Remove RealmModel from authorization services interfaces (#26708)
Closes #26530 Signed-off-by: Michal Hajas <mhajas@redhat.com>
This commit is contained in:
parent
277af021d7
commit
00742a62dd
55 changed files with 343 additions and 458 deletions
|
@ -140,7 +140,7 @@ public class ClientPolicyProviderFactory implements PolicyProviderFactory<Client
|
|||
|
||||
try {
|
||||
if (clients.isEmpty()) {
|
||||
policyStore.delete(removedClient.getRealm(), policy.getId());
|
||||
policyStore.delete(policy.getId());
|
||||
} else {
|
||||
policy.putConfig("clients", JsonSerialization.writeValueAsString(clients));
|
||||
}
|
||||
|
|
|
@ -69,13 +69,12 @@ public class ClientScopePolicyProviderFactory implements PolicyProviderFactory<C
|
|||
StoreFactory storeFactory = provider.getStoreFactory();
|
||||
PolicyStore policyStore = storeFactory.getPolicyStore();
|
||||
ClientScopeModel removedClientScope = ((ClientScopeRemovedEvent) event).getClientScope();
|
||||
RealmModel realm = ((ClientScopeRemovedEvent) event).getClientScope().getRealm();
|
||||
|
||||
Map<Policy.FilterOption, String[]> filters = new HashMap<>();
|
||||
|
||||
filters.put(Policy.FilterOption.TYPE, new String[] { getId() });
|
||||
|
||||
policyStore.find(realm, null, filters, null, null).forEach(new Consumer<Policy>() {
|
||||
policyStore.find(null, filters, null, null).forEach(new Consumer<Policy>() {
|
||||
|
||||
@Override
|
||||
public void accept(Policy policy) {
|
||||
|
@ -94,7 +93,7 @@ public class ClientScopePolicyProviderFactory implements PolicyProviderFactory<C
|
|||
}
|
||||
|
||||
if (clientScopes.isEmpty()) {
|
||||
policyStore.delete(realm, policy.getId());
|
||||
policyStore.delete(policy.getId());
|
||||
} else {
|
||||
try {
|
||||
policy.putConfig("clientScopes", JsonSerialization.writeValueAsString(clientScopes));
|
||||
|
|
|
@ -125,7 +125,6 @@ public class UMAPolicyProviderFactory implements PolicyProviderFactory<UmaPermis
|
|||
public void onUpdate(Policy policy, UmaPermissionRepresentation representation, AuthorizationProvider authorization) {
|
||||
PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
|
||||
Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
|
||||
RealmModel realm = policy.getResourceServer().getRealm();
|
||||
|
||||
for (Policy associatedPolicy : associatedPolicies) {
|
||||
AbstractPolicyRepresentation associatedRep = ModelToRepresentation.toRepresentation(associatedPolicy, authorization, false, false);
|
||||
|
@ -144,7 +143,7 @@ public class UMAPolicyProviderFactory implements PolicyProviderFactory<UmaPermis
|
|||
}
|
||||
|
||||
if (rep.getRoles().isEmpty()) {
|
||||
policyStore.delete(realm, associatedPolicy.getId());
|
||||
policyStore.delete(associatedPolicy.getId());
|
||||
} else {
|
||||
RepresentationToModel.toModel(rep, authorization, associatedPolicy);
|
||||
}
|
||||
|
@ -155,7 +154,7 @@ public class UMAPolicyProviderFactory implements PolicyProviderFactory<UmaPermis
|
|||
rep.setType(representation.getCondition());
|
||||
RepresentationToModel.toModel(rep, authorization, associatedPolicy);
|
||||
} else {
|
||||
policyStore.delete(realm, associatedPolicy.getId());
|
||||
policyStore.delete(associatedPolicy.getId());
|
||||
}
|
||||
} else if ("group".equals(associatedRep.getType())) {
|
||||
GroupPolicyRepresentation rep = GroupPolicyRepresentation.class.cast(associatedRep);
|
||||
|
@ -171,7 +170,7 @@ public class UMAPolicyProviderFactory implements PolicyProviderFactory<UmaPermis
|
|||
}
|
||||
|
||||
if (rep.getGroups().isEmpty()) {
|
||||
policyStore.delete(realm, associatedPolicy.getId());
|
||||
policyStore.delete(associatedPolicy.getId());
|
||||
} else {
|
||||
RepresentationToModel.toModel(rep, authorization, associatedPolicy);
|
||||
}
|
||||
|
@ -189,7 +188,7 @@ public class UMAPolicyProviderFactory implements PolicyProviderFactory<UmaPermis
|
|||
}
|
||||
|
||||
if (rep.getClients().isEmpty()) {
|
||||
policyStore.delete(realm, associatedPolicy.getId());
|
||||
policyStore.delete(associatedPolicy.getId());
|
||||
} else {
|
||||
RepresentationToModel.toModel(rep, authorization, associatedPolicy);
|
||||
}
|
||||
|
@ -207,7 +206,7 @@ public class UMAPolicyProviderFactory implements PolicyProviderFactory<UmaPermis
|
|||
}
|
||||
|
||||
if (rep.getUsers().isEmpty()) {
|
||||
policyStore.delete(realm, associatedPolicy.getId());
|
||||
policyStore.delete(associatedPolicy.getId());
|
||||
} else {
|
||||
RepresentationToModel.toModel(rep, authorization, associatedPolicy);
|
||||
}
|
||||
|
@ -365,10 +364,9 @@ public class UMAPolicyProviderFactory implements PolicyProviderFactory<UmaPermis
|
|||
@Override
|
||||
public void onRemove(Policy policy, AuthorizationProvider authorization) {
|
||||
PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
|
||||
RealmModel realm = policy.getResourceServer().getRealm();
|
||||
|
||||
for (Policy associatedPolicy : policy.getAssociatedPolicies()) {
|
||||
policyStore.delete(realm, associatedPolicy.getId());
|
||||
policyStore.delete(associatedPolicy.getId());
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -246,7 +246,7 @@ public class RolePolicyProviderFactory implements PolicyProviderFactory<RolePoli
|
|||
|
||||
try {
|
||||
if (roles.isEmpty()) {
|
||||
policyStore.delete(clientModel.getRealm(), policy.getId());
|
||||
policyStore.delete(policy.getId());
|
||||
} else {
|
||||
policy.putConfig("roles", JsonSerialization.writeValueAsString(roles));
|
||||
}
|
||||
|
|
|
@ -45,15 +45,6 @@ public class InfinispanCacheStoreFactoryProviderFactory implements CachedStorePr
|
|||
|
||||
protected volatile StoreFactoryCacheManager storeCache;
|
||||
|
||||
/**
|
||||
* Legacy store doesn't store realm id for any entity and no method there is using new introduced RealmModel parameter.
|
||||
* The parameter was introduced for usage only in the new storage. Therefore, in some cases we may break our rule specified in JavaDoc
|
||||
* and use {@code null} value as parameter that otherwise cannot be {@code null}. We need to be careful and place such value only to a method call
|
||||
* that cannot end up in the new store because it would end with {@link NullPointerException}. To mark all places where we do this,
|
||||
* we use this variable so it is easily searchable.
|
||||
*/
|
||||
public static final RealmModel NULL_REALM = null;
|
||||
|
||||
@Override
|
||||
public CachedStoreFactoryProvider create(KeycloakSession session) {
|
||||
lazyInit(session);
|
||||
|
|
|
@ -22,7 +22,6 @@ import org.keycloak.authorization.model.Policy;
|
|||
import org.keycloak.authorization.model.Resource;
|
||||
import org.keycloak.authorization.model.ResourceServer;
|
||||
import org.keycloak.authorization.model.Scope;
|
||||
import org.keycloak.authorization.store.PermissionTicketStore;
|
||||
import org.keycloak.models.cache.infinispan.authorization.entities.CachedPermissionTicket;
|
||||
|
||||
/**
|
||||
|
@ -43,8 +42,8 @@ public class PermissionTicketAdapter implements PermissionTicket, CachedModel<Pe
|
|||
@Override
|
||||
public PermissionTicket getDelegateForUpdate() {
|
||||
if (updated == null) {
|
||||
ResourceServer resourceServer = cacheSession.getResourceServerStoreDelegate().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, cached.getResourceServerId());
|
||||
updated = cacheSession.getPermissionTicketStoreDelegate().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, cached.getId());
|
||||
ResourceServer resourceServer = cacheSession.getResourceServerStoreDelegate().findById(cached.getResourceServerId());
|
||||
updated = cacheSession.getPermissionTicketStoreDelegate().findById(resourceServer, cached.getId());
|
||||
if (updated == null) throw new IllegalStateException("Not found in database");
|
||||
cacheSession.registerPermissionTicketInvalidation(cached.getId(), cached.getOwner(), cached.getRequester(), cached.getResourceId(), updated.getResource().getName(), cached.getScopeId(), cached.getResourceServerId());
|
||||
}
|
||||
|
@ -71,8 +70,8 @@ public class PermissionTicketAdapter implements PermissionTicket, CachedModel<Pe
|
|||
protected boolean isUpdated() {
|
||||
if (updated != null) return true;
|
||||
if (!invalidated) return false;
|
||||
ResourceServer resourceServer = cacheSession.getResourceServerStoreDelegate().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, cached.getResourceServerId());
|
||||
updated = cacheSession.getPermissionTicketStoreDelegate().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, cached.getId());
|
||||
ResourceServer resourceServer = cacheSession.getResourceServerStoreDelegate().findById(cached.getResourceServerId());
|
||||
updated = cacheSession.getPermissionTicketStoreDelegate().findById(resourceServer, cached.getId());
|
||||
if (updated == null) throw new IllegalStateException("Not found in database");
|
||||
return true;
|
||||
}
|
||||
|
@ -123,13 +122,13 @@ public class PermissionTicketAdapter implements PermissionTicket, CachedModel<Pe
|
|||
|
||||
@Override
|
||||
public ResourceServer getResourceServer() {
|
||||
return cacheSession.getResourceServerStore().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, cached.getResourceServerId());
|
||||
return cacheSession.getResourceServerStore().findById(cached.getResourceServerId());
|
||||
}
|
||||
|
||||
@Override
|
||||
public Policy getPolicy() {
|
||||
if (isUpdated()) return updated.getPolicy();
|
||||
return cacheSession.getPolicyStore().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, cacheSession.getResourceServerStore().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, cached.getResourceServerId()), cached.getPolicy());
|
||||
return cacheSession.getPolicyStore().findById(cacheSession.getResourceServerStore().findById(cached.getResourceServerId()), cached.getPolicy());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -141,12 +140,12 @@ public class PermissionTicketAdapter implements PermissionTicket, CachedModel<Pe
|
|||
|
||||
@Override
|
||||
public Resource getResource() {
|
||||
return cacheSession.getResourceStore().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, getResourceServer(), cached.getResourceId());
|
||||
return cacheSession.getResourceStore().findById(getResourceServer(), cached.getResourceId());
|
||||
}
|
||||
|
||||
@Override
|
||||
public Scope getScope() {
|
||||
return cacheSession.getScopeStore().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, getResourceServer(), cached.getScopeId());
|
||||
return cacheSession.getScopeStore().findById(getResourceServer(), cached.getScopeId());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -21,7 +21,6 @@ import org.keycloak.authorization.model.Policy;
|
|||
import org.keycloak.authorization.model.Resource;
|
||||
import org.keycloak.authorization.model.ResourceServer;
|
||||
import org.keycloak.authorization.model.Scope;
|
||||
import org.keycloak.authorization.store.PermissionTicketStore;
|
||||
import org.keycloak.authorization.store.PolicyStore;
|
||||
import org.keycloak.authorization.store.ResourceStore;
|
||||
import org.keycloak.authorization.store.ScopeStore;
|
||||
|
@ -86,7 +85,7 @@ public class PolicyAdapter implements Policy, CachedModel<Policy> {
|
|||
protected boolean isUpdated() {
|
||||
if (updated != null) return true;
|
||||
if (!invalidated) return false;
|
||||
updated = cacheSession.getPolicyStoreDelegate().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, cacheSession.getResourceServerStore().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, cached.getResourceServerId()), cached.getId());
|
||||
updated = cacheSession.getPolicyStoreDelegate().findById(cacheSession.getResourceServerStore().findById(cached.getResourceServerId()), cached.getId());
|
||||
if (updated == null) throw new IllegalStateException("Not found in database");
|
||||
return true;
|
||||
}
|
||||
|
@ -113,7 +112,7 @@ public class PolicyAdapter implements Policy, CachedModel<Policy> {
|
|||
|
||||
@Override
|
||||
public ResourceServer getResourceServer() {
|
||||
return cacheSession.getResourceServerStore().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, cached.getResourceServerId());
|
||||
return cacheSession.getResourceServerStore().findById(cached.getResourceServerId());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -209,7 +208,7 @@ public class PolicyAdapter implements Policy, CachedModel<Policy> {
|
|||
PolicyStore policyStore = cacheSession.getPolicyStore();
|
||||
String resourceServerId = cached.getResourceServerId();
|
||||
for (String id : cached.getAssociatedPoliciesIds(modelSupplier)) {
|
||||
Policy policy = policyStore.findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, cacheSession.getResourceServerStore().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServerId), id);
|
||||
Policy policy = policyStore.findById(cacheSession.getResourceServerStore().findById(resourceServerId), id);
|
||||
if (policy == null) {
|
||||
// probably because the policy was removed
|
||||
continue;
|
||||
|
@ -230,7 +229,7 @@ public class PolicyAdapter implements Policy, CachedModel<Policy> {
|
|||
ResourceStore resourceStore = cacheSession.getResourceStore();
|
||||
ResourceServer resourceServer = getResourceServer();
|
||||
for (String resourceId : cached.getResourcesIds(modelSupplier)) {
|
||||
Resource resource = resourceStore.findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, resourceId);
|
||||
Resource resource = resourceStore.findById(resourceServer, resourceId);
|
||||
cacheSession.cacheResource(resource);
|
||||
resources.add(resource);
|
||||
}
|
||||
|
@ -295,7 +294,7 @@ public class PolicyAdapter implements Policy, CachedModel<Policy> {
|
|||
ResourceServer resourceServer = getResourceServer();
|
||||
ScopeStore scopeStore = cacheSession.getScopeStore();
|
||||
for (String scopeId : cached.getScopesIds(modelSupplier)) {
|
||||
Scope scope = scopeStore.findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, scopeId);
|
||||
Scope scope = scopeStore.findById(resourceServer, scopeId);
|
||||
cacheSession.cacheScope(scope);
|
||||
scopes.add(scope);
|
||||
}
|
||||
|
@ -330,6 +329,6 @@ public class PolicyAdapter implements Policy, CachedModel<Policy> {
|
|||
}
|
||||
|
||||
private Policy getPolicyModel() {
|
||||
return cacheSession.getPolicyStoreDelegate().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, cacheSession.getResourceServerStore().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, cached.getResourceServerId()), cached.getId());
|
||||
return cacheSession.getPolicyStoreDelegate().findById(cacheSession.getResourceServerStore().findById(cached.getResourceServerId()), cached.getId());
|
||||
}
|
||||
}
|
||||
|
|
|
@ -81,7 +81,7 @@ public class ResourceAdapter implements Resource, CachedModel<Resource> {
|
|||
protected boolean isUpdated() {
|
||||
if (updated != null) return true;
|
||||
if (!invalidated) return false;
|
||||
updated = cacheSession.getResourceStoreDelegate().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, getResourceServer(), cached.getId());
|
||||
updated = cacheSession.getResourceStoreDelegate().findById(getResourceServer(), cached.getId());
|
||||
if (updated == null) throw new IllegalStateException("Not found in database");
|
||||
return true;
|
||||
}
|
||||
|
@ -134,7 +134,7 @@ public class ResourceAdapter implements Resource, CachedModel<Resource> {
|
|||
|
||||
@Override
|
||||
public ResourceServer getResourceServer() {
|
||||
return cacheSession.getResourceServerStore().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, cached.getResourceServerId());
|
||||
return cacheSession.getResourceServerStore().findById(cached.getResourceServerId());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -172,7 +172,7 @@ public class ResourceAdapter implements Resource, CachedModel<Resource> {
|
|||
if (scopes != null) return scopes;
|
||||
scopes = new LinkedList<>();
|
||||
for (String scopeId : cached.getScopesIds(modelSupplier)) {
|
||||
scopes.add(cacheSession.getScopeStore().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, getResourceServer(), scopeId));
|
||||
scopes.add(cacheSession.getScopeStore().findById(getResourceServer(), scopeId));
|
||||
}
|
||||
return scopes = Collections.unmodifiableList(scopes);
|
||||
}
|
||||
|
@ -206,7 +206,7 @@ public class ResourceAdapter implements Resource, CachedModel<Resource> {
|
|||
List<PermissionTicket> permissions = permissionStore.findByScope(getResourceServer(), scope);
|
||||
|
||||
for (PermissionTicket permission : permissions) {
|
||||
permissionStore.delete(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, permission.getId());
|
||||
permissionStore.delete(permission.getId());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -282,6 +282,6 @@ public class ResourceAdapter implements Resource, CachedModel<Resource> {
|
|||
}
|
||||
|
||||
private Resource getResourceModel() {
|
||||
return cacheSession.getResourceStoreDelegate().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, getResourceServer(), cached.getId());
|
||||
return cacheSession.getResourceStoreDelegate().findById(getResourceServer(), cached.getId());
|
||||
}
|
||||
}
|
||||
|
|
|
@ -18,9 +18,6 @@ package org.keycloak.models.cache.infinispan.authorization;
|
|||
|
||||
import org.keycloak.authorization.model.CachedModel;
|
||||
import org.keycloak.authorization.model.ResourceServer;
|
||||
import org.keycloak.authorization.store.PermissionTicketStore;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.cache.infinispan.authorization.entities.CachedResourceServer;
|
||||
import org.keycloak.representations.idm.authorization.DecisionStrategy;
|
||||
import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
|
||||
|
@ -32,21 +29,19 @@ import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
|
|||
public class ResourceServerAdapter implements ResourceServer, CachedModel<ResourceServer> {
|
||||
protected CachedResourceServer cached;
|
||||
protected StoreFactoryCacheSession cacheSession;
|
||||
private RealmModel realm;
|
||||
protected ResourceServer updated;
|
||||
|
||||
public ResourceServerAdapter(RealmModel realm, CachedResourceServer cached,
|
||||
public ResourceServerAdapter(CachedResourceServer cached,
|
||||
StoreFactoryCacheSession cacheSession) {
|
||||
this.cached = cached;
|
||||
this.cacheSession = cacheSession;
|
||||
this.realm = realm;
|
||||
}
|
||||
|
||||
@Override
|
||||
public ResourceServer getDelegateForUpdate() {
|
||||
if (updated == null) {
|
||||
cacheSession.registerResourceServerInvalidation(cached.getId());
|
||||
updated = cacheSession.getResourceServerStoreDelegate().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, cached.getId());
|
||||
updated = cacheSession.getResourceServerStoreDelegate().findById(cached.getId());
|
||||
if (updated == null) throw new IllegalStateException("Not found in database");
|
||||
}
|
||||
return updated;
|
||||
|
@ -73,7 +68,7 @@ public class ResourceServerAdapter implements ResourceServer, CachedModel<Resour
|
|||
protected boolean isUpdated() {
|
||||
if (updated != null) return true;
|
||||
if (!invalidated) return false;
|
||||
updated = cacheSession.getResourceServerStoreDelegate().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, cached.getId());
|
||||
updated = cacheSession.getResourceServerStoreDelegate().findById(cached.getId());
|
||||
if (updated == null) throw new IllegalStateException("Not found in database");
|
||||
return true;
|
||||
}
|
||||
|
@ -127,11 +122,6 @@ public class ResourceServerAdapter implements ResourceServer, CachedModel<Resour
|
|||
return getId();
|
||||
}
|
||||
|
||||
@Override
|
||||
public RealmModel getRealm() {
|
||||
return realm;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(Object o) {
|
||||
if (this == o) return true;
|
||||
|
|
|
@ -19,7 +19,6 @@ package org.keycloak.models.cache.infinispan.authorization;
|
|||
import org.keycloak.authorization.model.CachedModel;
|
||||
import org.keycloak.authorization.model.ResourceServer;
|
||||
import org.keycloak.authorization.model.Scope;
|
||||
import org.keycloak.authorization.store.PermissionTicketStore;
|
||||
import org.keycloak.models.cache.infinispan.authorization.entities.CachedScope;
|
||||
|
||||
/**
|
||||
|
@ -40,7 +39,7 @@ public class ScopeAdapter implements Scope, CachedModel<Scope> {
|
|||
public Scope getDelegateForUpdate() {
|
||||
if (updated == null) {
|
||||
cacheSession.registerScopeInvalidation(cached.getId(), cached.getName(), cached.getResourceServerId());
|
||||
updated = cacheSession.getScopeStoreDelegate().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, getResourceServer(), cached.getId());
|
||||
updated = cacheSession.getScopeStoreDelegate().findById(getResourceServer(), cached.getId());
|
||||
if (updated == null) throw new IllegalStateException("Not found in database");
|
||||
}
|
||||
return updated;
|
||||
|
@ -67,7 +66,7 @@ public class ScopeAdapter implements Scope, CachedModel<Scope> {
|
|||
protected boolean isUpdated() {
|
||||
if (updated != null) return true;
|
||||
if (!invalidated) return false;
|
||||
updated = cacheSession.getScopeStoreDelegate().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, getResourceServer(), cached.getId());
|
||||
updated = cacheSession.getScopeStoreDelegate().findById(getResourceServer(), cached.getId());
|
||||
if (updated == null) throw new IllegalStateException("Not found in database");
|
||||
return true;
|
||||
}
|
||||
|
@ -119,7 +118,7 @@ public class ScopeAdapter implements Scope, CachedModel<Scope> {
|
|||
|
||||
@Override
|
||||
public ResourceServer getResourceServer() {
|
||||
return cacheSession.getResourceServerStore().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, cached.getResourceServerId());
|
||||
