Authorization services refactoring
Closes: #10447 * Prepare logical layer to distinguish between ResourceServer id and client.id * Reorder Authz methods: For entities outside of Authz we use RealmModel as first parameter for each method, to be consistent with this we move ResourceServer to the first place for each method in authz * Prepare Logical (Models/Adapters) layer for returning other models instead of ids * Replace resourceServerId with resourceServer model in PermissionTicketStore * Replace resourceServerId with resourceServer model in PolicyStore * Replace resourceServerId with resourceServer model in ScopeStore * Replace resourceServerId with resourceServer model in ResourceStore * Fix PermissionTicketStore bug * Fix NPEs in caching layer * Replace primitive int with Integer for pagination parameters
This commit is contained in:
parent
c0255cbeea
commit
99c06d1102
79 changed files with 1257 additions and 1139 deletions
|
@ -112,7 +112,7 @@ public class ClientPolicyProviderFactory implements PolicyProviderFactory<Client
|
||||||
ResourceServer resourceServer = resourceServerStore.findByClient(removedClient);
|
ResourceServer resourceServer = resourceServerStore.findByClient(removedClient);
|
||||||
|
|
||||||
if (resourceServer != null) {
|
if (resourceServer != null) {
|
||||||
policyStore.findByType(getId(), resourceServer.getId()).forEach(policy -> {
|
policyStore.findByType(resourceServer, getId()).forEach(policy -> {
|
||||||
List<String> clients = new ArrayList<>();
|
List<String> clients = new ArrayList<>();
|
||||||
|
|
||||||
for (String clientId : getClients(policy)) {
|
for (String clientId : getClients(policy)) {
|
||||||
|
|
|
@ -74,7 +74,7 @@ public class ClientScopePolicyProviderFactory implements PolicyProviderFactory<C
|
||||||
|
|
||||||
filters.put(Policy.FilterOption.TYPE, new String[] { getId() });
|
filters.put(Policy.FilterOption.TYPE, new String[] { getId() });
|
||||||
|
|
||||||
policyStore.findByResourceServer(filters, null, -1, -1).forEach(new Consumer<Policy>() {
|
policyStore.findByResourceServer(null, filters, null, null).forEach(new Consumer<Policy>() {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void accept(Policy policy) {
|
public void accept(Policy policy) {
|
||||||
|
|
|
@ -28,7 +28,6 @@ import org.keycloak.authorization.policy.provider.PolicyProvider;
|
||||||
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
|
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
|
||||||
import org.keycloak.authorization.store.PolicyStore;
|
import org.keycloak.authorization.store.PolicyStore;
|
||||||
import org.keycloak.models.ClientModel;
|
import org.keycloak.models.ClientModel;
|
||||||
import org.keycloak.models.GroupModel;
|
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.KeycloakSessionFactory;
|
import org.keycloak.models.KeycloakSessionFactory;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
|
@ -397,7 +396,7 @@ public class UMAPolicyProviderFactory implements PolicyProviderFactory<UmaPermis
|
||||||
rep.setName(KeycloakModelUtils.generateId());
|
rep.setName(KeycloakModelUtils.generateId());
|
||||||
rep.setCode(condition);
|
rep.setCode(condition);
|
||||||
|
|
||||||
Policy associatedPolicy = policyStore.create(rep, policy.getResourceServer());
|
Policy associatedPolicy = policyStore.create(policy.getResourceServer(), rep);
|
||||||
|
|
||||||
associatedPolicy.setOwner(owner);
|
associatedPolicy.setOwner(owner);
|
||||||
|
|
||||||
|
@ -410,7 +409,7 @@ public class UMAPolicyProviderFactory implements PolicyProviderFactory<UmaPermis
|
||||||
rep.setName(KeycloakModelUtils.generateId());
|
rep.setName(KeycloakModelUtils.generateId());
|
||||||
rep.addClient(client);
|
rep.addClient(client);
|
||||||
|
|
||||||
Policy associatedPolicy = policyStore.create(rep, policy.getResourceServer());
|
Policy associatedPolicy = policyStore.create(policy.getResourceServer(), rep);
|
||||||
|
|
||||||
associatedPolicy.setOwner(owner);
|
associatedPolicy.setOwner(owner);
|
||||||
|
|
||||||
|
@ -423,7 +422,7 @@ public class UMAPolicyProviderFactory implements PolicyProviderFactory<UmaPermis
|
||||||
rep.setName(KeycloakModelUtils.generateId());
|
rep.setName(KeycloakModelUtils.generateId());
|
||||||
rep.addGroupPath(group);
|
rep.addGroupPath(group);
|
||||||
|
|
||||||
Policy associatedPolicy = policyStore.create(rep, policy.getResourceServer());
|
Policy associatedPolicy = policyStore.create(policy.getResourceServer(), rep);
|
||||||
|
|
||||||
associatedPolicy.setOwner(owner);
|
associatedPolicy.setOwner(owner);
|
||||||
|
|
||||||
|
@ -436,7 +435,7 @@ public class UMAPolicyProviderFactory implements PolicyProviderFactory<UmaPermis
|
||||||
rep.setName(KeycloakModelUtils.generateId());
|
rep.setName(KeycloakModelUtils.generateId());
|
||||||
rep.addRole(role, false);
|
rep.addRole(role, false);
|
||||||
|
|
||||||
Policy associatedPolicy = policyStore.create(rep, policy.getResourceServer());
|
Policy associatedPolicy = policyStore.create(policy.getResourceServer(), rep);
|
||||||
|
|
||||||
associatedPolicy.setOwner(owner);
|
associatedPolicy.setOwner(owner);
|
||||||
|
|
||||||
|
@ -449,7 +448,7 @@ public class UMAPolicyProviderFactory implements PolicyProviderFactory<UmaPermis
|
||||||
rep.setName(KeycloakModelUtils.generateId());
|
rep.setName(KeycloakModelUtils.generateId());
|
||||||
rep.addUser(user);
|
rep.addUser(user);
|
||||||
|
|
||||||
Policy associatedPolicy = policyStore.create(rep, policy.getResourceServer());
|
Policy associatedPolicy = policyStore.create(policy.getResourceServer(), rep);
|
||||||
|
|
||||||
associatedPolicy.setOwner(owner);
|
associatedPolicy.setOwner(owner);
|
||||||
|
|
||||||
|
|
|
@ -223,7 +223,7 @@ public class RolePolicyProviderFactory implements PolicyProviderFactory<RolePoli
|
||||||
ResourceServer resourceServer = resourceServerStore.findByClient(clientModel);
|
ResourceServer resourceServer = resourceServerStore.findByClient(clientModel);
|
||||||
|
|
||||||
if (resourceServer != null) {
|
if (resourceServer != null) {
|
||||||
policyStore.findByType(getId(), resourceServer.getId()).forEach(policy -> {
|
policyStore.findByType(resourceServer, getId()).forEach(policy -> {
|
||||||
List<Map> roles = new ArrayList<>();
|
List<Map> roles = new ArrayList<>();
|
||||||
|
|
||||||
for (Map<String,Object> role : getRoles(policy)) {
|
for (Map<String,Object> role : getRoles(policy)) {
|
||||||
|
|
|
@ -42,7 +42,8 @@ public class PermissionTicketAdapter implements PermissionTicket, CachedModel<Pe
|
||||||
@Override
|
@Override
|
||||||
public PermissionTicket getDelegateForUpdate() {
|
public PermissionTicket getDelegateForUpdate() {
|
||||||
if (updated == null) {
|
if (updated == null) {
|
||||||
updated = cacheSession.getPermissionTicketStoreDelegate().findById(cached.getId(), cached.getResourceServerId());
|
ResourceServer resourceServer = cacheSession.getResourceServerStoreDelegate().findById(cached.getResourceServerId());
|
||||||
|
updated = cacheSession.getPermissionTicketStoreDelegate().findById(resourceServer, cached.getId());
|
||||||
if (updated == null) throw new IllegalStateException("Not found in database");
|
if (updated == null) throw new IllegalStateException("Not found in database");
|
||||||
cacheSession.registerPermissionTicketInvalidation(cached.getId(), cached.getOwner(), cached.getRequester(), cached.getResourceId(), updated.getResource().getName(), cached.getScopeId(), cached.getResourceServerId());
|
cacheSession.registerPermissionTicketInvalidation(cached.getId(), cached.getOwner(), cached.getRequester(), cached.getResourceId(), updated.getResource().getName(), cached.getScopeId(), cached.getResourceServerId());
|
||||||
}
|
}
|
||||||
|
@ -69,7 +70,8 @@ public class PermissionTicketAdapter implements PermissionTicket, CachedModel<Pe
|
||||||
protected boolean isUpdated() {
|
protected boolean isUpdated() {
|
||||||
if (updated != null) return true;
|
if (updated != null) return true;
|
||||||
if (!invalidated) return false;
|
if (!invalidated) return false;
|
||||||
updated = cacheSession.getPermissionTicketStoreDelegate().findById(cached.getId(), cached.getResourceServerId());
|
ResourceServer resourceServer = cacheSession.getResourceServerStoreDelegate().findById(cached.getResourceServerId());
|
||||||
|
updated = cacheSession.getPermissionTicketStoreDelegate().findById(resourceServer, cached.getId());
|
||||||
if (updated == null) throw new IllegalStateException("Not found in database");
|
if (updated == null) throw new IllegalStateException("Not found in database");
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
@ -126,7 +128,7 @@ public class PermissionTicketAdapter implements PermissionTicket, CachedModel<Pe
|
||||||
@Override
|
@Override
|
||||||
public Policy getPolicy() {
|
public Policy getPolicy() {
|
||||||
if (isUpdated()) return updated.getPolicy();
|
if (isUpdated()) return updated.getPolicy();
|
||||||
return cacheSession.getPolicyStore().findById(cached.getPolicy(), cached.getResourceServerId());
|
return cacheSession.getPolicyStore().findById(cacheSession.getResourceServerStore().findById(cached.getResourceServerId()), cached.getPolicy());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -138,12 +140,12 @@ public class PermissionTicketAdapter implements PermissionTicket, CachedModel<Pe
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Resource getResource() {
|
public Resource getResource() {
|
||||||
return cacheSession.getResourceStore().findById(cached.getResourceId(), getResourceServer().getId());
|
return cacheSession.getResourceStore().findById(getResourceServer(), cached.getResourceId());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Scope getScope() {
|
public Scope getScope() {
|
||||||
return cacheSession.getScopeStore().findById(cached.getScopeId(), getResourceServer().getId());
|
return cacheSession.getScopeStore().findById(getResourceServer(), cached.getScopeId());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -85,7 +85,7 @@ public class PolicyAdapter implements Policy, CachedModel<Policy> {
|
||||||
protected boolean isUpdated() {
|
protected boolean isUpdated() {
|
||||||
if (updated != null) return true;
|
if (updated != null) return true;
|
||||||
if (!invalidated) return false;
|
if (!invalidated) return false;
|
||||||
updated = cacheSession.getPolicyStoreDelegate().findById(cached.getId(), cached.getResourceServerId());
|
updated = cacheSession.getPolicyStoreDelegate().findById(cacheSession.getResourceServerStore().findById(cached.getResourceServerId()), cached.getId());
|
||||||
if (updated == null) throw new IllegalStateException("Not found in database");
|
if (updated == null) throw new IllegalStateException("Not found in database");
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
@ -208,7 +208,7 @@ public class PolicyAdapter implements Policy, CachedModel<Policy> {
|
||||||
PolicyStore policyStore = cacheSession.getPolicyStore();
|
PolicyStore policyStore = cacheSession.getPolicyStore();
|
||||||
String resourceServerId = cached.getResourceServerId();
|
String resourceServerId = cached.getResourceServerId();
|
||||||
for (String id : cached.getAssociatedPoliciesIds(modelSupplier)) {
|
for (String id : cached.getAssociatedPoliciesIds(modelSupplier)) {
|
||||||
Policy policy = policyStore.findById(id, resourceServerId);
|
Policy policy = policyStore.findById(cacheSession.getResourceServerStore().findById(resourceServerId), id);
|
||||||
cacheSession.cachePolicy(policy);
|
cacheSession.cachePolicy(policy);
|
||||||
associatedPolicies.add(policy);
|
associatedPolicies.add(policy);
|
||||||
}
|
}
|
||||||
|
@ -223,9 +223,9 @@ public class PolicyAdapter implements Policy, CachedModel<Policy> {
|
||||||
if (resources != null) return resources;
|
if (resources != null) return resources;
|
||||||
resources = new HashSet<>();
|
resources = new HashSet<>();
|
||||||
ResourceStore resourceStore = cacheSession.getResourceStore();
|
ResourceStore resourceStore = cacheSession.getResourceStore();
|
||||||
|
ResourceServer resourceServer = getResourceServer();
|
||||||
for (String resourceId : cached.getResourcesIds(modelSupplier)) {
|
for (String resourceId : cached.getResourcesIds(modelSupplier)) {
|
||||||
String resourceServerId = cached.getResourceServerId();
|
Resource resource = resourceStore.findById(resourceServer, resourceId);
|
||||||
Resource resource = resourceStore.findById(resourceId, resourceServerId);
|
|
||||||
cacheSession.cacheResource(resource);
|
cacheSession.cacheResource(resource);
|
||||||
resources.add(resource);
|
resources.add(resource);
|
||||||
}
|
}
|
||||||
|
@ -287,10 +287,10 @@ public class PolicyAdapter implements Policy, CachedModel<Policy> {
|
||||||
if (isUpdated()) return updated.getScopes();
|
if (isUpdated()) return updated.getScopes();
|
||||||
if (scopes != null) return scopes;
|
if (scopes != null) return scopes;
|
||||||
scopes = new HashSet<>();
|
scopes = new HashSet<>();
|
||||||
|
ResourceServer resourceServer = getResourceServer();
|
||||||
ScopeStore scopeStore = cacheSession.getScopeStore();
|
ScopeStore scopeStore = cacheSession.getScopeStore();
|
||||||
String resourceServerId = cached.getResourceServerId();
|
|
||||||
for (String scopeId : cached.getScopesIds(modelSupplier)) {
|
for (String scopeId : cached.getScopesIds(modelSupplier)) {
|
||||||
Scope scope = scopeStore.findById(scopeId, resourceServerId);
|
Scope scope = scopeStore.findById(resourceServer, scopeId);
|
||||||
cacheSession.cacheScope(scope);
|
cacheSession.cacheScope(scope);
|
||||||
scopes.add(scope);
|
scopes.add(scope);
|
||||||
}
|
}
|
||||||
|
@ -325,6 +325,6 @@ public class PolicyAdapter implements Policy, CachedModel<Policy> {
|
||||||
}
|
}
|
||||||
|
|
||||||
private Policy getPolicyModel() {
|
private Policy getPolicyModel() {
|
||||||
return cacheSession.getPolicyStoreDelegate().findById(cached.getId(), cached.getResourceServerId());
|
return cacheSession.getPolicyStoreDelegate().findById(cacheSession.getResourceServerStore().findById(cached.getResourceServerId()), cached.getId());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -81,7 +81,7 @@ public class ResourceAdapter implements Resource, CachedModel<Resource> {
|
||||||
protected boolean isUpdated() {
|
protected boolean isUpdated() {
|
||||||
if (updated != null) return true;
|
if (updated != null) return true;
|
||||||
if (!invalidated) return false;
|
if (!invalidated) return false;
|
||||||
updated = cacheSession.getResourceStoreDelegate().findById(cached.getId(), cached.getResourceServerId());
|
updated = cacheSession.getResourceStoreDelegate().findById(getResourceServer(), cached.getId());
|
||||||
if (updated == null) throw new IllegalStateException("Not found in database");
|
if (updated == null) throw new IllegalStateException("Not found in database");
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
@ -133,9 +133,8 @@ public class ResourceAdapter implements Resource, CachedModel<Resource> {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String getResourceServer() {
|
public ResourceServer getResourceServer() {
|
||||||
if (isUpdated()) return updated.getResourceServer();
|
return cacheSession.getResourceServerStoreDelegate().findById(cached.getResourceServerId());
|
||||||
return cached.getResourceServerId();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -173,7 +172,7 @@ public class ResourceAdapter implements Resource, CachedModel<Resource> {
|
||||||
if (scopes != null) return scopes;
|
if (scopes != null) return scopes;
|
||||||
scopes = new LinkedList<>();
|
scopes = new LinkedList<>();
|
||||||
for (String scopeId : cached.getScopesIds(modelSupplier)) {
|
for (String scopeId : cached.getScopesIds(modelSupplier)) {
|
||||||
scopes.add(cacheSession.getScopeStore().findById(scopeId, cached.getResourceServerId()));
|
scopes.add(cacheSession.getScopeStore().findById(getResourceServer(), scopeId));
|
||||||
}
|
}
|
||||||
return scopes = Collections.unmodifiableList(scopes);
|
return scopes = Collections.unmodifiableList(scopes);
|
||||||
}
|
}
|
||||||
|
@ -204,7 +203,7 @@ public class ResourceAdapter implements Resource, CachedModel<Resource> {
|
||||||
for (Scope scope : updated.getScopes()) {
|
for (Scope scope : updated.getScopes()) {
|
||||||
if (!scopes.contains(scope)) {
|
if (!scopes.contains(scope)) {
|
||||||
PermissionTicketStore permissionStore = cacheSession.getPermissionTicketStore();
|
PermissionTicketStore permissionStore = cacheSession.getPermissionTicketStore();
|
||||||
List<PermissionTicket> permissions = permissionStore.findByScope(scope.getId(), getResourceServer());
|
List<PermissionTicket> permissions = permissionStore.findByScope(getResourceServer(), scope);
|
||||||
|
|
||||||
for (PermissionTicket permission : permissions) {
|
for (PermissionTicket permission : permissions) {
|
||||||
permissionStore.delete(permission.getId());
|
permissionStore.delete(permission.getId());
|
||||||
|
@ -216,7 +215,7 @@ public class ResourceAdapter implements Resource, CachedModel<Resource> {
|
||||||
|
|
||||||
for (Scope scope : updated.getScopes()) {
|
for (Scope scope : updated.getScopes()) {
|
||||||
if (!scopes.contains(scope)) {
|
if (!scopes.contains(scope)) {
|
||||||
policyStore.findByResource(getId(), getResourceServer(), policy -> policy.removeScope(scope));
|
policyStore.findByResource(getResourceServer(), this, policy -> policy.removeScope(scope));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -283,6 +282,6 @@ public class ResourceAdapter implements Resource, CachedModel<Resource> {
|
||||||
}
|
}
|
||||||
|
|
||||||
private Resource getResourceModel() {
|
private Resource getResourceModel() {
|
||||||
return cacheSession.getResourceStoreDelegate().findById(cached.getId(), cached.getResourceServerId());
|
return cacheSession.getResourceStoreDelegate().findById(getResourceServer(), cached.getId());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -39,7 +39,7 @@ public class ScopeAdapter implements Scope, CachedModel<Scope> {
|
||||||
public Scope getDelegateForUpdate() {
|
public Scope getDelegateForUpdate() {
|
||||||
if (updated == null) {
|
if (updated == null) {
|
||||||
cacheSession.registerScopeInvalidation(cached.getId(), cached.getName(), cached.getResourceServerId());
|
cacheSession.registerScopeInvalidation(cached.getId(), cached.getName(), cached.getResourceServerId());
|
||||||
updated = cacheSession.getScopeStoreDelegate().findById(cached.getId(), cached.getResourceServerId());
|
updated = cacheSession.getScopeStoreDelegate().findById(getResourceServer(), cached.getId());
|
||||||
if (updated == null) throw new IllegalStateException("Not found in database");
|
if (updated == null) throw new IllegalStateException("Not found in database");
|
||||||
}
|
}
|
||||||
return updated;
|
return updated;
|
||||||
|
@ -66,7 +66,7 @@ public class ScopeAdapter implements Scope, CachedModel<Scope> {
|
||||||
protected boolean isUpdated() {
|
protected boolean isUpdated() {
|
||||||
if (updated != null) return true;
|
if (updated != null) return true;
|
||||||
if (!invalidated) return false;
|
if (!invalidated) return false;
|
||||||
updated = cacheSession.getScopeStoreDelegate().findById(cached.getId(), cached.getResourceServerId());
|
updated = cacheSession.getScopeStoreDelegate().findById(getResourceServer(), cached.getId());
|
||||||
if (updated == null) throw new IllegalStateException("Not found in database");
|
if (updated == null) throw new IllegalStateException("Not found in database");
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -309,8 +309,9 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
return Collections.emptySet();
|
return Collections.emptySet();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ResourceServer resourceServer = getResourceServerStore().findById(serverId);
|
||||||
return resources.stream().map(resourceId -> {
|
return resources.stream().map(resourceId -> {
|
||||||
Resource resource = getResourceStore().findById(resourceId, serverId);
|
Resource resource = getResourceStore().findById(resourceServer, resourceId);
|
||||||
String type = resource.getType();
|
String type = resource.getType();
|
||||||
|
|
||||||
if (type != null) {
|
if (type != null) {
|
||||||
|
@ -496,13 +497,13 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
|
|
||||||
protected class ScopeCache implements ScopeStore {
|
protected class ScopeCache implements ScopeStore {
|
||||||
@Override
|
@Override
|
||||||
public Scope create(String name, ResourceServer resourceServer) {
|
public Scope create(ResourceServer resourceServer, String name) {
|
||||||
return create(null, name, resourceServer);
|
return create(resourceServer, null, name);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Scope create(String id, String name, ResourceServer resourceServer) {
|
public Scope create(ResourceServer resourceServer, String id, String name) {
|
||||||
Scope scope = getScopeStoreDelegate().create(id, name, resourceServer);
|
Scope scope = getScopeStoreDelegate().create(resourceServer, id, name);
|
||||||
registerScopeInvalidation(scope.getId(), scope.getName(), resourceServer.getId());
|
registerScopeInvalidation(scope.getId(), scope.getName(), resourceServer.getId());
|
||||||
return scope;
|
return scope;
|
||||||
}
|
}
|
||||||
|
@ -510,7 +511,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
@Override
|
@Override
|
||||||
public void delete(String id) {
|
public void delete(String id) {
|
||||||
if (id == null) return;
|
if (id == null) return;
|
||||||
Scope scope = findById(id, null);
|
Scope scope = findById(null, id);
|
||||||
if (scope == null) return;
|
if (scope == null) return;
|
||||||
|
|
||||||
cache.invalidateObject(id);
|
cache.invalidateObject(id);
|
||||||
|
@ -520,7 +521,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Scope findById(String id, String resourceServerId) {
|
public Scope findById(ResourceServer resourceServer, String id) {
|
||||||
if (id == null) return null;
|
if (id == null) return null;
|
||||||
CachedScope cached = cache.get(id, CachedScope.class);
|
CachedScope cached = cache.get(id, CachedScope.class);
|
||||||
if (cached != null) {
|
if (cached != null) {
|
||||||
|
@ -529,7 +530,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
if (cached == null) {
|
if (cached == null) {
|
||||||
Long loaded = cache.getCurrentRevision(id);
|
Long loaded = cache.getCurrentRevision(id);
|
||||||
if (! modelMightExist(id)) return null;
|
if (! modelMightExist(id)) return null;
|
||||||
Scope model = getScopeStoreDelegate().findById(id, resourceServerId);
|
Scope model = getScopeStoreDelegate().findById(resourceServer, id);
|
||||||
if (model == null) {
|
if (model == null) {
|
||||||
setModelDoesNotExists(id, loaded);
|
setModelDoesNotExists(id, loaded);
|
||||||
return null;
|
return null;
|
||||||
|
@ -538,7 +539,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
cached = new CachedScope(loaded, model);
|
cached = new CachedScope(loaded, model);
|
||||||
cache.addRevisioned(cached, startupRevision);
|
cache.addRevisioned(cached, startupRevision);
|
||||||
} else if (invalidations.contains(id)) {
|
} else if (invalidations.contains(id)) {
|
||||||
return getScopeStoreDelegate().findById(id, resourceServerId);
|
return getScopeStoreDelegate().findById(resourceServer, id);
|
||||||
} else if (managedScopes.containsKey(id)) {
|
} else if (managedScopes.containsKey(id)) {
|
||||||
return managedScopes.get(id);
|
return managedScopes.get(id);
|
||||||
}
|
}
|
||||||
|
@ -548,8 +549,9 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Scope findByName(String name, String resourceServerId) {
|
public Scope findByName(ResourceServer resourceServer, String name) {
|
||||||
if (name == null) return null;
|
if (name == null) return null;
|
||||||
|
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||||
String cacheKey = getScopeByNameCacheKey(name, resourceServerId);
|
String cacheKey = getScopeByNameCacheKey(name, resourceServerId);
|
||||||
ScopeListQuery query = cache.get(cacheKey, ScopeListQuery.class);
|
ScopeListQuery query = cache.get(cacheKey, ScopeListQuery.class);
|
||||||
if (query != null) {
|
if (query != null) {
|
||||||
|
@ -557,43 +559,43 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
}
|
}
|
||||||
if (query == null) {
|
if (query == null) {
|
||||||
Long loaded = cache.getCurrentRevision(cacheKey);
|
Long loaded = cache.getCurrentRevision(cacheKey);
|
||||||
Scope model = getScopeStoreDelegate().findByName(name, resourceServerId);
|
Scope model = getScopeStoreDelegate().findByName(resourceServer, name);
|
||||||
if (model == null) return null;
|
if (model == null) return null;
|
||||||
if (invalidations.contains(model.getId())) return model;
|
if (invalidations.contains(model.getId())) return model;
|
||||||
query = new ScopeListQuery(loaded, cacheKey, model.getId(), resourceServerId);
|
query = new ScopeListQuery(loaded, cacheKey, model.getId(), resourceServerId);
|
||||||
cache.addRevisioned(query, startupRevision);
|
cache.addRevisioned(query, startupRevision);
|
||||||
return model;
|
return model;
|
||||||
} else if (invalidations.contains(cacheKey)) {
|
} else if (invalidations.contains(cacheKey)) {
|
||||||
return getScopeStoreDelegate().findByName(name, resourceServerId);
|
return getScopeStoreDelegate().findByName(resourceServer, name);
|
||||||
} else {
|
} else {
|
||||||
String id = query.getScopes().iterator().next();
|
String id = query.getScopes().iterator().next();
|
||||||
if (invalidations.contains(id)) {
|
if (invalidations.contains(id)) {
|
||||||
return getScopeStoreDelegate().findByName(name, resourceServerId);
|
return getScopeStoreDelegate().findByName(resourceServer, name);
|
||||||
}
|
}
|
||||||
return findById(id, query.getResourceServerId());
|
return findById(resourceServer, id);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Scope> findByResourceServer(String id) {
|
public List<Scope> findByResourceServer(ResourceServer resourceServer) {
|
||||||
return getScopeStoreDelegate().findByResourceServer(id);
|
return getScopeStoreDelegate().findByResourceServer(resourceServer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Scope> findByResourceServer(Map<Scope.FilterOption, String[]> attributes, String resourceServerId, int firstResult, int maxResult) {
|
public List<Scope> findByResourceServer(ResourceServer resourceServer, Map<Scope.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults) {
|
||||||
return getScopeStoreDelegate().findByResourceServer(attributes, resourceServerId, firstResult, maxResult);
|
return getScopeStoreDelegate().findByResourceServer(resourceServer, attributes, firstResult, maxResults);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
protected class ResourceCache implements ResourceStore {
|
protected class ResourceCache implements ResourceStore {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Resource create(String id, String name, ResourceServer resourceServer, String owner) {
|
public Resource create(ResourceServer resourceServer, String id, String name, String owner) {
|
||||||
Resource resource = getResourceStoreDelegate().create(id, name, resourceServer, owner);
|
Resource resource = getResourceStoreDelegate().create(resourceServer, id, name, owner);
|
||||||
Resource cached = findById(resource.getId(), resourceServer.getId());
|
Resource cached = findById(resourceServer, resource.getId());
|
||||||
registerResourceInvalidation(resource.getId(), resource.getName(), resource.getType(), resource.getUris(), resource.getScopes().stream().map(scope -> scope.getId()).collect(Collectors.toSet()), resourceServer.getId(), resource.getOwner());
|
registerResourceInvalidation(resource.getId(), resource.getName(), resource.getType(), resource.getUris(), resource.getScopes().stream().map(Scope::getId).collect(Collectors.toSet()), resourceServer.getId(), resource.getOwner());
|
||||||
if (cached == null) {
|
if (cached == null) {
|
||||||
cached = findById(resource.getId(), resourceServer.getId());
|
cached = findById(resourceServer, resource.getId());
|
||||||
}
|
}
|
||||||
return cached;
|
return cached;
|
||||||
}
|
}
|
||||||
|
@ -601,18 +603,18 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
@Override
|
@Override
|
||||||
public void delete(String id) {
|
public void delete(String id) {
|
||||||
if (id == null) return;
|
if (id == null) return;
|
||||||
Resource resource = findById(id, null);
|
Resource resource = findById(null, id);
|
||||||
if (resource == null) return;
|
if (resource == null) return;
|
||||||
|
|
||||||
cache.invalidateObject(id);
|
cache.invalidateObject(id);
|
||||||
invalidationEvents.add(ResourceRemovedEvent.create(id, resource.getName(), resource.getType(), resource.getUris(), resource.getOwner(), resource.getScopes().stream().map(scope -> scope.getId()).collect(Collectors.toSet()), resource.getResourceServer()));
|
invalidationEvents.add(ResourceRemovedEvent.create(id, resource.getName(), resource.getType(), resource.getUris(), resource.getOwner(), resource.getScopes().stream().map(Scope::getId).collect(Collectors.toSet()), resource.getResourceServer().getId()));
|
||||||
cache.resourceRemoval(id, resource.getName(), resource.getType(), resource.getUris(), resource.getOwner(), resource.getScopes().stream().map(scope -> scope.getId()).collect(Collectors.toSet()), resource.getResourceServer(), invalidations);
|
cache.resourceRemoval(id, resource.getName(), resource.getType(), resource.getUris(), resource.getOwner(), resource.getScopes().stream().map(Scope::getId).collect(Collectors.toSet()), resource.getResourceServer().getId(), invalidations);
|
||||||
getResourceStoreDelegate().delete(id);
|
getResourceStoreDelegate().delete(id);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Resource findById(String id, String resourceServerId) {
|
public Resource findById(ResourceServer resourceServer, String id) {
|
||||||
if (id == null) return null;
|
if (id == null) return null;
|
||||||
CachedResource cached = cache.get(id, CachedResource.class);
|
CachedResource cached = cache.get(id, CachedResource.class);
|
||||||
if (cached != null) {
|
if (cached != null) {
|
||||||
|
@ -621,7 +623,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
if (cached == null) {
|
if (cached == null) {
|
||||||
Long loaded = cache.getCurrentRevision(id);
|
Long loaded = cache.getCurrentRevision(id);
|
||||||
if (! modelMightExist(id)) return null;
|
if (! modelMightExist(id)) return null;
|
||||||
Resource model = getResourceStoreDelegate().findById(id, resourceServerId);
|
Resource model = getResourceStoreDelegate().findById(resourceServer, id);
|
||||||
if (model == null) {
|
if (model == null) {
|
||||||
setModelDoesNotExists(id, loaded);
|
setModelDoesNotExists(id, loaded);
|
||||||
return null;
|
return null;
|
||||||
|
@ -630,7 +632,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
cached = new CachedResource(loaded, model);
|
cached = new CachedResource(loaded, model);
|
||||||
cache.addRevisioned(cached, startupRevision);
|
cache.addRevisioned(cached, startupRevision);
|
||||||
} else if (invalidations.contains(id)) {
|
} else if (invalidations.contains(id)) {
|
||||||
return getResourceStoreDelegate().findById(id, resourceServerId);
|
return getResourceStoreDelegate().findById(resourceServer, id);
|
||||||
} else if (managedResources.containsKey(id)) {
|
} else if (managedResources.containsKey(id)) {
|
||||||
return managedResources.get(id);
|
return managedResources.get(id);
|
||||||
}
|
}
|
||||||
|
@ -640,16 +642,12 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Resource findByName(String name, String resourceServerId) {
|
public Resource findByName(ResourceServer resourceServer, String name, String ownerId) {
|
||||||
return findByName(name, resourceServerId, resourceServerId);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public Resource findByName(String name, String ownerId, String resourceServerId) {
|
|
||||||
if (name == null) return null;
|
if (name == null) return null;
|
||||||
|
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||||
String cacheKey = getResourceByNameCacheKey(name, ownerId, resourceServerId);
|
String cacheKey = getResourceByNameCacheKey(name, ownerId, resourceServerId);
|
||||||
List<Resource> result = cacheQuery(cacheKey, ResourceListQuery.class, () -> {
|
List<Resource> result = cacheQuery(cacheKey, ResourceListQuery.class, () -> {
|
||||||
Resource resource = getResourceStoreDelegate().findByName(name, ownerId, resourceServerId);
|
Resource resource = getResourceStoreDelegate().findByName(resourceServer, name, ownerId);
|
||||||
|
|
||||||
if (resource == null) {
|
if (resource == null) {
|
||||||
return Collections.emptyList();
|
return Collections.emptyList();
|
||||||
|
@ -657,7 +655,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
|
|
||||||
return Arrays.asList(resource);
|
return Arrays.asList(resource);
|
||||||
},
|
},
|
||||||
(revision, resources) -> new ResourceListQuery(revision, cacheKey, resources.stream().map(Resource::getId).collect(Collectors.toSet()), resourceServerId), resourceServerId);
|
(revision, resources) -> new ResourceListQuery(revision, cacheKey, resources.stream().map(Resource::getId).collect(Collectors.toSet()), resourceServerId), resourceServer);
|
||||||
|
|
||||||
if (result.isEmpty()) {
|
if (result.isEmpty()) {
|
||||||
return null;
|
return null;
|
||||||
|
@ -667,18 +665,20 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findByOwner(String ownerId, String resourceServerId) {
|
public List<Resource> findByOwner(ResourceServer resourceServer, String ownerId) {
|
||||||
|
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||||
String cacheKey = getResourceByOwnerCacheKey(ownerId, resourceServerId);
|
String cacheKey = getResourceByOwnerCacheKey(ownerId, resourceServerId);
|
||||||
return cacheQuery(cacheKey, ResourceListQuery.class, () -> getResourceStoreDelegate().findByOwner(ownerId, resourceServerId),
|
return cacheQuery(cacheKey, ResourceListQuery.class, () -> getResourceStoreDelegate().findByOwner(resourceServer, ownerId),
|
||||||
(revision, resources) -> new ResourceListQuery(revision, cacheKey, resources.stream().map(Resource::getId).collect(Collectors.toSet()), resourceServerId), resourceServerId);
|
(revision, resources) -> new ResourceListQuery(revision, cacheKey, resources.stream().map(Resource::getId).collect(Collectors.toSet()), resourceServerId), resourceServer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByOwner(String ownerId, String resourceServerId, Consumer<Resource> consumer) {
|
public void findByOwner(ResourceServer resourceServer, String ownerId, Consumer<Resource> consumer) {
|
||||||
|
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||||
String cacheKey = getResourceByOwnerCacheKey(ownerId, resourceServerId);
|
String cacheKey = getResourceByOwnerCacheKey(ownerId, resourceServerId);
|
||||||
cacheQuery(cacheKey, ResourceListQuery.class, () -> {
|
cacheQuery(cacheKey, ResourceListQuery.class, () -> {
|
||||||
List<Resource> resources = new ArrayList<>();
|
List<Resource> resources = new ArrayList<>();
|
||||||
getResourceStoreDelegate().findByOwner(ownerId, resourceServerId, new Consumer<Resource>() {
|
getResourceStoreDelegate().findByOwner(resourceServer, ownerId, new Consumer<Resource>() {
|
||||||
@Override
|
@Override
|
||||||
public void accept(Resource resource) {
|
public void accept(Resource resource) {
|
||||||
consumer.andThen(resources::add)
|
consumer.andThen(resources::add)
|
||||||
|
@ -688,54 +688,57 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
});
|
});
|
||||||
return resources;
|
return resources;
|
||||||
},
|
},
|
||||||
(revision, resources) -> new ResourceListQuery(revision, cacheKey, resources.stream().map(Resource::getId).collect(Collectors.toSet()), resourceServerId), resourceServerId, consumer);
|
(revision, resources) -> new ResourceListQuery(revision, cacheKey, resources.stream().map(Resource::getId).collect(Collectors.toSet()), resourceServerId), resourceServer, consumer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findByOwner(String ownerId, String resourceServerId, int first, int max) {
|
public List<Resource> findByOwner(ResourceServer resourceServer, String ownerId, Integer firstResult, Integer maxResults) {
|
||||||
return getResourceStoreDelegate().findByOwner(ownerId, resourceServerId, first, max);
|
return getResourceStoreDelegate().findByOwner(resourceServer, ownerId, firstResult, maxResults);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findByUri(String uri, String resourceServerId) {
|
public List<Resource> findByUri(ResourceServer resourceServer, String uri) {
|
||||||
if (uri == null) return null;
|
if (uri == null) return null;
|
||||||
|
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||||
String cacheKey = getResourceByUriCacheKey(uri, resourceServerId);
|
String cacheKey = getResourceByUriCacheKey(uri, resourceServerId);
|
||||||
return cacheQuery(cacheKey, ResourceListQuery.class, () -> getResourceStoreDelegate().findByUri(uri, resourceServerId),
|
return cacheQuery(cacheKey, ResourceListQuery.class, () -> getResourceStoreDelegate().findByUri(resourceServer, uri),
|
||||||
(revision, resources) -> new ResourceListQuery(revision, cacheKey, resources.stream().map(Resource::getId).collect(Collectors.toSet()), resourceServerId), resourceServerId);
|
(revision, resources) -> new ResourceListQuery(revision, cacheKey, resources.stream().map(Resource::getId).collect(Collectors.toSet()), resourceServerId), resourceServer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findByResourceServer(String resourceServerId) {
|
public List<Resource> findByResourceServer(ResourceServer resourceServer) {
|
||||||
return getResourceStoreDelegate().findByResourceServer(resourceServerId);
|
return getResourceStoreDelegate().findByResourceServer(resourceServer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findByResourceServer(Map<Resource.FilterOption, String[]> attributes, String resourceServerId, int firstResult, int maxResult) {
|
public List<Resource> findByResourceServer(ResourceServer resourceServer, Map<Resource.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults) {
|
||||||
return getResourceStoreDelegate().findByResourceServer(attributes, resourceServerId, firstResult, maxResult);
|
return getResourceStoreDelegate().findByResourceServer(resourceServer, attributes, firstResult, maxResults);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findByScope(List<String> ids, String resourceServerId) {
|
public List<Resource> findByScopes(ResourceServer resourceServer, Set<Scope> scopes) {
|
||||||
if (ids == null) return null;
|
if (scopes == null) return null;
|
||||||
List<Resource> result = new ArrayList<>();
|
List<Resource> result = new ArrayList<>();
|
||||||
|
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||||
|
|
||||||
for (String id : ids) {
|
for (Scope scope : scopes) {
|
||||||
String cacheKey = getResourceByScopeCacheKey(id, resourceServerId);
|
String cacheKey = getResourceByScopeCacheKey(scope.getId(), resourceServerId);
|
||||||
result.addAll(cacheQuery(cacheKey, ResourceScopeListQuery.class, () -> getResourceStoreDelegate().findByScope(Arrays.asList(id), resourceServerId), (revision, resources) -> new ResourceScopeListQuery(revision, cacheKey, id, resources.stream().map(Resource::getId).collect(Collectors.toSet()), resourceServerId), resourceServerId));
|
result.addAll(cacheQuery(cacheKey, ResourceScopeListQuery.class, () -> getResourceStoreDelegate().findByScopes(resourceServer, Collections.singleton(scope)), (revision, resources) -> new ResourceScopeListQuery(revision, cacheKey, scope.getId(), resources.stream().map(Resource::getId).collect(Collectors.toSet()), resourceServerId), resourceServer));
