep, ticket.getResourceServer());
    policy.setOwner(ticket.getOwner());
    policy.addResource(ticket.getResource());
    Scope scope = ticket.getScope();
    if (scope != null) {
        policy.addScope(scope);
    }
    return policy;
}
Also used : Policy(org.keycloak.authorization.model.Policy) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) Scope(org.keycloak.authorization.model.Scope) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) PolicyStore(org.keycloak.authorization.store.PolicyStore)

Example 28 with PolicyRepresentation

use of org.keycloak.representations.idm.authorization.PolicyRepresentation in project keycloak by keycloak.

the class ExportUtils method exportAuthorizationSettings.

public static ResourceServerRepresentation exportAuthorizationSettings(KeycloakSession session, ClientModel client) {
    AuthorizationProviderFactory providerFactory = (AuthorizationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class);
    AuthorizationProvider authorization = providerFactory.create(session, client.getRealm());
    StoreFactory storeFactory = authorization.getStoreFactory();
    ResourceServer settingsModel = authorization.getStoreFactory().getResourceServerStore().findByClient(client);
    if (settingsModel == null) {
        return null;
    }
    ResourceServerRepresentation representation = toRepresentation(settingsModel, client);
    representation.setId(null);
    representation.setName(null);
    representation.setClientId(null);
    List<ResourceRepresentation> resources = storeFactory.getResourceStore().findByResourceServer(settingsModel.getId()).stream().map(resource -> {
        ResourceRepresentation rep = toRepresentation(resource, settingsModel.getId(), authorization);
        if (rep.getOwner().getId().equals(settingsModel.getId())) {
            rep.setOwner((ResourceOwnerRepresentation) null);
        } else {
            rep.getOwner().setId(null);
        }
        rep.getScopes().forEach(scopeRepresentation -> {
            scopeRepresentation.setId(null);
            scopeRepresentation.setIconUri(null);
        });
        return rep;
    }).collect(Collectors.toList());
    representation.setResources(resources);
    List<PolicyRepresentation> policies = new ArrayList<>();
    PolicyStore policyStore = storeFactory.getPolicyStore();
    policies.addAll(policyStore.findByResourceServer(settingsModel.getId()).stream().filter(policy -> !policy.getType().equals("resource") && !policy.getType().equals("scope") && policy.getOwner() == null).map(policy -> createPolicyRepresentation(authorization, policy)).collect(Collectors.toList()));
    policies.addAll(policyStore.findByResourceServer(settingsModel.getId()).stream().filter(policy -> (policy.getType().equals("resource") || policy.getType().equals("scope") && policy.getOwner() == null)).map(policy -> createPolicyRepresentation(authorization, policy)).collect(Collectors.toList()));
    representation.setPolicies(policies);
    List<ScopeRepresentation> scopes = storeFactory.getScopeStore().findByResourceServer(settingsModel.getId()).stream().map(scope -> {
        ScopeRepresentation rep = toRepresentation(scope);
        rep.setPolicies(null);
        rep.setResources(null);
        return rep;
    }).collect(Collectors.toList());
    representation.setScopes(scopes);
    return representation;
}
Also used : ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Version(org.keycloak.common.Version) RoleContainerModel(org.keycloak.models.RoleContainerModel) Map(java.util.Map) ModelToRepresentation.toRepresentation(org.keycloak.models.utils.ModelToRepresentation.toRepresentation) CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation) UserConsentRepresentation(org.keycloak.representations.idm.UserConsentRepresentation) ResourceOwnerRepresentation(org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) ClientScopeModel(org.keycloak.models.ClientScopeModel) RealmModel(org.keycloak.models.RealmModel) FederatedIdentityRepresentation(org.keycloak.representations.idm.FederatedIdentityRepresentation) Collection(java.util.Collection) AuthorizationProviderFactory(org.keycloak.authorization.AuthorizationProviderFactory) Set(java.util.Set) RoleModel(org.keycloak.models.RoleModel) PolicyStore(org.keycloak.authorization.store.PolicyStore) Collectors(java.util.stream.Collectors) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) ModelToRepresentation(org.keycloak.models.utils.ModelToRepresentation) ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) List(java.util.List) Stream(java.util.stream.Stream) ClientModel(org.keycloak.models.ClientModel) Scope(org.keycloak.authorization.model.Scope) Profile(org.keycloak.common.Profile) JsonGenerator(com.fasterxml.jackson.core.JsonGenerator) ScopeMappingRepresentation(org.keycloak.representations.idm.ScopeMappingRepresentation) StoreFactory(org.keycloak.authorization.store.StoreFactory) HashMap(java.util.HashMap) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) UserModel(org.keycloak.models.UserModel) ComponentExportRepresentation(org.keycloak.representations.idm.ComponentExportRepresentation) JsonEncoding(com.fasterxml.jackson.core.JsonEncoding) ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation) LinkedList(java.util.LinkedList) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) ResourceServer(org.keycloak.authorization.model.ResourceServer) FederatedIdentityModel(org.keycloak.models.FederatedIdentityModel) OutputStream(java.io.OutputStream) RolesRepresentation(org.keycloak.representations.idm.RolesRepresentation) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) CredentialModel(org.keycloak.credential.CredentialModel) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) KeycloakSession(org.keycloak.models.KeycloakSession) IOException(java.io.IOException) JsonSerialization(org.keycloak.util.JsonSerialization) Policy(org.keycloak.authorization.model.Policy) JsonFactory(com.fasterxml.jackson.core.JsonFactory) SerializationFeature(com.fasterxml.jackson.databind.SerializationFeature) MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap) Resource(org.keycloak.authorization.model.Resource) ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) ArrayList(java.util.ArrayList) ResourceOwnerRepresentation(org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation) StoreFactory(org.keycloak.authorization.store.StoreFactory) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) AuthorizationProviderFactory(org.keycloak.authorization.AuthorizationProviderFactory) ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation) PolicyStore(org.keycloak.authorization.store.PolicyStore) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Example 29 with PolicyRepresentation