return cacheSession.getResourceServerStore().findById(cached.getResourceServerId());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -47,7 +47,6 @@ import org.keycloak.models.ClientModel;
|
|||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.KeycloakTransaction;
|
||||
import org.keycloak.models.ModelException;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.cache.authorization.CachedStoreFactoryProvider;
|
||||
import org.keycloak.models.cache.infinispan.authorization.entities.CachedPermissionTicket;
|
||||
import org.keycloak.models.cache.infinispan.authorization.entities.CachedPolicy;
|
||||
|
@ -310,9 +309,9 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
return Collections.emptySet();
|
||||
}
|
||||
|
||||
ResourceServer resourceServer = getResourceServerStore().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, serverId);
|
||||
ResourceServer resourceServer = getResourceServerStore().findById(serverId);
|
||||
return resources.stream().map(resourceId -> {
|
||||
Resource resource = getResourceStore().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, resourceId);
|
||||
Resource resource = getResourceStore().findById(resourceServer, resourceId);
|
||||
String type = resource.getType();
|
||||
|
||||
if (type != null) {
|
||||
|
@ -451,7 +450,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
public void delete(ClientModel client) {
|
||||
String id = client.getId();
|
||||
if (id == null) return;
|
||||
ResourceServer server = findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, id);
|
||||
ResourceServer server = findById(id);
|
||||
if (server == null) return;
|
||||
|
||||
cache.invalidateObject(id);
|
||||
|
@ -462,7 +461,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
}
|
||||
|
||||
@Override
|
||||
public ResourceServer findById(RealmModel realm, String id) {
|
||||
public ResourceServer findById(String id) {
|
||||
if (id == null) return null;
|
||||
CachedResourceServer cached = cache.get(id, CachedResourceServer.class);
|
||||
if (cached != null) {
|
||||
|
@ -472,7 +471,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
if (cached == null) {
|
||||
Long loaded = cache.getCurrentRevision(id);
|
||||
if (! modelMightExist(id)) return null;
|
||||
ResourceServer model = getResourceServerStoreDelegate().findById(realm, id);
|
||||
ResourceServer model = getResourceServerStoreDelegate().findById(id);
|
||||
if (model == null) {
|
||||
setModelDoesNotExists(id, loaded);
|
||||
return null;
|
||||
|
@ -481,18 +480,18 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
cached = new CachedResourceServer(loaded, model);
|
||||
cache.addRevisioned(cached, startupRevision);
|
||||
} else if (invalidations.contains(id)) {
|
||||
return getResourceServerStoreDelegate().findById(realm, id);
|
||||
return getResourceServerStoreDelegate().findById(id);
|
||||
} else if (managedResourceServers.containsKey(id)) {
|
||||
return managedResourceServers.get(id);
|
||||
}
|
||||
ResourceServerAdapter adapter = new ResourceServerAdapter(realm, cached, StoreFactoryCacheSession.this);
|
||||
ResourceServerAdapter adapter = new ResourceServerAdapter(cached, StoreFactoryCacheSession.this);
|
||||
managedResourceServers.put(id, adapter);
|
||||
return adapter;
|
||||
}
|
||||
|
||||
@Override
|
||||
public ResourceServer findByClient(ClientModel client) {
|
||||
return findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, client.getId());
|
||||
return findById(client.getId());
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -510,19 +509,19 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
}
|
||||
|
||||
@Override
|
||||
public void delete(RealmModel realm, String id) {
|
||||
public void delete(String id) {
|
||||
if (id == null) return;
|
||||
Scope scope = findById(realm, null, id);
|
||||
Scope scope = findById(null, id);
|
||||
if (scope == null) return;
|
||||
|
||||
cache.invalidateObject(id);
|
||||
invalidationEvents.add(ScopeRemovedEvent.create(id, scope.getName(), scope.getResourceServer().getId()));
|
||||
cache.scopeRemoval(id, scope.getName(), scope.getResourceServer().getId(), invalidations);
|
||||
getScopeStoreDelegate().delete(realm, id);
|
||||
getScopeStoreDelegate().delete(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Scope findById(RealmModel realm, ResourceServer resourceServer, String id) {
|
||||
public Scope findById(ResourceServer resourceServer, String id) {
|
||||
if (id == null) return null;
|
||||
CachedScope cached = cache.get(id, CachedScope.class);
|
||||
if (cached != null) {
|
||||
|
@ -531,7 +530,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
if (cached == null) {
|
||||
Long loaded = cache.getCurrentRevision(id);
|
||||
if (! modelMightExist(id)) return null;
|
||||
Scope model = getScopeStoreDelegate().findById(realm, resourceServer, id);
|
||||
Scope model = getScopeStoreDelegate().findById(resourceServer, id);
|
||||
if (model == null) {
|
||||
setModelDoesNotExists(id, loaded);
|
||||
return null;
|
||||
|
@ -540,7 +539,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
cached = new CachedScope(loaded, model);
|
||||
cache.addRevisioned(cached, startupRevision);
|
||||
} else if (invalidations.contains(id)) {
|
||||
return getScopeStoreDelegate().findById(realm, resourceServer, id);
|
||||
return getScopeStoreDelegate().findById(resourceServer, id);
|
||||
} else if (managedScopes.containsKey(id)) {
|
||||
return managedScopes.get(id);
|
||||
}
|
||||
|
@ -573,7 +572,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
if (invalidations.contains(id)) {
|
||||
return getScopeStoreDelegate().findByName(resourceServer, name);
|
||||
}
|
||||
return findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, id);
|
||||
return findById(resourceServer, id);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -593,29 +592,29 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
@Override
|
||||
public Resource create(ResourceServer resourceServer, String id, String name, String owner) {
|
||||
Resource resource = getResourceStoreDelegate().create(resourceServer, id, name, owner);
|
||||
Resource cached = findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, resource.getId());
|
||||
Resource cached = findById(resourceServer, resource.getId());
|
||||
registerResourceInvalidation(resource.getId(), resource.getName(), resource.getType(), resource.getUris(), resource.getScopes().stream().map(Scope::getId).collect(Collectors.toSet()), resourceServer.getId(), resource.getOwner());
|
||||
if (cached == null) {
|
||||
cached = findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, resource.getId());
|
||||
cached = findById(resourceServer, resource.getId());
|
||||
}
|
||||
return cached;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void delete(RealmModel realm, String id) {
|
||||
public void delete(String id) {
|
||||
if (id == null) return;
|
||||
Resource resource = findById(realm, null, id);
|
||||
Resource resource = findById(null, id);
|
||||
if (resource == null) return;
|
||||
|
||||
cache.invalidateObject(id);
|
||||
invalidationEvents.add(ResourceRemovedEvent.create(id, resource.getName(), resource.getType(), resource.getUris(), resource.getOwner(), resource.getScopes().stream().map(Scope::getId).collect(Collectors.toSet()), resource.getResourceServer().getId()));
|
||||
cache.resourceRemoval(id, resource.getName(), resource.getType(), resource.getUris(), resource.getOwner(), resource.getScopes().stream().map(Scope::getId).collect(Collectors.toSet()), resource.getResourceServer().getId(), invalidations);
|
||||
getResourceStoreDelegate().delete(realm, id);
|
||||
getResourceStoreDelegate().delete(id);
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public Resource findById(RealmModel realm, ResourceServer resourceServer, String id) {
|
||||
public Resource findById(ResourceServer resourceServer, String id) {
|
||||
if (id == null) return null;
|
||||
CachedResource cached = cache.get(id, CachedResource.class);
|
||||
if (cached != null) {
|
||||
|
@ -624,7 +623,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
if (cached == null) {
|
||||
Long loaded = cache.getCurrentRevision(id);
|
||||
if (! modelMightExist(id)) return null;
|
||||
Resource model = getResourceStoreDelegate().findById(realm, resourceServer, id);
|
||||
Resource model = getResourceStoreDelegate().findById(resourceServer, id);
|
||||
if (model == null) {
|
||||
setModelDoesNotExists(id, loaded);
|
||||
return null;
|
||||
|
@ -633,7 +632,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
cached = new CachedResource(loaded, model);
|
||||
cache.addRevisioned(cached, startupRevision);
|
||||
} else if (invalidations.contains(id)) {
|
||||
return getResourceStoreDelegate().findById(realm, resourceServer, id);
|
||||
return getResourceStoreDelegate().findById(resourceServer, id);
|
||||
} else if (managedResources.containsKey(id)) {
|
||||
return managedResources.get(id);
|
||||
}
|
||||
|
@ -666,20 +665,20 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
}
|
||||
|
||||
@Override
|
||||
public List<Resource> findByOwner(RealmModel realm, ResourceServer resourceServer, String ownerId) {
|
||||
public List<Resource> findByOwner(ResourceServer resourceServer, String ownerId) {
|
||||
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||
String cacheKey = getResourceByOwnerCacheKey(ownerId, resourceServerId);
|
||||
return cacheQuery(cacheKey, ResourceListQuery.class, () -> getResourceStoreDelegate().findByOwner(realm, resourceServer, ownerId),
|
||||
return cacheQuery(cacheKey, ResourceListQuery.class, () -> getResourceStoreDelegate().findByOwner(resourceServer, ownerId),
|
||||
(revision, resources) -> new ResourceListQuery(revision, cacheKey, resources.stream().map(Resource::getId).collect(Collectors.toSet()), resourceServerId), resourceServer);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void findByOwner(RealmModel realm, ResourceServer resourceServer, String ownerId, Consumer<Resource> consumer) {
|
||||
public void findByOwner(ResourceServer resourceServer, String ownerId, Consumer<Resource> consumer) {
|
||||
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||
String cacheKey = getResourceByOwnerCacheKey(ownerId, resourceServerId);
|
||||
cacheQuery(cacheKey, ResourceListQuery.class, () -> {
|
||||
List<Resource> resources = new ArrayList<>();
|
||||
getResourceStoreDelegate().findByOwner(realm, resourceServer, ownerId, new Consumer<Resource>() {
|
||||
getResourceStoreDelegate().findByOwner(resourceServer, ownerId, new Consumer<Resource>() {
|
||||
@Override
|
||||
public void accept(Resource resource) {
|
||||
consumer.andThen(resources::add)
|
||||
|
@ -698,8 +697,8 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
}
|
||||
|
||||
@Override
|
||||
public List<Resource> find(RealmModel realm, ResourceServer resourceServer, Map<Resource.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults) {
|
||||
return getResourceStoreDelegate().find(realm, resourceServer, attributes, firstResult, maxResults);
|
||||
public List<Resource> find(ResourceServer resourceServer, Map<Resource.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults) {
|
||||
return getResourceStoreDelegate().find(resourceServer, attributes, firstResult, maxResults);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -837,9 +836,9 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
Set<String> resources = query.getResources();
|
||||
|
||||
if (consumer != null) {
|
||||
resources.stream().map(resourceId -> (R) findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, resourceId)).forEach(consumer);
|
||||
resources.stream().map(resourceId -> (R) findById(resourceServer, resourceId)).forEach(consumer);
|
||||
} else {
|
||||
model = resources.stream().map(resourceId -> (R) findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, resourceId)).collect(Collectors.toList());
|
||||
model = resources.stream().map(resourceId -> (R) findById(resourceServer, resourceId)).collect(Collectors.toList());
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -855,18 +854,18 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
@Override
|
||||
public Policy create(ResourceServer resourceServer, AbstractPolicyRepresentation representation) {
|
||||
Policy policy = getPolicyStoreDelegate().create(resourceServer, representation);
|
||||
Policy cached = findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, policy.getId());
|
||||
Policy cached = findById(resourceServer, policy.getId());
|
||||
registerPolicyInvalidation(policy.getId(), representation.getName(), representation.getResources(), representation.getScopes(), null, resourceServer.getId());
|
||||
if (cached == null) {
|
||||
cached = findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, policy.getId());
|
||||
cached = findById(resourceServer, policy.getId());
|
||||
}
|
||||
return cached;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void delete(RealmModel realm, String id) {
|
||||
public void delete(String id) {
|
||||
if (id == null) return;
|
||||
Policy policy = findById(realm, null, id);
|
||||
Policy policy = findById(null, id);
|
||||
if (policy == null) return;
|
||||
|
||||
cache.invalidateObject(id);
|
||||
|
@ -880,12 +879,12 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
Set<String> scopes = policy.getScopes().stream().map(Scope::getId).collect(Collectors.toSet());
|
||||
invalidationEvents.add(PolicyRemovedEvent.create(id, policy.getName(), resources, resourceTypes, scopes, resourceServer.getId()));
|
||||
cache.policyRemoval(id, policy.getName(), resources, resourceTypes, scopes, resourceServer.getId(), invalidations);
|
||||
getPolicyStoreDelegate().delete(realm, id);
|
||||
getPolicyStoreDelegate().delete(id);
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public Policy findById(RealmModel realm, ResourceServer resourceServer, String id) {
|
||||
public Policy findById(ResourceServer resourceServer, String id) {
|
||||
if (id == null) return null;
|
||||
|
||||
CachedPolicy cached = cache.get(id, CachedPolicy.class);
|
||||
|
@ -894,7 +893,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
}
|
||||
if (cached == null) {
|
||||
if (! modelMightExist(id)) return null;
|
||||
Policy model = getPolicyStoreDelegate().findById(realm, resourceServer, id);
|
||||
Policy model = getPolicyStoreDelegate().findById(resourceServer, id);
|
||||
Long loaded = cache.getCurrentRevision(id);
|
||||
if (model == null) {
|
||||
setModelDoesNotExists(id, loaded);
|
||||
|
@ -904,7 +903,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
cached = new CachedPolicy(loaded, model);
|
||||
cache.addRevisioned(cached, startupRevision);
|
||||
} else if (invalidations.contains(id)) {
|
||||
return getPolicyStoreDelegate().findById(realm, resourceServer, id);
|
||||
return getPolicyStoreDelegate().findById(resourceServer, id);
|
||||
} else if (managedPolicies.containsKey(id)) {
|
||||
return managedPolicies.get(id);
|
||||
}
|
||||
|
@ -941,8 +940,8 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
}
|
||||
|
||||
@Override
|
||||
public List<Policy> find(RealmModel realm, ResourceServer resourceServer, Map<Policy.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults) {
|
||||
return getPolicyStoreDelegate().find(realm, resourceServer, attributes, firstResult, maxResults);
|
||||
public List<Policy> find(ResourceServer resourceServer, Map<Policy.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults) {
|
||||
return getPolicyStoreDelegate().find(resourceServer, attributes, firstResult, maxResults);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -1086,10 +1085,10 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
|
||||
if (consumer != null) {
|
||||
for (String id : policies) {
|
||||
consumer.accept((R) findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, id));
|
||||
consumer.accept((R) findById(resourceServer, id));
|
||||
}
|
||||
} else {
|
||||
model = policies.stream().map(resourceId -> (R) findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, resourceId))
|
||||
model = policies.stream().map(resourceId -> (R) findById(resourceServer, resourceId))
|
||||
.filter(Objects::nonNull).collect(Collectors.toList());
|
||||
}
|
||||
}
|
||||
|
@ -1114,9 +1113,9 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
}
|
||||
|
||||
@Override
|
||||
public void delete(RealmModel realm, String id) {
|
||||
public void delete(String id) {
|
||||
if (id == null) return;
|
||||
PermissionTicket permission = findById(realm, null, id);
|
||||
PermissionTicket permission = findById(null, id);
|
||||
if (permission == null) return;
|
||||
|
||||
cache.invalidateObject(id);
|
||||
|
@ -1126,13 +1125,13 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
}
|
||||
invalidationEvents.add(PermissionTicketRemovedEvent.create(id, permission.getOwner(), permission.getRequester(), permission.getResource().getId(), permission.getResource().getName(), scopeId, permission.getResourceServer().getId()));
|
||||
cache.permissionTicketRemoval(id, permission.getOwner(), permission.getRequester(), permission.getResource().getId(), permission.getResource().getName(),scopeId, permission.getResourceServer().getId(), invalidations);
|
||||
getPermissionTicketStoreDelegate().delete(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, id);
|
||||
getPermissionTicketStoreDelegate().delete(id);
|
||||
UserManagedPermissionUtil.removePolicy(permission, StoreFactoryCacheSession.this);
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public PermissionTicket findById(RealmModel realm, ResourceServer resourceServer, String id) {
|
||||
public PermissionTicket findById(ResourceServer resourceServer, String id) {
|
||||
if (id == null) return null;
|
||||
|
||||
CachedPermissionTicket cached = cache.get(id, CachedPermissionTicket.class);
|
||||
|
@ -1142,7 +1141,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
if (cached == null) {
|
||||
Long loaded = cache.getCurrentRevision(id);
|
||||
if (! modelMightExist(id)) return null;
|
||||
PermissionTicket model = getPermissionTicketStoreDelegate().findById(realm, resourceServer, id);
|
||||
PermissionTicket model = getPermissionTicketStoreDelegate().findById(resourceServer, id);
|
||||
if (model == null) {
|
||||
setModelDoesNotExists(id, loaded);
|
||||
return null;
|
||||
|
@ -1151,7 +1150,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
cached = new CachedPermissionTicket(loaded, model);
|
||||
cache.addRevisioned(cached, startupRevision);
|
||||
} else if (invalidations.contains(id)) {
|
||||
return getPermissionTicketStoreDelegate().findById(realm, resourceServer, id);
|
||||
return getPermissionTicketStoreDelegate().findById(resourceServer, id);
|
||||
} else if (managedPermissionTickets.containsKey(id)) {
|
||||
return managedPermissionTickets.get(id);
|
||||
}
|
||||
|
@ -1177,8 +1176,8 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
}
|
||||
|
||||
@Override
|
||||
public List<PermissionTicket> find(RealmModel realm, ResourceServer resourceServer, Map<PermissionTicket.FilterOption, String> attributes, Integer firstResult, Integer maxResult) {
|
||||
return getPermissionTicketStoreDelegate().find(realm, resourceServer, attributes, firstResult, maxResult);
|
||||
public List<PermissionTicket> find(ResourceServer resourceServer, Map<PermissionTicket.FilterOption, String> attributes, Integer firstResult, Integer maxResult) {
|
||||
return getPermissionTicketStoreDelegate().find(resourceServer, attributes, firstResult, maxResult);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -1198,13 +1197,13 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
}
|
||||
|
||||
@Override
|
||||
public List<Resource> findGrantedResources(RealmModel realm, String requester, String name, Integer first, Integer max) {
|
||||
return getPermissionTicketStoreDelegate().findGrantedResources(realm, requester, name, first, max);
|
||||
public List<Resource> findGrantedResources(String requester, String name, Integer first, Integer max) {
|
||||
return getPermissionTicketStoreDelegate().findGrantedResources(requester, name, first, max);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<Resource> findGrantedOwnerResources(RealmModel realm, String owner, Integer firstResult, Integer maxResults) {
|
||||
return getPermissionTicketStoreDelegate().findGrantedOwnerResources(realm, owner, firstResult, maxResults);
|
||||
public List<Resource> findGrantedOwnerResources(String owner, Integer firstResult, Integer maxResults) {
|
||||
return getPermissionTicketStoreDelegate().findGrantedOwnerResources(owner, firstResult, maxResults);
|
||||
}
|
||||
|
||||
private <R, Q extends PermissionTicketQuery> List<R> cacheQuery(String cacheKey, Class<Q> queryType, Supplier<List<R>> resultSupplier, BiFunction<Long, List<R>, Q> querySupplier, ResourceServer resourceServer) {
|
||||
|
@ -1223,7 +1222,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
|||
} else if (query.isInvalid(invalidations)) {
|
||||
return resultSupplier.get();
|
||||
} else {
|
||||
return query.getPermissions().stream().map(resourceId -> (R) findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, resourceId)).collect(Collectors.toList());
|
||||
return query.getPermissions().stream().map(resourceId -> (R) findById(resourceServer, resourceId)).collect(Collectors.toList());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -35,15 +35,6 @@ import static org.keycloak.models.jpa.JpaRealmProviderFactory.PROVIDER_PRIORITY;
|
|||
*/
|
||||
public class JPAAuthorizationStoreFactory implements AuthorizationStoreFactory {
|
||||
|
||||
/**
|
||||
* Legacy store doesn't store realm id for any entity and no method there is using new introduced RealmModel parameter.
