Search in sources :

Example 1 with ResourceOwnerRepresentation

use of org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation in project keycloak by keycloak.

the class RepresentationToModel method toModel.

public static ResourceServer toModel(ResourceServerRepresentation rep, AuthorizationProvider authorization, ClientModel client) {
    ResourceServerStore resourceServerStore = authorization.getStoreFactory().getResourceServerStore();
    ResourceServer resourceServer;
    ResourceServer existing = resourceServerStore.findByClient(client);
    if (existing == null) {
        resourceServer = resourceServerStore.create(client);
        resourceServer.setAllowRemoteResourceManagement(true);
        resourceServer.setPolicyEnforcementMode(PolicyEnforcementMode.ENFORCING);
    } else {
        resourceServer = existing;
    }
    resourceServer.setPolicyEnforcementMode(rep.getPolicyEnforcementMode());
    resourceServer.setAllowRemoteResourceManagement(rep.isAllowRemoteResourceManagement());
    DecisionStrategy decisionStrategy = rep.getDecisionStrategy();
    if (decisionStrategy == null) {
        decisionStrategy = DecisionStrategy.UNANIMOUS;
    }
    resourceServer.setDecisionStrategy(decisionStrategy);
    for (ScopeRepresentation scope : rep.getScopes()) {
        toModel(scope, resourceServer, authorization);
    }
    KeycloakSession session = authorization.getKeycloakSession();
    RealmModel realm = authorization.getRealm();
    for (ResourceRepresentation resource : rep.getResources()) {
        ResourceOwnerRepresentation owner = resource.getOwner();
        if (owner == null) {
            owner = new ResourceOwnerRepresentation();
            owner.setId(resourceServer.getId());
            resource.setOwner(owner);
        } else if (owner.getName() != null) {
            UserModel user = session.users().getUserByUsername(realm, owner.getName());
            if (user != null) {
                owner.setId(user.getId());
            }
        }
        toModel(resource, resourceServer, authorization);
    }
    importPolicies(authorization, resourceServer, rep.getPolicies(), null);
    return resourceServer;
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) ResourceServerStore(org.keycloak.authorization.store.ResourceServerStore) KeycloakSession(org.keycloak.models.KeycloakSession) DecisionStrategy(org.keycloak.representations.idm.authorization.DecisionStrategy) ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) ResourceOwnerRepresentation(org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation) ResourceServer(org.keycloak.authorization.model.ResourceServer) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 2 with ResourceOwnerRepresentation

use of org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation in project keycloak by keycloak.

the class ResourceService method create.

@POST
@Consumes("application/json")
@Produces("application/json")
public Response create(UmaResourceRepresentation resource) {
    checkResourceServerSettings();
    if (resource == null) {
        return Response.status(Status.BAD_REQUEST).build();
    }
    ResourceOwnerRepresentation owner = resource.getOwner();
    if (owner == null) {
        owner = new ResourceOwnerRepresentation();
        resource.setOwner(owner);
    }
    String ownerId = owner.getId();
    if (ownerId == null) {
        ownerId = this.identity.getId();
    }
    owner.setId(ownerId);
    ResourceRepresentation newResource = resourceManager.create(resource);
    resourceManager.audit(resource, resource.getId(), OperationType.CREATE);
    return Response.status(Status.CREATED).entity(new UmaResourceRepresentation(newResource)).build();
}
Also used : ResourceOwnerRepresentation(org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces)

Example 3 with ResourceOwnerRepresentation

use of org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation in project keycloak by keycloak.

the class AbstractResourceServerTest method addResource.

