[KEYCLOAK-3135] - Using abstract policy representation when creating policies and updating tests
This commit is contained in:
parent
d60dcb4c62
commit
54ebc1918c
28 changed files with 385 additions and 358 deletions
|
@ -17,7 +17,7 @@ import org.keycloak.representations.idm.authorization.ResourcePermissionRepresen
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
|
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
|
||||||
*/
|
*/
|
||||||
public class ResourcePolicyProviderFactory implements PolicyProviderFactory {
|
public class ResourcePolicyProviderFactory implements PolicyProviderFactory<ResourcePermissionRepresentation> {
|
||||||
|
|
||||||
private ResourcePolicyProvider provider = new ResourcePolicyProvider();
|
private ResourcePolicyProvider provider = new ResourcePolicyProvider();
|
||||||
|
|
||||||
|
@ -36,6 +36,17 @@ public class ResourcePolicyProviderFactory implements PolicyProviderFactory {
|
||||||
return provider;
|
return provider;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Class<ResourcePermissionRepresentation> getRepresentationType() {
|
||||||
|
return ResourcePermissionRepresentation.class;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public ResourcePermissionRepresentation toRepresentation(Policy policy, ResourcePermissionRepresentation representation) {
|
||||||
|
representation.setResourceType(policy.getConfig().get("defaultResourceType"));
|
||||||
|
return representation;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public PolicyProviderAdminService getAdminResource(ResourceServer resourceServer, AuthorizationProvider authorization) {
|
public PolicyProviderAdminService getAdminResource(ResourceServer resourceServer, AuthorizationProvider authorization) {
|
||||||
return new PolicyProviderAdminService() {
|
return new PolicyProviderAdminService() {
|
||||||
|
@ -71,20 +82,6 @@ public class ResourcePolicyProviderFactory implements PolicyProviderFactory {
|
||||||
public void onRemove(Policy policy) {
|
public void onRemove(Policy policy) {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
|
||||||
public Class<? extends AbstractPolicyRepresentation> getRepresentationType() {
|
|
||||||
return ResourcePermissionRepresentation.class;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public ResourcePermissionRepresentation toRepresentation(Policy policy) {
|
|
||||||
ResourcePermissionRepresentation representation = new ResourcePermissionRepresentation();
|
|
||||||
|
|
||||||
representation.setResourceType(policy.getConfig().get("defaultResourceType"));
|
|
||||||
|
|
||||||
return representation;
|
|
||||||
}
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -3,9 +3,7 @@ package org.keycloak.authorization.policy.provider.scope;
|
||||||
import org.keycloak.Config;
|
import org.keycloak.Config;
|
||||||
import org.keycloak.authorization.AuthorizationProvider;
|
import org.keycloak.authorization.AuthorizationProvider;
|
||||||
import org.keycloak.authorization.model.Policy;
|
import org.keycloak.authorization.model.Policy;
|
||||||
import org.keycloak.authorization.model.ResourceServer;
|
|
||||||
import org.keycloak.authorization.policy.provider.PolicyProvider;
|
import org.keycloak.authorization.policy.provider.PolicyProvider;
|
||||||
import org.keycloak.authorization.policy.provider.PolicyProviderAdminService;
|
|
||||||
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
|
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.KeycloakSessionFactory;
|
import org.keycloak.models.KeycloakSessionFactory;
|
||||||
|
@ -14,7 +12,7 @@ import org.keycloak.representations.idm.authorization.ScopePermissionRepresentat
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
|
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
|
||||||
*/
|
*/
|
||||||
public class ScopePolicyProviderFactory implements PolicyProviderFactory {
|
public class ScopePolicyProviderFactory implements PolicyProviderFactory<ScopePermissionRepresentation> {
|
||||||
|
|
||||||
private ScopePolicyProvider provider = new ScopePolicyProvider();
|
private ScopePolicyProvider provider = new ScopePolicyProvider();
|
||||||
|
|
||||||
|
@ -34,23 +32,18 @@ public class ScopePolicyProviderFactory implements PolicyProviderFactory {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public PolicyProviderAdminService getAdminResource(ResourceServer resourceServer, AuthorizationProvider authorization) {
|
public PolicyProvider create(KeycloakSession session) {
|
||||||
return new PolicyProviderAdminService() {
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Class<ScopePermissionRepresentation> getRepresentationType() {
|
public Class<ScopePermissionRepresentation> getRepresentationType() {
|
||||||
return ScopePermissionRepresentation.class;
|
return ScopePermissionRepresentation.class;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public ScopePermissionRepresentation toRepresentation(Policy policy) {
|
public ScopePermissionRepresentation toRepresentation(Policy policy, ScopePermissionRepresentation representation) {
|
||||||
return new ScopePermissionRepresentation();
|
return representation;
|
||||||
}
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public PolicyProvider create(KeycloakSession session) {
|
|
||||||
return null;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -110,7 +110,7 @@ public class AbstractPolicyRepresentation {
|
||||||
return scopes;
|
return scopes;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void addScopes(String... id) {
|
public void addScope(String... id) {
|
||||||
if (this.scopes == null) {
|
if (this.scopes == null) {
|
||||||
this.scopes = new HashSet<>();
|
this.scopes = new HashSet<>();
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,6 +23,11 @@ public class ResourcePermissionRepresentation extends AbstractPolicyRepresentati
|
||||||
|
|
||||||
private String resourceType;
|
private String resourceType;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getType() {
|
||||||
|
return "resource";
|
||||||
|
}
|
||||||
|
|
||||||
public void setResourceType(String resourceType) {
|
public void setResourceType(String resourceType) {
|
||||||
this.resourceType = resourceType;
|
this.resourceType = resourceType;
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,4 +20,9 @@ package org.keycloak.representations.idm.authorization;
|
||||||
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
|
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
|
||||||
*/
|
*/
|
||||||
public class ScopePermissionRepresentation extends AbstractPolicyRepresentation {
|
public class ScopePermissionRepresentation extends AbstractPolicyRepresentation {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getType() {
|
||||||
|
return "scope";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -42,6 +42,7 @@ import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.authorization.infinispan.InfinispanStoreFactoryProvider.CacheTransaction;
|
import org.keycloak.models.authorization.infinispan.InfinispanStoreFactoryProvider.CacheTransaction;
|
||||||
import org.keycloak.models.authorization.infinispan.entities.CachedPolicy;
|
import org.keycloak.models.authorization.infinispan.entities.CachedPolicy;
|
||||||
import org.keycloak.models.cache.authorization.CachedStoreFactoryProvider;
|
import org.keycloak.models.cache.authorization.CachedStoreFactoryProvider;
|
||||||
|
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
|
||||||
import org.keycloak.representations.idm.authorization.DecisionStrategy;
|
import org.keycloak.representations.idm.authorization.DecisionStrategy;
|
||||||
import org.keycloak.representations.idm.authorization.Logic;
|
import org.keycloak.representations.idm.authorization.Logic;
|
||||||
|
|
||||||
|
@ -74,8 +75,8 @@ public class CachedPolicyStore implements PolicyStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy create(String name, String type, ResourceServer resourceServer) {
|
public Policy create(AbstractPolicyRepresentation representation, ResourceServer resourceServer) {
|
||||||
Policy policy = getDelegate().create(name, type, getStoreFactory().getResourceServerStore().findById(resourceServer.getId()));
|
Policy policy = getDelegate().create(representation, getStoreFactory().getResourceServerStore().findById(resourceServer.getId()));
|
||||||
String id = policy.getId();
|
String id = policy.getId();
|
||||||
|
|
||||||
this.transaction.whenRollback(() -> {
|
this.transaction.whenRollback(() -> {
|
||||||
|
|
|
@ -19,12 +19,13 @@ package org.keycloak.authorization.jpa.store;
|
||||||
|
|
||||||
import org.keycloak.authorization.jpa.entities.PolicyEntity;
|
import org.keycloak.authorization.jpa.entities.PolicyEntity;
|
||||||
import org.keycloak.authorization.jpa.entities.ResourceServerEntity;
|
import org.keycloak.authorization.jpa.entities.ResourceServerEntity;
|
||||||
import org.keycloak.authorization.jpa.entities.ScopeEntity;
|
|
||||||
import org.keycloak.authorization.model.Policy;
|
import org.keycloak.authorization.model.Policy;
|
||||||
import org.keycloak.authorization.model.ResourceServer;
|
import org.keycloak.authorization.model.ResourceServer;
|
||||||
import org.keycloak.authorization.model.Scope;
|
|
||||||
import org.keycloak.authorization.store.PolicyStore;
|
import org.keycloak.authorization.store.PolicyStore;
|
||||||
|
import org.keycloak.authorization.store.StoreFactory;
|
||||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||||
|
import org.keycloak.models.utils.RepresentationToModel;
|
||||||
|
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
|
||||||
|
|
||||||
import javax.persistence.EntityManager;
|
import javax.persistence.EntityManager;
|
||||||
import javax.persistence.NoResultException;
|
import javax.persistence.NoResultException;
|
||||||
|
@ -34,7 +35,6 @@ import javax.persistence.criteria.CriteriaQuery;
|
||||||
import javax.persistence.criteria.Predicate;
|
import javax.persistence.criteria.Predicate;
|
||||||
import javax.persistence.criteria.Root;
|
import javax.persistence.criteria.Root;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Arrays;
|
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
@ -45,19 +45,22 @@ import java.util.Map;
|
||||||
public class JPAPolicyStore implements PolicyStore {
|
public class JPAPolicyStore implements PolicyStore {
|
||||||
|
|
||||||
private final EntityManager entityManager;
|
private final EntityManager entityManager;
|
||||||
|
private final StoreFactory storeFactory;
|
||||||
|
|
||||||
public JPAPolicyStore(EntityManager entityManager) {
|
public JPAPolicyStore(EntityManager entityManager, StoreFactory storeFactory) {
|
||||||
this.entityManager = entityManager;
|
this.entityManager = entityManager;
|
||||||
|
this.storeFactory = storeFactory;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy create(String name, String type, ResourceServer resourceServer) {
|
public Policy create(AbstractPolicyRepresentation representation, ResourceServer resourceServer) {
|
||||||
PolicyEntity entity = new PolicyEntity();
|
PolicyEntity entity = new PolicyEntity();
|
||||||
|
|
||||||
entity.setId(KeycloakModelUtils.generateId());
|
entity.setId(KeycloakModelUtils.generateId());
|
||||||
entity.setName(name);
|
|
||||||
entity.setType(type);
|
|
||||||
entity.setResourceServer((ResourceServerEntity) resourceServer);
|
entity.setResourceServer((ResourceServerEntity) resourceServer);
|
||||||
|
entity.setType(representation.getType());
|
||||||
|
|
||||||
|
entity = (PolicyEntity) RepresentationToModel.toModel(representation, storeFactory, entity);
|
||||||
|
|
||||||
this.entityManager.persist(entity);
|
this.entityManager.persist(entity);
|
||||||
|
|
||||||
|
|
|
@ -39,7 +39,7 @@ public class JPAStoreFactory implements StoreFactory {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public PolicyStore getPolicyStore() {
|
public PolicyStore getPolicyStore() {
|
||||||
return new JPAPolicyStore(this.entityManager);
|
return new JPAPolicyStore(this.entityManager, this);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -37,12 +37,4 @@ public interface PolicyProviderAdminService<R extends AbstractPolicyRepresentati
|
||||||
default void onRemove(Policy policy) {
|
default void onRemove(Policy policy) {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
default R toRepresentation(Policy policy) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
default Class<R> getRepresentationType() {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,13 +19,16 @@
|
||||||
package org.keycloak.authorization.policy.provider;
|
package org.keycloak.authorization.policy.provider;
|
||||||
|
|
||||||
import org.keycloak.authorization.AuthorizationProvider;
|
import org.keycloak.authorization.AuthorizationProvider;
|
||||||
|
import org.keycloak.authorization.model.Policy;
|
||||||
import org.keycloak.authorization.model.ResourceServer;
|
import org.keycloak.authorization.model.ResourceServer;
|
||||||
import org.keycloak.provider.ProviderFactory;
|
import org.keycloak.provider.ProviderFactory;
|
||||||
|
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
|
||||||
|
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
|
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
|
||||||
*/
|
*/
|
||||||
public interface PolicyProviderFactory extends ProviderFactory<PolicyProvider> {
|
public interface PolicyProviderFactory<R extends AbstractPolicyRepresentation> extends ProviderFactory<PolicyProvider> {
|
||||||
|
|
||||||
String getName();
|
String getName();
|
||||||
|
|
||||||
|
@ -33,5 +36,15 @@ public interface PolicyProviderFactory extends ProviderFactory<PolicyProvider> {
|
||||||
|
|
||||||
PolicyProvider create(AuthorizationProvider authorization);
|
PolicyProvider create(AuthorizationProvider authorization);
|
||||||
|
|
||||||
PolicyProviderAdminService getAdminResource(ResourceServer resourceServer, AuthorizationProvider authorization);
|
default R toRepresentation(Policy policy, R representation) {
|
||||||
|
return representation;
|
||||||
|
}
|
||||||
|
|
||||||
|
default Class<R> getRepresentationType() {
|
||||||
|
return (Class<R>) PolicyRepresentation.class;
|
||||||
|
}
|
||||||
|
|
||||||
|
default PolicyProviderAdminService getAdminResource(ResourceServer resourceServer, AuthorizationProvider authorization) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,12 +18,13 @@
|
||||||
package org.keycloak.authorization.store;
|
package org.keycloak.authorization.store;
|
||||||
|
|
||||||
|
|
||||||
import org.keycloak.authorization.model.Policy;
|
|
||||||
import org.keycloak.authorization.model.ResourceServer;
|
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
|
import org.keycloak.authorization.model.Policy;
|
||||||
|
import org.keycloak.authorization.model.ResourceServer;
|
||||||
|
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A {@link PolicyStore} is responsible to manage the persistence of {@link Policy} instances.
|
* A {@link PolicyStore} is responsible to manage the persistence of {@link Policy} instances.
|
||||||
*
|
*
|
||||||
|
@ -35,12 +36,11 @@ public interface PolicyStore {
|
||||||
* Creates a new {@link Policy} instance. The new instance is not necessarily persisted though, which may require
|
* Creates a new {@link Policy} instance. The new instance is not necessarily persisted though, which may require
|
||||||
* a call to the {#save} method to actually make it persistent.
|
* a call to the {#save} method to actually make it persistent.
|
||||||
*
|
*
|
||||||
* @param name the name of the policy
|
* @param representation the policy representation
|
||||||
* @param type the type of the policy
|
|
||||||
* @param resourceServer the resource server to which this policy belongs
|
* @param resourceServer the resource server to which this policy belongs
|
||||||
* @return a new instance of {@link Policy}
|
* @return a new instance of {@link Policy}
|
||||||
*/
|
*/
|
||||||
Policy create(String name, String type, ResourceServer resourceServer);
|
Policy create(AbstractPolicyRepresentation representation, ResourceServer resourceServer);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Deletes a policy from the underlying persistence mechanism.
|
* Deletes a policy from the underlying persistence mechanism.
|
||||||
|
|
|
@ -33,6 +33,7 @@ import org.keycloak.authorization.model.Policy;
|
||||||
import org.keycloak.authorization.model.Resource;
|
import org.keycloak.authorization.model.Resource;
|
||||||
import org.keycloak.authorization.model.ResourceServer;
|
import org.keycloak.authorization.model.ResourceServer;
|
||||||
import org.keycloak.authorization.model.Scope;
|
import org.keycloak.authorization.model.Scope;
|
||||||
|
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
|
||||||
import org.keycloak.authorization.store.ResourceStore;
|
import org.keycloak.authorization.store.ResourceStore;
|
||||||
import org.keycloak.common.util.MultivaluedHashMap;
|
import org.keycloak.common.util.MultivaluedHashMap;
|
||||||
import org.keycloak.common.util.Time;
|
import org.keycloak.common.util.Time;
|
||||||
|
@ -87,6 +88,7 @@ import org.keycloak.representations.idm.RoleRepresentation;
|
||||||
import org.keycloak.representations.idm.UserConsentRepresentation;
|
import org.keycloak.representations.idm.UserConsentRepresentation;
|
||||||
import org.keycloak.representations.idm.UserRepresentation;
|
import org.keycloak.representations.idm.UserRepresentation;
|
||||||
import org.keycloak.representations.idm.UserSessionRepresentation;
|
import org.keycloak.representations.idm.UserSessionRepresentation;
|
||||||
|
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
|
||||||
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
|
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
|
||||||
import org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation;
|
import org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation;
|
||||||
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
|
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
|
||||||
|
@ -793,16 +795,29 @@ public class ModelToRepresentation {
|
||||||
return server;
|
return server;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static PolicyRepresentation toRepresentation(Policy model) {
|
public static <R extends AbstractPolicyRepresentation> R toRepresentation(Policy policy, Class<R> representationType, AuthorizationProvider authorization) {
|
||||||
PolicyRepresentation representation = new PolicyRepresentation();
|
R representation;
|
||||||
|
|
||||||
representation.setId(model.getId());
|
try {
|
||||||
representation.setName(model.getName());
|
representation = representationType.newInstance();
|
||||||
representation.setDescription(model.getDescription());
|
} catch (Exception cause) {
|
||||||
representation.setType(model.getType());
|
throw new RuntimeException("Could not create policy [" + policy.getType() + "] representation", cause);
|
||||||
representation.setDecisionStrategy(model.getDecisionStrategy());
|
}
|
||||||
representation.setLogic(model.getLogic());
|
|
||||||
representation.setConfig(new HashMap<>(model.getConfig()));
|
PolicyProviderFactory providerFactory = authorization.getProviderFactory(policy.getType());
|
||||||
|
|
||||||
|
representation.setId(policy.getId());
|
||||||
|
representation.setName(policy.getName());
|
||||||
|
representation.setDescription(policy.getDescription());
|
||||||
|
representation.setType(policy.getType());
|
||||||
|
representation.setDecisionStrategy(policy.getDecisionStrategy());
|
||||||
|
representation.setLogic(policy.getLogic());
|
||||||
|
|
||||||
|
if (representation instanceof PolicyRepresentation) {
|
||||||
|
PolicyRepresentation.class.cast(representation).setConfig(policy.getConfig());
|
||||||
|
} else {
|
||||||
|
representation = (R) providerFactory.toRepresentation(policy, representation);
|
||||||
|
}
|
||||||
|
|
||||||
return representation;
|
return representation;
|
||||||
}
|
}
|
||||||
|
|
|
@ -36,7 +36,6 @@ import org.keycloak.authorization.model.Policy;
|
||||||
import org.keycloak.authorization.model.Resource;
|
import org.keycloak.authorization.model.Resource;
|
||||||
import org.keycloak.authorization.model.ResourceServer;
|
import org.keycloak.authorization.model.ResourceServer;
|
||||||
import org.keycloak.authorization.model.Scope;
|
import org.keycloak.authorization.model.Scope;
|
||||||
import org.keycloak.authorization.policy.provider.PolicyProvider;
|
|
||||||
import org.keycloak.authorization.store.PolicyStore;
|
import org.keycloak.authorization.store.PolicyStore;
|
||||||
import org.keycloak.authorization.store.ResourceServerStore;
|
import org.keycloak.authorization.store.ResourceServerStore;
|
||||||
import org.keycloak.authorization.store.ResourceStore;
|
import org.keycloak.authorization.store.ResourceStore;
|
||||||
|
@ -2037,7 +2036,7 @@ public class RepresentationToModel {
|
||||||
return newScope.getId();
|
return newScope.getId();
|
||||||
}).collect(Collectors.toList())));
|
}).collect(Collectors.toList())));
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
throw new RuntimeException("Error while exporting policy [" + policyRepresentation.getName() + "].", e);
|
throw new RuntimeException("Error while importing policy [" + policyRepresentation.getName() + "].", e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2061,7 +2060,7 @@ public class RepresentationToModel {
|
||||||
return resource.getId();
|
return resource.getId();
|
||||||
}).collect(Collectors.toList())));
|
}).collect(Collectors.toList())));
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
throw new RuntimeException("Error while exporting policy [" + policyRepresentation.getName() + "].", e);
|
throw new RuntimeException("Error while importing policy [" + policyRepresentation.getName() + "].", e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2088,118 +2087,93 @@ public class RepresentationToModel {
|
||||||
return policy.getId();
|
return policy.getId();
|
||||||
}).collect(Collectors.toList())));
|
}).collect(Collectors.toList())));
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
throw new RuntimeException("Error while exporting policy [" + policyRepresentation.getName() + "].", e);
|
throw new RuntimeException("Error while importing policy [" + policyRepresentation.getName() + "].", e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (parentPolicyName == null) {
|
PolicyStore policyStore = storeFactory.getPolicyStore();
|
||||||
toModel(policyRepresentation, resourceServer, authorization);
|
Policy policy = policyStore.findById(policyRepresentation.getId(), resourceServer.getId());
|
||||||
} else if (parentPolicyName.equals(policyRepresentation.getName())) {
|
|
||||||
return toModel(policyRepresentation, resourceServer, authorization);
|
if (policy == null) {
|
||||||
|
policy = policyStore.findByName(policyRepresentation.getName(), resourceServer.getId());
|
||||||
|
}
|
||||||
|
|
||||||
|
if (policy == null) {
|
||||||
|
policy = policyStore.create(policyRepresentation, resourceServer);
|
||||||
|
} else {
|
||||||
|
toModel(policyRepresentation, storeFactory, policy);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (parentPolicyName != null && parentPolicyName.equals(policyRepresentation.getName())) {
|
||||||
|
return policy;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static Policy toModel(AbstractPolicyRepresentation representation, ResourceServer resourceServer, AuthorizationProvider authorization) {
|
public static Policy toModel(AbstractPolicyRepresentation representation, StoreFactory storeFactory, Policy model) {
|
||||||
String type = representation.getType();
|
|
||||||
PolicyProvider provider = authorization.getProvider(type);
|
|
||||||
|
|
||||||
if (provider == null) {
|
|
||||||
//TODO: temporary, remove this check on future versions as drools type is now deprecated
|
|
||||||
if ("drools".equalsIgnoreCase(type)) {
|
|
||||||
type = "rules";
|
|
||||||
}
|
|
||||||
if (authorization.getProvider(type) == null) {
|
|
||||||
throw new RuntimeException("Unknown policy type [" + type + "]. Could not find a provider for this type.");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
|
|
||||||
Policy model;
|
|
||||||
|
|
||||||
if (representation.getId() != null) {
|
|
||||||
model = policyStore.findById(representation.getId(), resourceServer.getId());
|
|
||||||
} else {
|
|
||||||
model = policyStore.findByName(representation.getName(), resourceServer.getId());
|
|
||||||
}
|
|
||||||
|
|
||||||
if (model != null) {
|
|
||||||
model.setName(representation.getName());
|
model.setName(representation.getName());
|
||||||
model.setDescription(representation.getDescription());
|
model.setDescription(representation.getDescription());
|
||||||
model.setDecisionStrategy(representation.getDecisionStrategy());
|
model.setDecisionStrategy(representation.getDecisionStrategy());
|
||||||
model.setLogic(representation.getLogic());
|
model.setLogic(representation.getLogic());
|
||||||
} else {
|
|
||||||
model = policyStore.create(representation.getName(), type, resourceServer);
|
Set resources = representation.getResources();
|
||||||
model.setDescription(representation.getDescription());
|
Set scopes = representation.getScopes();
|
||||||
model.setDecisionStrategy(representation.getDecisionStrategy());
|
Set policies = representation.getPolicies();
|
||||||
model.setLogic(representation.getLogic());
|
|
||||||
|