|
||||
* The parameter was introduced for usage only in the new storage. Therefore, in some cases we may break our rule specified in JavaDoc
|
||||
* and use {@code null} value as parameter that otherwise cannot be {@code null}. We need to be careful and place such value only to a method call
|
||||
* that cannot end up in the new store because it would end with {@link NullPointerException}. To mark all places where we do this,
|
||||
* we use this variable so it is easily searchable.
|
||||
*/
|
||||
public static final RealmModel NULL_REALM = null;
|
||||
|
||||
@Override
|
||||
public StoreFactory create(KeycloakSession session) {
|
||||
AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
|
||||
|
|
|
@ -41,7 +41,6 @@ import org.keycloak.authorization.model.Scope;
|
|||
import org.keycloak.authorization.store.PermissionTicketStore;
|
||||
import org.keycloak.authorization.store.ResourceStore;
|
||||
import org.keycloak.common.util.Time;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||
import jakarta.persistence.LockModeType;
|
||||
|
||||
|
@ -152,7 +151,7 @@ public class JPAPermissionTicketStore implements PermissionTicketStore {
|
|||
}
|
||||
|
||||
@Override
|
||||
public void delete(RealmModel realm, String id) {
|
||||
public void delete(String id) {
|
||||
PermissionTicketEntity policy = entityManager.find(PermissionTicketEntity.class, id, LockModeType.PESSIMISTIC_WRITE);
|
||||
if (policy != null) {
|
||||
this.entityManager.remove(policy);
|
||||
|
@ -161,7 +160,7 @@ public class JPAPermissionTicketStore implements PermissionTicketStore {
|
|||
|
||||
|
||||
@Override
|
||||
public PermissionTicket findById(RealmModel realm, ResourceServer resourceServer, String id) {
|
||||
public PermissionTicket findById(ResourceServer resourceServer, String id) {
|
||||
if (id == null) {
|
||||
return null;
|
||||
}
|
||||
|
@ -185,7 +184,7 @@ public class JPAPermissionTicketStore implements PermissionTicketStore {
|
|||
PermissionTicketStore ticketStore = provider.getStoreFactory().getPermissionTicketStore();
|
||||
|
||||
for (String id : result) {
|
||||
PermissionTicket ticket = ticketStore.findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, id);
|
||||
PermissionTicket ticket = ticketStore.findById(resourceServer, id);
|
||||
if (Objects.nonNull(ticket)) {
|
||||
list.add(ticket);
|
||||
}
|
||||
|
@ -212,7 +211,7 @@ public class JPAPermissionTicketStore implements PermissionTicketStore {
|
|||
PermissionTicketStore ticketStore = provider.getStoreFactory().getPermissionTicketStore();
|
||||
|
||||
for (String id : result) {
|
||||
PermissionTicket ticket = ticketStore.findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, id);
|
||||
PermissionTicket ticket = ticketStore.findById(resourceServer, id);
|
||||
if (Objects.nonNull(ticket)) {
|
||||
list.add(ticket);
|
||||
}
|
||||
|
@ -222,7 +221,7 @@ public class JPAPermissionTicketStore implements PermissionTicketStore {
|
|||
}
|
||||
|
||||
@Override
|
||||
public List<PermissionTicket> find(RealmModel realm, ResourceServer resourceServer, Map<PermissionTicket.FilterOption, String> attributes, Integer firstResult, Integer maxResult) {
|
||||
public List<PermissionTicket> find(ResourceServer resourceServer, Map<PermissionTicket.FilterOption, String> attributes, Integer firstResult, Integer maxResult) {
|
||||
CriteriaBuilder builder = entityManager.getCriteriaBuilder();
|
||||
CriteriaQuery<String> querybuilder = builder.createQuery(String.class);
|
||||
Root<PermissionTicketEntity> root = querybuilder.from(PermissionTicketEntity.class);
|
||||
|
@ -240,7 +239,7 @@ public class JPAPermissionTicketStore implements PermissionTicketStore {
|
|||
PermissionTicketStore ticketStore = provider.getStoreFactory().getPermissionTicketStore();
|
||||
|
||||
for (String id : result) {
|
||||
PermissionTicket ticket = ticketStore.findById(realm, resourceServer, id);
|
||||
PermissionTicket ticket = ticketStore.findById(resourceServer, id);
|
||||
if (Objects.nonNull(ticket)) {
|
||||
list.add(ticket);
|
||||
}
|
||||
|
@ -256,7 +255,7 @@ public class JPAPermissionTicketStore implements PermissionTicketStore {
|
|||
filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString());
|
||||
filters.put(PermissionTicket.FilterOption.REQUESTER, userId);
|
||||
|
||||
return find(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, filters, null, null);
|
||||
return find(resourceServer, filters, null, null);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -267,11 +266,11 @@ public class JPAPermissionTicketStore implements PermissionTicketStore {
|
|||
filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString());
|
||||
filters.put(PermissionTicket.FilterOption.REQUESTER, userId);
|
||||
|
||||
return find(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, filters, null, null);
|
||||
return find(resourceServer, filters, null, null);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<Resource> findGrantedResources(RealmModel realm, String requester, String name, Integer first, Integer max) {
|
||||
public List<Resource> findGrantedResources(String requester, String name, Integer first, Integer max) {
|
||||
TypedQuery<String> query = name == null ?
|
||||
entityManager.createNamedQuery("findGrantedResources", String.class) :
|
||||
entityManager.createNamedQuery("findGrantedResourcesByName", String.class);
|
||||
|
@ -288,7 +287,7 @@ public class JPAPermissionTicketStore implements PermissionTicketStore {
|
|||
ResourceStore resourceStore = provider.getStoreFactory().getResourceStore();
|
||||
|
||||
for (String id : result) {
|
||||
Resource resource = resourceStore.findById(realm, null, id);
|
||||
Resource resource = resourceStore.findById(null, id);
|
||||
|
||||
if (Objects.nonNull(resource)) {
|
||||
list.add(resource);
|
||||
|
@ -299,7 +298,7 @@ public class JPAPermissionTicketStore implements PermissionTicketStore {
|
|||
}
|
||||
|
||||
@Override
|
||||
public List<Resource> findGrantedOwnerResources(RealmModel realm, String owner, Integer firstResult, Integer maxResults) {
|
||||
public List<Resource> findGrantedOwnerResources(String owner, Integer firstResult, Integer maxResults) {
|
||||
TypedQuery<String> query = entityManager.createNamedQuery("findGrantedOwnerResources", String.class);
|
||||
|
||||
query.setFlushMode(FlushModeType.COMMIT);
|
||||
|
@ -310,7 +309,7 @@ public class JPAPermissionTicketStore implements PermissionTicketStore {
|
|||
ResourceStore resourceStore = provider.getStoreFactory().getResourceStore();
|
||||
|
||||
for (String id : result) {
|
||||
Resource resource = resourceStore.findById(realm, null, id);
|
||||
Resource resource = resourceStore.findById(null, id);
|
||||
|
||||
if (Objects.nonNull(resource)) {
|
||||
list.add(resource);
|
||||
|
|
|
@ -42,7 +42,6 @@ import org.keycloak.authorization.model.ResourceServer;
|
|||
import org.keycloak.authorization.model.Scope;
|
||||
import org.keycloak.authorization.store.PolicyStore;
|
||||
import org.keycloak.authorization.store.StoreFactory;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
|
||||
import jakarta.persistence.LockModeType;
|
||||
|
@ -83,7 +82,7 @@ public class JPAPolicyStore implements PolicyStore {
|
|||
}
|
||||
|
||||
@Override
|
||||
public void delete(RealmModel realm, String id) {
|
||||
public void delete(String id) {
|
||||
PolicyEntity policy = entityManager.find(PolicyEntity.class, id, LockModeType.PESSIMISTIC_WRITE);
|
||||
if (policy != null) {
|
||||
this.entityManager.remove(policy);
|
||||
|
@ -92,7 +91,7 @@ public class JPAPolicyStore implements PolicyStore {
|
|||
|
||||
|
||||
@Override
|
||||
public Policy findById(RealmModel realm, ResourceServer resourceServer, String id) {
|
||||
public Policy findById(ResourceServer resourceServer, String id) {
|
||||
if (id == null) {
|
||||
return null;
|
||||
}
|
||||
|
@ -130,7 +129,7 @@ public class JPAPolicyStore implements PolicyStore {
|
|||
List<String> result = query.getResultList();
|
||||
List<Policy> list = new LinkedList<>();
|
||||
for (String id : result) {
|
||||
Policy policy = provider.getStoreFactory().getPolicyStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, id);
|
||||
Policy policy = provider.getStoreFactory().getPolicyStore().findById(resourceServer, id);
|
||||
if (Objects.nonNull(policy)) {
|
||||
list.add(policy);
|
||||
}
|
||||
|
@ -139,7 +138,7 @@ public class JPAPolicyStore implements PolicyStore {
|
|||
}
|
||||
|
||||
@Override
|
||||
public List<Policy> find(RealmModel realm, ResourceServer resourceServer, Map<Policy.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults) {
|
||||
public List<Policy> find(ResourceServer resourceServer, Map<Policy.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults) {
|
||||
CriteriaBuilder builder = entityManager.getCriteriaBuilder();
|
||||
CriteriaQuery<String> querybuilder = builder.createQuery(String.class);
|
||||
Root<PolicyEntity> root = querybuilder.from(PolicyEntity.class);
|
||||
|
@ -200,7 +199,7 @@ public class JPAPolicyStore implements PolicyStore {
|
|||
List<Policy> list = new LinkedList<>();
|
||||
PolicyStore policyStore = provider.getStoreFactory().getPolicyStore();
|
||||
for (String id : result) {
|
||||
Policy policy = policyStore.findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, id);
|
||||
Policy policy = policyStore.findById(resourceServer, id);
|
||||
if (Objects.nonNull(policy)) {
|
||||
list.add(policy);
|
||||
}
|
||||
|
@ -219,7 +218,7 @@ public class JPAPolicyStore implements PolicyStore {
|
|||
PolicyStore storeFactory = provider.getStoreFactory().getPolicyStore();
|
||||
|
||||
closing(query.getResultStream()
|
||||
.map(entity -> storeFactory.findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, entity.getId()))
|
||||
.map(entity -> storeFactory.findById(resourceServer, entity.getId()))
|
||||
.filter(Objects::nonNull))
|
||||
.forEach(consumer::accept);
|
||||
}
|
||||
|
@ -255,7 +254,7 @@ public class JPAPolicyStore implements PolicyStore {
|
|||
PolicyStore storeFactory = provider.getStoreFactory().getPolicyStore();
|
||||
|
||||
for (PolicyEntity entity : query.getResultList()) {
|
||||
list.add(storeFactory.findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, entity.getId()));
|
||||
list.add(storeFactory.findById(resourceServer, entity.getId()));
|
||||
}
|
||||
|
||||
return list;
|
||||
|
@ -296,7 +295,7 @@ public class JPAPolicyStore implements PolicyStore {
|
|||
List<String> result = query.getResultList();
|
||||
List<Policy> list = new LinkedList<>();
|
||||
for (String id : result) {
|
||||
Policy policy = provider.getStoreFactory().getPolicyStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, id);
|
||||
Policy policy = provider.getStoreFactory().getPolicyStore().findById(resourceServer, id);
|
||||
if (Objects.nonNull(policy)) {
|
||||
list.add(policy);
|
||||
}
|
||||
|
@ -316,7 +315,7 @@ public class JPAPolicyStore implements PolicyStore {
|
|||
List<String> result = query.getResultList();
|
||||
List<Policy> list = new LinkedList<>();
|
||||
for (String id : result) {
|
||||
Policy policy = provider.getStoreFactory().getPolicyStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, id);
|
||||
Policy policy = provider.getStoreFactory().getPolicyStore().findById(resourceServer, id);
|
||||
if (Objects.nonNull(policy)) {
|
||||
list.add(policy);
|
||||
}
|
||||
|
|
|
@ -25,7 +25,6 @@ import org.keycloak.authorization.jpa.entities.ScopeEntity;
|
|||
import org.keycloak.authorization.model.ResourceServer;
|
||||
import org.keycloak.authorization.store.ResourceServerStore;
|
||||
import org.keycloak.models.ModelException;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.storage.StorageId;
|
||||
|
||||
import jakarta.persistence.EntityManager;
|
||||
|
@ -58,7 +57,7 @@ public class JPAResourceServerStore implements ResourceServerStore {
|
|||
|
||||
this.entityManager.persist(entity);
|
||||
|
||||
return new ResourceServerAdapter(client.getRealm(), entity, entityManager, provider.getStoreFactory());
|
||||
return new ResourceServerAdapter(entity, entityManager, provider.getStoreFactory());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -122,14 +121,14 @@ public class JPAResourceServerStore implements ResourceServerStore {
|
|||
}
|
||||
|
||||
@Override
|
||||
public ResourceServer findById(RealmModel realm, String id) {
|
||||
public ResourceServer findById(String id) {
|
||||
ResourceServerEntity entity = entityManager.find(ResourceServerEntity.class, id);
|
||||
if (entity == null) return null;
|
||||
return new ResourceServerAdapter(provider.getRealm(), entity, entityManager, provider.getStoreFactory());
|
||||
return new ResourceServerAdapter(entity, entityManager, provider.getStoreFactory());
|
||||
}
|
||||
|
||||
@Override
|
||||
public ResourceServer findByClient(ClientModel client) {
|
||||
return findById(JPAAuthorizationStoreFactory.NULL_REALM, client.getId());
|
||||
return findById(client.getId());
|
||||
}
|
||||
}
|
||||
|
|
|
@ -23,7 +23,6 @@ import org.keycloak.authorization.model.ResourceServer;
|
|||
import org.keycloak.authorization.model.Scope;
|
||||
import org.keycloak.authorization.store.ResourceStore;
|
||||
import org.keycloak.authorization.store.StoreFactory;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||
|
||||
import jakarta.persistence.EntityManager;
|
||||
|
@ -80,7 +79,7 @@ public class JPAResourceStore implements ResourceStore {
|
|||
}
|
||||
|
||||
@Override
|
||||
public void delete(RealmModel realm, String id) {
|
||||
public void delete(String id) {
|
||||
ResourceEntity resource = entityManager.getReference(ResourceEntity.class, id);
|
||||
if (resource == null) return;
|
||||
|
||||
|
@ -89,7 +88,7 @@ public class JPAResourceStore implements ResourceStore {
|
|||
}
|
||||
|
||||
@Override
|
||||
public Resource findById(RealmModel realm, ResourceServer resourceServer, String id) {
|
||||
public Resource findById(ResourceServer resourceServer, String id) {
|
||||
if (id == null) {
|
||||
return null;
|
||||
}
|
||||
|
@ -100,7 +99,7 @@ public class JPAResourceStore implements ResourceStore {
|
|||
}
|
||||
|
||||
@Override
|
||||
public void findByOwner(RealmModel realm, ResourceServer resourceServer, String ownerId, Consumer<Resource> consumer) {
|
||||
public void findByOwner(ResourceServer resourceServer, String ownerId, Consumer<Resource> consumer) {
|
||||
findByOwnerFilter(ownerId, resourceServer, consumer, -1, -1);
|
||||
}
|
||||
|
||||
|
@ -127,7 +126,7 @@ public class JPAResourceStore implements ResourceStore {
|
|||
}
|
||||
|
||||
ResourceStore resourceStore = provider.getStoreFactory().getResourceStore();
|
||||
closing(query.getResultStream().map(id -> resourceStore.findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, id.getId()))).forEach(consumer);
|
||||
closing(query.getResultStream().map(id -> resourceStore.findById(resourceServer, id.getId()))).forEach(consumer);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -141,7 +140,7 @@ public class JPAResourceStore implements ResourceStore {
|
|||
ResourceStore resourceStore = provider.getStoreFactory().getResourceStore();
|
||||
|
||||
for (String id : result) {
|
||||
Resource resource = resourceStore.findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, id);
|
||||
Resource resource = resourceStore.findById(resourceServer, id);
|
||||
|
||||
if (resource != null) {
|
||||
list.add(resource);
|
||||
|
@ -152,7 +151,7 @@ public class JPAResourceStore implements ResourceStore {
|
|||
}
|
||||
|
||||
@Override
|
||||
public List<Resource> find(RealmModel realm, ResourceServer resourceServer, Map<Resource.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults) {
|
||||
public List<Resource> find(ResourceServer resourceServer, Map<Resource.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults) {
|
||||
CriteriaBuilder builder = entityManager.getCriteriaBuilder();
|
||||
CriteriaQuery<String> querybuilder = builder.createQuery(String.class);
|
||||
Root<ResourceEntity> root = querybuilder.from(ResourceEntity.class);
|
||||
|
@ -205,7 +204,7 @@ public class JPAResourceStore implements ResourceStore {
|
|||
ResourceStore resourceStore = provider.getStoreFactory().getResourceStore();
|
||||
|
||||
for (String id : result) {
|
||||
Resource resource = resourceStore.findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, id);
|
||||
Resource resource = resourceStore.findById(resourceServer, id);
|
||||
|
||||
if (resource != null) {
|
||||
list.add(resource);
|
||||
|
|
|
@ -35,7 +35,6 @@ import org.keycloak.authorization.jpa.entities.ScopeEntity;
|
|||
import org.keycloak.authorization.model.ResourceServer;
|
||||
import org.keycloak.authorization.model.Scope;
|
||||
import org.keycloak.authorization.store.ScopeStore;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||
import jakarta.persistence.LockModeType;
|
||||
|
||||
|
@ -79,7 +78,7 @@ public class JPAScopeStore implements ScopeStore {
|
|||
}
|
||||
|
||||
@Override
|
||||
public void delete(RealmModel realm, String id) {
|
||||
public void delete(String id) {
|
||||
ScopeEntity scope = entityManager.find(ScopeEntity.class, id, LockModeType.PESSIMISTIC_WRITE);
|
||||
|
||||
if (scope != null) {
|
||||
|
@ -88,7 +87,7 @@ public class JPAScopeStore implements ScopeStore {
|
|||
}
|
||||
|
||||
@Override
|
||||
public Scope findById(RealmModel realm, ResourceServer resourceServer, String id) {
|
||||
public Scope findById(ResourceServer resourceServer, String id) {
|
||||
if (id == null) {
|
||||
return null;
|
||||
}
|
||||
|
@ -109,7 +108,7 @@ public class JPAScopeStore implements ScopeStore {
|
|||
query.setParameter("name", name);
|
||||
|
||||
String id = query.getSingleResult();
|
||||
return provider.getStoreFactory().getScopeStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, id);
|
||||
return provider.getStoreFactory().getScopeStore().findById(resourceServer, id);
|
||||
} catch (NoResultException nre) {
|
||||
return null;
|
||||
}
|
||||
|
@ -125,7 +124,7 @@ public class JPAScopeStore implements ScopeStore {
|
|||
List<String> result = query.getResultList();
|
||||
List<Scope> list = new LinkedList<>();
|
||||