protected ResourceRepresentation addResource(String resourceName, String owner, boolean ownerManagedAccess, String... scopeNames) throws Exception {
    ClientResource client = getClient(getRealm());
    AuthorizationResource authorization = client.authorization();
    ResourceRepresentation resource = new ResourceRepresentation(resourceName);
    if (owner != null) {
        resource.setOwner(new ResourceOwnerRepresentation(owner));
    }
    resource.setOwnerManagedAccess(ownerManagedAccess);
    resource.addScope(scopeNames);
    Response response = authorization.resources().create(resource);
    ResourceRepresentation temp = response.readEntity(ResourceRepresentation.class);
    resource.setId(temp.getId());
    response.close();
    return resource;
}
Also used : AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Response(javax.ws.rs.core.Response) ClientResource(org.keycloak.admin.client.resource.ClientResource) ResourceOwnerRepresentation(org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 4 with ResourceOwnerRepresentation

use of org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation in project keycloak by keycloak.

the class ExportUtils method exportAuthorizationSettings.

public static ResourceServerRepresentation exportAuthorizationSettings(KeycloakSession session, ClientModel client) {
    AuthorizationProviderFactory providerFactory = (AuthorizationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class);
    AuthorizationProvider authorization = providerFactory.create(session, client.getRealm());
    StoreFactory storeFactory = authorization.getStoreFactory();
    ResourceServer settingsModel = authorization.getStoreFactory().getResourceServerStore().findByClient(client);
    if (settingsModel == null) {
        return null;
    }
    ResourceServerRepresentation representation = toRepresentation(settingsModel, client);
    representation.setId(null);
    representation.setName(null);
    representation.setClientId(null);
    List<ResourceRepresentation> resources = storeFactory.getResourceStore().findByResourceServer(settingsModel.getId()).stream().map(resource -> {
        ResourceRepresentation rep = toRepresentation(resource, settingsModel.getId(), authorization);
        if (rep.getOwner().getId().equals(settingsModel.getId())) {
            rep.setOwner((ResourceOwnerRepresentation) null);
        } else {
            rep.getOwner().setId(null);
        }
        rep.getScopes().forEach(scopeRepresentation -> {
            scopeRepresentation.setId(null);
            scopeRepresentation.setIconUri(null);
        });
        return rep;
    }).collect(Collectors.toList());
    representation.setResources(resources);
    List<PolicyRepresentation> policies = new ArrayList<>();
    PolicyStore policyStore = storeFactory.getPolicyStore();
    policies.addAll(policyStore.findByResourceServer(settingsModel.getId()).stream().filter(policy -> !policy.getType().equals("resource") && !policy.getType().equals("scope") && policy.getOwner() == null).map(policy -> createPolicyRepresentation(authorization, policy)).collect(Collectors.toList()));
    policies.addAll(policyStore.findByResourceServer(settingsModel.getId()).stream().filter(policy -> (policy.getType().equals("resource") || policy.getType().equals("scope") && policy.getOwner() == null)).map(policy -> createPolicyRepresentation(authorization, policy)).collect(Collectors.toList()));
    representation.setPolicies(policies);
    List<ScopeRepresentation> scopes = storeFactory.getScopeStore().findByResourceServer(settingsModel.getId()).stream().map(scope -> {
        ScopeRepresentation rep = toRepresentation(scope);
        rep.setPolicies(null);
        rep.setResources(null);
        return rep;
    }).collect(Collectors.toList());
    representation.setScopes(scopes);
    return representation;
}
Also used : ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Version(org.keycloak.common.Version) RoleContainerModel(org.keycloak.models.RoleContainerModel) Map(java.util.Map) ModelToRepresentation.toRepresentation(org.keycloak.models.utils.ModelToRepresentation.toRepresentation) CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation) UserConsentRepresentation(org.keycloak.representations.idm.UserConsentRepresentation) ResourceOwnerRepresentation(org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) ClientScopeModel(org.keycloak.models.ClientScopeModel) RealmModel(org.keycloak.models.RealmModel) FederatedIdentityRepresentation(org.keycloak.representations.idm.FederatedIdentityRepresentation) Collection(java.util.Collection) AuthorizationProviderFactory(org.keycloak.authorization.AuthorizationProviderFactory) Set(java.util.Set) RoleModel(org.keycloak.models.RoleModel) PolicyStore(org.keycloak.authorization.store.PolicyStore) Collectors(java.util.stream.Collectors) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) ModelToRepresentation(org.keycloak.models.utils.ModelToRepresentation) ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) List(java.util.List) Stream(java.util.stream.Stream) ClientModel(org.keycloak.models.ClientModel) Scope(org.keycloak.authorization.model.Scope) Profile(org.keycloak.common.Profile) JsonGenerator(com.fasterxml.jackson.core.JsonGenerator) ScopeMappingRepresentation(org.keycloak.representations.idm.ScopeMappingRepresentation) StoreFactory(org.keycloak.authorization.store.StoreFactory) HashMap(java.util.HashMap) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) UserModel(org.keycloak.models.UserModel) ComponentExportRepresentation(org.keycloak.representations.idm.ComponentExportRepresentation) JsonEncoding(com.fasterxml.jackson.core.JsonEncoding) ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation) LinkedList(java.util.LinkedList) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) ResourceServer(org.keycloak.authorization.model.ResourceServer) FederatedIdentityModel(org.keycloak.models.FederatedIdentityModel) OutputStream(java.io.OutputStream) RolesRepresentation(org.keycloak.representations.idm.RolesRepresentation) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) CredentialModel(org.keycloak.credential.CredentialModel) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) KeycloakSession(org.keycloak.models.KeycloakSession) IOException(java.io.IOException) JsonSerialization(org.keycloak.util.JsonSerialization) Policy(org.keycloak.authorization.model.Policy) JsonFactory(com.fasterxml.jackson.core.JsonFactory) SerializationFeature(com.fasterxml.jackson.databind.SerializationFeature) MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap) Resource(org.keycloak.authorization.model.Resource) ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) ArrayList(java.util.ArrayList) ResourceOwnerRepresentation(org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation) StoreFactory(org.keycloak.authorization.store.StoreFactory) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) AuthorizationProviderFactory(org.keycloak.authorization.AuthorizationProviderFactory) ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation) PolicyStore(org.keycloak.authorization.store.PolicyStore) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Example 5 with ResourceOwnerRepresentation