if (representation instanceof PolicyRepresentation) {
|
||||||
|
PolicyRepresentation policy = PolicyRepresentation.class.cast(representation);
|
||||||
|
String resourcesConfig = policy.getConfig().get("resources");
|
||||||
|
|
||||||
|
if (resourcesConfig != null) {
|
||||||
|
try {
|
||||||
|
resources = JsonSerialization.readValue(resourcesConfig, Set.class);
|
||||||
|
} catch (IOException e) {
|
||||||
|
throw new RuntimeException(e);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
updateResources(representation.getResources(), model, authorization);
|
String scopesConfig = policy.getConfig().get("scopes");
|
||||||
updateScopes(representation.getScopes(), model, authorization);
|
|
||||||
updateAssociatedPolicies(representation.getPolicies(), model, authorization);
|
if (scopesConfig != null) {
|
||||||
|
try {
|
||||||
|
scopes = JsonSerialization.readValue(scopesConfig, Set.class);
|
||||||
|
} catch (IOException e) {
|
||||||
|
throw new RuntimeException(e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
String policiesConfig = policy.getConfig().get("applyPolicies");
|
||||||
|
|
||||||
|
if (policiesConfig != null) {
|
||||||
|
try {
|
||||||
|
policies = JsonSerialization.readValue(policiesConfig, Set.class);
|
||||||
|
} catch (IOException e) {
|
||||||
|
throw new RuntimeException(e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
model.setConfig(policy.getConfig());
|
||||||
|
}
|
||||||
|
|
||||||
|
updateResources(resources, model, storeFactory);
|
||||||
|
updateScopes(scopes, model, storeFactory);
|
||||||
|
updateAssociatedPolicies(policies, model, storeFactory);
|
||||||
|
|
||||||
representation.setId(model.getId());
|
representation.setId(model.getId());
|
||||||
|
|
||||||
return model;
|
return model;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static Policy toModel(PolicyRepresentation policy, ResourceServer resourceServer, AuthorizationProvider authorization) {
|
private static void updateScopes(Set<String> scopeIds, Policy policy, StoreFactory storeFactory) {
|
||||||
Policy model = toModel(AbstractPolicyRepresentation.class.cast(policy), resourceServer, authorization);
|
|
||||||
|
|
||||||
String resources = policy.getConfig().get("resources");
|
|
||||||
|
|
||||||
if (resources != null) {
|
|
||||||
Set resourceIds;
|
|
||||||
|
|
||||||
try {
|
|
||||||
resourceIds = JsonSerialization.readValue(resources, Set.class);
|
|
||||||
} catch (IOException e) {
|
|
||||||
throw new RuntimeException(e);
|
|
||||||
}
|
|
||||||
|
|
||||||
updateResources(resourceIds, model, authorization);
|
|
||||||
}
|
|
||||||
|
|
||||||
String scopes = policy.getConfig().get("scopes");
|
|
||||||
|
|
||||||
if (scopes != null) {
|
|
||||||
Set scopeIds;
|
|
||||||
|
|
||||||
try {
|
|
||||||
scopeIds = JsonSerialization.readValue(scopes, Set.class);
|
|
||||||
} catch (IOException e) {
|
|
||||||
throw new RuntimeException(e);
|
|
||||||
}
|
|
||||||
|
|
||||||
updateScopes(scopeIds, model, authorization);
|
|
||||||
}
|
|
||||||
|
|
||||||
String policies = policy.getConfig().get("applyPolicies");
|
|
||||||
|
|
||||||
if (policies != null) {
|
|
||||||
Set policyIds;
|
|
||||||
|
|
||||||
try {
|
|
||||||
policyIds = JsonSerialization.readValue(policies, Set.class);
|
|
||||||
} catch (IOException e) {
|
|
||||||
throw new RuntimeException(e);
|
|
||||||
}
|
|
||||||
|
|
||||||
updateAssociatedPolicies(policyIds, model, authorization);
|
|
||||||
}
|
|
||||||
|
|
||||||
model.setConfig(policy.getConfig());
|
|
||||||
|
|
||||||
return model;
|
|
||||||
}
|
|
||||||
|
|
||||||
private static void updateScopes(Set<String> scopeIds, Policy policy, AuthorizationProvider authorization) {
|
|
||||||
if (scopeIds != null) {
|
if (scopeIds != null) {
|
||||||
StoreFactory storeFactory = authorization.getStoreFactory();
|
if (scopeIds.isEmpty()) {
|
||||||
|
for (Scope scope : new HashSet<Scope>(policy.getScopes())) {
|
||||||
|
policy.removeScope(scope);
|
||||||
|
}
|
||||||
|
return;
|
||||||
|
}
|
||||||
for (String scopeId : scopeIds) {
|
for (String scopeId : scopeIds) {
|
||||||
boolean hasScope = false;
|
boolean hasScope = false;
|
||||||
|
|
||||||
|
@ -2235,16 +2209,22 @@ public class RepresentationToModel {
|
||||||
policy.removeScope(scopeModel);
|
policy.removeScope(scopeModel);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
policy.getConfig().remove("scopes");
|
policy.getConfig().remove("scopes");
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
private static void updateAssociatedPolicies(Set<String> policyIds, Policy policy, AuthorizationProvider authorization) {
|
private static void updateAssociatedPolicies(Set<String> policyIds, Policy policy, StoreFactory storeFactory) {
|
||||||
ResourceServer resourceServer = policy.getResourceServer();
|
ResourceServer resourceServer = policy.getResourceServer();
|
||||||
|
|
||||||
if (policyIds != null) {
|
if (policyIds != null) {
|
||||||
StoreFactory storeFactory = authorization.getStoreFactory();
|
if (policyIds.isEmpty()) {
|
||||||
|
for (Policy associated: new HashSet<Policy>(policy.getAssociatedPolicies())) {
|
||||||
|
policy.removeAssociatedPolicy(associated);
|
||||||
|
}
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
PolicyStore policyStore = storeFactory.getPolicyStore();
|
PolicyStore policyStore = storeFactory.getPolicyStore();
|
||||||
|
|
||||||
for (String policyId : policyIds) {
|
for (String policyId : policyIds) {
|
||||||
|
@ -2280,18 +2260,20 @@ public class RepresentationToModel {
|
||||||
}
|
}
|
||||||
if (!hasPolicy) {
|
if (!hasPolicy) {
|
||||||
policy.removeAssociatedPolicy(policyModel);
|
policy.removeAssociatedPolicy(policyModel);
|
||||||
;
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
policy.getConfig().remove("applyPolicies");
|
policy.getConfig().remove("applyPolicies");
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
private static void updateResources(Set<String> resourceIds, Policy policy, AuthorizationProvider authorization) {
|
private static void updateResources(Set<String> resourceIds, Policy policy, StoreFactory storeFactory) {
|
||||||
if (resourceIds != null) {
|
if (resourceIds != null) {
|
||||||
StoreFactory storeFactory = authorization.getStoreFactory();
|
if (resourceIds.isEmpty()) {
|
||||||
|
for (Scope scope : new HashSet<Scope>(policy.getScopes())) {
|
||||||
|
policy.removeScope(scope);
|
||||||
|
}
|
||||||
|
}
|
||||||
for (String resourceId : resourceIds) {
|
for (String resourceId : resourceIds) {
|
||||||
boolean hasResource = false;
|
boolean hasResource = false;
|
||||||
for (Resource resourceModel : new HashSet<Resource>(policy.getResources())) {
|
for (Resource resourceModel : new HashSet<Resource>(policy.getResources())) {
|
||||||
|
@ -2326,10 +2308,14 @@ public class RepresentationToModel {
|
||||||
policy.removeResource(resourceModel);
|
policy.removeResource(resourceModel);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
for (Resource resourceModel : new HashSet<Resource>(policy.getResources())) {
|
||||||
|
policy.removeResource(resourceModel);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
policy.getConfig().remove("resources");
|
policy.getConfig().remove("resources");
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
public static Resource toModel(ResourceRepresentation resource, ResourceServer resourceServer, AuthorizationProvider authorization) {
|
public static Resource toModel(ResourceRepresentation resource, ResourceServer resourceServer, AuthorizationProvider authorization) {
|
||||||
ResourceStore resourceStore = authorization.getStoreFactory().getResourceStore();
|
ResourceStore resourceStore = authorization.getStoreFactory().getResourceStore();
|
||||||
|
|
|
@ -34,7 +34,6 @@ import org.keycloak.authorization.AuthorizationProvider;
|
||||||
import org.keycloak.authorization.model.Policy;
|
import org.keycloak.authorization.model.Policy;
|
||||||
import org.keycloak.authorization.model.ResourceServer;
|
import org.keycloak.authorization.model.ResourceServer;
|
||||||
import org.keycloak.authorization.policy.provider.PolicyProviderAdminService;
|
import org.keycloak.authorization.policy.provider.PolicyProviderAdminService;
|
||||||
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
|
|
||||||
import org.keycloak.authorization.store.PolicyStore;
|
import org.keycloak.authorization.store.PolicyStore;
|
||||||
import org.keycloak.authorization.store.StoreFactory;
|
import org.keycloak.authorization.store.StoreFactory;
|
||||||
import org.keycloak.models.utils.ModelToRepresentation;
|
import org.keycloak.models.utils.ModelToRepresentation;
|
||||||
|
@ -78,7 +77,7 @@ public class PolicyResourceService {
|
||||||
|
|
||||||
representation.setId(policy.getId());
|
representation.setId(policy.getId());
|
||||||
|
|
||||||
Policy updated = toModel(representation);
|
Policy updated = RepresentationToModel.toModel(representation, authorization.getStoreFactory(), policy);
|
||||||
|
|
||||||
PolicyProviderAdminService resource = getPolicyProviderAdminResource(updated.getType());
|
PolicyProviderAdminService resource = getPolicyProviderAdminResource(updated.getType());
|
||||||
|
|
||||||
|
@ -93,10 +92,6 @@ public class PolicyResourceService {
|
||||||
return Response.status(Status.CREATED).build();
|
return Response.status(Status.CREATED).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
protected Policy toModel(AbstractPolicyRepresentation representation) {
|
|
||||||
return RepresentationToModel.toModel(PolicyRepresentation.class.cast(representation), resourceServer, authorization);
|
|
||||||
}
|
|
||||||
|
|
||||||
@DELETE
|
@DELETE
|
||||||
public Response delete() {
|
public Response delete() {
|
||||||
this.auth.requireManage();
|
this.auth.requireManage();
|
||||||
|
@ -140,11 +135,11 @@ public class PolicyResourceService {
|
||||||
return Response.status(Status.NOT_FOUND).build();
|
return Response.status(Status.NOT_FOUND).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
return Response.ok(toRepresentation(policy)).build();
|
return Response.ok(toRepresentation(policy, authorization)).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
protected Object toRepresentation(Policy model) {
|
protected AbstractPolicyRepresentation toRepresentation(Policy policy, AuthorizationProvider authorization) {
|
||||||
return ModelToRepresentation.toRepresentation(model);
|
return ModelToRepresentation.toRepresentation(policy, PolicyRepresentation.class, authorization);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("/dependentPolicies")