|
||||||
}
|
}
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByScope(List<String> ids, String resourceServerId, Consumer<Resource> consumer) {
|
public void findByScopes(ResourceServer resourceServer, Set<Scope> scopes, Consumer<Resource> consumer) {
|
||||||
if (ids == null) return;
|
if (scopes == null) return;
|
||||||
|
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||||
|
|
||||||
for (String id : ids) {
|
for (Scope scope : scopes) {
|
||||||
String cacheKey = getResourceByScopeCacheKey(id, resourceServerId);
|
String cacheKey = getResourceByScopeCacheKey(scope.getId(), resourceServerId);
|
||||||
cacheQuery(cacheKey, ResourceScopeListQuery.class, () -> {
|
cacheQuery(cacheKey, ResourceScopeListQuery.class, () -> {
|
||||||
List<Resource> resources = new ArrayList<>();
|
List<Resource> resources = new ArrayList<>();
|
||||||
getResourceStoreDelegate().findByScope(Arrays.asList(id), resourceServerId, new Consumer<Resource>() {
|
getResourceStoreDelegate().findByScopes(resourceServer, Collections.singleton(scope), new Consumer<Resource>() {
|
||||||
@Override
|
@Override
|
||||||
public void accept(Resource resource) {
|
public void accept(Resource resource) {
|
||||||
consumer.andThen(resources::add)
|
consumer.andThen(resources::add)
|
||||||
|
@ -745,25 +748,27 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
return resources;
|
return resources;
|
||||||
}, (revision, resources) -> new ResourceScopeListQuery(revision, cacheKey, id, resources.stream().map(Resource::getId).collect(Collectors.toSet()), resourceServerId), resourceServerId, consumer);
|
}, (revision, resources) -> new ResourceScopeListQuery(revision, cacheKey, scope.getId(), resources.stream().map(Resource::getId).collect(Collectors.toSet()), resourceServerId), resourceServer, consumer);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findByType(String type, String resourceServerId) {
|
public List<Resource> findByType(ResourceServer resourceServer, String type) {
|
||||||
if (type == null) return Collections.emptyList();
|
if (type == null) return Collections.emptyList();
|
||||||
|
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||||
String cacheKey = getResourceByTypeCacheKey(type, resourceServerId);
|
String cacheKey = getResourceByTypeCacheKey(type, resourceServerId);
|
||||||
return cacheQuery(cacheKey, ResourceListQuery.class, () -> getResourceStoreDelegate().findByType(type, resourceServerId),
|
return cacheQuery(cacheKey, ResourceListQuery.class, () -> getResourceStoreDelegate().findByType(resourceServer, type),
|
||||||
(revision, resources) -> new ResourceListQuery(revision, cacheKey, resources.stream().map(resource -> resource.getId()).collect(Collectors.toSet()), resourceServerId), resourceServerId);
|
(revision, resources) -> new ResourceListQuery(revision, cacheKey, resources.stream().map(Resource::getId).collect(Collectors.toSet()), resourceServerId), resourceServer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByType(String type, String resourceServerId, Consumer<Resource> consumer) {
|
public void findByType(ResourceServer resourceServer, String type, Consumer<Resource> consumer) {
|
||||||
if (type == null) return;
|
if (type == null) return;
|
||||||
|
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||||
String cacheKey = getResourceByTypeCacheKey(type, resourceServerId);
|
String cacheKey = getResourceByTypeCacheKey(type, resourceServerId);
|
||||||
cacheQuery(cacheKey, ResourceListQuery.class, () -> {
|
cacheQuery(cacheKey, ResourceListQuery.class, () -> {
|
||||||
List<Resource> resources = new ArrayList<>();
|
List<Resource> resources = new ArrayList<>();
|
||||||
getResourceStoreDelegate().findByType(type, resourceServerId, new Consumer<Resource>() {
|
getResourceStoreDelegate().findByType(resourceServer, type, new Consumer<Resource>() {
|
||||||
@Override
|
@Override
|
||||||
public void accept(Resource resource) {
|
public void accept(Resource resource) {
|
||||||
consumer.andThen(resources::add)
|
consumer.andThen(resources::add)
|
||||||
|
@ -773,28 +778,30 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
});
|
});
|
||||||
return resources;
|
return resources;
|
||||||
},
|
},
|
||||||
(revision, resources) -> new ResourceListQuery(revision, cacheKey, resources.stream().map(resource -> resource.getId()).collect(Collectors.toSet()), resourceServerId), resourceServerId, consumer);
|
(revision, resources) -> new ResourceListQuery(revision, cacheKey, resources.stream().map(Resource::getId).collect(Collectors.toSet()), resourceServerId), resourceServer, consumer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findByType(String type, String owner, String resourceServerId) {
|
public List<Resource> findByType(ResourceServer resourceServer, String type, String owner) {
|
||||||
if (resourceServerId.equals(owner)) {
|
if (resourceServer != null && resourceServer.getId().equals(owner)) {
|
||||||
return findByType(type, resourceServerId);
|
return findByType(resourceServer, type);
|
||||||
} else {
|
} else {
|
||||||
if (type == null) return Collections.emptyList();
|
if (type == null) return Collections.emptyList();
|
||||||
|
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||||
String cacheKey = getResourceByTypeCacheKey(type, owner, resourceServerId);
|
String cacheKey = getResourceByTypeCacheKey(type, owner, resourceServerId);
|
||||||
return cacheQuery(cacheKey, ResourceListQuery.class, () -> getResourceStoreDelegate().findByType(type, owner, resourceServerId),
|
return cacheQuery(cacheKey, ResourceListQuery.class, () -> getResourceStoreDelegate().findByType(resourceServer, type, owner),
|
||||||
(revision, resources) -> new ResourceListQuery(revision, cacheKey, resources.stream().map(resource -> resource.getId()).collect(Collectors.toSet()), resourceServerId), resourceServerId);
|
(revision, resources) -> new ResourceListQuery(revision, cacheKey, resources.stream().map(Resource::getId).collect(Collectors.toSet()), resourceServerId), resourceServer);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByType(String type, String owner, String resourceServerId, Consumer<Resource> consumer) {
|
public void findByType(ResourceServer resourceServer, String type, String owner, Consumer<Resource> consumer) {
|
||||||
if (type == null) return;
|
if (type == null) return;
|
||||||
|
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||||
String cacheKey = getResourceByTypeCacheKey(type, owner, resourceServerId);
|
String cacheKey = getResourceByTypeCacheKey(type, owner, resourceServerId);
|
||||||
cacheQuery(cacheKey, ResourceListQuery.class, () -> {
|
cacheQuery(cacheKey, ResourceListQuery.class, () -> {
|
||||||
List<Resource> resources = new ArrayList<>();
|
List<Resource> resources = new ArrayList<>();
|
||||||
getResourceStoreDelegate().findByType(type, owner, resourceServerId, new Consumer<Resource>() {
|
getResourceStoreDelegate().findByType(resourceServer, type, owner, new Consumer<Resource>() {
|
||||||
@Override
|
@Override
|
||||||
public void accept(Resource resource) {
|
public void accept(Resource resource) {
|
||||||
consumer.andThen(resources::add)
|
consumer.andThen(resources::add)
|
||||||
|
@ -804,24 +811,26 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
});
|
});
|
||||||
return resources;
|
return resources;
|
||||||
},
|
},
|
||||||
(revision, resources) -> new ResourceListQuery(revision, cacheKey, resources.stream().map(resource -> resource.getId()).collect(Collectors.toSet()), resourceServerId), resourceServerId, consumer);
|
(revision, resources) -> new ResourceListQuery(revision, cacheKey, resources.stream().map(Resource::getId).collect(Collectors.toSet()), resourceServerId), resourceServer, consumer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findByTypeInstance(String type, String resourceServerId) {
|
public List<Resource> findByTypeInstance(ResourceServer resourceServer, String type) {
|
||||||
if (type == null) return Collections.emptyList();
|
if (type == null) return Collections.emptyList();
|
||||||
|
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||||
String cacheKey = getResourceByTypeInstanceCacheKey(type, resourceServerId);
|
String cacheKey = getResourceByTypeInstanceCacheKey(type, resourceServerId);
|
||||||
return cacheQuery(cacheKey, ResourceListQuery.class, () -> getResourceStoreDelegate().findByTypeInstance(type, resourceServerId),
|
return cacheQuery(cacheKey, ResourceListQuery.class, () -> getResourceStoreDelegate().findByTypeInstance(resourceServer, type),
|
||||||
(revision, resources) -> new ResourceListQuery(revision, cacheKey, resources.stream().map(resource -> resource.getId()).collect(Collectors.toSet()), resourceServerId), resourceServerId);
|
(revision, resources) -> new ResourceListQuery(revision, cacheKey, resources.stream().map(Resource::getId).collect(Collectors.toSet()), resourceServerId), resourceServer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByTypeInstance(String type, String resourceServerId, Consumer<Resource> consumer) {
|
public void findByTypeInstance(ResourceServer resourceServer, String type, Consumer<Resource> consumer) {
|
||||||
if (type == null) return;
|
if (type == null) return;
|
||||||
|
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||||
String cacheKey = getResourceByTypeInstanceCacheKey(type, resourceServerId);
|
String cacheKey = getResourceByTypeInstanceCacheKey(type, resourceServerId);
|
||||||
cacheQuery(cacheKey, ResourceListQuery.class, () -> {
|
cacheQuery(cacheKey, ResourceListQuery.class, () -> {
|
||||||
List<Resource> resources = new ArrayList<>();
|
List<Resource> resources = new ArrayList<>();
|
||||||
getResourceStoreDelegate().findByTypeInstance(type, resourceServerId, new Consumer<Resource>() {
|
getResourceStoreDelegate().findByTypeInstance(resourceServer, type, new Consumer<Resource>() {
|
||||||
@Override
|
@Override
|
||||||
public void accept(Resource resource) {
|
public void accept(Resource resource) {
|
||||||
consumer.andThen(resources::add)
|
consumer.andThen(resources::add)
|
||||||
|
@ -831,18 +840,18 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
});
|
});
|
||||||
return resources;
|
return resources;
|
||||||
},
|
},
|
||||||
(revision, resources) -> new ResourceListQuery(revision, cacheKey, resources.stream().map(resource -> resource.getId()).collect(Collectors.toSet()), resourceServerId), resourceServerId, consumer);
|
(revision, resources) -> new ResourceListQuery(revision, cacheKey, resources.stream().map(Resource::getId).collect(Collectors.toSet()), resourceServerId), resourceServer, consumer);
|
||||||
}
|
}
|
||||||
|
|
||||||
private <R extends Resource, Q extends ResourceQuery> List<R> cacheQuery(String cacheKey, Class<Q> queryType, Supplier<List<R>> resultSupplier, BiFunction<Long, List<R>, Q> querySupplier, String resourceServerId, Consumer<R> consumer) {
|
private <R extends Resource, Q extends ResourceQuery> List<R> cacheQuery(String cacheKey, Class<Q> queryType, Supplier<List<R>> resultSupplier, BiFunction<Long, List<R>, Q> querySupplier, ResourceServer resourceServer, Consumer<R> consumer) {
|
||||||
return cacheQuery(cacheKey, queryType, resultSupplier, querySupplier, resourceServerId, consumer, false);
|
return cacheQuery(cacheKey, queryType, resultSupplier, querySupplier, resourceServer, consumer, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
private <R extends Resource, Q extends ResourceQuery> List<R> cacheQuery(String cacheKey, Class<Q> queryType, Supplier<List<R>> resultSupplier, BiFunction<Long, List<R>, Q> querySupplier, String resourceServerId) {
|
private <R extends Resource, Q extends ResourceQuery> List<R> cacheQuery(String cacheKey, Class<Q> queryType, Supplier<List<R>> resultSupplier, BiFunction<Long, List<R>, Q> querySupplier, ResourceServer resourceServer) {
|
||||||
return cacheQuery(cacheKey, queryType, resultSupplier, querySupplier, resourceServerId, null, true);
|
return cacheQuery(cacheKey, queryType, resultSupplier, querySupplier, resourceServer, null, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
private <R extends Resource, Q extends ResourceQuery> List<R> cacheQuery(String cacheKey, Class<Q> queryType, Supplier<List<R>> resultSupplier, BiFunction<Long, List<R>, Q> querySupplier, String resourceServerId, Consumer<R> consumer, boolean cacheResult) {
|
private <R extends Resource, Q extends ResourceQuery> List<R> cacheQuery(String cacheKey, Class<Q> queryType, Supplier<List<R>> resultSupplier, BiFunction<Long, List<R>, Q> querySupplier, ResourceServer resourceServer, Consumer<R> consumer, boolean cacheResult) {
|
||||||
Q query = cache.get(cacheKey, queryType);
|
Q query = cache.get(cacheKey, queryType);
|
||||||
if (query != null) {
|
if (query != null) {
|
||||||
logger.tracev("cache hit for key: {0}", cacheKey);
|
logger.tracev("cache hit for key: {0}", cacheKey);
|
||||||
|
@ -863,9 +872,9 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
Set<String> resources = query.getResources();
|
Set<String> resources = query.getResources();
|
||||||
|
|
||||||
if (consumer != null) {
|
if (consumer != null) {
|
||||||
resources.stream().map(resourceId -> (R) findById(resourceId, resourceServerId)).forEach(consumer);
|
resources.stream().map(resourceId -> (R) findById(resourceServer, resourceId)).forEach(consumer);
|
||||||
} else {
|
} else {
|
||||||
model = resources.stream().map(resourceId -> (R) findById(resourceId, resourceServerId)).collect(Collectors.toList());
|
model = resources.stream().map(resourceId -> (R) findById(resourceServer, resourceId)).collect(Collectors.toList());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -879,12 +888,12 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
|
|
||||||
protected class PolicyCache implements PolicyStore {
|
protected class PolicyCache implements PolicyStore {
|
||||||
@Override
|
@Override
|
||||||
public Policy create(AbstractPolicyRepresentation representation, ResourceServer resourceServer) {
|
public Policy create(ResourceServer resourceServer, AbstractPolicyRepresentation representation) {
|
||||||
Policy policy = getPolicyStoreDelegate().create(representation, resourceServer);
|
Policy policy = getPolicyStoreDelegate().create(resourceServer, representation);
|
||||||
Policy cached = findById(policy.getId(), resourceServer.getId());
|
Policy cached = findById(resourceServer, policy.getId());
|
||||||
registerPolicyInvalidation(policy.getId(), representation.getName(), representation.getResources(), representation.getScopes(), null, resourceServer.getId());
|
registerPolicyInvalidation(policy.getId(), representation.getName(), representation.getResources(), representation.getScopes(), null, resourceServer.getId());
|
||||||
if (cached == null) {
|
if (cached == null) {
|
||||||
cached = findById(policy.getId(), resourceServer.getId());
|
cached = findById(resourceServer, policy.getId());
|
||||||
}
|
}
|
||||||
return cached;
|
return cached;
|
||||||
}
|
}
|
||||||
|
@ -892,18 +901,18 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
@Override
|
@Override
|
||||||
public void delete(String id) {
|
public void delete(String id) {
|
||||||
if (id == null) return;
|
if (id == null) return;
|
||||||
Policy policy = findById(id, null);
|
Policy policy = findById(null, id);
|
||||||
if (policy == null) return;
|
if (policy == null) return;
|
||||||
|
|
||||||
cache.invalidateObject(id);
|
cache.invalidateObject(id);
|
||||||
Set<String> resources = policy.getResources().stream().map(resource -> resource.getId()).collect(Collectors.toSet());
|
Set<String> resources = policy.getResources().stream().map(Resource::getId).collect(Collectors.toSet());
|
||||||
ResourceServer resourceServer = policy.getResourceServer();
|
ResourceServer resourceServer = policy.getResourceServer();
|
||||||
Set<String> resourceTypes = getResourceTypes(resources, resourceServer.getId());
|
Set<String> resourceTypes = getResourceTypes(resources, resourceServer.getId());
|
||||||
String defaultResourceType = policy.getConfig().get("defaultResourceType");
|
String defaultResourceType = policy.getConfig().get("defaultResourceType");
|
||||||
if (Objects.nonNull(defaultResourceType)) {
|
if (Objects.nonNull(defaultResourceType)) {
|
||||||
resourceTypes.add(defaultResourceType);
|
resourceTypes.add(defaultResourceType);
|
||||||
}
|
}
|
||||||
Set<String> scopes = policy.getScopes().stream().map(scope -> scope.getId()).collect(Collectors.toSet());
|
Set<String> scopes = policy.getScopes().stream().map(Scope::getId).collect(Collectors.toSet());
|
||||||
invalidationEvents.add(PolicyRemovedEvent.create(id, policy.getName(), resources, resourceTypes, scopes, resourceServer.getId()));
|
invalidationEvents.add(PolicyRemovedEvent.create(id, policy.getName(), resources, resourceTypes, scopes, resourceServer.getId()));
|
||||||
cache.policyRemoval(id, policy.getName(), resources, resourceTypes, scopes, resourceServer.getId(), invalidations);
|
cache.policyRemoval(id, policy.getName(), resources, resourceTypes, scopes, resourceServer.getId(), invalidations);
|
||||||
getPolicyStoreDelegate().delete(id);
|
getPolicyStoreDelegate().delete(id);
|
||||||
|
@ -911,7 +920,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy findById(String id, String resourceServerId) {
|
public Policy findById(ResourceServer resourceServer, String id) {
|
||||||
if (id == null) return null;
|
if (id == null) return null;
|
||||||
|
|
||||||
CachedPolicy cached = cache.get(id, CachedPolicy.class);
|
CachedPolicy cached = cache.get(id, CachedPolicy.class);
|
||||||
|
@ -920,7 +929,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
}
|
}
|
||||||
if (cached == null) {
|
if (cached == null) {
|
||||||
if (! modelMightExist(id)) return null;
|
if (! modelMightExist(id)) return null;
|
||||||
Policy model = getPolicyStoreDelegate().findById(id, resourceServerId);
|
Policy model = getPolicyStoreDelegate().findById(resourceServer, id);
|
||||||
Long loaded = cache.getCurrentRevision(id);
|
Long loaded = cache.getCurrentRevision(id);
|
||||||
if (model == null) {
|
if (model == null) {
|
||||||
setModelDoesNotExists(id, loaded);
|
setModelDoesNotExists(id, loaded);
|
||||||
|
@ -930,7 +939,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
cached = new CachedPolicy(loaded, model);
|
cached = new CachedPolicy(loaded, model);
|
||||||
cache.addRevisioned(cached, startupRevision);
|
cache.addRevisioned(cached, startupRevision);
|
||||||
} else if (invalidations.contains(id)) {
|
} else if (invalidations.contains(id)) {
|
||||||
return getPolicyStoreDelegate().findById(id, resourceServerId);
|
return getPolicyStoreDelegate().findById(resourceServer, id);
|
||||||
} else if (managedPolicies.containsKey(id)) {
|
} else if (managedPolicies.containsKey(id)) {
|
||||||
return managedPolicies.get(id);
|
return managedPolicies.get(id);
|
||||||
}
|
}
|
||||||
|
@ -940,18 +949,19 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy findByName(String name, String resourceServerId) {
|
public Policy findByName(ResourceServer resourceServer, String name) {
|
||||||
if (name == null) return null;
|
if (name == null) return null;
|
||||||
|
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||||
String cacheKey = getPolicyByNameCacheKey(name, resourceServerId);
|
String cacheKey = getPolicyByNameCacheKey(name, resourceServerId);
|
||||||
List<Policy> result = cacheQuery(cacheKey, PolicyListQuery.class, () -> {
|
List<Policy> result = cacheQuery(cacheKey, PolicyListQuery.class, () -> {
|
||||||
Policy policy = getPolicyStoreDelegate().findByName(name, resourceServerId);
|
Policy policy = getPolicyStoreDelegate().findByName(resourceServer, name);
|
||||||
|
|
||||||
if (policy == null) {
|
if (policy == null) {
|
||||||
return Collections.emptyList();
|
return Collections.emptyList();
|
||||||
}
|
}
|
||||||
|
|
||||||
return Arrays.asList(policy);
|
return Arrays.asList(policy);
|
||||||
}, (revision, policies) -> new PolicyListQuery(revision, cacheKey, policies.stream().map(policy -> policy.getId()).collect(Collectors.toSet()), resourceServerId), resourceServerId);
|
}, (revision, policies) -> new PolicyListQuery(revision, cacheKey, policies.stream().map(Policy::getId).collect(Collectors.toSet()), resourceServerId), resourceServer);
|
||||||
|
|
||||||
if (result.isEmpty()) {
|
if (result.isEmpty()) {
|
||||||
return null;
|
return null;
|
||||||
|
@ -961,28 +971,30 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Policy> findByResourceServer(String resourceServerId) {
|
public List<Policy> findByResourceServer(ResourceServer resourceServer) {
|
||||||
return getPolicyStoreDelegate().findByResourceServer(resourceServerId);
|
return getPolicyStoreDelegate().findByResourceServer(resourceServer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Policy> findByResourceServer(Map<Policy.FilterOption, String[]> attributes, String resourceServerId, int firstResult, int maxResult) {
|
public List<Policy> findByResourceServer(ResourceServer resourceServer, Map<Policy.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults) {
|
||||||
return getPolicyStoreDelegate().findByResourceServer(attributes, resourceServerId, firstResult, maxResult);
|
return getPolicyStoreDelegate().findByResourceServer(resourceServer, attributes, firstResult, maxResults);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Policy> findByResource(String resourceId, String resourceServerId) {
|
public List<Policy> findByResource(ResourceServer resourceServer, Resource resource) {
|
||||||
String cacheKey = getPolicyByResource(resourceId, resourceServerId);
|
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||||
return cacheQuery(cacheKey, PolicyResourceListQuery.class, () -> getPolicyStoreDelegate().findByResource(resourceId, resourceServerId),
|
String cacheKey = getPolicyByResource(resource.getId(), resourceServerId);
|
||||||
(revision, policies) -> new PolicyResourceListQuery(revision, cacheKey, resourceId, policies.stream().map(policy -> policy.getId()).collect(Collectors.toSet()), resourceServerId), resourceServerId);
|
return cacheQuery(cacheKey, PolicyResourceListQuery.class, () -> getPolicyStoreDelegate().findByResource(resourceServer, resource),
|
||||||
|
(revision, policies) -> new PolicyResourceListQuery(revision, cacheKey, resource.getId(), policies.stream().map(Policy::getId).collect(Collectors.toSet()), resourceServerId), resourceServer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByResource(String resourceId, String resourceServerId, Consumer<Policy> consumer) {
|
public void findByResource(ResourceServer resourceServer, Resource resource, Consumer<Policy> consumer) {
|
||||||
String cacheKey = getPolicyByResource(resourceId, resourceServerId);
|
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||||
|
String cacheKey = getPolicyByResource(resource.getId(), resourceServerId);
|
||||||
cacheQuery(cacheKey, PolicyResourceListQuery.class, () -> {
|
cacheQuery(cacheKey, PolicyResourceListQuery.class, () -> {
|
||||||
List<Policy> policies = new ArrayList<>();
|
List<Policy> policies = new ArrayList<>();
|
||||||
getPolicyStoreDelegate().findByResource(resourceId, resourceServerId, new Consumer<Policy>() {
|
getPolicyStoreDelegate().findByResource(resourceServer, resource, new Consumer<Policy>() {
|
||||||
@Override
|
@Override
|
||||||
public void accept(Policy policy) {
|
public void accept(Policy policy) {
|
||||||
consumer.andThen(policies::add)
|
consumer.andThen(policies::add)
|
||||||
|
@ -992,22 +1004,24 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
});
|
});
|
||||||
return policies;
|
return policies;
|
||||||
},
|
},
|
||||||
(revision, policies) -> new PolicyResourceListQuery(revision, cacheKey, resourceId, policies.stream().map(policy -> policy.getId()).collect(Collectors.toSet()), resourceServerId), resourceServerId, consumer);
|
(revision, policies) -> new PolicyResourceListQuery(revision, cacheKey, resource.getId(), policies.stream().map(Policy::getId).collect(Collectors.toSet()), resourceServerId), resourceServer, consumer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Policy> findByResourceType(String resourceType, String resourceServerId) {
|
public List<Policy> findByResourceType(ResourceServer resourceServer, String resourceType) {
|
||||||
|
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||||
String cacheKey = getPolicyByResourceType(resourceType, resourceServerId);
|
String cacheKey = getPolicyByResourceType(resourceType, resourceServerId);
|
||||||
return cacheQuery(cacheKey, PolicyResourceListQuery.class, () -> getPolicyStoreDelegate().findByResourceType(resourceType, resourceServerId),
|
return cacheQuery(cacheKey, PolicyResourceListQuery.class, () -> getPolicyStoreDelegate().findByResourceType(resourceServer, resourceType),
|
||||||
(revision, policies) -> new PolicyResourceListQuery(revision, cacheKey, resourceType, policies.stream().map(policy -> policy.getId()).collect(Collectors.toSet()), resourceServerId), resourceServerId);
|
(revision, policies) -> new PolicyResourceListQuery(revision, cacheKey, resourceType, policies.stream().map(Policy::getId).collect(Collectors.toSet()), resourceServerId), resourceServer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByResourceType(String resourceType, String resourceServerId, Consumer<Policy> consumer) {
|
public void findByResourceType(ResourceServer resourceServer, String resourceType, Consumer<Policy> consumer) {
|
||||||
|
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||||
String cacheKey = getPolicyByResourceType(resourceType, resourceServerId);
|
String cacheKey = getPolicyByResourceType(resourceType, resourceServerId);
|
||||||
cacheQuery(cacheKey, PolicyResourceListQuery.class, () -> {
|
cacheQuery(cacheKey, PolicyResourceListQuery.class, () -> {
|
||||||
List<Policy> policies = new ArrayList<>();
|
List<Policy> policies = new ArrayList<>();
|
||||||
getPolicyStoreDelegate().findByResourceType(resourceType, resourceServerId, new Consumer<Policy>() {
|
getPolicyStoreDelegate().findByResourceType(resourceServer, resourceType, new Consumer<Policy>() {
|
||||||
@Override
|
@Override
|
||||||
public void accept(Policy policy) {
|
public void accept(Policy policy) {
|
||||||
consumer.andThen(policies::add)
|
consumer.andThen(policies::add)
|
||||||
|
@ -1017,71 +1031,75 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
});
|
});
|
||||||
return policies;
|
return policies;
|
||||||
},
|
},
|
||||||
(revision, policies) -> new PolicyResourceListQuery(revision, cacheKey, resourceType, policies.stream().map(policy -> policy.getId()).collect(Collectors.toSet()), resourceServerId), resourceServerId, consumer);
|
(revision, policies) -> new PolicyResourceListQuery(revision, cacheKey, resourceType, policies.stream().map(Policy::getId).collect(Collectors.toSet()), resourceServerId), resourceServer, consumer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Policy> findByScopeIds(List<String> scopeIds, String resourceServerId) {
|
public List<Policy> findByScopes(ResourceServer resourceServer, List<Scope> scopes) {
|
||||||
if (scopeIds == null) return null;
|
if (scopes == null) return null;
|
||||||
Set<Policy> result = new HashSet<>();
|
Set<Policy> result = new HashSet<>();
|
||||||
|
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||||
|
|
||||||
for (String id : scopeIds) {
|
for (Scope scope : scopes) {
|
||||||
String cacheKey = getPolicyByScope(id, resourceServerId);
|
String cacheKey = getPolicyByScope(scope.getId(), resourceServerId);
|
||||||
result.addAll(cacheQuery(cacheKey, PolicyScopeListQuery.class, () -> getPolicyStoreDelegate().findByScopeIds(Arrays.asList(id), resourceServerId), (revision, resources) -> new PolicyScopeListQuery(revision, cacheKey, id, resources.stream().map(resource -> resource.getId()).collect(Collectors.toSet()), resourceServerId), resourceServerId));
|
result.addAll(cacheQuery(cacheKey, PolicyScopeListQuery.class, () -> getPolicyStoreDelegate().findByScopes(resourceServer, Collections.singletonList(scope)), (revision, resources) -> new PolicyScopeListQuery(revision, cacheKey, scope.getId(), resources.stream().map(resource -> resource.getId()).collect(Collectors.toSet()), resourceServerId), resourceServer));
|
||||||
}
|
}
|
||||||
|
|
||||||
return new ArrayList<>(result);
|
return new ArrayList<>(result);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Policy> findByScopeIds(List<String> scopeIds, String resourceId, String resourceServerId) {
|
public List<Policy> findByScopes(ResourceServer resourceServer, Resource resource, List<Scope> scopes) {
|
||||||
if (scopeIds == null) return null;
|
if (scopes == null) return null;
|
||||||
Set<Policy> result = new HashSet<>();
|
Set<Policy> result = new HashSet<>();
|
||||||
|
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||||
|
|
||||||
for (String id : scopeIds) {
|
for (Scope scope : scopes) {
|
||||||
String cacheKey = getPolicyByResourceScope(id, resourceId, resourceServerId);
|
String cacheKey = getPolicyByResourceScope(scope.getId(), resource.getId(), resourceServerId);
|
||||||
result.addAll(cacheQuery(cacheKey, PolicyScopeListQuery.class, () -> getPolicyStoreDelegate().findByScopeIds(Arrays.asList(id), resourceId, resourceServerId), (revision, resources) -> new PolicyScopeListQuery(revision, cacheKey, id, resources.stream().map(resource -> resource.getId()).collect(Collectors.toSet()), resourceServerId), resourceServerId));
|
result.addAll(cacheQuery(cacheKey, PolicyScopeListQuery.class, () -> getPolicyStoreDelegate().findByScopes(resourceServer, resource, Collections.singletonList(scope)), (revision, resources) -> new PolicyScopeListQuery(revision, cacheKey, scope.getId(), resources.stream().map(Policy::getId).collect(Collectors.toSet()), resourceServerId), resourceServer));
|
||||||
}
|
}
|
||||||
|
|
||||||
return new ArrayList<>(result);
|
return new ArrayList<>(result);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByScopeIds(List<String> scopeIds, String resourceId, String resourceServerId, Consumer<Policy> consumer) {
|
public void findByScopes(ResourceServer resourceServer, Resource resource, List<Scope> scopes, Consumer<Policy> consumer) {
|
||||||
for (String id : scopeIds) {
|
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||||
String cacheKey = getPolicyByResourceScope(id, resourceId, resourceServerId);
|
String resourceId = resource == null ? null : resource.getId();
|
||||||
|
for (Scope scope : scopes) {
|
||||||
|
String cacheKey = getPolicyByResourceScope(scope.getId(), resourceId, resourceServerId);
|
||||||
cacheQuery(cacheKey, PolicyScopeListQuery.class, () -> {
|
cacheQuery(cacheKey, PolicyScopeListQuery.class, () -> {
|
||||||
List<Policy> policies = new ArrayList<>();
|
List<Policy> policies = new ArrayList<>();
|
||||||
getPolicyStoreDelegate().findByScopeIds(Arrays.asList(id), resourceId, resourceServerId,
|
getPolicyStoreDelegate().findByScopes(resourceServer, resource, Collections.singletonList(scope),
|
||||||
policy -> {
|
policy -> {
|
||||||
consumer.andThen(policies::add)
|
consumer.andThen(policies::add)
|
||||||
.andThen(StoreFactoryCacheSession.this::cachePolicy)
|
.andThen(StoreFactoryCacheSession.this::cachePolicy)
|
||||||
.accept(policy);
|
.accept(policy);
|
||||||
});
|
});
|
||||||
return policies;
|
return policies;
|
||||||
}, (revision, resources) -> new PolicyScopeListQuery(revision, cacheKey, id, resources.stream().map(resource -> resource.getId()).collect(Collectors.toSet()), resourceServerId), resourceServerId, consumer);
|
}, (revision, resources) -> new PolicyScopeListQuery(revision, cacheKey, scope.getId(), resources.stream().map(Policy::getId).collect(Collectors.toSet()), resourceServerId), resourceServer, consumer);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Policy> findByType(String type, String resourceServerId) {
|
public List<Policy> findByType(ResourceServer resourceServer, String type) {
|
||||||
return getPolicyStoreDelegate().findByType(type, resourceServerId);
|
return getPolicyStoreDelegate().findByType(resourceServer, type);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Policy> findDependentPolicies(String id, String resourceServerId) {
|
public List<Policy> findDependentPolicies(ResourceServer resourceServer, String id) {
|
||||||
return getPolicyStoreDelegate().findDependentPolicies(id, resourceServerId);
|
return getPolicyStoreDelegate().findDependentPolicies(resourceServer, id);
|
||||||
}
|
}
|
||||||
|
|
||||||
private <R extends Policy, Q extends PolicyQuery> List<R> cacheQuery(String cacheKey, Class<Q> queryType, Supplier<List<R>> resultSupplier, BiFunction<Long, List<R>, Q> querySupplier, String resourceServerId) {
|
private <R extends Policy, Q extends PolicyQuery> List<R> cacheQuery(String cacheKey, Class<Q> queryType, Supplier<List<R>> resultSupplier, BiFunction<Long, List<R>, Q> querySupplier, ResourceServer resourceServer) {
|
||||||
return cacheQuery(cacheKey, queryType, resultSupplier, querySupplier, resourceServerId, null, true);
|
return cacheQuery(cacheKey, queryType, resultSupplier, querySupplier, resourceServer, null, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
private <R extends Policy, Q extends PolicyQuery> List<R> cacheQuery(String cacheKey, Class<Q> queryType, Supplier<List<R>> resultSupplier, BiFunction<Long, List<R>, Q> querySupplier, String resourceServerId, Consumer<R> consumer) {
|
private <R extends Policy, Q extends PolicyQuery> List<R> cacheQuery(String cacheKey, Class<Q> queryType, Supplier<List<R>> resultSupplier, BiFunction<Long, List<R>, Q> querySupplier, ResourceServer resourceServer, Consumer<R> consumer) {
|
||||||
return cacheQuery(cacheKey, queryType, resultSupplier, querySupplier, resourceServerId, consumer, false);
|
return cacheQuery(cacheKey, queryType, resultSupplier, querySupplier, resourceServer, consumer, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
private <R extends Policy, Q extends PolicyQuery> List<R> cacheQuery(String cacheKey, Class<Q> queryType, Supplier<List<R>> resultSupplier, BiFunction<Long, List<R>, Q> querySupplier, String resourceServerId, Consumer<R> consumer, boolean cacheResults) {
|
private <R extends Policy, Q extends PolicyQuery> List<R> cacheQuery(String cacheKey, Class<Q> queryType, Supplier<List<R>> resultSupplier, BiFunction<Long, List<R>, Q> querySupplier, ResourceServer resourceServer, Consumer<R> consumer, boolean cacheResults) {
|
||||||
Q query = cache.get(cacheKey, queryType);
|
Q query = cache.get(cacheKey, queryType);
|
||||||
if (query != null) {
|
if (query != null) {
|
||||||
logger.tracev("cache hit for key: {0}", cacheKey);
|
logger.tracev("cache hit for key: {0}", cacheKey);
|
||||||
|
@ -1103,10 +1121,10 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
|
|
||||||
if (consumer != null) {
|
if (consumer != null) {
|
||||||
for (String id : policies) {
|
for (String id : policies) {
|
||||||
consumer.accept((R) findById(id, resourceServerId));
|
consumer.accept((R) findById(resourceServer, id));
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
model = policies.stream().map(resourceId -> (R) findById(resourceId, resourceServerId))
|
model = policies.stream().map(resourceId -> (R) findById(resourceServer, resourceId))
|
||||||
.filter(Objects::nonNull).collect(Collectors.toList());
|
.filter(Objects::nonNull).collect(Collectors.toList());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1119,21 +1137,21 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
|
|
||||||
protected class PermissionTicketCache implements PermissionTicketStore {
|
protected class PermissionTicketCache implements PermissionTicketStore {
|
||||||
@Override
|
@Override
|
||||||
public long count(Map<PermissionTicket.FilterOption, String> attributes, String resourceServerId) {
|
public long count(ResourceServer resourceServer, Map<PermissionTicket.FilterOption, String> attributes) {
|
||||||
return getPermissionTicketStoreDelegate().count(attributes, resourceServerId);
|
return getPermissionTicketStoreDelegate().count(resourceServer, attributes);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public PermissionTicket create(String resourceId, String scopeId, String requester, ResourceServer resourceServer) {
|
public PermissionTicket create(ResourceServer resourceServer, Resource resource, Scope scope, String requester) {
|
||||||
PermissionTicket created = getPermissionTicketStoreDelegate().create(resourceId, scopeId, requester, resourceServer);
|
PermissionTicket created = getPermissionTicketStoreDelegate().create(resourceServer, resource, scope, requester);
|
||||||
registerPermissionTicketInvalidation(created.getId(), created.getOwner(), created.getRequester(), created.getResource().getId(), created.getResource().getName(), scopeId, created.getResourceServer().getId());
|
registerPermissionTicketInvalidation(created.getId(), created.getOwner(), created.getRequester(), created.getResource().getId(), created.getResource().getName(), scope == null ? null : scope.getId(), created.getResourceServer().getId());
|
||||||
return created;
|
return created;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void delete(String id) {
|
public void delete(String id) {
|
||||||
if (id == null) return;
|
if (id == null) return;
|
||||||
PermissionTicket permission = findById(id, null);
|
PermissionTicket permission = findById(null, id);
|
||||||
if (permission == null) return;
|
if (permission == null) return;
|
||||||
|
|
||||||
cache.invalidateObject(id);
|
cache.invalidateObject(id);
|
||||||
|
@ -1149,7 +1167,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public PermissionTicket findById(String id, String resourceServerId) {
|
public PermissionTicket findById(ResourceServer resourceServer, String id) {
|
||||||
if (id == null) return null;
|
if (id == null) return null;
|
||||||
|
|
||||||
CachedPermissionTicket cached = cache.get(id, CachedPermissionTicket.class);
|
CachedPermissionTicket cached = cache.get(id, CachedPermissionTicket.class);
|
||||||
|
@ -1159,7 +1177,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
if (cached == null) {
|
if (cached == null) {
|
||||||
Long loaded = cache.getCurrentRevision(id);
|
Long loaded = cache.getCurrentRevision(id);
|
||||||
if (! modelMightExist(id)) return null;
|
if (! modelMightExist(id)) return null;
|
||||||
PermissionTicket model = getPermissionTicketStoreDelegate().findById(id, resourceServerId);
|
PermissionTicket model = getPermissionTicketStoreDelegate().findById(resourceServer, id);
|
||||||
if (model == null) {
|
if (model == null) {
|
||||||
setModelDoesNotExists(id, loaded);
|
setModelDoesNotExists(id, loaded);
|
||||||
return null;
|
return null;
|
||||||
|
@ -1168,7 +1186,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
cached = new CachedPermissionTicket(loaded, model);
|
cached = new CachedPermissionTicket(loaded, model);
|
||||||
cache.addRevisioned(cached, startupRevision);
|
cache.addRevisioned(cached, startupRevision);
|
||||||
} else if (invalidations.contains(id)) {
|
} else if (invalidations.contains(id)) {
|
||||||
return getPermissionTicketStoreDelegate().findById(id, resourceServerId);
|
return getPermissionTicketStoreDelegate().findById(resourceServer, id);
|
||||||
} else if (managedPermissionTickets.containsKey(id)) {
|
} else if (managedPermissionTickets.containsKey(id)) {
|
||||||
return managedPermissionTickets.get(id);
|
return managedPermissionTickets.get(id);
|
||||||
}
|
}
|
||||||
|
@ -1178,61 +1196,66 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<PermissionTicket> findByResourceServer(String resourceServerId) {
|
public List<PermissionTicket> findByResourceServer(ResourceServer resourceServer) {
