libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

[KEYCLOAK-3135] - Using abstract policy representation when creating policies and updating tests

Browse source
This commit is contained in:
Pedro Igor 2017-04-11 16:47:42 -03:00
parent d60dcb4c62
commit 54ebc1918c
28 changed files with 385 additions and 358 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/resource/ResourcePolicyProviderFactory.java
View file

@ -17,7 +17,7 @@ import org.keycloak.representations.idm.authorization.ResourcePermissionRepresen
/** /**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a> * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/ */
public class ResourcePolicyProviderFactory implements PolicyProviderFactory { public class ResourcePolicyProviderFactory implements PolicyProviderFactory<ResourcePermissionRepresentation> {
private ResourcePolicyProvider provider = new ResourcePolicyProvider(); private ResourcePolicyProvider provider = new ResourcePolicyProvider();
@ -36,6 +36,17 @@ public class ResourcePolicyProviderFactory implements PolicyProviderFactory {
return provider; return provider;
} }
@Override
public Class<ResourcePermissionRepresentation> getRepresentationType() {
return ResourcePermissionRepresentation.class;
}
@Override
public ResourcePermissionRepresentation toRepresentation(Policy policy, ResourcePermissionRepresentation representation) {
representation.setResourceType(policy.getConfig().get("defaultResourceType"));
return representation;
}
@Override @Override
public PolicyProviderAdminService getAdminResource(ResourceServer resourceServer, AuthorizationProvider authorization) { public PolicyProviderAdminService getAdminResource(ResourceServer resourceServer, AuthorizationProvider authorization) {
return new PolicyProviderAdminService() { return new PolicyProviderAdminService() {
@ -71,20 +82,6 @@ public class ResourcePolicyProviderFactory implements PolicyProviderFactory {
public void onRemove(Policy policy) { public void onRemove(Policy policy) {
} }
@Override
public Class<? extends AbstractPolicyRepresentation> getRepresentationType() {
return ResourcePermissionRepresentation.class;
}
@Override
public ResourcePermissionRepresentation toRepresentation(Policy policy) {
ResourcePermissionRepresentation representation = new ResourcePermissionRepresentation();
representation.setResourceType(policy.getConfig().get("defaultResourceType"));
return representation;
}
}; };
} }

21
authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/scope/ScopePolicyProviderFactory.java
View file

@ -3,9 +3,7 @@ package org.keycloak.authorization.policy.provider.scope;
import org.keycloak.Config; import org.keycloak.Config;
import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.policy.provider.PolicyProvider; import org.keycloak.authorization.policy.provider.PolicyProvider;
import org.keycloak.authorization.policy.provider.PolicyProviderAdminService;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory; import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.models.KeycloakSessionFactory;
@ -14,7 +12,7 @@ import org.keycloak.representations.idm.authorization.ScopePermissionRepresentat
/** /**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a> * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/ */
public class ScopePolicyProviderFactory implements PolicyProviderFactory { public class ScopePolicyProviderFactory implements PolicyProviderFactory<ScopePermissionRepresentation> {
private ScopePolicyProvider provider = new ScopePolicyProvider(); private ScopePolicyProvider provider = new ScopePolicyProvider();
@ -34,23 +32,18 @@ public class ScopePolicyProviderFactory implements PolicyProviderFactory {
} }
@Override @Override
public PolicyProviderAdminService getAdminResource(ResourceServer resourceServer, AuthorizationProvider authorization) { public PolicyProvider create(KeycloakSession session) {
return new PolicyProviderAdminService() { return null;
}
@Override @Override
public Class<ScopePermissionRepresentation> getRepresentationType() { public Class<ScopePermissionRepresentation> getRepresentationType() {
return ScopePermissionRepresentation.class; return ScopePermissionRepresentation.class;
} }
@Override @Override
public ScopePermissionRepresentation toRepresentation(Policy policy) { public ScopePermissionRepresentation toRepresentation(Policy policy, ScopePermissionRepresentation representation) {
return new ScopePermissionRepresentation(); return representation;
}
};
}
@Override
public PolicyProvider create(KeycloakSession session) {
return null;
} }
@Override @Override

2
core/src/main/java/org/keycloak/representations/idm/authorization/AbstractPolicyRepresentation.java
View file

@ -110,7 +110,7 @@ public class AbstractPolicyRepresentation {
return scopes; return scopes;
} }
public void addScopes(String... id) { public void addScope(String... id) {
if (this.scopes == null) { if (this.scopes == null) {
this.scopes = new HashSet<>(); this.scopes = new HashSet<>();
} }

5
core/src/main/java/org/keycloak/representations/idm/authorization/ResourcePermissionRepresentation.java
View file

@ -23,6 +23,11 @@ public class ResourcePermissionRepresentation extends AbstractPolicyRepresentati
private String resourceType; private String resourceType;
@Override
public String getType() {
return "resource";
}
public void setResourceType(String resourceType) { public void setResourceType(String resourceType) {
this.resourceType = resourceType; this.resourceType = resourceType;
} }

5
core/src/main/java/org/keycloak/representations/idm/authorization/ScopePermissionRepresentation.java
View file

@ -20,4 +20,9 @@ package org.keycloak.representations.idm.authorization;
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a> * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/ */
public class ScopePermissionRepresentation extends AbstractPolicyRepresentation { public class ScopePermissionRepresentation extends AbstractPolicyRepresentation {
@Override
public String getType() {
return "scope";
}
} }

5
model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/CachedPolicyStore.java
View file

@ -42,6 +42,7 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.authorization.infinispan.InfinispanStoreFactoryProvider.CacheTransaction; import org.keycloak.models.authorization.infinispan.InfinispanStoreFactoryProvider.CacheTransaction;
import org.keycloak.models.authorization.infinispan.entities.CachedPolicy; import org.keycloak.models.authorization.infinispan.entities.CachedPolicy;
import org.keycloak.models.cache.authorization.CachedStoreFactoryProvider; import org.keycloak.models.cache.authorization.CachedStoreFactoryProvider;
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
import org.keycloak.representations.idm.authorization.DecisionStrategy; import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic; import org.keycloak.representations.idm.authorization.Logic;
@ -74,8 +75,8 @@ public class CachedPolicyStore implements PolicyStore {
} }
@Override @Override
public Policy create(String name, String type, ResourceServer resourceServer) { public Policy create(AbstractPolicyRepresentation representation, ResourceServer resourceServer) {
Policy policy = getDelegate().create(name, type, getStoreFactory().getResourceServerStore().findById(resourceServer.getId())); Policy policy = getDelegate().create(representation, getStoreFactory().getResourceServerStore().findById(resourceServer.getId()));
String id = policy.getId(); String id = policy.getId();
this.transaction.whenRollback(() -> { this.transaction.whenRollback(() -> {

17
model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAPolicyStore.java
View file

@ -19,12 +19,13 @@ package org.keycloak.authorization.jpa.store;
import org.keycloak.authorization.jpa.entities.PolicyEntity; import org.keycloak.authorization.jpa.entities.PolicyEntity;
import org.keycloak.authorization.jpa.entities.ResourceServerEntity; import org.keycloak.authorization.jpa.entities.ResourceServerEntity;
import org.keycloak.authorization.jpa.entities.ScopeEntity;
import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
import javax.persistence.EntityManager; import javax.persistence.EntityManager;
import javax.persistence.NoResultException; import javax.persistence.NoResultException;
@ -34,7 +35,6 @@ import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.Predicate; import javax.persistence.criteria.Predicate;
import javax.persistence.criteria.Root; import javax.persistence.criteria.Root;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
@ -45,19 +45,22 @@ import java.util.Map;
public class JPAPolicyStore implements PolicyStore { public class JPAPolicyStore implements PolicyStore {
private final EntityManager entityManager; private final EntityManager entityManager;
private final StoreFactory storeFactory;
public JPAPolicyStore(EntityManager entityManager) { public JPAPolicyStore(EntityManager entityManager, StoreFactory storeFactory) {
this.entityManager = entityManager; this.entityManager = entityManager;
this.storeFactory = storeFactory;
} }
@Override @Override
public Policy create(String name, String type, ResourceServer resourceServer) { public Policy create(AbstractPolicyRepresentation representation, ResourceServer resourceServer) {
PolicyEntity entity = new PolicyEntity(); PolicyEntity entity = new PolicyEntity();
entity.setId(KeycloakModelUtils.generateId()); entity.setId(KeycloakModelUtils.generateId());
entity.setName(name);
entity.setType(type);
entity.setResourceServer((ResourceServerEntity) resourceServer); entity.setResourceServer((ResourceServerEntity) resourceServer);
entity.setType(representation.getType());
entity = (PolicyEntity) RepresentationToModel.toModel(representation, storeFactory, entity);
this.entityManager.persist(entity); this.entityManager.persist(entity);

