libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

[KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup

Browse source
This commit is contained in:
Pedro Igor 2016-12-19 16:48:16 -02:00
parent c9c9f05e29
commit 5cf5168770
7 changed files with 49 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/CachedPolicyStore.java
View file

@ -419,7 +419,7 @@ public class CachedPolicyStore implements PolicyStore {
List<Policy> result = provider.get(); List<Policy> result = provider.get();
if (result.isEmpty()) { if (result.isEmpty()) {
return null; return Collections.emptyList();
} }
return result.stream().map(policy -> new CachedPolicy(policy)).collect(Collectors.toList()); return result.stream().map(policy -> new CachedPolicy(policy)).collect(Collectors.toList());
@ -429,11 +429,6 @@ public class CachedPolicyStore implements PolicyStore {
return Collections.emptyList(); return Collections.emptyList();
} }
return cached.stream().map(new Function<CachedPolicy, Policy>() { return cached.stream().map(cachedPolicy -> createAdapter(cachedPolicy)).collect(Collectors.toList());
@Override
public Policy apply(CachedPolicy cachedPolicy) {
return findById(cachedPolicy.getId(), cachedPolicy.getResourceServerId());
}
}).collect(Collectors.toList());
} }
} }

7
model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/CachedResourceStore.java
View file

@ -310,12 +310,7 @@ public class CachedResourceStore implements ResourceStore {
return Collections.emptyList(); return Collections.emptyList();
} }
return cached.stream().map(new Function<CachedResource, Resource>() { return cached.stream().map(this::createAdapter).collect(Collectors.toList());
@Override
public Resource apply(CachedResource cached) {
return findById(cached.getId(), cached.getResourceServerId());
}
}).collect(Collectors.toList());
} }
private void invalidateCache(String resourceServerId) { private void invalidateCache(String resourceServerId) {

29
model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/PolicyEntity.java
View file

@ -18,11 +18,10 @@
package org.keycloak.authorization.jpa.entities; package org.keycloak.authorization.jpa.entities;
import org.keycloak.authorization.model.Policy; import java.util.HashMap;
import org.keycloak.authorization.model.Resource; import java.util.HashSet;
import org.keycloak.authorization.model.Scope; import java.util.Map;
import org.keycloak.representations.idm.authorization.DecisionStrategy; import java.util.Set;
import org.keycloak.representations.idm.authorization.Logic;
import javax.persistence.Access; import javax.persistence.Access;
import javax.persistence.AccessType; import javax.persistence.AccessType;
@ -34,15 +33,17 @@ import javax.persistence.FetchType;
import javax.persistence.Id; import javax.persistence.Id;
import javax.persistence.JoinColumn; import javax.persistence.JoinColumn;
import javax.persistence.JoinTable; import javax.persistence.JoinTable;
import javax.persistence.ManyToMany;
import javax.persistence.ManyToOne; import javax.persistence.ManyToOne;
import javax.persistence.MapKeyColumn; import javax.persistence.MapKeyColumn;
import javax.persistence.OneToMany;
import javax.persistence.Table; import javax.persistence.Table;
import javax.persistence.UniqueConstraint; import javax.persistence.UniqueConstraint;
import java.util.HashMap;
import java.util.HashSet; import org.keycloak.authorization.model.Policy;
import java.util.Map; import org.keycloak.authorization.model.Resource;
import java.util.Set; import org.keycloak.authorization.model.Scope;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic;
/** /**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a> * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
@ -79,19 +80,19 @@ public class PolicyEntity implements Policy {
@CollectionTable(name="POLICY_CONFIG", joinColumns={ @JoinColumn(name="POLICY_ID") }) @CollectionTable(name="POLICY_CONFIG", joinColumns={ @JoinColumn(name="POLICY_ID") })
private Map<String, String> config = new HashMap(); private Map<String, String> config = new HashMap();
@ManyToOne(optional = false) @ManyToOne(optional = false, fetch = FetchType.LAZY)
@JoinColumn(name = "RESOURCE_SERVER_ID") @JoinColumn(name = "RESOURCE_SERVER_ID")
private ResourceServerEntity resourceServer; private ResourceServerEntity resourceServer;
@ManyToMany(fetch = FetchType.LAZY, cascade = {}) @OneToMany(fetch = FetchType.LAZY, cascade = {})
@JoinTable(name = "ASSOCIATED_POLICY", joinColumns = @JoinColumn(name = "POLICY_ID"), inverseJoinColumns = @JoinColumn(name = "ASSOCIATED_POLICY_ID")) @JoinTable(name = "ASSOCIATED_POLICY", joinColumns = @JoinColumn(name = "POLICY_ID"), inverseJoinColumns = @JoinColumn(name = "ASSOCIATED_POLICY_ID"))
private Set<PolicyEntity> associatedPolicies = new HashSet<>(); private Set<PolicyEntity> associatedPolicies = new HashSet<>();
@ManyToMany(fetch = FetchType.LAZY, cascade = {}) @OneToMany(fetch = FetchType.LAZY, cascade = {})
@JoinTable(name = "RESOURCE_POLICY", joinColumns = @JoinColumn(name = "POLICY_ID"), inverseJoinColumns = @JoinColumn(name = "RESOURCE_ID")) @JoinTable(name = "RESOURCE_POLICY", joinColumns = @JoinColumn(name = "POLICY_ID"), inverseJoinColumns = @JoinColumn(name = "RESOURCE_ID"))
private Set<ResourceEntity> resources = new HashSet<>(); private Set<ResourceEntity> resources = new HashSet<>();
@ManyToMany(fetch = FetchType.EAGER, cascade = {}) @OneToMany(fetch = FetchType.EAGER, cascade = {})
@JoinTable(name = "SCOPE_POLICY", joinColumns = @JoinColumn(name = "POLICY_ID"), inverseJoinColumns = @JoinColumn(name = "SCOPE_ID")) @JoinTable(name = "SCOPE_POLICY", joinColumns = @JoinColumn(name = "POLICY_ID"), inverseJoinColumns = @JoinColumn(name = "SCOPE_ID"))
private Set<ScopeEntity> scopes = new HashSet<>(); private Set<ScopeEntity> scopes = new HashSet<>();