|
||||||
return getPermissionTicketStoreDelegate().findByResourceServer(resourceServerId);
|
return getPermissionTicketStoreDelegate().findByResourceServer(resourceServer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<PermissionTicket> findByResource(String resourceId, String resourceServerId) {
|
public List<PermissionTicket> findByResource(ResourceServer resourceServer, Resource resource) {
|
||||||
String cacheKey = getPermissionTicketByResource(resourceId, resourceServerId);
|
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||||
return cacheQuery(cacheKey, PermissionTicketResourceListQuery.class, () -> getPermissionTicketStoreDelegate().findByResource(resourceId, resourceServerId),
|
String cacheKey = getPermissionTicketByResource(resource.getId(), resourceServerId);
|
||||||
(revision, permissions) -> new PermissionTicketResourceListQuery(revision, cacheKey, resourceId, permissions.stream().map(permission -> permission.getId()).collect(Collectors.toSet()), resourceServerId), resourceServerId);
|
return cacheQuery(cacheKey, PermissionTicketResourceListQuery.class, () -> getPermissionTicketStoreDelegate().findByResource(resourceServer, resource),
|
||||||
|
(revision, permissions) -> new PermissionTicketResourceListQuery(revision, cacheKey, resource.getId(), permissions.stream().map(PermissionTicket::getId).collect(Collectors.toSet()), resourceServerId), resourceServer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<PermissionTicket> findByScope(String scopeId, String resourceServerId) {
|
public List<PermissionTicket> findByScope(ResourceServer resourceServer, Scope scope) {
|
||||||
String cacheKey = getPermissionTicketByScope(scopeId, resourceServerId);
|
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||||
return cacheQuery(cacheKey, PermissionTicketScopeListQuery.class, () -> getPermissionTicketStoreDelegate().findByScope(scopeId, resourceServerId),
|
String cacheKey = getPermissionTicketByScope(scope.getId(), resourceServerId);
|
||||||
(revision, permissions) -> new PermissionTicketScopeListQuery(revision, cacheKey, scopeId, permissions.stream().map(permission -> permission.getId()).collect(Collectors.toSet()), resourceServerId), resourceServerId);
|
return cacheQuery(cacheKey, PermissionTicketScopeListQuery.class, () -> getPermissionTicketStoreDelegate().findByScope(resourceServer, scope),
|
||||||
|
(revision, permissions) -> new PermissionTicketScopeListQuery(revision, cacheKey, scope.getId(), permissions.stream().map(PermissionTicket::getId).collect(Collectors.toSet()), resourceServerId), resourceServer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<PermissionTicket> find(Map<PermissionTicket.FilterOption, String> attributes, String resourceServerId, int firstResult, int maxResult) {
|
public List<PermissionTicket> find(ResourceServer resourceServer, Map<PermissionTicket.FilterOption, String> attributes, Integer firstResult, Integer maxResult) {
|
||||||
return getPermissionTicketStoreDelegate().find(attributes, resourceServerId, firstResult, maxResult);
|
return getPermissionTicketStoreDelegate().find(resourceServer, attributes, firstResult, maxResult);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<PermissionTicket> findGranted(String userId, String resourceServerId) {
|
public List<PermissionTicket> findGranted(ResourceServer resourceServer, String userId) {
|
||||||
|
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||||
String cacheKey = getPermissionTicketByGranted(userId, resourceServerId);
|
String cacheKey = getPermissionTicketByGranted(userId, resourceServerId);
|
||||||
return cacheQuery(cacheKey, PermissionTicketListQuery.class, () -> getPermissionTicketStoreDelegate().findGranted(userId, resourceServerId),
|
return cacheQuery(cacheKey, PermissionTicketListQuery.class, () -> getPermissionTicketStoreDelegate().findGranted(resourceServer, userId),
|
||||||
(revision, permissions) -> new PermissionTicketListQuery(revision, cacheKey, permissions.stream().map(permission -> permission.getId()).collect(Collectors.toSet()), resourceServerId), resourceServerId);
|
(revision, permissions) -> new PermissionTicketListQuery(revision, cacheKey, permissions.stream().map(PermissionTicket::getId).collect(Collectors.toSet()), resourceServerId), resourceServer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<PermissionTicket> findGranted(String resourceName, String userId, String resourceServerId) {
|
public List<PermissionTicket> findGranted(ResourceServer resourceServer, String resourceName, String userId) {
|
||||||
|
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||||
String cacheKey = getPermissionTicketByResourceNameAndGranted(resourceName, userId, resourceServerId);
|
String cacheKey = getPermissionTicketByResourceNameAndGranted(resourceName, userId, resourceServerId);
|
||||||
return cacheQuery(cacheKey, PermissionTicketListQuery.class, () -> getPermissionTicketStoreDelegate().findGranted(resourceName, userId, resourceServerId),
|
return cacheQuery(cacheKey, PermissionTicketListQuery.class, () -> getPermissionTicketStoreDelegate().findGranted(resourceServer, resourceName, userId),
|
||||||
(revision, permissions) -> new PermissionTicketResourceListQuery(revision, cacheKey, resourceName, permissions.stream().map(permission -> permission.getId()).collect(Collectors.toSet()), resourceServerId), resourceServerId);
|
(revision, permissions) -> new PermissionTicketResourceListQuery(revision, cacheKey, resourceName, permissions.stream().map(PermissionTicket::getId).collect(Collectors.toSet()), resourceServerId), resourceServer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findGrantedResources(String requester, String name, int first, int max) {
|
public List<Resource> findGrantedResources(String requester, String name, Integer first, Integer max) {
|
||||||
return getPermissionTicketStoreDelegate().findGrantedResources(requester, name, first, max);
|
return getPermissionTicketStoreDelegate().findGrantedResources(requester, name, first, max);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findGrantedOwnerResources(String owner, int first, int max) {
|
public List<Resource> findGrantedOwnerResources(String owner, Integer firstResult, Integer maxResults) {
|
||||||
return getPermissionTicketStoreDelegate().findGrantedOwnerResources(owner, first, max);
|
return getPermissionTicketStoreDelegate().findGrantedOwnerResources(owner, firstResult, maxResults);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<PermissionTicket> findByOwner(String owner, String resourceServerId) {
|
public List<PermissionTicket> findByOwner(ResourceServer resourceServer, String owner) {
|
||||||
|
String resourceServerId = resourceServer == null ? null : resourceServer.getId();
|
||||||
String cacheKey = getPermissionTicketByOwner(owner, resourceServerId);
|
String cacheKey = getPermissionTicketByOwner(owner, resourceServerId);
|
||||||
return cacheQuery(cacheKey, PermissionTicketListQuery.class, () -> getPermissionTicketStoreDelegate().findByOwner(owner, resourceServerId),
|
return cacheQuery(cacheKey, PermissionTicketListQuery.class, () -> getPermissionTicketStoreDelegate().findByOwner(resourceServer, owner),
|
||||||
(revision, permissions) -> new PermissionTicketListQuery(revision, cacheKey, permissions.stream().map(permission -> permission.getId()).collect(Collectors.toSet()), resourceServerId), resourceServerId);
|
(revision, permissions) -> new PermissionTicketListQuery(revision, cacheKey, permissions.stream().map(PermissionTicket::getId).collect(Collectors.toSet()), resourceServerId), resourceServer);
|
||||||
}
|
}
|
||||||
|
|
||||||
private <R, Q extends PermissionTicketQuery> List<R> cacheQuery(String cacheKey, Class<Q> queryType, Supplier<List<R>> resultSupplier, BiFunction<Long, List<R>, Q> querySupplier, String resourceServerId) {
|
private <R, Q extends PermissionTicketQuery> List<R> cacheQuery(String cacheKey, Class<Q> queryType, Supplier<List<R>> resultSupplier, BiFunction<Long, List<R>, Q> querySupplier, ResourceServer resourceServer) {
|
||||||
Q query = cache.get(cacheKey, queryType);
|
Q query = cache.get(cacheKey, queryType);
|
||||||
if (query != null) {
|
if (query != null) {
|
||||||
logger.tracev("cache hit for key: {0}", cacheKey);
|
logger.tracev("cache hit for key: {0}", cacheKey);
|
||||||
|
@ -1248,7 +1271,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
|
||||||
} else if (query.isInvalid(invalidations)) {
|
} else if (query.isInvalid(invalidations)) {
|
||||||
return resultSupplier.get();
|
return resultSupplier.get();
|
||||||
} else {
|
} else {
|
||||||
return query.getPermissions().stream().map(resourceId -> (R) findById(resourceId, resourceServerId)).collect(Collectors.toList());
|
return query.getPermissions().stream().map(resourceId -> (R) findById(resourceServer, resourceId)).collect(Collectors.toList());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -56,7 +56,7 @@ public class CachedResource extends AbstractRevisioned implements InResourceServ
|
||||||
this.type = resource.getType();
|
this.type = resource.getType();
|
||||||
this.owner = resource.getOwner();
|
this.owner = resource.getOwner();
|
||||||
this.iconUri = resource.getIconUri();
|
this.iconUri = resource.getIconUri();
|
||||||
this.resourceServerId = resource.getResourceServer();
|
this.resourceServerId = resource.getResourceServer().getId();
|
||||||
ownerManagedAccess = resource.isOwnerManagedAccess();
|
ownerManagedAccess = resource.isOwnerManagedAccess();
|
||||||
|
|
||||||
this.uris = new DefaultLazyLoader<>(source -> new HashSet<>(source.getUris()), Collections::emptySet);
|
this.uris = new DefaultLazyLoader<>(source -> new HashSet<>(source.getUris()), Collections::emptySet);
|
||||||
|
|
|
@ -37,8 +37,10 @@ import org.keycloak.authorization.jpa.entities.PermissionTicketEntity;
|
||||||
import org.keycloak.authorization.model.PermissionTicket;
|
import org.keycloak.authorization.model.PermissionTicket;
|
||||||
import org.keycloak.authorization.model.Resource;
|
import org.keycloak.authorization.model.Resource;
|
||||||
import org.keycloak.authorization.model.ResourceServer;
|
import org.keycloak.authorization.model.ResourceServer;
|
||||||
|
import org.keycloak.authorization.model.Scope;
|
||||||
import org.keycloak.authorization.store.PermissionTicketStore;
|
import org.keycloak.authorization.store.PermissionTicketStore;
|
||||||
import org.keycloak.authorization.store.ResourceStore;
|
import org.keycloak.authorization.store.ResourceStore;
|
||||||
|
import org.keycloak.common.util.Time;
|
||||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||||
import javax.persistence.LockModeType;
|
import javax.persistence.LockModeType;
|
||||||
|
|
||||||
|
@ -59,14 +61,14 @@ public class JPAPermissionTicketStore implements PermissionTicketStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public long count(Map<PermissionTicket.FilterOption, String> attributes, String resourceServerId) {
|
public long count(ResourceServer resourceServer, Map<PermissionTicket.FilterOption, String> attributes) {
|
||||||
CriteriaBuilder builder = entityManager.getCriteriaBuilder();
|
CriteriaBuilder builder = entityManager.getCriteriaBuilder();
|
||||||
CriteriaQuery<Long> querybuilder = builder.createQuery(Long.class);
|
CriteriaQuery<Long> querybuilder = builder.createQuery(Long.class);
|
||||||
Root<PermissionTicketEntity> root = querybuilder.from(PermissionTicketEntity.class);
|
Root<PermissionTicketEntity> root = querybuilder.from(PermissionTicketEntity.class);
|
||||||
|
|
||||||
querybuilder.select(root.get("id"));
|
querybuilder.select(root.get("id"));
|
||||||
|
|
||||||
List<Predicate> predicates = getPredicates(builder, root, resourceServerId, attributes);
|
List<Predicate> predicates = getPredicates(builder, root, resourceServer, attributes);
|
||||||
|
|
||||||
querybuilder.where(predicates.toArray(new Predicate[predicates.size()])).orderBy(builder.asc(root.get("id")));
|
querybuilder.where(predicates.toArray(new Predicate[predicates.size()])).orderBy(builder.asc(root.get("id")));
|
||||||
|
|
||||||
|
@ -77,12 +79,12 @@ public class JPAPermissionTicketStore implements PermissionTicketStore {
|
||||||
|
|
||||||
private List<Predicate> getPredicates(CriteriaBuilder builder,
|
private List<Predicate> getPredicates(CriteriaBuilder builder,
|
||||||
Root<PermissionTicketEntity> root,
|
Root<PermissionTicketEntity> root,
|
||||||
String resourceServerId,
|
ResourceServer resourceServer,
|
||||||
Map<PermissionTicket.FilterOption, String> attributes) {
|
Map<PermissionTicket.FilterOption, String> attributes) {
|
||||||
List<Predicate> predicates = new ArrayList<>();
|
List<Predicate> predicates = new ArrayList<>();
|
||||||
|
|
||||||
if (resourceServerId != null) {
|
if (resourceServer != null) {
|
||||||
predicates.add(builder.equal(root.get("resourceServer").get("id"), resourceServerId));
|
predicates.add(builder.equal(root.get("resourceServer").get("id"), resourceServer.getId()));
|
||||||
}
|
}
|
||||||
|
|
||||||
attributes.forEach((filterOption, value) -> {
|
attributes.forEach((filterOption, value) -> {
|
||||||
|
@ -127,16 +129,16 @@ public class JPAPermissionTicketStore implements PermissionTicketStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public PermissionTicket create(String resourceId, String scopeId, String requester, ResourceServer resourceServer) {
|
public PermissionTicket create(ResourceServer resourceServer, Resource resource, Scope scope, String requester) {
|
||||||
PermissionTicketEntity entity = new PermissionTicketEntity();
|
PermissionTicketEntity entity = new PermissionTicketEntity();
|
||||||
|
|
||||||
entity.setId(KeycloakModelUtils.generateId());
|
entity.setId(KeycloakModelUtils.generateId());
|
||||||
entity.setResource(ResourceAdapter.toEntity(entityManager, provider.getStoreFactory().getResourceStore().findById(resourceId, resourceServer.getId())));
|
entity.setResource(ResourceAdapter.toEntity(entityManager, resource));
|
||||||
entity.setRequester(requester);
|
entity.setRequester(requester);
|
||||||
entity.setCreatedTimestamp(System.currentTimeMillis());
|
entity.setCreatedTimestamp(Time.currentTimeMillis());
|
||||||
|
|
||||||
if (scopeId != null) {
|
if (scope != null) {
|
||||||
entity.setScope(ScopeAdapter.toEntity(entityManager, provider.getStoreFactory().getScopeStore().findById(scopeId, resourceServer.getId())));
|
entity.setScope(ScopeAdapter.toEntity(entityManager, scope));
|
||||||
}
|
}
|
||||||
|
|
||||||
entity.setOwner(entity.getResource().getOwner());
|
entity.setOwner(entity.getResource().getOwner());
|
||||||
|
@ -158,7 +160,7 @@ public class JPAPermissionTicketStore implements PermissionTicketStore {
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public PermissionTicket findById(String id, String resourceServerId) {
|
public PermissionTicket findById(ResourceServer resourceServer, String id) {
|
||||||
if (id == null) {
|
if (id == null) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
@ -170,17 +172,17 @@ public class JPAPermissionTicketStore implements PermissionTicketStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<PermissionTicket> findByResourceServer(final String resourceServerId) {
|
public List<PermissionTicket> findByResourceServer(final ResourceServer resourceServer) {
|
||||||
TypedQuery<String> query = entityManager.createNamedQuery("findPolicyIdByServerId", String.class);
|
TypedQuery<String> query = entityManager.createNamedQuery("findPolicyIdByServerId", String.class);
|
||||||
|
|
||||||
query.setParameter("serverId", resourceServerId);
|
query.setParameter("serverId", resourceServer == null ? null : resourceServer.getId());
|
||||||
|
|
||||||
List<String> result = query.getResultList();
|
List<String> result = query.getResultList();
|
||||||
List<PermissionTicket> list = new LinkedList<>();
|
List<PermissionTicket> list = new LinkedList<>();
|
||||||
PermissionTicketStore ticketStore = provider.getStoreFactory().getPermissionTicketStore();
|
PermissionTicketStore ticketStore = provider.getStoreFactory().getPermissionTicketStore();
|
||||||
|
|
||||||
for (String id : result) {
|
for (String id : result) {
|
||||||
PermissionTicket ticket = ticketStore.findById(id, resourceServerId);
|
PermissionTicket ticket = ticketStore.findById(resourceServer, id);
|
||||||
if (Objects.nonNull(ticket)) {
|
if (Objects.nonNull(ticket)) {
|
||||||
list.add(ticket);
|
list.add(ticket);
|
||||||
}
|
}
|
||||||
|
@ -190,19 +192,19 @@ public class JPAPermissionTicketStore implements PermissionTicketStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<PermissionTicket> findByResource(final String resourceId, String resourceServerId) {
|
public List<PermissionTicket> findByResource(ResourceServer resourceServer, final Resource resource) {
|
||||||
TypedQuery<String> query = entityManager.createNamedQuery("findPermissionIdByResource", String.class);
|
TypedQuery<String> query = entityManager.createNamedQuery("findPermissionIdByResource", String.class);
|
||||||
|
|
||||||
query.setFlushMode(FlushModeType.COMMIT);
|
query.setFlushMode(FlushModeType.COMMIT);
|
||||||
query.setParameter("resourceId", resourceId);
|
query.setParameter("resourceId", resource.getId());
|
||||||
query.setParameter("serverId", resourceServerId);
|
query.setParameter("serverId", resourceServer == null ? null : resourceServer.getId());
|
||||||
|
|
||||||
List<String> result = query.getResultList();
|
List<String> result = query.getResultList();
|
||||||
List<PermissionTicket> list = new LinkedList<>();
|
List<PermissionTicket> list = new LinkedList<>();
|
||||||
PermissionTicketStore ticketStore = provider.getStoreFactory().getPermissionTicketStore();
|
PermissionTicketStore ticketStore = provider.getStoreFactory().getPermissionTicketStore();
|
||||||
|
|
||||||
for (String id : result) {
|
for (String id : result) {
|
||||||
PermissionTicket ticket = ticketStore.findById(id, resourceServerId);
|
PermissionTicket ticket = ticketStore.findById(resourceServer, id);
|
||||||
if (Objects.nonNull(ticket)) {
|
if (Objects.nonNull(ticket)) {
|
||||||
list.add(ticket);
|
list.add(ticket);
|
||||||
}
|
}
|
||||||
|
@ -212,8 +214,8 @@ public class JPAPermissionTicketStore implements PermissionTicketStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<PermissionTicket> findByScope(String scopeId, String resourceServerId) {
|
public List<PermissionTicket> findByScope(ResourceServer resourceServer, Scope scope) {
|
||||||
if (scopeId==null) {
|
if (scope == null) {
|
||||||
return Collections.emptyList();
|
return Collections.emptyList();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -221,15 +223,15 @@ public class JPAPermissionTicketStore implements PermissionTicketStore {
|
||||||
TypedQuery<String> query = entityManager.createNamedQuery("findPermissionIdByScope", String.class);
|
TypedQuery<String> query = entityManager.createNamedQuery("findPermissionIdByScope", String.class);
|
||||||
|
|
||||||
query.setFlushMode(FlushModeType.COMMIT);
|
query.setFlushMode(FlushModeType.COMMIT);
|
||||||
query.setParameter("scopeId", scopeId);
|
query.setParameter("scopeId", scope.getId());
|
||||||
query.setParameter("serverId", resourceServerId);
|
query.setParameter("serverId", resourceServer == null ? null : resourceServer.getId());
|
||||||
|
|
||||||
List<String> result = query.getResultList();
|
List<String> result = query.getResultList();
|
||||||
List<PermissionTicket> list = new LinkedList<>();
|
List<PermissionTicket> list = new LinkedList<>();
|
||||||
PermissionTicketStore ticketStore = provider.getStoreFactory().getPermissionTicketStore();
|
PermissionTicketStore ticketStore = provider.getStoreFactory().getPermissionTicketStore();
|
||||||
|
|
||||||
for (String id : result) {
|
for (String id : result) {
|
||||||
PermissionTicket ticket = ticketStore.findById(id, resourceServerId);
|
PermissionTicket ticket = ticketStore.findById(resourceServer, id);
|
||||||
if (Objects.nonNull(ticket)) {
|
if (Objects.nonNull(ticket)) {
|
||||||
list.add(ticket);
|
list.add(ticket);
|
||||||
}
|
}
|
||||||
|
@ -239,14 +241,14 @@ public class JPAPermissionTicketStore implements PermissionTicketStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<PermissionTicket> find(Map<PermissionTicket.FilterOption, String> attributes, String resourceServerId, int firstResult, int maxResult) {
|
public List<PermissionTicket> find(ResourceServer resourceServer, Map<PermissionTicket.FilterOption, String> attributes, Integer firstResult, Integer maxResult) {
|
||||||
CriteriaBuilder builder = entityManager.getCriteriaBuilder();
|
CriteriaBuilder builder = entityManager.getCriteriaBuilder();
|
||||||
CriteriaQuery<PermissionTicketEntity> querybuilder = builder.createQuery(PermissionTicketEntity.class);
|
CriteriaQuery<PermissionTicketEntity> querybuilder = builder.createQuery(PermissionTicketEntity.class);
|
||||||
Root<PermissionTicketEntity> root = querybuilder.from(PermissionTicketEntity.class);
|
Root<PermissionTicketEntity> root = querybuilder.from(PermissionTicketEntity.class);
|
||||||
|
|
||||||
querybuilder.select(root.get("id"));
|
querybuilder.select(root.get("id"));
|
||||||
|
|
||||||
List<Predicate> predicates = getPredicates(builder, root, resourceServerId, attributes);
|
List<Predicate> predicates = getPredicates(builder, root, resourceServer, attributes);
|
||||||
|
|
||||||
querybuilder.where(predicates.toArray(new Predicate[predicates.size()])).orderBy(builder.asc(root.get("id")));
|
querybuilder.where(predicates.toArray(new Predicate[predicates.size()])).orderBy(builder.asc(root.get("id")));
|
||||||
|
|
||||||
|
@ -257,7 +259,7 @@ public class JPAPermissionTicketStore implements PermissionTicketStore {
|
||||||
PermissionTicketStore ticketStore = provider.getStoreFactory().getPermissionTicketStore();
|
PermissionTicketStore ticketStore = provider.getStoreFactory().getPermissionTicketStore();
|
||||||
|
|
||||||
for (String id : result) {
|
for (String id : result) {
|
||||||
PermissionTicket ticket = ticketStore.findById(id, resourceServerId);
|
PermissionTicket ticket = ticketStore.findById(resourceServer, id);
|
||||||
if (Objects.nonNull(ticket)) {
|
if (Objects.nonNull(ticket)) {
|
||||||
list.add(ticket);
|
list.add(ticket);
|
||||||
}
|
}
|
||||||
|
@ -267,28 +269,28 @@ public class JPAPermissionTicketStore implements PermissionTicketStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<PermissionTicket> findGranted(String userId, String resourceServerId) {
|
public List<PermissionTicket> findGranted(ResourceServer resourceServer, String userId) {
|
||||||
Map<PermissionTicket.FilterOption, String> filters = new EnumMap<>(PermissionTicket.FilterOption.class);
|
Map<PermissionTicket.FilterOption, String> filters = new EnumMap<>(PermissionTicket.FilterOption.class);
|
||||||
|
|
||||||
filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString());
|
filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString());
|
||||||
filters.put(PermissionTicket.FilterOption.REQUESTER, userId);
|
filters.put(PermissionTicket.FilterOption.REQUESTER, userId);
|
||||||
|
|
||||||
return find(filters, resourceServerId, -1, -1);
|
return find(resourceServer, filters, null, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<PermissionTicket> findGranted(String resourceName, String userId, String resourceServerId) {
|
public List<PermissionTicket> findGranted(ResourceServer resourceServer, String resourceName, String userId) {
|
||||||
Map<PermissionTicket.FilterOption, String> filters = new EnumMap<>(PermissionTicket.FilterOption.class);
|
Map<PermissionTicket.FilterOption, String> filters = new EnumMap<>(PermissionTicket.FilterOption.class);
|
||||||
|
|
||||||
filters.put(PermissionTicket.FilterOption.RESOURCE_NAME, resourceName);
|
filters.put(PermissionTicket.FilterOption.RESOURCE_NAME, resourceName);
|
||||||
filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString());
|
filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString());
|
||||||
filters.put(PermissionTicket.FilterOption.REQUESTER, userId);
|
filters.put(PermissionTicket.FilterOption.REQUESTER, userId);
|
||||||
|
|
||||||
return find(filters, resourceServerId, -1, -1);
|
return find(resourceServer, filters, null, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findGrantedResources(String requester, String name, int first, int max) {
|
public List<Resource> findGrantedResources(String requester, String name, Integer first, Integer max) {
|
||||||
TypedQuery<String> query = name == null ?
|
TypedQuery<String> query = name == null ?
|
||||||
entityManager.createNamedQuery("findGrantedResources", String.class) :
|
entityManager.createNamedQuery("findGrantedResources", String.class) :
|
||||||
entityManager.createNamedQuery("findGrantedResourcesByName", String.class);
|
entityManager.createNamedQuery("findGrantedResourcesByName", String.class);
|
||||||
|
@ -305,7 +307,7 @@ public class JPAPermissionTicketStore implements PermissionTicketStore {
|
||||||
ResourceStore resourceStore = provider.getStoreFactory().getResourceStore();
|
ResourceStore resourceStore = provider.getStoreFactory().getResourceStore();
|
||||||
|
|
||||||
for (String id : result) {
|
for (String id : result) {
|
||||||
Resource resource = resourceStore.findById(id, null);
|
Resource resource = resourceStore.findById(null, id);
|
||||||
|
|
||||||
if (Objects.nonNull(resource)) {
|
if (Objects.nonNull(resource)) {
|
||||||
list.add(resource);
|
list.add(resource);
|
||||||
|
@ -316,18 +318,18 @@ public class JPAPermissionTicketStore implements PermissionTicketStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findGrantedOwnerResources(String owner, int first, int max) {
|
public List<Resource> findGrantedOwnerResources(String owner, Integer firstResult, Integer maxResults) {
|
||||||
TypedQuery<String> query = entityManager.createNamedQuery("findGrantedOwnerResources", String.class);
|
TypedQuery<String> query = entityManager.createNamedQuery("findGrantedOwnerResources", String.class);
|
||||||
|
|
||||||
query.setFlushMode(FlushModeType.COMMIT);
|
query.setFlushMode(FlushModeType.COMMIT);
|
||||||
query.setParameter("owner", owner);
|
query.setParameter("owner", owner);
|
||||||
|
|
||||||
List<String> result = paginateQuery(query, first, max).getResultList();
|
List<String> result = paginateQuery(query, firstResult, maxResults).getResultList();
|
||||||
List<Resource> list = new LinkedList<>();
|
List<Resource> list = new LinkedList<>();
|
||||||
ResourceStore resourceStore = provider.getStoreFactory().getResourceStore();
|
ResourceStore resourceStore = provider.getStoreFactory().getResourceStore();
|
||||||
|
|
||||||
for (String id : result) {
|
for (String id : result) {
|
||||||
Resource resource = resourceStore.findById(id, null);
|
Resource resource = resourceStore.findById(null, id);
|
||||||
|
|
||||||
if (Objects.nonNull(resource)) {
|
if (Objects.nonNull(resource)) {
|
||||||
list.add(resource);
|
list.add(resource);
|
||||||
|
@ -338,11 +340,11 @@ public class JPAPermissionTicketStore implements PermissionTicketStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<PermissionTicket> findByOwner(String owner, String resourceServerId) {
|
public List<PermissionTicket> findByOwner(ResourceServer resourceServer, String owner) {
|
||||||
TypedQuery<String> query = entityManager.createNamedQuery("findPolicyIdByType", String.class);
|
TypedQuery<String> query = entityManager.createNamedQuery("findPolicyIdByType", String.class);
|
||||||
|
|
||||||
query.setFlushMode(FlushModeType.COMMIT);
|
query.setFlushMode(FlushModeType.COMMIT);
|
||||||
query.setParameter("serverId", resourceServerId);
|
query.setParameter("serverId", resourceServer == null ? null : resourceServer.getId());
|
||||||
query.setParameter("owner", owner);
|
query.setParameter("owner", owner);
|
||||||
|
|
||||||
List<String> result = query.getResultList();
|
List<String> result = query.getResultList();
|
||||||
|
@ -350,7 +352,7 @@ public class JPAPermissionTicketStore implements PermissionTicketStore {
|
||||||
PermissionTicketStore ticketStore = provider.getStoreFactory().getPermissionTicketStore();
|
PermissionTicketStore ticketStore = provider.getStoreFactory().getPermissionTicketStore();
|
||||||
|
|
||||||
for (String id : result) {
|
for (String id : result) {
|
||||||
PermissionTicket ticket = ticketStore.findById(id, resourceServerId);
|
PermissionTicket ticket = ticketStore.findById(resourceServer, id);
|
||||||
if (Objects.nonNull(ticket)) {
|
if (Objects.nonNull(ticket)) {
|
||||||
list.add(ticket);
|
list.add(ticket);
|
||||||
}
|
}
|
||||||
|
|
|
@ -24,6 +24,7 @@ import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Objects;
|
import java.util.Objects;
|
||||||
import java.util.function.Consumer;
|
import java.util.function.Consumer;
|
||||||
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
import javax.persistence.EntityManager;
|
import javax.persistence.EntityManager;
|
||||||
import javax.persistence.FlushModeType;
|
import javax.persistence.FlushModeType;
|
||||||
|
@ -37,7 +38,9 @@ import javax.persistence.criteria.Root;
|
||||||
import org.keycloak.authorization.AuthorizationProvider;
|
import org.keycloak.authorization.AuthorizationProvider;
|
||||||
import org.keycloak.authorization.jpa.entities.PolicyEntity;
|
import org.keycloak.authorization.jpa.entities.PolicyEntity;
|
||||||
import org.keycloak.authorization.model.Policy;
|
import org.keycloak.authorization.model.Policy;
|
||||||
|
import org.keycloak.authorization.model.Resource;
|
||||||
import org.keycloak.authorization.model.ResourceServer;
|
import org.keycloak.authorization.model.ResourceServer;
|
||||||
|
import org.keycloak.authorization.model.Scope;
|
||||||
import org.keycloak.authorization.store.PolicyStore;
|
import org.keycloak.authorization.store.PolicyStore;
|
||||||
import org.keycloak.authorization.store.StoreFactory;
|
import org.keycloak.authorization.store.StoreFactory;
|
||||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||||
|
@ -60,7 +63,7 @@ public class JPAPolicyStore implements PolicyStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy create(AbstractPolicyRepresentation representation, ResourceServer resourceServer) {
|
public Policy create(ResourceServer resourceServer, AbstractPolicyRepresentation representation) {
|
||||||
PolicyEntity entity = new PolicyEntity();
|
PolicyEntity entity = new PolicyEntity();
|
||||||
|
|
||||||
if (representation.getId() == null) {
|
if (representation.getId() == null) {
|
||||||
|
@ -89,7 +92,7 @@ public class JPAPolicyStore implements PolicyStore {
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy findById(String id, String resourceServerId) {
|
public Policy findById(ResourceServer resourceServer, String id) {
|
||||||
if (id == null) {
|
if (id == null) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
@ -104,11 +107,11 @@ public class JPAPolicyStore implements PolicyStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy findByName(String name, String resourceServerId) {
|
public Policy findByName(ResourceServer resourceServer, String name) {
|
||||||
TypedQuery<PolicyEntity> query = entityManager.createNamedQuery("findPolicyIdByName", PolicyEntity.class);
|
TypedQuery<PolicyEntity> query = entityManager.createNamedQuery("findPolicyIdByName", PolicyEntity.class);
|
||||||
|
|
||||||
query.setFlushMode(FlushModeType.COMMIT);
|
query.setFlushMode(FlushModeType.COMMIT);
|
||||||
query.setParameter("serverId", resourceServerId);
|
query.setParameter("serverId", resourceServer.getId());
|
||||||
query.setParameter("name", name);
|
query.setParameter("name", name);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
@ -119,15 +122,15 @@ public class JPAPolicyStore implements PolicyStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Policy> findByResourceServer(final String resourceServerId) {
|
public List<Policy> findByResourceServer(final ResourceServer resourceServer) {
|
||||||
TypedQuery<String> query = entityManager.createNamedQuery("findPolicyIdByServerId", String.class);
|
TypedQuery<String> query = entityManager.createNamedQuery("findPolicyIdByServerId", String.class);
|
||||||
|
|
||||||
query.setParameter("serverId", resourceServerId);
|
query.setParameter("serverId", resourceServer.getId());
|
||||||
|
|
||||||
List<String> result = query.getResultList();
|
List<String> result = query.getResultList();
|
||||||
List<Policy> list = new LinkedList<>();
|
List<Policy> list = new LinkedList<>();
|
||||||
for (String id : result) {
|
for (String id : result) {
|
||||||
Policy policy = provider.getStoreFactory().getPolicyStore().findById(id, resourceServerId);
|
Policy policy = provider.getStoreFactory().getPolicyStore().findById(resourceServer, id);
|
||||||
if (Objects.nonNull(policy)) {
|
if (Objects.nonNull(policy)) {
|
||||||
list.add(policy);
|
list.add(policy);
|
||||||
}
|
}
|
||||||
|
@ -136,15 +139,15 @@ public class JPAPolicyStore implements PolicyStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Policy> findByResourceServer(Map<Policy.FilterOption, String[]> attributes, String resourceServerId, int firstResult, int maxResult) {
|
public List<Policy> findByResourceServer(ResourceServer resourceServer, Map<Policy.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults) {
|
||||||
CriteriaBuilder builder = entityManager.getCriteriaBuilder();
|
CriteriaBuilder builder = entityManager.getCriteriaBuilder();
|
||||||
CriteriaQuery<PolicyEntity> querybuilder = builder.createQuery(PolicyEntity.class);
|
CriteriaQuery<PolicyEntity> querybuilder = builder.createQuery(PolicyEntity.class);
|
||||||
Root<PolicyEntity> root = querybuilder.from(PolicyEntity.class);
|
Root<PolicyEntity> root = querybuilder.from(PolicyEntity.class);
|
||||||
List<Predicate> predicates = new ArrayList();
|
List<Predicate> predicates = new ArrayList();
|
||||||
querybuilder.select(root.get("id"));
|
querybuilder.select(root.get("id"));
|
||||||
|
|
||||||
if (resourceServerId != null) {
|
if (resourceServer != null) {
|
||||||
predicates.add(builder.equal(root.get("resourceServer").get("id"), resourceServerId));
|
predicates.add(builder.equal(root.get("resourceServer").get("id"), resourceServer.getId()));
|
||||||
}
|
}
|
||||||
|
|
||||||
attributes.forEach((filterOption, value) -> {
|
attributes.forEach((filterOption, value) -> {
|
||||||
|
@ -193,10 +196,10 @@ public class JPAPolicyStore implements PolicyStore {
|
||||||
|
|
||||||
TypedQuery query = entityManager.createQuery(querybuilder);
|
TypedQuery query = entityManager.createQuery(querybuilder);
|
||||||
|
|
||||||
List<String> result = paginateQuery(query, firstResult, maxResult).getResultList();
|
List<String> result = paginateQuery(query, firstResult, maxResults).getResultList();
|
||||||
List<Policy> list = new LinkedList<>();
|
List<Policy> list = new LinkedList<>();
|
||||||
for (String id : result) {
|
for (String id : result) {
|
||||||
Policy policy = provider.getStoreFactory().getPolicyStore().findById(id, resourceServerId);
|
Policy policy = provider.getStoreFactory().getPolicyStore().findById(resourceServer, id);
|
||||||
if (Objects.nonNull(policy)) {
|
if (Objects.nonNull(policy)) {
|
||||||
list.add(policy);
|
list.add(policy);
|
||||||
}
|
}
|
||||||
|
@ -205,28 +208,28 @@ public class JPAPolicyStore implements PolicyStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByResource(String resourceId, String resourceServerId, Consumer<Policy> consumer) {
|
public void findByResource(ResourceServer resourceServer, Resource resource, Consumer<Policy> consumer) {
|
||||||
TypedQuery<PolicyEntity> query = entityManager.createNamedQuery("findPolicyIdByResource", PolicyEntity.class);
|
TypedQuery<PolicyEntity> query = entityManager.createNamedQuery("findPolicyIdByResource", PolicyEntity.class);
|
||||||
|
|
||||||
query.setFlushMode(FlushModeType.COMMIT);
|
query.setFlushMode(FlushModeType.COMMIT);
|
||||||
query.setParameter("resourceId", resourceId);
|
query.setParameter("resourceId", resource.getId());
|
||||||
query.setParameter("serverId", resourceServerId);
|
query.setParameter("serverId", resourceServer.getId());
|
||||||
|
|
||||||
PolicyStore storeFactory = provider.getStoreFactory().getPolicyStore();
|
PolicyStore storeFactory = provider.getStoreFactory().getPolicyStore();
|
||||||
|
|
||||||
closing(query.getResultStream()
|
closing(query.getResultStream()
|
||||||
.map(entity -> storeFactory.findById(entity.getId(), resourceServerId))
|
.map(entity -> storeFactory.findById(resourceServer, entity.getId()))
|
||||||
.filter(Objects::nonNull))
|
.filter(Objects::nonNull))
|
||||||
.forEach(consumer::accept);
|
.forEach(consumer::accept);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByResourceType(String resourceType, String resourceServerId, Consumer<Policy> consumer) {
|
public void findByResourceType(ResourceServer resourceServer, String resourceType, Consumer<Policy> consumer) {
|
||||||
TypedQuery<PolicyEntity> query = entityManager.createNamedQuery("findPolicyIdByResourceType", PolicyEntity.class);
|
TypedQuery<PolicyEntity> query = entityManager.createNamedQuery("findPolicyIdByResourceType", PolicyEntity.class);
|
||||||
|
|
||||||
query.setFlushMode(FlushModeType.COMMIT);
|
query.setFlushMode(FlushModeType.COMMIT);
|
||||||
query.setParameter("type", resourceType);
|
query.setParameter("type", resourceType);
|
||||||
query.setParameter("serverId", resourceServerId);
|
query.setParameter("serverId", resourceServer.getId());
|
||||||
|
|
||||||
closing(query.getResultStream()
|
closing(query.getResultStream()
|
||||||
.map(id -> new PolicyAdapter(id, entityManager, provider.getStoreFactory()))
|
.map(id -> new PolicyAdapter(id, entityManager, provider.getStoreFactory()))
|
||||||
|
@ -235,8 +238,8 @@ public class JPAPolicyStore implements PolicyStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Policy> findByScopeIds(List<String> scopeIds, String resourceServerId) {
|
public List<Policy> findByScopes(ResourceServer resourceServer, List<Scope> scopes) {
|
||||||
if (scopeIds==null || scopeIds.isEmpty()) {
|
if (scopes==null || scopes.isEmpty()) {
|
||||||
return Collections.emptyList();
|
return Collections.emptyList();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -244,34 +247,34 @@ public class JPAPolicyStore implements PolicyStore {
|
||||||
TypedQuery<PolicyEntity> query = entityManager.createNamedQuery("findPolicyIdByScope", PolicyEntity.class);
|
TypedQuery<PolicyEntity> query = entityManager.createNamedQuery("findPolicyIdByScope", PolicyEntity.class);
|
||||||
|
|
||||||
query.setFlushMode(FlushModeType.COMMIT);
|
query.setFlushMode(FlushModeType.COMMIT);
|
||||||
query.setParameter("scopeIds", scopeIds);
|
query.setParameter("scopeIds", scopes.stream().map(Scope::getId).collect(Collectors.toSet()));
|
||||||
query.setParameter("serverId", resourceServerId);
|
query.setParameter("serverId", resourceServer.getId());
|
||||||
|
|
||||||
List<Policy> list = new LinkedList<>();
|
List<Policy> list = new LinkedList<>();
|
||||||
PolicyStore storeFactory = provider.getStoreFactory().getPolicyStore();
|
PolicyStore storeFactory = provider.getStoreFactory().getPolicyStore();
|
||||||
|
|
||||||
for (PolicyEntity entity : query.getResultList()) {
|
for (PolicyEntity entity : query.getResultList()) {
|
||||||
list.add(storeFactory.findById(entity.getId(), resourceServerId));
|
list.add(storeFactory.findById(resourceServer, entity.getId()));
|
||||||
}
|
}
|
||||||
|
|
||||||
return list;
|
return list;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByScopeIds(List<String> scopeIds, String resourceId, String resourceServerId, Consumer<Policy> consumer) {
|