2
model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAStoreFactory.java
View file

@ -39,7 +39,7 @@ public class JPAStoreFactory implements StoreFactory {
@Override @Override
public PolicyStore getPolicyStore() { public PolicyStore getPolicyStore() {
return new JPAPolicyStore(this.entityManager); return new JPAPolicyStore(this.entityManager, this);
} }
@Override @Override

8
server-spi-private/src/main/java/org/keycloak/authorization/policy/provider/PolicyProviderAdminService.java
View file

@ -37,12 +37,4 @@ public interface PolicyProviderAdminService<R extends AbstractPolicyRepresentati
default void onRemove(Policy policy) { default void onRemove(Policy policy) {
} }
default R toRepresentation(Policy policy) {
return null;
}
default Class<R> getRepresentationType() {
return null;
}
} }

17
server-spi-private/src/main/java/org/keycloak/authorization/policy/provider/PolicyProviderFactory.java
View file

@ -19,13 +19,16 @@
package org.keycloak.authorization.policy.provider; package org.keycloak.authorization.policy.provider;
import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.provider.ProviderFactory; import org.keycloak.provider.ProviderFactory;
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
/** /**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a> * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/ */
public interface PolicyProviderFactory extends ProviderFactory<PolicyProvider> { public interface PolicyProviderFactory<R extends AbstractPolicyRepresentation> extends ProviderFactory<PolicyProvider> {
String getName(); String getName();
@ -33,5 +36,15 @@ public interface PolicyProviderFactory extends ProviderFactory<PolicyProvider> {
PolicyProvider create(AuthorizationProvider authorization); PolicyProvider create(AuthorizationProvider authorization);
PolicyProviderAdminService getAdminResource(ResourceServer resourceServer, AuthorizationProvider authorization); default R toRepresentation(Policy policy, R representation) {
return representation;
}
default Class<R> getRepresentationType() {
return (Class<R>) PolicyRepresentation.class;
}
default PolicyProviderAdminService getAdminResource(ResourceServer resourceServer, AuthorizationProvider authorization) {
return null;
}
} }

12
server-spi-private/src/main/java/org/keycloak/authorization/store/PolicyStore.java
View file

@ -18,12 +18,13 @@
package org.keycloak.authorization.store; package org.keycloak.authorization.store;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.ResourceServer;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
/** /**
* A {@link PolicyStore} is responsible to manage the persistence of {@link Policy} instances. * A {@link PolicyStore} is responsible to manage the persistence of {@link Policy} instances.
* *
@ -35,12 +36,11 @@ public interface PolicyStore {
* Creates a new {@link Policy} instance. The new instance is not necessarily persisted though, which may require * Creates a new {@link Policy} instance. The new instance is not necessarily persisted though, which may require
* a call to the {#save} method to actually make it persistent. * a call to the {#save} method to actually make it persistent.
* *
* @param name the name of the policy * @param representation the policy representation
* @param type the type of the policy
* @param resourceServer the resource server to which this policy belongs * @param resourceServer the resource server to which this policy belongs
* @return a new instance of {@link Policy} * @return a new instance of {@link Policy}
*/ */
Policy create(String name, String type, ResourceServer resourceServer); Policy create(AbstractPolicyRepresentation representation, ResourceServer resourceServer);
/** /**
* Deletes a policy from the underlying persistence mechanism. * Deletes a policy from the underlying persistence mechanism.

33
server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
View file

@ -33,6 +33,7 @@ import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.authorization.store.ResourceStore; import org.keycloak.authorization.store.ResourceStore;
import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.common.util.Time; import org.keycloak.common.util.Time;
@ -87,6 +88,7 @@ import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserConsentRepresentation; import org.keycloak.representations.idm.UserConsentRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.UserSessionRepresentation; import org.keycloak.representations.idm.UserSessionRepresentation;
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
import org.keycloak.representations.idm.authorization.PolicyRepresentation; import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation; import org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation; import org.keycloak.representations.idm.authorization.ResourceRepresentation;
@ -793,16 +795,29 @@ public class ModelToRepresentation {
return server; return server;
} }
public static PolicyRepresentation toRepresentation(Policy model) { public static <R extends AbstractPolicyRepresentation> R toRepresentation(Policy policy, Class<R> representationType, AuthorizationProvider authorization) {
PolicyRepresentation representation = new PolicyRepresentation(); R representation;
representation.setId(model.getId()); try {
representation.setName(model.getName()); representation = representationType.newInstance();
representation.setDescription(model.getDescription()); } catch (Exception cause) {
representation.setType(model.getType()); throw new RuntimeException("Could not create policy [" + policy.getType() + "] representation", cause);
representation.setDecisionStrategy(model.getDecisionStrategy()); }
representation.setLogic(model.getLogic());
representation.setConfig(new HashMap<>(model.getConfig())); PolicyProviderFactory providerFactory = authorization.getProviderFactory(policy.getType());
representation.setId(policy.getId());
representation.setName(policy.getName());
representation.setDescription(policy.getDescription());
representation.setType(policy.getType());
representation.setDecisionStrategy(policy.getDecisionStrategy());
representation.setLogic(policy.getLogic());
if (representation instanceof PolicyRepresentation) {
PolicyRepresentation.class.cast(representation).setConfig(policy.getConfig());
} else {
representation = (R) providerFactory.toRepresentation(policy, representation);
}
return representation; return representation;
} }