use of org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation in project keycloak by keycloak.

the class AuthorizationTest method createResource.

@NotNull
private ResourceRepresentation createResource(String name, String owner, String... scopes) {
    ResourceRepresentation resource = new ResourceRepresentation();
    resource.setName(name);
    resource.setOwner(owner != null ? new ResourceOwnerRepresentation(owner) : null);
    resource.addScope(scopes);
    Response response = getClient().authorization().resources().create(resource);
    ResourceRepresentation stored = response.readEntity(ResourceRepresentation.class);
    response.close();
    resource.setId(stored.getId());
    return resource;
}
Also used : AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Response(javax.ws.rs.core.Response) ResourceOwnerRepresentation(org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) NotNull(org.jetbrains.annotations.NotNull)

Aggregations

ResourceOwnerRepresentation (org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation)9 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)7 List (java.util.List)3 Resource (org.keycloak.authorization.model.Resource)3 KeycloakSession (org.keycloak.models.KeycloakSession)3 RealmModel (org.keycloak.models.RealmModel)3 UserModel (org.keycloak.models.UserModel)3 ScopeRepresentation (org.keycloak.representations.idm.authorization.ScopeRepresentation)3 ArrayList (java.util.ArrayList)2 HashMap (java.util.HashMap)2 LinkedList (java.util.LinkedList)2 Response (javax.ws.rs.core.Response)2 ResourceServer (org.keycloak.authorization.model.ResourceServer)2 StoreFactory (org.keycloak.authorization.store.StoreFactory)2 JsonEncoding (com.fasterxml.jackson.core.JsonEncoding)1 JsonFactory (com.fasterxml.jackson.core.JsonFactory)1 JsonGenerator (com.fasterxml.jackson.core.JsonGenerator)1 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 SerializationFeature (com.fasterxml.jackson.databind.SerializationFeature)1 IOException (java.io.IOException)1