public void findByScopes(ResourceServer resourceServer, Resource resource, List<Scope> scopes, Consumer<Policy> consumer) {
|
||||||
// Use separate subquery to handle DB2 and MSSSQL
|
// Use separate subquery to handle DB2 and MSSSQL
|
||||||
TypedQuery<PolicyEntity> query;
|
TypedQuery<PolicyEntity> query;
|
||||||
|
|
||||||
if (resourceId == null) {
|
if (resource == null) {
|
||||||
query = entityManager.createNamedQuery("findPolicyIdByNullResourceScope", PolicyEntity.class);
|
query = entityManager.createNamedQuery("findPolicyIdByNullResourceScope", PolicyEntity.class);
|
||||||
} else {
|
} else {
|
||||||
query = entityManager.createNamedQuery("findPolicyIdByResourceScope", PolicyEntity.class);
|
query = entityManager.createNamedQuery("findPolicyIdByResourceScope", PolicyEntity.class);
|
||||||
query.setParameter("resourceId", resourceId);
|
query.setParameter("resourceId", resource.getId());
|
||||||
}
|
}
|
||||||
|
|
||||||
query.setFlushMode(FlushModeType.COMMIT);
|
query.setFlushMode(FlushModeType.COMMIT);
|
||||||
query.setParameter("scopeIds", scopeIds);
|
query.setParameter("scopeIds", scopes.stream().map(Scope::getId).collect(Collectors.toSet()));
|
||||||
query.setParameter("serverId", resourceServerId);
|
query.setParameter("serverId", resourceServer.getId());
|
||||||
|
|
||||||
StoreFactory storeFactory = provider.getStoreFactory();
|
StoreFactory storeFactory = provider.getStoreFactory();
|
||||||
|
|
||||||
|
@ -282,17 +285,17 @@ public class JPAPolicyStore implements PolicyStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Policy> findByType(String type, String resourceServerId) {
|
public List<Policy> findByType(ResourceServer resourceServer, String type) {
|
||||||
TypedQuery<String> query = entityManager.createNamedQuery("findPolicyIdByType", String.class);
|
TypedQuery<String> query = entityManager.createNamedQuery("findPolicyIdByType", String.class);
|
||||||
|
|
||||||
query.setFlushMode(FlushModeType.COMMIT);
|
query.setFlushMode(FlushModeType.COMMIT);
|
||||||
query.setParameter("serverId", resourceServerId);
|
query.setParameter("serverId", resourceServer.getId());
|
||||||
query.setParameter("type", type);
|
query.setParameter("type", type);
|
||||||
|
|
||||||
List<String> result = query.getResultList();
|
List<String> result = query.getResultList();
|
||||||
List<Policy> list = new LinkedList<>();
|
List<Policy> list = new LinkedList<>();
|
||||||
for (String id : result) {
|
for (String id : result) {
|
||||||
Policy policy = provider.getStoreFactory().getPolicyStore().findById(id, resourceServerId);
|
Policy policy = provider.getStoreFactory().getPolicyStore().findById(resourceServer, id);
|
||||||
if (Objects.nonNull(policy)) {
|
if (Objects.nonNull(policy)) {
|
||||||
list.add(policy);
|
list.add(policy);
|
||||||
}
|
}
|
||||||
|
@ -301,18 +304,18 @@ public class JPAPolicyStore implements PolicyStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Policy> findDependentPolicies(String policyId, String resourceServerId) {
|
public List<Policy> findDependentPolicies(ResourceServer resourceServer, String policyId) {
|
||||||
|
|
||||||
TypedQuery<String> query = entityManager.createNamedQuery("findPolicyIdByDependentPolices", String.class);
|
TypedQuery<String> query = entityManager.createNamedQuery("findPolicyIdByDependentPolices", String.class);
|
||||||
|
|
||||||
query.setFlushMode(FlushModeType.COMMIT);
|
query.setFlushMode(FlushModeType.COMMIT);
|
||||||
query.setParameter("serverId", resourceServerId);
|
query.setParameter("serverId", resourceServer.getId());
|
||||||
query.setParameter("policyId", policyId);
|
query.setParameter("policyId", policyId);
|
||||||
|
|
||||||
List<String> result = query.getResultList();
|
List<String> result = query.getResultList();
|
||||||
List<Policy> list = new LinkedList<>();
|
List<Policy> list = new LinkedList<>();
|
||||||
for (String id : result) {
|
for (String id : result) {
|
||||||
Policy policy = provider.getStoreFactory().getPolicyStore().findById(id, resourceServerId);
|
Policy policy = provider.getStoreFactory().getPolicyStore().findById(resourceServer, id);
|
||||||
if (Objects.nonNull(policy)) {
|
if (Objects.nonNull(policy)) {
|
||||||
list.add(policy);
|
list.add(policy);
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,6 +21,7 @@ import org.keycloak.authorization.AuthorizationProvider;
|
||||||
import org.keycloak.authorization.jpa.entities.ResourceEntity;
|
import org.keycloak.authorization.jpa.entities.ResourceEntity;
|
||||||
import org.keycloak.authorization.model.Resource;
|
import org.keycloak.authorization.model.Resource;
|
||||||
import org.keycloak.authorization.model.ResourceServer;
|
import org.keycloak.authorization.model.ResourceServer;
|
||||||
|
import org.keycloak.authorization.model.Scope;
|
||||||
import org.keycloak.authorization.store.ResourceStore;
|
import org.keycloak.authorization.store.ResourceStore;
|
||||||
import org.keycloak.authorization.store.StoreFactory;
|
import org.keycloak.authorization.store.StoreFactory;
|
||||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||||
|
@ -38,7 +39,9 @@ import java.util.ArrayList;
|
||||||
import java.util.LinkedList;
|
import java.util.LinkedList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
import java.util.Set;
|
||||||
import java.util.function.Consumer;
|
import java.util.function.Consumer;
|
||||||
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
import static org.keycloak.models.jpa.PaginationUtils.paginateQuery;
|
import static org.keycloak.models.jpa.PaginationUtils.paginateQuery;
|
||||||
import static org.keycloak.utils.StreamsUtil.closing;
|
import static org.keycloak.utils.StreamsUtil.closing;
|
||||||
|
@ -57,7 +60,7 @@ public class JPAResourceStore implements ResourceStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Resource create(String id, String name, ResourceServer resourceServer, String owner) {
|
public Resource create(ResourceServer resourceServer, String id, String name, String owner) {
|
||||||
ResourceEntity entity = new ResourceEntity();
|
ResourceEntity entity = new ResourceEntity();
|
||||||
|
|
||||||
if (id == null) {
|
if (id == null) {
|
||||||
|
@ -86,7 +89,7 @@ public class JPAResourceStore implements ResourceStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Resource findById(String id, String resourceServerId) {
|
public Resource findById(ResourceServer resourceServer, String id) {
|
||||||
if (id == null) {
|
if (id == null) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
@ -97,24 +100,24 @@ public class JPAResourceStore implements ResourceStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByOwner(String ownerId, String resourceServerId, Consumer<Resource> consumer) {
|
public void findByOwner(ResourceServer resourceServer, String ownerId, Consumer<Resource> consumer) {
|
||||||
findByOwnerFilter(ownerId, resourceServerId, consumer, -1, -1);
|
findByOwnerFilter(ownerId, resourceServer, consumer, -1, -1);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findByOwner(String ownerId, String resourceServerId, int first, int max) {
|
public List<Resource> findByOwner(ResourceServer resourceServer, String ownerId, Integer firstResult, Integer maxResults) {
|
||||||
List<Resource> list = new LinkedList<>();
|
List<Resource> list = new LinkedList<>();
|
||||||
|
|
||||||
findByOwnerFilter(ownerId, resourceServerId, list::add, first, max);
|
findByOwnerFilter(ownerId, resourceServer, list::add, firstResult, maxResults);
|
||||||
|
|
||||||
return list;
|
return list;
|
||||||
}
|
}
|
||||||
|
|
||||||
private void findByOwnerFilter(String ownerId, String resourceServerId, Consumer<Resource> consumer, int firstResult, int maxResult) {
|
private void findByOwnerFilter(String ownerId, ResourceServer resourceServer, Consumer<Resource> consumer, int firstResult, int maxResult) {
|
||||||
boolean pagination = firstResult > -1 && maxResult > -1;
|
boolean pagination = firstResult > -1 && maxResult > -1;
|
||||||
String queryName = pagination ? "findResourceIdByOwnerOrdered" : "findResourceIdByOwner";
|
String queryName = pagination ? "findResourceIdByOwnerOrdered" : "findResourceIdByOwner";
|
||||||
|
|
||||||
if (resourceServerId == null) {
|
if (resourceServer == null) {
|
||||||
queryName = pagination ? "findAnyResourceIdByOwnerOrdered" : "findAnyResourceIdByOwner";
|
queryName = pagination ? "findAnyResourceIdByOwnerOrdered" : "findAnyResourceIdByOwner";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -123,8 +126,8 @@ public class JPAResourceStore implements ResourceStore {
|
||||||
query.setFlushMode(FlushModeType.COMMIT);
|
query.setFlushMode(FlushModeType.COMMIT);
|
||||||
query.setParameter("owner", ownerId);
|
query.setParameter("owner", ownerId);
|
||||||
|
|
||||||
if (resourceServerId != null) {
|
if (resourceServer != null) {
|
||||||
query.setParameter("serverId", resourceServerId);
|
query.setParameter("serverId", resourceServer.getId());
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pagination) {
|
if (pagination) {
|
||||||
|
@ -133,23 +136,23 @@ public class JPAResourceStore implements ResourceStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
ResourceStore resourceStore = provider.getStoreFactory().getResourceStore();
|
ResourceStore resourceStore = provider.getStoreFactory().getResourceStore();
|
||||||
closing(query.getResultStream().map(id -> resourceStore.findById(id.getId(), resourceServerId))).forEach(consumer);
|
closing(query.getResultStream().map(id -> resourceStore.findById(resourceServer, id.getId()))).forEach(consumer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findByUri(String uri, String resourceServerId) {
|
public List<Resource> findByUri(ResourceServer resourceServer, String uri) {
|
||||||
TypedQuery<String> query = entityManager.createNamedQuery("findResourceIdByUri", String.class);
|
TypedQuery<String> query = entityManager.createNamedQuery("findResourceIdByUri", String.class);
|
||||||
|
|
||||||
query.setFlushMode(FlushModeType.COMMIT);
|
query.setFlushMode(FlushModeType.COMMIT);
|
||||||
query.setParameter("uri", uri);
|
query.setParameter("uri", uri);
|
||||||
query.setParameter("serverId", resourceServerId);
|
query.setParameter("serverId", resourceServer == null ? null : resourceServer.getId());
|
||||||
|
|
||||||
List<String> result = query.getResultList();
|
List<String> result = query.getResultList();
|
||||||
List<Resource> list = new LinkedList<>();
|
List<Resource> list = new LinkedList<>();
|
||||||
ResourceStore resourceStore = provider.getStoreFactory().getResourceStore();
|
ResourceStore resourceStore = provider.getStoreFactory().getResourceStore();
|
||||||
|
|
||||||
for (String id : result) {
|
for (String id : result) {
|
||||||
Resource resource = resourceStore.findById(id, resourceServerId);
|
Resource resource = resourceStore.findById(resourceServer, id);
|
||||||
|
|
||||||
if (resource != null) {
|
if (resource != null) {
|
||||||
list.add(resource);
|
list.add(resource);
|
||||||
|
@ -160,17 +163,17 @@ public class JPAResourceStore implements ResourceStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findByResourceServer(String resourceServerId) {
|
public List<Resource> findByResourceServer(ResourceServer resourceServer) {
|
||||||
TypedQuery<String> query = entityManager.createNamedQuery("findResourceIdByServerId", String.class);
|
TypedQuery<String> query = entityManager.createNamedQuery("findResourceIdByServerId", String.class);
|
||||||
|
|
||||||
query.setParameter("serverId", resourceServerId);
|
query.setParameter("serverId", resourceServer == null ? null : resourceServer.getId());
|
||||||
|
|
||||||
List<String> result = query.getResultList();
|
List<String> result = query.getResultList();
|
||||||
List<Resource> list = new LinkedList<>();
|
List<Resource> list = new LinkedList<>();
|
||||||
ResourceStore resourceStore = provider.getStoreFactory().getResourceStore();
|
ResourceStore resourceStore = provider.getStoreFactory().getResourceStore();
|
||||||
|
|
||||||
for (String id : result) {
|
for (String id : result) {
|
||||||
Resource resource = resourceStore.findById(id, resourceServerId);
|
Resource resource = resourceStore.findById(resourceServer, id);
|
||||||
|
|
||||||
if (resource != null) {
|
if (resource != null) {
|
||||||
list.add(resource);
|
list.add(resource);
|
||||||
|
@ -181,15 +184,15 @@ public class JPAResourceStore implements ResourceStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findByResourceServer(Map<Resource.FilterOption, String[]> attributes, String resourceServerId, int firstResult, int maxResult) {
|
public List<Resource> findByResourceServer(ResourceServer resourceServer, Map<Resource.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults) {
|
||||||
CriteriaBuilder builder = entityManager.getCriteriaBuilder();
|
CriteriaBuilder builder = entityManager.getCriteriaBuilder();
|
||||||
CriteriaQuery<ResourceEntity> querybuilder = builder.createQuery(ResourceEntity.class);
|
CriteriaQuery<ResourceEntity> querybuilder = builder.createQuery(ResourceEntity.class);
|
||||||
Root<ResourceEntity> root = querybuilder.from(ResourceEntity.class);
|
Root<ResourceEntity> root = querybuilder.from(ResourceEntity.class);
|
||||||
querybuilder.select(root.get("id"));
|
querybuilder.select(root.get("id"));
|
||||||
List<Predicate> predicates = new ArrayList();
|
List<Predicate> predicates = new ArrayList();
|
||||||
|
|
||||||
if (resourceServerId != null) {
|
if (resourceServer != null) {
|
||||||
predicates.add(builder.equal(root.get("resourceServer"), resourceServerId));
|
predicates.add(builder.equal(root.get("resourceServer"), resourceServer.getId()));
|
||||||
}
|
}
|
||||||
|
|
||||||
attributes.forEach((filterOption, value) -> {
|
attributes.forEach((filterOption, value) -> {
|
||||||
|
@ -229,12 +232,12 @@ public class JPAResourceStore implements ResourceStore {
|
||||||
|
|
||||||
TypedQuery query = entityManager.createQuery(querybuilder);
|
TypedQuery query = entityManager.createQuery(querybuilder);
|
||||||
|
|
||||||
List<String> result = paginateQuery(query, firstResult, maxResult).getResultList();
|
List<String> result = paginateQuery(query, firstResult, maxResults).getResultList();
|
||||||
List<Resource> list = new LinkedList<>();
|
List<Resource> list = new LinkedList<>();
|
||||||
ResourceStore resourceStore = provider.getStoreFactory().getResourceStore();
|
ResourceStore resourceStore = provider.getStoreFactory().getResourceStore();
|
||||||
|
|
||||||
for (String id : result) {
|
for (String id : result) {
|
||||||
Resource resource = resourceStore.findById(id, resourceServerId);
|
Resource resource = resourceStore.findById(resourceServer, id);
|
||||||
|
|
||||||
if (resource != null) {
|
if (resource != null) {
|
||||||
list.add(resource);
|
list.add(resource);
|
||||||
|
@ -245,12 +248,12 @@ public class JPAResourceStore implements ResourceStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByScope(List<String> scopes, String resourceServerId, Consumer<Resource> consumer) {
|
public void findByScopes(ResourceServer resourceServer, Set<Scope> scopes, Consumer<Resource> consumer) {
|
||||||
TypedQuery<ResourceEntity> query = entityManager.createNamedQuery("findResourceIdByScope", ResourceEntity.class);
|
TypedQuery<ResourceEntity> query = entityManager.createNamedQuery("findResourceIdByScope", ResourceEntity.class);
|
||||||
|
|
||||||
query.setFlushMode(FlushModeType.COMMIT);
|
query.setFlushMode(FlushModeType.COMMIT);
|
||||||
query.setParameter("scopeIds", scopes);
|
query.setParameter("scopeIds", scopes.stream().map(Scope::getId).collect(Collectors.toSet()));
|
||||||
query.setParameter("serverId", resourceServerId);
|
query.setParameter("serverId", resourceServer == null ? null : resourceServer.getId());
|
||||||
|
|
||||||
StoreFactory storeFactory = provider.getStoreFactory();
|
StoreFactory storeFactory = provider.getStoreFactory();
|
||||||
|
|
||||||
|
@ -260,15 +263,10 @@ public class JPAResourceStore implements ResourceStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Resource findByName(String name, String resourceServerId) {
|
public Resource findByName(ResourceServer resourceServer, String name, String ownerId) {
|
||||||
return findByName(name, resourceServerId, resourceServerId);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public Resource findByName(String name, String ownerId, String resourceServerId) {
|
|
||||||
TypedQuery<ResourceEntity> query = entityManager.createNamedQuery("findResourceIdByName", ResourceEntity.class);
|
TypedQuery<ResourceEntity> query = entityManager.createNamedQuery("findResourceIdByName", ResourceEntity.class);
|
||||||
|
|
||||||
query.setParameter("serverId", resourceServerId);
|
query.setParameter("serverId", resourceServer == null ? null : resourceServer.getId());
|
||||||
query.setParameter("name", name);
|
query.setParameter("name", name);
|
||||||
query.setParameter("ownerId", ownerId);
|
query.setParameter("ownerId", ownerId);
|
||||||
|
|
||||||
|
@ -280,12 +278,12 @@ public class JPAResourceStore implements ResourceStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByType(String type, String resourceServerId, Consumer<Resource> consumer) {
|
public void findByType(ResourceServer resourceServer, String type, Consumer<Resource> consumer) {
|
||||||
findByType(type, resourceServerId, resourceServerId, consumer);
|
findByType(resourceServer, type, resourceServer == null ? null : resourceServer.getId(), consumer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByType(String type, String owner, String resourceServerId, Consumer<Resource> consumer) {
|
public void findByType(ResourceServer resourceServer, String type, String owner, Consumer<Resource> consumer) {
|
||||||
TypedQuery<ResourceEntity> query;
|
TypedQuery<ResourceEntity> query;
|
||||||
|
|
||||||
if (owner != null) {
|
if (owner != null) {
|
||||||
|
@ -301,7 +299,7 @@ public class JPAResourceStore implements ResourceStore {
|
||||||
query.setParameter("ownerId", owner);
|
query.setParameter("ownerId", owner);
|
||||||
}
|
}
|
||||||
|
|
||||||
query.setParameter("serverId", resourceServerId);
|
query.setParameter("serverId", resourceServer == null ? null : resourceServer.getId());
|
||||||
|
|
||||||
StoreFactory storeFactory = provider.getStoreFactory();
|
StoreFactory storeFactory = provider.getStoreFactory();
|
||||||
|
|
||||||
|
@ -311,12 +309,12 @@ public class JPAResourceStore implements ResourceStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByTypeInstance(String type, String resourceServerId, Consumer<Resource> consumer) {
|
public void findByTypeInstance(ResourceServer resourceServer, String type, Consumer<Resource> consumer) {
|
||||||
TypedQuery<ResourceEntity> query = entityManager.createNamedQuery("findResourceIdByTypeInstance", ResourceEntity.class);
|
TypedQuery<ResourceEntity> query = entityManager.createNamedQuery("findResourceIdByTypeInstance", ResourceEntity.class);
|
||||||
|
|
||||||
query.setFlushMode(FlushModeType.COMMIT);
|
query.setFlushMode(FlushModeType.COMMIT);
|
||||||
query.setParameter("type", type);
|
query.setParameter("type", type);
|
||||||
query.setParameter("serverId", resourceServerId);
|
query.setParameter("serverId", resourceServer == null ? null : resourceServer.getId());
|
||||||
|
|
||||||
StoreFactory storeFactory = provider.getStoreFactory();
|
StoreFactory storeFactory = provider.getStoreFactory();
|
||||||
|
|
||||||
|
|
|
@ -55,12 +55,12 @@ public class JPAScopeStore implements ScopeStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Scope create(final String name, final ResourceServer resourceServer) {
|
public Scope create(final ResourceServer resourceServer, final String name) {
|
||||||
return create(null, name, resourceServer);
|
return create(resourceServer, null, name);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Scope create(String id, final String name, final ResourceServer resourceServer) {
|
public Scope create(final ResourceServer resourceServer, String id, final String name) {
|
||||||
ScopeEntity entity = new ScopeEntity();
|
ScopeEntity entity = new ScopeEntity();
|
||||||
|
|
||||||
if (id == null) {
|
if (id == null) {
|
||||||
|
@ -88,7 +88,7 @@ public class JPAScopeStore implements ScopeStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Scope findById(String id, String resourceServerId) {
|
public Scope findById(ResourceServer resourceServer, String id) {
|
||||||
if (id == null) {
|
if (id == null) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
@ -100,45 +100,45 @@ public class JPAScopeStore implements ScopeStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Scope findByName(String name, String resourceServerId) {
|
public Scope findByName(ResourceServer resourceServer, String name) {
|
||||||
try {
|
try {
|
||||||
TypedQuery<String> query = entityManager.createNamedQuery("findScopeIdByName", String.class);
|
TypedQuery<String> query = entityManager.createNamedQuery("findScopeIdByName", String.class);
|
||||||
|
|
||||||
query.setFlushMode(FlushModeType.COMMIT);
|
query.setFlushMode(FlushModeType.COMMIT);
|
||||||
query.setParameter("serverId", resourceServerId);
|
query.setParameter("serverId", resourceServer.getId());
|
||||||
query.setParameter("name", name);
|
query.setParameter("name", name);
|
||||||
|
|
||||||
String id = query.getSingleResult();
|
String id = query.getSingleResult();
|
||||||
return provider.getStoreFactory().getScopeStore().findById(id, resourceServerId);
|
return provider.getStoreFactory().getScopeStore().findById(resourceServer, id);
|
||||||
} catch (NoResultException nre) {
|
} catch (NoResultException nre) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Scope> findByResourceServer(final String serverId) {
|
public List<Scope> findByResourceServer(final ResourceServer resourceServer) {
|
||||||
TypedQuery<String> query = entityManager.createNamedQuery("findScopeIdByResourceServer", String.class);
|
TypedQuery<String> query = entityManager.createNamedQuery("findScopeIdByResourceServer", String.class);
|
||||||
|
|
||||||
query.setFlushMode(FlushModeType.COMMIT);
|
query.setFlushMode(FlushModeType.COMMIT);
|
||||||
query.setParameter("serverId", serverId);
|
query.setParameter("serverId", resourceServer.getId());
|
||||||
|
|
||||||
List<String> result = query.getResultList();
|
List<String> result = query.getResultList();
|
||||||
List<Scope> list = new LinkedList<>();
|
List<Scope> list = new LinkedList<>();
|
||||||
for (String id : result) {
|
for (String id : result) {
|
||||||
list.add(provider.getStoreFactory().getScopeStore().findById(id, serverId));
|
list.add(provider.getStoreFactory().getScopeStore().findById(resourceServer, id));
|
||||||
}
|
}
|
||||||
return list;
|
return list;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Scope> findByResourceServer(Map<Scope.FilterOption, String[]> attributes, String resourceServerId, int firstResult, int maxResult) {
|
public List<Scope> findByResourceServer(ResourceServer resourceServer, Map<Scope.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults) {
|
||||||
CriteriaBuilder builder = entityManager.getCriteriaBuilder();
|
CriteriaBuilder builder = entityManager.getCriteriaBuilder();
|
||||||
CriteriaQuery<ScopeEntity> querybuilder = builder.createQuery(ScopeEntity.class);
|
CriteriaQuery<ScopeEntity> querybuilder = builder.createQuery(ScopeEntity.class);
|
||||||
Root<ScopeEntity> root = querybuilder.from(ScopeEntity.class);
|
Root<ScopeEntity> root = querybuilder.from(ScopeEntity.class);
|
||||||
querybuilder.select(root.get("id"));
|
querybuilder.select(root.get("id"));
|
||||||
List<Predicate> predicates = new ArrayList();
|
List<Predicate> predicates = new ArrayList();
|
||||||
|
|
||||||
predicates.add(builder.equal(root.get("resourceServer").get("id"), resourceServerId));
|
predicates.add(builder.equal(root.get("resourceServer").get("id"), resourceServer.getId()));
|
||||||
|
|
||||||
attributes.forEach((filterOption, value) -> {
|
attributes.forEach((filterOption, value) -> {
|
||||||
switch (filterOption) {
|
switch (filterOption) {
|
||||||
|
@ -157,10 +157,10 @@ public class JPAScopeStore implements ScopeStore {
|
||||||
|
|
||||||
TypedQuery query = entityManager.createQuery(querybuilder);
|
TypedQuery query = entityManager.createQuery(querybuilder);
|
||||||
|
|
||||||
List result = paginateQuery(query, firstResult, maxResult).getResultList();
|
List result = paginateQuery(query, firstResult, maxResults).getResultList();
|
||||||
List<Scope> list = new LinkedList<>();
|
List<Scope> list = new LinkedList<>();
|
||||||
for (Object id : result) {
|
for (Object id : result) {
|
||||||
list.add(provider.getStoreFactory().getScopeStore().findById((String)id, resourceServerId));
|
list.add(provider.getStoreFactory().getScopeStore().findById(resourceServer, (String)id));
|
||||||
}
|
}
|
||||||
return list;
|
return list;
|
||||||
|
|
||||||
|
|
|
@ -20,6 +20,7 @@ import static org.keycloak.authorization.UserManagedPermissionUtil.updatePolicy;
|
||||||
|
|
||||||
import javax.persistence.EntityManager;
|
import javax.persistence.EntityManager;
|
||||||
|
|
||||||
|
import org.keycloak.authorization.AuthorizationProvider;
|
||||||
import org.keycloak.authorization.jpa.entities.PermissionTicketEntity;
|
import org.keycloak.authorization.jpa.entities.PermissionTicketEntity;
|
||||||
import org.keycloak.authorization.jpa.entities.PolicyEntity;
|
import org.keycloak.authorization.jpa.entities.PolicyEntity;
|
||||||
import org.keycloak.authorization.jpa.entities.ScopeEntity;
|
import org.keycloak.authorization.jpa.entities.ScopeEntity;
|
||||||
|
@ -101,7 +102,8 @@ public class PermissionTicketAdapter implements PermissionTicket, JpaModel<Permi
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
return storeFactory.getPolicyStore().findById(policy.getId(), entity.getResourceServer().getId());
|
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(entity.getResourceServer().getId());
|
||||||
|
return storeFactory.getPolicyStore().findById(resourceServer, policy.getId());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -113,7 +115,7 @@ public class PermissionTicketAdapter implements PermissionTicket, JpaModel<Permi
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Resource getResource() {
|
public Resource getResource() {
|
||||||
return storeFactory.getResourceStore().findById(entity.getResource().getId(), getResourceServer().getId());
|
return storeFactory.getResourceStore().findById(getResourceServer(), entity.getResource().getId());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -124,7 +126,7 @@ public class PermissionTicketAdapter implements PermissionTicket, JpaModel<Permi
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
return storeFactory.getScopeStore().findById(scope.getId(), getResourceServer().getId());
|
return storeFactory.getScopeStore().findById(getResourceServer(), scope.getId());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -168,8 +168,9 @@ public class PolicyAdapter extends AbstractAuthorizationModel implements Policy,
|
||||||
@Override
|
@Override
|
||||||
public Set<Resource> getResources() {
|
public Set<Resource> getResources() {
|
||||||
Set<Resource> set = new HashSet<>();
|
Set<Resource> set = new HashSet<>();
|
||||||
|
ResourceServer resourceServer = getResourceServer();
|
||||||
for (ResourceEntity res : entity.getResources()) {
|
for (ResourceEntity res : entity.getResources()) {
|
||||||
set.add(storeFactory.getResourceStore().findById(res.getId(), entity.getResourceServer().getId()));
|
set.add(storeFactory.getResourceStore().findById(resourceServer, res.getId()));
|
||||||
}
|
}
|
||||||
return Collections.unmodifiableSet(set);
|
return Collections.unmodifiableSet(set);
|
||||||
}
|
}
|
||||||
|
@ -177,8 +178,9 @@ public class PolicyAdapter extends AbstractAuthorizationModel implements Policy,
|
||||||
@Override
|
@Override
|
||||||
public Set<Scope> getScopes() {
|
public Set<Scope> getScopes() {
|
||||||
Set<Scope> set = new HashSet<>();
|
Set<Scope> set = new HashSet<>();
|
||||||
|
ResourceServer resourceServer = getResourceServer();
|
||||||
for (ScopeEntity res : entity.getScopes()) {
|
for (ScopeEntity res : entity.getScopes()) {
|
||||||
set.add(storeFactory.getScopeStore().findById(res.getId(), entity.getResourceServer().getId()));
|
set.add(storeFactory.getScopeStore().findById(resourceServer, res.getId()));
|
||||||
}
|
}
|
||||||
return Collections.unmodifiableSet(set);
|
return Collections.unmodifiableSet(set);
|
||||||
}
|
}
|
||||||
|
|
|
@ -116,8 +116,9 @@ public class ResourceAdapter extends AbstractAuthorizationModel implements Resou
|
||||||
@Override
|
@Override
|
||||||
public List<Scope> getScopes() {
|
public List<Scope> getScopes() {
|
||||||
List<Scope> scopes = new LinkedList<>();
|
List<Scope> scopes = new LinkedList<>();
|
||||||
|
ResourceServer resourceServer = getResourceServer();
|
||||||
for (ScopeEntity scope : entity.getScopes()) {
|
for (ScopeEntity scope : entity.getScopes()) {
|
||||||
scopes.add(storeFactory.getScopeStore().findById(scope.getId(), entity.getResourceServer()));
|
scopes.add(storeFactory.getScopeStore().findById(resourceServer, scope.getId()));
|
||||||
}
|
}
|
||||||
|
|
||||||
return Collections.unmodifiableList(scopes);
|
return Collections.unmodifiableList(scopes);
|
||||||
|
@ -136,8 +137,8 @@ public class ResourceAdapter extends AbstractAuthorizationModel implements Resou
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String getResourceServer() {
|
public ResourceServer getResourceServer() {
|
||||||
return entity.getResourceServer();
|
return storeFactory.getResourceServerStore().findById(entity.getResourceServer());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -24,8 +24,11 @@ import org.keycloak.authorization.model.PermissionTicket;
|
||||||
import org.keycloak.authorization.model.PermissionTicket.SearchableFields;
|
import org.keycloak.authorization.model.PermissionTicket.SearchableFields;
|
||||||
import org.keycloak.authorization.model.Resource;
|
import org.keycloak.authorization.model.Resource;
|
||||||
import org.keycloak.authorization.model.ResourceServer;
|
import org.keycloak.authorization.model.ResourceServer;
|
||||||
|
import org.keycloak.authorization.model.Scope;
|
||||||
import org.keycloak.authorization.store.PermissionTicketStore;
|
import org.keycloak.authorization.store.PermissionTicketStore;
|
||||||
|
import org.keycloak.authorization.store.ResourceServerStore;
|
||||||
import org.keycloak.authorization.store.ResourceStore;
|
import org.keycloak.authorization.store.ResourceStore;
|
||||||
|
import org.keycloak.common.util.Time;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.ModelDuplicateException;
|
import org.keycloak.models.ModelDuplicateException;
|
||||||
import org.keycloak.models.map.authorization.adapter.MapPermissionTicketAdapter;
|
import org.keycloak.models.map.authorization.adapter.MapPermissionTicketAdapter;
|
||||||
|
@ -69,18 +72,18 @@ public class MapPermissionTicketStore implements PermissionTicketStore {
|
||||||
return new MapPermissionTicketAdapter(origEntity, authorizationProvider.getStoreFactory());
|
return new MapPermissionTicketAdapter(origEntity, authorizationProvider.getStoreFactory());
|
||||||
}
|
}
|
||||||
|
|
||||||
private DefaultModelCriteria<PermissionTicket> forResourceServer(String resourceServerId) {
|
private DefaultModelCriteria<PermissionTicket> forResourceServer(ResourceServer resourceServer) {
|
||||||
DefaultModelCriteria<PermissionTicket> mcb = criteria();
|
DefaultModelCriteria<PermissionTicket> mcb = criteria();
|
||||||
|
|
||||||
return resourceServerId == null
|
return resourceServer == null
|
||||||
? mcb
|
? mcb
|
||||||
: mcb.compare(SearchableFields.RESOURCE_SERVER_ID, Operator.EQ,
|
: mcb.compare(SearchableFields.RESOURCE_SERVER_ID, Operator.EQ,
|
||||||
resourceServerId);
|
resourceServer.getId());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public long count(Map<PermissionTicket.FilterOption, String> attributes, String resourceServerId) {
|
public long count(ResourceServer resourceServer, Map<PermissionTicket.FilterOption, String> attributes) {
|
||||||
DefaultModelCriteria<PermissionTicket> mcb = forResourceServer(resourceServerId).and(
|
DefaultModelCriteria<PermissionTicket> mcb = forResourceServer(resourceServer).and(
|
||||||
attributes.entrySet().stream()
|
attributes.entrySet().stream()
|
||||||
.map(this::filterEntryToDefaultModelCriteria)
|
.map(this::filterEntryToDefaultModelCriteria)
|
||||||
.toArray(DefaultModelCriteria[]::new)
|
.toArray(DefaultModelCriteria[]::new)
|
||||||
|
@ -90,33 +93,33 @@ public class MapPermissionTicketStore implements PermissionTicketStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public PermissionTicket create(String resourceId, String scopeId, String requester, ResourceServer resourceServer) {
|
public PermissionTicket create(ResourceServer resourceServer, Resource resource, Scope scope, String requester) {
|
||||||
LOG.tracef("create(%s, %s, %s, %s)%s", resourceId, scopeId, requester, resourceServer, getShortStackTrace());
|
LOG.tracef("create(%s, %s, %s, %s)%s", resource, scope, requester, resourceServer, getShortStackTrace());
|
||||||
|
|
||||||
String owner = authorizationProvider.getStoreFactory().getResourceStore().findById(resourceId, resourceServer.getId()).getOwner();
|
String owner = authorizationProvider.getStoreFactory().getResourceStore().findById(resourceServer, resource.getId()).getOwner();
|
||||||
|
|
||||||
// @UniqueConstraint(columnNames = {"OWNER", "REQUESTER", "RESOURCE_SERVER_ID", "RESOURCE_ID", "SCOPE_ID"})
|
// @UniqueConstraint(columnNames = {"OWNER", "REQUESTER", "RESOURCE_SERVER_ID", "RESOURCE_ID", "SCOPE_ID"})
|
||||||
DefaultModelCriteria<PermissionTicket> mcb = forResourceServer(resourceServer.getId())
|
DefaultModelCriteria<PermissionTicket> mcb = forResourceServer(resourceServer)
|
||||||
.compare(SearchableFields.OWNER, Operator.EQ, owner)
|
.compare(SearchableFields.OWNER, Operator.EQ, owner)
|
||||||
.compare(SearchableFields.RESOURCE_ID, Operator.EQ, resourceId)
|
.compare(SearchableFields.RESOURCE_ID, Operator.EQ, resource)
|
||||||
.compare(SearchableFields.REQUESTER, Operator.EQ, requester);
|
.compare(SearchableFields.REQUESTER, Operator.EQ, requester);
|
||||||
|
|
||||||
if (scopeId != null) {
|
if (scope != null) {
|
||||||
mcb = mcb.compare(SearchableFields.SCOPE_ID, Operator.EQ, scopeId);
|
mcb = mcb.compare(SearchableFields.SCOPE_ID, Operator.EQ, scope.getId());
|
||||||
}
|
}
|
||||||
|
|
||||||
if (tx.getCount(withCriteria(mcb)) > 0) {
|
if (tx.getCount(withCriteria(mcb)) > 0) {
|
||||||
throw new ModelDuplicateException("Permission ticket for resource server: '" + resourceServer.getId()
|
throw new ModelDuplicateException("Permission ticket for resource server: '" + resourceServer.getId()
|
||||||
+ ", Resource: " + resourceId + ", owner: " + owner + ", scopeId: " + scopeId + " already exists.");
|
+ ", Resource: " + resource + ", owner: " + owner + ", scopeId: " + scope + " already exists.");
|
||||||
}
|
}
|
||||||
|
|
||||||
MapPermissionTicketEntity entity = new MapPermissionTicketEntityImpl();
|
MapPermissionTicketEntity entity = new MapPermissionTicketEntityImpl();
|
||||||
entity.setResourceId(resourceId);
|
entity.setResourceId(resource.getId());
|
||||||
entity.setRequester(requester);
|
entity.setRequester(requester);
|
||||||
entity.setCreatedTimestamp(System.currentTimeMillis());
|
entity.setCreatedTimestamp(Time.currentTimeMillis());
|
||||||
|
|
||||||
if (scopeId != null) {
|
if (scope != null) {
|
||||||
entity.setScopeId(scopeId);
|
entity.setScopeId(scope.getId());
|
||||||
}
|
}
|
||||||
|
|
||||||
entity.setOwner(owner);
|
entity.setOwner(owner);
|
||||||
|
@ -131,7 +134,7 @@ public class MapPermissionTicketStore implements PermissionTicketStore {
|
||||||
public void delete(String id) {
|
public void delete(String id) {
|
||||||
LOG.tracef("delete(%s)%s", id, getShortStackTrace());
|
LOG.tracef("delete(%s)%s", id, getShortStackTrace());
|
||||||
|
|
||||||
PermissionTicket permissionTicket = findById(id, null);
|
PermissionTicket permissionTicket = findById((ResourceServer) null, id);
|
||||||
if (permissionTicket == null) return;
|
if (permissionTicket == null) return;
|
||||||
|
|
||||||
tx.delete(id);
|
tx.delete(id);
|
||||||
|
@ -139,10 +142,10 @@ public class MapPermissionTicketStore implements PermissionTicketStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public PermissionTicket findById(String id, String resourceServerId) {
|
public PermissionTicket findById(ResourceServer resourceServer, String id) {
|
||||||
LOG.tracef("findById(%s, %s)%s", id, resourceServerId, getShortStackTrace());
|
LOG.tracef("findById(%s, %s)%s", id, resourceServer, getShortStackTrace());
|
||||||
|
|
||||||
return tx.read(withCriteria(forResourceServer(resourceServerId)
|
return tx.read(withCriteria(forResourceServer(resourceServer)
|
||||||
.compare(SearchableFields.ID, Operator.EQ, id)))
|
.compare(SearchableFields.ID, Operator.EQ, id)))
|
||||||
.findFirst()
|
.findFirst()
|
||||||
.map(this::entityToAdapter)
|
.map(this::entityToAdapter)
|
||||||
|
@ -150,47 +153,47 @@ public class MapPermissionTicketStore implements PermissionTicketStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<PermissionTicket> findByResourceServer(String resourceServerId) {
|
public List<PermissionTicket> findByResourceServer(ResourceServer resourceServer) {
|
||||||
LOG.tracef("findByResourceServer(%s)%s", resourceServerId, getShortStackTrace());
|
LOG.tracef("findByResourceServer(%s)%s", resourceServer, getShortStackTrace());
|
||||||
|
|
||||||
return tx.read(withCriteria(forResourceServer(resourceServerId)))
|
return tx.read(withCriteria(forResourceServer(resourceServer)))
|
||||||
.map(this::entityToAdapter)
|
.map(this::entityToAdapter)
|
||||||
.collect(Collectors.toList());
|
.collect(Collectors.toList());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<PermissionTicket> findByOwner(String owner, String resourceServerId) {
|
public List<PermissionTicket> findByOwner(ResourceServer resourceServer, String owner) {
|
||||||
LOG.tracef("findByOwner(%s, %s)%s", owner, resourceServerId, getShortStackTrace());
|
LOG.tracef("findByOwner(%s, %s)%s", owner, resourceServer, getShortStackTrace());
|
||||||
|
|
||||||
return tx.read(withCriteria(forResourceServer(resourceServerId)
|
return tx.read(withCriteria(forResourceServer(resourceServer)
|
||||||
.compare(SearchableFields.OWNER, Operator.EQ, owner)))
|
.compare(SearchableFields.OWNER, Operator.EQ, owner)))
|
||||||
.map(this::entityToAdapter)
|
.map(this::entityToAdapter)
|
||||||
.collect(Collectors.toList());
|
.collect(Collectors.toList());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<PermissionTicket> findByResource(String resourceId, String resourceServerId) {
|
public List<PermissionTicket> findByResource(ResourceServer resourceServer, Resource resource) {
|
||||||
LOG.tracef("findByResource(%s, %s)%s", resourceId, resourceServerId, getShortStackTrace());
|
LOG.tracef("findByResource(%s, %s)%s", resource, resourceServer, getShortStackTrace());
|
||||||
|
|
||||||
return tx.read(withCriteria(forResourceServer(resourceServerId)
|
return tx.read(withCriteria(forResourceServer(resourceServer)
|
||||||
.compare(SearchableFields.RESOURCE_ID, Operator.EQ, resourceId)))
|
.compare(SearchableFields.RESOURCE_ID, Operator.EQ, resource.getId())))
|
||||||
.map(this::entityToAdapter)
|
.map(this::entityToAdapter)
|
||||||
.collect(Collectors.toList());
|
.collect(Collectors.toList());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<PermissionTicket> findByScope(String scopeId, String resourceServerId) {
