[KEYCLOAK-4983] - Authz settings export of role base policy generates json where are just role-names
This commit is contained in:
parent
1cddaeb707
commit
3760f2753b
7 changed files with 62 additions and 21 deletions
|
@ -108,6 +108,30 @@ public class RolePolicyProviderFactory implements PolicyProviderFactory<RolePoli
|
|||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void onExport(Policy policy, PolicyRepresentation representation, AuthorizationProvider authorizationProvider) {
|
||||
Map<String, String> config = new HashMap<>();
|
||||
Set<RolePolicyRepresentation.RoleDefinition> roles = toRepresentation(policy, new RolePolicyRepresentation()).getRoles();
|
||||
|
||||
for (RolePolicyRepresentation.RoleDefinition roleDefinition : roles) {
|
||||
RoleModel role = authorizationProvider.getRealm().getRoleById(roleDefinition.getId());
|
||||
|
||||
if (role.isClientRole()) {
|
||||
roleDefinition.setId(ClientModel.class.cast(role.getContainer()).getClientId() + "/" + role.getName());
|
||||
} else {
|
||||
roleDefinition.setId(role.getName());
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
config.put("roles", JsonSerialization.writeValueAsString(roles));
|
||||
} catch (IOException cause) {
|
||||
throw new RuntimeException("Failed to export role policy [" + policy.getName() + "]", cause);
|
||||
}
|
||||
|
||||
representation.setConfig(config);
|
||||
}
|
||||
|
||||
private void updateRoles(Policy policy, RolePolicyRepresentation representation, AuthorizationProvider authorization) {
|
||||
updateRoles(policy, authorization, representation.getRoles());
|
||||
}
|
||||
|
|
|
@ -20,11 +20,13 @@ package org.keycloak.authorization.policy.provider.user;
|
|||
|
||||
import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.function.Function;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import org.keycloak.Config;
|
||||
import org.keycloak.authorization.AuthorizationProvider;
|
||||
|
@ -106,6 +108,23 @@ public class UserPolicyProviderFactory implements PolicyProviderFactory<UserPoli
|
|||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void onExport(Policy policy, PolicyRepresentation representation, AuthorizationProvider authorizationProvider) {
|
||||
UserPolicyRepresentation userRep = toRepresentation(policy, new UserPolicyRepresentation());
|
||||
Map<String, String> config = new HashMap<>();
|
||||
|
||||
try {
|
||||
UserProvider userProvider = authorizationProvider.getKeycloakSession().users();
|
||||
RealmModel realm = authorizationProvider.getRealm();
|
||||
|
||||
config.put("users", JsonSerialization.writeValueAsString(userRep.getUsers().stream().map(id -> userProvider.getUserById(id, realm).getUsername()).collect(Collectors.toList())));
|
||||
} catch (IOException cause) {
|
||||
throw new RuntimeException("Failed to export user policy [" + policy.getName() + "]", cause);
|
||||
}
|
||||
|
||||
representation.setConfig(config);
|
||||
}
|
||||
|
||||
private void updateUsers(Policy policy, UserPolicyRepresentation representation, AuthorizationProvider authorization) {
|
||||
updateUsers(policy, authorization, representation.getUsers());
|
||||
}
|
||||
|
|
|
@ -60,6 +60,10 @@ public interface PolicyProviderFactory<R extends AbstractPolicyRepresentation> e
|
|||
|
||||
}
|
||||
|
||||
default void onExport(Policy policy, PolicyRepresentation representation, AuthorizationProvider authorizationProvider) {
|
||||
representation.setConfig(policy.getConfig());
|
||||
}
|
||||
|
||||
default PolicyProviderAdminService getAdminResource(ResourceServer resourceServer, AuthorizationProvider authorization) {
|
||||
return null;
|
||||
}
|
||||
|
|
|
@ -817,7 +817,11 @@ public class ModelToRepresentation {
|
|||
representation.setLogic(policy.getLogic());
|
||||
|
||||
if (representation instanceof PolicyRepresentation) {
|
||||
if (providerFactory != null) {
|
||||
providerFactory.onExport(policy, PolicyRepresentation.class.cast(representation), authorization);
|
||||
} else {
|
||||
PolicyRepresentation.class.cast(representation).setConfig(policy.getConfig());
|
||||
}
|
||||
} else {
|
||||
representation = (R) providerFactory.toRepresentation(policy, representation);
|
||||
}
|
||||
|
|
|
@ -370,24 +370,6 @@ public class ExportUtils {
|
|||
|
||||
rep.setConfig(config);
|
||||
|
||||
String roles = config.get("roles");
|
||||
|
||||
if (roles != null && !roles.isEmpty()) {
|
||||
List<Map> rolesMap = JsonSerialization.readValue(roles, List.class);
|
||||
config.put("roles", JsonSerialization.writeValueAsString(rolesMap.stream().map(roleMap -> {
|
||||
roleMap.put("id", realm.getRoleById(roleMap.get("id").toString()).getName());
|
||||
return roleMap;
|
||||
}).collect(Collectors.toList())));
|
||||
}
|
||||
|
||||
String users = config.get("users");
|
||||
|
||||
if (users != null && !users.isEmpty()) {
|
||||
UserProvider userManager = session.users();
|
||||
List<String> userIds = JsonSerialization.readValue(users, List.class);
|
||||
config.put("users", JsonSerialization.writeValueAsString(userIds.stream().map(userId -> userManager.getUserById(userId, realm).getUsername()).collect(Collectors.toList())));
|
||||
}
|
||||
|
||||
Set<Scope> scopes = policy.getScopes();
|
||||
|
||||
if (!scopes.isEmpty()) {
|
||||
|
|
|
@ -627,10 +627,11 @@ public class ExportImportUtil {
|
|||
assertPredicate(scopes, scopePredicates);
|
||||
|
||||
List<PolicyRepresentation> policies = authzResource.policies().policies();
|
||||
Assert.assertEquals(11, policies.size());
|
||||
Assert.assertEquals(12, policies.size());
|
||||
List<Predicate<PolicyRepresentation>> policyPredicates = new ArrayList<>();
|
||||
policyPredicates.add(policyRepresentation -> "Any Admin Policy".equals(policyRepresentation.getName()));
|
||||
policyPredicates.add(policyRepresentation -> "Any User Policy".equals(policyRepresentation.getName()));
|
||||
policyPredicates.add(representation -> "Client and Realm Role Policy".equals(representation.getName()) && representation.getConfig().get("roles").contains("\"id\":\"realm-management/impersonation\""));
|
||||
policyPredicates.add(policyRepresentation -> "Only Premium User Policy".equals(policyRepresentation.getName()));
|
||||
policyPredicates.add(policyRepresentation -> "wburke policy".equals(policyRepresentation.getName()));
|
||||
policyPredicates.add(policyRepresentation -> "All Users Policy".equals(policyRepresentation.getName()));
|
||||
|
|
|
@ -282,6 +282,13 @@
|
|||
"roles": "[{\"id\":\"user\"}]"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "Client and Realm Role Policy",
|
||||
"type": "role",
|
||||
"config": {
|
||||
"roles": "[{\"id\":\"realm-management/impersonation\",\"required\":false},{\"id\":\"realm-management/manage-authorization\",\"required\":true},{\"id\":\"user\",\"required\":false}]"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "Only Premium User Policy",
|
||||
"description": "Defines that only premium users can do something",
|
||||
|
|
Loading…
Reference in a new issue