190
server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
View file

@ -36,7 +36,6 @@ import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.policy.provider.PolicyProvider;
import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.ResourceServerStore; import org.keycloak.authorization.store.ResourceServerStore;
import org.keycloak.authorization.store.ResourceStore; import org.keycloak.authorization.store.ResourceStore;
@ -2037,7 +2036,7 @@ public class RepresentationToModel {
return newScope.getId(); return newScope.getId();
}).collect(Collectors.toList()))); }).collect(Collectors.toList())));
} catch (Exception e) { } catch (Exception e) {
throw new RuntimeException("Error while exporting policy [" + policyRepresentation.getName() + "].", e); throw new RuntimeException("Error while importing policy [" + policyRepresentation.getName() + "].", e);
} }
} }
@ -2061,7 +2060,7 @@ public class RepresentationToModel {
return resource.getId(); return resource.getId();
}).collect(Collectors.toList()))); }).collect(Collectors.toList())));
} catch (Exception e) { } catch (Exception e) {
throw new RuntimeException("Error while exporting policy [" + policyRepresentation.getName() + "].", e); throw new RuntimeException("Error while importing policy [" + policyRepresentation.getName() + "].", e);
} }
} }
@ -2088,118 +2087,93 @@ public class RepresentationToModel {
return policy.getId(); return policy.getId();
}).collect(Collectors.toList()))); }).collect(Collectors.toList())));
} catch (Exception e) { } catch (Exception e) {
throw new RuntimeException("Error while exporting policy [" + policyRepresentation.getName() + "].", e); throw new RuntimeException("Error while importing policy [" + policyRepresentation.getName() + "].", e);
} }
} }
if (parentPolicyName == null) { PolicyStore policyStore = storeFactory.getPolicyStore();
toModel(policyRepresentation, resourceServer, authorization); Policy policy = policyStore.findById(policyRepresentation.getId(), resourceServer.getId());
} else if (parentPolicyName.equals(policyRepresentation.getName())) {
return toModel(policyRepresentation, resourceServer, authorization); if (policy == null) {
policy = policyStore.findByName(policyRepresentation.getName(), resourceServer.getId());
}
if (policy == null) {
policy = policyStore.create(policyRepresentation, resourceServer);
} else {
toModel(policyRepresentation, storeFactory, policy);
}
if (parentPolicyName != null && parentPolicyName.equals(policyRepresentation.getName())) {
return policy;
} }
} }
return null; return null;
} }
public static Policy toModel(AbstractPolicyRepresentation representation, ResourceServer resourceServer, AuthorizationProvider authorization) { public static Policy toModel(AbstractPolicyRepresentation representation, StoreFactory storeFactory, Policy model) {
String type = representation.getType();
PolicyProvider provider = authorization.getProvider(type);
if (provider == null) {
//TODO: temporary, remove this check on future versions as drools type is now deprecated
if ("drools".equalsIgnoreCase(type)) {
type = "rules";
}
if (authorization.getProvider(type) == null) {
throw new RuntimeException("Unknown policy type [" + type + "]. Could not find a provider for this type.");
}
}
PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
Policy model;
if (representation.getId() != null) {
model = policyStore.findById(representation.getId(), resourceServer.getId());
} else {
model = policyStore.findByName(representation.getName(), resourceServer.getId());
}
if (model != null) {
model.setName(representation.getName()); model.setName(representation.getName());
model.setDescription(representation.getDescription()); model.setDescription(representation.getDescription());
model.setDecisionStrategy(representation.getDecisionStrategy()); model.setDecisionStrategy(representation.getDecisionStrategy());
model.setLogic(representation.getLogic()); model.setLogic(representation.getLogic());
} else {
model = policyStore.create(representation.getName(), type, resourceServer); Set resources = representation.getResources();
model.setDescription(representation.getDescription()); Set scopes = representation.getScopes();
model.setDecisionStrategy(representation.getDecisionStrategy()); Set policies = representation.getPolicies();
model.setLogic(representation.getLogic());
if (representation instanceof PolicyRepresentation) {
PolicyRepresentation policy = PolicyRepresentation.class.cast(representation);
String resourcesConfig = policy.getConfig().get("resources");
if (resourcesConfig != null) {
try {
resources = JsonSerialization.readValue(resourcesConfig, Set.class);
} catch (IOException e) {
throw new RuntimeException(e);
}
} }
updateResources(representation.getResources(), model, authorization); String scopesConfig = policy.getConfig().get("scopes");
updateScopes(representation.getScopes(), model, authorization);
updateAssociatedPolicies(representation.getPolicies(), model, authorization); if (scopesConfig != null) {
try {
scopes = JsonSerialization.readValue(scopesConfig, Set.class);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
String policiesConfig = policy.getConfig().get("applyPolicies");
if (policiesConfig != null) {
try {
policies = JsonSerialization.readValue(policiesConfig, Set.class);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
model.setConfig(policy.getConfig());
}
updateResources(resources, model, storeFactory);
updateScopes(scopes, model, storeFactory);
updateAssociatedPolicies(policies, model, storeFactory);
representation.setId(model.getId()); representation.setId(model.getId());
return model; return model;
} }
public static Policy toModel(PolicyRepresentation policy, ResourceServer resourceServer, AuthorizationProvider authorization) { private static void updateScopes(Set<String> scopeIds, Policy policy, StoreFactory storeFactory) {
Policy model = toModel(AbstractPolicyRepresentation.class.cast(policy), resourceServer, authorization);
String resources = policy.getConfig().get("resources");
if (resources != null) {
Set resourceIds;
try {
resourceIds = JsonSerialization.readValue(resources, Set.class);
} catch (IOException e) {
throw new RuntimeException(e);
}
updateResources(resourceIds, model, authorization);
}
String scopes = policy.getConfig().get("scopes");
if (scopes != null) {
Set scopeIds;
try {
scopeIds = JsonSerialization.readValue(scopes, Set.class);
} catch (IOException e) {
throw new RuntimeException(e);
}
updateScopes(scopeIds, model, authorization);
}
String policies = policy.getConfig().get("applyPolicies");
if (policies != null) {
Set policyIds;
try {
policyIds = JsonSerialization.readValue(policies, Set.class);
} catch (IOException e) {
throw new RuntimeException(e);
}
updateAssociatedPolicies(policyIds, model, authorization);
}
model.setConfig(policy.getConfig());
return model;
}
private static void updateScopes(Set<String> scopeIds, Policy policy, AuthorizationProvider authorization) {
if (scopeIds != null) { if (scopeIds != null) {
StoreFactory storeFactory = authorization.getStoreFactory(); if (scopeIds.isEmpty()) {
for (Scope scope : new HashSet<Scope>(policy.getScopes())) {
policy.removeScope(scope);
}
return;
}
for (String scopeId : scopeIds) { for (String scopeId : scopeIds) {
boolean hasScope = false; boolean hasScope = false;
@ -2235,16 +2209,22 @@ public class RepresentationToModel {
policy.removeScope(scopeModel); policy.removeScope(scopeModel);
} }
} }
}
policy.getConfig().remove("scopes"); policy.getConfig().remove("scopes");
} }
}
private static void updateAssociatedPolicies(Set<String> policyIds, Policy policy, AuthorizationProvider authorization) { private static void updateAssociatedPolicies(Set<String> policyIds, Policy policy, StoreFactory storeFactory) {
ResourceServer resourceServer = policy.getResourceServer(); ResourceServer resourceServer = policy.getResourceServer();
if (policyIds != null) { if (policyIds != null) {
StoreFactory storeFactory = authorization.getStoreFactory(); if (policyIds.isEmpty()) {
for (Policy associated: new HashSet<Policy>(policy.getAssociatedPolicies())) {
policy.removeAssociatedPolicy(associated);
}
return;
}
PolicyStore policyStore = storeFactory.getPolicyStore(); PolicyStore policyStore = storeFactory.getPolicyStore();
for (String policyId : policyIds) { for (String policyId : policyIds) {
@ -2280,18 +2260,20 @@ public class RepresentationToModel {
} }
if (!hasPolicy) { if (!hasPolicy) {
policy.removeAssociatedPolicy(policyModel); policy.removeAssociatedPolicy(policyModel);
; }
} }
} }
policy.getConfig().remove("applyPolicies"); policy.getConfig().remove("applyPolicies");
} }
}
private static void updateResources(Set<String> resourceIds, Policy policy, AuthorizationProvider authorization) { private static void updateResources(Set<String> resourceIds, Policy policy, StoreFactory storeFactory) {
if (resourceIds != null) { if (resourceIds != null) {
StoreFactory storeFactory = authorization.getStoreFactory(); if (resourceIds.isEmpty()) {
for (Scope scope : new HashSet<Scope>(policy.getScopes())) {
policy.removeScope(scope);
}
}
for (String resourceId : resourceIds) { for (String resourceId : resourceIds) {
boolean hasResource = false; boolean hasResource = false;
for (Resource resourceModel : new HashSet<Resource>(policy.getResources())) { for (Resource resourceModel : new HashSet<Resource>(policy.getResources())) {
@ -2326,10 +2308,14 @@ public class RepresentationToModel {
policy.removeResource(resourceModel); policy.removeResource(resourceModel);
} }
} }
} else {
for (Resource resourceModel : new HashSet<Resource>(policy.getResources())) {
policy.removeResource(resourceModel);
}
}
policy.getConfig().remove("resources"); policy.getConfig().remove("resources");
} }
}
public static Resource toModel(ResourceRepresentation resource, ResourceServer resourceServer, AuthorizationProvider authorization) { public static Resource toModel(ResourceRepresentation resource, ResourceServer resourceServer, AuthorizationProvider authorization) {
ResourceStore resourceStore = authorization.getStoreFactory().getResourceStore(); ResourceStore resourceStore = authorization.getStoreFactory().getResourceStore();

21
services/src/main/java/org/keycloak/authorization/admin/PolicyResourceService.java
View file