|
public List<PermissionTicket> findByScope(ResourceServer resourceServer, Scope scope) {
|
||||||
LOG.tracef("findByScope(%s, %s)%s", scopeId, resourceServerId, getShortStackTrace());
|
LOG.tracef("findByScope(%s, %s)%s", scope, resourceServer, getShortStackTrace());
|
||||||
|
|
||||||
return tx.read(withCriteria(forResourceServer(resourceServerId)
|
return tx.read(withCriteria(forResourceServer(resourceServer)
|
||||||
.compare(SearchableFields.SCOPE_ID, Operator.EQ, scopeId)))
|
.compare(SearchableFields.SCOPE_ID, Operator.EQ, scope.getId())))
|
||||||
.map(this::entityToAdapter)
|
.map(this::entityToAdapter)
|
||||||
.collect(Collectors.toList());
|
.collect(Collectors.toList());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<PermissionTicket> find(Map<PermissionTicket.FilterOption, String> attributes, String resourceServerId, int firstResult, int maxResult) {
|
public List<PermissionTicket> find(ResourceServer resourceServer, Map<PermissionTicket.FilterOption, String> attributes, Integer firstResult, Integer maxResult) {
|
||||||
DefaultModelCriteria<PermissionTicket> mcb = forResourceServer(resourceServerId);
|
DefaultModelCriteria<PermissionTicket> mcb = forResourceServer(resourceServer);
|
||||||
|
|
||||||
if (attributes.containsKey(PermissionTicket.FilterOption.RESOURCE_NAME)) {
|
if (attributes.containsKey(PermissionTicket.FilterOption.RESOURCE_NAME)) {
|
||||||
String expectedResourceName = attributes.remove(PermissionTicket.FilterOption.RESOURCE_NAME);
|
String expectedResourceName = attributes.remove(PermissionTicket.FilterOption.RESOURCE_NAME);
|
||||||
|
@ -199,7 +202,7 @@ public class MapPermissionTicketStore implements PermissionTicketStore {
|
||||||
|
|
||||||
filterOptionStringMap.put(Resource.FilterOption.EXACT_NAME, new String[]{expectedResourceName});
|
filterOptionStringMap.put(Resource.FilterOption.EXACT_NAME, new String[]{expectedResourceName});
|
||||||
|
|
||||||
List<Resource> r = authorizationProvider.getStoreFactory().getResourceStore().findByResourceServer(filterOptionStringMap, resourceServerId, -1, -1);
|
List<Resource> r = authorizationProvider.getStoreFactory().getResourceStore().findByResourceServer(resourceServer, filterOptionStringMap, null, null);
|
||||||
if (r == null || r.isEmpty()) {
|
if (r == null || r.isEmpty()) {
|
||||||
return Collections.emptyList();
|
return Collections.emptyList();
|
||||||
}
|
}
|
||||||
|
@ -248,28 +251,28 @@ public class MapPermissionTicketStore implements PermissionTicketStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<PermissionTicket> findGranted(String userId, String resourceServerId) {
|
public List<PermissionTicket> findGranted(ResourceServer resourceServer, String userId) {
|
||||||
Map<PermissionTicket.FilterOption, String> filters = new EnumMap<>(PermissionTicket.FilterOption.class);
|
Map<PermissionTicket.FilterOption, String> filters = new EnumMap<>(PermissionTicket.FilterOption.class);
|
||||||
|
|
||||||
filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString());
|
filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString());
|
||||||
filters.put(PermissionTicket.FilterOption.REQUESTER, userId);
|
filters.put(PermissionTicket.FilterOption.REQUESTER, userId);
|
||||||
|
|
||||||
return find(filters, resourceServerId, -1, -1);
|
return find(resourceServer, filters, null, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<PermissionTicket> findGranted(String resourceName, String userId, String resourceServerId) {
|
public List<PermissionTicket> findGranted(ResourceServer resourceServer, String resourceName, String userId) {
|
||||||
Map<PermissionTicket.FilterOption, String> filters = new EnumMap<>(PermissionTicket.FilterOption.class);
|
Map<PermissionTicket.FilterOption, String> filters = new EnumMap<>(PermissionTicket.FilterOption.class);
|
||||||
|
|
||||||
filters.put(PermissionTicket.FilterOption.RESOURCE_NAME, resourceName);
|
filters.put(PermissionTicket.FilterOption.RESOURCE_NAME, resourceName);
|
||||||
filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString());
|
filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString());
|
||||||
filters.put(PermissionTicket.FilterOption.REQUESTER, userId);
|
filters.put(PermissionTicket.FilterOption.REQUESTER, userId);
|
||||||
|
|
||||||
return find(filters, resourceServerId, -1, -1);
|
return find(resourceServer, filters, null, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findGrantedResources(String requester, String name, int first, int max) {
|
public List<Resource> findGrantedResources(String requester, String name, Integer first, Integer max) {
|
||||||
DefaultModelCriteria<PermissionTicket> mcb = criteria();
|
DefaultModelCriteria<PermissionTicket> mcb = criteria();
|
||||||
mcb = mcb.compare(SearchableFields.REQUESTER, Operator.EQ, requester)
|
mcb = mcb.compare(SearchableFields.REQUESTER, Operator.EQ, requester)
|
||||||
.compare(SearchableFields.GRANTED_TIMESTAMP, Operator.EXISTS);
|
.compare(SearchableFields.GRANTED_TIMESTAMP, Operator.EXISTS);
|
||||||
|
@ -277,6 +280,7 @@ public class MapPermissionTicketStore implements PermissionTicketStore {
|
||||||
Function<MapPermissionTicketEntity, Resource> ticketResourceMapper;
|
Function<MapPermissionTicketEntity, Resource> ticketResourceMapper;
|
||||||
|
|
||||||
ResourceStore resourceStore = authorizationProvider.getStoreFactory().getResourceStore();
|
ResourceStore resourceStore = authorizationProvider.getStoreFactory().getResourceStore();
|
||||||
|
ResourceServerStore resourceServerStore = authorizationProvider.getStoreFactory().getResourceServerStore();
|
||||||
if (name != null) {
|
if (name != null) {
|
||||||
ticketResourceMapper = ticket -> {
|
ticketResourceMapper = ticket -> {
|
||||||
Map<Resource.FilterOption, String[]> filterOptionMap = new EnumMap<>(Resource.FilterOption.class);
|
Map<Resource.FilterOption, String[]> filterOptionMap = new EnumMap<>(Resource.FilterOption.class);
|
||||||
|
@ -284,13 +288,13 @@ public class MapPermissionTicketStore implements PermissionTicketStore {
|
||||||
filterOptionMap.put(Resource.FilterOption.ID, new String[] {ticket.getResourceId()});
|
filterOptionMap.put(Resource.FilterOption.ID, new String[] {ticket.getResourceId()});
|
||||||
filterOptionMap.put(Resource.FilterOption.NAME, new String[] {name});
|
filterOptionMap.put(Resource.FilterOption.NAME, new String[] {name});
|
||||||
|
|
||||||
List<Resource> resource = resourceStore.findByResourceServer(filterOptionMap, ticket.getResourceServerId(), -1, 1);
|
List<Resource> resource = resourceStore.findByResourceServer(resourceServerStore.findById(ticket.getResourceServerId()), filterOptionMap, -1, 1);
|
||||||
|
|
||||||
return resource.isEmpty() ? null : resource.get(0);
|
return resource.isEmpty() ? null : resource.get(0);
|
||||||
};
|
};
|
||||||
} else {
|
} else {
|
||||||
ticketResourceMapper = ticket -> resourceStore
|
ticketResourceMapper = ticket -> resourceStore
|
||||||
.findById(ticket.getResourceId(), ticket.getResourceServerId());
|
.findById(resourceServerStore.findById(ticket.getResourceServerId()), ticket.getResourceId());
|
||||||
}
|
}
|
||||||
|
|
||||||
return paginatedStream(tx.read(withCriteria(mcb).orderBy(SearchableFields.RESOURCE_ID, ASCENDING))
|
return paginatedStream(tx.read(withCriteria(mcb).orderBy(SearchableFields.RESOURCE_ID, ASCENDING))
|
||||||
|
@ -301,14 +305,16 @@ public class MapPermissionTicketStore implements PermissionTicketStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findGrantedOwnerResources(String owner, int first, int max) {
|
public List<Resource> findGrantedOwnerResources(String owner, Integer firstResult, Integer maxResults) {
|
||||||
DefaultModelCriteria<PermissionTicket> mcb = criteria();
|
DefaultModelCriteria<PermissionTicket> mcb = criteria();
|
||||||
mcb = mcb.compare(SearchableFields.OWNER, Operator.EQ, owner);
|
mcb = mcb.compare(SearchableFields.OWNER, Operator.EQ, owner);
|
||||||
|
|
||||||
|
ResourceStore resourceStore = authorizationProvider.getStoreFactory().getResourceStore();
|
||||||
|
ResourceServerStore resourceServerStore = authorizationProvider.getStoreFactory().getResourceServerStore();
|
||||||
|
|
||||||
return paginatedStream(tx.read(withCriteria(mcb).orderBy(SearchableFields.RESOURCE_ID, ASCENDING))
|
return paginatedStream(tx.read(withCriteria(mcb).orderBy(SearchableFields.RESOURCE_ID, ASCENDING))
|
||||||
.filter(distinctByKey(MapPermissionTicketEntity::getResourceId)), first, max)
|
.filter(distinctByKey(MapPermissionTicketEntity::getResourceId)), firstResult, maxResults)
|
||||||
.map(ticket -> authorizationProvider.getStoreFactory().getResourceStore()
|
.map(ticket -> resourceStore.findById(resourceServerStore.findById(ticket.getResourceServerId()), ticket.getResourceId()))
|
||||||
.findById(ticket.getResourceId(), ticket.getResourceServerId()))
|
|
||||||
.collect(Collectors.toList());
|
.collect(Collectors.toList());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,7 +21,9 @@ import org.jboss.logging.Logger;
|
||||||
import org.keycloak.authorization.AuthorizationProvider;
|
import org.keycloak.authorization.AuthorizationProvider;
|
||||||
import org.keycloak.authorization.model.Policy;
|
import org.keycloak.authorization.model.Policy;
|
||||||
import org.keycloak.authorization.model.Policy.SearchableFields;
|
import org.keycloak.authorization.model.Policy.SearchableFields;
|
||||||
|
import org.keycloak.authorization.model.Resource;
|
||||||
import org.keycloak.authorization.model.ResourceServer;
|
import org.keycloak.authorization.model.ResourceServer;
|
||||||
|
import org.keycloak.authorization.model.Scope;
|
||||||
import org.keycloak.authorization.store.PolicyStore;
|
import org.keycloak.authorization.store.PolicyStore;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.ModelDuplicateException;
|
import org.keycloak.models.ModelDuplicateException;
|
||||||
|
@ -63,21 +65,21 @@ public class MapPolicyStore implements PolicyStore {
|
||||||
return new MapPolicyAdapter(origEntity, authorizationProvider.getStoreFactory());
|
return new MapPolicyAdapter(origEntity, authorizationProvider.getStoreFactory());
|
||||||
}
|
}
|
||||||
|
|
||||||
private DefaultModelCriteria<Policy> forResourceServer(String resourceServerId) {
|
private DefaultModelCriteria<Policy> forResourceServer(ResourceServer resourceServer) {
|
||||||
DefaultModelCriteria<Policy> mcb = criteria();
|
DefaultModelCriteria<Policy> mcb = criteria();
|
||||||
|
|
||||||
return resourceServerId == null
|
return resourceServer == null
|
||||||
? mcb
|
? mcb
|
||||||
: mcb.compare(SearchableFields.RESOURCE_SERVER_ID, Operator.EQ,
|
: mcb.compare(SearchableFields.RESOURCE_SERVER_ID, Operator.EQ,
|
||||||
resourceServerId);
|
resourceServer.getId());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy create(AbstractPolicyRepresentation representation, ResourceServer resourceServer) {
|
public Policy create(ResourceServer resourceServer, AbstractPolicyRepresentation representation) {
|
||||||
LOG.tracef("create(%s, %s, %s)%s", representation.getId(), resourceServer.getId(), resourceServer, getShortStackTrace());
|
LOG.tracef("create(%s, %s, %s)%s", representation.getId(), resourceServer.getId(), resourceServer, getShortStackTrace());
|
||||||
|
|
||||||
// @UniqueConstraint(columnNames = {"NAME", "RESOURCE_SERVER_ID"})
|
// @UniqueConstraint(columnNames = {"NAME", "RESOURCE_SERVER_ID"})
|
||||||
DefaultModelCriteria<Policy> mcb = forResourceServer(resourceServer.getId())
|
DefaultModelCriteria<Policy> mcb = forResourceServer(resourceServer)
|
||||||
.compare(SearchableFields.NAME, Operator.EQ, representation.getName());
|
.compare(SearchableFields.NAME, Operator.EQ, representation.getName());
|
||||||
|
|
||||||
if (tx.getCount(withCriteria(mcb)) > 0) {
|
if (tx.getCount(withCriteria(mcb)) > 0) {
|
||||||
|
@ -103,10 +105,10 @@ public class MapPolicyStore implements PolicyStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy findById(String id, String resourceServerId) {
|
public Policy findById(ResourceServer resourceServer, String id) {
|
||||||
LOG.tracef("findById(%s, %s)%s", id, resourceServerId, getShortStackTrace());
|
LOG.tracef("findById(%s, %s)%s", id, resourceServer, getShortStackTrace());
|
||||||
|
|
||||||
return tx.read(withCriteria(forResourceServer(resourceServerId)
|
return tx.read(withCriteria(forResourceServer(resourceServer)
|
||||||
.compare(SearchableFields.ID, Operator.EQ, id)))
|
.compare(SearchableFields.ID, Operator.EQ, id)))
|
||||||
.findFirst()
|
.findFirst()
|
||||||
.map(this::entityToAdapter)
|
.map(this::entityToAdapter)
|
||||||
|
@ -114,10 +116,10 @@ public class MapPolicyStore implements PolicyStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy findByName(String name, String resourceServerId) {
|
public Policy findByName(ResourceServer resourceServer, String name) {
|
||||||
LOG.tracef("findByName(%s, %s)%s", name, resourceServerId, getShortStackTrace());
|
LOG.tracef("findByName(%s, %s)%s", name, resourceServer, getShortStackTrace());
|
||||||
|
|
||||||
return tx.read(withCriteria(forResourceServer(resourceServerId)
|
return tx.read(withCriteria(forResourceServer(resourceServer)
|
||||||
.compare(SearchableFields.NAME, Operator.EQ, name)))
|
.compare(SearchableFields.NAME, Operator.EQ, name)))
|
||||||
.findFirst()
|
.findFirst()
|
||||||
.map(this::entityToAdapter)
|
.map(this::entityToAdapter)
|
||||||
|
@ -125,19 +127,19 @@ public class MapPolicyStore implements PolicyStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Policy> findByResourceServer(String id) {
|
public List<Policy> findByResourceServer(ResourceServer resourceServer) {
|
||||||
LOG.tracef("findByResourceServer(%s)%s", id, getShortStackTrace());
|
LOG.tracef("findByResourceServer(%s)%s", resourceServer, getShortStackTrace());
|
||||||
|
|
||||||
return tx.read(withCriteria(forResourceServer(id)))
|
return tx.read(withCriteria(forResourceServer(resourceServer)))
|
||||||
.map(this::entityToAdapter)
|
.map(this::entityToAdapter)
|
||||||
.collect(Collectors.toList());
|
.collect(Collectors.toList());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Policy> findByResourceServer(Map<Policy.FilterOption, String[]> attributes, String resourceServerId, int firstResult, int maxResult) {
|
public List<Policy> findByResourceServer(ResourceServer resourceServer, Map<Policy.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults) {
|
||||||
LOG.tracef("findByResourceServer(%s, %s, %d, %d)%s", attributes, resourceServerId, firstResult, maxResult, getShortStackTrace());
|
LOG.tracef("findByResourceServer(%s, %s, %d, %d)%s", attributes, resourceServer, firstResult, maxResults, getShortStackTrace());
|
||||||
|
|
||||||
DefaultModelCriteria<Policy> mcb = forResourceServer(resourceServerId).and(
|
DefaultModelCriteria<Policy> mcb = forResourceServer(resourceServer).and(
|
||||||
attributes.entrySet().stream()
|
attributes.entrySet().stream()
|
||||||
.map(this::filterEntryToDefaultModelCriteria)
|
.map(this::filterEntryToDefaultModelCriteria)
|
||||||
.filter(Objects::nonNull)
|
.filter(Objects::nonNull)
|
||||||
|
@ -148,10 +150,10 @@ public class MapPolicyStore implements PolicyStore {
|
||||||
mcb = mcb.compare(SearchableFields.OWNER, Operator.NOT_EXISTS);
|
mcb = mcb.compare(SearchableFields.OWNER, Operator.NOT_EXISTS);
|
||||||
}
|
}
|
||||||
|
|
||||||
return tx.read(withCriteria(mcb).pagination(firstResult, maxResult, SearchableFields.NAME))
|
return tx.read(withCriteria(mcb).pagination(firstResult, maxResults, SearchableFields.NAME))
|
||||||
.map(MapPolicyEntity::getId)
|
.map(MapPolicyEntity::getId)
|
||||||
// We need to go through cache
|
// We need to go through cache
|
||||||
.map(id -> authorizationProvider.getStoreFactory().getPolicyStore().findById(id, resourceServerId))
|
.map(id -> authorizationProvider.getStoreFactory().getPolicyStore().findById(resourceServer, id))
|
||||||
.collect(Collectors.toList());
|
.collect(Collectors.toList());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -194,39 +196,39 @@ public class MapPolicyStore implements PolicyStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByResource(String resourceId, String resourceServerId, Consumer<Policy> consumer) {
|
public void findByResource(ResourceServer resourceServer, Resource resource, Consumer<Policy> consumer) {
|
||||||
LOG.tracef("findByResource(%s, %s, %s)%s", resourceId, resourceServerId, consumer, getShortStackTrace());
|
LOG.tracef("findByResource(%s, %s, %s)%s", resourceServer, resource, consumer, getShortStackTrace());
|
||||||
|
|
||||||
tx.read(withCriteria(forResourceServer(resourceServerId)
|
tx.read(withCriteria(forResourceServer(resourceServer)
|
||||||
.compare(SearchableFields.RESOURCE_ID, Operator.EQ, resourceId)))
|
.compare(SearchableFields.RESOURCE_ID, Operator.EQ, resource.getId())))
|
||||||
.map(this::entityToAdapter)
|
.map(this::entityToAdapter)
|
||||||
.forEach(consumer);
|
.forEach(consumer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByResourceType(String type, String resourceServerId, Consumer<Policy> policyConsumer) {
|
public void findByResourceType(ResourceServer resourceServer, String type, Consumer<Policy> policyConsumer) {
|
||||||
tx.read(withCriteria(forResourceServer(resourceServerId)
|
tx.read(withCriteria(forResourceServer(resourceServer)
|
||||||
.compare(SearchableFields.CONFIG, Operator.LIKE, (Object[]) new String[]{"defaultResourceType", type})))
|
.compare(SearchableFields.CONFIG, Operator.LIKE, (Object[]) new String[]{"defaultResourceType", type})))
|
||||||
.map(this::entityToAdapter)
|
.map(this::entityToAdapter)
|
||||||
.forEach(policyConsumer);
|
.forEach(policyConsumer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Policy> findByScopeIds(List<String> scopeIds, String resourceServerId) {
|
public List<Policy> findByScopes(ResourceServer resourceServer, List<Scope> scopes) {
|
||||||
return tx.read(withCriteria(forResourceServer(resourceServerId)
|
return tx.read(withCriteria(forResourceServer(resourceServer)
|
||||||
.compare(SearchableFields.SCOPE_ID, Operator.IN, scopeIds)))
|
.compare(SearchableFields.SCOPE_ID, Operator.IN, scopes.stream().map(Scope::getId))))
|
||||||
.map(this::entityToAdapter)
|
.map(this::entityToAdapter)
|
||||||
.collect(Collectors.toList());
|
.collect(Collectors.toList());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByScopeIds(List<String> scopeIds, String resourceId, String resourceServerId, Consumer<Policy> consumer) {
|
public void findByScopes(ResourceServer resourceServer, Resource resource, List<Scope> scopes, Consumer<Policy> consumer) {
|
||||||
DefaultModelCriteria<Policy> mcb = forResourceServer(resourceServerId)
|
DefaultModelCriteria<Policy> mcb = forResourceServer(resourceServer)
|
||||||
.compare(SearchableFields.TYPE, Operator.EQ, "scope")
|
.compare(SearchableFields.TYPE, Operator.EQ, "scope")
|
||||||
.compare(SearchableFields.SCOPE_ID, Operator.IN, scopeIds);
|
.compare(SearchableFields.SCOPE_ID, Operator.IN, scopes.stream().map(Scope::getId));
|
||||||
|
|
||||||
if (resourceId != null) {
|
if (resource != null) {
|
||||||
mcb = mcb.compare(SearchableFields.RESOURCE_ID, Operator.EQ, resourceId);
|
mcb = mcb.compare(SearchableFields.RESOURCE_ID, Operator.EQ, resource.getId());
|
||||||
// @NamedQuery(name="findPolicyIdByNullResourceScope", query="PolicyEntity pe left join fetch pe.config c inner join pe.scopes s where pe.resourceServer.id = :serverId and pe.type = 'scope' and pe.resources is empty and s.id in (:scopeIds) and not exists (select pec from pe.config pec where KEY(pec) = 'defaultResourceType')"),
|
// @NamedQuery(name="findPolicyIdByNullResourceScope", query="PolicyEntity pe left join fetch pe.config c inner join pe.scopes s where pe.resourceServer.id = :serverId and pe.type = 'scope' and pe.resources is empty and s.id in (:scopeIds) and not exists (select pec from pe.config pec where KEY(pec) = 'defaultResourceType')"),
|
||||||
} else {
|
} else {
|
||||||
mcb = mcb.compare(SearchableFields.RESOURCE_ID, Operator.NOT_EXISTS)
|
mcb = mcb.compare(SearchableFields.RESOURCE_ID, Operator.NOT_EXISTS)
|
||||||
|
@ -237,16 +239,16 @@ public class MapPolicyStore implements PolicyStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Policy> findByType(String type, String resourceServerId) {
|
public List<Policy> findByType(ResourceServer resourceServer, String type) {
|
||||||
return tx.read(withCriteria(forResourceServer(resourceServerId)
|
return tx.read(withCriteria(forResourceServer(resourceServer)
|
||||||
.compare(SearchableFields.TYPE, Operator.EQ, type)))
|
.compare(SearchableFields.TYPE, Operator.EQ, type)))
|
||||||
.map(this::entityToAdapter)
|
.map(this::entityToAdapter)
|
||||||
.collect(Collectors.toList());
|
.collect(Collectors.toList());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Policy> findDependentPolicies(String id, String resourceServerId) {
|
public List<Policy> findDependentPolicies(ResourceServer resourceServer, String id) {
|
||||||
return tx.read(withCriteria(forResourceServer(resourceServerId)
|
return tx.read(withCriteria(forResourceServer(resourceServer)
|
||||||
.compare(SearchableFields.ASSOCIATED_POLICY_ID, Operator.EQ, id)))
|
.compare(SearchableFields.ASSOCIATED_POLICY_ID, Operator.EQ, id)))
|
||||||
.map(this::entityToAdapter)
|
.map(this::entityToAdapter)
|
||||||
.collect(Collectors.toList());
|
.collect(Collectors.toList());
|
||||||
|
|
|
@ -29,6 +29,7 @@ import org.keycloak.authorization.store.PolicyStore;
|
||||||
import org.keycloak.authorization.store.ResourceServerStore;
|
import org.keycloak.authorization.store.ResourceServerStore;
|
||||||
import org.keycloak.authorization.store.ResourceStore;
|
import org.keycloak.authorization.store.ResourceStore;
|
||||||
import org.keycloak.authorization.store.ScopeStore;
|
import org.keycloak.authorization.store.ScopeStore;
|
||||||
|
import org.keycloak.models.ClientModel;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.ModelDuplicateException;
|
import org.keycloak.models.ModelDuplicateException;
|
||||||
import org.keycloak.models.ModelException;
|
import org.keycloak.models.ModelException;
|
||||||
|
@ -40,17 +41,14 @@ import org.keycloak.models.map.storage.MapStorage;
|
||||||
import org.keycloak.storage.StorageId;
|
import org.keycloak.storage.StorageId;
|
||||||
|
|
||||||
import static org.keycloak.common.util.StackUtil.getShortStackTrace;
|
import static org.keycloak.common.util.StackUtil.getShortStackTrace;
|
||||||
import org.keycloak.models.ClientModel;
|
|
||||||
|
|
||||||
public class MapResourceServerStore implements ResourceServerStore {
|
public class MapResourceServerStore implements ResourceServerStore {
|
||||||
|
|
||||||
private static final Logger LOG = Logger.getLogger(MapResourceServerStore.class);
|
private static final Logger LOG = Logger.getLogger(MapResourceServerStore.class);
|
||||||
private final AuthorizationProvider authorizationProvider;
|
private final AuthorizationProvider authorizationProvider;
|
||||||
final MapKeycloakTransaction<MapResourceServerEntity, ResourceServer> tx;
|
final MapKeycloakTransaction<MapResourceServerEntity, ResourceServer> tx;
|
||||||
private final MapStorage<MapResourceServerEntity, ResourceServer> resourceServerStore;
|
|
||||||
|
|
||||||
public MapResourceServerStore(KeycloakSession session, MapStorage<MapResourceServerEntity, ResourceServer> resourceServerStore, AuthorizationProvider provider) {
|
public MapResourceServerStore(KeycloakSession session, MapStorage<MapResourceServerEntity, ResourceServer> resourceServerStore, AuthorizationProvider provider) {
|
||||||
this.resourceServerStore = resourceServerStore;
|
|
||||||
this.tx = resourceServerStore.createTransaction(session);
|
this.tx = resourceServerStore.createTransaction(session);
|
||||||
this.authorizationProvider = provider;
|
this.authorizationProvider = provider;
|
||||||
session.getTransactionManager().enlist(tx);
|
session.getTransactionManager().enlist(tx);
|
||||||
|
@ -64,49 +62,53 @@ public class MapResourceServerStore implements ResourceServerStore {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public ResourceServer create(ClientModel client) {
|
public ResourceServer create(ClientModel client) {
|
||||||
String clientId = client.getId();
|
LOG.tracef("create(%s)%s", client.getClientId(), getShortStackTrace());
|
||||||
LOG.tracef("create(%s)%s", clientId, getShortStackTrace());
|
|
||||||
|
|
||||||
|
String clientId = client.getId();
|
||||||
if (clientId == null) return null;
|
if (clientId == null) return null;
|
||||||
|
|
||||||
if (!StorageId.isLocalStorage(clientId)) {
|
if (!StorageId.isLocalStorage(clientId)) {
|
||||||
throw new ModelException("Creating resource server from federated ClientModel not supported");
|
throw new ModelException("Creating resource server from federated ClientModel not supported");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (tx.read(clientId) != null) {
|
if (findByClient(client) != null) {
|
||||||
throw new ModelDuplicateException("Resource server already exists: " + clientId);
|
throw new ModelDuplicateException("Resource server assiciated with client : " + client.getClientId() + " already exists.");
|
||||||
}
|
}
|
||||||
|
|
||||||
MapResourceServerEntity entity = new MapResourceServerEntityImpl();
|
MapResourceServerEntity entity = new MapResourceServerEntityImpl();
|
||||||
entity.setId(clientId);
|
entity.setId(clientId);
|
||||||
|
|
||||||
return entityToAdapter(tx.create(entity));
|
entity = tx.create(entity);
|
||||||
|
return entityToAdapter(entity);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void delete(ClientModel client) {
|
public void delete(ClientModel client) {
|
||||||
String id = client.getId();
|
LOG.tracef("delete(%s, %s)%s", client.getClientId(), getShortStackTrace());
|
||||||
LOG.tracef("delete(%s, %s)%s", id, getShortStackTrace());
|
|
||||||
if (id == null) return;
|
ResourceServer resourceServer = findByClient(client);
|
||||||
|
if (resourceServer == null) return;
|
||||||
|
|
||||||
|
String id = resourceServer.getId();
|
||||||
|
|
||||||
// TODO: Simplify the following, ideally by leveraging triggers, stored procedures or ref integrity
|
// TODO: Simplify the following, ideally by leveraging triggers, stored procedures or ref integrity
|
||||||
PolicyStore policyStore = authorizationProvider.getStoreFactory().getPolicyStore();
|
PolicyStore policyStore = authorizationProvider.getStoreFactory().getPolicyStore();
|
||||||
policyStore.findByResourceServer(id).stream()
|
policyStore.findByResourceServer(resourceServer).stream()
|
||||||
.map(Policy::getId)
|
.map(Policy::getId)
|
||||||
.forEach(policyStore::delete);
|
.forEach(policyStore::delete);
|
||||||
|
|
||||||
PermissionTicketStore permissionTicketStore = authorizationProvider.getStoreFactory().getPermissionTicketStore();
|
PermissionTicketStore permissionTicketStore = authorizationProvider.getStoreFactory().getPermissionTicketStore();
|
||||||
permissionTicketStore.findByResourceServer(id).stream()
|
permissionTicketStore.findByResourceServer(resourceServer).stream()
|
||||||
.map(PermissionTicket::getId)
|
.map(PermissionTicket::getId)
|
||||||
.forEach(permissionTicketStore::delete);
|
.forEach(permissionTicketStore::delete);
|
||||||
|
|
||||||
ResourceStore resourceStore = authorizationProvider.getStoreFactory().getResourceStore();
|
ResourceStore resourceStore = authorizationProvider.getStoreFactory().getResourceStore();
|
||||||
resourceStore.findByResourceServer(id).stream()
|
resourceStore.findByResourceServer(resourceServer).stream()
|
||||||
.map(Resource::getId)
|
.map(Resource::getId)
|
||||||
.forEach(resourceStore::delete);
|
.forEach(resourceStore::delete);
|
||||||
|
|
||||||
ScopeStore scopeStore = authorizationProvider.getStoreFactory().getScopeStore();
|
ScopeStore scopeStore = authorizationProvider.getStoreFactory().getScopeStore();
|
||||||
scopeStore.findByResourceServer(id).stream()
|
scopeStore.findByResourceServer(resourceServer).stream()
|
||||||
.map(Scope::getId)
|
.map(Scope::getId)
|
||||||
.forEach(scopeStore::delete);
|
.forEach(scopeStore::delete);
|
||||||
|
|
||||||
|
|
|
@ -22,6 +22,7 @@ import org.keycloak.authorization.AuthorizationProvider;
|
||||||
import org.keycloak.authorization.model.Resource;
|
import org.keycloak.authorization.model.Resource;
|
||||||
import org.keycloak.authorization.model.Resource.SearchableFields;
|
import org.keycloak.authorization.model.Resource.SearchableFields;
|
||||||
import org.keycloak.authorization.model.ResourceServer;
|
import org.keycloak.authorization.model.ResourceServer;
|
||||||
|
import org.keycloak.authorization.model.Scope;
|
||||||
import org.keycloak.authorization.store.ResourceStore;
|
import org.keycloak.authorization.store.ResourceStore;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.ModelDuplicateException;
|
import org.keycloak.models.ModelDuplicateException;
|
||||||
|
@ -37,6 +38,7 @@ import java.util.Arrays;
|
||||||
import java.util.LinkedList;
|
import java.util.LinkedList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
import java.util.Set;
|
||||||
import java.util.function.Consumer;
|
import java.util.function.Consumer;
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
|
@ -62,20 +64,20 @@ public class MapResourceStore implements ResourceStore {
|
||||||
return new MapResourceAdapter(origEntity, authorizationProvider.getStoreFactory());
|
return new MapResourceAdapter(origEntity, authorizationProvider.getStoreFactory());
|
||||||
}
|
}
|
||||||
|
|
||||||
private DefaultModelCriteria<Resource> forResourceServer(String resourceServerId) {
|
private DefaultModelCriteria<Resource> forResourceServer(ResourceServer resourceServer) {
|
||||||
DefaultModelCriteria<Resource> mcb = criteria();
|
DefaultModelCriteria<Resource> mcb = criteria();
|
||||||
|
|
||||||
return resourceServerId == null
|
return resourceServer == null
|
||||||
? mcb
|
? mcb
|
||||||
: mcb.compare(SearchableFields.RESOURCE_SERVER_ID, Operator.EQ,
|
: mcb.compare(SearchableFields.RESOURCE_SERVER_ID, Operator.EQ,
|
||||||
resourceServerId);
|
resourceServer.getId());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Resource create(String id, String name, ResourceServer resourceServer, String owner) {
|
public Resource create(ResourceServer resourceServer, String id, String name, String owner) {
|
||||||
LOG.tracef("create(%s, %s, %s, %s)%s", id, name, resourceServer, owner, getShortStackTrace());
|
LOG.tracef("create(%s, %s, %s, %s)%s", id, name, resourceServer, owner, getShortStackTrace());
|
||||||
// @UniqueConstraint(columnNames = {"NAME", "RESOURCE_SERVER_ID", "OWNER"})
|
// @UniqueConstraint(columnNames = {"NAME", "RESOURCE_SERVER_ID", "OWNER"})
|
||||||
DefaultModelCriteria<Resource> mcb = forResourceServer(resourceServer.getId())
|
DefaultModelCriteria<Resource> mcb = forResourceServer(resourceServer)
|
||||||
.compare(SearchableFields.NAME, Operator.EQ, name)
|
.compare(SearchableFields.NAME, Operator.EQ, name)
|
||||||
.compare(SearchableFields.OWNER, Operator.EQ, owner);
|
.compare(SearchableFields.OWNER, Operator.EQ, owner);
|
||||||
|
|
||||||
|
@ -102,10 +104,10 @@ public class MapResourceStore implements ResourceStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Resource findById(String id, String resourceServerId) {
|
public Resource findById(ResourceServer resourceServer, String id) {
|
||||||
LOG.tracef("findById(%s, %s)%s", id, resourceServerId, getShortStackTrace());
|
LOG.tracef("findById(%s, %s)%s", id, resourceServer, getShortStackTrace());
|
||||||
|
|
||||||
return tx.read(withCriteria(forResourceServer(resourceServerId)
|
return tx.read(withCriteria(forResourceServer(resourceServer)
|
||||||
.compare(SearchableFields.ID, Operator.EQ, id)))
|
.compare(SearchableFields.ID, Operator.EQ, id)))
|
||||||
.findFirst()
|
.findFirst()
|
||||||
.map(this::entityToAdapter)
|
.map(this::entityToAdapter)
|
||||||
|
@ -113,57 +115,57 @@ public class MapResourceStore implements ResourceStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByOwner(String ownerId, String resourceServerId, Consumer<Resource> consumer) {
|
public void findByOwner(ResourceServer resourceServer, String ownerId, Consumer<Resource> consumer) {
|
||||||
findByOwnerFilter(ownerId, resourceServerId, consumer, -1, -1);
|
findByOwnerFilter(ownerId, resourceServer, consumer, -1, -1);
|
||||||
}
|
}
|
||||||
|
|
||||||
private void findByOwnerFilter(String ownerId, String resourceServerId, Consumer<Resource> consumer, int firstResult, int maxResult) {
|
private void findByOwnerFilter(String ownerId, ResourceServer resourceServer, Consumer<Resource> consumer, int firstResult, int maxResult) {
|
||||||
LOG.tracef("findByOwnerFilter(%s, %s, %s, %d, %d)%s", ownerId, resourceServerId, consumer, firstResult, maxResult, getShortStackTrace());
|
LOG.tracef("findByOwnerFilter(%s, %s, %s, %d, %d)%s", ownerId, resourceServer, consumer, firstResult, maxResult, getShortStackTrace());
|
||||||
|
|
||||||
tx.read(withCriteria(forResourceServer(resourceServerId).compare(SearchableFields.OWNER, Operator.EQ, ownerId))
|
tx.read(withCriteria(forResourceServer(resourceServer).compare(SearchableFields.OWNER, Operator.EQ, ownerId))
|
||||||
.pagination(firstResult, maxResult, SearchableFields.ID)
|
.pagination(firstResult, maxResult, SearchableFields.ID)
|
||||||
).map(this::entityToAdapter)
|
).map(this::entityToAdapter)
|
||||||
.forEach(consumer);
|
.forEach(consumer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findByOwner(String ownerId, String resourceServerId, int first, int max) {
|
public List<Resource> findByOwner(ResourceServer resourceServer, String ownerId, Integer firstResult, Integer maxResults) {
|
||||||
List<Resource> resourceList = new LinkedList<>();
|
List<Resource> resourceList = new LinkedList<>();
|
||||||
|
|
||||||
findByOwnerFilter(ownerId, resourceServerId, resourceList::add, first, max);
|
findByOwnerFilter(ownerId, resourceServer, resourceList::add, firstResult, maxResults);
|
||||||
|
|
||||||
return resourceList;
|
return resourceList;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findByUri(String uri, String resourceServerId) {
|
public List<Resource> findByUri(ResourceServer resourceServer, String uri) {
|
||||||
LOG.tracef("findByUri(%s, %s)%s", uri, resourceServerId, getShortStackTrace());
|
LOG.tracef("findByUri(%s, %s)%s", uri, resourceServer, getShortStackTrace());
|
||||||
|
|
||||||
return tx.read(withCriteria(forResourceServer(resourceServerId)
|
return tx.read(withCriteria(forResourceServer(resourceServer)
|
||||||
.compare(SearchableFields.URI, Operator.EQ, uri)))
|
.compare(SearchableFields.URI, Operator.EQ, uri)))
|
||||||
.map(this::entityToAdapter)
|
.map(this::entityToAdapter)
|
||||||
.collect(Collectors.toList());
|
.collect(Collectors.toList());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findByResourceServer(String resourceServerId) {
|
public List<Resource> findByResourceServer(ResourceServer resourceServer) {
|
||||||
LOG.tracef("findByResourceServer(%s)%s", resourceServerId, getShortStackTrace());
|
LOG.tracef("findByResourceServer(%s)%s", resourceServer, getShortStackTrace());
|
||||||
|
|
||||||
return tx.read(withCriteria(forResourceServer(resourceServerId)))
|
return tx.read(withCriteria(forResourceServer(resourceServer)))
|
||||||
.map(this::entityToAdapter)
|
.map(this::entityToAdapter)
|
||||||
.collect(Collectors.toList());
|
.collect(Collectors.toList());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findByResourceServer(Map<Resource.FilterOption, String[]> attributes, String resourceServerId, int firstResult, int maxResult) {
|
public List<Resource> findByResourceServer(ResourceServer resourceServer, Map<Resource.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults) {
|
||||||
LOG.tracef("findByResourceServer(%s, %s, %d, %d)%s", attributes, resourceServerId, firstResult, maxResult, getShortStackTrace());
|
LOG.tracef("findByResourceServer(%s, %s, %d, %d)%s", attributes, resourceServer, firstResult, maxResults, getShortStackTrace());
|
||||||
DefaultModelCriteria<Resource> mcb = forResourceServer(resourceServerId).and(
|
DefaultModelCriteria<Resource> mcb = forResourceServer(resourceServer).and(
|
||||||
attributes.entrySet().stream()
|
attributes.entrySet().stream()
|
||||||
.map(this::filterEntryToDefaultModelCriteria)
|
.map(this::filterEntryToDefaultModelCriteria)
|
||||||
.toArray(DefaultModelCriteria[]::new)
|
.toArray(DefaultModelCriteria[]::new)
|
||||||
);
|
);
|
||||||
|
|
||||||
return tx.read(withCriteria(mcb).pagination(firstResult, maxResult, SearchableFields.NAME))
|
return tx.read(withCriteria(mcb).pagination(firstResult, maxResults, SearchableFields.NAME))
|
||||||
.map(this::entityToAdapter)
|
.map(this::entityToAdapter)
|
||||||
.collect(Collectors.toList());
|
.collect(Collectors.toList());
|
||||||
}
|
}
|
||||||
|
@ -194,24 +196,19 @@ public class MapResourceStore implements ResourceStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByScope(List<String> scopes, String resourceServerId, Consumer<Resource> consumer) {
|
public void findByScopes(ResourceServer resourceServer, Set<Scope> scopes, Consumer<Resource> consumer) {
|
||||||
LOG.tracef("findByScope(%s, %s, %s)%s", scopes, resourceServerId, consumer, getShortStackTrace());
|
LOG.tracef("findByScope(%s, %s, %s)%s", scopes, resourceServer, consumer, getShortStackTrace());
|
||||||
|
|
||||||
tx.read(withCriteria(forResourceServer(resourceServerId)
|
tx.read(withCriteria(forResourceServer(resourceServer)
|
||||||
.compare(SearchableFields.SCOPE_ID, Operator.IN, scopes)))
|
.compare(SearchableFields.SCOPE_ID, Operator.IN, scopes.stream().map(Scope::getId))))
|
||||||
.map(this::entityToAdapter)
|
.map(this::entityToAdapter)
|
||||||
.forEach(consumer);
|
.forEach(consumer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Resource findByName(String name, String resourceServerId) {
|
public Resource findByName(ResourceServer resourceServer, String name, String ownerId) {
|
||||||
return findByName(name, resourceServerId, resourceServerId);
|
LOG.tracef("findByName(%s, %s, %s)%s", name, ownerId, resourceServer, getShortStackTrace());
|
||||||
}
|
return tx.read(withCriteria(forResourceServer(resourceServer)
|
||||||
|
|
||||||
@Override
|
|
||||||
public Resource findByName(String name, String ownerId, String resourceServerId) {
|
|
||||||
LOG.tracef("findByName(%s, %s, %s)%s", name, ownerId, resourceServerId, getShortStackTrace());
|
|
||||||
return tx.read(withCriteria(forResourceServer(resourceServerId)
|
|
||||||
.compare(SearchableFields.OWNER, Operator.EQ, ownerId)
|
.compare(SearchableFields.OWNER, Operator.EQ, ownerId)
|
||||||
.compare(SearchableFields.NAME, Operator.EQ, name)))
|
.compare(SearchableFields.NAME, Operator.EQ, name)))
|
||||||
.findFirst()
|
.findFirst()
|
||||||
|
@ -220,19 +217,19 @@ public class MapResourceStore implements ResourceStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByType(String type, String resourceServerId, Consumer<Resource> consumer) {
|
public void findByType(ResourceServer resourceServer, String type, Consumer<Resource> consumer) {
|
||||||
LOG.tracef("findByType(%s, %s, %s)%s", type, resourceServerId, consumer, getShortStackTrace());
|
LOG.tracef("findByType(%s, %s, %s)%s", type, resourceServer, consumer, getShortStackTrace());
|
||||||
tx.read(withCriteria(forResourceServer(resourceServerId)
|
tx.read(withCriteria(forResourceServer(resourceServer)
|
||||||
.compare(SearchableFields.TYPE, Operator.EQ, type)))
|
.compare(SearchableFields.TYPE, Operator.EQ, type)))
|
||||||
.map(this::entityToAdapter)
|
.map(this::entityToAdapter)
|
||||||
.forEach(consumer);
|
.forEach(consumer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByType(String type, String owner, String resourceServerId, Consumer<Resource> consumer) {
|
public void findByType(ResourceServer resourceServer, String type, String owner, Consumer<Resource> consumer) {
|
||||||
LOG.tracef("findByType(%s, %s, %s, %s)%s", type, owner, resourceServerId, consumer, getShortStackTrace());
|
LOG.tracef("findByType(%s, %s, %s, %s)%s", type, owner, resourceServer, consumer, getShortStackTrace());
|
||||||
|
|
||||||
DefaultModelCriteria<Resource> mcb = forResourceServer(resourceServerId)
|
DefaultModelCriteria<Resource> mcb = forResourceServer(resourceServer)
|
||||||
.compare(SearchableFields.TYPE, Operator.EQ, type);
|
.compare(SearchableFields.TYPE, Operator.EQ, type);
|
||||||
|
|
||||||
if (owner != null) {
|
if (owner != null) {
|
||||||
|
@ -245,10 +242,10 @@ public class MapResourceStore implements ResourceStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByTypeInstance(String type, String resourceServerId, Consumer<Resource> consumer) {
|
public void findByTypeInstance(ResourceServer resourceServer, String type, Consumer<Resource> consumer) {
|
||||||
LOG.tracef("findByTypeInstance(%s, %s, %s)%s", type, resourceServerId, consumer, getShortStackTrace());
|
LOG.tracef("findByTypeInstance(%s, %s, %s)%s", type, resourceServer, consumer, getShortStackTrace());
|
||||||
tx.read(withCriteria(forResourceServer(resourceServerId)
|
tx.read(withCriteria(forResourceServer(resourceServer)
|
||||||
.compare(SearchableFields.OWNER, Operator.NE, resourceServerId)
|
.compare(SearchableFields.OWNER, Operator.NE, resourceServer.getClientId())
|
||||||
.compare(SearchableFields.TYPE, Operator.EQ, type)))
|
.compare(SearchableFields.TYPE, Operator.EQ, type)))
|
||||||
.map(this::entityToAdapter)
|
.map(this::entityToAdapter)
|
||||||
.forEach(consumer);
|
.forEach(consumer);
|
||||||
|
|
|
@ -60,22 +60,22 @@ public class MapScopeStore implements ScopeStore {
|
||||||
return new MapScopeAdapter(origEntity, authorizationProvider.getStoreFactory());
|
return new MapScopeAdapter(origEntity, authorizationProvider.getStoreFactory());
|
||||||
}
|
}
|
||||||
|
|
||||||
private DefaultModelCriteria<Scope> forResourceServer(String resourceServerId) {
|
private DefaultModelCriteria<Scope> forResourceServer(ResourceServer resourceServer) {
|
||||||
DefaultModelCriteria<Scope> mcb = criteria();
|
DefaultModelCriteria<Scope> mcb = criteria();
|
||||||
|
|
||||||
return resourceServerId == null
|
return resourceServer == null
|
||||||
? mcb
|
? mcb
|
||||||
: mcb.compare(SearchableFields.RESOURCE_SERVER_ID, Operator.EQ,
|
: mcb.compare(SearchableFields.RESOURCE_SERVER_ID, Operator.EQ,
|
||||||
resourceServerId);
|
resourceServer.getId());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Scope create(String id, String name, ResourceServer resourceServer) {
|
public Scope create(ResourceServer resourceServer, String id, String name) {
|
||||||
LOG.tracef("create(%s, %s, %s)%s", id, name, resourceServer, getShortStackTrace());
|
LOG.tracef("create(%s, %s, %s)%s", id, name, resourceServer, getShortStackTrace());
|
||||||
|
|
||||||
|
|
||||||
// @UniqueConstraint(columnNames = {"NAME", "RESOURCE_SERVER_ID"})
|
// @UniqueConstraint(columnNames = {"NAME", "RESOURCE_SERVER_ID"})
|
||||||
DefaultModelCriteria<Scope> mcb = forResourceServer(resourceServer.getId())
|
DefaultModelCriteria<Scope> mcb = forResourceServer(resourceServer)
|
||||||
.compare(SearchableFields.NAME, Operator.EQ, name);
|
.compare(SearchableFields.NAME, Operator.EQ, name);
|
||||||
|
|
||||||
if (tx.getCount(withCriteria(mcb)) > 0) {
|
if (tx.getCount(withCriteria(mcb)) > 0) {
|
||||||
|
@ -99,10 +99,10 @@ public class MapScopeStore implements ScopeStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Scope findById(String id, String resourceServerId) {
|
public Scope findById(ResourceServer resourceServer, String id) {
|
||||||
LOG.tracef("findById(%s, %s)%s", id, resourceServerId, getShortStackTrace());
|
LOG.tracef("findById(%s, %s)%s", id, resourceServer, getShortStackTrace());
|
||||||
|
|
||||||
return tx.read(withCriteria(forResourceServer(resourceServerId)
|
return tx.read(withCriteria(forResourceServer(resourceServer)
|
||||||
.compare(SearchableFields.ID, Operator.EQ, id)))
|
.compare(SearchableFields.ID, Operator.EQ, id)))
|
||||||
.findFirst()
|
.findFirst()
|
||||||
.map(this::entityToAdapter)
|
.map(this::entityToAdapter)
|
||||||
|
@ -110,10 +110,10 @@ public class MapScopeStore implements ScopeStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Scope findByName(String name, String resourceServerId) {
|
public Scope findByName(ResourceServer resourceServer, String name) {
|
||||||
LOG.tracef("findByName(%s, %s)%s", name, resourceServerId, getShortStackTrace());
|
LOG.tracef("findByName(%s, %s)%s", name, resourceServer, getShortStackTrace());
|
||||||
|
|
||||||
return tx.read(withCriteria(forResourceServer(resourceServerId).compare(SearchableFields.NAME,
|
return tx.read(withCriteria(forResourceServer(resourceServer).compare(SearchableFields.NAME,
|
||||||
Operator.EQ, name)))
|
Operator.EQ, name)))
|
||||||
.findFirst()
|
.findFirst()
|
||||||
.map(this::entityToAdapter)
|
.map(this::entityToAdapter)
|
||||||
|
@ -121,17 +121,17 @@ public class MapScopeStore implements ScopeStore {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Scope> findByResourceServer(String id) {
|
public List<Scope> findByResourceServer(ResourceServer resourceServer) {
|
||||||
LOG.tracef("findByResourceServer(%s)%s", id, getShortStackTrace());
|
LOG.tracef("findByResourceServer(%s)%s", resourceServer, getShortStackTrace());
|
||||||
|
|
||||||
return tx.read(withCriteria(forResourceServer(id)))
|
return tx.read(withCriteria(forResourceServer(resourceServer)))
|
||||||
.map(this::entityToAdapter)
|
.map(this::entityToAdapter)
|
||||||
.collect(Collectors.toList());
|
.collect(Collectors.toList());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Scope> findByResourceServer(Map<Scope.FilterOption, String[]> attributes, String resourceServerId, int firstResult, int maxResult) {
|
public List<Scope> findByResourceServer(ResourceServer resourceServer, Map<Scope.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults) {
|
||||||
DefaultModelCriteria<Scope> mcb = forResourceServer(resourceServerId);
|
DefaultModelCriteria<Scope> mcb = forResourceServer(resourceServer);
|
||||||
|
|
||||||
for (Scope.FilterOption filterOption : attributes.keySet()) {
|
for (Scope.FilterOption filterOption : attributes.keySet()) {
|
||||||
String[] value = attributes.get(filterOption);
|
String[] value = attributes.get(filterOption);
|
||||||
|
@ -148,7 +148,7 @@ public class MapScopeStore implements ScopeStore {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return tx.read(withCriteria(mcb).pagination(firstResult, maxResult, SearchableFields.NAME))
|
return tx.read(withCriteria(mcb).pagination(firstResult, maxResults, SearchableFields.NAME))
|
||||||
.map(this::entityToAdapter)
|
.map(this::entityToAdapter)
|
||||||
.collect(Collectors.toList());
|
.collect(Collectors.toList());
|
||||||
}
|
}
|
||||||
|
|
|
@ -51,13 +51,13 @@ public class MapPermissionTicketAdapter extends AbstractPermissionTicketModel<Ma
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Resource getResource() {
|
public Resource getResource() {
|
||||||
return storeFactory.getResourceStore().findById(entity.getResourceId(), entity.getResourceServerId());
|
return storeFactory.getResourceStore().findById(getResourceServer(), entity.getResourceId());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Scope getScope() {
|
public Scope getScope() {
|
||||||
if (entity.getScopeId() == null) return null;
|
if (entity.getScopeId() == null) return null;
|
||||||
return storeFactory.getScopeStore().findById(entity.getScopeId(), entity.getResourceServerId());
|
return storeFactory.getScopeStore().findById(getResourceServer(), entity.getScopeId());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -89,7 +89,8 @@ public class MapPermissionTicketAdapter extends AbstractPermissionTicketModel<Ma
|
||||||
@Override
|
@Override
|
||||||
public Policy getPolicy() {
|
public Policy getPolicy() {
|
||||||
if (entity.getPolicyId() == null) return null;
|
if (entity.getPolicyId() == null) return null;
|
||||||
return storeFactory.getPolicyStore().findById(entity.getPolicyId(), entity.getResourceServerId());
|
ResourceServer resourceServer = storeFactory.getResourceServerStore().findById(entity.getResourceServerId());
|
||||||
|
return storeFactory.getPolicyStore().findById(resourceServer, entity.getPolicyId());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -127,25 +127,25 @@ public class MapPolicyAdapter extends AbstractPolicyModel<MapPolicyEntity> {
|
||||||
String resourceServerId = entity.getResourceServerId();
|
String resourceServerId = entity.getResourceServerId();
|
||||||
Set<String> ids = entity.getAssociatedPolicyIds();
|
Set<String> ids = entity.getAssociatedPolicyIds();
|
||||||
return ids == null ? Collections.emptySet() : ids.stream()
|
return ids == null ? Collections.emptySet() : ids.stream()
|
||||||
.map(policyId -> storeFactory.getPolicyStore().findById(policyId, resourceServerId))
|
.map(policyId -> storeFactory.getPolicyStore().findById(storeFactory.getResourceServerStore().findById(resourceServerId), policyId))
|
||||||
.collect(Collectors.toSet());
|
.collect(Collectors.toSet());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Set<Resource> getResources() {
|
public Set<Resource> getResources() {
|
||||||
String resourceServerId = entity.getResourceServerId();
|
ResourceServer resourceServer = getResourceServer();
|
||||||
Set<String> ids = entity.getResourceIds();
|
Set<String> ids = entity.getResourceIds();
|
||||||
return ids == null ? Collections.emptySet() : ids.stream()
|
return ids == null ? Collections.emptySet() : ids.stream()
|
||||||
.map(resourceId -> storeFactory.getResourceStore().findById(resourceId, resourceServerId))
|
.map(resourceId -> storeFactory.getResourceStore().findById(resourceServer, resourceId))
|
||||||
.collect(Collectors.toSet());
|
.collect(Collectors.toSet());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Set<Scope> getScopes() {
|
public Set<Scope> getScopes() {
|
||||||
String resourceServerId = entity.getResourceServerId();
|
ResourceServer resourceServer = getResourceServer();
|
||||||
Set<String> ids = entity.getScopeIds();
|
Set<String> ids = entity.getScopeIds();
|
||||||
return ids == null ? Collections.emptySet() : ids.stream()
|
return ids == null ? Collections.emptySet() : ids.stream()
|
||||||
.map(scopeId -> storeFactory.getScopeStore().findById(scopeId, resourceServerId))
|
.map(scopeId -> storeFactory.getScopeStore().findById(resourceServer, scopeId))
|
||||||
.collect(Collectors.toSet());
|
.collect(Collectors.toSet());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -18,6 +18,7 @@
|
||||||
package org.keycloak.models.map.authorization.adapter;
|
package org.keycloak.models.map.authorization.adapter;
|
||||||
|
|
||||||
import org.keycloak.authorization.model.PermissionTicket;
|
import org.keycloak.authorization.model.PermissionTicket;
|
||||||
|
import org.keycloak.authorization.model.ResourceServer;
|
||||||
import org.keycloak.authorization.model.Scope;
|
import org.keycloak.authorization.model.Scope;
|
||||||
import org.keycloak.authorization.store.PermissionTicketStore;
|
import org.keycloak.authorization.store.PermissionTicketStore;
|
||||||
import org.keycloak.authorization.store.PolicyStore;
|
import org.keycloak.authorization.store.PolicyStore;
|
||||||
|
@ -90,9 +91,10 @@ public class MapResourceAdapter extends AbstractResourceModel<MapResourceEntity>
|
||||||
@Override
|
@Override
|
||||||
public List<Scope> getScopes() {
|
public List<Scope> getScopes() {
|
||||||
Set<String> ids = entity.getScopeIds();
|
Set<String> ids = entity.getScopeIds();
|
||||||
|
ResourceServer resourceServer = getResourceServer();
|
||||||
return ids == null ? Collections.emptyList() : ids.stream()
|
return ids == null ? Collections.emptyList() : ids.stream()
|
||||||
.map(id -> storeFactory
|
.map(id -> storeFactory
|
||||||
.getScopeStore().findById(id, entity.getResourceServerId()))
|
.getScopeStore().findById(resourceServer, id))
|
||||||
.collect(Collectors.toList());
|
.collect(Collectors.toList());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -108,8 +110,8 @@ public class MapResourceAdapter extends AbstractResourceModel<MapResourceEntity>
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String getResourceServer() {
|
public ResourceServer getResourceServer() {
|
||||||
return entity.getResourceServerId();
|
return storeFactory.getResourceServerStore().findById(entity.getResourceServerId());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -141,13 +143,13 @@ public class MapResourceAdapter extends AbstractResourceModel<MapResourceEntity>
|
||||||
// The scope^ was removed from the Resource
|
// The scope^ was removed from the Resource
|
||||||
|
|
||||||
// Remove permission tickets based on the scope
|
// Remove permission tickets based on the scope
|
||||||
List<PermissionTicket> permissions = permissionStore.findByScope(scope.getId(), getResourceServer());
|
List<PermissionTicket> permissions = permissionStore.findByScope(getResourceServer(), scope);
|
||||||
for (PermissionTicket permission : permissions) {
|
for (PermissionTicket permission : permissions) {
|
||||||
permissionStore.delete(permission.getId());
|
permissionStore.delete(permission.getId());
|
||||||
}
|
}
|
||||||
|
|
||||||
// Remove the scope from each Policy for this Resource
|
// Remove the scope from each Policy for this Resource
|
||||||
policyStore.findByResource(getId(), getResourceServer(), policy -> policy.removeScope(scope));
|
policyStore.findByResource(getResourceServer(), this, policy -> policy.removeScope(scope));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -47,7 +47,6 @@ import org.keycloak.models.map.storage.ModelCriteriaBuilder.Operator;
|
||||||
import org.keycloak.models.map.storage.criteria.DefaultModelCriteria;
|
import org.keycloak.models.map.storage.criteria.DefaultModelCriteria;
|
||||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||||
import org.keycloak.storage.StorageId;
|
import org.keycloak.storage.StorageId;
|
||||||
import org.keycloak.storage.UserStorageManager;
|
|
||||||
import org.keycloak.storage.UserStorageProvider;
|
import org.keycloak.storage.UserStorageProvider;
|
||||||
import org.keycloak.storage.client.ClientStorageProvider;
|
import org.keycloak.storage.client.ClientStorageProvider;
|
||||||
|
|
||||||
|
@ -684,7 +683,7 @@ public class MapUserProvider implements UserProvider.Streams, UserCredentialStor
|
||||||
authorizedGroups.removeIf(id -> {
|
authorizedGroups.removeIf(id -> {
|
||||||
Map<Resource.FilterOption, String[]> values = new EnumMap<>(Resource.FilterOption.class);
|
Map<Resource.FilterOption, String[]> values = new EnumMap<>(Resource.FilterOption.class);
|
||||||
values.put(Resource.FilterOption.EXACT_NAME, new String[] {"group.resource." + id});
|
values.put(Resource.FilterOption.EXACT_NAME, new String[] {"group.resource." + id});
|
||||||
return resourceStore.findByResourceServer(values, null, 0, 1).isEmpty();
|
return resourceStore.findByResourceServer(null, values, 0, 1).isEmpty();
|
||||||
});
|
});
|
||||||
|
|
||||||
criteria = criteria.compare(SearchableFields.ASSIGNED_GROUP, Operator.IN, authorizedGroups);
|
criteria = criteria.compare(SearchableFields.ASSIGNED_GROUP, Operator.IN, authorizedGroups);
|
||||||
|
|
|
@ -242,20 +242,20 @@ public final class AuthorizationProvider implements Provider {
|
||||||
ScopeStore delegate = storeFactory.getScopeStore();
|
ScopeStore delegate = storeFactory.getScopeStore();
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Scope create(String name, ResourceServer resourceServer) {
|
public Scope create(ResourceServer resourceServer, String name) {
|
||||||
return delegate.create(name, resourceServer);
|
return delegate.create(resourceServer, name);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Scope create(String id, String name, ResourceServer resourceServer) {
|
public Scope create(ResourceServer resourceServer, String id, String name) {
|
||||||
return delegate.create(id, name, resourceServer);
|
return delegate.create(resourceServer, id, name);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void delete(String id) {
|
public void delete(String id) {
|
||||||
Scope scope = findById(id, null);
|
Scope scope = findById(null, id);
|
||||||
PermissionTicketStore ticketStore = AuthorizationProvider.this.getStoreFactory().getPermissionTicketStore();
|
PermissionTicketStore ticketStore = AuthorizationProvider.this.getStoreFactory().getPermissionTicketStore();
|
||||||
List<PermissionTicket> permissions = ticketStore.findByScope(id, scope.getResourceServer().getId());
|
List<PermissionTicket> permissions = ticketStore.findByScope(scope.getResourceServer(), scope);
|
||||||
|
|
||||||
for (PermissionTicket permission : permissions) {
|
for (PermissionTicket permission : permissions) {
|
||||||
ticketStore.delete(permission.getId());
|
ticketStore.delete(permission.getId());
|
||||||
|
@ -265,23 +265,23 @@ public final class AuthorizationProvider implements Provider {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Scope findById(String id, String resourceServerId) {
|
public Scope findById(ResourceServer resourceServer, String id) {
|
||||||
return delegate.findById(id, resourceServerId);
|
return delegate.findById(resourceServer, id);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Scope findByName(String name, String resourceServerId) {
|
public Scope findByName(ResourceServer resourceServer, String name) {
|
||||||
return delegate.findByName(name, resourceServerId);
|
return delegate.findByName(resourceServer, name);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Scope> findByResourceServer(String id) {
|
public List<Scope> findByResourceServer(ResourceServer resourceServer) {
|
||||||
return delegate.findByResourceServer(id);
|
return delegate.findByResourceServer(resourceServer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Scope> findByResourceServer(Map<Scope.FilterOption, String[]> attributes, String resourceServerId, int firstResult, int maxResult) {
|
public List<Scope> findByResourceServer(ResourceServer resourceServer, Map<Scope.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults) {
|
||||||
return delegate.findByResourceServer(attributes, resourceServerId, firstResult, maxResult);
|
return delegate.findByResourceServer(resourceServer, attributes, firstResult, maxResults);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -292,15 +292,15 @@ public final class AuthorizationProvider implements Provider {
|
||||||
PolicyStore policyStore = storeFactory.getPolicyStore();
|
PolicyStore policyStore = storeFactory.getPolicyStore();
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy create(AbstractPolicyRepresentation representation, ResourceServer resourceServer) {
|
public Policy create(ResourceServer resourceServer, AbstractPolicyRepresentation representation) {
|
||||||
Set<String> resources = representation.getResources();
|
Set<String> resources = representation.getResources();
|
||||||
|
|
||||||
if (resources != null) {
|
if (resources != null) {
|
||||||
representation.setResources(resources.stream().map(id -> {
|
representation.setResources(resources.stream().map(id -> {
|
||||||
Resource resource = storeFactory.getResourceStore().findById(id, resourceServer.getId());
|
Resource resource = storeFactory.getResourceStore().findById(resourceServer, id);
|
||||||
|
|
||||||
if (resource == null) {
|
if (resource == null) {
|
||||||
resource = storeFactory.getResourceStore().findByName(id, resourceServer.getId());
|
resource = storeFactory.getResourceStore().findByName(resourceServer, id);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (resource == null) {
|
if (resource == null) {
|
||||||
|
@ -315,10 +315,10 @@ public final class AuthorizationProvider implements Provider {
|
||||||
|
|
||||||
if (scopes != null) {
|
if (scopes != null) {
|
||||||
representation.setScopes(scopes.stream().map(id -> {
|
representation.setScopes(scopes.stream().map(id -> {
|
||||||
Scope scope = storeFactory.getScopeStore().findById(id, resourceServer.getId());
|
Scope scope = storeFactory.getScopeStore().findById(resourceServer, id);
|
||||||
|
|
||||||
if (scope == null) {
|
if (scope == null) {
|
||||||
scope = storeFactory.getScopeStore().findByName(id, resourceServer.getId());
|
scope = storeFactory.getScopeStore().findByName(resourceServer, id);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (scope == null) {
|
if (scope == null) {
|
||||||
|
@ -334,10 +334,10 @@ public final class AuthorizationProvider implements Provider {
|
||||||
|
|
||||||
if (policies != null) {
|
if (policies != null) {
|
||||||
representation.setPolicies(policies.stream().map(id -> {
|
representation.setPolicies(policies.stream().map(id -> {
|
||||||
Policy policy = storeFactory.getPolicyStore().findById(id, resourceServer.getId());
|
Policy policy = storeFactory.getPolicyStore().findById(resourceServer, id);
|
||||||
|
|
||||||
if (policy == null) {
|
if (policy == null) {
|
||||||
policy = storeFactory.getPolicyStore().findByName(id, resourceServer.getId());
|
policy = storeFactory.getPolicyStore().findByName(resourceServer, id);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (policy == null) {
|
if (policy == null) {
|
||||||
|
@ -348,12 +348,12 @@ public final class AuthorizationProvider implements Provider {
|
||||||
}).collect(Collectors.toSet()));
|
}).collect(Collectors.toSet()));
|
||||||
}
|
}
|
||||||
|
|
||||||
return RepresentationToModel.toModel(representation, AuthorizationProvider.this, policyStore.create(representation, resourceServer));
|
return RepresentationToModel.toModel(representation, AuthorizationProvider.this, policyStore.create(resourceServer, representation));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void delete(String id) {
|
public void delete(String id) {
|
||||||
Policy policy = findById(id, null);
|
Policy policy = findById(null, id);
|
||||||
|
|
||||||
if (policy != null) {
|
if (policy != null) {
|
||||||
ResourceServer resourceServer = policy.getResourceServer();
|
ResourceServer resourceServer = policy.getResourceServer();
|
||||||
|
@ -369,7 +369,7 @@ public final class AuthorizationProvider implements Provider {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
findDependentPolicies(policy.getId(), resourceServer.getId()).forEach(dependentPolicy -> {
|
findDependentPolicies(resourceServer, policy.getId()).forEach(dependentPolicy -> {
|
||||||
dependentPolicy.removeAssociatedPolicy(policy);
|
dependentPolicy.removeAssociatedPolicy(policy);
|
||||||
if (dependentPolicy.getAssociatedPolicies().isEmpty()) {
|
if (dependentPolicy.getAssociatedPolicies().isEmpty()) {
|
||||||
delete(dependentPolicy.getId());
|
delete(dependentPolicy.getId());
|
||||||
|
@ -381,68 +381,68 @@ public final class AuthorizationProvider implements Provider {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy findById(String id, String resourceServerId) {
|
public Policy findById(ResourceServer resourceServer, String id) {
|
||||||
return policyStore.findById(id, resourceServerId);
|
return policyStore.findById(resourceServer, id);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy findByName(String name, String resourceServerId) {
|
public Policy findByName(ResourceServer resourceServer, String name) {
|
||||||
return policyStore.findByName(name, resourceServerId);
|
return policyStore.findByName(resourceServer, name);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Policy> findByResourceServer(String resourceServerId) {
|
public List<Policy> findByResourceServer(ResourceServer resourceServer) {
|
||||||
return policyStore.findByResourceServer(resourceServerId);
|
return policyStore.findByResourceServer(resourceServer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Policy> findByResourceServer(Map<Policy.FilterOption, String[]> attributes, String resourceServerId, int firstResult, int maxResult) {
|
public List<Policy> findByResourceServer(ResourceServer resourceServer, Map<Policy.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults) {
|
||||||
return policyStore.findByResourceServer(attributes, resourceServerId, firstResult, maxResult);
|
return policyStore.findByResourceServer(resourceServer, attributes, firstResult, maxResults);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Policy> findByResource(String resourceId, String resourceServerId) {
|
public List<Policy> findByResource(ResourceServer resourceServer, Resource resource) {
|
||||||
return policyStore.findByResource(resourceId, resourceServerId);
|
return policyStore.findByResource(resourceServer, resource);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByResource(String resourceId, String resourceServerId, Consumer<Policy> consumer) {
|
public void findByResource(ResourceServer resourceServer, Resource resource, Consumer<Policy> consumer) {
|
||||||
policyStore.findByResource(resourceId, resourceServerId, consumer);
|
policyStore.findByResource(resourceServer, resource, consumer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Policy> findByResourceType(String resourceType, String resourceServerId) {
|
public List<Policy> findByResourceType(ResourceServer resourceServer, String resourceType) {
|
||||||
return policyStore.findByResourceType(resourceType, resourceServerId);
|
return policyStore.findByResourceType(resourceServer, resourceType);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Policy> findByScopeIds(List<String> scopeIds, String resourceServerId) {
|
public List<Policy> findByScopes(ResourceServer resourceServer, List<Scope> scopes) {
|
||||||
return policyStore.findByScopeIds(scopeIds, resourceServerId);
|
return policyStore.findByScopes(resourceServer, scopes);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Policy> findByScopeIds(List<String> scopeIds, String resourceId, String resourceServerId) {
|
public List<Policy> findByScopes(ResourceServer resourceServer, Resource resource, List<Scope> scopes) {
|
||||||
return policyStore.findByScopeIds(scopeIds, resourceId, resourceServerId);
|
return policyStore.findByScopes(resourceServer, resource, scopes);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByScopeIds(List<String> scopeIds, String resourceId, String resourceServerId, Consumer<Policy> consumer) {
|
public void findByScopes(ResourceServer resourceServer, Resource resource, List<Scope> scopes, Consumer<Policy> consumer) {
|
||||||
policyStore.findByScopeIds(scopeIds, resourceId, resourceServerId, consumer);
|
policyStore.findByScopes(resourceServer, resource, scopes, consumer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Policy> findByType(String type, String resourceServerId) {
|
public List<Policy> findByType(ResourceServer resourceServer, String type) {
|
||||||
return policyStore.findByType(type, resourceServerId);
|
return policyStore.findByType(resourceServer, type);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Policy> findDependentPolicies(String id, String resourceServerId) {
|
public List<Policy> findDependentPolicies(ResourceServer resourceServer, String id) {
|
||||||
return policyStore.findDependentPolicies(id, resourceServerId);
|
return policyStore.findDependentPolicies(resourceServer, id);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByResourceType(String type, String id, Consumer<Policy> policyConsumer) {
|
public void findByResourceType(ResourceServer resourceServer, String type, Consumer<Policy> policyConsumer) {
|
||||||
policyStore.findByResourceType(type, id, policyConsumer);
|
policyStore.findByResourceType(resourceServer, type, policyConsumer);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -452,28 +452,28 @@ public final class AuthorizationProvider implements Provider {
|
||||||
ResourceStore delegate = storeFactory.getResourceStore();
|
ResourceStore delegate = storeFactory.getResourceStore();
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Resource create(String name, ResourceServer resourceServer, String owner) {
|
public Resource create(ResourceServer resourceServer, String name, String owner) {
|
||||||
return delegate.create(name, resourceServer, owner);
|
return delegate.create(resourceServer, name, owner);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Resource create(String id, String name, ResourceServer resourceServer, String owner) {
|
public Resource create(ResourceServer resourceServer, String id, String name, String owner) {
|
||||||
return delegate.create(id, name, resourceServer, owner);
|
return delegate.create(resourceServer, id, name, owner);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void delete(String id) {
|
public void delete(String id) {
|
||||||
Resource resource = findById(id, null);
|
Resource resource = findById(null, id);
|
||||||
StoreFactory storeFactory = AuthorizationProvider.this.getStoreFactory();
|
StoreFactory storeFactory = AuthorizationProvider.this.getStoreFactory();
|
||||||
PermissionTicketStore ticketStore = storeFactory.getPermissionTicketStore();
|
PermissionTicketStore ticketStore = storeFactory.getPermissionTicketStore();
|
||||||
List<PermissionTicket> permissions = ticketStore.findByResource(id, resource.getResourceServer());
|
List<PermissionTicket> permissions = ticketStore.findByResource(resource.getResourceServer(), resource);
|
||||||
|
|
||||||
for (PermissionTicket permission : permissions) {
|
for (PermissionTicket permission : permissions) {
|
||||||
ticketStore.delete(permission.getId());
|
ticketStore.delete(permission.getId());
|
||||||
}
|
}
|
||||||
|
|
||||||
PolicyStore policyStore = storeFactory.getPolicyStore();
|
PolicyStore policyStore = storeFactory.getPolicyStore();
|
||||||
List<Policy> policies = policyStore.findByResource(id, resource.getResourceServer());
|
List<Policy> policies = policyStore.findByResource(resource.getResourceServer(), resource);
|
||||||
|
|
||||||
for (Policy policyModel : policies) {
|
for (Policy policyModel : policies) {
|
||||||
if (policyModel.getResources().size() == 1) {
|
if (policyModel.getResources().size() == 1) {
|
||||||
|
@ -487,88 +487,83 @@ public final class AuthorizationProvider implements Provider {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Resource findById(String id, String resourceServerId) {
|
public Resource findById(ResourceServer resourceServer, String id) {
|
||||||
return delegate.findById(id, resourceServerId);
|
return delegate.findById(resourceServer, id);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findByOwner(String ownerId, String resourceServerId) {
|
public List<Resource> findByOwner(ResourceServer resourceServer, String ownerId) {
|
||||||
return delegate.findByOwner(ownerId, resourceServerId);
|
return delegate.findByOwner(resourceServer, ownerId);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByOwner(String ownerId, String resourceServerId, Consumer<Resource> consumer) {
|
public void findByOwner(ResourceServer resourceServer, String ownerId, Consumer<Resource> consumer) {
|
||||||
delegate.findByOwner(ownerId, resourceServerId, consumer);
|
delegate.findByOwner(resourceServer, ownerId, consumer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findByOwner(String ownerId, String resourceServerId, int first, int max) {
|
public List<Resource> findByOwner(ResourceServer resourceServer, String ownerId, Integer firstResult, Integer maxResults) {
|
||||||
return delegate.findByOwner(ownerId, resourceServerId, first, max);
|
return delegate.findByOwner(resourceServer, ownerId, firstResult, maxResults);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findByUri(String uri, String resourceServerId) {
|
public List<Resource> findByUri(ResourceServer resourceServer, String uri) {
|
||||||
return delegate.findByUri(uri, resourceServerId);
|
return delegate.findByUri(resourceServer, uri);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findByResourceServer(String resourceServerId) {
|
public List<Resource> findByResourceServer(ResourceServer resourceServer) {
|
||||||
return delegate.findByResourceServer(resourceServerId);
|
return delegate.findByResourceServer(resourceServer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findByResourceServer(Map<Resource.FilterOption, String[]> attributes, String resourceServerId, int firstResult, int maxResult) {
|
public List<Resource> findByResourceServer(ResourceServer resourceServer, Map<Resource.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults) {
|
||||||
return delegate.findByResourceServer(attributes, resourceServerId, firstResult, maxResult);
|
return delegate.findByResourceServer(resourceServer, attributes, firstResult, maxResults);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findByScope(List<String> id, String resourceServerId) {
|
public List<Resource> findByScopes(ResourceServer resourceServer, Set<Scope> scopes) {
|
||||||
return delegate.findByScope(id, resourceServerId);
|
return delegate.findByScopes(resourceServer, scopes);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByScope(List<String> scopes, String resourceServerId, Consumer<Resource> consumer) {
|
public void findByScopes(ResourceServer resourceServer, Set<Scope> scopes, Consumer<Resource> consumer) {
|
||||||
delegate.findByScope(scopes, resourceServerId, consumer);
|
delegate.findByScopes(resourceServer, scopes, consumer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Resource findByName(String name, String resourceServerId) {
|
public Resource findByName(ResourceServer resourceServer, String name, String ownerId) {
|
||||||
return delegate.findByName(name, resourceServerId);
|
return delegate.findByName(resourceServer, name, ownerId);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Resource findByName(String name, String ownerId, String resourceServerId) {
|
public List<Resource> findByType(ResourceServer resourceServer, String type) {
|
||||||
return delegate.findByName(name, ownerId, resourceServerId);
|
return delegate.findByType(resourceServer, type);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findByType(String type, String resourceServerId) {
|
public void findByType(ResourceServer resourceServer, String type, Consumer<Resource> consumer) {
|
||||||
return delegate.findByType(type, resourceServerId);
|
delegate.findByType(resourceServer, type, consumer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByType(String type, String resourceServerId, Consumer<Resource> consumer) {
|
public void findByType(ResourceServer resourceServer, String type, String owner, Consumer<Resource> consumer) {
|
||||||
delegate.findByType(type, resourceServerId, consumer);
|
delegate.findByType(resourceServer, type, owner, consumer);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void findByType(String type, String owner, String resourceServerId, Consumer<Resource> consumer) {
|
public List<Resource> findByType(ResourceServer resourceServer, String type, String owner) {
|
||||||
delegate.findByType(type, owner, resourceServerId, consumer);
|
return delegate.findByType(resourceServer, type);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findByType(String type, String owner, String resourceServerId) {
|
public List<Resource> findByTypeInstance(ResourceServer resourceServer, String type) {
|
||||||
return delegate.findByType(type, resourceServerId);
|
return delegate.findByTypeInstance(resourceServer, type);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<Resource> findByTypeInstance(String type, String resourceServerId) {
|
public void findByTypeInstance(ResourceServer resourceServer, String type, Consumer<Resource> consumer) {
|
||||||
return delegate.findByTypeInstance(type, resourceServerId);
|
delegate.findByTypeInstance(resourceServer, type, consumer);
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void findByTypeInstance(String type, String resourceServerId, Consumer<Resource> consumer) {
|
|
||||||
delegate.findByTypeInstance(type, resourceServerId, consumer);
|
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -46,7 +46,7 @@ public class UserManagedPermissionUtil {
|
||||||
filter.put(PermissionTicket.FilterOption.RESOURCE_ID, ticket.getResource().getId());
|
filter.put(PermissionTicket.FilterOption.RESOURCE_ID, ticket.getResource().getId());
|
||||||
filter.put(PermissionTicket.FilterOption.POLICY_IS_NOT_NULL, Boolean.TRUE.toString());
|
filter.put(PermissionTicket.FilterOption.POLICY_IS_NOT_NULL, Boolean.TRUE.toString());
|
||||||
|
|
||||||
List<PermissionTicket> tickets = storeFactory.getPermissionTicketStore().find(filter, ticket.getResourceServer().getId(), -1, 1);
|
List<PermissionTicket> tickets = storeFactory.getPermissionTicketStore().find(ticket.getResourceServer(), filter, null, null);
|
||||||
|
|
||||||
if (!tickets.isEmpty()) {
|
if (!tickets.isEmpty()) {
|
||||||
policy = tickets.iterator().next().getPolicy();
|
policy = tickets.iterator().next().getPolicy();
|
||||||
|
@ -80,7 +80,7 @@ public class UserManagedPermissionUtil {
|
||||||
filter.put(PermissionTicket.FilterOption.RESOURCE_ID, ticket.getResource().getId());
|
filter.put(PermissionTicket.FilterOption.RESOURCE_ID, ticket.getResource().getId());
|
||||||
filter.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString());
|
filter.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString());
|
||||||
|
|
||||||
List<PermissionTicket> tickets = storeFactory.getPermissionTicketStore().find(filter, ticket.getResourceServer().getId(), -1, -1);
|
List<PermissionTicket> tickets = storeFactory.getPermissionTicketStore().find(ticket.getResourceServer(), filter, null, null);
|
||||||
|
|
||||||
if (tickets.isEmpty()) {
|
if (tickets.isEmpty()) {
|
||||||
PolicyStore policyStore = storeFactory.getPolicyStore();
|
PolicyStore policyStore = storeFactory.getPolicyStore();
|
||||||
|
@ -103,7 +103,7 @@ public class UserManagedPermissionUtil {
|
||||||
userPolicyRep.setName(KeycloakModelUtils.generateId());
|
userPolicyRep.setName(KeycloakModelUtils.generateId());
|
||||||
userPolicyRep.addUser(ticket.getRequester());
|
userPolicyRep.addUser(ticket.getRequester());
|
||||||
|
|
||||||
Policy userPolicy = policyStore.create(userPolicyRep, ticket.getResourceServer());
|
Policy userPolicy = policyStore.create(ticket.getResourceServer(), userPolicyRep);
|
||||||
|
|
||||||
userPolicy.setOwner(ticket.getOwner());
|
userPolicy.setOwner(ticket.getOwner());
|
||||||
|
|
||||||
|
@ -113,7 +113,7 @@ public class UserManagedPermissionUtil {
|
||||||
policyRep.setType("uma");
|
policyRep.setType("uma");
|
||||||
policyRep.addPolicy(userPolicy.getId());
|
policyRep.addPolicy(userPolicy.getId());
|
||||||
|
|
||||||
Policy policy = policyStore.create(policyRep, ticket.getResourceServer());
|
Policy policy = policyStore.create(ticket.getResourceServer(), policyRep);
|
||||||
|
|
||||||
policy.setOwner(ticket.getOwner());
|
policy.setOwner(ticket.getOwner());
|
||||||
policy.addResource(ticket.getResource());
|
policy.addResource(ticket.getResource());
|
||||||
|
|
|
@ -163,7 +163,7 @@ public interface Resource {
|
||||||
*
|
*
|
||||||
* @return the resource server associated with this resource
|
* @return the resource server associated with this resource
|
||||||
*/
|
*/
|
||||||
String getResourceServer();
|
ResourceServer getResourceServer();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the resource's owner, which is usually an identifier that uniquely identifies the resource's owner.