|
@Path("/dependentPolicies")
|
||||||
|
@ -248,13 +243,7 @@ public class PolicyResourceService {
|
||||||
}
|
}
|
||||||
|
|
||||||
protected PolicyProviderAdminService getPolicyProviderAdminResource(String policyType) {
|
protected PolicyProviderAdminService getPolicyProviderAdminResource(String policyType) {
|
||||||
PolicyProviderFactory providerFactory = authorization.getProviderFactory(policyType);
|
return authorization.getProviderFactory(policyType).getAdminResource(resourceServer, authorization);
|
||||||
|
|
||||||
if (providerFactory != null) {
|
|
||||||
return providerFactory.getAdminResource(resourceServer, authorization);
|
|
||||||
}
|
|
||||||
|
|
||||||
return null;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
protected Policy getPolicy() {
|
protected Policy getPolicy() {
|
||||||
|
|
|
@ -17,8 +17,6 @@
|
||||||
*/
|
*/
|
||||||
package org.keycloak.authorization.admin;
|
package org.keycloak.authorization.admin;
|
||||||
|
|
||||||
import static org.keycloak.models.utils.RepresentationToModel.toModel;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
|
@ -53,7 +51,7 @@ import org.keycloak.models.utils.ModelToRepresentation;
|
||||||
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
|
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
|
||||||
import org.keycloak.representations.idm.authorization.PolicyProviderRepresentation;
|
import org.keycloak.representations.idm.authorization.PolicyProviderRepresentation;
|
||||||
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
|
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
|
||||||
import org.keycloak.services.ErrorResponse;
|
import org.keycloak.services.ErrorResponseException;
|
||||||
import org.keycloak.services.resources.admin.RealmAuth;
|
import org.keycloak.services.resources.admin.RealmAuth;
|
||||||
import org.keycloak.util.JsonSerialization;
|
import org.keycloak.util.JsonSerialization;
|
||||||
|
|
||||||
|
@ -97,14 +95,7 @@ public class PolicyService {
|
||||||
this.auth.requireManage();
|
this.auth.requireManage();
|
||||||
|
|
||||||
AbstractPolicyRepresentation representation = doCreateRepresentation(payload);
|
AbstractPolicyRepresentation representation = doCreateRepresentation(payload);
|
||||||
|
Policy policy = create(representation);
|
||||||
Policy existing = authorization.getStoreFactory().getPolicyStore().findByName(representation.getName(), resourceServer.getId());
|
|
||||||
|
|
||||||
if (existing != null) {
|
|
||||||
return ErrorResponse.exists("Policy with name [" + representation.getName() + "] already exists");
|
|
||||||
}
|
|
||||||
|
|
||||||
Policy policy = doCreate(representation);
|
|
||||||
PolicyProviderAdminService provider = getPolicyProviderAdminResource(representation.getType());
|
PolicyProviderAdminService provider = getPolicyProviderAdminResource(representation.getType());
|
||||||
|
|
||||||
if (provider != null) {
|
if (provider != null) {
|
||||||
|
@ -121,10 +112,6 @@ public class PolicyService {
|
||||||
return Response.status(Status.CREATED).entity(representation).build();
|
return Response.status(Status.CREATED).entity(representation).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
protected Policy doCreate(AbstractPolicyRepresentation representation) {
|
|
||||||
return create(PolicyRepresentation.class.cast(representation));
|
|
||||||
}
|
|
||||||
|
|
||||||
protected AbstractPolicyRepresentation doCreateRepresentation(String payload) {
|
protected AbstractPolicyRepresentation doCreateRepresentation(String payload) {
|
||||||
PolicyRepresentation representation;
|
PolicyRepresentation representation;
|
||||||
|
|
||||||
|
@ -137,8 +124,15 @@ public class PolicyService {
|
||||||
return representation;
|
return representation;
|
||||||
}
|
}
|
||||||
|
|
||||||
public Policy create(PolicyRepresentation representation) {
|
public Policy create(AbstractPolicyRepresentation representation) {
|
||||||
Policy policy = toModel(representation, this.resourceServer, authorization);
|
PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
|
||||||
|
Policy existing = policyStore.findByName(representation.getName(), resourceServer.getId());
|
||||||
|
|
||||||
|
if (existing != null) {
|
||||||
|
throw new ErrorResponseException("Policy with name [" + representation.getName() + "] already exists", "Conflicting policy", Status.CONFLICT);
|
||||||
|
}
|
||||||
|
|
||||||
|
Policy policy = policyStore.create(representation, resourceServer);
|
||||||
PolicyProviderAdminService resource = getPolicyProviderAdminResource(policy.getType());
|
PolicyProviderAdminService resource = getPolicyProviderAdminResource(policy.getType());
|
||||||
|
|
||||||
if (resource != null) {
|
if (resource != null) {
|
||||||
|
@ -152,10 +146,6 @@ public class PolicyService {
|
||||||
return policy;
|
return policy;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected Object toRepresentation(Policy model) {
|
|
||||||
return ModelToRepresentation.toRepresentation(model);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Path("/search")
|
@Path("/search")
|
||||||
@GET
|
@GET
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
@ -174,7 +164,7 @@ public class PolicyService {
|
||||||
return Response.status(Status.OK).build();
|
return Response.status(Status.OK).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
return Response.ok(toRepresentation(model)).build();
|
return Response.ok(toRepresentation(model, authorization)).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
|
@ -251,10 +241,14 @@ public class PolicyService {
|
||||||
.build();
|
.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected AbstractPolicyRepresentation toRepresentation(Policy model, AuthorizationProvider authorization) {
|
||||||
|
return ModelToRepresentation.toRepresentation(model, PolicyRepresentation.class, authorization);
|
||||||
|
}
|
||||||
|
|
||||||
protected List<Object> doSearch(Integer firstResult, Integer maxResult, Map<String, String[]> filters) {
|
protected List<Object> doSearch(Integer firstResult, Integer maxResult, Map<String, String[]> filters) {
|
||||||
PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
|
PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
|
||||||
return policyStore.findByResourceServer(filters, resourceServer.getId(), firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS).stream()
|
return policyStore.findByResourceServer(filters, resourceServer.getId(), firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS).stream()
|
||||||
.map(policy -> toRepresentation(policy))
|
.map(policy -> toRepresentation(policy, authorization))
|
||||||
.collect(Collectors.toList());
|
.collect(Collectors.toList());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -290,16 +284,10 @@ public class PolicyService {
|
||||||
}
|
}
|
||||||
|
|
||||||
protected PolicyProviderAdminService getPolicyProviderAdminResource(String policyType) {
|
protected PolicyProviderAdminService getPolicyProviderAdminResource(String policyType) {
|
||||||
PolicyProviderFactory providerFactory = getPolicyProviderFactory(policyType);
|
return getPolicyProviderFactory(policyType).getAdminResource(resourceServer, authorization);
|
||||||
|
|
||||||
if (providerFactory != null) {
|
|
||||||
return providerFactory.getAdminResource(resourceServer, authorization);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return null;
|
protected PolicyProviderFactory getPolicyProviderFactory(String policyType) {
|
||||||
}
|
|
||||||
|
|
||||||
private PolicyProviderFactory getPolicyProviderFactory(String policyType) {
|
|
||||||
return authorization.getProviderFactory(policyType);
|
return authorization.getProviderFactory(policyType);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -21,8 +21,8 @@ import java.io.IOException;
|
||||||
import org.keycloak.authorization.AuthorizationProvider;
|
import org.keycloak.authorization.AuthorizationProvider;
|
||||||
import org.keycloak.authorization.model.Policy;
|
import org.keycloak.authorization.model.Policy;
|
||||||
import org.keycloak.authorization.model.ResourceServer;
|
import org.keycloak.authorization.model.ResourceServer;
|
||||||
import org.keycloak.authorization.policy.provider.PolicyProviderAdminService;
|
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
|
||||||
import org.keycloak.models.utils.RepresentationToModel;
|
import org.keycloak.models.utils.ModelToRepresentation;
|
||||||
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
|
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
|
||||||
import org.keycloak.services.resources.admin.RealmAuth;
|
import org.keycloak.services.resources.admin.RealmAuth;
|
||||||
import org.keycloak.util.JsonSerialization;
|
import org.keycloak.util.JsonSerialization;
|
||||||
|
@ -39,7 +39,7 @@ public class PolicyTypeResourceService extends PolicyResourceService {
|
||||||
@Override
|
@Override
|
||||||
protected AbstractPolicyRepresentation doCreateRepresentation(String payload) {
|
protected AbstractPolicyRepresentation doCreateRepresentation(String payload) {
|
||||||
String type = getPolicy().getType();
|
String type = getPolicy().getType();
|
||||||
Class<? extends AbstractPolicyRepresentation> representationType = getPolicyProviderAdminResource(type).getRepresentationType();
|
Class<? extends AbstractPolicyRepresentation> representationType = authorization.getProviderFactory(type).getRepresentationType();
|
||||||
|
|
||||||
if (representationType == null) {
|
if (representationType == null) {
|
||||||
throw new RuntimeException("Policy provider for type [" + type + "] returned a null representation type.");
|
throw new RuntimeException("Policy provider for type [" + type + "] returned a null representation type.");
|
||||||
|
@ -59,22 +59,8 @@ public class PolicyTypeResourceService extends PolicyResourceService {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected Policy toModel(AbstractPolicyRepresentation representation) {
|
protected AbstractPolicyRepresentation toRepresentation(Policy policy, AuthorizationProvider authorization) {
|
||||||
return RepresentationToModel.toModel(representation, resourceServer, authorization);
|
PolicyProviderFactory providerFactory = authorization.getProviderFactory(policy.getType());
|
||||||
}
|
return ModelToRepresentation.toRepresentation(policy, providerFactory.getRepresentationType(), authorization);
|
||||||
|
|
||||||
@Override
|
|
||||||
protected Object toRepresentation(Policy policy) {
|
|
||||||