@ -34,7 +34,6 @@ import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.policy.provider.PolicyProviderAdminService; import org.keycloak.authorization.policy.provider.PolicyProviderAdminService;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.StoreFactory; import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.utils.ModelToRepresentation; import org.keycloak.models.utils.ModelToRepresentation;
@ -78,7 +77,7 @@ public class PolicyResourceService {
representation.setId(policy.getId()); representation.setId(policy.getId());
Policy updated = toModel(representation); Policy updated = RepresentationToModel.toModel(representation, authorization.getStoreFactory(), policy);
PolicyProviderAdminService resource = getPolicyProviderAdminResource(updated.getType()); PolicyProviderAdminService resource = getPolicyProviderAdminResource(updated.getType());
@ -93,10 +92,6 @@ public class PolicyResourceService {
return Response.status(Status.CREATED).build(); return Response.status(Status.CREATED).build();
} }
protected Policy toModel(AbstractPolicyRepresentation representation) {
return RepresentationToModel.toModel(PolicyRepresentation.class.cast(representation), resourceServer, authorization);
}
@DELETE @DELETE
public Response delete() { public Response delete() {
this.auth.requireManage(); this.auth.requireManage();
@ -140,11 +135,11 @@ public class PolicyResourceService {
return Response.status(Status.NOT_FOUND).build(); return Response.status(Status.NOT_FOUND).build();
} }
return Response.ok(toRepresentation(policy)).build(); return Response.ok(toRepresentation(policy, authorization)).build();
} }
protected Object toRepresentation(Policy model) { protected AbstractPolicyRepresentation toRepresentation(Policy policy, AuthorizationProvider authorization) {
return ModelToRepresentation.toRepresentation(model); return ModelToRepresentation.toRepresentation(policy, PolicyRepresentation.class, authorization);
} }
@Path("/dependentPolicies") @Path("/dependentPolicies")
@ -248,13 +243,7 @@ public class PolicyResourceService {
} }
protected PolicyProviderAdminService getPolicyProviderAdminResource(String policyType) { protected PolicyProviderAdminService getPolicyProviderAdminResource(String policyType) {
PolicyProviderFactory providerFactory = authorization.getProviderFactory(policyType); return authorization.getProviderFactory(policyType).getAdminResource(resourceServer, authorization);
if (providerFactory != null) {
return providerFactory.getAdminResource(resourceServer, authorization);
}
return null;
} }
protected Policy getPolicy() { protected Policy getPolicy() {

50
services/src/main/java/org/keycloak/authorization/admin/PolicyService.java
View file

@ -17,8 +17,6 @@
*/ */
package org.keycloak.authorization.admin; package org.keycloak.authorization.admin;
import static org.keycloak.models.utils.RepresentationToModel.toModel;
import java.io.IOException; import java.io.IOException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
@ -53,7 +51,7 @@ import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation; import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
import org.keycloak.representations.idm.authorization.PolicyProviderRepresentation; import org.keycloak.representations.idm.authorization.PolicyProviderRepresentation;
import org.keycloak.representations.idm.authorization.PolicyRepresentation; import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.services.ErrorResponse; import org.keycloak.services.ErrorResponseException;
import org.keycloak.services.resources.admin.RealmAuth; import org.keycloak.services.resources.admin.RealmAuth;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;
@ -97,14 +95,7 @@ public class PolicyService {
this.auth.requireManage(); this.auth.requireManage();
AbstractPolicyRepresentation representation = doCreateRepresentation(payload); AbstractPolicyRepresentation representation = doCreateRepresentation(payload);
Policy policy = create(representation);
Policy existing = authorization.getStoreFactory().getPolicyStore().findByName(representation.getName(), resourceServer.getId());
if (existing != null) {
return ErrorResponse.exists("Policy with name [" + representation.getName() + "] already exists");
}
Policy policy = doCreate(representation);
PolicyProviderAdminService provider = getPolicyProviderAdminResource(representation.getType()); PolicyProviderAdminService provider = getPolicyProviderAdminResource(representation.getType());
if (provider != null) { if (provider != null) {
@ -121,10 +112,6 @@ public class PolicyService {
return Response.status(Status.CREATED).entity(representation).build(); return Response.status(Status.CREATED).entity(representation).build();
} }
protected Policy doCreate(AbstractPolicyRepresentation representation) {
return create(PolicyRepresentation.class.cast(representation));
}
protected AbstractPolicyRepresentation doCreateRepresentation(String payload) { protected AbstractPolicyRepresentation doCreateRepresentation(String payload) {
PolicyRepresentation representation; PolicyRepresentation representation;
@ -137,8 +124,15 @@ public class PolicyService {
return representation; return representation;
} }
public Policy create(PolicyRepresentation representation) { public Policy create(AbstractPolicyRepresentation representation) {
Policy policy = toModel(representation, this.resourceServer, authorization); PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
Policy existing = policyStore.findByName(representation.getName(), resourceServer.getId());
if (existing != null) {
throw new ErrorResponseException("Policy with name [" + representation.getName() + "] already exists", "Conflicting policy", Status.CONFLICT);
}
Policy policy = policyStore.create(representation, resourceServer);
PolicyProviderAdminService resource = getPolicyProviderAdminResource(policy.getType()); PolicyProviderAdminService resource = getPolicyProviderAdminResource(policy.getType());
if (resource != null) { if (resource != null) {
@ -152,10 +146,6 @@ public class PolicyService {
return policy; return policy;
} }
protected Object toRepresentation(Policy model) {
return ModelToRepresentation.toRepresentation(model);
}
@Path("/search") @Path("/search")
@GET @GET
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@ -174,7 +164,7 @@ public class PolicyService {
return Response.status(Status.OK).build(); return Response.status(Status.OK).build();
} }
return Response.ok(toRepresentation(model)).build(); return Response.ok(toRepresentation(model, authorization)).build();
} }
@GET @GET
@ -251,10 +241,14 @@ public class PolicyService {
.build(); .build();
} }
protected AbstractPolicyRepresentation toRepresentation(Policy model, AuthorizationProvider authorization) {
return ModelToRepresentation.toRepresentation(model, PolicyRepresentation.class, authorization);
}
protected List<Object> doSearch(Integer firstResult, Integer maxResult, Map<String, String[]> filters) { protected List<Object> doSearch(Integer firstResult, Integer maxResult, Map<String, String[]> filters) {
PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore(); PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
return policyStore.findByResourceServer(filters, resourceServer.getId(), firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS).stream() return policyStore.findByResourceServer(filters, resourceServer.getId(), firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS).stream()
.map(policy -> toRepresentation(policy)) .map(policy -> toRepresentation(policy, authorization))
.collect(Collectors.toList()); .collect(Collectors.toList());
} }
@ -290,16 +284,10 @@ public class PolicyService {
} }
protected PolicyProviderAdminService getPolicyProviderAdminResource(String policyType) { protected PolicyProviderAdminService getPolicyProviderAdminResource(String policyType) {
PolicyProviderFactory providerFactory = getPolicyProviderFactory(policyType); return getPolicyProviderFactory(policyType).getAdminResource(resourceServer, authorization);
if (providerFactory != null) {
return providerFactory.getAdminResource(resourceServer, authorization);
} }
return null; protected PolicyProviderFactory getPolicyProviderFactory(String policyType) {
}
private PolicyProviderFactory getPolicyProviderFactory(String policyType) {
return authorization.getProviderFactory(policyType); return authorization.getProviderFactory(policyType);
} }

26
services/src/main/java/org/keycloak/authorization/admin/PolicyTypeResourceService.java
View file

@ -21,8 +21,8 @@ import java.io.IOException;
import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.policy.provider.PolicyProviderAdminService; import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.models.utils.RepresentationToModel; import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation; import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
import org.keycloak.services.resources.admin.RealmAuth; import org.keycloak.services.resources.admin.RealmAuth;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;
@ -39,7 +39,7 @@ public class PolicyTypeResourceService extends PolicyResourceService {
@Override @Override
protected AbstractPolicyRepresentation doCreateRepresentation(String payload) { protected AbstractPolicyRepresentation doCreateRepresentation(String payload) {
String type = getPolicy().getType(); String type = getPolicy().getType();
Class<? extends AbstractPolicyRepresentation> representationType = getPolicyProviderAdminResource(type).getRepresentationType(); Class<? extends AbstractPolicyRepresentation> representationType = authorization.getProviderFactory(type).getRepresentationType();
if (representationType == null) { if (representationType == null) {
throw new RuntimeException("Policy provider for type [" + type + "] returned a null representation type."); throw new RuntimeException("Policy provider for type [" + type + "] returned a null representation type.");
@ -59,22 +59,8 @@ public class PolicyTypeResourceService extends PolicyResourceService {
} }
@Override @Override
protected Policy toModel(AbstractPolicyRepresentation representation) { protected AbstractPolicyRepresentation toRepresentation(Policy policy, AuthorizationProvider authorization) {
return RepresentationToModel.toModel(representation, resourceServer, authorization); PolicyProviderFactory providerFactory = authorization.getProviderFactory(policy.getType());
} return ModelToRepresentation.toRepresentation(policy, providerFactory.getRepresentationType(), authorization);
@Override
protected Object toRepresentation(Policy policy) {
PolicyProviderAdminService provider = getPolicyProviderAdminResource(policy.getType());
AbstractPolicyRepresentation representation = provider.toRepresentation(policy);
representation.setId(policy.getId());
representation.setName(policy.getName());
representation.setDescription(policy.getDescription());
representation.setType(policy.getType());
representation.setDecisionStrategy(policy.getDecisionStrategy());
representation.setLogic(policy.getLogic());
return representation;
} }
} }