|
* Returns the resource's owner, which is usually an identifier that uniquely identifies the resource's owner.
|
||||||
|
|
|
@ -18,10 +18,19 @@
|
||||||
|
|
||||||
package org.keycloak.authorization.model;
|
package org.keycloak.authorization.model;
|
||||||
|
|
||||||
|
import org.keycloak.models.ClientModel;
|
||||||
|
import org.keycloak.models.ClientScopeModel;
|
||||||
|
import org.keycloak.models.ProtocolMapperModel;
|
||||||
|
import org.keycloak.models.RealmModel;
|
||||||
|
import org.keycloak.models.RoleModel;
|
||||||
import org.keycloak.representations.idm.authorization.DecisionStrategy;
|
import org.keycloak.representations.idm.authorization.DecisionStrategy;
|
||||||
import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
|
import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
|
||||||
import org.keycloak.storage.SearchableModelField;
|
import org.keycloak.storage.SearchableModelField;
|
||||||
|
|
||||||
|
import java.util.Map;
|
||||||
|
import java.util.Set;
|
||||||
|
import java.util.stream.Stream;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Represents a resource server, whose resources are managed and protected. A resource server is basically an existing
|
* Represents a resource server, whose resources are managed and protected. A resource server is basically an existing
|
||||||
* client application in Keycloak that will also act as a resource server.
|
* client application in Keycloak that will also act as a resource server.
|
||||||
|
@ -83,4 +92,11 @@ public interface ResourceServer {
|
||||||
* @return the decision strategy
|
* @return the decision strategy
|
||||||
*/
|
*/
|
||||||
DecisionStrategy getDecisionStrategy();
|
DecisionStrategy getDecisionStrategy();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns id of a client that this {@link ResourceServer} is associated with
|
||||||
|
*/
|
||||||
|
default String getClientId() {
|
||||||
|
return getId();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -25,6 +25,7 @@ import java.util.HashMap;
|
||||||
import java.util.LinkedHashSet;
|
import java.util.LinkedHashSet;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
import java.util.Objects;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import java.util.concurrent.atomic.AtomicLong;
|
import java.util.concurrent.atomic.AtomicLong;
|
||||||
import java.util.function.Consumer;
|
import java.util.function.Consumer;
|
||||||
|
@ -73,16 +74,16 @@ public final class Permissions {
|
||||||
}
|
}
|
||||||
|
|
||||||
// obtain all resources where owner is the resource server
|
// obtain all resources where owner is the resource server
|
||||||
resourceStore.findByOwner(resourceServer.getId(), resourceServer.getId(), resource -> {
|
resourceStore.findByOwner(resourceServer, resourceServer.getClientId(), resource -> {
|
||||||
if (limit.decrementAndGet() >= 0) {
|
if (limit.decrementAndGet() >= 0) {
|
||||||
evaluator.accept(createResourcePermissions(resource, resourceServer, resource.getScopes(), authorization, request));
|
evaluator.accept(createResourcePermissions(resource, resourceServer, resource.getScopes(), authorization, request));
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
// resource server isn't current user
|
// resource server isn't current user
|
||||||
if (resourceServer.getId() != identity.getId()) {
|
if (!Objects.equals(resourceServer.getClientId(), identity.getId())) {
|
||||||
// obtain all resources where owner is the current user
|
// obtain all resources where owner is the current user
|
||||||
resourceStore.findByOwner(identity.getId(), resourceServer.getId(), resource -> {
|
resourceStore.findByOwner(resourceServer, identity.getId(), resource -> {
|
||||||
if (limit.decrementAndGet() >= 0) {
|
if (limit.decrementAndGet() >= 0) {
|
||||||
evaluator.accept(createResourcePermissions(resource, resourceServer, resource.getScopes(), authorization, request));
|
evaluator.accept(createResourcePermissions(resource, resourceServer, resource.getScopes(), authorization, request));
|
||||||
}
|
}
|
||||||
|
@ -90,7 +91,7 @@ public final class Permissions {
|
||||||
}
|
}
|
||||||
|
|
||||||
// obtain all resources granted to the user via permission tickets (uma)
|
// obtain all resources granted to the user via permission tickets (uma)
|
||||||
List<PermissionTicket> tickets = storeFactory.getPermissionTicketStore().findGranted(identity.getId(), resourceServer.getId());
|
List<PermissionTicket> tickets = storeFactory.getPermissionTicketStore().findGranted(resourceServer, identity.getId());
|
||||||
|
|
||||||
if (!tickets.isEmpty()) {
|
if (!tickets.isEmpty()) {
|
||||||
Map<String, ResourcePermission> userManagedPermissions = new HashMap<>();
|
Map<String, ResourcePermission> userManagedPermissions = new HashMap<>();
|
||||||
|
@ -151,7 +152,7 @@ public final class Permissions {
|
||||||
// is owned by the resource server itself
|
// is owned by the resource server itself
|
||||||
StoreFactory storeFactory = authorization.getStoreFactory();
|
StoreFactory storeFactory = authorization.getStoreFactory();
|
||||||
ResourceStore resourceStore = storeFactory.getResourceStore();
|
ResourceStore resourceStore = storeFactory.getResourceStore();
|
||||||
resourceStore.findByType(type, resourceServer.getId(), resource1 -> {
|
resourceStore.findByType(resourceServer, type, resource1 -> {
|
||||||
for (Scope typeScope : resource1.getScopes()) {
|
for (Scope typeScope : resource1.getScopes()) {
|
||||||
if (!scopes.contains(typeScope)) {
|
if (!scopes.contains(typeScope)) {
|
||||||
scopes.add(typeScope);
|
scopes.add(typeScope);
|
||||||
|
|
|
@ -170,7 +170,7 @@ public class DecisionPermissionCollector extends AbstractDecisionCollector {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
return resource != null && !resource.getOwner().equals(resourceServer.getId());
|
return resource != null && !resource.getOwner().equals(resourceServer.getClientId());
|
||||||
}
|
}
|
||||||
|
|
||||||
public Collection<Permission> results() {
|
public Collection<Permission> results() {
|
||||||
|
@ -191,7 +191,7 @@ public class DecisionPermissionCollector extends AbstractDecisionCollector {
|
||||||
} else if (!grantedScopes.isEmpty()) {
|
} else if (!grantedScopes.isEmpty()) {
|
||||||
ResourceStore resourceStore = authorizationProvider.getStoreFactory().getResourceStore();
|
ResourceStore resourceStore = authorizationProvider.getStoreFactory().getResourceStore();
|
||||||
|
|
||||||
resourceStore.findByScope(grantedScopes.stream().map(Scope::getId).collect(Collectors.toList()), resourceServer.getId(), resource1 -> permissions.add(createPermission(resource, scopeNames, permission.getClaims(), request)));
|
resourceStore.findByScopes(resourceServer, new HashSet<>(grantedScopes), resource1 -> permissions.add(createPermission(resource, scopeNames, permission.getClaims(), request)));
|
||||||
|
|
||||||
permissions.add(createPermission(null, scopeNames, permission.getClaims(), request));
|
permissions.add(createPermission(null, scopeNames, permission.getClaims(), request));
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,6 +19,7 @@
|
||||||
package org.keycloak.authorization.policy.evaluation;
|
package org.keycloak.authorization.policy.evaluation;
|
||||||
|
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
|
import java.util.LinkedList;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.concurrent.atomic.AtomicBoolean;
|
import java.util.concurrent.atomic.AtomicBoolean;
|
||||||
import java.util.function.Consumer;
|
import java.util.function.Consumer;
|
||||||
|
@ -67,14 +68,14 @@ public class DefaultPolicyEvaluator implements PolicyEvaluator {
|
||||||
Resource resource = permission.getResource();
|
Resource resource = permission.getResource();
|
||||||
|
|
||||||
if (resource != null) {
|
if (resource != null) {
|
||||||
policyStore.findByResource(resource.getId(), resourceServer.getId(), policyConsumer);
|
policyStore.findByResource(resourceServer, resource, policyConsumer);
|
||||||
|
|
||||||
if (resource.getType() != null) {
|
if (resource.getType() != null) {
|
||||||
policyStore.findByResourceType(resource.getType(), resourceServer.getId(), policyConsumer);
|
policyStore.findByResourceType(resourceServer, resource.getType(), policyConsumer);
|
||||||
|
|
||||||
if (!resource.getOwner().equals(resourceServer.getId())) {
|
if (!resource.getOwner().equals(resourceServer.getClientId())) {
|
||||||
for (Resource typedResource : resourceStore.findByType(resource.getType(), resourceServer.getId())) {
|
for (Resource typedResource : resourceStore.findByType(resourceServer, resource.getType())) {
|
||||||
policyStore.findByResource(typedResource.getId(), resourceServer.getId(), policyConsumer);
|
policyStore.findByResource(resourceServer, typedResource, policyConsumer);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -83,7 +84,7 @@ public class DefaultPolicyEvaluator implements PolicyEvaluator {
|
||||||
Collection<Scope> scopes = permission.getScopes();
|
Collection<Scope> scopes = permission.getScopes();
|
||||||
|
|
||||||
if (!scopes.isEmpty()) {
|
if (!scopes.isEmpty()) {
|
||||||
policyStore.findByScopeIds(scopes.stream().map(Scope::getId).collect(Collectors.toList()), null, resourceServer.getId(), policyConsumer);
|
policyStore.findByScopes(resourceServer, null, new LinkedList<>(scopes), policyConsumer);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (verified.get()) {
|
if (verified.get()) {
|
||||||
|
|
|
@ -93,13 +93,13 @@ public class PermissionTicketAwareDecisionResultCollector extends DecisionPermis
|
||||||
|
|
||||||
if (permissions != null) {
|
if (permissions != null) {
|
||||||
for (Permission permission : permissions) {
|
for (Permission permission : permissions) {
|
||||||
Resource resource = resourceStore.findById(permission.getResourceId(), resourceServer.getId());
|
Resource resource = resourceStore.findById(resourceServer, permission.getResourceId());
|
||||||
|
|
||||||
if (resource == null) {
|
if (resource == null) {
|
||||||
resource = resourceStore.findByName(permission.getResourceId(), identity.getId(), resourceServer.getId());
|
resource = resourceStore.findByName(resourceServer, permission.getResourceId(), identity.getId());
|
||||||
}
|
}
|
||||||
|
|
||||||
if (resource == null || !resource.isOwnerManagedAccess() || resource.getOwner().equals(identity.getId()) || resource.getOwner().equals(resourceServer.getId())) {
|
if (resource == null || !resource.isOwnerManagedAccess() || resource.getOwner().equals(identity.getId()) || resource.getOwner().equals(resourceServer.getClientId())) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -116,19 +116,19 @@ public class PermissionTicketAwareDecisionResultCollector extends DecisionPermis
|
||||||
filters.put(PermissionTicket.FilterOption.REQUESTER, identity.getId());
|
filters.put(PermissionTicket.FilterOption.REQUESTER, identity.getId());
|
||||||
filters.put(PermissionTicket.FilterOption.SCOPE_IS_NULL, Boolean.TRUE.toString());
|
filters.put(PermissionTicket.FilterOption.SCOPE_IS_NULL, Boolean.TRUE.toString());
|
||||||
|
|
||||||
List<PermissionTicket> tickets = authorization.getStoreFactory().getPermissionTicketStore().find(filters, resource.getResourceServer(), -1, -1);
|
List<PermissionTicket> tickets = authorization.getStoreFactory().getPermissionTicketStore().find(resource.getResourceServer(), filters, null, null);
|
||||||
|
|
||||||
if (tickets.isEmpty()) {
|
if (tickets.isEmpty()) {
|
||||||
authorization.getStoreFactory().getPermissionTicketStore().create(resource.getId(), null, identity.getId(), resourceServer);
|
authorization.getStoreFactory().getPermissionTicketStore().create(resourceServer, resource, null, identity.getId());
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
ScopeStore scopeStore = authorization.getStoreFactory().getScopeStore();
|
ScopeStore scopeStore = authorization.getStoreFactory().getScopeStore();
|
||||||
|
|
||||||
for (String scopeId : scopes) {
|
for (String scopeId : scopes) {
|
||||||
Scope scope = scopeStore.findByName(scopeId, resourceServer.getId());
|
Scope scope = scopeStore.findByName(resourceServer, scopeId);
|
||||||
|
|
||||||
if (scope == null) {
|
if (scope == null) {
|
||||||
scope = scopeStore.findById(scopeId, resourceServer.getId());
|
scope = scopeStore.findById(resourceServer, scopeId);
|
||||||
}
|
}
|
||||||
|
|
||||||
Map<PermissionTicket.FilterOption, String> filters = new EnumMap<>(PermissionTicket.FilterOption.class);
|
Map<PermissionTicket.FilterOption, String> filters = new EnumMap<>(PermissionTicket.FilterOption.class);
|
||||||
|
@ -137,10 +137,10 @@ public class PermissionTicketAwareDecisionResultCollector extends DecisionPermis
|
||||||
filters.put(PermissionTicket.FilterOption.REQUESTER, identity.getId());
|
filters.put(PermissionTicket.FilterOption.REQUESTER, identity.getId());
|
||||||
filters.put(PermissionTicket.FilterOption.SCOPE_ID, scope.getId());
|
filters.put(PermissionTicket.FilterOption.SCOPE_ID, scope.getId());
|
||||||
|
|
||||||
List<PermissionTicket> tickets = authorization.getStoreFactory().getPermissionTicketStore().find(filters, resource.getResourceServer(), -1, -1);
|
List<PermissionTicket> tickets = authorization.getStoreFactory().getPermissionTicketStore().find(resource.getResourceServer(), filters, null, null);
|
||||||
|
|
||||||
if (tickets.isEmpty()) {
|
if (tickets.isEmpty()) {
|
||||||
authorization.getStoreFactory().getPermissionTicketStore().create(resource.getId(), scope.getId(), identity.getId(), resourceServer);
|
authorization.getStoreFactory().getPermissionTicketStore().create(resourceServer, resource, scope, identity.getId());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,6 +23,7 @@ import java.util.Map;
|
||||||
import org.keycloak.authorization.model.PermissionTicket;
|
import org.keycloak.authorization.model.PermissionTicket;
|
||||||
import org.keycloak.authorization.model.Resource;
|
import org.keycloak.authorization.model.Resource;
|
||||||
import org.keycloak.authorization.model.ResourceServer;
|
import org.keycloak.authorization.model.ResourceServer;
|
||||||
|
import org.keycloak.authorization.model.Scope;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A {@link PermissionTicketStore} is responsible to manage the persistence of {@link org.keycloak.authorization.model.PermissionTicket} instances.
|
* A {@link PermissionTicketStore} is responsible to manage the persistence of {@link org.keycloak.authorization.model.PermissionTicket} instances.
|
||||||
|
@ -34,21 +35,23 @@ public interface PermissionTicketStore {
|
||||||
/**
|
/**
|
||||||
* Returns count of {@link PermissionTicket}, filtered by the given attributes.
|
* Returns count of {@link PermissionTicket}, filtered by the given attributes.
|
||||||
*
|
*
|
||||||
|
* @param resourceServer the resource server
|
||||||
* @param attributes permission tickets that do not match the attributes are not included with the count; possible filter options are given by {@link PermissionTicket.FilterOption}
|
* @param attributes permission tickets that do not match the attributes are not included with the count; possible filter options are given by {@link PermissionTicket.FilterOption}
|
||||||
* @param resourceServerId the resource server id
|
|
||||||
* @return an integer indicating the amount of permission tickets
|
* @return an integer indicating the amount of permission tickets
|
||||||
* @throws IllegalArgumentException when there is an unknown attribute in the {@code attributes} map
|
* @throws IllegalArgumentException when there is an unknown attribute in the {@code attributes} map
|
||||||
*/
|
*/
|
||||||
long count(Map<PermissionTicket.FilterOption, String> attributes, String resourceServerId);
|
long count(ResourceServer resourceServer, Map<PermissionTicket.FilterOption, String> attributes);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Creates a new {@link PermissionTicket} instance.
|
* Creates a new {@link PermissionTicket} instance.
|
||||||
*
|
*
|
||||||
* @param permission the policy representation
|
|
||||||
* @param resourceServer the resource server to which this policy belongs
|
* @param resourceServer the resource server to which this policy belongs
|
||||||
|
* @param resource resource id
|
||||||
|
* @param scope scope id
|
||||||
|
* @param requester the policy representation
|
||||||
* @return a new instance of {@link PermissionTicket}
|
* @return a new instance of {@link PermissionTicket}
|
||||||
*/
|
*/
|
||||||
PermissionTicket create(String resourceId, String scopeId, String requester, ResourceServer resourceServer);
|
PermissionTicket create(ResourceServer resourceServer, Resource resource, Scope scope, String requester);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Deletes a permission from the underlying persistence mechanism.
|
* Deletes a permission from the underlying persistence mechanism.
|
||||||
|
@ -60,97 +63,103 @@ public interface PermissionTicketStore {
|
||||||
/**
|
/**
|
||||||
* Returns a {@link PermissionTicket} with the given <code>id</code>
|
* Returns a {@link PermissionTicket} with the given <code>id</code>
|
||||||
*
|
*
|
||||||
|
* @param resourceServer the resource server
|
||||||
* @param id the identifier of the permission
|
* @param id the identifier of the permission
|
||||||
* @param resourceServerId the resource server id
|
|
||||||
* @return a permission with the given identifier.
|
* @return a permission with the given identifier.
|
||||||
*/
|
*/
|
||||||
PermissionTicket findById(String id, String resourceServerId);
|
PermissionTicket findById(ResourceServer resourceServer, String id);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a list of {@link PermissionTicket} associated with a {@link ResourceServer} with the given <code>resourceServerId</code>.
|
* Returns a list of {@link PermissionTicket} associated with a {@link ResourceServer}.
|
||||||
*
|
*
|
||||||
* @param resourceServerId the identifier of a resource server
|
* @param resourceServer the resource server
|
||||||
* @return a list of permissions belonging to the given resource server
|
* @return a list of permissions belonging to the given resource server
|
||||||
*/
|
*/
|
||||||
List<PermissionTicket> findByResourceServer(String resourceServerId);
|
List<PermissionTicket> findByResourceServer(ResourceServer resourceServer);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a list of {@link PermissionTicket} associated with the given <code>owner</code>.
|
* Returns a list of {@link PermissionTicket} associated with the given <code>owner</code>.
|
||||||
*
|
*
|
||||||
|
* @param resourceServer the resource server
|
||||||
* @param owner the identifier of a resource server
|
* @param owner the identifier of a resource server
|
||||||
* @return a list of permissions belonging to the given owner
|
* @return a list of permissions belonging to the given owner
|
||||||
*/
|
*/
|
||||||
List<PermissionTicket> findByOwner(String owner, String resourceServerId);
|
List<PermissionTicket> findByOwner(ResourceServer resourceServer, String owner);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a list of {@link PermissionTicket} associated with a {@link org.keycloak.authorization.core.model.Resource} with the given <code>resourceId</code>.
|
* Returns a list of {@link PermissionTicket} associated with the {@link org.keycloak.authorization.model.Resource resource}.
|
||||||
*
|
*
|
||||||
* @param resourceId the identifier of a resource
|
* @param resourceServer the resource server
|
||||||
* @param resourceServerId the resource server id
|
* @param resource the resource
|
||||||
* @return a list of permissions associated with the given resource
|
* @return a list of permissions associated with the given resource
|
||||||
|
* TODO: maybe we can get rid of reosourceServer param here as resource has method getResourceServer()
|
||||||
*/
|
*/
|
||||||
List<PermissionTicket> findByResource(String resourceId, String resourceServerId);
|
List<PermissionTicket> findByResource(ResourceServer resourceServer, Resource resource);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a list of {@link PermissionTicket} associated with a {@link org.keycloak.authorization.core.model.Scope} with the given <code>scopeId</code>.
|
* Returns a list of {@link PermissionTicket} associated with the {@link org.keycloak.authorization.model.Scope scope}.
|
||||||
*
|
*
|
||||||
* @param scopeId the id of the scopes
|
* @param resourceServer the resource server
|
||||||
* @param resourceServerId the resource server id
|
* @param scope the scope
|
||||||
* @return a list of permissions associated with the given scopes
|
* @return a list of permissions associated with the given scopes
|
||||||
|
*
|
||||||
|
* TODO: maybe we can get rid of reosourceServer param here as resource has method getResourceServer()
|
||||||
*/
|
*/
|
||||||
List<PermissionTicket> findByScope(String scopeId, String resourceServerId);
|
List<PermissionTicket> findByScope(ResourceServer resourceServer, Scope scope);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a list of {@link PermissionTicket}, filtered by the given attributes.
|
* Returns a list of {@link PermissionTicket}, filtered by the given attributes.
|
||||||
*
|
*
|
||||||
|
* @param resourceServer a resource server that resulting tickets should belong to. Ignored if {@code null}
|
||||||
* @param attributes a map of keys and values to filter on; possible filter options are given by {@link PermissionTicket.FilterOption}
|
* @param attributes a map of keys and values to filter on; possible filter options are given by {@link PermissionTicket.FilterOption}
|
||||||
* @param resourceServerId an id of resource server that resulting tickets should belong to. Ignored if {@code null}
|
* @param firstResult first result to return. Ignored if negative or {@code null}.
|
||||||
* @param firstResult first result to return; Ignored if negative or zero
|
* @param maxResults maximum number of results to return. Ignored if negative or {@code null}.
|
||||||
* @param maxResult maximum number of results to return; Ignored if negative
|
|
||||||
* @return a list of filtered and paginated permissions
|
* @return a list of filtered and paginated permissions
|
||||||
*
|
*
|
||||||
* @throws IllegalArgumentException when there is an unknown attribute in the {@code attributes} map
|
* @throws IllegalArgumentException when there is an unknown attribute in the {@code attributes} map
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
List<PermissionTicket> find(Map<PermissionTicket.FilterOption, String> attributes, String resourceServerId, int firstResult, int maxResult);
|
List<PermissionTicket> find(ResourceServer resourceServer, Map<PermissionTicket.FilterOption, String> attributes, Integer firstResult, Integer maxResults);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a list of {@link PermissionTicket} granted to the given {@code userId}.
|
* Returns a list of {@link PermissionTicket} granted to the given {@code userId}.
|
||||||
*
|
*
|
||||||
|
* @param resourceServer the resource server
|
||||||
* @param userId the user id
|
* @param userId the user id
|
||||||
* @param resourceServerId the resource server id
|
|
||||||
* @return a list of permissions granted for a particular user
|
* @return a list of permissions granted for a particular user
|
||||||
*/
|
*/
|
||||||
List<PermissionTicket> findGranted(String userId, String resourceServerId);
|
List<PermissionTicket> findGranted(ResourceServer resourceServer, String userId);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a list of {@link PermissionTicket} with name equal to {@code resourceName} granted to the given {@code userId}.
|
* Returns a list of {@link PermissionTicket} with name equal to {@code resourceName} granted to the given {@code userId}.
|
||||||
*
|
*
|
||||||
|
* @param resourceServer the resource server
|
||||||
* @param resourceName the name of a resource
|
* @param resourceName the name of a resource
|
||||||
* @param userId the user id
|
* @param userId the user id
|
||||||
* @param resourceServerId the resource server id
|
|
||||||
* @return a list of permissions granted for a particular user
|
* @return a list of permissions granted for a particular user
|
||||||
|
*
|
||||||
|
* TODO: investigate a way how to replace resourceName with Resource class
|
||||||
*/
|
*/
|
||||||
List<PermissionTicket> findGranted(String resourceName, String userId, String resourceServerId);
|
List<PermissionTicket> findGranted(ResourceServer resourceServer, String resourceName, String userId);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a list of {@link Resource} granted to the given {@code requester}
|
* Returns a list of {@link Resource} granted to the given {@code requester}
|
||||||
*
|
*
|
||||||
* @param requester the requester
|
* @param requester the requester
|
||||||
* @param name the keyword to query resources by name or null if any resource
|
* @param name the keyword to query resources by name or null if any resource
|
||||||
* @param first first result
|
* @param firstResult first result to return. Ignored if negative or {@code null}.
|
||||||
* @param max max result
|
* @param maxResults maximum number of results to return. Ignored if negative or {@code null}.
|
||||||
* @return a list of {@link Resource} granted to the given {@code requester}
|
* @return a list of {@link Resource} granted to the given {@code requester}
|
||||||
*/
|
*/
|
||||||
List<Resource> findGrantedResources(String requester, String name, int first, int max);
|
List<Resource> findGrantedResources(String requester, String name, Integer firstResult, Integer maxResults);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a list of {@link Resource} granted by the owner to other users
|
* Returns a list of {@link Resource} granted by the owner to other users
|
||||||
*
|
*
|
||||||
* @param owner the owner
|
* @param owner the owner
|
||||||
* @param first first result
|
* @param firstResult first result to return. Ignored if negative or {@code null}.
|
||||||
* @param max max result
|
* @param maxResults maximum number of results to return. Ignored if negative or {@code null}.
|
||||||
* @return a list of {@link Resource} granted by the owner
|
* @return a list of {@link Resource} granted by the owner
|
||||||
*/
|
*/
|
||||||
List<Resource> findGrantedOwnerResources(String owner, int first, int max);
|
List<Resource> findGrantedOwnerResources(String owner, Integer firstResult, Integer maxResults);
|
||||||
}
|
}
|
||||||
|
|
|
@ -24,7 +24,9 @@ import java.util.Map;
|
||||||
import java.util.function.Consumer;
|
import java.util.function.Consumer;
|
||||||
|
|
||||||
import org.keycloak.authorization.model.Policy;
|
import org.keycloak.authorization.model.Policy;
|
||||||
|
import org.keycloak.authorization.model.Resource;
|
||||||
import org.keycloak.authorization.model.ResourceServer;
|
import org.keycloak.authorization.model.ResourceServer;
|
||||||
|
import org.keycloak.authorization.model.Scope;
|
||||||
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
|
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -38,11 +40,11 @@ public interface PolicyStore {
|
||||||
* Creates a new {@link Policy} instance. The new instance is not necessarily persisted though, which may require
|
* Creates a new {@link Policy} instance. The new instance is not necessarily persisted though, which may require
|
||||||
* a call to the {#save} method to actually make it persistent.
|
* a call to the {#save} method to actually make it persistent.
|
||||||
*
|
*
|
||||||
* @param representation the policy representation
|
|
||||||
* @param resourceServer the resource server to which this policy belongs
|
* @param resourceServer the resource server to which this policy belongs
|
||||||
|
* @param representation the policy representation
|
||||||
* @return a new instance of {@link Policy}
|
* @return a new instance of {@link Policy}
|
||||||
*/
|
*/
|
||||||
Policy create(AbstractPolicyRepresentation representation, ResourceServer resourceServer);
|
Policy create(ResourceServer resourceServer, AbstractPolicyRepresentation representation);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Deletes a policy from the underlying persistence mechanism.
|
* Deletes a policy from the underlying persistence mechanism.
|
||||||
|
@ -54,121 +56,137 @@ public interface PolicyStore {
|
||||||
/**
|
/**
|
||||||
* Returns a {@link Policy} with the given <code>id</code>
|
* Returns a {@link Policy} with the given <code>id</code>
|
||||||
*
|
*
|
||||||
|
* @param resourceServer the resource server
|
||||||
* @param id the identifier of the policy
|
* @param id the identifier of the policy
|
||||||
* @param resourceServerId the resource server id
|
|
||||||
* @return a policy with the given identifier.
|
* @return a policy with the given identifier.
|
||||||
*/
|
*/
|
||||||
Policy findById(String id, String resourceServerId);
|
Policy findById(ResourceServer resourceServer, String id);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a {@link Policy} with the given <code>name</code>
|
* Returns a {@link Policy} with the given <code>name</code>
|
||||||
*
|
*
|
||||||
|
* @param resourceServer the resource server
|
||||||
* @param name the name of the policy
|
* @param name the name of the policy
|
||||||
* @param resourceServerId the resource server id
|
|
||||||
* @return a policy with the given name.
|
* @return a policy with the given name.
|
||||||
*/
|
*/
|
||||||
Policy findByName(String name, String resourceServerId);
|
Policy findByName(ResourceServer resourceServer, String name);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a list of {@link Policy} associated with a {@link ResourceServer} with the given <code>resourceServerId</code>.
|
* Returns a list of {@link Policy} associated with a {@link ResourceServer} with the given <code>resourceServerId</code>.
|
||||||
*
|
*
|
||||||
* @param resourceServerId the identifier of a resource server
|
* @param resourceServer the identifier of a resource server
|
||||||
* @return a list of policies that belong to the given resource server
|
* @return a list of policies that belong to the given resource server
|
||||||
*/
|
*/
|
||||||
List<Policy> findByResourceServer(String resourceServerId);
|
List<Policy> findByResourceServer(ResourceServer resourceServer);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a list of {@link Policy} associated with a {@link ResourceServer} with the given <code>resourceServerId</code>.
|
* Returns a list of {@link Policy} associated with a {@link ResourceServer} with the given <code>resourceServerId</code>.
|
||||||
*
|
*
|
||||||
|
* @param resourceServer the identifier of a resource server
|
||||||
* @param attributes a map holding the attributes that will be used as a filter; possible filter options are given by {@link Policy.FilterOption}
|
* @param attributes a map holding the attributes that will be used as a filter; possible filter options are given by {@link Policy.FilterOption}
|
||||||
* @param resourceServerId the identifier of a resource server
|
* @param firstResult first result to return. Ignored if negative or {@code null}.
|
||||||
|
* @param maxResults maximum number of results to return. Ignored if negative or {@code null}.
|
||||||
* @return a list of policies that belong to the given resource server
|
* @return a list of policies that belong to the given resource server
|
||||||
*
|
*
|
||||||
* @throws IllegalArgumentException when there is an unknown attribute in the {@code attributes} map
|
* @throws IllegalArgumentException when there is an unknown attribute in the {@code attributes} map
|
||||||
*/
|
*/
|
||||||
List<Policy> findByResourceServer(Map<Policy.FilterOption, String[]> attributes, String resourceServerId, int firstResult, int maxResult);
|
List<Policy> findByResourceServer(ResourceServer resourceServer, Map<Policy.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a list of {@link Policy} associated with a {@link org.keycloak.authorization.core.model.Resource} with the given <code>resourceId</code>.
|
* Returns a list of {@link Policy} associated with a {@link org.keycloak.authorization.model.Resource} with the given <code>resourceId</code>.
|
||||||
*
|
*
|
||||||
* @param resourceId the identifier of a resource
|
* @param resourceServer the resource server
|
||||||
* @param resourceServerId the resource server id
|
* @param resource the resource
|
||||||
* @return a list of policies associated with the given resource
|
* @return a list of policies associated with the given resource
|
||||||
*/
|
*/
|
||||||
default List<Policy> findByResource(String resourceId, String resourceServerId) {
|
default List<Policy> findByResource(ResourceServer resourceServer, Resource resource) {
|
||||||
List<Policy> result = new LinkedList<>();
|
List<Policy> result = new LinkedList<>();
|
||||||
|
|
||||||
findByResource(resourceId, resourceServerId, result::add);
|
findByResource(resourceServer, resource, result::add);
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
void findByResource(String resourceId, String resourceServerId, Consumer<Policy> consumer);
|
/**
|
||||||
|
* Searches for all policies associated with the {@link org.keycloak.authorization.model.Resource} and passes the result to the {@code consumer}
|
||||||
|
*
|
||||||
|
* @param resourceServer the resourceServer
|
||||||
|
* @param resource the resource
|
||||||
|
* @param consumer consumer of policies resulted from the search
|
||||||
|
*/
|
||||||
|
void findByResource(ResourceServer resourceServer, Resource resource, Consumer<Policy> consumer);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a list of {@link Policy} associated with a {@link org.keycloak.authorization.core.model.Resource} with the given <code>type</code>.
|
* Returns a list of {@link Policy} associated with a {@link org.keycloak.authorization.model.ResourceServer} with the given <code>type</code>.
|
||||||
*
|
*
|
||||||
|
* @param resourceServer the resource server id
|
||||||
* @param resourceType the type of a resource
|
* @param resourceType the type of a resource
|
||||||
* @param resourceServerId the resource server id
|
|
||||||
* @return a list of policies associated with the given resource type
|
* @return a list of policies associated with the given resource type
|
||||||
*/
|
*/
|
||||||
default List<Policy> findByResourceType(String resourceType, String resourceServerId) {
|
default List<Policy> findByResourceType(ResourceServer resourceServer, String resourceType) {
|
||||||
List<Policy> result = new LinkedList<>();
|
List<Policy> result = new LinkedList<>();
|
||||||
|
|
||||||
findByResourceType(resourceType, resourceServerId, result::add);
|
findByResourceType((ResourceServer) null, resourceType, result::add);
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a list of {@link Policy} associated with a {@link org.keycloak.authorization.core.model.Scope} with the given <code>scopeIds</code>.
|
* Searches for policies associated with a {@link org.keycloak.authorization.model.ResourceServer} and passes the result to the consumer
|
||||||
*
|
*
|
||||||
* @param scopeIds the id of the scopes
|
* @param resourceServer the resourceServer
|
||||||
* @param resourceServerId the resource server id
|
* @param type the type of a resource
|
||||||
* @return a list of policies associated with the given scopes
|
* @param policyConsumer consumer of policies resulted from the search
|
||||||
*/
|
*/
|
||||||
List<Policy> findByScopeIds(List<String> scopeIds, String resourceServerId);
|
void findByResourceType(ResourceServer resourceServer, String type, Consumer<Policy> policyConsumer);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a list of {@link Policy} associated with a {@link org.keycloak.authorization.core.model.Scope} with the given <code>resourceId</code> and <code>scopeIds</code>.
|
* Returns a list of {@link Policy} associated with a {@link org.keycloak.authorization.model.Scope} within the given <code>scope</code>.
|
||||||
*
|
*
|
||||||
* @param scopeIds the id of the scopes
|
* @param resourceServer the resource server
|
||||||
* @param resourceId the id of the resource. Ignored if {@code null}.
|
* @param scopes the scopes
|
||||||
* @param resourceServerId the resource server id
|
|
||||||
* @return a list of policies associated with the given scopes
|
* @return a list of policies associated with the given scopes
|
||||||
*/
|
*/
|
||||||
default List<Policy> findByScopeIds(List<String> scopeIds, String resourceId, String resourceServerId) {
|
List<Policy> findByScopes(ResourceServer resourceServer, List<Scope> scopes);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns a list of {@link Policy} associated with a {@link org.keycloak.authorization.model.Scope} with the given <code>resource</code> and <code>scopes</code>.
|
||||||
|
*
|
||||||
|
* @param resourceServer the resource server
|
||||||
|
* @param resource the resource. Ignored if {@code null}.
|
||||||
|
* @param scopes the scopes
|
||||||
|
* @return a list of policies associated with the given scopes
|
||||||
|
*/
|
||||||
|
default List<Policy> findByScopes(ResourceServer resourceServer, Resource resource, List<Scope> scopes) {
|
||||||
List<Policy> result = new LinkedList<>();
|
List<Policy> result = new LinkedList<>();
|
||||||
|
|
||||||
findByScopeIds(scopeIds, resourceId, resourceServerId, result::add);
|
findByScopes(resourceServer, resource, scopes, result::add);
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Effectively the same method as {@link #findByScopeIds(List, String, String)}, however in the end
|
* Effectively the same method as {@link #findByScopes(ResourceServer, Resource, List)}, however in the end
|
||||||
* the {@code consumer} is fed with the result.
|
* the {@code consumer} is fed with the result.