PolicyProviderAdminService provider = getPolicyProviderAdminResource(policy.getType());
|
|
||||||
AbstractPolicyRepresentation representation = provider.toRepresentation(policy);
|
|
||||||
|
|
||||||
representation.setId(policy.getId());
|
|
||||||
representation.setName(policy.getName());
|
|
||||||
representation.setDescription(policy.getDescription());
|
|
||||||
representation.setType(policy.getType());
|
|
||||||
representation.setDecisionStrategy(policy.getDecisionStrategy());
|
|
||||||
representation.setLogic(policy.getLogic());
|
|
||||||
|
|
||||||
return representation;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,8 +16,6 @@
|
||||||
*/
|
*/
|
||||||
package org.keycloak.authorization.admin;
|
package org.keycloak.authorization.admin;
|
||||||
|
|
||||||
import static org.keycloak.models.utils.RepresentationToModel.toModel;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
|
||||||
import javax.ws.rs.Path;
|
import javax.ws.rs.Path;
|
||||||
|
@ -27,6 +25,8 @@ import org.keycloak.authorization.AuthorizationProvider;
|
||||||
import org.keycloak.authorization.model.Policy;
|
import org.keycloak.authorization.model.Policy;
|
||||||
import org.keycloak.authorization.model.ResourceServer;
|
import org.keycloak.authorization.model.ResourceServer;
|
||||||
import org.keycloak.authorization.policy.provider.PolicyProviderAdminService;
|
import org.keycloak.authorization.policy.provider.PolicyProviderAdminService;
|
||||||
|
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
|
||||||
|
import org.keycloak.models.utils.ModelToRepresentation;
|
||||||
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
|
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
|
||||||
import org.keycloak.services.resources.admin.RealmAuth;
|
import org.keycloak.services.resources.admin.RealmAuth;
|
||||||
import org.keycloak.util.JsonSerialization;
|
import org.keycloak.util.JsonSerialization;
|
||||||
|
@ -47,6 +47,10 @@ public class PolicyTypeService extends PolicyService {
|
||||||
public Object getPolicyAdminResourceProvider() {
|
public Object getPolicyAdminResourceProvider() {
|
||||||
PolicyProviderAdminService resource = getPolicyProviderAdminResource(type);
|
PolicyProviderAdminService resource = getPolicyProviderAdminResource(type);
|
||||||
|
|
||||||
|
if (resource == null) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(resource);
|
ResteasyProviderFactory.getInstance().injectProperties(resource);
|
||||||
|
|
||||||
return resource;
|
return resource;
|
||||||
|
@ -59,7 +63,7 @@ public class PolicyTypeService extends PolicyService {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected AbstractPolicyRepresentation doCreateRepresentation(String payload) {
|
protected AbstractPolicyRepresentation doCreateRepresentation(String payload) {
|
||||||
PolicyProviderAdminService provider = getPolicyProviderAdminResource(type);
|
PolicyProviderFactory provider = getPolicyProviderFactory(type);
|
||||||
Class<? extends AbstractPolicyRepresentation> representationType = provider.getRepresentationType();
|
Class<? extends AbstractPolicyRepresentation> representationType = provider.getRepresentationType();
|
||||||
|
|
||||||
if (representationType == null) {
|
if (representationType == null) {
|
||||||
|
@ -80,7 +84,8 @@ public class PolicyTypeService extends PolicyService {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected Policy doCreate(AbstractPolicyRepresentation representation) {
|
protected AbstractPolicyRepresentation toRepresentation(Policy policy, AuthorizationProvider authorization) {
|
||||||
return toModel(representation, resourceServer, authorization);
|
PolicyProviderFactory providerFactory = authorization.getProviderFactory(policy.getType());
|
||||||
|
return ModelToRepresentation.toRepresentation(policy, providerFactory.getRepresentationType(), authorization);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -58,7 +58,6 @@ import java.util.HashSet;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import java.util.function.Function;
|
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
import static org.keycloak.models.utils.ModelToRepresentation.toRepresentation;
|
import static org.keycloak.models.utils.ModelToRepresentation.toRepresentation;
|
||||||
|
|
|
@ -337,7 +337,7 @@ public class ExportUtils {
|
||||||
RealmModel realm = authorizationProvider.getRealm();
|
RealmModel realm = authorizationProvider.getRealm();
|
||||||
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
|
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
|
||||||
try {
|
try {
|
||||||
PolicyRepresentation rep = toRepresentation(policy);
|
PolicyRepresentation rep = toRepresentation(policy, PolicyRepresentation.class, authorizationProvider);
|
||||||
|
|
||||||
rep.setId(null);
|
rep.setId(null);
|
||||||
|
|
||||||
|
|
|
@ -29,6 +29,7 @@ import org.keycloak.models.RoleModel;
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
import org.keycloak.representations.idm.authorization.DecisionStrategy;
|
import org.keycloak.representations.idm.authorization.DecisionStrategy;
|
||||||
import org.keycloak.representations.idm.authorization.Logic;
|
import org.keycloak.representations.idm.authorization.Logic;
|
||||||
|
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
|
||||||
import org.keycloak.testsuite.AbstractKeycloakTest;
|
import org.keycloak.testsuite.AbstractKeycloakTest;
|
||||||
import org.keycloak.testsuite.runonserver.RunOnServerDeployment;
|
import org.keycloak.testsuite.runonserver.RunOnServerDeployment;
|
||||||
|
|
||||||
|
@ -73,15 +74,19 @@ public class AuthzCleanupTest extends AbstractKeycloakTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
private static Policy createRolePolicy(AuthorizationProvider authz, ResourceServer resourceServer, RoleModel role) {
|
private static Policy createRolePolicy(AuthorizationProvider authz, ResourceServer resourceServer, RoleModel role) {
|
||||||
Policy policy = authz.getStoreFactory().getPolicyStore().create(role.getName(), "role", resourceServer);
|
PolicyRepresentation representation = new PolicyRepresentation();
|
||||||
|
|
||||||
|
representation.setName(role.getName());
|
||||||
|
representation.setType("role");
|
||||||
|
representation.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
|
||||||
|
representation.setLogic(Logic.POSITIVE);
|
||||||
|
|
||||||
String roleValues = "[{\"id\":\"" + role.getId() + "\",\"required\": true}]";
|
String roleValues = "[{\"id\":\"" + role.getId() + "\",\"required\": true}]";
|
||||||
policy.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
|
|
||||||
policy.setLogic(Logic.POSITIVE);
|
|
||||||
Map<String, String> config = new HashMap<>();
|
Map<String, String> config = new HashMap<>();
|
||||||
config.put("roles", roleValues);
|
config.put("roles", roleValues);
|
||||||
policy.setConfig(config);
|
representation.setConfig(config);
|
||||||
return policy;
|
|
||||||
|
return authz.getStoreFactory().getPolicyStore().create(representation, resourceServer);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -39,6 +39,8 @@ import org.keycloak.representations.idm.authorization.DecisionStrategy;
|
||||||
import org.keycloak.representations.idm.authorization.Logic;
|
import org.keycloak.representations.idm.authorization.Logic;
|
||||||
import org.keycloak.representations.idm.authorization.PolicyEvaluationRequest;
|
import org.keycloak.representations.idm.authorization.PolicyEvaluationRequest;
|
||||||
import org.keycloak.representations.idm.authorization.PolicyEvaluationResponse;
|
import org.keycloak.representations.idm.authorization.PolicyEvaluationResponse;
|
||||||
|
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
|
||||||
|
import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation;
|
||||||
import org.keycloak.testsuite.AbstractKeycloakTest;
|
import org.keycloak.testsuite.AbstractKeycloakTest;
|
||||||
|
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
|
@ -102,21 +104,16 @@ public class FineGrainAdminLocalTest extends AbstractKeycloakTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
private static Policy addScopePermission(AuthorizationProvider authz, ResourceServer resourceServer, String name, Resource resource, Scope scope, Policy policy) {
|
private static Policy addScopePermission(AuthorizationProvider authz, ResourceServer resourceServer, String name, Resource resource, Scope scope, Policy policy) {
|
||||||
Policy permission = authz.getStoreFactory().getPolicyStore().create(name, "scope", resourceServer);
|
ScopePermissionRepresentation representation = new ScopePermissionRepresentation();
|
||||||
String resources = "[\"" + resource.getId() + "\"]";
|
|
||||||
String scopes = "[\"" + scope.getId() + "\"]";
|
representation.setName(name);
|
||||||
String applyPolicies = "[\"" + policy.getId() + "\"]";
|
representation.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
|
||||||
Map<String, String> config = new HashMap<>();
|
representation.setLogic(Logic.POSITIVE);
|
||||||
config.put("resources", resources);
|
representation.addResource(resource.getName());
|
||||||
config.put("scopes", scopes);
|
representation.addScope(scope.getName());
|
||||||
config.put("applyPolicies", applyPolicies);
|
representation.addPolicy(policy.getName());
|
||||||
permission.setConfig(config);
|
|
||||||
permission.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
|
return authz.getStoreFactory().getPolicyStore().create(representation, resourceServer);
|
||||||
permission.setLogic(Logic.POSITIVE);
|
|
||||||
permission.addResource(resource);
|
|
||||||
permission.addScope(scope);
|
|
||||||
permission.addAssociatedPolicy(policy);
|
|
||||||
return permission;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private static Resource createRoleResource(AuthorizationProvider authz, ResourceServer resourceServer, RoleModel role) {
|
private static Resource createRoleResource(AuthorizationProvider authz, ResourceServer resourceServer, RoleModel role) {
|
||||||
|
@ -144,15 +141,18 @@ public class FineGrainAdminLocalTest extends AbstractKeycloakTest {
|
||||||
roleName = client.getClientId() ;
|
roleName = client.getClientId() ;
|
||||||
}
|
}
|
||||||
roleName = "role.policy." + roleName + "." + role.getName();
|
roleName = "role.policy." + roleName + "." + role.getName();
|
||||||
Policy policy = authz.getStoreFactory().getPolicyStore().create(roleName, "role", resourceServer);
|
PolicyRepresentation representation = new PolicyRepresentation();
|
||||||
|
|
||||||
|