for (String id : result) {
|
||||
list.add(provider.getStoreFactory().getScopeStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, id));
|
||||
list.add(provider.getStoreFactory().getScopeStore().findById(resourceServer, id));
|
||||
}
|
||||
return list;
|
||||
}
|
||||
|
@ -160,7 +159,7 @@ public class JPAScopeStore implements ScopeStore {
|
|||
List<String> result = paginateQuery(query, firstResult, maxResults).getResultList();
|
||||
List<Scope> list = new LinkedList<>();
|
||||
for (String id : result) {
|
||||
list.add(provider.getStoreFactory().getScopeStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, id));
|
||||
list.add(provider.getStoreFactory().getScopeStore().findById(resourceServer, id));
|
||||
}
|
||||
return list;
|
||||
|
||||
|
|
|
@ -90,7 +90,7 @@ public class PermissionTicketAdapter implements PermissionTicket, JpaModel<Permi
|
|||
|
||||
@Override
|
||||
public ResourceServer getResourceServer() {
|
||||
return storeFactory.getResourceServerStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, entity.getResourceServer().getId());
|
||||
return storeFactory.getResourceServerStore().findById(entity.getResourceServer().getId());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -101,8 +101,8 @@ public class PermissionTicketAdapter implements PermissionTicket, JpaModel<Permi
|
|||
return null;
|
||||
}
|
||||
|
||||
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, entity.getResourceServer().getId());
|
||||
return storeFactory.getPolicyStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, policy.getId());
|
||||
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(entity.getResourceServer().getId());
|
||||
return storeFactory.getPolicyStore().findById(resourceServer, policy.getId());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -114,7 +114,7 @@ public class PermissionTicketAdapter implements PermissionTicket, JpaModel<Permi
|
|||
|
||||
@Override
|
||||
public Resource getResource() {
|
||||
return storeFactory.getResourceStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, getResourceServer(), entity.getResource().getId());
|
||||
return storeFactory.getResourceStore().findById(getResourceServer(), entity.getResource().getId());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -125,7 +125,7 @@ public class PermissionTicketAdapter implements PermissionTicket, JpaModel<Permi
|
|||
return null;
|
||||
}
|
||||
|
||||
return storeFactory.getScopeStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, getResourceServer(), scope.getId());
|
||||
return storeFactory.getScopeStore().findById(getResourceServer(), scope.getId());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -153,7 +153,7 @@ public class PolicyAdapter extends AbstractAuthorizationModel implements Policy,
|
|||
|
||||
@Override
|
||||
public ResourceServer getResourceServer() {
|
||||
return storeFactory.getResourceServerStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, entity.getResourceServer().getId());
|
||||
return storeFactory.getResourceServerStore().findById(entity.getResourceServer().getId());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -170,7 +170,7 @@ public class PolicyAdapter extends AbstractAuthorizationModel implements Policy,
|
|||
Set<Resource> set = new HashSet<>();
|
||||
ResourceServer resourceServer = getResourceServer();
|
||||
for (ResourceEntity res : entity.getResources()) {
|
||||
set.add(storeFactory.getResourceStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, res.getId()));
|
||||
set.add(storeFactory.getResourceStore().findById(resourceServer, res.getId()));
|
||||
}
|
||||
return Collections.unmodifiableSet(set);
|
||||
}
|
||||
|
@ -180,7 +180,7 @@ public class PolicyAdapter extends AbstractAuthorizationModel implements Policy,
|
|||
Set<Scope> set = new HashSet<>();
|
||||
ResourceServer resourceServer = getResourceServer();
|
||||
for (ScopeEntity res : entity.getScopes()) {
|
||||
set.add(storeFactory.getScopeStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, res.getId()));
|
||||
set.add(storeFactory.getScopeStore().findById(resourceServer, res.getId()));
|
||||
}
|
||||
return Collections.unmodifiableSet(set);
|
||||
}
|
||||
|
|
|
@ -118,7 +118,7 @@ public class ResourceAdapter extends AbstractAuthorizationModel implements Resou
|
|||
List<Scope> scopes = new LinkedList<>();
|
||||
ResourceServer resourceServer = getResourceServer();
|
||||
for (ScopeEntity scope : entity.getScopes()) {
|
||||
scopes.add(storeFactory.getScopeStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, scope.getId()));
|
||||
scopes.add(storeFactory.getScopeStore().findById(resourceServer, scope.getId()));
|
||||
}
|
||||
|
||||
return Collections.unmodifiableList(scopes);
|
||||
|
@ -138,7 +138,7 @@ public class ResourceAdapter extends AbstractAuthorizationModel implements Resou
|
|||
|
||||
@Override
|
||||
public ResourceServer getResourceServer() {
|
||||
return storeFactory.getResourceServerStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, entity.getResourceServer());
|
||||
return storeFactory.getResourceServerStore().findById(entity.getResourceServer());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -20,7 +20,6 @@ import org.keycloak.authorization.jpa.entities.ResourceServerEntity;
|
|||
import org.keycloak.authorization.model.AbstractAuthorizationModel;
|
||||
import org.keycloak.authorization.model.ResourceServer;
|
||||
import org.keycloak.authorization.store.StoreFactory;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.jpa.JpaModel;
|
||||
import org.keycloak.representations.idm.authorization.DecisionStrategy;
|
||||
import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
|
||||
|
@ -36,7 +35,7 @@ public class ResourceServerAdapter extends AbstractAuthorizationModel implements
|
|||
private EntityManager em;
|
||||
private StoreFactory storeFactory;
|
||||
|
||||
public ResourceServerAdapter(RealmModel realm, ResourceServerEntity entity, EntityManager em, StoreFactory storeFactory) {
|
||||
public ResourceServerAdapter(ResourceServerEntity entity, EntityManager em, StoreFactory storeFactory) {
|
||||
super(storeFactory);
|
||||
this.entity = entity;
|
||||
this.em = em;
|
||||
|
@ -93,11 +92,6 @@ public class ResourceServerAdapter extends AbstractAuthorizationModel implements
|
|||
return getId();
|
||||
}
|
||||
|
||||
@Override
|
||||
public RealmModel getRealm() {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(Object o) {
|
||||
if (this == o) return true;
|
||||
|
|
|
@ -88,7 +88,7 @@ public class ScopeAdapter extends AbstractAuthorizationModel implements Scope, J
|
|||
|
||||
@Override
|
||||
public ResourceServer getResourceServer() {
|
||||
return storeFactory.getResourceServerStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, entity.getResourceServer().getId());
|
||||
return storeFactory.getResourceServerStore().findById(entity.getResourceServer().getId());
|
||||
}
|
||||
|
||||
public static ScopeEntity toEntity(EntityManager em, Scope scope) {
|
||||
|
|
|
@ -250,21 +250,21 @@ public final class AuthorizationProvider implements Provider {
|
|||
}
|
||||
|
||||
@Override
|
||||
public void delete(RealmModel realm, String id) {
|
||||
Scope scope = findById(realm, null, id);
|
||||
public void delete(String id) {
|
||||
Scope scope = findById(null, id);
|
||||
PermissionTicketStore ticketStore = AuthorizationProvider.this.getStoreFactory().getPermissionTicketStore();
|
||||
List<PermissionTicket> permissions = ticketStore.findByScope(scope.getResourceServer(), scope);
|
||||
|
||||
for (PermissionTicket permission : permissions) {
|
||||
ticketStore.delete(realm, permission.getId());
|
||||
ticketStore.delete(permission.getId());
|
||||
}
|
||||
|
||||
delegate.delete(realm, id);
|
||||
delegate.delete(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Scope findById(RealmModel realm, ResourceServer resourceServer, String id) {
|
||||
return delegate.findById(realm, resourceServer, id);
|
||||
public Scope findById(ResourceServer resourceServer, String id) {
|
||||
return delegate.findById(resourceServer, id);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -292,11 +292,10 @@ public final class AuthorizationProvider implements Provider {
|
|||
@Override
|
||||
public Policy create(ResourceServer resourceServer, AbstractPolicyRepresentation representation) {
|
||||
Set<String> resources = representation.getResources();
|
||||
RealmModel realm = resourceServer.getRealm();
|
||||
|
||||
if (resources != null) {
|
||||
representation.setResources(resources.stream().map(id -> {
|
||||
Resource resource = storeFactory.getResourceStore().findById(realm, resourceServer, id);
|
||||
Resource resource = storeFactory.getResourceStore().findById(resourceServer, id);
|
||||
|
||||
if (resource == null) {
|
||||
resource = storeFactory.getResourceStore().findByName(resourceServer, id);
|
||||
|
@ -314,7 +313,7 @@ public final class AuthorizationProvider implements Provider {
|
|||
|
||||
if (scopes != null) {
|
||||
representation.setScopes(scopes.stream().map(id -> {
|
||||
Scope scope = storeFactory.getScopeStore().findById(realm, resourceServer, id);
|
||||
Scope scope = storeFactory.getScopeStore().findById(resourceServer, id);
|
||||
|
||||
if (scope == null) {
|
||||
scope = storeFactory.getScopeStore().findByName(resourceServer, id);
|
||||
|
@ -333,7 +332,7 @@ public final class AuthorizationProvider implements Provider {
|
|||
|
||||
if (policies != null) {
|
||||
representation.setPolicies(policies.stream().map(id -> {
|
||||
Policy policy = storeFactory.getPolicyStore().findById(realm, resourceServer, id);
|
||||
Policy policy = storeFactory.getPolicyStore().findById(resourceServer, id);
|
||||
|
||||
if (policy == null) {
|
||||
policy = storeFactory.getPolicyStore().findByName(resourceServer, id);
|
||||
|
@ -351,8 +350,8 @@ public final class AuthorizationProvider implements Provider {
|
|||
}
|
||||
|
||||
@Override
|
||||
public void delete(RealmModel realm, String id) {
|
||||
Policy policy = findById(realm, null, id);
|
||||
public void delete(String id) {
|
||||
Policy policy = findById(null, id);
|
||||
|
||||
if (policy != null) {
|
||||
ResourceServer resourceServer = policy.getResourceServer();
|
||||
|
@ -363,7 +362,7 @@ public final class AuthorizationProvider implements Provider {
|
|||
// only remove associated policies created from the policy being deleted
|
||||
if (associatedPolicy.getOwner() != null) {
|
||||
policy.removeAssociatedPolicy(associatedPolicy);
|
||||
policyStore.delete(realm, associatedPolicy.getId());
|
||||
policyStore.delete(associatedPolicy.getId());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -371,17 +370,17 @@ public final class AuthorizationProvider implements Provider {
|
|||
findDependentPolicies(resourceServer, policy.getId()).forEach(dependentPolicy -> {
|
||||
dependentPolicy.removeAssociatedPolicy(policy);
|
||||
if (dependentPolicy.getAssociatedPolicies().isEmpty()) {
|
||||
delete(realm, dependentPolicy.getId());
|
||||
delete(dependentPolicy.getId());
|
||||
}
|
||||
});
|
||||
|
||||
policyStore.delete(realm, id);
|
||||
policyStore.delete(id);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public Policy findById(RealmModel realm, ResourceServer resourceServer, String id) {
|
||||
return policyStore.findById(realm, resourceServer, id);
|
||||
public Policy findById(ResourceServer resourceServer, String id) {
|
||||
return policyStore.findById(resourceServer, id);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -395,8 +394,8 @@ public final class AuthorizationProvider implements Provider {
|
|||
}
|
||||
|
||||
@Override
|
||||
public List<Policy> find(RealmModel realm, ResourceServer resourceServer, Map<Policy.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults) {
|
||||
return policyStore.find(realm, resourceServer, attributes, firstResult, maxResults);
|
||||
public List<Policy> find(ResourceServer resourceServer, Map<Policy.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults) {
|
||||
return policyStore.find(resourceServer, attributes, firstResult, maxResults);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -461,14 +460,14 @@ public final class AuthorizationProvider implements Provider {
|
|||
}
|
||||
|
||||
@Override
|
||||
public void delete(RealmModel realm, String id) {
|
||||
Resource resource = findById(realm, null, id);
|
||||
public void delete(String id) {
|
||||
Resource resource = findById(null, id);
|
||||
StoreFactory storeFactory = AuthorizationProvider.this.getStoreFactory();
|
||||
PermissionTicketStore ticketStore = storeFactory.getPermissionTicketStore();
|
||||
List<PermissionTicket> permissions = ticketStore.findByResource(resource.getResourceServer(), resource);
|
||||
|
||||
for (PermissionTicket permission : permissions) {
|
||||
ticketStore.delete(realm, permission.getId());
|
||||
ticketStore.delete(permission.getId());
|
||||
}
|
||||
|
||||
PolicyStore policyStore = storeFactory.getPolicyStore();
|
||||
|
@ -476,28 +475,28 @@ public final class AuthorizationProvider implements Provider {
|
|||
|
||||
for (Policy policyModel : policies) {
|
||||
if (policyModel.getResources().size() == 1) {
|
||||
policyStore.delete(realm, policyModel.getId());
|
||||
policyStore.delete(policyModel.getId());
|
||||
} else {
|
||||
policyModel.removeResource(resource);
|
||||
}
|
||||
}
|
||||
|
||||
delegate.delete(realm, id);
|
||||
delegate.delete(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Resource findById(RealmModel realm, ResourceServer resourceServer, String id) {
|
||||
return delegate.findById(realm, resourceServer, id);
|
||||
public Resource findById(ResourceServer resourceServer, String id) {
|
||||
return delegate.findById(resourceServer, id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<Resource> findByOwner(RealmModel realm, ResourceServer resourceServer, String ownerId) {
|
||||
return delegate.findByOwner(realm, resourceServer, ownerId);
|
||||
public List<Resource> findByOwner(ResourceServer resourceServer, String ownerId) {
|
||||
return delegate.findByOwner(resourceServer, ownerId);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void findByOwner(RealmModel realm, ResourceServer resourceServer, String ownerId, Consumer<Resource> consumer) {
|
||||
delegate.findByOwner(realm, resourceServer, ownerId, consumer);
|
||||
public void findByOwner(ResourceServer resourceServer, String ownerId, Consumer<Resource> consumer) {
|
||||
delegate.findByOwner(resourceServer, ownerId, consumer);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -506,8 +505,8 @@ public final class AuthorizationProvider implements Provider {
|
|||
}
|
||||
|
||||
@Override
|
||||
public List<Resource> find(RealmModel realm, ResourceServer resourceServer, Map<Resource.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults) {
|
||||
return delegate.find(realm, resourceServer, attributes, firstResult, maxResults);
|
||||
public List<Resource> find(ResourceServer resourceServer, Map<Resource.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults) {
|
||||
return delegate.find(resourceServer, attributes, firstResult, maxResults);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -26,7 +26,6 @@ import org.keycloak.authorization.model.ResourceServer;
|
|||
import org.keycloak.authorization.model.Scope;
|
||||
import org.keycloak.authorization.store.PolicyStore;
|
||||
import org.keycloak.authorization.store.StoreFactory;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
|
||||
import org.keycloak.representations.idm.authorization.UserPolicyRepresentation;
|
||||
|
@ -49,7 +48,7 @@ public class UserManagedPermissionUtil {
|
|||
filter.put(PermissionTicket.FilterOption.RESOURCE_ID, ticket.getResource().getId());
|
||||
filter.put(PermissionTicket.FilterOption.POLICY_IS_NOT_NULL, Boolean.TRUE.toString());
|
||||
|
||||
List<PermissionTicket> tickets = storeFactory.getPermissionTicketStore().find(resourceServer.getRealm(), resourceServer, filter, null, null);
|
||||
List<PermissionTicket> tickets = storeFactory.getPermissionTicketStore().find(resourceServer, filter, null, null);
|
||||
|
||||
if (!tickets.isEmpty()) {
|
||||
policy = tickets.iterator().next().getPolicy();
|
||||
|
@ -74,7 +73,6 @@ public class UserManagedPermissionUtil {
|
|||
|
||||
public static void removePolicy(PermissionTicket ticket, StoreFactory storeFactory) {
|
||||
Policy policy = ticket.getPolicy();
|
||||
RealmModel realm = ticket.getResourceServer().getRealm();
|
||||
|
||||
if (policy != null) {
|
||||
Map<PermissionTicket.FilterOption, String> filter = new EnumMap<>(PermissionTicket.FilterOption.class);
|
||||
|
@ -84,16 +82,16 @@ public class UserManagedPermissionUtil {
|
|||
filter.put(PermissionTicket.FilterOption.RESOURCE_ID, ticket.getResource().getId());
|
||||
filter.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString());
|
||||
|
||||
List<PermissionTicket> tickets = storeFactory.getPermissionTicketStore().find(realm, ticket.getResourceServer(), filter, null, null);
|
||||
List<PermissionTicket> tickets = storeFactory.getPermissionTicketStore().find(ticket.getResourceServer(), filter, null, null);
|
||||
|
||||
if (tickets.isEmpty()) {
|
||||
PolicyStore policyStore = storeFactory.getPolicyStore();
|
||||
|
||||
for (Policy associatedPolicy : policy.getAssociatedPolicies()) {
|
||||
policyStore.delete(realm, associatedPolicy.getId());
|
||||
policyStore.delete(associatedPolicy.getId());
|
||||
}
|
||||
|
||||
policyStore.delete(realm, policy.getId());
|
||||
policyStore.delete(policy.getId());
|
||||
} else if (ticket.getScope() != null) {
|
||||
policy.removeScope(ticket.getScope());
|
||||
}
|
||||
|
|
|
@ -18,7 +18,6 @@
|
|||
|
||||
package org.keycloak.authorization.model;
|
||||
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.representations.idm.authorization.DecisionStrategy;
|
||||
import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
|
||||
|
||||
|
@ -85,11 +84,4 @@ public interface ResourceServer {
|
|||
* @return id of client
|
||||
*/
|
||||
String getClientId();
|
||||
|
||||
/**
|
||||
* Returns reference of a realm that this {@link ResourceServer} belongs to.