use of org.keycloak.representations.idm.authorization.PolicyRepresentation in project keycloak by keycloak.

the class GroupPolicyManagementTest method testGenericConfig.

@Test
public void testGenericConfig() {
    AuthorizationResource authorization = getClient().authorization();
    GroupPolicyRepresentation representation = new GroupPolicyRepresentation();
    representation.setName("Test Generic Config Permission");
    representation.setGroupsClaim("groups");
    representation.addGroupPath("/Group A");
    GroupPoliciesResource policies = authorization.policies().group();
    try (Response response = policies.create(representation)) {
        GroupPolicyRepresentation created = response.readEntity(GroupPolicyRepresentation.class);
        PolicyResource policy = authorization.policies().policy(created.getId());
        PolicyRepresentation genericConfig = policy.toRepresentation();
        assertNotNull(genericConfig.getConfig());
        assertNotNull(genericConfig.getConfig().get("groups"));
        GroupRepresentation group = getRealm().groups().groups().stream().filter(groupRepresentation -> groupRepresentation.getName().equals("Group A")).findFirst().get();
        assertTrue(genericConfig.getConfig().get("groups").contains(group.getId()));
    }
}
Also used : Response(javax.ws.rs.core.Response) GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) PolicyResource(org.keycloak.admin.client.resource.PolicyResource) GroupPolicyResource(org.keycloak.admin.client.resource.GroupPolicyResource) GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation) GroupPoliciesResource(org.keycloak.admin.client.resource.GroupPoliciesResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) Test(org.junit.Test)

Example 30 with PolicyRepresentation

use of org.keycloak.representations.idm.authorization.PolicyRepresentation in project keycloak by keycloak.

the class ExportAuthorizationSettingsTest method testRoleBasedPolicy.

// KEYCLOAK-4340
@Test
public void testRoleBasedPolicy() {
    ClientResource clientResource = getClientResource();
    AuthorizationResource authorizationResource = clientResource.authorization();
    ClientRepresentation account = testRealmResource().clients().findByClientId("account").get(0);
    RoleRepresentation role = testRealmResource().clients().get(account.getId()).roles().get("view-profile").toRepresentation();
    PolicyRepresentation policy = new PolicyRepresentation();
    policy.setName("role-based-policy");
    policy.setType("role");
    Map<String, String> config = new HashMap<>();
    config.put("roles", "[{\"id\":\"" + role.getId() + "\"}]");
    policy.setConfig(config);
    Response create = authorizationResource.policies().create(policy);
    try {
        Assert.assertEquals(Status.CREATED, create.getStatusInfo());
    } finally {
        create.close();
    }
    // this call was messing up with DB, see KEYCLOAK-4340
    authorizationResource.exportSettings();
    // this call failed with NPE
    authorizationResource.exportSettings();
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) Response(javax.ws.rs.core.Response) HashMap(java.util.HashMap) ClientResource(org.keycloak.admin.client.resource.ClientResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test)

Aggregations

PolicyRepresentation (org.keycloak.representations.idm.authorization.PolicyRepresentation)58 Test (org.junit.Test)26 HashMap (java.util.HashMap)20 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)19 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)18 Response (javax.ws.rs.core.Response)15 List (java.util.List)12 Map (java.util.Map)12 IOException (java.io.IOException)10 ArrayList (java.util.ArrayList)10 Collectors (java.util.stream.Collectors)10 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)10 AbstractPolicyRepresentation (org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation)10 ScopeRepresentation (org.keycloak.representations.idm.authorization.ScopeRepresentation)10 UserPolicyRepresentation (org.keycloak.representations.idm.authorization.UserPolicyRepresentation)10 WebElement (org.openqa.selenium.WebElement)10 Set (java.util.Set)9 Policy (org.keycloak.authorization.model.Policy)9 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)9 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial