[KEYCLOAK-4983] - Authz settings export of role base policy generates json where are just role-names

This commit is contained in:
Pedro Igor 2017-06-02 20:09:33 -03:00
parent 1cddaeb707
commit 3760f2753b
7 changed files with 62 additions and 21 deletions

View file

@ -108,6 +108,30 @@ public class RolePolicyProviderFactory implements PolicyProviderFactory<RolePoli
} }
} }
@Override
public void onExport(Policy policy, PolicyRepresentation representation, AuthorizationProvider authorizationProvider) {
Map<String, String> config = new HashMap<>();
Set<RolePolicyRepresentation.RoleDefinition> roles = toRepresentation(policy, new RolePolicyRepresentation()).getRoles();
for (RolePolicyRepresentation.RoleDefinition roleDefinition : roles) {
RoleModel role = authorizationProvider.getRealm().getRoleById(roleDefinition.getId());
if (role.isClientRole()) {
roleDefinition.setId(ClientModel.class.cast(role.getContainer()).getClientId() + "/" + role.getName());
} else {
roleDefinition.setId(role.getName());
}
}
try {
config.put("roles", JsonSerialization.writeValueAsString(roles));
} catch (IOException cause) {
throw new RuntimeException("Failed to export role policy [" + policy.getName() + "]", cause);
}
representation.setConfig(config);
}
private void updateRoles(Policy policy, RolePolicyRepresentation representation, AuthorizationProvider authorization) { private void updateRoles(Policy policy, RolePolicyRepresentation representation, AuthorizationProvider authorization) {
updateRoles(policy, authorization, representation.getRoles()); updateRoles(policy, authorization, representation.getRoles());
} }

View file

@ -20,11 +20,13 @@ package org.keycloak.authorization.policy.provider.user;
import java.io.IOException; import java.io.IOException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import java.util.function.Function; import java.util.function.Function;
import java.util.stream.Collectors;
import org.keycloak.Config; import org.keycloak.Config;
import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.AuthorizationProvider;
@ -106,6 +108,23 @@ public class UserPolicyProviderFactory implements PolicyProviderFactory<UserPoli
} }
} }
@Override
public void onExport(Policy policy, PolicyRepresentation representation, AuthorizationProvider authorizationProvider) {
UserPolicyRepresentation userRep = toRepresentation(policy, new UserPolicyRepresentation());
Map<String, String> config = new HashMap<>();
try {
UserProvider userProvider = authorizationProvider.getKeycloakSession().users();
RealmModel realm = authorizationProvider.getRealm();
config.put("users", JsonSerialization.writeValueAsString(userRep.getUsers().stream().map(id -> userProvider.getUserById(id, realm).getUsername()).collect(Collectors.toList())));
} catch (IOException cause) {
throw new RuntimeException("Failed to export user policy [" + policy.getName() + "]", cause);
}
representation.setConfig(config);
}
private void updateUsers(Policy policy, UserPolicyRepresentation representation, AuthorizationProvider authorization) { private void updateUsers(Policy policy, UserPolicyRepresentation representation, AuthorizationProvider authorization) {
updateUsers(policy, authorization, representation.getUsers()); updateUsers(policy, authorization, representation.getUsers());
} }

View file

@ -60,7 +60,11 @@ public interface PolicyProviderFactory<R extends AbstractPolicyRepresentation> e
} }
default void onExport(Policy policy, PolicyRepresentation representation, AuthorizationProvider authorizationProvider) {
representation.setConfig(policy.getConfig());
}
default PolicyProviderAdminService getAdminResource(ResourceServer resourceServer, AuthorizationProvider authorization) { default PolicyProviderAdminService getAdminResource(ResourceServer resourceServer, AuthorizationProvider authorization) {
return null; return null;
} }
} }

View file

@ -817,7 +817,11 @@ public class ModelToRepresentation {
representation.setLogic(policy.getLogic()); representation.setLogic(policy.getLogic());
if (representation instanceof PolicyRepresentation) { if (representation instanceof PolicyRepresentation) {
PolicyRepresentation.class.cast(representation).setConfig(policy.getConfig()); if (providerFactory != null) {
providerFactory.onExport(policy, PolicyRepresentation.class.cast(representation), authorization);
} else {
PolicyRepresentation.class.cast(representation).setConfig(policy.getConfig());
}
} else { } else {
representation = (R) providerFactory.toRepresentation(policy, representation); representation = (R) providerFactory.toRepresentation(policy, representation);
} }

View file

@ -370,24 +370,6 @@ public class ExportUtils {
rep.setConfig(config); rep.setConfig(config);
String roles = config.get("roles");
if (roles != null && !roles.isEmpty()) {
List<Map> rolesMap = JsonSerialization.readValue(roles, List.class);
config.put("roles", JsonSerialization.writeValueAsString(rolesMap.stream().map(roleMap -> {
roleMap.put("id", realm.getRoleById(roleMap.get("id").toString()).getName());
return roleMap;
}).collect(Collectors.toList())));
}
String users = config.get("users");
if (users != null && !users.isEmpty()) {
UserProvider userManager = session.users();
List<String> userIds = JsonSerialization.readValue(users, List.class);
config.put("users", JsonSerialization.writeValueAsString(userIds.stream().map(userId -> userManager.getUserById(userId, realm).getUsername()).collect(Collectors.toList())));
}
Set<Scope> scopes = policy.getScopes(); Set<Scope> scopes = policy.getScopes();
if (!scopes.isEmpty()) { if (!scopes.isEmpty()) {

View file

@ -627,10 +627,11 @@ public class ExportImportUtil {
assertPredicate(scopes, scopePredicates); assertPredicate(scopes, scopePredicates);
List<PolicyRepresentation> policies = authzResource.policies().policies(); List<PolicyRepresentation> policies = authzResource.policies().policies();
Assert.assertEquals(11, policies.size()); Assert.assertEquals(12, policies.size());
List<Predicate<PolicyRepresentation>> policyPredicates = new ArrayList<>(); List<Predicate<PolicyRepresentation>> policyPredicates = new ArrayList<>();
policyPredicates.add(policyRepresentation -> "Any Admin Policy".equals(policyRepresentation.getName())); policyPredicates.add(policyRepresentation -> "Any Admin Policy".equals(policyRepresentation.getName()));
policyPredicates.add(policyRepresentation -> "Any User Policy".equals(policyRepresentation.getName())); policyPredicates.add(policyRepresentation -> "Any User Policy".equals(policyRepresentation.getName()));
policyPredicates.add(representation -> "Client and Realm Role Policy".equals(representation.getName()) && representation.getConfig().get("roles").contains("\"id\":\"realm-management/impersonation\""));
policyPredicates.add(policyRepresentation -> "Only Premium User Policy".equals(policyRepresentation.getName())); policyPredicates.add(policyRepresentation -> "Only Premium User Policy".equals(policyRepresentation.getName()));
policyPredicates.add(policyRepresentation -> "wburke policy".equals(policyRepresentation.getName())); policyPredicates.add(policyRepresentation -> "wburke policy".equals(policyRepresentation.getName()));
policyPredicates.add(policyRepresentation -> "All Users Policy".equals(policyRepresentation.getName())); policyPredicates.add(policyRepresentation -> "All Users Policy".equals(policyRepresentation.getName()));

View file

@ -282,6 +282,13 @@
"roles": "[{\"id\":\"user\"}]" "roles": "[{\"id\":\"user\"}]"
} }
}, },
{
"name": "Client and Realm Role Policy",
"type": "role",
"config": {
"roles": "[{\"id\":\"realm-management/impersonation\",\"required\":false},{\"id\":\"realm-management/manage-authorization\",\"required\":true},{\"id\":\"user\",\"required\":false}]"
}
},
{ {
"name": "Only Premium User Policy", "name": "Only Premium User Policy",
"description": "Defines that only premium users can do something", "description": "Defines that only premium users can do something",