representation.setName(roleName);
|
||||||
|
representation.setType("role");
|
||||||
|
representation.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
|
||||||
|
representation.setLogic(Logic.POSITIVE);
|
||||||
String roleValues = "[{\"id\":\"" + role.getId() + "\",\"required\": true}]";
|
String roleValues = "[{\"id\":\"" + role.getId() + "\",\"required\": true}]";
|
||||||
policy.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
|
|
||||||
policy.setLogic(Logic.POSITIVE);
|
|
||||||
Map<String, String> config = new HashMap<>();
|
Map<String, String> config = new HashMap<>();
|
||||||
config.put("roles", roleValues);
|
config.put("roles", roleValues);
|
||||||
policy.setConfig(config);
|
representation.setConfig(config);
|
||||||
return policy;
|
|
||||||
|
return authz.getStoreFactory().getPolicyStore().create(representation, resourceServer);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void setupUsers(KeycloakSession session) {
|
public static void setupUsers(KeycloakSession session) {
|
||||||
|
|
|
@ -19,8 +19,6 @@ package org.keycloak.testsuite.admin.client.authorization;
|
||||||
import static org.junit.Assert.assertEquals;
|
import static org.junit.Assert.assertEquals;
|
||||||
import static org.junit.Assert.fail;
|
import static org.junit.Assert.fail;
|
||||||
|
|
||||||
import java.util.Collections;
|
|
||||||
|
|
||||||
import javax.ws.rs.NotFoundException;
|
import javax.ws.rs.NotFoundException;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
||||||
|
@ -47,7 +45,7 @@ public class ScopePermissionManagementTest extends AbstractPermissionManagementT
|
||||||
representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
|
representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
|
||||||
representation.setLogic(Logic.NEGATIVE);
|
representation.setLogic(Logic.NEGATIVE);
|
||||||
representation.addResource("Resource A");
|
representation.addResource("Resource A");
|
||||||
representation.addScopes("read", "execute");
|
representation.addScope("read", "execute");
|
||||||
representation.addPolicy("Only Marta Policy", "Only Kolo Policy");
|
representation.addPolicy("Only Marta Policy", "Only Kolo Policy");
|
||||||
|
|
||||||
assertCreated(authorization, representation);
|
assertCreated(authorization, representation);
|
||||||
|
@ -62,7 +60,7 @@ public class ScopePermissionManagementTest extends AbstractPermissionManagementT
|
||||||
representation.setDescription("description");
|
representation.setDescription("description");
|
||||||
representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
|
representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
|
||||||
representation.setLogic(Logic.NEGATIVE);
|
representation.setLogic(Logic.NEGATIVE);
|
||||||
representation.addScopes("read", "write");
|
representation.addScope("read", "write");
|
||||||
representation.addPolicy("Only Marta Policy");
|
representation.addPolicy("Only Marta Policy");
|
||||||
|
|
||||||
assertCreated(authorization, representation);
|
assertCreated(authorization, representation);
|
||||||
|
@ -78,7 +76,7 @@ public class ScopePermissionManagementTest extends AbstractPermissionManagementT
|
||||||
representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
|
representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
|
||||||
representation.setLogic(Logic.NEGATIVE);
|
representation.setLogic(Logic.NEGATIVE);
|
||||||
representation.addResource("Resource A");
|
representation.addResource("Resource A");
|
||||||
representation.addScopes("read", "execute");
|
representation.addScope("read", "execute");
|
||||||
representation.addPolicy("Only Marta Policy", "Only Kolo Policy");
|
representation.addPolicy("Only Marta Policy", "Only Kolo Policy");
|
||||||
|
|
||||||
assertCreated(authorization, representation);
|
assertCreated(authorization, representation);
|
||||||
|
@ -106,7 +104,7 @@ public class ScopePermissionManagementTest extends AbstractPermissionManagementT
|
||||||
ScopePermissionRepresentation representation = new ScopePermissionRepresentation();
|
ScopePermissionRepresentation representation = new ScopePermissionRepresentation();
|
||||||
|
|
||||||
representation.setName("Test Delete Permission");
|
representation.setName("Test Delete Permission");
|
||||||
representation.addScopes("execute");
|
representation.addScope("execute");
|
||||||
representation.addPolicy("Only Marta Policy");
|
representation.addPolicy("Only Marta Policy");
|
||||||
|
|
||||||
assertCreated(authorization, representation);
|
assertCreated(authorization, representation);
|
||||||
|
@ -131,7 +129,7 @@ public class ScopePermissionManagementTest extends AbstractPermissionManagementT
|
||||||
ScopePermissionRepresentation permission1 = new ScopePermissionRepresentation();
|
ScopePermissionRepresentation permission1 = new ScopePermissionRepresentation();
|
||||||
|
|
||||||
permission1.setName("Conflicting Name Permission");
|
permission1.setName("Conflicting Name Permission");
|
||||||
permission1.addScopes("read");
|
permission1.addScope("read");
|
||||||
permission1.addPolicy("Only Marta Policy");
|
permission1.addPolicy("Only Marta Policy");
|
||||||
|
|
||||||
ScopePermissionsResource permissions = authorization.permissions().scope();
|
ScopePermissionsResource permissions = authorization.permissions().scope();
|
||||||
|
|
|
@ -213,7 +213,7 @@ public class ConflictingScopePermissionTest extends AbstractKeycloakTest {
|
||||||
representation.addResource(resourceName);
|
representation.addResource(resourceName);
|
||||||
}
|
}
|
||||||
|
|
||||||
representation.addScopes(scopes.toArray(new String[scopes.size()]));
|
representation.addScope(scopes.toArray(new String[scopes.size()]));
|
||||||
representation.addPolicy(scopes.toArray(new String[policies.size()]));
|
representation.addPolicy(scopes.toArray(new String[policies.size()]));
|
||||||
|
|
||||||
authorization.permissions().scope().create(representation);
|
authorization.permissions().scope().create(representation);
|
||||||
|
|
|
@ -24,9 +24,7 @@ import org.keycloak.authorization.model.Policy;
|
||||||
import org.keycloak.authorization.model.Resource;
|
import org.keycloak.authorization.model.Resource;
|
||||||
import org.keycloak.authorization.model.ResourceServer;
|
import org.keycloak.authorization.model.ResourceServer;
|
||||||
import org.keycloak.authorization.model.Scope;
|
import org.keycloak.authorization.model.Scope;
|
||||||
import org.keycloak.models.AdminRoles;
|
|
||||||
import org.keycloak.models.ClientModel;
|
import org.keycloak.models.ClientModel;
|
||||||
import org.keycloak.models.Constants;
|
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.RoleModel;
|
import org.keycloak.models.RoleModel;
|
||||||
|
@ -38,6 +36,8 @@ import org.keycloak.representations.idm.authorization.DecisionStrategy;
|
||||||
import org.keycloak.representations.idm.authorization.Logic;
|
import org.keycloak.representations.idm.authorization.Logic;
|
||||||
import org.keycloak.representations.idm.authorization.PolicyEvaluationRequest;
|
import org.keycloak.representations.idm.authorization.PolicyEvaluationRequest;
|
||||||
import org.keycloak.representations.idm.authorization.PolicyEvaluationResponse;
|
import org.keycloak.representations.idm.authorization.PolicyEvaluationResponse;
|
||||||
|
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
|
||||||
|
import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation;
|
||||||
import org.keycloak.testsuite.AbstractKeycloakTest;
|
import org.keycloak.testsuite.AbstractKeycloakTest;
|
||||||
|
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
|
@ -82,34 +82,33 @@ public class PolicyEvaluationCompositeRoleTest extends AbstractKeycloakTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
private static Policy addScopePermission(AuthorizationProvider authz, ResourceServer resourceServer, String name, Resource resource, Scope scope, Policy policy) {
|
private static Policy addScopePermission(AuthorizationProvider authz, ResourceServer resourceServer, String name, Resource resource, Scope scope, Policy policy) {
|
||||||
Policy permission = authz.getStoreFactory().getPolicyStore().create(name, "scope", resourceServer);
|
ScopePermissionRepresentation representation = new ScopePermissionRepresentation();
|
||||||
String resources = "[\"" + resource.getId() + "\"]";
|
|
||||||
String scopes = "[\"" + scope.getId() + "\"]";
|
representation.setName(name);
|
||||||
String applyPolicies = "[\"" + policy.getId() + "\"]";
|
representation.setType("scope");
|
||||||
Map<String, String> config = new HashMap<>();
|
representation.addResource(resource.getName());
|
||||||
config.put("resources", resources);
|
representation.addScope(scope.getName());
|
||||||
config.put("scopes", scopes);
|
representation.addPolicy(policy.getName());
|
||||||
config.put("applyPolicies", applyPolicies);
|
representation.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
|
||||||
permission.setConfig(config);
|
representation.setLogic(Logic.POSITIVE);
|
||||||
permission.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
|
|
||||||
permission.setLogic(Logic.POSITIVE);
|
return authz.getStoreFactory().getPolicyStore().create(representation, resourceServer);
|
||||||
permission.addResource(resource);
|
|
||||||
permission.addScope(scope);
|
|
||||||
permission.addAssociatedPolicy(policy);
|
|
||||||
return permission;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
private static Policy createRolePolicy(AuthorizationProvider authz, ResourceServer resourceServer, RoleModel role) {
|
private static Policy createRolePolicy(AuthorizationProvider authz, ResourceServer resourceServer, RoleModel role) {
|
||||||
Policy policy = authz.getStoreFactory().getPolicyStore().create(role.getName(), "role", resourceServer);
|
PolicyRepresentation representation = new PolicyRepresentation();
|
||||||
|
|
||||||
|
representation.setName(role.getName());
|
||||||
|
representation.setType("role");
|
||||||
|
representation.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
|
||||||
|
representation.setLogic(Logic.POSITIVE);
|
||||||
String roleValues = "[{\"id\":\"" + role.getId() + "\",\"required\": true}]";
|
String roleValues = "[{\"id\":\"" + role.getId() + "\",\"required\": true}]";
|
||||||
policy.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
|
|
||||||
policy.setLogic(Logic.POSITIVE);
|
|
||||||
Map<String, String> config = new HashMap<>();
|
Map<String, String> config = new HashMap<>();
|
||||||
config.put("roles", roleValues);
|