2
model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/ResourceEntity.java
View file

@ -67,7 +67,7 @@ public class ResourceEntity implements Resource {
@Column(name = "OWNER") @Column(name = "OWNER")
private String owner; private String owner;
@ManyToOne(optional = false) @ManyToOne(optional = false, fetch = FetchType.LAZY)
@JoinColumn(name = "RESOURCE_SERVER_ID") @JoinColumn(name = "RESOURCE_SERVER_ID")
private ResourceServerEntity resourceServer; private ResourceServerEntity resourceServer;

2
model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/ScopeEntity.java
View file

@ -57,7 +57,7 @@ public class ScopeEntity implements Scope {
@Column(name = "ICON_URI") @Column(name = "ICON_URI")
private String iconUri; private String iconUri;
@ManyToOne(optional = false) @ManyToOne(optional = false, fetch = FetchType.LAZY)
@JoinColumn(name = "RESOURCE_SERVER_ID") @JoinColumn(name = "RESOURCE_SERVER_ID")
private ResourceServerEntity resourceServer; private ResourceServerEntity resourceServer;

30
services/src/main/java/org/keycloak/authorization/util/Permissions.java
View file

@ -61,8 +61,8 @@ public final class Permissions {
StoreFactory storeFactory = authorization.getStoreFactory(); StoreFactory storeFactory = authorization.getStoreFactory();
ResourceStore resourceStore = storeFactory.getResourceStore(); ResourceStore resourceStore = storeFactory.getResourceStore();
resourceStore.findByOwner(resourceServer.getClientId(), resourceServer.getId()).stream().forEach(resource -> permissions.addAll(createResourcePermissions(resource, resource.getScopes().stream().map(Scope::getName).collect(Collectors.toSet()), authorization))); resourceStore.findByOwner(resourceServer.getClientId(), resourceServer.getId()).stream().forEach(resource -> permissions.addAll(createResourcePermissionsWithScopes(resource, resource.getScopes(), authorization)));
resourceStore.findByOwner(identity.getId(), resourceServer.getId()).stream().forEach(resource -> permissions.addAll(createResourcePermissions(resource, resource.getScopes().stream().map(Scope::getName).collect(Collectors.toSet()), authorization))); resourceStore.findByOwner(identity.getId(), resourceServer.getId()).stream().forEach(resource -> permissions.addAll(createResourcePermissionsWithScopes(resource, resource.getScopes(), authorization)));
return permissions; return permissions;
} }
@ -108,6 +108,32 @@ public final class Permissions {
return permissions; return permissions;
} }
public static List<ResourcePermission> createResourcePermissionsWithScopes(Resource resource, List<Scope> scopes, AuthorizationProvider authorization) {
List<ResourcePermission> permissions = new ArrayList<>();
String type = resource.getType();
ResourceServer resourceServer = resource.getResourceServer();
// check if there is a typed resource whose scopes are inherited by the resource being requested. In this case, we assume that parent resource
// is owned by the resource server itself
if (type != null && !resource.getOwner().equals(resourceServer.getClientId())) {
StoreFactory storeFactory = authorization.getStoreFactory();
ResourceStore resourceStore = storeFactory.getResourceStore();
resourceStore.findByType(type, resourceServer.getId()).forEach(resource1 -> {
if (resource1.getOwner().equals(resourceServer.getClientId())) {
for (Scope typeScope : resource1.getScopes()) {
if (!scopes.contains(typeScope)) {
scopes.add(typeScope);
}
}
}
});
}
permissions.add(new ResourcePermission(resource, scopes, resource.getResourceServer()));
return permissions;
}
public static List<Permission> allPermits(List<Result> evaluation, AuthorizationProvider authorizationProvider, ResourceServer resourceServer) { public static List<Permission> allPermits(List<Result> evaluation, AuthorizationProvider authorizationProvider, ResourceServer resourceServer) {
Map<String, Permission> permissions = new HashMap<>(); Map<String, Permission> permissions = new HashMap<>();

2
themes/src/main/resources/theme/base/admin/resources/partials/authz/permission/resource-server-permission-list.html
View file

@ -83,7 +83,7 @@
<table class="table kc-authz-table-expanded table-striped"> <table class="table kc-authz-table-expanded table-striped">
<thead> <thead>
<tr> <tr>
<th>Dependent Permissions</th> <th>Associated Permissions</th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>