|
||||
*
|
||||
* @return reference of a realm
|
||||
*/
|
||||
RealmModel getRealm();
|
||||
}
|
||||
|
|
|
@ -73,7 +73,7 @@ public final class Permissions {
|
|||
}
|
||||
|
||||
// obtain all resources where owner is the resource server
|
||||
resourceStore.findByOwner(resourceServer.getRealm(), resourceServer, resourceServer.getClientId(), resource -> {
|
||||
resourceStore.findByOwner(resourceServer, resourceServer.getClientId(), resource -> {
|
||||
if (limit.decrementAndGet() >= 0) {
|
||||
evaluator.accept(createResourcePermissions(resource, resourceServer, resource.getScopes(), authorization, request));
|
||||
}
|
||||
|
@ -82,7 +82,7 @@ public final class Permissions {
|
|||
// resource server isn't current user
|
||||
if (!Objects.equals(resourceServer.getClientId(), identity.getId())) {
|
||||
// obtain all resources where owner is the current user
|
||||
resourceStore.findByOwner(resourceServer.getRealm(), resourceServer, identity.getId(), resource -> {
|
||||
resourceStore.findByOwner(resourceServer, identity.getId(), resource -> {
|
||||
if (limit.decrementAndGet() >= 0) {
|
||||
evaluator.accept(createResourcePermissions(resource, resourceServer, resource.getScopes(), authorization, request));
|
||||
}
|
||||
|
|
|
@ -32,7 +32,6 @@ import org.keycloak.authorization.model.Scope;
|
|||
import org.keycloak.authorization.store.ResourceStore;
|
||||
import org.keycloak.authorization.store.ScopeStore;
|
||||
import org.keycloak.authorization.store.StoreFactory;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.representations.idm.authorization.AuthorizationRequest;
|
||||
import org.keycloak.representations.idm.authorization.Permission;
|
||||
import org.keycloak.representations.idm.authorization.PermissionTicketToken;
|
||||
|
@ -91,11 +90,10 @@ public class PermissionTicketAwareDecisionResultCollector extends DecisionPermis
|
|||
StoreFactory storeFactory = authorization.getStoreFactory();
|
||||
ResourceStore resourceStore = storeFactory.getResourceStore();
|
||||
List<Permission> permissions = ticket.getPermissions();
|
||||
RealmModel realm = resourceServer.getRealm();
|
||||
|
||||
if (permissions != null) {
|
||||
for (Permission permission : permissions) {
|
||||
Resource resource = resourceStore.findById(realm, resourceServer, permission.getResourceId());
|
||||
Resource resource = resourceStore.findById(resourceServer, permission.getResourceId());
|
||||
|
||||
if (resource == null) {
|
||||
resource = resourceStore.findByName(resourceServer, permission.getResourceId(), identity.getId());
|
||||
|
@ -118,7 +116,7 @@ public class PermissionTicketAwareDecisionResultCollector extends DecisionPermis
|
|||
filters.put(PermissionTicket.FilterOption.REQUESTER, identity.getId());
|
||||
filters.put(PermissionTicket.FilterOption.SCOPE_IS_NULL, Boolean.TRUE.toString());
|
||||
|
||||
List<PermissionTicket> tickets = authorization.getStoreFactory().getPermissionTicketStore().find(realm, resourceServer, filters, null, null);
|
||||
List<PermissionTicket> tickets = authorization.getStoreFactory().getPermissionTicketStore().find(resourceServer, filters, null, null);
|
||||
|
||||
if (tickets.isEmpty()) {
|
||||
authorization.getStoreFactory().getPermissionTicketStore().create(resourceServer, resource, null, identity.getId());
|
||||
|
@ -130,7 +128,7 @@ public class PermissionTicketAwareDecisionResultCollector extends DecisionPermis
|
|||
Scope scope = scopeStore.findByName(resourceServer, scopeId);
|
||||
|
||||
if (scope == null) {
|
||||
scope = scopeStore.findById(realm, resourceServer, scopeId);
|
||||
scope = scopeStore.findById(resourceServer, scopeId);
|
||||
}
|
||||
|
||||
Map<PermissionTicket.FilterOption, String> filters = new EnumMap<>(PermissionTicket.FilterOption.class);
|
||||
|
@ -139,7 +137,7 @@ public class PermissionTicketAwareDecisionResultCollector extends DecisionPermis
|
|||
filters.put(PermissionTicket.FilterOption.REQUESTER, identity.getId());
|
||||
filters.put(PermissionTicket.FilterOption.SCOPE_ID, scope.getId());
|
||||
|
||||
List<PermissionTicket> tickets = authorization.getStoreFactory().getPermissionTicketStore().find(realm, resourceServer, filters, null, null);
|
||||
List<PermissionTicket> tickets = authorization.getStoreFactory().getPermissionTicketStore().find(resourceServer, filters, null, null);
|
||||
|
||||
if (tickets.isEmpty()) {
|
||||
authorization.getStoreFactory().getPermissionTicketStore().create(resourceServer, resource, scope, identity.getId());
|
||||
|
|
|
@ -24,7 +24,6 @@ import org.keycloak.authorization.model.PermissionTicket;
|
|||
import org.keycloak.authorization.model.Resource;
|
||||
import org.keycloak.authorization.model.ResourceServer;
|
||||
import org.keycloak.authorization.model.Scope;
|
||||
import org.keycloak.models.RealmModel;
|
||||
|
||||
/**
|
||||
* A {@link PermissionTicketStore} is responsible to manage the persistence of {@link org.keycloak.authorization.model.PermissionTicket} instances.
|
||||
|
@ -37,7 +36,7 @@ public interface PermissionTicketStore {
|
|||
* Returns count of {@link PermissionTicket}, filtered by the given attributes.
|
||||
*
|
||||
*
|
||||
* @param resourceServer the resource server. Cannot be {@code null}.
|
||||
* @param resourceServer the resource server.
|
||||
* @param attributes permission tickets that do not match the attributes are not included with the count; possible filter options are given by {@link PermissionTicket.FilterOption}
|
||||
* @return an integer indicating the amount of permission tickets
|
||||
* @throws IllegalArgumentException when there is an unknown attribute in the {@code attributes} map
|
||||
|
@ -49,7 +48,7 @@ public interface PermissionTicketStore {
|
|||
*
|
||||
* @param resourceServer the resource server to which this permission ticket belongs. Cannot be {@code null}.
|
||||
* @param resource resource. Cannot be {@code null}.
|
||||
* @param scope scope. Cannot be {@code null}
|
||||
* @param scope scope.
|
||||
* @param requester requester of the permission
|
||||
* @return a new instance of {@link PermissionTicket}
|
||||
*/
|
||||
|
@ -58,22 +57,18 @@ public interface PermissionTicketStore {
|
|||
/**
|
||||
* Deletes a permission from the underlying persistence mechanism.
|
||||
*
|
||||
* @param realm realm. Cannot be {@code null}.
|
||||
* @param id the id of the policy to delete
|
||||
*/
|
||||
void delete(RealmModel realm, String id);
|
||||
void delete(String id);
|
||||
|
||||
/**
|
||||
* Returns a {@link PermissionTicket} with the given <code>id</code>
|
||||
*
|
||||
*
|
||||
*
|
||||
* @param realm the realm. Cannot be {@code null}.
|
||||
* @param resourceServer the resource server. Ignored if {@code null}.
|
||||
* @param id the identifier of the permission
|
||||
* @return a permission with the given identifier.
|
||||
*/
|
||||
PermissionTicket findById(RealmModel realm, ResourceServer resourceServer, String id);
|
||||
PermissionTicket findById(ResourceServer resourceServer, String id);
|
||||
|
||||
/**
|
||||
* Returns a list of {@link PermissionTicket} associated with the {@link org.keycloak.authorization.model.Resource resource}.
|
||||
|
@ -97,18 +92,14 @@ public interface PermissionTicketStore {
|
|||
/**
|
||||
* Returns a list of {@link PermissionTicket}, filtered by the given attributes.
|
||||
*
|
||||
*
|
||||
* @param realm the realm. Cannot be {@code null}.
|
||||
* @param resourceServer a resource server that resulting tickets should belong to. Ignored if {@code null}.
|
||||
* @param attributes a map of keys and values to filter on; possible filter options are given by {@link PermissionTicket.FilterOption}
|
||||
* @param firstResult first result to return. Ignored if negative or {@code null}.
|
||||
* @param maxResults maximum number of results to return. Ignored if negative or {@code null}.
|
||||
* @return a list of filtered and paginated permissions
|
||||
*
|
||||
* @throws IllegalArgumentException when there is an unknown attribute in the {@code attributes} map
|
||||
*
|
||||
*/
|
||||
List<PermissionTicket> find(RealmModel realm, ResourceServer resourceServer, Map<PermissionTicket.FilterOption, String> attributes, Integer firstResult, Integer maxResults);
|
||||
List<PermissionTicket> find(ResourceServer resourceServer, Map<PermissionTicket.FilterOption, String> attributes, Integer firstResult, Integer maxResults);
|
||||
|
||||
/**
|
||||
* Returns a list of {@link PermissionTicket} granted to the given {@code userId}.
|
||||
|
@ -134,25 +125,21 @@ public interface PermissionTicketStore {
|
|||
/**
|
||||
* Returns a list of {@link Resource} granted to the given {@code requester}
|
||||
*
|
||||
*
|
||||
* @param realm realm that is searched. Cannot be {@code null}
|
||||
* @param requester the requester
|
||||
* @param name the keyword to query resources by name or null if any resource
|
||||
* @param firstResult first result to return. Ignored if negative or {@code null}.
|
||||
* @param maxResults maximum number of results to return. Ignored if negative or {@code null}.
|
||||
* @return a list of {@link Resource} granted to the given {@code requester}
|
||||
*/
|
||||
List<Resource> findGrantedResources(RealmModel realm, String requester, String name, Integer firstResult, Integer maxResults);
|
||||
List<Resource> findGrantedResources(String requester, String name, Integer firstResult, Integer maxResults);
|
||||
|
||||
/**
|
||||
* Returns a list of {@link Resource} granted by the owner to other users
|
||||
*
|
||||
*
|
||||
* @param realm
|
||||
* @param owner the owner
|
||||
* @param firstResult first result to return. Ignored if negative or {@code null}.
|
||||
* @param maxResults maximum number of results to return. Ignored if negative or {@code null}.
|
||||
* @return a list of {@link Resource} granted by the owner
|
||||
*/
|
||||
List<Resource> findGrantedOwnerResources(RealmModel realm, String owner, Integer firstResult, Integer maxResults);
|
||||
List<Resource> findGrantedOwnerResources(String owner, Integer firstResult, Integer maxResults);
|
||||
}
|
||||
|
|
|
@ -26,7 +26,6 @@ import org.keycloak.authorization.model.Policy;
|
|||
import org.keycloak.authorization.model.Resource;
|
||||
import org.keycloak.authorization.model.ResourceServer;
|
||||
import org.keycloak.authorization.model.Scope;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
|
||||
|
||||
/**
|
||||
|
@ -49,21 +48,18 @@ public interface PolicyStore {
|
|||
/**
|
||||
* Deletes a policy from the underlying persistence mechanism.
|
||||
*
|
||||
* @param realm the realm that the removed policy belongs to. Cannot be {@code null}
|
||||
* @param id the id of the policy to delete
|
||||
*/
|
||||
void delete(RealmModel realm, String id);
|
||||
void delete(String id);
|
||||
|
||||
/**
|
||||
* Returns a {@link Policy} with the given <code>id</code>
|
||||
*
|
||||
*
|
||||
* @param realm the realm. Cannot be {@code null}.
|
||||
* @param resourceServer the resource server. Ignored if {@code null}.
|
||||
* @param id the identifier of the policy
|
||||
* @return a policy with the given identifier.
|
||||
*/
|
||||
Policy findById(RealmModel realm, ResourceServer resourceServer, String id);
|
||||
Policy findById(ResourceServer resourceServer, String id);
|
||||
|
||||
/**
|
||||
* Returns a {@link Policy} with the given <code>name</code>
|
||||
|
@ -85,17 +81,14 @@ public interface PolicyStore {
|
|||
/**
|
||||
* Returns a list of {@link Policy} associated with a {@link ResourceServer} with the given <code>resourceServerId</code>.
|
||||
*
|
||||
*
|
||||
* @param realm the realm. Cannot be {@code null}.
|
||||
* @param resourceServer the identifier of a resource server. Ignored if {@code null}.
|
||||
* @param attributes a map holding the attributes that will be used as a filter; possible filter options are given by {@link Policy.FilterOption}
|
||||
* @param firstResult first result to return. Ignored if negative or {@code null}.
|
||||
* @param maxResults maximum number of results to return. Ignored if negative or {@code null}.
|
||||
* @return a list of policies that belong to the given resource server
|
||||
*
|
||||
* @throws IllegalArgumentException when there is an unknown attribute in the {@code attributes} map
|
||||
*/
|
||||
List<Policy> find(RealmModel realm, ResourceServer resourceServer, Map<Policy.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults);
|
||||
List<Policy> find(ResourceServer resourceServer, Map<Policy.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults);
|
||||
|
||||
/**
|
||||
* Returns a list of {@link Policy} associated with a {@link org.keycloak.authorization.model.Resource}
|
||||
|
@ -189,7 +182,7 @@ public interface PolicyStore {
|
|||
/**
|
||||
* Returns a list of {@link Policy} that depends on another policy with the given <code>id</code>.
|
||||
*
|
||||
* @param resourceServer the resource server
|
||||
* @param resourceServer the resource server. Cannot be {@code null}.
|
||||
* @param id the id of the policy to query its dependents
|
||||
* @return a list of policies that depends on the a policy with the given identifier
|
||||
*/
|
||||
|
|
|
@ -19,7 +19,6 @@ package org.keycloak.authorization.store;
|
|||
|
||||
import org.keycloak.authorization.model.ResourceServer;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
|
||||
/**
|
||||
* A {@link ResourceServerStore} is responsible to manage the persistence of {@link ResourceServer} instances.
|
||||
|
@ -47,13 +46,10 @@ public interface ResourceServerStore {
|
|||
/**
|
||||
* Returns a {@link ResourceServer} instance based on its identifier.
|
||||
*
|
||||
*
|
||||
* @param realm the realm. Cannot be {@code null}.
|
||||
* @param id the identifier of an existing resource server instance
|
||||
*
|
||||
* @return the resource server instance with the given identifier or null if no instance was found
|
||||
*/
|
||||
ResourceServer findById(RealmModel realm, String id);
|
||||
ResourceServer findById(String id);
|
||||
|
||||
/**
|
||||
* Returns a {@link ResourceServer} instance based on a client.
|
||||
|
|
|
@ -19,7 +19,6 @@ package org.keycloak.authorization.store;
|
|||
import org.keycloak.authorization.model.Resource;
|
||||
import org.keycloak.authorization.model.ResourceServer;
|
||||
import org.keycloak.authorization.model.Scope;
|
||||
import org.keycloak.models.RealmModel;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.LinkedList;
|
||||
|
@ -61,45 +60,45 @@ public interface ResourceStore {
|
|||
/**
|
||||
* Removes a {@link Resource} instance, with the given {@code id} from the persistent storage.
|
||||
*
|
||||
* @param realm the realm. Cannot be {@code null}.
|
||||
* @param id the identifier of an existing resource instance
|
||||
*/
|
||||
void delete(RealmModel realm, String id);
|
||||
void delete(String id);
|
||||
|
||||
/**
|
||||
* Returns a {@link Resource} instance based on its identifier.
|
||||
*
|
||||
*
|
||||
* @param realm the realm. Cannot be {@code null}.
|
||||
* @param resourceServer the resource server. Ignored if {@code null}
|
||||
* @param id the identifier of an existing resource instance
|
||||
* @return the resource instance with the given identifier or null if no instance was found
|
||||
*/
|
||||
Resource findById(RealmModel realm, ResourceServer resourceServer, String id);
|
||||
Resource findById(ResourceServer resourceServer, String id);
|
||||
|
||||
/**
|
||||
* Finds all {@link Resource} instances with the given {@code ownerId}.
|
||||
*
|
||||
*
|
||||
*
|
||||
* @param realm the realm. Cannot be {@code null}.
|
||||
* @param resourceServer resource server. Ignored if {@code null}
|
||||
* @param ownerId the identifier of the owner
|
||||
* @return a list with all resource instances owned by the given owner
|
||||
*/
|
||||
default List<Resource> findByOwner(RealmModel realm, ResourceServer resourceServer, String ownerId) {
|
||||
default List<Resource> findByOwner(ResourceServer resourceServer, String ownerId) {
|
||||
List<Resource> list = new LinkedList<>();
|
||||
|
||||
findByOwner(realm, resourceServer, ownerId, list::add);
|
||||
findByOwner(resourceServer, ownerId, list::add);
|
||||
|
||||
return list;
|
||||
}
|
||||
void findByOwner(RealmModel realm, ResourceServer resourceServer, String ownerId, Consumer<Resource> consumer);
|
||||
|
||||
/**
|
||||
* Effectively the same method as {@link #findByOwner(ResourceServer, String)}, however in the end
|
||||
* the {@code consumer} is fed with the result.
|
||||
*
|
||||
*/
|
||||
void findByOwner(ResourceServer resourceServer, String ownerId, Consumer<Resource> consumer);
|
||||
|
||||
/**
|
||||
* Finds all {@link Resource} instances associated with a given resource server.
|
||||
*
|
||||
* @param resourceServer the identifier of the resource server. Cannot be {@code null}.
|
||||
* @param resourceServer the identifier of the resource server. Searches for resources without a resourceServer if {@code null}.
|
||||
* @return a list with all resources associated with the given resource server
|
||||
*/
|
||||
List<Resource> findByResourceServer(ResourceServer resourceServer);
|
||||
|
@ -107,23 +106,20 @@ public interface ResourceStore {
|
|||
/**
|
||||
* Finds all {@link Resource} instances associated with a given resource server.
|
||||
*
|
||||
*
|
||||
* @param realm the realm. Cannot be {@code null}.
|
||||
* @param resourceServer the identifier of the resource server. Ignored if {@code null}.
|
||||
* @param attributes a map holding the attributes that will be used as a filter; possible filter options are given by {@link Resource.FilterOption}
|
||||
* @param firstResult first result to return. Ignored if negative or {@code null}.
|
||||
* @param maxResults maximum number of results to return. Ignored if negative or {@code null}.
|
||||
* @return a list with all resources associated with the given resource server
|
||||
*
|
||||
* @throws IllegalArgumentException when there is an unknown attribute in the {@code attributes} map
|
||||
*/
|
||||
List<Resource> find(RealmModel realm, ResourceServer resourceServer, Map<Resource.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults);
|
||||
List<Resource> find(ResourceServer resourceServer, Map<Resource.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults);
|
||||
|
||||
/**
|
||||
* Finds all {@link Resource} associated with a given scope.
|
||||
*
|
||||
*
|
||||
* @param resourceServer the resource server. Cannot be {@code null}.
|
||||
* @param resourceServer the resource server. Searches for resources without a resourceServer if {@code null}.
|
||||
* @param scopes one or more scope identifiers
|
||||
* @return a list of resources associated with the given scope(s)
|
||||
*/
|
||||
|
@ -139,7 +135,7 @@ public interface ResourceStore {
|
|||
/**
|
||||
* Find a {@link Resource} by its name where the owner is the resource server itself.
|
||||
*
|
||||
* @param resourceServer the resource server. Cannot be {@code null}.
|
||||
* @param resourceServer the resource server. Searches for resources without a resourceServer if {@code null}.
|
||||
* @param name the name of the resource
|
||||
* @return a resource with the given name
|
||||
*/
|
||||
|
@ -150,7 +146,7 @@ public interface ResourceStore {
|
|||
/**
|
||||
* Find a {@link Resource} by its name where the owner is the given <code>ownerId</code>.
|
||||
*
|
||||
* @param resourceServer the identifier of the resource server. Cannot be {@code null}.
|
||||
* @param resourceServer the identifier of the resource server. Searches for resources without a resourceServer if {@code null}.
|
||||
* @param name the name of the resource
|
||||
* @param ownerId the owner id
|
||||
* @return a resource with the given name
|
||||
|
@ -158,10 +154,10 @@ public interface ResourceStore {
|
|||
Resource findByName(ResourceServer resourceServer, String name, String ownerId);
|
||||
|
||||
/**
|
||||
* Finds all {@link Resource} from {@link ResourceServer} with the given type.
|
||||
* Finds all {@link Resource} associated with the {@link ResourceServer} with the given type.
|
||||
*
|
||||
*
|
||||
* @param resourceServer the resource server. Cannot be {@code null}.
|
||||
* @param resourceServer the resource server. Searches for resources without a resourceServer if {@code null}.
|
||||
* @param type the type of the resource
|
||||
* @return a list of resources with the given type
|
||||
*/
|
||||
|
@ -176,7 +172,7 @@ public interface ResourceStore {
|
|||
/**
|
||||
* Finds all {@link Resource} from {@link ResourceServer} with the given type.
|
||||
*
|
||||
* @param resourceServer the resource server id. Cannot be {@code null}.
|
||||
* @param resourceServer the resource server id. Searches for resources without a resourceServer if {@code null}.
|
||||
* @param type the type of the resource
|
||||
* @param consumer the result consumer
|
||||
* @return a list of resources with the given type
|
||||
|
@ -186,7 +182,7 @@ public interface ResourceStore {
|
|||
/**
|
||||
* Finds all {@link Resource} with the given type.
|
||||
*
|
||||
* @param resourceServer the resource server id. Cannot be {@code null}
|
||||
* @param resourceServer the resource server id. Searches for resources without a resourceServer if {@code null}.