15
services/src/main/java/org/keycloak/authorization/admin/PolicyTypeService.java
View file

@ -16,8 +16,6 @@
*/ */
package org.keycloak.authorization.admin; package org.keycloak.authorization.admin;
import static org.keycloak.models.utils.RepresentationToModel.toModel;
import java.io.IOException; import java.io.IOException;
import javax.ws.rs.Path; import javax.ws.rs.Path;
@ -27,6 +25,8 @@ import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.policy.provider.PolicyProviderAdminService; import org.keycloak.authorization.policy.provider.PolicyProviderAdminService;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation; import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
import org.keycloak.services.resources.admin.RealmAuth; import org.keycloak.services.resources.admin.RealmAuth;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;
@ -47,6 +47,10 @@ public class PolicyTypeService extends PolicyService {
public Object getPolicyAdminResourceProvider() { public Object getPolicyAdminResourceProvider() {
PolicyProviderAdminService resource = getPolicyProviderAdminResource(type); PolicyProviderAdminService resource = getPolicyProviderAdminResource(type);
if (resource == null) {
return null;
}
ResteasyProviderFactory.getInstance().injectProperties(resource); ResteasyProviderFactory.getInstance().injectProperties(resource);
return resource; return resource;
@ -59,7 +63,7 @@ public class PolicyTypeService extends PolicyService {
@Override @Override
protected AbstractPolicyRepresentation doCreateRepresentation(String payload) { protected AbstractPolicyRepresentation doCreateRepresentation(String payload) {
PolicyProviderAdminService provider = getPolicyProviderAdminResource(type); PolicyProviderFactory provider = getPolicyProviderFactory(type);
Class<? extends AbstractPolicyRepresentation> representationType = provider.getRepresentationType(); Class<? extends AbstractPolicyRepresentation> representationType = provider.getRepresentationType();
if (representationType == null) { if (representationType == null) {
@ -80,7 +84,8 @@ public class PolicyTypeService extends PolicyService {
} }
@Override @Override
protected Policy doCreate(AbstractPolicyRepresentation representation) { protected AbstractPolicyRepresentation toRepresentation(Policy policy, AuthorizationProvider authorization) {
return toModel(representation, resourceServer, authorization); PolicyProviderFactory providerFactory = authorization.getProviderFactory(policy.getType());
return ModelToRepresentation.toRepresentation(policy, providerFactory.getRepresentationType(), authorization);
} }
} }

1
services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java
View file

@ -58,7 +58,6 @@ import java.util.HashSet;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import static org.keycloak.models.utils.ModelToRepresentation.toRepresentation; import static org.keycloak.models.utils.ModelToRepresentation.toRepresentation;

2
services/src/main/java/org/keycloak/exportimport/util/ExportUtils.java
View file

@ -337,7 +337,7 @@ public class ExportUtils {
RealmModel realm = authorizationProvider.getRealm(); RealmModel realm = authorizationProvider.getRealm();
StoreFactory storeFactory = authorizationProvider.getStoreFactory(); StoreFactory storeFactory = authorizationProvider.getStoreFactory();
try { try {
PolicyRepresentation rep = toRepresentation(policy); PolicyRepresentation rep = toRepresentation(policy, PolicyRepresentation.class, authorizationProvider);
rep.setId(null); rep.setId(null);

15
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AuthzCleanupTest.java
View file

@ -29,6 +29,7 @@ import org.keycloak.models.RoleModel;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.authorization.DecisionStrategy; import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic; import org.keycloak.representations.idm.authorization.Logic;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.runonserver.RunOnServerDeployment; import org.keycloak.testsuite.runonserver.RunOnServerDeployment;
@ -73,15 +74,19 @@ public class AuthzCleanupTest extends AbstractKeycloakTest {
} }
private static Policy createRolePolicy(AuthorizationProvider authz, ResourceServer resourceServer, RoleModel role) { private static Policy createRolePolicy(AuthorizationProvider authz, ResourceServer resourceServer, RoleModel role) {
Policy policy = authz.getStoreFactory().getPolicyStore().create(role.getName(), "role", resourceServer); PolicyRepresentation representation = new PolicyRepresentation();
representation.setName(role.getName());
representation.setType("role");
representation.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
representation.setLogic(Logic.POSITIVE);
String roleValues = "[{\"id\":\"" + role.getId() + "\",\"required\": true}]"; String roleValues = "[{\"id\":\"" + role.getId() + "\",\"required\": true}]";
policy.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
policy.setLogic(Logic.POSITIVE);
Map<String, String> config = new HashMap<>(); Map<String, String> config = new HashMap<>();
config.put("roles", roleValues); config.put("roles", roleValues);
policy.setConfig(config); representation.setConfig(config);
return policy;
return authz.getStoreFactory().getPolicyStore().create(representation, resourceServer);
} }

40
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminLocalTest.java
View file

@ -39,6 +39,8 @@ import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic; import org.keycloak.representations.idm.authorization.Logic;
import org.keycloak.representations.idm.authorization.PolicyEvaluationRequest; import org.keycloak.representations.idm.authorization.PolicyEvaluationRequest;
import org.keycloak.representations.idm.authorization.PolicyEvaluationResponse; import org.keycloak.representations.idm.authorization.PolicyEvaluationResponse;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AbstractKeycloakTest;
import java.util.HashMap; import java.util.HashMap;
@ -102,21 +104,16 @@ public class FineGrainAdminLocalTest extends AbstractKeycloakTest {
} }
private static Policy addScopePermission(AuthorizationProvider authz, ResourceServer resourceServer, String name, Resource resource, Scope scope, Policy policy) { private static Policy addScopePermission(AuthorizationProvider authz, ResourceServer resourceServer, String name, Resource resource, Scope scope, Policy policy) {
Policy permission = authz.getStoreFactory().getPolicyStore().create(name, "scope", resourceServer); ScopePermissionRepresentation representation = new ScopePermissionRepresentation();
String resources = "[\"" + resource.getId() + "\"]";
String scopes = "[\"" + scope.getId() + "\"]"; representation.setName(name);
String applyPolicies = "[\"" + policy.getId() + "\"]"; representation.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
Map<String, String> config = new HashMap<>(); representation.setLogic(Logic.POSITIVE);
config.put("resources", resources); representation.addResource(resource.getName());
config.put("scopes", scopes); representation.addScope(scope.getName());
config.put("applyPolicies", applyPolicies); representation.addPolicy(policy.getName());
permission.setConfig(config);
permission.setDecisionStrategy(DecisionStrategy.UNANIMOUS); return authz.getStoreFactory().getPolicyStore().create(representation, resourceServer);
permission.setLogic(Logic.POSITIVE);
permission.addResource(resource);
permission.addScope(scope);
permission.addAssociatedPolicy(policy);
return permission;
} }
private static Resource createRoleResource(AuthorizationProvider authz, ResourceServer resourceServer, RoleModel role) { private static Resource createRoleResource(AuthorizationProvider authz, ResourceServer resourceServer, RoleModel role) {
@ -144,15 +141,18 @@ public class FineGrainAdminLocalTest extends AbstractKeycloakTest {
roleName = client.getClientId() ; roleName = client.getClientId() ;
} }
roleName = "role.policy." + roleName + "." + role.getName(); roleName = "role.policy." + roleName + "." + role.getName();
Policy policy = authz.getStoreFactory().getPolicyStore().create(roleName, "role", resourceServer); PolicyRepresentation representation = new PolicyRepresentation();
representation.setName(roleName);
representation.setType("role");
representation.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
representation.setLogic(Logic.POSITIVE);
String roleValues = "[{\"id\":\"" + role.getId() + "\",\"required\": true}]"; String roleValues = "[{\"id\":\"" + role.getId() + "\",\"required\": true}]";
policy.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
policy.setLogic(Logic.POSITIVE);
Map<String, String> config = new HashMap<>(); Map<String, String> config = new HashMap<>();
config.put("roles", roleValues); config.put("roles", roleValues);
policy.setConfig(config); representation.setConfig(config);
return policy;
return authz.getStoreFactory().getPolicyStore().create(representation, resourceServer);
} }
public static void setupUsers(KeycloakSession session) { public static void setupUsers(KeycloakSession session) {

12
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ScopePermissionManagementTest.java
View file

