Examples with RolePolicyRepresentation org.keycloak.representations.idm.authorization.RolePolicyRepresentation used on opensource projects

Search in sources :

Example 11 with RolePolicyRepresentation

use of org.keycloak.representations.idm.authorization.RolePolicyRepresentation in project keycloak by keycloak.

the class UMAPolicyProviderFactory method createRolePolicy.

private void createRolePolicy(Policy policy, PolicyStore policyStore, String role, String owner) {
    RolePolicyRepresentation rep = new RolePolicyRepresentation();
    rep.setName(KeycloakModelUtils.generateId());
    rep.addRole(role, false);
    Policy associatedPolicy = policyStore.create(rep, policy.getResourceServer());
    associatedPolicy.setOwner(owner);
    policy.addAssociatedPolicy(associatedPolicy);
}
Also used : Policy(org.keycloak.authorization.model.Policy) RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation)

Example 12 with RolePolicyRepresentation

use of org.keycloak.representations.idm.authorization.RolePolicyRepresentation in project keycloak by keycloak.

the class UMAPolicyProviderFactory method toRepresentation.

@Override
public UmaPermissionRepresentation toRepresentation(Policy policy, AuthorizationProvider authorization) {
    UmaPermissionRepresentation representation = new UmaPermissionRepresentation();
    representation.setScopes(policy.getScopes().stream().map(Scope::getName).collect(Collectors.toSet()));
    representation.setOwner(policy.getOwner());
    for (Policy associatedPolicy : policy.getAssociatedPolicies()) {
        AbstractPolicyRepresentation associatedRep = ModelToRepresentation.toRepresentation(associatedPolicy, authorization, false, false);
        RealmModel realm = authorization.getRealm();
        if ("role".equals(associatedRep.getType())) {
            RolePolicyRepresentation rep = RolePolicyRepresentation.class.cast(associatedRep);
            for (RoleDefinition definition : rep.getRoles()) {
                RoleModel role = realm.getRoleById(definition.getId());
                if (role.isClientRole()) {
                    representation.addClientRole(ClientModel.class.cast(role.getContainer()).getClientId(), role.getName());
                } else {
                    representation.addRole(role.getName());
                }
            }
        } else if ("js".equals(associatedRep.getType())) {
            JSPolicyRepresentation rep = JSPolicyRepresentation.class.cast(associatedRep);
            representation.setCondition(rep.getCode());
        } else if ("group".equals(associatedRep.getType())) {
            GroupPolicyRepresentation rep = GroupPolicyRepresentation.class.cast(associatedRep);
            for (GroupDefinition definition : rep.getGroups()) {
                representation.addGroup(ModelToRepresentation.buildGroupPath(realm.getGroupById(definition.getId())));
            }
        } else if ("client".equals(associatedRep.getType())) {
            ClientPolicyRepresentation rep = ClientPolicyRepresentation.class.cast(associatedRep);
            for (String client : rep.getClients()) {
                representation.addClient(realm.getClientById(client).getClientId());
            }
        } else if ("user".equals(associatedPolicy.getType())) {
            UserPolicyRepresentation rep = UserPolicyRepresentation.class.cast(associatedRep);
            for (String user : rep.getUsers()) {
                representation.addUser(authorization.getKeycloakSession().users().getUserById(realm, user).getUsername());
            }
        }
    }
    return representation;
}
Also used : Policy(org.keycloak.authorization.model.Policy) RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) RoleDefinition(org.keycloak.representations.idm.authorization.RolePolicyRepresentation.RoleDefinition) RoleModel(org.keycloak.models.RoleModel) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation) AbstractPolicyRepresentation(org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation) RealmModel(org.keycloak.models.RealmModel) Scope(org.keycloak.authorization.model.Scope) GroupDefinition(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation.GroupDefinition) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation)

Example 13 with RolePolicyRepresentation

use of org.keycloak.representations.idm.authorization.RolePolicyRepresentation in project keycloak by keycloak.

the class RolePolicyManagementTest method testCreateClientRolePolicy.

@Test
public void testCreateClientRolePolicy() {
    ClientResource client = getClient();
    AuthorizationResource authorization = client.authorization();
    RolePolicyRepresentation representation = new RolePolicyRepresentation();
    representation.setName("Realm Client Role Policy");
    representation.setDescription("description");
    representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
    representation.setLogic(Logic.NEGATIVE);
    RolesResource roles = client.roles();
    roles.create(new RoleRepresentation("Client Role A", "desc", false));
    ClientRepresentation clientRep = client.toRepresentation();
    roles.create(new RoleRepresentation("Client Role B", "desc", false));
    representation.addRole("resource-server-test/Client Role A");
    representation.addClientRole(clientRep.getClientId(), "Client Role B", true);
    assertCreated(authorization, representation);
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) RolesResource(org.keycloak.admin.client.resource.RolesResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test)

Example 14 with RolePolicyRepresentation

use of org.keycloak.representations.idm.authorization.RolePolicyRepresentation in project keycloak by keycloak.

the class RolePolicyManagementTest method testGenericConfig.