|
||||
* @param type the type of the resource
|
||||
* @param owner the resource owner or null for any resource with a given type
|
||||
* @param consumer the result consumer
|
||||
|
@ -197,7 +193,7 @@ public interface ResourceStore {
|
|||
/**
|
||||
* Finds all {@link Resource} by type where client represented by the {@code resourceServer} is not the owner
|
||||
*
|
||||
* @param resourceServer the resourceServer. Cannot be {@code null}.
|
||||
* @param resourceServer the resourceServer. Searches for resources without a resourceServer if {@code null}.
|
||||
* @param type searched type
|
||||
* @param consumer a consumer that will be fed with the resulting resources
|
||||
*/
|
||||
|
|
|
@ -19,7 +19,6 @@ package org.keycloak.authorization.store;
|
|||
|
||||
import org.keycloak.authorization.model.ResourceServer;
|
||||
import org.keycloak.authorization.model.Scope;
|
||||
import org.keycloak.models.RealmModel;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
@ -57,20 +56,18 @@ public interface ScopeStore {
|
|||
/**
|
||||
* Deletes a scope from the underlying persistence mechanism.
|
||||
*
|
||||
* @param realm the realm. Cannot be {@code null}.
|
||||
* @param id the id of the scope to delete
|
||||
*/
|
||||
void delete(RealmModel realm, String id);
|
||||
void delete(String id);
|
||||
|
||||
/**
|
||||
* Returns a {@link Scope} with the given <code>id</code>
|
||||
*
|
||||
* @param realm the realm. Cannot be {@code null}.
|
||||
* @param resourceServer the resource server id. Ignored if {@code null}.
|
||||
* @param id the identifier of the scope
|
||||
* @return a scope with the given identifier.
|
||||
*/
|
||||
Scope findById(RealmModel realm, ResourceServer resourceServer, String id);
|
||||
Scope findById(ResourceServer resourceServer, String id);
|
||||
|
||||
/**
|
||||
* Returns a {@link Scope} with the given <code>name</code>
|
||||
|
|
|
@ -30,7 +30,6 @@ import org.keycloak.authorization.store.ResourceServerStore;
|
|||
import org.keycloak.authorization.store.StoreFactory;
|
||||
import org.keycloak.models.KeycloakSessionFactory;
|
||||
import org.keycloak.models.ClientModel.ClientRemovedEvent;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.provider.ProviderFactory;
|
||||
import org.keycloak.representations.idm.authorization.ClientPolicyRepresentation;
|
||||
|
||||
|
@ -51,7 +50,6 @@ public class ClientApplicationSynchronizer implements Synchronizer<ClientRemoved
|
|||
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
|
||||
ResourceServerStore store = storeFactory.getResourceServerStore();
|
||||
ResourceServer resourceServer = store.findByClient(event.getClient());
|
||||
RealmModel realm = event.getClient().getRealm();
|
||||
|
||||
if (resourceServer != null) {
|
||||
storeFactory.getResourceServerStore().delete(event.getClient());
|
||||
|
@ -63,7 +61,7 @@ public class ClientApplicationSynchronizer implements Synchronizer<ClientRemoved
|
|||
attributes.put(Policy.FilterOption.CONFIG, new String[] {"clients", event.getClient().getId()});
|
||||
attributes.put(Policy.FilterOption.ANY_OWNER, Policy.FilterOption.EMPTY_FILTER);
|
||||
|
||||
List<Policy> search = storeFactory.getPolicyStore().find(realm, null, attributes, null, null);
|
||||
List<Policy> search = storeFactory.getPolicyStore().find(null, attributes, null, null);
|
||||
|
||||
for (Policy policy : search) {
|
||||
PolicyProviderFactory policyFactory = authorizationProvider.getProviderFactory(policy.getType());
|
||||
|
|
|
@ -29,7 +29,6 @@ import org.keycloak.authorization.store.PolicyStore;
|
|||
import org.keycloak.authorization.store.StoreFactory;
|
||||
import org.keycloak.models.GroupModel;
|
||||
import org.keycloak.models.KeycloakSessionFactory;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.provider.ProviderFactory;
|
||||
import org.keycloak.representations.idm.authorization.GroupPolicyRepresentation;
|
||||
|
||||
|
@ -46,14 +45,13 @@ public class GroupSynchronizer implements Synchronizer<GroupModel.GroupRemovedEv
|
|||
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
|
||||
PolicyStore policyStore = storeFactory.getPolicyStore();
|
||||
GroupModel group = event.getGroup();
|
||||
RealmModel realm = event.getRealm();
|
||||
Map<Policy.FilterOption, String[]> attributes = new EnumMap<>(Policy.FilterOption.class);
|
||||
|
||||
attributes.put(Policy.FilterOption.TYPE, new String[] {"group"});
|
||||
attributes.put(Policy.FilterOption.CONFIG, new String[] {"groups", group.getId()});
|
||||
attributes.put(Policy.FilterOption.ANY_OWNER, Policy.FilterOption.EMPTY_FILTER);
|
||||
|
||||
List<Policy> search = policyStore.find(realm, null, attributes, null, null);
|
||||
List<Policy> search = policyStore.find(null, attributes, null, null);
|
||||
|
||||
for (Policy policy : search) {
|
||||
PolicyProviderFactory policyFactory = authorizationProvider.getProviderFactory(policy.getType());
|
||||
|
|
|
@ -31,7 +31,6 @@ import org.keycloak.authorization.store.PolicyStore;
|
|||
import org.keycloak.authorization.store.ResourceStore;
|
||||
import org.keycloak.authorization.store.StoreFactory;
|
||||
import org.keycloak.models.KeycloakSessionFactory;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.UserModel.UserRemovedEvent;
|
||||
import org.keycloak.provider.ProviderFactory;
|
||||
|
@ -56,14 +55,13 @@ public class UserSynchronizer implements Synchronizer<UserRemovedEvent> {
|
|||
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
|
||||
PolicyStore policyStore = storeFactory.getPolicyStore();
|
||||
UserModel userModel = event.getUser();
|
||||
RealmModel realm = event.getRealm();
|
||||
Map<Policy.FilterOption, String[]> attributes = new EnumMap<>(Policy.FilterOption.class);
|
||||
|
||||
attributes.put(Policy.FilterOption.TYPE, new String[] {"user"});
|
||||
attributes.put(Policy.FilterOption.CONFIG, new String[] {"users", userModel.getId()});
|
||||
attributes.put(Policy.FilterOption.ANY_OWNER, new String[] {Boolean.TRUE.toString()});
|
||||
|
||||
List<Policy> search = policyStore.find(realm, null, attributes, null, null);
|
||||
List<Policy> search = policyStore.find(null, attributes, null, null);
|
||||
|
||||
for (Policy policy : search) {
|
||||
PolicyProviderFactory policyFactory = authorizationProvider.getProviderFactory(policy.getType());
|
||||
|
@ -81,18 +79,17 @@ public class UserSynchronizer implements Synchronizer<UserRemovedEvent> {
|
|||
PolicyStore policyStore = storeFactory.getPolicyStore();
|
||||
ResourceStore resourceStore = storeFactory.getResourceStore();
|
||||
UserModel userModel = event.getUser();
|
||||
RealmModel realm = event.getRealm();
|
||||
|
||||
resourceStore.findByOwner(realm, null, userModel.getId(), resource -> {
|
||||
resourceStore.findByOwner(null, userModel.getId(), resource -> {
|
||||
String resourceId = resource.getId();
|
||||
policyStore.findByResource(resource.getResourceServer(), resource).forEach(policy -> {
|
||||
if (policy.getResources().size() == 1) {
|
||||
policyStore.delete(realm, policy.getId());
|
||||
policyStore.delete(policy.getId());
|
||||
} else {
|
||||
policy.removeResource(resource);
|
||||
}
|
||||
});
|
||||
resourceStore.delete(realm, resourceId);
|
||||
resourceStore.delete(resourceId);
|
||||
});
|
||||
}
|
||||
|
||||
|
@ -100,21 +97,20 @@ public class UserSynchronizer implements Synchronizer<UserRemovedEvent> {
|
|||
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
|
||||
PermissionTicketStore ticketStore = storeFactory.getPermissionTicketStore();
|
||||
UserModel userModel = event.getUser();
|
||||
RealmModel realm = event.getRealm();
|
||||
Map<PermissionTicket.FilterOption, String> attributes = new EnumMap<>(PermissionTicket.FilterOption.class);
|
||||
|
||||
attributes.put(PermissionTicket.FilterOption.OWNER, userModel.getId());
|
||||
|
||||
for (PermissionTicket ticket : ticketStore.find(realm, null, attributes, null, null)) {
|
||||
ticketStore.delete(realm, ticket.getId());
|
||||
for (PermissionTicket ticket : ticketStore.find(null, attributes, null, null)) {
|
||||
ticketStore.delete(ticket.getId());
|
||||
}
|
||||
|
||||
attributes.clear();
|
||||
|
||||
attributes.put(PermissionTicket.FilterOption.REQUESTER, userModel.getId());
|
||||
|
||||
for (PermissionTicket ticket : ticketStore.find(realm, null, attributes, null, null)) {
|
||||
ticketStore.delete(realm, ticket.getId());
|
||||
for (PermissionTicket ticket : ticketStore.find(null, attributes, null, null)) {
|
||||
ticketStore.delete(ticket.getId());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1120,7 +1120,6 @@ public class RepresentationToModel {
|
|||
|
||||
private static Policy importPolicies(AuthorizationProvider authorization, ResourceServer resourceServer, List<PolicyRepresentation> policiesToImport, String parentPolicyName) {
|
||||
StoreFactory storeFactory = authorization.getStoreFactory();
|
||||
RealmModel realm = resourceServer.getRealm();
|
||||
|
||||
for (PolicyRepresentation policyRepresentation : policiesToImport) {
|
||||
if (parentPolicyName != null && !parentPolicyName.equals(policyRepresentation.getName())) {
|
||||
|
@ -1140,7 +1139,7 @@ public class RepresentationToModel {
|
|||
Policy policy = policyStore.findByName(resourceServer, policyName);
|
||||
|
||||
if (policy == null) {
|
||||
policy = policyStore.findById(realm, resourceServer, policyName);
|
||||
policy = policyStore.findById(resourceServer, policyName);
|
||||
}
|
||||
|
||||
if (policy == null) {
|
||||
|
@ -1160,7 +1159,7 @@ public class RepresentationToModel {
|
|||
}
|
||||
|
||||
PolicyStore policyStore = storeFactory.getPolicyStore();
|
||||
Policy policy = policyStore.findById(realm, resourceServer, policyRepresentation.getId());
|
||||
Policy policy = policyStore.findById(resourceServer, policyRepresentation.getId());
|
||||
|
||||
if (policy == null) {
|
||||
policy = policyStore.findByName(resourceServer, policyRepresentation.getName());
|
||||
|
@ -1267,7 +1266,6 @@ public class RepresentationToModel {
|
|||
return;
|
||||
}
|
||||
ResourceServer resourceServer = policy.getResourceServer();
|
||||
RealmModel realm = resourceServer.getRealm();
|
||||
for (String scopeId : scopeIds) {
|
||||
boolean hasScope = false;
|
||||
|
||||
|
@ -1277,7 +1275,7 @@ public class RepresentationToModel {
|
|||
}
|
||||
}
|
||||
if (!hasScope) {
|
||||
Scope scope = storeFactory.getScopeStore().findById(realm, resourceServer, scopeId);
|
||||
Scope scope = storeFactory.getScopeStore().findById(resourceServer, scopeId);
|
||||
|
||||
if (scope == null) {
|
||||
scope = storeFactory.getScopeStore().findByName(resourceServer, scopeId);
|
||||
|
@ -1309,7 +1307,6 @@ public class RepresentationToModel {
|
|||
|
||||
private static void updateAssociatedPolicies(Set<String> policyIds, Policy policy, StoreFactory storeFactory) {
|
||||
ResourceServer resourceServer = policy.getResourceServer();
|
||||
RealmModel realm = resourceServer.getRealm();
|
||||
|
||||
if (policyIds != null) {
|
||||
if (policyIds.isEmpty()) {
|
||||
|
@ -1331,7 +1328,7 @@ public class RepresentationToModel {
|
|||
}
|
||||
|
||||
if (!hasPolicy) {
|
||||
Policy associatedPolicy = policyStore.findById(realm, resourceServer, policyId);
|
||||
Policy associatedPolicy = policyStore.findById(resourceServer, policyId);
|
||||
|
||||
if (associatedPolicy == null) {
|
||||
associatedPolicy = policyStore.findByName(resourceServer, policyId);
|
||||
|
@ -1369,7 +1366,6 @@ public class RepresentationToModel {
|
|||
}
|
||||
}
|
||||
ResourceServer resourceServer = policy.getResourceServer();
|
||||
RealmModel realm = resourceServer.getRealm();
|
||||
|
||||
for (String resourceId : resourceIds) {
|
||||
boolean hasResource = false;
|
||||
|
@ -1379,7 +1375,7 @@ public class RepresentationToModel {
|
|||
}
|
||||
}
|
||||
if (!hasResource && !"".equals(resourceId)) {
|
||||
Resource resource = storeFactory.getResourceStore().findById(realm, resourceServer, resourceId);
|
||||
Resource resource = storeFactory.getResourceStore().findById(resourceServer, resourceId);
|
||||
|
||||
if (resource == null) {
|
||||
resource = storeFactory.getResourceStore().findByName(resourceServer, resourceId);
|
||||
|
@ -1445,7 +1441,7 @@ public class RepresentationToModel {
|
|||
Resource existing;
|
||||
|
||||
if (resource.getId() != null) {
|
||||
existing = resourceStore.findById(realm, resourceServer, resource.getId());
|
||||
existing = resourceStore.findById(resourceServer, resource.getId());
|
||||
} else {
|
||||
existing = resourceStore.findByName(resourceServer, resource.getName(), ownerId);
|
||||
}
|
||||
|
@ -1519,7 +1515,7 @@ public class RepresentationToModel {
|
|||
Scope existing;
|
||||
|
||||
if (scope.getId() != null) {
|
||||
existing = scopeStore.findById(resourceServer.getRealm(), resourceServer, scope.getId());
|
||||
existing = scopeStore.findById(resourceServer, scope.getId());
|
||||
} else {
|
||||
existing = scopeStore.findByName(resourceServer, scope.getName());
|
||||
}
|
||||
|
@ -1545,13 +1541,13 @@ public class RepresentationToModel {
|
|||
|
||||
public static PermissionTicket toModel(PermissionTicketRepresentation representation, ResourceServer resourceServer, AuthorizationProvider authorization) {
|
||||
PermissionTicketStore ticketStore = authorization.getStoreFactory().getPermissionTicketStore();
|
||||
PermissionTicket ticket = ticketStore.findById(resourceServer.getRealm(), resourceServer, representation.getId());
|
||||
PermissionTicket ticket = ticketStore.findById(resourceServer, representation.getId());
|
||||
boolean granted = representation.isGranted();
|
||||
|
||||
if (granted && !ticket.isGranted()) {
|
||||
ticket.setGrantedTimestamp(System.currentTimeMillis());
|
||||
} else if (!granted) {
|
||||
ticketStore.delete(resourceServer.getRealm(), ticket.getId());
|
||||
ticketStore.delete(ticket.getId());
|
||||
}
|
||||
|
||||
return ticket;
|
||||
|
|
|
@ -191,7 +191,7 @@ public class PolicyEvaluationService {
|
|||
Set<Scope> scopes = givenScopes.stream().map(scopeRepresentation -> scopeStore.findByName(resourceServer, scopeRepresentation.getName())).collect(Collectors.toSet());
|
||||
|
||||
if (resource.getId() != null) {
|
||||
Resource resourceModel = storeFactory.getResourceStore().findById(resourceServer.getRealm(), resourceServer, resource.getId());
|
||||
Resource resourceModel = storeFactory.getResourceStore().findById(resourceServer, resource.getId());
|
||||
return new ArrayList<>(Arrays.asList(
|
||||
Permissions.createResourcePermissions(resourceModel, resourceServer, scopes, authorization, request))).stream();
|
||||
} else if (resource.getType() != null) {
|
||||
|
|
|
@ -114,7 +114,7 @@ public class PolicyResourceService {
|
|||
resource.onRemove(policy, authorization);
|
||||
}
|
||||
|
||||
policyStore.delete(resourceServer.getRealm(), policy.getId());
|
||||
policyStore.delete(policy.getId());
|
||||
|
||||
audit(policyRep, OperationType.DELETE);
|
||||
|
||||
|
|
|
@ -93,7 +93,7 @@ public class PolicyService {
|
|||
return doCreatePolicyTypeResource(type);
|
||||
}
|
||||
|
||||
Policy policy = authorization.getStoreFactory().getPolicyStore().findById(resourceServer.getRealm(), resourceServer, type);
|
||||
Policy policy = authorization.getStoreFactory().getPolicyStore().findById(resourceServer, type);
|
||||
|
||||
return doCreatePolicyResource(policy);
|
||||
}
|
||||
|
@ -227,7 +227,7 @@ public class PolicyService {
|
|||
|
||||
if (resource != null && !"".equals(resource.trim())) {
|
||||
ResourceStore resourceStore = storeFactory.getResourceStore();
|
||||
Resource resourceModel = resourceStore.findById(resourceServer.getRealm(), resourceServer, resource);
|
||||
Resource resourceModel = resourceStore.findById(resourceServer, resource);
|
||||
|
||||
if (resourceModel == null) {
|
||||
Map<Resource.FilterOption, String[]> resourceFilters = new EnumMap<>(Resource.FilterOption.class);
|
||||
|
@ -238,7 +238,7 @@ public class PolicyService {
|
|||
resourceFilters.put(Resource.FilterOption.OWNER, new String[]{owner});
|
||||
}
|
||||
|
||||
Set<String> resources = resourceStore.find(resourceServer.getRealm(), resourceServer, resourceFilters, -1, 1).stream().map(Resource::getId).collect(Collectors.toSet());
|
||||
Set<String> resources = resourceStore.find(resourceServer, resourceFilters, -1, 1).stream().map(Resource::getId).collect(Collectors.toSet());
|
||||
|
||||
if (resources.isEmpty()) {
|
||||
return Response.noContent().build();
|
||||
|
@ -252,7 +252,7 @@ public class PolicyService {
|
|||
|
||||
if (scope != null && !"".equals(scope.trim())) {
|
||||
ScopeStore scopeStore = storeFactory.getScopeStore();
|
||||
Scope scopeModel = scopeStore.findById(resourceServer.getRealm(), resourceServer, scope);
|
||||
Scope scopeModel = scopeStore.findById(resourceServer, scope);
|
||||
|
||||
if (scopeModel == null) {
|
||||
Map<Scope.FilterOption, String[]> scopeFilters = new EnumMap<>(Scope.FilterOption.class);
|
||||
|
@ -286,7 +286,7 @@ public class PolicyService {
|
|||
|
||||
protected List<Object> doSearch(Integer firstResult, Integer maxResult, String fields, Map<Policy.FilterOption, String[]> filters) {
|
||||
PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
|
||||
return policyStore.find(resourceServer.getRealm(), resourceServer, filters, firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS).stream()
|
||||
return policyStore.find(resourceServer, filters, firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS).stream()
|
||||
.map(policy -> toRepresentation(policy, fields, authorization))
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
|
|
|
@ -160,7 +160,7 @@ public class ResourceSetService {
|
|||
resource.setId(id);
|
||||
StoreFactory storeFactory = this.authorization.getStoreFactory();
|
||||
ResourceStore resourceStore = storeFactory.getResourceStore();
|
||||
Resource model = resourceStore.findById(resourceServer.getRealm(), resourceServer, resource.getId());
|
||||
Resource model = resourceStore.findById(resourceServer, resource.getId());
|
||||
|
||||
if (model == null) {
|
||||
return Response.status(Status.NOT_FOUND).build();
|
||||
|
@ -182,7 +182,7 @@ public class ResourceSetService {
|
|||
public Response delete(@PathParam("resource-id") String id) {
|
||||
requireManage();
|
||||
StoreFactory storeFactory = authorization.getStoreFactory();
|
||||
Resource resource = storeFactory.getResourceStore().findById(resourceServer.getRealm(), resourceServer, id);
|
||||
Resource resource = storeFactory.getResourceStore().findById(resourceServer, id);
|
||||
|
||||
if (resource == null) {
|
||||
return Response.status(Status.NOT_FOUND).build();
|
||||
|
@ -191,7 +191,7 @@ public class ResourceSetService {
|
|||
//to be able to access all lazy loaded fields it's needed to create representation before it's deleted
