Example 1 with RolePolicyRepresentation
use of org.keycloak.representations.idm.authorization.RolePolicyRepresentation in project keycloak by keycloak.
the class UMAPolicyProviderFactory method onUpdate.
@Override
public void onUpdate(Policy policy, UmaPermissionRepresentation representation, AuthorizationProvider authorization) {
PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
for (Policy associatedPolicy : associatedPolicies) {
AbstractPolicyRepresentation associatedRep = ModelToRepresentation.toRepresentation(associatedPolicy, authorization, false, false);
if ("role".equals(associatedRep.getType())) {
RolePolicyRepresentation rep = RolePolicyRepresentation.class.cast(associatedRep);
rep.setRoles(new HashSet<>());
Set<String> updatedRoles = representation.getRoles();
if (updatedRoles != null) {
for (String role : updatedRoles) {
rep.addRole(role);
}
}
if (rep.getRoles().isEmpty()) {
policyStore.delete(associatedPolicy.getId());
} else {
RepresentationToModel.toModel(rep, authorization, associatedPolicy);
}
} else if ("js".equals(associatedRep.getType())) {
JSPolicyRepresentation rep = JSPolicyRepresentation.class.cast(associatedRep);
if (representation.getCondition() != null) {
rep.setCode(representation.getCondition());
RepresentationToModel.toModel(rep, authorization, associatedPolicy);
} else {
policyStore.delete(associatedPolicy.getId());
}
} else if ("group".equals(associatedRep.getType())) {
GroupPolicyRepresentation rep = GroupPolicyRepresentation.class.cast(associatedRep);
rep.setGroups(new HashSet<>());
Set<String> updatedGroups = representation.getGroups();
if (updatedGroups != null) {
for (String group : updatedGroups) {
rep.addGroupPath(group);
}
}
if (rep.getGroups().isEmpty()) {
policyStore.delete(associatedPolicy.getId());
} else {
RepresentationToModel.toModel(rep, authorization, associatedPolicy);
}
} else if ("client".equals(associatedRep.getType())) {
ClientPolicyRepresentation rep = ClientPolicyRepresentation.class.cast(associatedRep);
rep.setClients(new HashSet<>());
Set<String> updatedClients = representation.getClients();
if (updatedClients != null) {
for (String client : updatedClients) {
rep.addClient(client);
}
}
if (rep.getClients().isEmpty()) {
policyStore.delete(associatedPolicy.getId());
} else {
RepresentationToModel.toModel(rep, authorization, associatedPolicy);
}
} else if ("user".equals(associatedRep.getType())) {
UserPolicyRepresentation rep = UserPolicyRepresentation.class.cast(associatedRep);
rep.setUsers(new HashSet<>());
Set<String> updatedUsers = representation.getUsers();
if (updatedUsers != null) {
for (String user : updatedUsers) {
rep.addUser(user);
}
}
if (rep.getUsers().isEmpty()) {
policyStore.delete(associatedPolicy.getId());
} else {
RepresentationToModel.toModel(rep, authorization, associatedPolicy);
}
}
}
Set<String> updatedRoles = representation.getRoles();
if (updatedRoles != null) {
boolean createPolicy = true;
for (Policy associatedPolicy : associatedPolicies) {
if ("role".equals(associatedPolicy.getType())) {
createPolicy = false;
}
}
if (createPolicy) {
for (String role : updatedRoles) {
createRolePolicy(policy, policyStore, role, policy.getOwner());
}
}
}
Set<String> updatedGroups = representation.getGroups();
if (updatedGroups != null) {
boolean createPolicy = true;
for (Policy associatedPolicy : associatedPolicies) {
if ("group".equals(associatedPolicy.getType())) {
createPolicy = false;
}
}
if (createPolicy) {
for (String group : updatedGroups) {
createGroupPolicy(policy, policyStore, group, policy.getOwner());
}
}
}
Set<String> updatedClients = representation.getClients();
if (updatedClients != null) {
boolean createPolicy = true;
for (Policy associatedPolicy : associatedPolicies) {
if ("client".equals(associatedPolicy.getType())) {
createPolicy = false;
}
}
if (createPolicy) {
for (String client : updatedClients) {
createClientPolicy(policy, policyStore, client, policy.getOwner());
}
}
}
Set<String> updatedUsers = representation.getUsers();
if (updatedUsers != null) {
boolean createPolicy = true;
for (Policy associatedPolicy : associatedPolicies) {
if ("user".equals(associatedPolicy.getType())) {
createPolicy = false;
}
}
if (createPolicy) {
for (String user : updatedUsers) {
createUserPolicy(policy, policyStore, user, policy.getOwner());
}
}
}
String condition = representation.getCondition();
if (condition != null) {
boolean createPolicy = true;
for (Policy associatedPolicy : associatedPolicies) {
if ("js".equals(associatedPolicy.getType())) {
createPolicy = false;
}
}
if (createPolicy) {
createJSPolicy(policy, policyStore, condition, policy.getOwner());
}
}
}
Also used :
Policy(org.keycloak.authorization.model.Policy)
RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation)
ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)
HashSet(java.util.HashSet)
Set(java.util.Set)
JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation)
GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation)
AbstractPolicyRepresentation(org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation)
UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation)
PolicyStore(org.keycloak.authorization.store.PolicyStore)
HashSet(java.util.HashSet)
Example 2 with RolePolicyRepresentation
use of org.keycloak.representations.idm.authorization.RolePolicyRepresentation in project keycloak by keycloak.
