libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Fixed tests. Removed styling changes.

Browse source
This commit is contained in:
stefvdwel 2021-02-16 15:37:23 +01:00 committed by Pedro Igor
parent 11b0c23937
commit 8f719885fd
2 changed files with 19 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
authz/client/src/main/java/org/keycloak/authorization/client/resource/PermissionResource.java
View file

@ -65,10 +65,10 @@ public class PermissionResource {
final String requester,
final Boolean granted,
final Boolean returnNames) {
Callable<Map<String, Long>> callable = new Callable<Map<String, Long>>() {
Callable<Long> callable = new Callable<Long>() {
@Override
public Map<String, Long> call() throws Exception {
return http.<Map<String, Long>>get(serverConfiguration.getPermissionEndpoint()+"/ticket/count")
public Long call() throws Exception {
return http.<Long>get(serverConfiguration.getPermissionEndpoint()+"/ticket/count")
.authorizationBearer(pat.call())
.param("resourceId", resourceId)
.param("scopeId", scopeId)
@ -76,14 +76,13 @@ public class PermissionResource {
.param("requester", requester)
.param("granted", granted == null ? null : granted.toString())
.param("returnNames", returnNames == null ? null : returnNames.toString())
.response().json(new TypeReference<Map<String, Long>>(){}).execute();
.response().json(new TypeReference<Long>(){}).execute();
}
};
try {
return callable.call().get("count");
return callable.call();
} catch (Exception cause) {
return Throwables.retryAndWrapExceptionIfNecessary(callable, pat, "Error querying permission ticket count", cause)
.get("count");
return Throwables.retryAndWrapExceptionIfNecessary(callable, pat, "Error querying permission ticket count", cause);
}
}

26
services/src/main/java/org/keycloak/authorization/protection/permission/PermissionTicketService.java
View file

@ -81,23 +81,23 @@ public class PermissionTicketService {
throw new ErrorResponseException("invalid_permission", "created permissions should have scope or scopeName", Response.Status.BAD_REQUEST);
if (representation.getRequester() == null && representation.getRequesterName() == null)
throw new ErrorResponseException("invalid_permission", "created permissions should have requester or requesterName", Response.Status.BAD_REQUEST);
ResourceStore rstore = this.authorization.getStoreFactory().getResourceStore();
Resource resource = rstore.findById(representation.getResource(), resourceServer.getId());
if (resource == null ) throw new ErrorResponseException("invalid_resource_id", "Resource set with id [" + representation.getResource() + "] does not exists in this server.", Response.Status.BAD_REQUEST);
if (!resource.getOwner().equals(this.identity.getId()))
throw new ErrorResponseException("not_authorised", "permissions for [" + representation.getResource() + "] can be only created by the owner", Response.Status.FORBIDDEN);
UserModel user = null;
if(representation.getRequester() != null)
user = this.authorization.getKeycloakSession().userStorageManager().getUserById(this.authorization.getRealm(), representation.getRequester());
else
else
user = this.authorization.getKeycloakSession().userStorageManager().getUserByUsername(this.authorization.getRealm(), representation.getRequesterName());
if (user == null)
throw new ErrorResponseException("invalid_permission", "Requester does not exists in this server as user.", Response.Status.BAD_REQUEST);
Scope scope = null;
ScopeStore sstore = this.authorization.getStoreFactory().getScopeStore();
@ -114,16 +114,16 @@ public class PermissionTicketService {
boolean match = resource.getScopes().contains(scope);
if (!match)
throw new ErrorResponseException("invalid_resource_id", "Resource set with id [" + representation.getResource() + "] does not have Scope [" + scope.getName() + "]", Response.Status.BAD_REQUEST);
throw new ErrorResponseException("invalid_resource_id", "Resource set with id [" + representation.getResource() + "] does not have Scope [" + scope.getName() + "]", Response.Status.BAD_REQUEST);
Map<String, String> attributes = new HashMap<>();
attributes.put(PermissionTicket.RESOURCE, resource.getId());
attributes.put(PermissionTicket.SCOPE, scope.getId());
attributes.put(PermissionTicket.REQUESTER, user.getId());
if (!ticketStore.find(attributes, resourceServer.getId(), -1, -1).isEmpty())
throw new ErrorResponseException("invalid_permission", "Permission already exists", Response.Status.BAD_REQUEST);
PermissionTicket ticket = ticketStore.create(resource.getId(), scope.getId(), user.getId(), resourceServer);
if(representation.isGranted())
ticket.setGrantedTimestamp(java.lang.System.currentTimeMillis());
@ -144,7 +144,7 @@ public class PermissionTicketService {
if (ticket == null) {
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "invalid_ticket", Response.Status.BAD_REQUEST);
}
if (!ticket.getOwner().equals(this.identity.getId()) && !this.identity.isResourceServer())
throw new ErrorResponseException("not_authorised", "permissions for [" + representation.getResource() + "] can be updated only by the owner or by the resource server", Response.Status.FORBIDDEN);
@ -153,7 +153,7 @@ public class PermissionTicketService {
return Response.noContent().build();
}
@Path("{id}")
@DELETE
@Consumes("application/json")
@ -168,7 +168,7 @@ public class PermissionTicketService {
if (ticket == null) {
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "invalid_ticket", Response.Status.BAD_REQUEST);
}
if (!ticket.getOwner().equals(this.identity.getId()) && !this.identity.isResourceServer() && !ticket.getRequester().equals(this.identity.getId()))
throw new ErrorResponseException("not_authorised", "permissions for [" + ticket.getResource() + "] can be deleted only by the owner, the requester, or the resource server", Response.Status.FORBIDDEN);