|
||||
ResourceRepresentation resourceRep = toRepresentation(resource, resourceServer, authorization);
|
||||
|
||||
storeFactory.getResourceStore().delete(resourceServer.getRealm(), id);
|
||||
storeFactory.getResourceStore().delete(id);
|
||||
|
||||
audit(resourceRep, OperationType.DELETE);
|
||||
|
||||
|
@ -216,7 +216,7 @@ public class ResourceSetService {
|
|||
public Response findById(String id, Function<Resource, ? extends ResourceRepresentation> toRepresentation) {
|
||||
requireView();
|
||||
StoreFactory storeFactory = authorization.getStoreFactory();
|
||||
Resource model = storeFactory.getResourceStore().findById(resourceServer.getRealm(), resourceServer, id);
|
||||
Resource model = storeFactory.getResourceStore().findById(resourceServer, id);
|
||||
|
||||
if (model == null) {
|
||||
return Response.status(Status.NOT_FOUND).build();
|
||||
|
@ -239,7 +239,7 @@ public class ResourceSetService {
|
|||
public Response getScopes(@PathParam("resource-id") String id) {
|
||||
requireView();
|
||||
StoreFactory storeFactory = authorization.getStoreFactory();
|
||||
Resource model = storeFactory.getResourceStore().findById(resourceServer.getRealm(), resourceServer, id);
|
||||
Resource model = storeFactory.getResourceStore().findById(resourceServer, id);
|
||||
|
||||
if (model == null) {
|
||||
return Response.status(Status.NOT_FOUND).build();
|
||||
|
@ -290,7 +290,7 @@ public class ResourceSetService {
|
|||
requireView();
|
||||
StoreFactory storeFactory = authorization.getStoreFactory();
|
||||
ResourceStore resourceStore = storeFactory.getResourceStore();
|
||||
Resource model = resourceStore.findById(resourceServer.getRealm(), resourceServer, id);
|
||||
Resource model = resourceStore.findById(resourceServer, id);
|
||||
|
||||
if (model == null) {
|
||||
return Response.status(Status.NOT_FOUND).build();
|
||||
|
@ -311,7 +311,7 @@ public class ResourceSetService {
|
|||
resourceFilter.put(Resource.FilterOption.OWNER, new String[]{resourceServer.getClientId()});
|
||||
resourceFilter.put(Resource.FilterOption.TYPE, new String[]{model.getType()});
|
||||
|
||||
for (Resource resourceType : resourceStore.find(resourceServer.getRealm(), resourceServer, resourceFilter, null, null)) {
|
||||
for (Resource resourceType : resourceStore.find(resourceServer, resourceFilter, null, null)) {
|
||||
policies.addAll(policyStore.findByResource(resourceServer, resourceType));
|
||||
}
|
||||
}
|
||||
|
@ -347,7 +347,7 @@ public class ResourceSetService {
|
|||
public Response getAttributes(@PathParam("resource-id") String id) {
|
||||
requireView();
|
||||
StoreFactory storeFactory = authorization.getStoreFactory();
|
||||
Resource model = storeFactory.getResourceStore().findById(resourceServer.getRealm(), resourceServer, id);
|
||||
Resource model = storeFactory.getResourceStore().findById(resourceServer, id);
|
||||
|
||||
if (model == null) {
|
||||
return Response.status(Status.NOT_FOUND).build();
|
||||
|
@ -475,7 +475,7 @@ public class ResourceSetService {
|
|||
search.put(Resource.FilterOption.SCOPE_ID, scopes.stream().map(Scope::getId).toArray(String[]::new));
|
||||
}
|
||||
|
||||
List<Resource> resources = storeFactory.getResourceStore().find(resourceServer.getRealm(), this.resourceServer, search, firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS);
|
||||
List<Resource> resources = storeFactory.getResourceStore().find(this.resourceServer, search, firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS);
|
||||
|
||||
if (matchingUri != null && matchingUri && resources.isEmpty()) {
|
||||
Map<Resource.FilterOption, String[]> attributes = new EnumMap<>(Resource.FilterOption.class);
|
||||
|
@ -483,7 +483,7 @@ public class ResourceSetService {
|
|||
attributes.put(Resource.FilterOption.URI_NOT_NULL, new String[] {"true"});
|
||||
attributes.put(Resource.FilterOption.OWNER, new String[] {resourceServer.getClientId()});
|
||||
|
||||
List<Resource> serverResources = storeFactory.getResourceStore().find(resourceServer.getRealm(), this.resourceServer, attributes, firstResult != null ? firstResult : -1, maxResult != null ? maxResult : -1);
|
||||
List<Resource> serverResources = storeFactory.getResourceStore().find(this.resourceServer, attributes, firstResult != null ? firstResult : -1, maxResult != null ? maxResult : -1);
|
||||
|
||||
PathMatcher<Map.Entry<String, Resource>> pathMatcher = new PathMatcher<Map.Entry<String, Resource>>() {
|
||||
@Override
|
||||
|
|
|
@ -109,7 +109,7 @@ public class ScopeService {
|
|||
this.auth.realm().requireManageAuthorization();
|
||||
scope.setId(id);
|
||||
StoreFactory storeFactory = authorization.getStoreFactory();
|
||||
Scope model = storeFactory.getScopeStore().findById(resourceServer.getRealm(), resourceServer, scope.getId());
|
||||
Scope model = storeFactory.getScopeStore().findById(resourceServer, scope.getId());
|
||||
|
||||
if (model == null) {
|
||||
return Response.status(Status.NOT_FOUND).build();
|
||||
|
@ -127,8 +127,7 @@ public class ScopeService {
|
|||
public Response delete(@PathParam("scope-id") String id) {
|
||||
this.auth.realm().requireManageAuthorization();
|
||||
StoreFactory storeFactory = authorization.getStoreFactory();
|
||||
RealmModel realm = resourceServer.getRealm();
|
||||
Scope scope = storeFactory.getScopeStore().findById(realm, resourceServer, id);
|
||||
Scope scope = storeFactory.getScopeStore().findById(resourceServer, id);
|
||||
if (scope == null) {
|
||||
return Response.status(Status.NOT_FOUND).build();
|
||||
}
|
||||
|
@ -144,7 +143,7 @@ public class ScopeService {
|
|||
|
||||
for (Policy policyModel : policies) {
|
||||
if (policyModel.getScopes().size() == 1) {
|
||||
policyStore.delete(realm, policyModel.getId());
|
||||
policyStore.delete(policyModel.getId());
|
||||
} else {
|
||||
policyModel.removeScope(scope);
|
||||
}
|
||||
|
@ -153,7 +152,7 @@ public class ScopeService {
|
|||
//to be able to access all lazy loaded fields it's needed to create representation before it's deleted
|
||||
ScopeRepresentation scopeRep = toRepresentation(scope);
|
||||
|
||||
storeFactory.getScopeStore().delete(realm, id);
|
||||
storeFactory.getScopeStore().delete(id);
|
||||
|
||||
audit(scopeRep, OperationType.DELETE);
|
||||
|
||||
|
@ -173,7 +172,7 @@ public class ScopeService {
|
|||
})
|
||||
public Response findById(@PathParam("scope-id") String id) {
|
||||
this.auth.realm().requireViewAuthorization();
|
||||
Scope model = this.authorization.getStoreFactory().getScopeStore().findById(resourceServer.getRealm(), resourceServer, id);
|
||||
Scope model = this.authorization.getStoreFactory().getScopeStore().findById(resourceServer, id);
|
||||
|
||||
if (model == null) {
|
||||
return Response.status(Status.NOT_FOUND).build();
|
||||
|
@ -196,7 +195,7 @@ public class ScopeService {
|
|||
public Response getResources(@PathParam("scope-id") String id) {
|
||||
this.auth.realm().requireViewAuthorization();
|
||||
StoreFactory storeFactory = this.authorization.getStoreFactory();
|
||||
Scope model = storeFactory.getScopeStore().findById(resourceServer.getRealm(), resourceServer, id);
|
||||
Scope model = storeFactory.getScopeStore().findById(resourceServer, id);
|
||||
|
||||
if (model == null) {
|
||||
return Response.status(Status.NOT_FOUND).build();
|
||||
|
@ -226,7 +225,7 @@ public class ScopeService {
|
|||
public Response getPermissions(@PathParam("scope-id") String id) {
|
||||
this.auth.realm().requireViewAuthorization();
|
||||
StoreFactory storeFactory = this.authorization.getStoreFactory();
|
||||
Scope model = storeFactory.getScopeStore().findById(resourceServer.getRealm(), resourceServer, id);
|
||||
Scope model = storeFactory.getScopeStore().findById(resourceServer, id);
|
||||
|
||||
if (model == null) {
|
||||
return Response.status(Status.NOT_FOUND).build();
|
||||
|
|
|
@ -195,7 +195,7 @@ public class PolicyEvaluationResponseBuilder {
|
|||
|
||||
filters.put(PermissionTicket.FilterOption.POLICY_ID, policy.getId());
|
||||
|
||||
List<PermissionTicket> tickets = authorization.getStoreFactory().getPermissionTicketStore().find(resourceServer.getRealm(), resourceServer, filters, -1, 1);
|
||||
List<PermissionTicket> tickets = authorization.getStoreFactory().getPermissionTicketStore().find(resourceServer, filters, -1, 1);
|
||||
|
||||
if (!tickets.isEmpty()) {
|
||||
KeycloakSession keycloakSession = authorization.getKeycloakSession();
|
||||
|
|
|
@ -508,7 +508,6 @@ public class AuthorizationTokenService {
|
|||
Map<String, ResourcePermission> permissionsToEvaluate, ResourceStore resourceStore, ScopeStore scopeStore,
|
||||
AtomicInteger limit) {
|
||||
AccessToken rpt = request.getRpt();
|
||||
RealmModel realm = resourceServer.getRealm();
|
||||
|
||||
if (rpt != null && rpt.isActive()) {
|
||||
Authorization authorizationData = rpt.getAuthorization();
|
||||
|
@ -522,7 +521,7 @@ public class AuthorizationTokenService {
|
|||
break;
|
||||
}
|
||||
|
||||
Resource resource = resourceStore.findById(realm, resourceServer, grantedPermission.getResourceId());
|
||||
Resource resource = resourceStore.findById(resourceServer, grantedPermission.getResourceId());
|
||||
|
||||
if (resource != null) {
|
||||
ResourcePermission permission = permissionsToEvaluate.get(resource.getId());
|
||||
|
@ -606,7 +605,7 @@ public class AuthorizationTokenService {
|
|||
Resource resource;
|
||||
|
||||
if (resourceId.indexOf('-') != -1) {
|
||||
resource = resourceStore.findById(resourceServer.getRealm(), resourceServer, resourceId);
|
||||
resource = resourceStore.findById(resourceServer, resourceId);
|
||||
} else {
|
||||
resource = null;
|
||||
}
|
||||
|
@ -890,7 +889,7 @@ public class AuthorizationTokenService {
|
|||
search.put(Resource.FilterOption.URI, new String[] { uri });
|
||||
ResourceServer resourceServer = storeFactory.getResourceServerStore()
|
||||
.findByClient(getRealm().getClientByClientId(getAudience()));
|
||||
List<Resource> resources = storeFactory.getResourceStore().find(getRealm(), resourceServer, search, -1,
|
||||
List<Resource> resources = storeFactory.getResourceStore().find(resourceServer, search, -1,
|
||||
Constants.DEFAULT_MAX_RESULTS);
|
||||
|
||||
if (!matchingUri || !resources.isEmpty()) {
|
||||
|
@ -901,7 +900,7 @@ public class AuthorizationTokenService {
|
|||
search.put(Resource.FilterOption.URI_NOT_NULL, new String[] { "true" });
|
||||
search.put(Resource.FilterOption.OWNER, new String[] { resourceServer.getClientId() });
|
||||
|
||||
List<Resource> serverResources = storeFactory.getResourceStore().find(getRealm(), resourceServer, search, -1, -1);
|
||||
List<Resource> serverResources = storeFactory.getResourceStore().find(resourceServer, search, -1, -1);
|
||||
|
||||
PathMatcher<Map.Entry<String, Resource>> pathMatcher = new PathMatcher<Map.Entry<String, Resource>>() {
|
||||
@Override
|
||||
|
|
|
@ -74,7 +74,7 @@ public class AbstractPermissionService {
|
|||
throw new ErrorResponseException("invalid_resource_id", "Resource id or name not provided.", Response.Status.BAD_REQUEST);
|
||||
}
|
||||
} else {
|
||||
Resource resource = resourceStore.findById(resourceServer.getRealm(), resourceServer, resourceSetId);
|
||||
Resource resource = resourceStore.findById(resourceServer, resourceSetId);
|
||||
|
||||
if (resource != null) {
|
||||
resources.add(resource);
|
||||
|
|
|
@ -82,7 +82,7 @@ public class PermissionTicketService {
|
|||
throw new ErrorResponseException("invalid_permission", "created permissions should have requester or requesterName", Response.Status.BAD_REQUEST);
|
||||
|
||||
ResourceStore rstore = this.authorization.getStoreFactory().getResourceStore();
|
||||
Resource resource = rstore.findById(resourceServer.getRealm(), resourceServer, representation.getResource());
|
||||
Resource resource = rstore.findById(resourceServer, representation.getResource());
|
||||
if (resource == null ) throw new ErrorResponseException("invalid_resource_id", "Resource set with id [" + representation.getResource() + "] does not exists in this server.", Response.Status.BAD_REQUEST);
|
||||
|
||||
if (!resource.getOwner().equals(this.identity.getId()))
|
||||
|
@ -105,7 +105,7 @@ public class PermissionTicketService {
|
|||
if(representation.getScopeName() != null)
|
||||
scope = sstore.findByName(resourceServer, representation.getScopeName());
|
||||
else
|
||||
scope = sstore.findById(resourceServer.getRealm(), resourceServer, representation.getScope());
|
||||
scope = sstore.findById(resourceServer, representation.getScope());
|
||||
|
||||
if (scope == null && representation.getScope() !=null )
|
||||
throw new ErrorResponseException("invalid_scope", "Scope [" + representation.getScope() + "] is invalid", Response.Status.BAD_REQUEST);
|
||||
|
@ -122,7 +122,7 @@ public class PermissionTicketService {
|
|||
attributes.put(PermissionTicket.FilterOption.SCOPE_ID, scope.getId());
|
||||
attributes.put(PermissionTicket.FilterOption.REQUESTER, user.getId());
|
||||
|
||||
if (!ticketStore.find(resourceServer.getRealm(), resourceServer, attributes, null, null).isEmpty())
|
||||
if (!ticketStore.find(resourceServer, attributes, null, null).isEmpty())
|
||||
throw new ErrorResponseException("invalid_permission", "Permission already exists", Response.Status.BAD_REQUEST);
|
||||
|
||||
PermissionTicket ticket = ticketStore.create(resourceServer, resource, scope, user.getId());
|
||||
|
@ -140,7 +140,7 @@ public class PermissionTicketService {
|
|||
}
|
||||
|
||||
PermissionTicketStore ticketStore = authorization.getStoreFactory().getPermissionTicketStore();
|
||||
PermissionTicket ticket = ticketStore.findById(resourceServer.getRealm(), resourceServer, representation.getId());
|
||||
PermissionTicket ticket = ticketStore.findById(resourceServer, representation.getId());
|
||||
|
||||
if (ticket == null) {
|
||||
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "invalid_ticket", Response.Status.BAD_REQUEST);
|
||||
|
@ -164,7 +164,7 @@ public class PermissionTicketService {
|
|||
}
|
||||
|
||||
PermissionTicketStore ticketStore = authorization.getStoreFactory().getPermissionTicketStore();
|
||||
PermissionTicket ticket = ticketStore.findById(resourceServer.getRealm(), resourceServer, id);
|
||||
PermissionTicket ticket = ticketStore.findById(resourceServer, id);
|
||||
|
||||
if (ticket == null) {
|
||||
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "invalid_ticket", Response.Status.BAD_REQUEST);
|
||||
|
@ -173,7 +173,7 @@ public class PermissionTicketService {
|
|||
if (!ticket.getOwner().equals(this.identity.getId()) && !this.identity.isResourceServer() && !ticket.getRequester().equals(this.identity.getId()))
|
||||
throw new ErrorResponseException("not_authorised", "permissions for [" + ticket.getResource() + "] can be deleted only by the owner, the requester, or the resource server", Response.Status.FORBIDDEN);
|
||||
|
||||
ticketStore.delete(resourceServer.getRealm(), id);
|
||||
ticketStore.delete(id);
|
||||
|
||||
return Response.noContent().build();
|
||||
}
|
||||
|
@ -193,7 +193,7 @@ public class PermissionTicketService {
|
|||
|
||||
Map<PermissionTicket.FilterOption, String> filters = getFilters(storeFactory, resourceId, scopeId, owner, requester, granted);
|
||||
|
||||
return Response.ok().entity(permissionTicketStore.find(resourceServer.getRealm(), resourceServer, filters, firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS)
|
||||
return Response.ok().entity(permissionTicketStore.find(resourceServer, filters, firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS)
|
||||
.stream()
|
||||
.map(permissionTicket -> ModelToRepresentation.toRepresentation(permissionTicket, authorization, returnNames == null ? false : returnNames))
|
||||
.collect(Collectors.toList()))
|
||||
|
@ -231,7 +231,7 @@ public class PermissionTicketService {
|
|||
|
||||
if (scopeId != null) {
|
||||
ScopeStore scopeStore = storeFactory.getScopeStore();
|
||||
Scope scope = scopeStore.findById(resourceServer.getRealm(), resourceServer, scopeId);
|
||||
Scope scope = scopeStore.findById(resourceServer, scopeId);
|
||||
|
||||
if (scope == null) {
|
||||
scope = scopeStore.findByName(resourceServer, scopeId);
|
||||
|
|
|
@ -128,7 +128,7 @@ public class UserManagedPermissionService {
|
|||
}
|
||||
|
||||
private Policy getPolicy(@PathParam("policyId") String policyId) {
|
||||
Policy existing = authorization.getStoreFactory().getPolicyStore().findById(resourceServer.getRealm(), resourceServer, policyId);
|
||||
Policy existing = authorization.getStoreFactory().getPolicyStore().findById(resourceServer, policyId);
|
||||
|
||||
if (existing == null) {
|
||||
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Policy with [" + policyId + "] does not exist", Status.NOT_FOUND);
|
||||
|
@ -139,7 +139,7 @@ public class UserManagedPermissionService {
|
|||
|
||||
private void checkRequest(String resourceId, UmaPermissionRepresentation representation) {
|
||||
ResourceStore resourceStore = this.authorization.getStoreFactory().getResourceStore();
|
||||
Resource resource = resourceStore.findById(resourceServer.getRealm(), resourceServer, resourceId);
|
||||
Resource resource = resourceStore.findById(resourceServer, resourceId);
|
||||
|
||||
if (resource == null) {
|
||||
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Resource [" + resourceId + "] cannot be found", Response.Status.BAD_REQUEST);
|
||||
|
|
|
@ -88,7 +88,7 @@ public class ResourceService extends AbstractResourceService {
|
|||
filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString());
|
||||
filters.put(PermissionTicket.FilterOption.RESOURCE_ID, resource.getId());
|
||||
|
||||
Collection<ResourcePermission> resources = toPermissions(ticketStore.find(resourceServer.getRealm(), resourceServer, filters, null, null));
|
||||
Collection<ResourcePermission> resources = toPermissions(ticketStore.find(resourceServer, filters, null, null));
|
||||
Collection<Permission> permissions = Collections.EMPTY_LIST;
|
||||
|
||||
if (!resources.isEmpty()) {
|
||||
|
@ -128,7 +128,6 @@ public class ResourceService extends AbstractResourceService {
|
|||
}
|
||||
|
||||
Map<PermissionTicket.FilterOption, String> filters = new EnumMap<>(PermissionTicket.FilterOption.class);
|
||||
RealmModel realm = resourceServer.getRealm();
|
||||
|
||||
filters.put(PermissionTicket.FilterOption.RESOURCE_ID, resource.getId());
|
||||
|
||||
|
@ -138,7 +137,7 @@ public class ResourceService extends AbstractResourceService {
|
|||
|
||||
filters.put(PermissionTicket.FilterOption.REQUESTER, user.getId());
|
||||
|
||||
List<PermissionTicket> tickets = ticketStore.find(realm, resourceServer, filters, null, null);
|
||||
List<PermissionTicket> tickets = ticketStore.find(resourceServer, filters, null, null);
|