the class RolePolicyTest method createRealmRolePolicy.
private void createRealmRolePolicy(String name, String... roles) {
RolePolicyRepresentation policy = new RolePolicyRepresentation();
policy.setName(name);
for (String role : roles) {
policy.addRole(role);
}
getClient().authorization().policies().role().create(policy).close();
}
Also used :
RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation)
Example 3 with RolePolicyRepresentation
use of org.keycloak.representations.idm.authorization.RolePolicyRepresentation in project keycloak by keycloak.
the class RolePolicyManagementTest method testCreateRealmRolePolicy.
@Test
public void testCreateRealmRolePolicy() {
AuthorizationResource authorization = getClient().authorization();
RolePolicyRepresentation representation = new RolePolicyRepresentation();
representation.setName("Realm Role Policy");
representation.setDescription("description");
representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
representation.setLogic(Logic.NEGATIVE);
representation.addRole("Role A", false);
representation.addRole("Role B", true);
assertCreated(authorization, representation);
}
Also used :
RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation)
AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource)
Test(org.junit.Test)
Example 4 with RolePolicyRepresentation
use of org.keycloak.representations.idm.authorization.RolePolicyRepresentation in project keycloak by keycloak.
the class RolePolicyManagementTest method assertPolicy.
private RolePolicyRepresentation assertPolicy(RolePolicyRepresentation expected, RolePolicy policy) {
RolePolicyRepresentation actual = policy.toRepresentation();
assertEquals(expected.getName(), actual.getName());
assertEquals(expected.getDescription(), actual.getDescription());
assertEquals(expected.getLogic(), actual.getLogic());
assertNotNull(actual.getRoles());
assertEquals(expected.getRoles().size(), actual.getRoles().size());
assertEquals(0, actual.getRoles().stream().filter(actualDefinition -> !expected.getRoles().stream().filter(roleDefinition -> actualDefinition.getId().contains(roleDefinition.getId().indexOf("/") != -1 ? roleDefinition.getId().split("/")[1] : roleDefinition.getId()) && actualDefinition.isRequired() == roleDefinition.isRequired()).findFirst().isPresent()).count());
return actual;
}
Also used :
RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation)
Example 5 with RolePolicyRepresentation
use of org.keycloak.representations.idm.authorization.RolePolicyRepresentation in project keycloak by keycloak.
the class RolePolicyManagementTest method testDeleteFromList.
@Test
public void testDeleteFromList() throws InterruptedException {
authorizationPage.navigateTo();
RolePolicyRepresentation expected = new RolePolicyRepresentation();
expected.setName("Test Delete Role Policy");
expected.setDescription("description");
expected.addRole("Realm Role A");
expected.addRole("Realm Role B");
expected.addRole("Realm Role C");
expected = createPolicy(expected);
authorizationPage.navigateTo();
authorizationPage.authorizationTabs().policies().deleteFromList(expected.getName());
authorizationPage.navigateTo();
assertNull(authorizationPage.authorizationTabs().policies().policies().findByName(expected.getName()));
}
Also used :
RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation)
Test(org.junit.Test)
Aggregations
RolePolicyRepresentation (org.keycloak.representations.idm.authorization.RolePolicyRepresentation)30
Test (org.junit.Test)16
AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)8
RolePoliciesResource (org.keycloak.admin.client.resource.RolePoliciesResource)8
UserPolicyRepresentation (org.keycloak.representations.idm.authorization.UserPolicyRepresentation)7
RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)6
RolesResource (org.keycloak.admin.client.resource.RolesResource)5
JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)5
RolePolicyResource (org.keycloak.admin.client.resource.RolePolicyResource)4
AggregatePolicyRepresentation (org.keycloak.representations.idm.authorization.AggregatePolicyRepresentation)4
ClientPolicyRepresentation (org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)4
GroupPolicyRepresentation (org.keycloak.representations.idm.authorization.GroupPolicyRepresentation)4
Response (javax.ws.rs.core.Response)3
Before (org.junit.Before)3
PoliciesResource (org.keycloak.admin.client.resource.PoliciesResource)3
Policy (org.keycloak.authorization.model.Policy)3
AbstractPolicyRepresentation (org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation)3
AggregatePolicy (org.keycloak.testsuite.console.page.clients.authorization.policy.AggregatePolicy)3
RolePolicy (org.keycloak.testsuite.console.page.clients.authorization.policy.RolePolicy)3
ResourcesResource (org.keycloak.admin.client.resource.ResourcesResource)2