@ -19,8 +19,6 @@ package org.keycloak.testsuite.admin.client.authorization;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.fail; import static org.junit.Assert.fail;
import java.util.Collections;
import javax.ws.rs.NotFoundException; import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
@ -47,7 +45,7 @@ public class ScopePermissionManagementTest extends AbstractPermissionManagementT
representation.setDecisionStrategy(DecisionStrategy.CONSENSUS); representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
representation.setLogic(Logic.NEGATIVE); representation.setLogic(Logic.NEGATIVE);
representation.addResource("Resource A"); representation.addResource("Resource A");
representation.addScopes("read", "execute"); representation.addScope("read", "execute");
representation.addPolicy("Only Marta Policy", "Only Kolo Policy"); representation.addPolicy("Only Marta Policy", "Only Kolo Policy");
assertCreated(authorization, representation); assertCreated(authorization, representation);
@ -62,7 +60,7 @@ public class ScopePermissionManagementTest extends AbstractPermissionManagementT
representation.setDescription("description"); representation.setDescription("description");
representation.setDecisionStrategy(DecisionStrategy.CONSENSUS); representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
representation.setLogic(Logic.NEGATIVE); representation.setLogic(Logic.NEGATIVE);
representation.addScopes("read", "write"); representation.addScope("read", "write");
representation.addPolicy("Only Marta Policy"); representation.addPolicy("Only Marta Policy");
assertCreated(authorization, representation); assertCreated(authorization, representation);
@ -78,7 +76,7 @@ public class ScopePermissionManagementTest extends AbstractPermissionManagementT
representation.setDecisionStrategy(DecisionStrategy.CONSENSUS); representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
representation.setLogic(Logic.NEGATIVE); representation.setLogic(Logic.NEGATIVE);
representation.addResource("Resource A"); representation.addResource("Resource A");
representation.addScopes("read", "execute"); representation.addScope("read", "execute");
representation.addPolicy("Only Marta Policy", "Only Kolo Policy"); representation.addPolicy("Only Marta Policy", "Only Kolo Policy");
assertCreated(authorization, representation); assertCreated(authorization, representation);
@ -106,7 +104,7 @@ public class ScopePermissionManagementTest extends AbstractPermissionManagementT
ScopePermissionRepresentation representation = new ScopePermissionRepresentation(); ScopePermissionRepresentation representation = new ScopePermissionRepresentation();
representation.setName("Test Delete Permission"); representation.setName("Test Delete Permission");
representation.addScopes("execute"); representation.addScope("execute");
representation.addPolicy("Only Marta Policy"); representation.addPolicy("Only Marta Policy");
assertCreated(authorization, representation); assertCreated(authorization, representation);
@ -131,7 +129,7 @@ public class ScopePermissionManagementTest extends AbstractPermissionManagementT
ScopePermissionRepresentation permission1 = new ScopePermissionRepresentation(); ScopePermissionRepresentation permission1 = new ScopePermissionRepresentation();
permission1.setName("Conflicting Name Permission"); permission1.setName("Conflicting Name Permission");
permission1.addScopes("read"); permission1.addScope("read");
permission1.addPolicy("Only Marta Policy"); permission1.addPolicy("Only Marta Policy");
ScopePermissionsResource permissions = authorization.permissions().scope(); ScopePermissionsResource permissions = authorization.permissions().scope();

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/ConflictingScopePermissionTest.java
View file

@ -213,7 +213,7 @@ public class ConflictingScopePermissionTest extends AbstractKeycloakTest {
representation.addResource(resourceName); representation.addResource(resourceName);
} }
representation.addScopes(scopes.toArray(new String[scopes.size()])); representation.addScope(scopes.toArray(new String[scopes.size()]));
representation.addPolicy(scopes.toArray(new String[policies.size()])); representation.addPolicy(scopes.toArray(new String[policies.size()]));
authorization.permissions().scope().create(representation); authorization.permissions().scope().create(representation);

43
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PolicyEvaluationCompositeRoleTest.java
View file

@ -24,9 +24,7 @@ import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.model.Scope;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.ClientModel; import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel; import org.keycloak.models.RoleModel;
@ -38,6 +36,8 @@ import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic; import org.keycloak.representations.idm.authorization.Logic;
import org.keycloak.representations.idm.authorization.PolicyEvaluationRequest; import org.keycloak.representations.idm.authorization.PolicyEvaluationRequest;
import org.keycloak.representations.idm.authorization.PolicyEvaluationResponse; import org.keycloak.representations.idm.authorization.PolicyEvaluationResponse;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AbstractKeycloakTest;
import java.util.HashMap; import java.util.HashMap;
@ -82,34 +82,33 @@ public class PolicyEvaluationCompositeRoleTest extends AbstractKeycloakTest {
} }
private static Policy addScopePermission(AuthorizationProvider authz, ResourceServer resourceServer, String name, Resource resource, Scope scope, Policy policy) { private static Policy addScopePermission(AuthorizationProvider authz, ResourceServer resourceServer, String name, Resource resource, Scope scope, Policy policy) {
Policy permission = authz.getStoreFactory().getPolicyStore().create(name, "scope", resourceServer); ScopePermissionRepresentation representation = new ScopePermissionRepresentation();
String resources = "[\"" + resource.getId() + "\"]";
String scopes = "[\"" + scope.getId() + "\"]"; representation.setName(name);
String applyPolicies = "[\"" + policy.getId() + "\"]"; representation.setType("scope");
Map<String, String> config = new HashMap<>(); representation.addResource(resource.getName());
config.put("resources", resources); representation.addScope(scope.getName());
config.put("scopes", scopes); representation.addPolicy(policy.getName());
config.put("applyPolicies", applyPolicies); representation.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
permission.setConfig(config); representation.setLogic(Logic.POSITIVE);
permission.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
permission.setLogic(Logic.POSITIVE); return authz.getStoreFactory().getPolicyStore().create(representation, resourceServer);
permission.addResource(resource);
permission.addScope(scope);
permission.addAssociatedPolicy(policy);
return permission;
} }
private static Policy createRolePolicy(AuthorizationProvider authz, ResourceServer resourceServer, RoleModel role) { private static Policy createRolePolicy(AuthorizationProvider authz, ResourceServer resourceServer, RoleModel role) {
Policy policy = authz.getStoreFactory().getPolicyStore().create(role.getName(), "role", resourceServer); PolicyRepresentation representation = new PolicyRepresentation();
representation.setName(role.getName());
representation.setType("role");
representation.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
representation.setLogic(Logic.POSITIVE);
String roleValues = "[{\"id\":\"" + role.getId() + "\",\"required\": true}]"; String roleValues = "[{\"id\":\"" + role.getId() + "\",\"required\": true}]";
policy.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
policy.setLogic(Logic.POSITIVE);
Map<String, String> config = new HashMap<>(); Map<String, String> config = new HashMap<>();
config.put("roles", roleValues); config.put("roles", roleValues);
policy.setConfig(config); representation.setConfig(config);
return policy;
return authz.getStoreFactory().getPolicyStore().create(representation, resourceServer);
} }

40
testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/AbstractPhotozAdminTest.java
View file