@Test
public void testGenericConfig() {
    AuthorizationResource authorization = getClient().authorization();
    RolePolicyRepresentation representation = new RolePolicyRepresentation();
    representation.setName("Test Generic Config  Permission");
    representation.addRole("Role A", false);
    RolePoliciesResource policies = authorization.policies().role();
    try (Response response = policies.create(representation)) {
        RolePolicyRepresentation created = response.readEntity(RolePolicyRepresentation.class);
        PolicyResource policy = authorization.policies().policy(created.getId());
        PolicyRepresentation genericConfig = policy.toRepresentation();
        assertNotNull(genericConfig.getConfig());
        assertNotNull(genericConfig.getConfig().get("roles"));
        RoleRepresentation role = getRealm().roles().get("Role A").toRepresentation();
        assertTrue(genericConfig.getConfig().get("roles").contains(role.getId()));
    }
}
Also used : Response(javax.ws.rs.core.Response) RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation) RolePolicyResource(org.keycloak.admin.client.resource.RolePolicyResource) PolicyResource(org.keycloak.admin.client.resource.PolicyResource) RolePoliciesResource(org.keycloak.admin.client.resource.RolePoliciesResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) Test(org.junit.Test)

Example 15 with RolePolicyRepresentation

use of org.keycloak.representations.idm.authorization.RolePolicyRepresentation in project keycloak by keycloak.

the class RolePolicyManagementTest method testUpdate.

@Test
public void testUpdate() {
    AuthorizationResource authorization = getClient().authorization();
    RolePolicyRepresentation representation = new RolePolicyRepresentation();
    representation.setName("Update Test Role Policy");
    representation.setDescription("description");
    representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
    representation.setLogic(Logic.NEGATIVE);
    representation.addRole("Role A", false);
    representation.addRole("Role B", true);
    representation.addRole("Role C", false);
    assertCreated(authorization, representation);
    representation.setName("changed");
    representation.setDescription("changed");
    representation.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
    representation.setLogic(Logic.POSITIVE);
    representation.setRoles(representation.getRoles().stream().filter(roleDefinition -> !roleDefinition.getId().equals("Resource A")).collect(Collectors.toSet()));
    RolePoliciesResource policies = authorization.policies().role();
    RolePolicyResource permission = policies.findById(representation.getId());
    permission.update(representation);
    assertRepresentation(representation, permission);
    for (RolePolicyRepresentation.RoleDefinition roleDefinition : representation.getRoles()) {
        if (roleDefinition.getId().equals("Role B")) {
            roleDefinition.setRequired(false);
        }
        if (roleDefinition.getId().equals("Role C")) {
            roleDefinition.setRequired(true);
        }
    }
    permission.update(representation);
    assertRepresentation(representation, permission);
}
Also used : RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation) RolePoliciesResource(org.keycloak.admin.client.resource.RolePoliciesResource) RolePolicyResource(org.keycloak.admin.client.resource.RolePolicyResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) Test(org.junit.Test)

Aggregations

RolePolicyRepresentation (org.keycloak.representations.idm.authorization.RolePolicyRepresentation)30 Test (org.junit.Test)16 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)8 RolePoliciesResource (org.keycloak.admin.client.resource.RolePoliciesResource)8 UserPolicyRepresentation (org.keycloak.representations.idm.authorization.UserPolicyRepresentation)7 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)6 RolesResource (org.keycloak.admin.client.resource.RolesResource)5 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)5 RolePolicyResource (org.keycloak.admin.client.resource.RolePolicyResource)4 AggregatePolicyRepresentation (org.keycloak.representations.idm.authorization.AggregatePolicyRepresentation)4 ClientPolicyRepresentation (org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)4 GroupPolicyRepresentation (org.keycloak.representations.idm.authorization.GroupPolicyRepresentation)4 Response (javax.ws.rs.core.Response)3 Before (org.junit.Before)3 PoliciesResource (org.keycloak.admin.client.resource.PoliciesResource)3 Policy (org.keycloak.authorization.model.Policy)3 AbstractPolicyRepresentation (org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation)3 AggregatePolicy (org.keycloak.testsuite.console.page.clients.authorization.policy.AggregatePolicy)3 RolePolicy (org.keycloak.testsuite.console.page.clients.authorization.policy.RolePolicy)3 ResourcesResource (org.keycloak.admin.client.resource.ResourcesResource)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial