Example 31 with UserPolicyRepresentation
use of org.keycloak.representations.idm.authorization.UserPolicyRepresentation in project keycloak by keycloak.
the class UMAPolicyProviderFactory method toRepresentation.
@Override
public UmaPermissionRepresentation toRepresentation(Policy policy, AuthorizationProvider authorization) {
UmaPermissionRepresentation representation = new UmaPermissionRepresentation();
representation.setScopes(policy.getScopes().stream().map(Scope::getName).collect(Collectors.toSet()));
representation.setOwner(policy.getOwner());
for (Policy associatedPolicy : policy.getAssociatedPolicies()) {
AbstractPolicyRepresentation associatedRep = ModelToRepresentation.toRepresentation(associatedPolicy, authorization, false, false);
RealmModel realm = authorization.getRealm();
if ("role".equals(associatedRep.getType())) {
RolePolicyRepresentation rep = RolePolicyRepresentation.class.cast(associatedRep);
for (RoleDefinition definition : rep.getRoles()) {
RoleModel role = realm.getRoleById(definition.getId());
if (role.isClientRole()) {
representation.addClientRole(ClientModel.class.cast(role.getContainer()).getClientId(), role.getName());
} else {
representation.addRole(role.getName());
}
}
} else if ("js".equals(associatedRep.getType())) {
JSPolicyRepresentation rep = JSPolicyRepresentation.class.cast(associatedRep);
representation.setCondition(rep.getCode());
} else if ("group".equals(associatedRep.getType())) {
GroupPolicyRepresentation rep = GroupPolicyRepresentation.class.cast(associatedRep);
for (GroupDefinition definition : rep.getGroups()) {
representation.addGroup(ModelToRepresentation.buildGroupPath(realm.getGroupById(definition.getId())));
}
} else if ("client".equals(associatedRep.getType())) {
ClientPolicyRepresentation rep = ClientPolicyRepresentation.class.cast(associatedRep);
for (String client : rep.getClients()) {
representation.addClient(realm.getClientById(client).getClientId());
}
} else if ("user".equals(associatedPolicy.getType())) {
UserPolicyRepresentation rep = UserPolicyRepresentation.class.cast(associatedRep);
for (String user : rep.getUsers()) {
representation.addUser(authorization.getKeycloakSession().users().getUserById(realm, user).getUsername());
}
}
}
return representation;
}
Also used :
Policy(org.keycloak.authorization.model.Policy)
RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation)
ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)
JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation)
RoleDefinition(org.keycloak.representations.idm.authorization.RolePolicyRepresentation.RoleDefinition)
RoleModel(org.keycloak.models.RoleModel)
UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation)
GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation)
AbstractPolicyRepresentation(org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation)
RealmModel(org.keycloak.models.RealmModel)
Scope(org.keycloak.authorization.model.Scope)
GroupDefinition(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation.GroupDefinition)
UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation)
Example 32 with UserPolicyRepresentation
use of org.keycloak.representations.idm.authorization.UserPolicyRepresentation in project keycloak by keycloak.
the class UserPolicyProviderFactory method onExport.
@Override
public void onExport(Policy policy, PolicyRepresentation representation, AuthorizationProvider authorizationProvider) {
UserPolicyRepresentation userRep = toRepresentation(policy, authorizationProvider);
Map<String, String> config = new HashMap<>();
try {
UserProvider userProvider = authorizationProvider.getKeycloakSession().users();
RealmModel realm = authorizationProvider.getRealm();
config.put("users", JsonSerialization.writeValueAsString(userRep.getUsers().stream().map(id -> userProvider.getUserById(realm, id).getUsername()).collect(Collectors.toList())));
} catch (IOException cause) {
throw new RuntimeException("Failed to export user policy [" + policy.getName() + "]", cause);
}
representation.setConfig(config);
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
PolicyProviderFactory(org.keycloak.authorization.policy.provider.PolicyProviderFactory)
RealmModel(org.keycloak.models.RealmModel)
Set(java.util.Set)
KeycloakSession(org.keycloak.models.KeycloakSession)
IOException(java.io.IOException)
HashMap(java.util.HashMap)
Config(org.keycloak.Config)
Collectors(java.util.stream.Collectors)
PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation)
HashSet(java.util.HashSet)
JsonSerialization(org.keycloak.util.JsonSerialization)
Policy(org.keycloak.authorization.model.Policy)
UserProvider(org.keycloak.models.UserProvider)
UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation)
UserModel(org.keycloak.models.UserModel)
Map(java.util.Map)
KeycloakSessionFactory(org.keycloak.models.KeycloakSessionFactory)
AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider)
PolicyProvider(org.keycloak.authorization.policy.provider.PolicyProvider)
HashMap(java.util.HashMap)
UserProvider(org.keycloak.models.UserProvider)
UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation)
IOException(java.io.IOException)
Example 33 with UserPolicyRepresentation
use of org.keycloak.representations.idm.authorization.UserPolicyRepresentation in project keycloak by keycloak.
the class Policies method update.
public void update(String name, AbstractPolicyRepresentation representation) {
for (WebElement row : policies().rows()) {
PolicyRepresentation actual = policies().toRepresentation(row);
if (actual.getName().equalsIgnoreCase(name)) {
clickLink(row.findElements(tagName("a")).get(0));
String type = representation.getType();
if ("role".equals(type)) {
rolePolicy.form().populate((RolePolicyRepresentation) representation, true);
} else if ("user".equals(type)) {
userPolicy.form().populate((UserPolicyRepresentation) representation, true);
} else if ("aggregate".equals(type)) {
aggregatePolicy.form().populate((AggregatePolicyRepresentation) representation, true);
} else if ("js".equals(type)) {
jsPolicy.form().populate((JSPolicyRepresentation) representation, true);
} else if ("time".equals(type)) {
timePolicy.form().populate((TimePolicyRepresentation) representation, true);
} else if ("client".equals(type)) {
clientPolicy.form().populate((ClientPolicyRepresentation) representation, true);
} else if ("group".equals(type)) {
groupPolicy.form().populate((GroupPolicyRepresentation) representation, true);
}
return;
}
}
}
Also used :
RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation)
AbstractPolicyRepresentation(org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation)
GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation)
TimePolicyRepresentation(org.keycloak.representations.idm.authorization.TimePolicyRepresentation)
PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation)
UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation)
AggregatePolicyRepresentation(org.keycloak.representations.idm.authorization.AggregatePolicyRepresentation)
JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation)
ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)
ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)
UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation)
JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation)
WebElement(org.openqa.selenium.WebElement)
Aggregations
UserPolicyRepresentation (org.keycloak.representations.idm.authorization.UserPolicyRepresentation)33
Test (org.junit.Test)15
AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)11
Policy (org.keycloak.authorization.model.Policy)10
Response (javax.ws.rs.core.Response)7
RolePolicyRepresentation (org.keycloak.representations.idm.authorization.RolePolicyRepresentation)7
RealmModel (org.keycloak.models.RealmModel)6
UserModel (org.keycloak.models.UserModel)6
JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)6
Before (org.junit.Before)4
Keycloak (org.keycloak.admin.client.Keycloak)4
UserPoliciesResource (org.keycloak.admin.client.resource.UserPoliciesResource)4
UserPolicyResource (org.keycloak.admin.client.resource.UserPolicyResource)4
ClientModel (org.keycloak.models.ClientModel)4
RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)4
ClientPolicyRepresentation (org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)4
GroupPolicyRepresentation (org.keycloak.representations.idm.authorization.GroupPolicyRepresentation)4
PolicyRepresentation (org.keycloak.representations.idm.authorization.PolicyRepresentation)4
ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)4
AdminPermissionManagement (org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)4