@ -38,6 +38,7 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel; import org.keycloak.models.RoleModel;
import org.keycloak.representations.AccessToken; import org.keycloak.representations.AccessToken;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation; import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation; import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;
@ -246,10 +247,14 @@ public abstract class AbstractPhotozAdminTest extends AbstractAuthorizationTest
return onAuthorizationSession(authorizationProvider -> { return onAuthorizationSession(authorizationProvider -> {
StoreFactory storeFactory = authorizationProvider.getStoreFactory(); StoreFactory storeFactory = authorizationProvider.getStoreFactory();
PolicyStore policyStore = storeFactory.getPolicyStore(); PolicyStore policyStore = storeFactory.getPolicyStore();
Policy policy = policyStore.create("Administration Policy", "aggregate", resourceServer); PolicyRepresentation representation = new PolicyRepresentation();
policy.addAssociatedPolicy(anyAdminPolicy); representation.setName("Administration Policy");
policy.addAssociatedPolicy(onlyFromSpecificAddressPolicy); representation.setType("aggregate");
representation.addPolicy(anyAdminPolicy.getName());
representation.addPolicy(onlyFromSpecificAddressPolicy.getName());
Policy policy = policyStore.create(representation, resourceServer);
return policy; return policy;
}); });
@ -259,7 +264,10 @@ public abstract class AbstractPhotozAdminTest extends AbstractAuthorizationTest
return onAuthorizationSession(authorizationProvider -> { return onAuthorizationSession(authorizationProvider -> {
StoreFactory storeFactory = authorizationProvider.getStoreFactory(); StoreFactory storeFactory = authorizationProvider.getStoreFactory();
PolicyStore policyStore = storeFactory.getPolicyStore(); PolicyStore policyStore = storeFactory.getPolicyStore();
Policy policy = policyStore.create("Only From a Specific Client Address", "js", resourceServer); PolicyRepresentation representation = new PolicyRepresentation();
representation.setName("Only From a Specific Client Address");
representation.setType("js");
HashedMap config = new HashedMap(); HashedMap config = new HashedMap();
config.put("code", config.put("code",
@ -269,9 +277,9 @@ public abstract class AbstractPhotozAdminTest extends AbstractAuthorizationTest
"$evaluation.grant();" + "$evaluation.grant();" +
"}"); "}");
policy.setConfig(config); representation.setConfig(config);
return policy; return policyStore.create(representation, resourceServer);
}); });
} }
@ -279,7 +287,11 @@ public abstract class AbstractPhotozAdminTest extends AbstractAuthorizationTest
return onAuthorizationSession(authorizationProvider -> { return onAuthorizationSession(authorizationProvider -> {
StoreFactory storeFactory = authorizationProvider.getStoreFactory(); StoreFactory storeFactory = authorizationProvider.getStoreFactory();
PolicyStore policyStore = storeFactory.getPolicyStore(); PolicyStore policyStore = storeFactory.getPolicyStore();
Policy policy = policyStore.create("Any Admin Policy", "role", resourceServer); PolicyRepresentation representation = new PolicyRepresentation();
representation.setName("Any Admin Policy");
representation.setType("role");
HashedMap config = new HashedMap(); HashedMap config = new HashedMap();
RealmModel realm = authorizationProvider.getKeycloakSession().realms().getRealmByName(TEST_REALM_NAME); RealmModel realm = authorizationProvider.getKeycloakSession().realms().getRealmByName(TEST_REALM_NAME);
RoleModel adminRole = realm.getRole("admin"); RoleModel adminRole = realm.getRole("admin");
@ -294,9 +306,9 @@ public abstract class AbstractPhotozAdminTest extends AbstractAuthorizationTest
throw new RuntimeException(e); throw new RuntimeException(e);
} }
policy.setConfig(config); representation.setConfig(config);
return policy; return policyStore.create(representation, resourceServer);
}); });
} }
@ -358,7 +370,11 @@ public abstract class AbstractPhotozAdminTest extends AbstractAuthorizationTest
return onAuthorizationSession(authorizationProvider -> { return onAuthorizationSession(authorizationProvider -> {
StoreFactory storeFactory = authorizationProvider.getStoreFactory(); StoreFactory storeFactory = authorizationProvider.getStoreFactory();
PolicyStore policyStore = storeFactory.getPolicyStore(); PolicyStore policyStore = storeFactory.getPolicyStore();
Policy policy = policyStore.create("Any User Policy", "role", resourceServer); PolicyRepresentation representation = new PolicyRepresentation();
representation.setName("Any User Policy");
representation.setType("role");
HashedMap config = new HashedMap(); HashedMap config = new HashedMap();
RealmModel realm = authorizationProvider.getKeycloakSession().realms().getRealmByName(TEST_REALM_NAME); RealmModel realm = authorizationProvider.getKeycloakSession().realms().getRealmByName(TEST_REALM_NAME);
RoleModel userRole = realm.getRole("user"); RoleModel userRole = realm.getRole("user");
@ -373,7 +389,9 @@ public abstract class AbstractPhotozAdminTest extends AbstractAuthorizationTest
throw new RuntimeException(e); throw new RuntimeException(e);
} }
policy.setConfig(config); representation.setConfig(config);
Policy policy = policyStore.create(representation, resourceServer);
return policy; return policy;
}); });

12
testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourcePermissionManagementTest.java
View file

@ -46,12 +46,9 @@ import java.util.HashSet;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
@ -392,7 +389,10 @@ public class ResourcePermissionManagementTest extends AbstractPhotozAdminTest {
return onAuthorizationSession(authorizationProvider -> { return onAuthorizationSession(authorizationProvider -> {
StoreFactory storeFactory = authorizationProvider.getStoreFactory(); StoreFactory storeFactory = authorizationProvider.getStoreFactory();
PolicyStore policyStore = storeFactory.getPolicyStore(); PolicyStore policyStore = storeFactory.getPolicyStore();
Policy policy = policyStore.create("Client-Based Policy", "client", resourceServer); PolicyRepresentation representation = new PolicyRepresentation();
representation.setName("Client-Based Policy");
representation.setType("client");
List<String> clientIds = new ArrayList<>(); List<String> clientIds = new ArrayList<>();
for (ClientModel client : allowedClients) { for (ClientModel client : allowedClients) {
@ -408,9 +408,9 @@ public class ResourcePermissionManagementTest extends AbstractPhotozAdminTest {
throw new RuntimeException(e); throw new RuntimeException(e);
} }
policy.setConfig(config); representation.setConfig(config);
return policy; return policyStore.create(representation, resourceServer);
}); });
} }

76
themes/src/main/resources/theme/base/admin/resources/js/authz/authz-controller.js
View file