config.put("roles", roleValues);
|
||||||
policy.setConfig(config);
|
representation.setConfig(config);
|
||||||
return policy;
|
|
||||||
|
return authz.getStoreFactory().getPolicyStore().create(representation, resourceServer);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -38,6 +38,7 @@ import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.RoleModel;
|
import org.keycloak.models.RoleModel;
|
||||||
import org.keycloak.representations.AccessToken;
|
import org.keycloak.representations.AccessToken;
|
||||||
|
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
|
||||||
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
|
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
|
||||||
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
|
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
|
||||||
import org.keycloak.util.JsonSerialization;
|
import org.keycloak.util.JsonSerialization;
|
||||||
|
@ -246,10 +247,14 @@ public abstract class AbstractPhotozAdminTest extends AbstractAuthorizationTest
|
||||||
return onAuthorizationSession(authorizationProvider -> {
|
return onAuthorizationSession(authorizationProvider -> {
|
||||||
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
|
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
|
||||||
PolicyStore policyStore = storeFactory.getPolicyStore();
|
PolicyStore policyStore = storeFactory.getPolicyStore();
|
||||||
Policy policy = policyStore.create("Administration Policy", "aggregate", resourceServer);
|
PolicyRepresentation representation = new PolicyRepresentation();
|
||||||
|
|
||||||
policy.addAssociatedPolicy(anyAdminPolicy);
|
representation.setName("Administration Policy");
|
||||||
policy.addAssociatedPolicy(onlyFromSpecificAddressPolicy);
|
representation.setType("aggregate");
|
||||||
|
representation.addPolicy(anyAdminPolicy.getName());
|
||||||
|
representation.addPolicy(onlyFromSpecificAddressPolicy.getName());
|
||||||
|
|
||||||
|
Policy policy = policyStore.create(representation, resourceServer);
|
||||||
|
|
||||||
return policy;
|
return policy;
|
||||||
});
|
});
|
||||||
|
@ -259,7 +264,10 @@ public abstract class AbstractPhotozAdminTest extends AbstractAuthorizationTest
|
||||||
return onAuthorizationSession(authorizationProvider -> {
|
return onAuthorizationSession(authorizationProvider -> {
|
||||||
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
|
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
|
||||||
PolicyStore policyStore = storeFactory.getPolicyStore();
|
PolicyStore policyStore = storeFactory.getPolicyStore();
|
||||||
Policy policy = policyStore.create("Only From a Specific Client Address", "js", resourceServer);
|
PolicyRepresentation representation = new PolicyRepresentation();
|
||||||
|
|
||||||
|
representation.setName("Only From a Specific Client Address");
|
||||||
|
representation.setType("js");
|
||||||
HashedMap config = new HashedMap();
|
HashedMap config = new HashedMap();
|
||||||
|
|
||||||
config.put("code",
|
config.put("code",
|
||||||
|
@ -269,9 +277,9 @@ public abstract class AbstractPhotozAdminTest extends AbstractAuthorizationTest
|
||||||
"$evaluation.grant();" +
|
"$evaluation.grant();" +
|
||||||
"}");
|
"}");
|
||||||
|
|
||||||
policy.setConfig(config);
|
representation.setConfig(config);
|
||||||
|
|
||||||
return policy;
|
return policyStore.create(representation, resourceServer);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -279,7 +287,11 @@ public abstract class AbstractPhotozAdminTest extends AbstractAuthorizationTest
|
||||||
return onAuthorizationSession(authorizationProvider -> {
|
return onAuthorizationSession(authorizationProvider -> {
|
||||||
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
|
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
|
||||||
PolicyStore policyStore = storeFactory.getPolicyStore();
|
PolicyStore policyStore = storeFactory.getPolicyStore();
|
||||||
Policy policy = policyStore.create("Any Admin Policy", "role", resourceServer);
|
PolicyRepresentation representation = new PolicyRepresentation();
|
||||||
|
|
||||||
|
representation.setName("Any Admin Policy");
|
||||||
|
representation.setType("role");
|
||||||
|
|
||||||
HashedMap config = new HashedMap();
|
HashedMap config = new HashedMap();
|
||||||
RealmModel realm = authorizationProvider.getKeycloakSession().realms().getRealmByName(TEST_REALM_NAME);
|
RealmModel realm = authorizationProvider.getKeycloakSession().realms().getRealmByName(TEST_REALM_NAME);
|
||||||
RoleModel adminRole = realm.getRole("admin");
|
RoleModel adminRole = realm.getRole("admin");
|
||||||
|
@ -294,9 +306,9 @@ public abstract class AbstractPhotozAdminTest extends AbstractAuthorizationTest
|
||||||
throw new RuntimeException(e);
|
throw new RuntimeException(e);
|
||||||
}
|
}
|
||||||
|
|
||||||
policy.setConfig(config);
|
representation.setConfig(config);
|
||||||
|
|
||||||
return policy;
|
return policyStore.create(representation, resourceServer);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -358,7 +370,11 @@ public abstract class AbstractPhotozAdminTest extends AbstractAuthorizationTest
|
||||||
return onAuthorizationSession(authorizationProvider -> {
|
return onAuthorizationSession(authorizationProvider -> {
|
||||||
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
|
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
|
||||||
PolicyStore policyStore = storeFactory.getPolicyStore();
|
PolicyStore policyStore = storeFactory.getPolicyStore();
|
||||||
Policy policy = policyStore.create("Any User Policy", "role", resourceServer);
|
PolicyRepresentation representation = new PolicyRepresentation();
|
||||||
|
|
||||||
|
representation.setName("Any User Policy");
|
||||||
|
representation.setType("role");
|
||||||
|
|
||||||
HashedMap config = new HashedMap();
|
HashedMap config = new HashedMap();
|
||||||
RealmModel realm = authorizationProvider.getKeycloakSession().realms().getRealmByName(TEST_REALM_NAME);
|
RealmModel realm = authorizationProvider.getKeycloakSession().realms().getRealmByName(TEST_REALM_NAME);
|
||||||
RoleModel userRole = realm.getRole("user");
|
RoleModel userRole = realm.getRole("user");
|
||||||
|
@ -373,7 +389,9 @@ public abstract class AbstractPhotozAdminTest extends AbstractAuthorizationTest
|
||||||
throw new RuntimeException(e);
|
throw new RuntimeException(e);
|
||||||
}
|
}
|
||||||
|
|
||||||
policy.setConfig(config);
|
representation.setConfig(config);
|
||||||
|
|
||||||
|
Policy policy = policyStore.create(representation, resourceServer);
|
||||||
|
|
||||||
return policy;
|
return policy;
|
||||||
});
|
});
|
||||||
|
|
|
@ -46,12 +46,9 @@ import java.util.HashSet;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import java.util.function.Function;
|
|
||||||
import java.util.function.Predicate;
|
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
import static org.junit.Assert.assertEquals;
|
import static org.junit.Assert.assertEquals;
|
||||||
import static org.junit.Assert.assertFalse;
|
|
||||||
import static org.junit.Assert.assertNotNull;
|
import static org.junit.Assert.assertNotNull;
|
||||||
import static org.junit.Assert.assertTrue;
|
import static org.junit.Assert.assertTrue;
|
||||||
|
|
||||||
|
@ -392,7 +389,10 @@ public class ResourcePermissionManagementTest extends AbstractPhotozAdminTest {
|
||||||
return onAuthorizationSession(authorizationProvider -> {
|
return onAuthorizationSession(authorizationProvider -> {
|
||||||
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
|
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
|
||||||
PolicyStore policyStore = storeFactory.getPolicyStore();
|
PolicyStore policyStore = storeFactory.getPolicyStore();
|
||||||
Policy policy = policyStore.create("Client-Based Policy", "client", resourceServer);
|
PolicyRepresentation representation = new PolicyRepresentation();
|
||||||
|
|
||||||
|
representation.setName("Client-Based Policy");
|
||||||
|
representation.setType("client");
|
||||||
|
|
||||||
List<String> clientIds = new ArrayList<>();
|
List<String> clientIds = new ArrayList<>();
|
||||||
for (ClientModel client : allowedClients) {
|
for (ClientModel client : allowedClients) {
|
||||||
|
@ -408,9 +408,9 @@ public class ResourcePermissionManagementTest extends AbstractPhotozAdminTest {
|
||||||
throw new RuntimeException(e);
|
throw new RuntimeException(e);
|
||||||
}
|
}
|
||||||
|
|
||||||
policy.setConfig(config);
|
representation.setConfig(config);
|
||||||
|
|
||||||
return policy;
|
return policyStore.create(representation, resourceServer);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1078,11 +1078,11 @@ module.controller('ResourceServerPolicyScopeDetailCtrl', function($scope, $route
|
||||||
|
|
||||||
$scope.selectResource = function() {
|
$scope.selectResource = function() {
|
||||||
$scope.selectedScopes = null;
|
$scope.selectedScopes = null;
|
||||||
if ($scope.policy.resources) {
|
if ($scope.selectedResource) {
|
||||||
ResourceServerResource.scopes({
|
ResourceServerResource.scopes({
|
||||||
realm: $route.current.params.realm,
|
realm: $route.current.params.realm,
|
||||||
client: client.id,
|
client: client.id,
|
||||||
rsrid: $scope.policy.resources._id
|
rsrid: $scope.selectedResource._id
|
||||||
}, function (data) {
|
}, function (data) {
|
||||||
$scope.resourceScopes = data;
|
$scope.resourceScopes = data;
|
||||||
});
|
});
|
||||||
|
@ -1091,7 +1091,6 @@ module.controller('ResourceServerPolicyScopeDetailCtrl', function($scope, $route
|
||||||
},
|
},
|
||||||
|
|
||||||
onInitUpdate : function(policy) {
|
onInitUpdate : function(policy) {
|
||||||
$scope.selectedScopes = [];
|
|
||||||
ResourceServerPolicy.resources({
|
ResourceServerPolicy.resources({
|
||||||
realm : $route.current.params.realm,
|
realm : $route.current.params.realm,
|
||||||
client : client.id,
|
client : client.id,
|
||||||
|
@ -1111,14 +1110,19 @@ module.controller('ResourceServerPolicyScopeDetailCtrl', function($scope, $route
|
||||||
deep: false
|
deep: false
|
||||||
}, function (resource) {
|
}, function (resource) {
|
||||||
resource[0].text = resource[0].name;
|
resource[0].text = resource[0].name;
|
||||||
$scope.policy.resources = resource[0];
|
$scope.selectedResource = resource[0];
|
||||||
|
var copy = angular.copy($scope.selectedResource);
|
||||||
|
$scope.$watch('selectedResource', function() {
|
||||||
|
if (!angular.equals($scope.selectedResource, copy)) {
|
||||||
|
$scope.changed = true;
|
||||||
|
}
|
||||||
|
}, true);
|
||||||
ResourceServerResource.scopes({