||||
|
||||
// grants all requested permissions
|
||||
if (tickets.isEmpty()) {
|
||||
|
@ -174,7 +173,7 @@ public class ResourceService extends AbstractResourceService {
|
|||
|
||||
// remove all tickets that are not within the requested permissions
|
||||
for (PermissionTicket ticket : tickets) {
|
||||
ticketStore.delete(realm, ticket.getId());
|
||||
ticketStore.delete(ticket.getId());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -199,7 +198,7 @@ public class ResourceService extends AbstractResourceService {
|
|||
|
||||
Map<String, Permission> requests = new HashMap<>();
|
||||
|
||||
for (PermissionTicket ticket : ticketStore.find(resourceServer.getRealm(), resourceServer, filters, null, null)) {
|
||||
for (PermissionTicket ticket : ticketStore.find(resourceServer, filters, null, null)) {
|
||||
requests.computeIfAbsent(ticket.getRequester(), requester -> new Permission(ticket, provider)).addScope(ticket.getScope().getName());
|
||||
}
|
||||
|
||||
|
@ -216,7 +215,7 @@ public class ResourceService extends AbstractResourceService {
|
|||
org.keycloak.authorization.model.Scope scope = scopeStore.findByName(resourceServer, scopeId);
|
||||
|
||||
if (scope == null) {
|
||||
scope = scopeStore.findById(resourceServer.getRealm(), resourceServer, scopeId);
|
||||
scope = scopeStore.findById(resourceServer, scopeId);
|
||||
}
|
||||
|
||||
return scope;
|
||||
|
|
|
@ -73,7 +73,7 @@ public class ResourcesService extends AbstractResourceService {
|
|||
filters.put(org.keycloak.authorization.model.Resource.FilterOption.NAME, new String[] { name });
|
||||
}
|
||||
|
||||
return queryResponse((f, m) -> resourceStore.find(auth.getRealm(), null, filters, f, m).stream()
|
||||
return queryResponse((f, m) -> resourceStore.find(null, filters, f, m).stream()
|
||||
.map(resource -> new Resource(resource, user, provider)), first, max);
|
||||
}
|
||||
|
||||
|
@ -90,7 +90,7 @@ public class ResourcesService extends AbstractResourceService {
|
|||
public Response getSharedWithMe(@QueryParam("name") String name,
|
||||
@QueryParam("first") Integer first,
|
||||
@QueryParam("max") Integer max) {
|
||||
return queryResponse((f, m) -> toPermissions(ticketStore.findGrantedResources(auth.getRealm(), auth.getUser().getId(), name, f, m), false)
|
||||
return queryResponse((f, m) -> toPermissions(ticketStore.findGrantedResources(auth.getUser().getId(), name, f, m), false)
|
||||
.stream(), first, max);
|
||||
}
|
||||
|
||||
|
@ -108,7 +108,7 @@ public class ResourcesService extends AbstractResourceService {
|
|||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response getSharedWithOthers(@QueryParam("first") Integer first, @QueryParam("max") Integer max) {
|
||||
return queryResponse(
|
||||
(f, m) -> toPermissions(ticketStore.findGrantedOwnerResources(auth.getRealm(), auth.getUser().getId(), f, m), true)
|
||||
(f, m) -> toPermissions(ticketStore.findGrantedOwnerResources(auth.getUser().getId(), f, m), true)
|
||||
.stream(), first, max);
|
||||
}
|
||||
|
||||
|
@ -123,7 +123,7 @@ public class ResourcesService extends AbstractResourceService {
|
|||
filters.put(PermissionTicket.FilterOption.REQUESTER, user.getId());
|
||||
filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.FALSE.toString());
|
||||
|
||||
final List<PermissionTicket> permissionTickets = ticketStore.find(auth.getRealm(), null, filters, null, null);
|
||||
final List<PermissionTicket> permissionTickets = ticketStore.find(null, filters, null, null);
|
||||
|
||||
final List<ResourcePermission> resourceList = new ArrayList<>(permissionTickets.size());
|
||||
for (PermissionTicket ticket : permissionTickets) {
|
||||
|
@ -138,7 +138,7 @@ public class ResourcesService extends AbstractResourceService {
|
|||
|
||||
@Path("{id}")
|
||||
public Object getResource(@PathParam("id") String id) {
|
||||
org.keycloak.authorization.model.Resource resource = resourceStore.findById(auth.getRealm(), null, id);
|
||||
org.keycloak.authorization.model.Resource resource = resourceStore.findById(null, id);
|
||||
|
||||
if (resource == null) {
|
||||
throw new NotFoundException("resource_not_found");
|
||||
|
@ -167,7 +167,7 @@ public class ResourcesService extends AbstractResourceService {
|
|||
filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString());
|
||||
filters.put(PermissionTicket.FilterOption.RESOURCE_ID, resource.getId());
|
||||
|
||||
tickets = ticketStore.find(auth.getRealm(), resource.getResourceServer(), filters, null, null);
|
||||
tickets = ticketStore.find(resource.getResourceServer(), filters, null, null);
|
||||
} else {
|
||||
tickets = ticketStore.findGranted(resource.getResourceServer(), resource.getName(), user.getId());
|
||||
}
|
||||
|
|
|
@ -178,7 +178,7 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionM
|
|||
private void deletePolicy(String name, ResourceServer server) {
|
||||
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(server, name);
|
||||
if (policy != null) {
|
||||
authz.getStoreFactory().getPolicyStore().delete(server.getRealm(), policy.getId());
|
||||
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -194,7 +194,7 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionM
|
|||
deletePolicy(getConfigurePermissionName(client), server);
|
||||
deletePolicy(getExchangeToPermissionName(client), server);
|
||||
Resource resource = authz.getStoreFactory().getResourceStore().findByName(server, getResourceName(client));;
|
||||
if (resource != null) authz.getStoreFactory().getResourceStore().delete(server.getRealm(), resource.getId());
|
||||
if (resource != null) authz.getStoreFactory().getResourceStore().delete(resource.getId());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -25,10 +25,8 @@ import org.keycloak.authorization.permission.ResourcePermission;
|
|||
import org.keycloak.authorization.policy.evaluation.EvaluationContext;
|
||||
import org.keycloak.authorization.store.PolicyStore;
|
||||
import org.keycloak.authorization.store.ResourceStore;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.models.AdminRoles;
|
||||
import org.keycloak.models.GroupModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.representations.idm.authorization.Permission;
|
||||
import org.keycloak.services.ForbiddenException;
|
||||
|
||||
|
@ -462,29 +460,27 @@ class GroupPermissions implements GroupPermissionEvaluator, GroupPermissionManag
|
|||
ResourceServer server = root.realmResourceServer();
|
||||
if (server == null) return;
|
||||
|
||||
RealmModel realm = server.getRealm();
|
||||
|
||||
Policy managePermission = managePermission(group);
|
||||
if (managePermission != null) {
|
||||
policyStore.delete(realm, managePermission.getId());
|
||||
policyStore.delete(managePermission.getId());
|
||||
}
|
||||
Policy viewPermission = viewPermission(group);
|
||||
if (viewPermission != null) {
|
||||
policyStore.delete(realm, viewPermission.getId());
|
||||
policyStore.delete(viewPermission.getId());
|
||||
}
|
||||
Policy manageMembersPermission = manageMembersPermission(group);
|
||||
if (manageMembersPermission != null) {
|
||||
policyStore.delete(realm, manageMembersPermission.getId());
|
||||
policyStore.delete(manageMembersPermission.getId());
|
||||
}
|
||||
Policy viewMembersPermission = viewMembersPermission(group);
|
||||
if (viewMembersPermission != null) {
|
||||
policyStore.delete(realm, viewMembersPermission.getId());
|
||||
policyStore.delete(viewMembersPermission.getId());
|
||||
}
|
||||
Policy manageMembershipPermission = manageMembershipPermission(group);
|
||||
if (manageMembershipPermission != null) {
|
||||
policyStore.delete(realm, manageMembershipPermission.getId());
|
||||
policyStore.delete(manageMembershipPermission.getId());
|
||||
}
|
||||
Resource resource = groupResource(group);
|
||||
if (resource != null) resourceStore.delete(realm, resource.getId());
|
||||
if (resource != null) resourceStore.delete(resource.getId());
|
||||
}
|
||||
}
|
||||
|
|
|
@ -92,7 +92,7 @@ class IdentityProviderPermissions implements IdentityProviderPermissionManageme
|
|||
private void deletePolicy(String name, ResourceServer server) {
|
||||
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(server, name);
|
||||
if (policy != null) {
|
||||
authz.getStoreFactory().getPolicyStore().delete(server.getRealm(), policy.getId());
|
||||
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -102,7 +102,7 @@ class IdentityProviderPermissions implements IdentityProviderPermissionManageme
|
|||
if (server == null) return;
|
||||
deletePolicy(getExchangeToPermissionName(idp), server);
|
||||
Resource resource = authz.getStoreFactory().getResourceStore().findByName(server, getResourceName(idp));;
|
||||
if (resource != null) authz.getStoreFactory().getResourceStore().delete(server.getRealm(), resource.getId());
|
||||
if (resource != null) authz.getStoreFactory().getResourceStore().delete(resource.getId());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -86,17 +86,15 @@ class RolePermissions implements RolePermissionEvaluator, RolePermissionManageme
|
|||
ResourceServer server = resourceServer(role);
|
||||
if (server == null) return;
|
||||
|
||||
RealmModel realm = server.getRealm();
|
||||
|
||||
Policy policy = mapRolePermission(role);
|
||||
if (policy != null) authz.getStoreFactory().getPolicyStore().delete(realm, policy.getId());
|
||||
if (policy != null) authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
||||
policy = mapClientScopePermission(role);
|
||||
if (policy != null) authz.getStoreFactory().getPolicyStore().delete(realm, policy.getId());
|
||||
if (policy != null) authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
||||
policy = mapCompositePermission(role);
|
||||
if (policy != null) authz.getStoreFactory().getPolicyStore().delete(realm, policy.getId());
|
||||
if (policy != null) authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
||||
|
||||
Resource resource = authz.getStoreFactory().getResourceStore().findByName(server, getRoleResourceName(role));
|
||||
if (resource != null) authz.getStoreFactory().getResourceStore().delete(realm, resource.getId());
|
||||
if (resource != null) authz.getStoreFactory().getResourceStore().delete(resource.getId());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -29,13 +29,11 @@ import org.keycloak.authorization.permission.ResourcePermission;
|
|||
import org.keycloak.authorization.policy.evaluation.EvaluationContext;
|
||||
import org.keycloak.authorization.store.PolicyStore;
|
||||
import org.keycloak.authorization.store.ResourceStore;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.models.AdminRoles;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.GroupModel;
|
||||
import org.keycloak.models.ImpersonationConstants;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.representations.idm.authorization.Permission;
|
||||
import org.keycloak.services.ForbiddenException;
|
||||
|
@ -529,41 +527,39 @@ class UserPermissions implements UserPermissionEvaluator, UserPermissionManageme
|
|||
ResourceServer server = root.realmResourceServer();
|
||||
if (server == null) return;
|
||||
|
||||
RealmModel realm = server.getRealm();
|
||||
|
||||
Policy policy = managePermission();
|
||||
if (policy != null) {
|
||||
policyStore.delete(realm, policy.getId());
|
||||
policyStore.delete(policy.getId());
|
||||
|
||||
}
|
||||
policy = viewPermission();
|
||||
if (policy != null) {
|
||||
policyStore.delete(realm, policy.getId());
|
||||
policyStore.delete(policy.getId());
|
||||
|
||||
}
|
||||
policy = mapRolesPermission();
|
||||
if (policy != null) {
|
||||
policyStore.delete(realm, policy.getId());
|
||||
policyStore.delete(policy.getId());
|
||||
|
||||
}
|
||||
policy = manageGroupMembershipPermission();
|
||||
if (policy != null) {
|
||||
policyStore.delete(realm, policy.getId());
|
||||
policyStore.delete(policy.getId());
|
||||
|
||||
}
|
||||
policy = adminImpersonatingPermission();
|
||||
if (policy != null) {
|
||||
policyStore.delete(realm, policy.getId());
|
||||
policyStore.delete(policy.getId());
|
||||
|
||||
}
|
||||
policy = userImpersonatedPermission();
|
||||
if (policy != null) {
|
||||
policyStore.delete(realm, policy.getId());
|
||||
policyStore.delete(policy.getId());
|
||||
|
||||
}
|
||||
Resource usersResource = resourceStore.findByName(server, USERS_RESOURCE);
|
||||
if (usersResource != null) {
|
||||
resourceStore.delete(realm, usersResource.getId());
|
||||
resourceStore.delete(usersResource.getId());
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -537,11 +537,11 @@ public class UserManagedPermissionServiceTest extends AbstractResourceServerTest
|
|||
|
||||
PolicyStore policyStore = provider.getStoreFactory().getPolicyStore();
|
||||
List<Policy> policies = policyStore
|
||||
.find(realm, resourceServer, filters, null, null);
|
||||
.find(resourceServer, filters, null, null);
|
||||
assertTrue(policies.isEmpty());
|
||||
|
||||
policies = policyStore
|
||||
.find(realm, resourceServer, Collections.emptyMap(), null, null);
|
||||
.find(resourceServer, Collections.emptyMap(), null, null);
|
||||
assertTrue(policies.isEmpty());
|
||||
}
|
||||
|
||||
|
@ -964,7 +964,7 @@ public class UserManagedPermissionServiceTest extends AbstractResourceServerTest
|
|||
filters.put(OWNER, new String[] {user.getId()});
|
||||
|
||||
List<Policy> policies = provider.getStoreFactory().getPolicyStore()
|
||||
.find(realm, resourceServer, filters, null, null);
|
||||
.find(resourceServer, filters, null, null);
|
||||
assertEquals(1, policies.size());
|
||||
|
||||
Policy policy = policies.get(0);
|
||||
|
@ -973,13 +973,13 @@ public class UserManagedPermissionServiceTest extends AbstractResourceServerTest
|
|||
Resource resource = policy.getResources().iterator().next();
|
||||
assertEquals("Resource A", resource.getName());
|
||||
|
||||
provider.getStoreFactory().getResourceStore().delete(realm, resource.getId());
|
||||
provider.getStoreFactory().getResourceStore().delete(resource.getId());
|
||||
|
||||
filters = new HashMap<>();
|
||||
|
||||
filters.put(OWNER, new String[] {user.getId()});
|
||||
policies = provider.getStoreFactory().getPolicyStore()
|
||||
.find(realm, resourceServer, filters, null, null);
|
||||
.find(resourceServer, filters, null, null);
|
||||
assertTrue(policies.isEmpty());
|
||||
}
|
||||
|
||||
|
|
|
@ -95,7 +95,7 @@ public class ConcurrentAuthzTest extends KeycloakModelTest {
|
|||
String permissionId = withRealm(realmId, (session, realm) -> {
|
||||
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
|
||||
StoreFactory aStore = authorization.getStoreFactory();
|
||||
ResourceServer rs = aStore.getResourceServerStore().findById(realm, resourceServerId);
|
||||
ResourceServer rs = aStore.getResourceServerStore().findById(resourceServerId);
|
||||
|
||||
UserModel u = session.users().addUser(realm, "user" + index);
|
||||
|
||||
|
@ -113,20 +113,20 @@ public class ConcurrentAuthzTest extends KeycloakModelTest {
|
|||
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
|
||||
StoreFactory aStore = authorization.getStoreFactory();
|
||||
|
||||
aStore.getPolicyStore().delete(realm, permissionId);
|
||||
aStore.getPolicyStore().delete(permissionId);
|
||||
return null;
|
||||
});
|
||||
|
||||
withRealm(realmId, (session, realm) -> {
|
||||
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
|
||||
StoreFactory aStore = authorization.getStoreFactory();
|
||||
ResourceServer rs = aStore.getResourceServerStore().findById(realm, resourceServerId);
|
||||
ResourceServer rs = aStore.getResourceServerStore().findById(resourceServerId);
|
||||
|
||||
Map<Policy.FilterOption, String[]> searchMap = new HashMap<>();
|
||||
searchMap.put(Policy.FilterOption.TYPE, new String[]{"uma"});
|
||||
searchMap.put(Policy.FilterOption.OWNER, new String[]{adminId});
|
||||
searchMap.put(Policy.FilterOption.PERMISSION, new String[] {"true"});
|
||||
Set<String> s = aStore.getPolicyStore().find(realm, rs, searchMap, 0, 500).stream().map(Policy::getId).collect(Collectors.toSet());
|
||||
Set<String> s = aStore.getPolicyStore().find(rs, searchMap, 0, 500).stream().map(Policy::getId).collect(Collectors.toSet());
|
||||
assertThat(s, not(contains(permissionId)));
|
||||
return null;
|
||||
});
|
||||
|
@ -140,7 +140,7 @@ public class ConcurrentAuthzTest extends KeycloakModelTest {
|
|||
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
|
||||
StoreFactory aStore = authorization.getStoreFactory();
|
||||
UserModel u = session.users().getUserById(realm, adminId);
|
||||
ResourceServer rs = aStore.getResourceServerStore().findById(realm, resourceServerId);
|
||||
ResourceServer rs = aStore.getResourceServerStore().findById(resourceServerId);
|
||||
|
||||
|
||||
UmaPermissionRepresentation permission = new UmaPermissionRepresentation();
|
||||
|
@ -157,8 +157,8 @@ public class ConcurrentAuthzTest extends KeycloakModelTest {
|
|||
String createdPolicyId = withRealm(realmId, (session, realm) -> {
|
||||
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
|
||||
StoreFactory aStore = authorization.getStoreFactory();
|
||||
ResourceServer rs = aStore.getResourceServerStore().findById(realm, resourceServerId);
|
||||
Policy permission = aStore.getPolicyStore().findById(realm, rs, permissionId);
|
||||
ResourceServer rs = aStore.getResourceServerStore().findById(resourceServerId);
|
||||
Policy permission = aStore.getPolicyStore().findById(rs, permissionId);
|
||||
|
||||
UserPolicyRepresentation userRep = new UserPolicyRepresentation();
|
||||
userRep.setName("isAdminUser" + index);
|
||||
|
@ -171,8 +171,8 @@ public class ConcurrentAuthzTest extends KeycloakModelTest {
|
|||
withRealm(realmId, (session, realm) -> {
|
||||
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
|
||||
StoreFactory aStore = authorization.getStoreFactory();
|
||||
ResourceServer rs = aStore.getResourceServerStore().findById(realm, resourceServerId);
|
||||
Policy permission = aStore.getPolicyStore().findById(realm, rs, permissionId);
|
||||
ResourceServer rs = aStore.getResourceServerStore().findById(resourceServerId);
|
||||
Policy permission = aStore.getPolicyStore().findById(rs, permissionId);
|
||||
|
||||
assertThat(permission.getAssociatedPolicies(), not(contains(nullValue())));
|
||||
ModelToRepresentation.toRepresentation(permission, authorization);
|
||||
|
@ -183,7 +183,7 @@ public class ConcurrentAuthzTest extends KeycloakModelTest {
|
|||
withRealm(realmId, (session, realm) -> {
|
||||
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
|
||||
StoreFactory aStore = authorization.getStoreFactory();
|
||||
aStore.getPolicyStore().delete(realm, createdPolicyId);
|
||||
aStore.getPolicyStore().delete(createdPolicyId);
|
||||
return null;
|
||||
});
|
||||
});
|
||||
|
|
Loading…
Reference in a new issue