@ -1078,11 +1078,11 @@ module.controller('ResourceServerPolicyScopeDetailCtrl', function($scope, $route
$scope.selectResource = function() { $scope.selectResource = function() {
$scope.selectedScopes = null; $scope.selectedScopes = null;
if ($scope.policy.resources) { if ($scope.selectedResource) {
ResourceServerResource.scopes({ ResourceServerResource.scopes({
realm: $route.current.params.realm, realm: $route.current.params.realm,
client: client.id, client: client.id,
rsrid: $scope.policy.resources._id rsrid: $scope.selectedResource._id
}, function (data) { }, function (data) {
$scope.resourceScopes = data; $scope.resourceScopes = data;
}); });
@ -1091,7 +1091,6 @@ module.controller('ResourceServerPolicyScopeDetailCtrl', function($scope, $route
}, },
onInitUpdate : function(policy) { onInitUpdate : function(policy) {
$scope.selectedScopes = [];
ResourceServerPolicy.resources({ ResourceServerPolicy.resources({
realm : $route.current.params.realm, realm : $route.current.params.realm,
client : client.id, client : client.id,
@ -1111,29 +1110,48 @@ module.controller('ResourceServerPolicyScopeDetailCtrl', function($scope, $route
deep: false deep: false
}, function (resource) { }, function (resource) {
resource[0].text = resource[0].name; resource[0].text = resource[0].name;
$scope.policy.resources = resource[0]; $scope.selectedResource = resource[0];
var copy = angular.copy($scope.selectedResource);
$scope.$watch('selectedResource', function() {
if (!angular.equals($scope.selectedResource, copy)) {
$scope.changed = true;
}
}, true);
ResourceServerResource.scopes({ ResourceServerResource.scopes({
realm: $route.current.params.realm, realm: $route.current.params.realm,
client: client.id, client: client.id,
rsrid: resource[0]._id rsrid: resource[0]._id
}, function (scopes) { }, function (scopes) {
$scope.resourceScopes = scopes; $scope.resourceScopes = scopes;
});
ResourceServerPolicy.scopes({ ResourceServerPolicy.scopes({
realm: $route.current.params.realm, realm : $route.current.params.realm,
client: client.id, client : client.id,
id: policy.id id : policy.id
}, function (scopes) { }, function(scopes) {
$scope.selectedScopes = []; $scope.selectedScopes = [];
for (i = 0; i < scopes.length; i++) { for (i = 0; i < scopes.length; i++) {
scopes[i].text = scopes[i].name;
$scope.selectedScopes.push(scopes[i].id); $scope.selectedScopes.push(scopes[i].id);
} }
var copy = angular.copy($scope.selectedScopes);
$scope.$watch('selectedScopes', function() {
if (!angular.equals($scope.selectedScopes, copy)) {
$scope.changed = true;
}
}, true);
});
}); });
}); });
}); });
} }
} else { } else {
$scope.policy.resources = null; $scope.selectedResource = null;
var copy = angular.copy($scope.selectedResource);
$scope.$watch('selectedResource', function() {
if (!angular.equals($scope.selectedResource, copy)) {
$scope.changed = true;
}
}, true);
ResourceServerPolicy.scopes({ ResourceServerPolicy.scopes({
realm : $route.current.params.realm, realm : $route.current.params.realm,
client : client.id, client : client.id,
@ -1144,26 +1162,38 @@ module.controller('ResourceServerPolicyScopeDetailCtrl', function($scope, $route
scopes[i].text = scopes[i].name; scopes[i].text = scopes[i].name;
$scope.selectedScopes.push(scopes[i]); $scope.selectedScopes.push(scopes[i]);
} }
var copy = angular.copy($scope.selectedScopes);
$scope.$watch('selectedScopes', function() {
if (!angular.equals($scope.selectedScopes, copy)) {
$scope.changed = true;
}
}, true);
}); });
} }
}); });
policy.policies = [];
ResourceServerPolicy.associatedPolicies({ ResourceServerPolicy.associatedPolicies({
realm : $route.current.params.realm, realm : $route.current.params.realm,
client : client.id, client : client.id,
id : policy.id id : policy.id
}, function(policies) { }, function(policies) {
$scope.selectedPolicies = [];
for (i = 0; i < policies.length; i++) { for (i = 0; i < policies.length; i++) {
policies[i].text = policies[i].name; policies[i].text = policies[i].name;
$scope.policy.policies.push(policies[i]); $scope.selectedPolicies.push(policies[i]);
} }
var copy = angular.copy($scope.selectedPolicies);
$scope.$watch('selectedPolicies', function() {
if (!angular.equals($scope.selectedPolicies, copy)) {
$scope.changed = true;
}
}, true);
}); });
}, },
onUpdate : function() { onUpdate : function() {
if ($scope.policy.resources != null) { if ($scope.selectedResource != null) {
$scope.policy.resources = [$scope.policy.resources._id]; $scope.policy.resources = [$scope.selectedResource._id];
} else { } else {
delete $scope.policy.resources; delete $scope.policy.resources;
} }
@ -1182,16 +1212,16 @@ module.controller('ResourceServerPolicyScopeDetailCtrl', function($scope, $route
var policies = []; var policies = [];
for (i = 0; i < $scope.policy.policies.length; i++) { for (i = 0; i < $scope.selectedPolicies.length; i++) {
policies.push($scope.policy.policies[i].id); policies.push($scope.selectedPolicies[i].id);
} }
$scope.policy.policies = policies; $scope.policy.policies = policies;
delete $scope.policy.config;
}, },
onInitCreate : function(newPolicy) { onInitCreate : function(newPolicy) {
newPolicy.decisionStrategy = 'UNANIMOUS'; newPolicy.decisionStrategy = 'UNANIMOUS';
newPolicy.resources = null;
var scopeId = $location.search()['scpid']; var scopeId = $location.search()['scpid'];
@ -1203,16 +1233,16 @@ module.controller('ResourceServerPolicyScopeDetailCtrl', function($scope, $route
}, function (data) { }, function (data) {
data.text = data.name; data.text = data.name;
if (!$scope.policy.scopes) { if (!$scope.policy.scopes) {
$scope.policy.scopes = []; $scope.selectedScopes = [];
} }
$scope.policy.scopes.push(data); $scope.selectedScopes.push(data);
}); });
} }
}, },
onCreate : function() { onCreate : function() {
if ($scope.policy.resources != null) { if ($scope.selectedResource != null) {
$scope.policy.resources = [$scope.policy.resources._id]; $scope.policy.resources = [$scope.selectedResource._id];
} }
var scopes = []; var scopes = [];
@ -1229,8 +1259,8 @@ module.controller('ResourceServerPolicyScopeDetailCtrl', function($scope, $route
var policies = []; var policies = [];
for (i = 0; i < $scope.policy.policies.length; i++) { for (i = 0; i < $scope.selectedPolicies.length; i++) {
policies.push($scope.policy.policies[i].id); policies.push($scope.selectedPolicies[i].id);
} }
$scope.policy.policies = policies; $scope.policy.policies = policies;

12
themes/src/main/resources/theme/base/admin/resources/partials/authz/permission/provider/resource-server-policy-scope-detail.html
View file

@ -32,28 +32,28 @@
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-resource' | translate}}</label> <label class="col-md-2 control-label" for="reqActions">{{:: 'authz-resource' | translate}}</label>
<div class="col-md-6"> <div class="col-md-6">
<input type="hidden" ui-select2="resourcesUiSelect" data-ng-change="selectResource()" id="reqActions" data-ng-model="policy.resources" data-placeholder="{{:: 'authz-any-resource' | translate}}..." /> <input type="hidden" ui-select2="resourcesUiSelect" data-ng-change="selectResource()" id="reqActions" data-ng-model="selectedResource" data-placeholder="{{:: 'authz-any-resource' | translate}}..." />
</div> </div>
<kc-tooltip>{{:: 'authz-permission-scope-resource.tooltip' | translate}}</kc-tooltip> <kc-tooltip>{{:: 'authz-permission-scope-resource.tooltip' | translate}}</kc-tooltip>
</div> </div>
<div class="form-group clearfix" data-ng-show="policy.resources"> <div class="form-group clearfix" data-ng-show="selectedResource">
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-scopes' | translate}} <span class="required">*</span></label> <label class="col-md-2 control-label" for="reqActions">{{:: 'authz-scopes' | translate}} <span class="required">*</span></label>
<div class="col-md-6"> <div class="col-md-6">
<select ui-select2 id="reqActions2" <select ui-select2 id="reqActions2"
data-ng-model="selectedScopes" data-ng-model="selectedScopes"
data-placeholder="{{:: 'authz-any-scope' | translate}}..." multiple data-placeholder="{{:: 'authz-any-scope' | translate}}..." multiple
data-ng-required="policy.resources != null"> data-ng-required="selectedResource != null">
<option ng-repeat="scope in resourceScopes" value="{{scope.id}}">{{scope.name}}</option> <option ng-repeat="scope in resourceScopes" value="{{scope.id}}">{{scope.name}}</option>
</select> </select>
</div> </div>
<kc-tooltip>{{:: 'authz-permission-scope-scope.tooltip' | translate}}</kc-tooltip> <kc-tooltip>{{:: 'authz-permission-scope-scope.tooltip' | translate}}</kc-tooltip>
</div> </div>
<div class="form-group clearfix" data-ng-show="!policy.resources"> <div class="form-group clearfix" data-ng-show="!selectedResource">
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-scopes' | translate}} <span class="required">*</span></label> <label class="col-md-2 control-label" for="reqActions">{{:: 'authz-scopes' | translate}} <span class="required">*</span></label>
<div class="col-md-6"> <div class="col-md-6">
<input type="hidden" ui-select2="scopesUiSelect" id="reqActions" data-ng-model="selectedScopes" data-placeholder="{{:: 'authz-any-scope' | translate}}..." multiple data-ng-required="policy.resources == null" /> <input type="hidden" ui-select2="scopesUiSelect" id="reqActions" data-ng-model="selectedScopes" data-placeholder="{{:: 'authz-any-scope' | translate}}..." multiple data-ng-required="selectedResource == null" />
</div> </div>
<kc-tooltip>{{:: 'authz-permission-scope-scope.tooltip' | translate}}</kc-tooltip> <kc-tooltip>{{:: 'authz-permission-scope-scope.tooltip' | translate}}</kc-tooltip>
</div> </div>
@ -61,7 +61,7 @@
<label class="col-md-2 control-label" for="reqActions">{{:: 'authz-policy-apply-policy' | translate}} <span class="required">*</span></label> <label class="col-md-2 control-label" for="reqActions">{{:: 'authz-policy-apply-policy' | translate}} <span class="required">*</span></label>
<div class="col-md-6"> <div class="col-md-6">
<input type="hidden" ui-select2="policiesUiSelect" id="reqActions" data-ng-model="policy.policies" data-placeholder="{{:: 'authz-select-a-policy' | translate}}..." multiple required /> <input type="hidden" ui-select2="policiesUiSelect" id="reqActions" data-ng-model="selectedPolicies" data-placeholder="{{:: 'authz-select-a-policy' | translate}}..." multiple required />
</div> </div>
<kc-tooltip>{{:: 'authz-policy-apply-policy.tooltip' | translate}}</kc-tooltip> <kc-tooltip>{{:: 'authz-policy-apply-policy.tooltip' | translate}}</kc-tooltip>