|
ResourceServerResource.scopes({
|
||||||
realm: $route.current.params.realm,
|
realm: $route.current.params.realm,
|
||||||
client: client.id,
|
client: client.id,
|
||||||
rsrid: resource[0]._id
|
rsrid: resource[0]._id
|
||||||
}, function (scopes) {
|
}, function (scopes) {
|
||||||
$scope.resourceScopes = scopes;
|
$scope.resourceScopes = scopes;
|
||||||
});
|
|
||||||
ResourceServerPolicy.scopes({
|
ResourceServerPolicy.scopes({
|
||||||
realm : $route.current.params.realm,
|
realm : $route.current.params.realm,
|
||||||
client : client.id,
|
client : client.id,
|
||||||
|
@ -1126,14 +1130,28 @@ module.controller('ResourceServerPolicyScopeDetailCtrl', function($scope, $route
|
||||||
}, function(scopes) {
|
}, function(scopes) {
|
||||||
$scope.selectedScopes = [];
|
$scope.selectedScopes = [];
|
||||||
for (i = 0; i < scopes.length; i++) {
|
for (i = 0; i < scopes.length; i++) {
|
||||||
|
scopes[i].text = scopes[i].name;
|
||||||
$scope.selectedScopes.push(scopes[i].id);
|
$scope.selectedScopes.push(scopes[i].id);
|
||||||
}
|
}
|
||||||
|
var copy = angular.copy($scope.selectedScopes);
|
||||||
|
$scope.$watch('selectedScopes', function() {
|
||||||
|
if (!angular.equals($scope.selectedScopes, copy)) {
|
||||||
|
$scope.changed = true;
|
||||||
|
}
|
||||||
|
}, true);
|
||||||
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
$scope.policy.resources = null;
|
$scope.selectedResource = null;
|
||||||
|
var copy = angular.copy($scope.selectedResource);
|
||||||
|
$scope.$watch('selectedResource', function() {
|
||||||
|
if (!angular.equals($scope.selectedResource, copy)) {
|
||||||
|
$scope.changed = true;
|
||||||
|
}
|
||||||
|
}, true);
|
||||||
ResourceServerPolicy.scopes({
|
ResourceServerPolicy.scopes({
|
||||||
realm : $route.current.params.realm,
|
realm : $route.current.params.realm,
|
||||||
client : client.id,
|
client : client.id,
|
||||||
|
@ -1144,26 +1162,38 @@ module.controller('ResourceServerPolicyScopeDetailCtrl', function($scope, $route
|
||||||
scopes[i].text = scopes[i].name;
|
scopes[i].text = scopes[i].name;
|
||||||
$scope.selectedScopes.push(scopes[i]);
|
$scope.selectedScopes.push(scopes[i]);
|
||||||
}
|
}
|
||||||
|
var copy = angular.copy($scope.selectedScopes);
|
||||||
|
$scope.$watch('selectedScopes', function() {
|
||||||
|
if (!angular.equals($scope.selectedScopes, copy)) {
|
||||||
|
$scope.changed = true;
|
||||||
|
}
|
||||||
|
}, true);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
policy.policies = [];
|
|
||||||
ResourceServerPolicy.associatedPolicies({
|
ResourceServerPolicy.associatedPolicies({
|
||||||
realm : $route.current.params.realm,
|
realm : $route.current.params.realm,
|
||||||
client : client.id,
|
client : client.id,
|
||||||
id : policy.id
|
id : policy.id
|
||||||
}, function(policies) {
|
}, function(policies) {
|
||||||
|
$scope.selectedPolicies = [];
|
||||||
for (i = 0; i < policies.length; i++) {
|
for (i = 0; i < policies.length; i++) {
|
||||||
policies[i].text = policies[i].name;
|
policies[i].text = policies[i].name;
|
||||||
$scope.policy.policies.push(policies[i]);
|
$scope.selectedPolicies.push(policies[i]);
|
||||||
}
|
}
|
||||||
|
var copy = angular.copy($scope.selectedPolicies);
|
||||||
|
$scope.$watch('selectedPolicies', function() {
|
||||||
|
if (!angular.equals($scope.selectedPolicies, copy)) {
|
||||||
|
$scope.changed = true;
|
||||||
|
}
|
||||||
|
}, true);
|
||||||
});
|
});
|
||||||
},
|
},
|
||||||
|
|
||||||
onUpdate : function() {
|
onUpdate : function() {
|
||||||
if ($scope.policy.resources != null) {
|
if ($scope.selectedResource != null) {
|
||||||
$scope.policy.resources = [$scope.policy.resources._id];
|
$scope.policy.resources = [$scope.selectedResource._id];
|
||||||
} else {
|
} else {
|
||||||
delete $scope.policy.resources;
|
delete $scope.policy.resources;
|
||||||
}
|
}
|
||||||
|
@ -1182,16 +1212,16 @@ module.controller('ResourceServerPolicyScopeDetailCtrl', function($scope, $route
|
||||||
|
|
||||||
var policies = [];
|
var policies = [];
|
||||||
|
|
||||||
for (i = 0; i < $scope.policy.policies.length; i++) {
|
for (i = 0; i < $scope.selectedPolicies.length; i++) {
|
||||||
policies.push($scope.policy.policies[i].id);
|
policies.push($scope.selectedPolicies[i].id);
|
||||||
}
|
}
|
||||||
|
|
||||||
$scope.policy.policies = policies;
|
$scope.policy.policies = policies;
|
||||||
|
delete $scope.policy.config;
|
||||||
},
|
},
|
||||||
|
|
||||||
onInitCreate : function(newPolicy) {
|
onInitCreate : function(newPolicy) {
|
||||||
newPolicy.decisionStrategy = 'UNANIMOUS';
|
newPolicy.decisionStrategy = 'UNANIMOUS';
|
||||||
newPolicy.resources = null;
|
|
||||||
|
|
||||||
var scopeId = $location.search()['scpid'];
|
var scopeId = $location.search()['scpid'];
|
||||||
|
|
||||||
|
@ -1203,16 +1233,16 @@ module.controller('ResourceServerPolicyScopeDetailCtrl', function($scope, $route
|
||||||
}, function (data) {
|
}, function (data) {
|
||||||
data.text = data.name;
|
data.text = data.name;
|
||||||
if (!$scope.policy.scopes) {
|
if (!$scope.policy.scopes) {
|
||||||
$scope.policy.scopes = [];
|
$scope.selectedScopes = [];
|
||||||
}
|
}
|
||||||
$scope.policy.scopes.push(data);
|
$scope.selectedScopes.push(data);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
||||||
onCreate : function() {
|
onCreate : function() {
|
||||||
if ($scope.policy.resources != null) {
|
if ($scope.selectedResource != null) {
|
||||||
$scope.policy.resources = [$scope.policy.resources._id];
|
$scope.policy.resources = [$scope.selectedResource._id];
|
||||||
}
|
}
|
||||||
|
|
||||||
var scopes = [];
|
var scopes = [];
|
||||||
|
@ -1229,8 +1259,8 @@ module.controller('ResourceServerPolicyScopeDetailCtrl', function($scope, $route
|
||||||
|
|
||||||
var policies = [];
|
var policies = [];
|
||||||
|
|
||||||
for (i = 0; i < $scope.policy.policies.length; i++) {
|
for (i = 0; i < $scope.selectedPolicies.length; i++) {
|
||||||
policies.push($scope.policy.policies[i].id);
|
policies.push($scope.selectedPolicies[i].id);
|
||||||
}
|
}
|
||||||
|
|
||||||
$scope.policy.policies = policies;
|
$scope.policy.policies = policies;
|
||||||
|
|
|
@ -32,28 +32,28 @@
|
||||||
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-resource' | translate}}</label>
|
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-resource' | translate}}</label>
|
||||||
|
|
||||||
<div class="col-md-6">
|
<div class="col-md-6">
|
||||||
<input type="hidden" ui-select2="resourcesUiSelect" data-ng-change="selectResource()" id="reqActions" data-ng-model="policy.resources" data-placeholder="{{:: 'authz-any-resource' | translate}}..." />
|
<input type="hidden" ui-select2="resourcesUiSelect" data-ng-change="selectResource()" id="reqActions" data-ng-model="selectedResource" data-placeholder="{{:: 'authz-any-resource' | translate}}..." />
|
||||||
</div>
|
</div>
|
||||||
<kc-tooltip>{{:: 'authz-permission-scope-resource.tooltip' | translate}}</kc-tooltip>
|
<kc-tooltip>{{:: 'authz-permission-scope-resource.tooltip' | translate}}</kc-tooltip>
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group clearfix" data-ng-show="policy.resources">
|
<div class="form-group clearfix" data-ng-show="selectedResource">
|
||||||
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-scopes' | translate}} <span class="required">*</span></label>
|
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-scopes' | translate}} <span class="required">*</span></label>
|
||||||
|
|
||||||
<div class="col-md-6">
|
<div class="col-md-6">
|
||||||
<select ui-select2 id="reqActions2"
|
<select ui-select2 id="reqActions2"
|
||||||
data-ng-model="selectedScopes"
|
data-ng-model="selectedScopes"
|
||||||
data-placeholder="{{:: 'authz-any-scope' | translate}}..." multiple
|
data-placeholder="{{:: 'authz-any-scope' | translate}}..." multiple
|
||||||
data-ng-required="policy.resources != null">
|
data-ng-required="selectedResource != null">
|
||||||
<option ng-repeat="scope in resourceScopes" value="{{scope.id}}">{{scope.name}}</option>
|
<option ng-repeat="scope in resourceScopes" value="{{scope.id}}">{{scope.name}}</option>
|
||||||
</select>
|
</select>
|
||||||
</div>
|
</div>
|
||||||
<kc-tooltip>{{:: 'authz-permission-scope-scope.tooltip' | translate}}</kc-tooltip>
|
<kc-tooltip>{{:: 'authz-permission-scope-scope.tooltip' | translate}}</kc-tooltip>
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group clearfix" data-ng-show="!policy.resources">
|
<div class="form-group clearfix" data-ng-show="!selectedResource">
|
||||||
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-scopes' | translate}} <span class="required">*</span></label>
|
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-scopes' | translate}} <span class="required">*</span></label>
|
||||||
|
|
||||||
<div class="col-md-6">
|
<div class="col-md-6">
|
||||||
<input type="hidden" ui-select2="scopesUiSelect" id="reqActions" data-ng-model="selectedScopes" data-placeholder="{{:: 'authz-any-scope' | translate}}..." multiple data-ng-required="policy.resources == null" />
|
<input type="hidden" ui-select2="scopesUiSelect" id="reqActions" data-ng-model="selectedScopes" data-placeholder="{{:: 'authz-any-scope' | translate}}..." multiple data-ng-required="selectedResource == null" />
|
||||||
</div>
|
</div>
|
||||||
<kc-tooltip>{{:: 'authz-permission-scope-scope.tooltip' | translate}}</kc-tooltip>
|
<kc-tooltip>{{:: 'authz-permission-scope-scope.tooltip' | translate}}</kc-tooltip>
|
||||||
</div>
|
</div>
|
||||||
|
@ -61,7 +61,7 @@
|
||||||
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-policy-apply-policy' | translate}} <span class="required">*</span></label>
|
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-policy-apply-policy' | translate}} <span class="required">*</span></label>
|
||||||
|
|
||||||
<div class="col-md-6">
|
<div class="col-md-6">
|
||||||
<input type="hidden" ui-select2="policiesUiSelect" id="reqActions" data-ng-model="policy.policies" data-placeholder="{{:: 'authz-select-a-policy' | translate}}..." multiple required />
|
<input type="hidden" ui-select2="policiesUiSelect" id="reqActions" data-ng-model="selectedPolicies" data-placeholder="{{:: 'authz-select-a-policy' | translate}}..." multiple required />
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<kc-tooltip>{{:: 'authz-policy-apply-policy.tooltip' | translate}}</kc-tooltip>
|
<kc-tooltip>{{:: 'authz-policy-apply-policy.tooltip' | translate}}</kc-tooltip>
|
||||||
|
|
Loading…
Reference in a new issue