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
void findByScopeIds(List<String> scopeIds, String resourceId, String resourceServerId, Consumer<Policy> consumer);
|
void findByScopes(ResourceServer resourceServer, Resource resource, List<Scope> scopes, Consumer<Policy> consumer);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a list of {@link Policy} with the given <code>type</code>.
|
* Returns a list of {@link Policy} with the given <code>type</code>.
|
||||||
*
|
*
|
||||||
|
* @param resourceServer the resource server id
|
||||||
* @param type the type of the policy
|
* @param type the type of the policy
|
||||||
* @param resourceServerId the resource server id
|
|
||||||
* @return a list of policies with the given type
|
* @return a list of policies with the given type
|
||||||
*/
|
*/
|
||||||
List<Policy> findByType(String type, String resourceServerId);
|
List<Policy> findByType(ResourceServer resourceServer, String type);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a list of {@link Policy} that depends on another policy with the given <code>id</code>.
|
* Returns a list of {@link Policy} that depends on another policy with the given <code>id</code>.
|
||||||
*
|
*
|
||||||
|
* @param resourceServer the resource server
|
||||||
* @param id the id of the policy to query its dependents
|
* @param id the id of the policy to query its dependents
|
||||||
* @param resourceServerId the resource server id
|
|
||||||
* @return a list of policies that depends on the a policy with the given identifier
|
* @return a list of policies that depends on the a policy with the given identifier
|
||||||
*/
|
*/
|
||||||
List<Policy> findDependentPolicies(String id, String resourceServerId);
|
List<Policy> findDependentPolicies(ResourceServer resourceServer, String id);
|
||||||
|
|
||||||
void findByResourceType(String type, String resourceServerId, Consumer<Policy> policyConsumer);
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -50,9 +50,7 @@ public interface ResourceServerStore {
|
||||||
* @param id the identifier of an existing resource server instance
|
* @param id the identifier of an existing resource server instance
|
||||||
*
|
*
|
||||||
* @return the resource server instance with the given identifier or null if no instance was found
|
* @return the resource server instance with the given identifier or null if no instance was found
|
||||||
* @deprecated use {@code findByClient} instead.
|
|
||||||
*/
|
*/
|
||||||
@Deprecated
|
|
||||||
ResourceServer findById(String id);
|
ResourceServer findById(String id);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -19,11 +19,13 @@ package org.keycloak.authorization.store;
|
||||||
|
|
||||||
import org.keycloak.authorization.model.Resource;
|
import org.keycloak.authorization.model.Resource;
|
||||||
import org.keycloak.authorization.model.ResourceServer;
|
import org.keycloak.authorization.model.ResourceServer;
|
||||||
|
import org.keycloak.authorization.model.Scope;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.LinkedList;
|
import java.util.LinkedList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
import java.util.Set;
|
||||||
import java.util.function.Consumer;
|
import java.util.function.Consumer;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -36,25 +38,25 @@ public interface ResourceStore {
|
||||||
/**
|
/**
|
||||||
* <p>Creates a {@link Resource} instance backed by this persistent storage implementation.
|
* <p>Creates a {@link Resource} instance backed by this persistent storage implementation.
|
||||||
*
|
*
|
||||||
* @param name the name of this resource. It must be unique.
|
|
||||||
* @param resourceServer the resource server to where the given resource belongs to
|
* @param resourceServer the resource server to where the given resource belongs to
|
||||||
|
* @param name the name of this resource. It must be unique.
|
||||||
* @param owner the owner of this resource or null if the resource server is the owner
|
* @param owner the owner of this resource or null if the resource server is the owner
|
||||||
* @return an instance backed by the underlying storage implementation
|
* @return an instance backed by the underlying storage implementation
|
||||||
*/
|
*/
|
||||||
default Resource create(String name, ResourceServer resourceServer, String owner) {
|
default Resource create(ResourceServer resourceServer, String name, String owner) {
|
||||||
return create(null, name, resourceServer, owner);
|
return create(resourceServer, null, name, owner);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* <p>Creates a {@link Resource} instance backed by this persistent storage implementation.
|
* <p>Creates a {@link Resource} instance backed by this persistent storage implementation.
|
||||||
*
|
*
|
||||||
|
* @param resourceServer the resource server to where the given resource belongs to
|
||||||
* @param id the id of this resource. It must be unique. Will be randomly generated if null.
|
* @param id the id of this resource. It must be unique. Will be randomly generated if null.
|
||||||
* @param name the name of this resource. It must be unique.
|
* @param name the name of this resource. It must be unique.
|
||||||
* @param resourceServer the resource server to where the given resource belongs to
|
|
||||||
* @param owner the owner of this resource or null if the resource server is the owner
|
* @param owner the owner of this resource or null if the resource server is the owner
|
||||||
* @return an instance backed by the underlying storage implementation
|
* @return an instance backed by the underlying storage implementation
|
||||||
*/
|
*/
|
||||||
Resource create(String id, String name, ResourceServer resourceServer, String owner);
|
Resource create(ResourceServer resourceServer, String id, String name, String owner);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Removes a {@link Resource} instance, with the given {@code id} from the persistent storage.
|
* Removes a {@link Resource} instance, with the given {@code id} from the persistent storage.
|
||||||
|
@ -66,101 +68,114 @@ public interface ResourceStore {
|
||||||
/**
|
/**
|
||||||
* Returns a {@link Resource} instance based on its identifier.
|
* Returns a {@link Resource} instance based on its identifier.
|
||||||
*
|
*
|
||||||
|
* @param resourceServer the resource server
|
||||||
* @param id the identifier of an existing resource instance
|
* @param id the identifier of an existing resource instance
|
||||||
* @return the resource instance with the given identifier or null if no instance was found
|
* @return the resource instance with the given identifier or null if no instance was found
|
||||||
*/
|
*/
|
||||||
Resource findById(String id, String resourceServerId);
|
Resource findById(ResourceServer resourceServer, String id);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Finds all {@link Resource} instances with the given {@code ownerId}.
|
* Finds all {@link Resource} instances with the given {@code ownerId}.
|
||||||
*
|
*
|
||||||
|
*
|
||||||
|
* @param resourceServer
|
||||||
* @param ownerId the identifier of the owner
|
* @param ownerId the identifier of the owner
|
||||||
* @return a list with all resource instances owned by the given owner
|
* @return a list with all resource instances owned by the given owner
|
||||||
*/
|
*/
|
||||||
default List<Resource> findByOwner(String ownerId, String resourceServerId) {
|
default List<Resource> findByOwner(ResourceServer resourceServer, String ownerId) {
|
||||||
List<Resource> list = new LinkedList<>();
|
List<Resource> list = new LinkedList<>();
|
||||||
|
|
||||||
findByOwner(ownerId, resourceServerId, list::add);
|
findByOwner(resourceServer, ownerId, list::add);
|
||||||
|
|
||||||
return list;
|
return list;
|
||||||
}
|
}
|
||||||
|
|
||||||
void findByOwner(String ownerId, String resourceServerId, Consumer<Resource> consumer);
|
void findByOwner(ResourceServer resourceServer, String ownerId, Consumer<Resource> consumer);
|
||||||
|
|
||||||
List<Resource> findByOwner(String ownerId, String resourceServerId, int first, int max);
|
List<Resource> findByOwner(ResourceServer resourceServer, String ownerId, Integer firstResult, Integer maxResults);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Finds all {@link Resource} instances with the given uri.
|
* Finds all {@link Resource} instances with the given uri.
|
||||||
*
|
*
|
||||||
|
*
|
||||||
|
* @param resourceServer
|
||||||
* @param uri the identifier of the uri
|
* @param uri the identifier of the uri
|
||||||
* @return a list with all resource instances owned by the given owner
|
* @return a list with all resource instances owned by the given owner
|
||||||
*/
|
*/
|
||||||
List<Resource> findByUri(String uri, String resourceServerId);
|
List<Resource> findByUri(ResourceServer resourceServer, String uri);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Finds all {@link Resource} instances associated with a given resource server.
|
* Finds all {@link Resource} instances associated with a given resource server.
|
||||||
*
|
*
|
||||||
* @param resourceServerId the identifier of the resource server
|
* @param resourceServer the identifier of the resource server
|
||||||
* @return a list with all resources associated with the given resource server
|
* @return a list with all resources associated with the given resource server
|
||||||
*/
|
*/
|
||||||
List<Resource> findByResourceServer(String resourceServerId);
|
List<Resource> findByResourceServer(ResourceServer resourceServer);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Finds all {@link Resource} instances associated with a given resource server.
|
* Finds all {@link Resource} instances associated with a given resource server.
|
||||||
*
|
*
|
||||||
|
* @param resourceServer the identifier of the resource server
|
||||||
* @param attributes a map holding the attributes that will be used as a filter; possible filter options are given by {@link Resource.FilterOption}
|
* @param attributes a map holding the attributes that will be used as a filter; possible filter options are given by {@link Resource.FilterOption}
|
||||||
* @param resourceServerId the identifier of the resource server
|
* @param firstResult first result to return. Ignored if negative or {@code null}.
|
||||||
|
* @param maxResults maximum number of results to return. Ignored if negative or {@code null}.
|
||||||
* @return a list with all resources associated with the given resource server
|
* @return a list with all resources associated with the given resource server
|
||||||
*
|
*
|
||||||
* @throws IllegalArgumentException when there is an unknown attribute in the {@code attributes} map
|
* @throws IllegalArgumentException when there is an unknown attribute in the {@code attributes} map
|
||||||
*/
|
*/
|
||||||
List<Resource> findByResourceServer(Map<Resource.FilterOption, String[]> attributes, String resourceServerId, int firstResult, int maxResult);
|
List<Resource> findByResourceServer(ResourceServer resourceServer, Map<Resource.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Finds all {@link Resource} associated with a given scope.
|
* Finds all {@link Resource} associated with a given scope.
|
||||||
*
|
*
|
||||||
* @param id one or more scope identifiers
|
*
|
||||||
|
* @param resourceServer
|
||||||
|
* @param scopes one or more scope identifiers
|
||||||
* @return a list of resources associated with the given scope(s)
|
* @return a list of resources associated with the given scope(s)
|
||||||
*/
|
*/
|
||||||
default List<Resource> findByScope(List<String> id, String resourceServerId) {
|
default List<Resource> findByScopes(ResourceServer resourceServer, Set<Scope> scopes) {
|
||||||
List<Resource> result = new ArrayList<>();
|
List<Resource> result = new ArrayList<>();
|
||||||
|
|
||||||
findByScope(id, resourceServerId, result::add);
|
findByScopes(resourceServer, scopes, result::add);
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
void findByScope(List<String> scopes, String resourceServerId, Consumer<Resource> consumer);
|
void findByScopes(ResourceServer resourceServer, Set<Scope> scopes, Consumer<Resource> consumer);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Find a {@link Resource} by its name where the owner is the resource server itself.
|
* Find a {@link Resource} by its name where the owner is the resource server itself.
|
||||||
*
|
*
|
||||||
|
* @param resourceServer the resource server
|
||||||
* @param name the name of the resource
|
* @param name the name of the resource
|
||||||
* @param resourceServerId the identifier of the resource server
|
|
||||||
* @return a resource with the given name
|
* @return a resource with the given name
|
||||||
*/
|
*/
|
||||||
Resource findByName(String name, String resourceServerId);
|
default Resource findByName(ResourceServer resourceServer, String name) {
|
||||||
|
return findByName(resourceServer, name, resourceServer.getClientId());
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Find a {@link Resource} by its name where the owner is the given <code>ownerId</code>.
|
* Find a {@link Resource} by its name where the owner is the given <code>ownerId</code>.
|
||||||
*
|
*
|
||||||
|
* @param resourceServer the identifier of the resource server
|
||||||
* @param name the name of the resource
|
* @param name the name of the resource
|
||||||
* @param ownerId the owner id
|
* @param ownerId the owner id
|
||||||
* @param resourceServerId the identifier of the resource server
|
|
||||||
* @return a resource with the given name
|
* @return a resource with the given name
|
||||||
*/
|
*/
|
||||||
Resource findByName(String name, String ownerId, String resourceServerId);
|
Resource findByName(ResourceServer resourceServer, String name, String ownerId);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Finds all {@link Resource} with the given type.
|
* Finds all {@link Resource} with the given type.
|
||||||
*
|
*
|
||||||
|
*
|
||||||
|
* @param resourceServer
|
||||||
* @param type the type of the resource
|
* @param type the type of the resource
|
||||||
* @return a list of resources with the given type
|
* @return a list of resources with the given type
|
||||||
*/
|
*/
|
||||||
default List<Resource> findByType(String type, String resourceServerId) {
|
default List<Resource> findByType(ResourceServer resourceServer, String type) {
|
||||||
List<Resource> list = new LinkedList<>();
|
List<Resource> list = new LinkedList<>();
|
||||||
|
|
||||||
findByType(type, resourceServerId, list::add);
|
findByType(resourceServer, type, list::add);
|
||||||
|
|
||||||
return list;
|
return list;
|
||||||
}
|
}
|
||||||
|
@ -168,14 +183,16 @@ public interface ResourceStore {
|
||||||
/**
|
/**
|
||||||
* Finds all {@link Resource} with the given type.
|
* Finds all {@link Resource} with the given type.
|
||||||
*
|
*
|
||||||
|
*
|
||||||
|
* @param resourceServer
|
||||||
* @param type the type of the resource
|
* @param type the type of the resource
|
||||||
* @param owner the resource owner or null for any resource with a given type
|
* @param owner the resource owner or null for any resource with a given type
|
||||||
* @return a list of resources with the given type
|
* @return a list of resources with the given type
|
||||||
*/
|
*/
|
||||||
default List<Resource> findByType(String type, String owner, String resourceServerId) {
|
default List<Resource> findByType(ResourceServer resourceServer, String type, String owner) {
|
||||||
List<Resource> list = new LinkedList<>();
|
List<Resource> list = new LinkedList<>();
|
||||||
|
|
||||||
findByType(type, owner, resourceServerId, list::add);
|
findByType(resourceServer, type, owner, list::add);
|
||||||
|
|
||||||
return list;
|
return list;
|
||||||
}
|
}
|
||||||
|
@ -183,31 +200,31 @@ public interface ResourceStore {
|
||||||
/**
|
/**
|
||||||
* Finds all {@link Resource} with the given type.
|
* Finds all {@link Resource} with the given type.
|
||||||
*
|
*
|
||||||
|
* @param resourceServer the resource server id
|
||||||
* @param type the type of the resource
|
* @param type the type of the resource
|
||||||
* @param resourceServerId the resource server id
|
|
||||||
* @param consumer the result consumer
|
* @param consumer the result consumer
|
||||||
* @return a list of resources with the given type
|
* @return a list of resources with the given type
|
||||||
*/
|
*/
|
||||||
void findByType(String type, String resourceServerId, Consumer<Resource> consumer);
|
void findByType(ResourceServer resourceServer, String type, Consumer<Resource> consumer);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Finds all {@link Resource} with the given type.
|
* Finds all {@link Resource} with the given type.
|
||||||
*
|
*
|
||||||
|
* @param resourceServer the resource server id
|
||||||
* @param type the type of the resource
|
* @param type the type of the resource
|
||||||
* @param owner the resource owner or null for any resource with a given type
|
* @param owner the resource owner or null for any resource with a given type
|
||||||
* @param resourceServerId the resource server id
|
|
||||||
* @param consumer the result consumer
|
* @param consumer the result consumer
|
||||||
* @return a list of resources with the given type
|
* @return a list of resources with the given type
|
||||||
*/
|
*/
|
||||||
void findByType(String type, String owner, String resourceServerId, Consumer<Resource> consumer);
|
void findByType(ResourceServer resourceServer, String type, String owner, Consumer<Resource> consumer);
|
||||||
|
|
||||||
default List<Resource> findByTypeInstance(String type, String resourceServerId) {
|
default List<Resource> findByTypeInstance(ResourceServer resourceServer, String type) {
|
||||||
List<Resource> list = new LinkedList<>();
|
List<Resource> list = new LinkedList<>();
|
||||||
|
|
||||||
findByTypeInstance(type, resourceServerId, list::add);
|
findByTypeInstance(resourceServer, type, list::add);
|
||||||
|
|
||||||
return list;
|
return list;
|
||||||
}
|
}
|
||||||
|
|
||||||
void findByTypeInstance(String type, String resourceServerId, Consumer<Resource> consumer);
|
void findByTypeInstance(ResourceServer resourceServerId, String type, Consumer<Resource> consumer);
|
||||||
}
|
}
|
||||||
|
|
|
@ -35,26 +35,26 @@ public interface ScopeStore {
|
||||||
* Creates a new {@link Scope} instance. The new instance is not necessarily persisted though, which may require
|
* Creates a new {@link Scope} instance. The new instance is not necessarily persisted though, which may require
|
||||||
* a call to the {#save} method to actually make it persistent.
|
* a call to the {#save} method to actually make it persistent.
|
||||||
*
|
*
|
||||||
* @param name the name of the scope
|
|
||||||
* @param resourceServer the resource server to which this scope belongs
|
* @param resourceServer the resource server to which this scope belongs
|
||||||
*
|
*
|
||||||
|
* @param name the name of the scope
|
||||||
* @return a new instance of {@link Scope}
|
* @return a new instance of {@link Scope}
|
||||||
*/
|
*/
|
||||||
default Scope create(String name, ResourceServer resourceServer) {
|
default Scope create(ResourceServer resourceServer, String name) {
|
||||||
return create(null, name, resourceServer);
|
return create(resourceServer, null, name);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Creates a new {@link Scope} instance. The new instance is not necessarily persisted though, which may require
|
* Creates a new {@link Scope} instance. The new instance is not necessarily persisted though, which may require
|
||||||
* a call to the {#save} method to actually make it persistent.
|
* a call to the {#save} method to actually make it persistent.
|
||||||
*
|
*
|
||||||
* @param id the id of the scope. Is generated randomly when null
|
|
||||||
* @param name the name of the scope
|
|
||||||
* @param resourceServer the resource server to which this scope belongs
|
* @param resourceServer the resource server to which this scope belongs
|
||||||
*
|
*
|
||||||
|
* @param id the id of the scope. Is generated randomly when null
|
||||||
|
* @param name the name of the scope
|
||||||
* @return a new instance of {@link Scope}
|
* @return a new instance of {@link Scope}
|
||||||
*/
|
*/
|
||||||
Scope create(String id, String name, ResourceServer resourceServer);
|
Scope create(ResourceServer resourceServer, String id, String name);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Deletes a scope from the underlying persistence mechanism.
|
* Deletes a scope from the underlying persistence mechanism.
|
||||||
|
@ -66,40 +66,42 @@ public interface ScopeStore {
|
||||||
/**
|
/**
|
||||||
* Returns a {@link Scope} with the given <code>id</code>
|
* Returns a {@link Scope} with the given <code>id</code>
|
||||||
*
|
*
|
||||||
|
* @param resourceServer the resource server id
|
||||||
* @param id the identifier of the scope
|
* @param id the identifier of the scope
|
||||||
* @param resourceServerId the resource server id
|
|
||||||
* @return a scope with the given identifier.
|
* @return a scope with the given identifier.
|
||||||
*/
|
*/
|
||||||
Scope findById(String id, String resourceServerId);
|
Scope findById(ResourceServer resourceServer, String id);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a {@link Scope} with the given <code>name</code>
|
* Returns a {@link Scope} with the given <code>name</code>
|
||||||
*
|
*
|
||||||
|
* @param resourceServer the resource server
|
||||||
* @param name the name of the scope
|
* @param name the name of the scope
|
||||||
*
|
*
|
||||||
* @param resourceServerId the resource server id
|
|
||||||
* @return a scope with the given name.
|
* @return a scope with the given name.
|
||||||
*/
|
*/
|
||||||
Scope findByName(String name, String resourceServerId);
|
Scope findByName(ResourceServer resourceServer, String name);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a list of {@link Scope} associated with a {@link ResourceServer} with the given <code>resourceServerId</code>.
|
* Returns a list of {@link Scope} associated with a {@link ResourceServer} with the given <code>resourceServer</code>.
|
||||||
*
|
*
|
||||||
* @param resourceServerId the identifier of a resource server
|
* @param resourceServer the identifier of a resource server
|
||||||
*
|
*
|
||||||
* @return a list of scopes that belong to the given resource server
|
* @return a list of scopes that belong to the given resource server
|
||||||
*/
|
*/
|
||||||
List<Scope> findByResourceServer(String id);
|
List<Scope> findByResourceServer(ResourceServer resourceServer);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a list of {@link Scope} associated with a {@link ResourceServer} with the given <code>resourceServerId</code>.
|
* Returns a list of {@link Scope} associated with a {@link ResourceServer} with the given <code>resourceServerId</code>.
|
||||||
*
|
*
|
||||||
|
* @param resourceServer the resource server
|
||||||
* @param attributes a map holding the attributes that will be used as a filter; possible filter options are given by {@link Scope.FilterOption}
|
* @param attributes a map holding the attributes that will be used as a filter; possible filter options are given by {@link Scope.FilterOption}
|
||||||
* @param resourceServerId the identifier of a resource server
|
* @param firstResult first result to return. Ignored if negative or {@code null}.
|
||||||
|
* @param maxResults maximum number of results to return. Ignored if negative or {@code null}.
|
||||||
* @return a list of scopes that belong to the given resource server
|
* @return a list of scopes that belong to the given resource server
|
||||||
*
|
*
|
||||||
* @throws IllegalArgumentException when there is an unknown attribute in the {@code attributes} map
|
* @throws IllegalArgumentException when there is an unknown attribute in the {@code attributes} map
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
List<Scope> findByResourceServer(Map<Scope.FilterOption, String[]> attributes, String resourceServerId, int firstResult, int maxResult);
|
List<Scope> findByResourceServer(ResourceServer resourceServer, Map<Scope.FilterOption, String[]> attributes, Integer firstResult, Integer maxResults);
|
||||||
}
|
}
|
||||||
|
|
|
@ -62,7 +62,7 @@ public class ClientApplicationSynchronizer implements Synchronizer<ClientRemoved
|
||||||
attributes.put(Policy.FilterOption.CONFIG, new String[] {"clients", event.getClient().getId()});
|
attributes.put(Policy.FilterOption.CONFIG, new String[] {"clients", event.getClient().getId()});
|
||||||
attributes.put(Policy.FilterOption.ANY_OWNER, Policy.FilterOption.EMPTY_FILTER);
|
attributes.put(Policy.FilterOption.ANY_OWNER, Policy.FilterOption.EMPTY_FILTER);
|
||||||
|
|
||||||
List<Policy> search = storeFactory.getPolicyStore().findByResourceServer(attributes, null, -1, -1);
|
List<Policy> search = storeFactory.getPolicyStore().findByResourceServer(null, attributes, null, null);
|
||||||
|
|
||||||
for (Policy policy : search) {
|
for (Policy policy : search) {
|
||||||
PolicyProviderFactory policyFactory = authorizationProvider.getProviderFactory(policy.getType());
|
PolicyProviderFactory policyFactory = authorizationProvider.getProviderFactory(policy.getType());
|
||||||
|
|
|
@ -51,7 +51,7 @@ public class GroupSynchronizer implements Synchronizer<GroupModel.GroupRemovedEv
|
||||||
attributes.put(Policy.FilterOption.CONFIG, new String[] {"groups", group.getId()});
|
attributes.put(Policy.FilterOption.CONFIG, new String[] {"groups", group.getId()});
|
||||||
attributes.put(Policy.FilterOption.ANY_OWNER, Policy.FilterOption.EMPTY_FILTER);
|
attributes.put(Policy.FilterOption.ANY_OWNER, Policy.FilterOption.EMPTY_FILTER);
|
||||||
|
|
||||||
List<Policy> search = policyStore.findByResourceServer(attributes, null, -1, -1);
|
List<Policy> search = policyStore.findByResourceServer(null, attributes, null, null);
|
||||||
|
|
||||||
for (Policy policy : search) {
|
for (Policy policy : search) {
|
||||||
PolicyProviderFactory policyFactory = authorizationProvider.getProviderFactory(policy.getType());
|
PolicyProviderFactory policyFactory = authorizationProvider.getProviderFactory(policy.getType());
|
||||||
|
|
|
@ -60,7 +60,7 @@ public class UserSynchronizer implements Synchronizer<UserRemovedEvent> {
|
||||||
attributes.put(Policy.FilterOption.TYPE, new String[] {"user"});
|
attributes.put(Policy.FilterOption.TYPE, new String[] {"user"});
|
||||||
attributes.put(Policy.FilterOption.CONFIG, new String[] {"users", userModel.getId()});
|
attributes.put(Policy.FilterOption.CONFIG, new String[] {"users", userModel.getId()});
|
||||||
|
|
||||||
List<Policy> search = policyStore.findByResourceServer(attributes, null, -1, -1);
|
List<Policy> search = policyStore.findByResourceServer(null, attributes, null, null);
|
||||||
|
|
||||||
for (Policy policy : search) {
|
for (Policy policy : search) {
|
||||||
PolicyProviderFactory policyFactory = authorizationProvider.getProviderFactory(policy.getType());
|
PolicyProviderFactory policyFactory = authorizationProvider.getProviderFactory(policy.getType());
|
||||||
|
@ -84,9 +84,9 @@ public class UserSynchronizer implements Synchronizer<UserRemovedEvent> {
|
||||||
ResourceStore resourceStore = storeFactory.getResourceStore();
|
ResourceStore resourceStore = storeFactory.getResourceStore();
|
||||||
UserModel userModel = event.getUser();
|
UserModel userModel = event.getUser();
|
||||||
|
|
||||||
resourceStore.findByOwner(userModel.getId(), null, resource -> {
|
resourceStore.findByOwner(null, userModel.getId(), resource -> {
|
||||||
String resourceId = resource.getId();
|
String resourceId = resource.getId();
|
||||||
policyStore.findByResource(resourceId, resource.getResourceServer()).forEach(policy -> {
|
policyStore.findByResource(resource.getResourceServer(), resource).forEach(policy -> {
|
||||||
if (policy.getResources().size() == 1) {
|
if (policy.getResources().size() == 1) {
|
||||||
policyStore.delete(policy.getId());
|
policyStore.delete(policy.getId());
|
||||||
} else {
|
} else {
|
||||||
|
@ -105,7 +105,7 @@ public class UserSynchronizer implements Synchronizer<UserRemovedEvent> {
|
||||||
|
|
||||||
attributes.put(PermissionTicket.FilterOption.OWNER, userModel.getId());
|
attributes.put(PermissionTicket.FilterOption.OWNER, userModel.getId());
|
||||||
|
|
||||||
for (PermissionTicket ticket : ticketStore.find(attributes, null, -1, -1)) {
|
for (PermissionTicket ticket : ticketStore.find(null, attributes, null, null)) {
|
||||||
ticketStore.delete(ticket.getId());
|
ticketStore.delete(ticket.getId());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -113,7 +113,7 @@ public class UserSynchronizer implements Synchronizer<UserRemovedEvent> {
|
||||||
|
|
||||||
attributes.put(PermissionTicket.FilterOption.REQUESTER, userModel.getId());
|
attributes.put(PermissionTicket.FilterOption.REQUESTER, userModel.getId());
|
||||||
|
|
||||||
for (PermissionTicket ticket : ticketStore.find(attributes, null, -1, -1)) {
|
for (PermissionTicket ticket : ticketStore.find(null, attributes, null, null)) {
|
||||||
ticketStore.delete(ticket.getId());
|
ticketStore.delete(ticket.getId());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -78,7 +78,7 @@ public class MigrateTo2_1_0 implements Migration {
|
||||||
ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
|
ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
|
||||||
|
|
||||||
if (resourceServer != null) {
|
if (resourceServer != null) {
|
||||||
policyStore.findByType("role", resourceServer.getId()).forEach(policy -> {
|
policyStore.findByType(resourceServer, "role").forEach(policy -> {
|
||||||
Map<String, String> config = new HashMap(policy.getConfig());
|
Map<String, String> config = new HashMap(policy.getConfig());
|
||||||
String roles = config.get("roles");
|
String roles = config.get("roles");
|
||||||
List roleConfig;
|
List roleConfig;
|
||||||
|
|
|
@ -910,7 +910,7 @@ public class ModelToRepresentation {
|
||||||
ResourceServerRepresentation server = new ResourceServerRepresentation();
|
ResourceServerRepresentation server = new ResourceServerRepresentation();
|
||||||
|
|
||||||
server.setId(model.getId());
|
server.setId(model.getId());
|
||||||
server.setClientId(model.getId());
|
server.setClientId(model.getClientId());
|
||||||
server.setName(client.getClientId());
|
server.setName(client.getClientId());
|
||||||
server.setAllowRemoteResourceManagement(model.isAllowRemoteResourceManagement());
|
server.setAllowRemoteResourceManagement(model.isAllowRemoteResourceManagement());
|
||||||
server.setPolicyEnforcementMode(model.getPolicyEnforcementMode());
|
server.setPolicyEnforcementMode(model.getPolicyEnforcementMode());
|
||||||
|
@ -953,8 +953,9 @@ public class ModelToRepresentation {
|
||||||
representation.setLogic(policy.getLogic());
|
representation.setLogic(policy.getLogic());
|
||||||
|
|
||||||
if (allFields) {
|
if (allFields) {
|
||||||
representation.setResourcesData(policy.getResources().stream().map(
|
representation.setResourcesData(policy.getResources().stream()
|
||||||
resource -> toRepresentation(resource, resource.getResourceServer(), authorization, true)).collect(Collectors.toSet()));
|
.map(resource -> toRepresentation(resource, policy.getResourceServer(), authorization, true))
|
||||||
|
.collect(Collectors.toSet()));
|
||||||
representation.setScopesData(policy.getScopes().stream().map(
|
representation.setScopesData(policy.getScopes().stream().map(
|
||||||
resource -> toRepresentation(resource)).collect(Collectors.toSet()));
|
resource -> toRepresentation(resource)).collect(Collectors.toSet()));
|
||||||
}
|
}
|
||||||
|
@ -962,11 +963,11 @@ public class ModelToRepresentation {
|
||||||
return representation;
|
return representation;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static ResourceRepresentation toRepresentation(Resource model, String resourceServer, AuthorizationProvider authorization) {
|
public static ResourceRepresentation toRepresentation(Resource model, ResourceServer resourceServer, AuthorizationProvider authorization) {
|
||||||
return toRepresentation(model, resourceServer, authorization, true);
|
return toRepresentation(model, resourceServer, authorization, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static ResourceRepresentation toRepresentation(Resource model, String resourceServer, AuthorizationProvider authorization, Boolean deep) {
|
public static ResourceRepresentation toRepresentation(Resource model, ResourceServer resourceServer, AuthorizationProvider authorization, Boolean deep) {
|
||||||
ResourceRepresentation resource = new ResourceRepresentation();
|
ResourceRepresentation resource = new ResourceRepresentation();
|
||||||
|
|
||||||
resource.setId(model.getId());
|
resource.setId(model.getId());
|
||||||
|
@ -984,8 +985,8 @@ public class ModelToRepresentation {
|
||||||
KeycloakSession keycloakSession = authorization.getKeycloakSession();
|
KeycloakSession keycloakSession = authorization.getKeycloakSession();
|
||||||
RealmModel realm = authorization.getRealm();
|
RealmModel realm = authorization.getRealm();
|
||||||
|
|
||||||
if (owner.getId().equals(resourceServer)) {
|
if (owner.getId().equals(resourceServer.getClientId())) {
|
||||||
ClientModel clientModel = realm.getClientById(resourceServer);
|
ClientModel clientModel = realm.getClientById(resourceServer.getClientId());
|
||||||
owner.setName(clientModel.getClientId());
|
owner.setName(clientModel.getClientId());
|
||||||
} else {
|
} else {
|
||||||
UserModel userModel = keycloakSession.users().getUserById(realm, owner.getId());
|
UserModel userModel = keycloakSession.users().getUserById(realm, owner.getId());
|
||||||
|
|
|
@ -2324,7 +2324,7 @@ public class RepresentationToModel {
|
||||||
|
|
||||||
if (owner == null) {
|
if (owner == null) {
|
||||||
owner = new ResourceOwnerRepresentation();
|
owner = new ResourceOwnerRepresentation();
|
||||||
owner.setId(resourceServer.getId());
|
owner.setId(resourceServer.getClientId());
|
||||||
resource.setOwner(owner);
|
resource.setOwner(owner);
|
||||||
} else if (owner.getName() != null) {
|
} else if (owner.getName() != null) {
|
||||||
UserModel user = session.users().getUserByUsername(realm, owner.getName());
|
UserModel user = session.users().getUserByUsername(realm, owner.getName());
|
||||||
|
@ -2359,10 +2359,10 @@ public class RepresentationToModel {
|
||||||
Set<String> policyIds = new HashSet<>();
|
Set<String> policyIds = new HashSet<>();
|
||||||
|
|
||||||
for (String policyName : policies) {
|
for (String policyName : policies) {
|
||||||
Policy policy = policyStore.findByName(policyName, resourceServer.getId());
|
Policy policy = policyStore.findByName(resourceServer, policyName);
|
||||||
|
|
||||||
if (policy == null) {
|
if (policy == null) {
|
||||||
policy = policyStore.findById(policyName, resourceServer.getId());
|
policy = policyStore.findById(resourceServer, policyName);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (policy == null) {
|
if (policy == null) {
|
||||||
|
@ -2382,14 +2382,14 @@ public class RepresentationToModel {
|
||||||
}
|
}
|
||||||
|
|
||||||
PolicyStore policyStore = storeFactory.getPolicyStore();
|
PolicyStore policyStore = storeFactory.getPolicyStore();
|
||||||
Policy policy = policyStore.findById(policyRepresentation.getId(), resourceServer.getId());
|
Policy policy = policyStore.findById(resourceServer, policyRepresentation.getId());
|
||||||
|
|
||||||
if (policy == null) {
|
if (policy == null) {
|
||||||
policy = policyStore.findByName(policyRepresentation.getName(), resourceServer.getId());
|
policy = policyStore.findByName(resourceServer, policyRepresentation.getName());
|
||||||
}
|
}
|
||||||
|
|
||||||
if (policy == null) {
|
if (policy == null) {
|
||||||
policy = policyStore.create(policyRepresentation, resourceServer);
|
policy = policyStore.create(resourceServer, policyRepresentation);
|
||||||
} else {
|
} else {
|
||||||
policy = toModel(policyRepresentation, authorization, policy);
|
policy = toModel(policyRepresentation, authorization, policy);
|
||||||
}
|
}
|
||||||
|
@ -2494,10 +2494,10 @@ public class RepresentationToModel {
|
||||||
}
|
}
|
||||||
if (!hasScope) {
|
if (!hasScope) {
|
||||||
ResourceServer resourceServer = policy.getResourceServer();
|
ResourceServer resourceServer = policy.getResourceServer();
|
||||||
Scope scope = storeFactory.getScopeStore().findById(scopeId, resourceServer.getId());
|
Scope scope = storeFactory.getScopeStore().findById(resourceServer, scopeId);
|
||||||
|
|
||||||
if (scope == null) {
|
if (scope == null) {
|
||||||
scope = storeFactory.getScopeStore().findByName(scopeId, resourceServer.getId());
|
scope = storeFactory.getScopeStore().findByName(resourceServer, scopeId);
|
||||||
if (scope == null) {
|
if (scope == null) {
|
||||||
throw new RuntimeException("Scope with id or name [" + scopeId + "] does not exist");
|
throw new RuntimeException("Scope with id or name [" + scopeId + "] does not exist");
|
||||||
}
|
}
|
||||||
|
@ -2547,10 +2547,10 @@ public class RepresentationToModel {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!hasPolicy) {
|
if (!hasPolicy) {
|
||||||
Policy associatedPolicy = policyStore.findById(policyId, resourceServer.getId());
|
Policy associatedPolicy = policyStore.findById(resourceServer, policyId);
|
||||||
|
|
||||||
if (associatedPolicy == null) {
|
if (associatedPolicy == null) {
|
||||||
associatedPolicy = policyStore.findByName(policyId, resourceServer.getId());
|
associatedPolicy = policyStore.findByName(resourceServer, policyId);
|
||||||
if (associatedPolicy == null) {
|
if (associatedPolicy == null) {
|
||||||
throw new RuntimeException("Policy with id or name [" + policyId + "] does not exist");
|
throw new RuntimeException("Policy with id or name [" + policyId + "] does not exist");
|
||||||
}
|
}
|
||||||
|
@ -2592,10 +2592,10 @@ public class RepresentationToModel {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (!hasResource && !"".equals(resourceId)) {
|
if (!hasResource && !"".equals(resourceId)) {
|
||||||
Resource resource = storeFactory.getResourceStore().findById(resourceId, policy.getResourceServer().getId());
|
Resource resource = storeFactory.getResourceStore().findById(policy.getResourceServer(), resourceId);
|
||||||
|
|
||||||
if (resource == null) {
|
if (resource == null) {
|
||||||
resource = storeFactory.getResourceStore().findByName(resourceId, policy.getResourceServer().getId());
|
resource = storeFactory.getResourceStore().findByName(policy.getResourceServer(), resourceId);
|
||||||
if (resource == null) {
|
if (resource == null) {
|
||||||
throw new RuntimeException("Resource with id or name [" + resourceId + "] does not exist or is not owned by the resource server");
|
throw new RuntimeException("Resource with id or name [" + resourceId + "] does not exist or is not owned by the resource server");
|
||||||
}
|
}
|
||||||
|
@ -2629,16 +2629,16 @@ public class RepresentationToModel {
|
||||||
|
|
||||||
if (owner == null) {
|
if (owner == null) {
|
||||||
owner = new ResourceOwnerRepresentation();
|
owner = new ResourceOwnerRepresentation();
|
||||||
owner.setId(resourceServer.getId());
|
owner.setId(resourceServer.getClientId());
|
||||||
}
|
}
|
||||||
|
|
||||||
String ownerId = owner.getId();
|
String ownerId = owner.getId();
|
||||||
|
|
||||||
if (ownerId == null) {
|
if (ownerId == null) {
|
||||||
ownerId = resourceServer.getId();
|
ownerId = resourceServer.getClientId();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!resourceServer.getId().equals(ownerId)) {
|
if (!resourceServer.getClientId().equals(ownerId)) {
|
||||||
RealmModel realm = authorization.getRealm();
|
RealmModel realm = authorization.getRealm();
|
||||||
KeycloakSession keycloakSession = authorization.getKeycloakSession();
|
KeycloakSession keycloakSession = authorization.getKeycloakSession();
|
||||||
UserProvider users = keycloakSession.users();
|
UserProvider users = keycloakSession.users();
|
||||||
|
@ -2658,9 +2658,9 @@ public class RepresentationToModel {
|
||||||
Resource existing;
|
Resource existing;
|
||||||
|
|
||||||
if (resource.getId() != null) {
|
if (resource.getId() != null) {
|
||||||
existing = resourceStore.findById(resource.getId(), resourceServer.getId());
|
existing = resourceStore.findById(resourceServer, resource.getId());
|
||||||
} else {
|
} else {
|
||||||
existing = resourceStore.findByName(resource.getName(), ownerId, resourceServer.getId());
|
existing = resourceStore.findByName(resourceServer, resource.getName(), ownerId);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (existing != null) {
|
if (existing != null) {
|
||||||
|
@ -2695,7 +2695,7 @@ public class RepresentationToModel {
|
||||||
return existing;
|
return existing;
|
||||||
}
|
}
|
||||||
|
|
||||||
Resource model = resourceStore.create(resource.getId(), resource.getName(), resourceServer, ownerId);
|
Resource model = resourceStore.create(resourceServer, resource.getId(), resource.getName(), ownerId);
|
||||||
|
|
||||||
model.setDisplayName(resource.getDisplayName());
|
model.setDisplayName(resource.getDisplayName());
|
||||||
model.setType(resource.getType());
|
model.setType(resource.getType());
|
||||||
|
@ -2732,9 +2732,9 @@ public class RepresentationToModel {
|
||||||
Scope existing;
|
Scope existing;
|
||||||
|
|
||||||
if (scope.getId() != null) {
|
if (scope.getId() != null) {
|
||||||
existing = scopeStore.findById(scope.getId(), resourceServer.getId());
|
existing = scopeStore.findById(resourceServer, scope.getId());
|
||||||
} else {
|
} else {
|
||||||
existing = scopeStore.findByName(scope.getName(), resourceServer.getId());
|
existing = scopeStore.findByName(resourceServer, scope.getName());
|
||||||
}
|
}
|
||||||
|
|
||||||
if (existing != null) {
|
if (existing != null) {
|
||||||
|
@ -2746,7 +2746,7 @@ public class RepresentationToModel {
|
||||||
return existing;
|
return existing;
|
||||||
}
|
}
|
||||||
|
|
||||||
Scope model = scopeStore.create(scope.getId(), scope.getName(), resourceServer);
|
Scope model = scopeStore.create(resourceServer, scope.getId(), scope.getName());
|
||||||
|
|
||||||
model.setDisplayName(scope.getDisplayName());
|
model.setDisplayName(scope.getDisplayName());
|
||||||
model.setIconUri(scope.getIconUri());
|
model.setIconUri(scope.getIconUri());
|
||||||
|
@ -2756,9 +2756,9 @@ public class RepresentationToModel {
|
||||||
return model;
|
return model;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static PermissionTicket toModel(PermissionTicketRepresentation representation, String resourceServerId, AuthorizationProvider authorization) {
|
public static PermissionTicket toModel(PermissionTicketRepresentation representation, ResourceServer resourceServer, AuthorizationProvider authorization) {
|
||||||
PermissionTicketStore ticketStore = authorization.getStoreFactory().getPermissionTicketStore();
|
PermissionTicketStore ticketStore = authorization.getStoreFactory().getPermissionTicketStore();
|
||||||
PermissionTicket ticket = ticketStore.findById(representation.getId(), resourceServerId);
|
PermissionTicket ticket = ticketStore.findById(resourceServer, representation.getId());
|
||||||
boolean granted = representation.isGranted();
|
boolean granted = representation.isGranted();
|
||||||
|
|
||||||
if (granted && !ticket.isGranted()) {
|
if (granted && !ticket.isGranted()) {
|
||||||
|
|
|
@ -172,21 +172,21 @@ public class PolicyEvaluationService {
|
||||||
|
|
||||||
ScopeStore scopeStore = storeFactory.getScopeStore();
|
ScopeStore scopeStore = storeFactory.getScopeStore();
|
||||||
|
|
||||||
Set<Scope> scopes = givenScopes.stream().map(scopeRepresentation -> scopeStore.findByName(scopeRepresentation.getName(), resourceServer.getId())).collect(Collectors.toSet());
|
Set<Scope> scopes = givenScopes.stream().map(scopeRepresentation -> scopeStore.findByName(resourceServer, scopeRepresentation.getName())).collect(Collectors.toSet());
|
||||||
|
|
||||||
if (resource.getId() != null) {
|
if (resource.getId() != null) {
|
||||||
Resource resourceModel = storeFactory.getResourceStore().findById(resource.getId(), resourceServer.getId());
|
Resource resourceModel = storeFactory.getResourceStore().findById(resourceServer, resource.getId());
|
||||||
return new ArrayList<>(Arrays.asList(
|
return new ArrayList<>(Arrays.asList(
|
||||||
Permissions.createResourcePermissions(resourceModel, resourceServer, scopes, authorization, request))).stream();
|
Permissions.createResourcePermissions(resourceModel, resourceServer, scopes, authorization, request))).stream();
|
||||||
} else if (resource.getType() != null) {
|
} else if (resource.getType() != null) {
|
||||||
return storeFactory.getResourceStore().findByType(resource.getType(), resourceServer.getId()).stream().map(resource1 -> Permissions.createResourcePermissions(resource1,
|
return storeFactory.getResourceStore().findByType(resourceServer, resource.getType()).stream().map(resource1 -> Permissions.createResourcePermissions(resource1,
|
||||||
resourceServer, scopes, authorization, request));
|
resourceServer, scopes, authorization, request));
|
||||||
} else {
|
} else {
|
||||||
if (scopes.isEmpty()) {
|
if (scopes.isEmpty()) {
|
||||||
return Stream.empty();
|
return Stream.empty();
|
||||||
}
|
}
|
||||||
|
|
||||||
List<Resource> resources = storeFactory.getResourceStore().findByScope(scopes.stream().map(Scope::getId).collect(Collectors.toList()), resourceServer.getId());
|
List<Resource> resources = storeFactory.getResourceStore().findByScopes(resourceServer, scopes);
|
||||||
|
|
||||||
if (resources.isEmpty()) {
|
if (resources.isEmpty()) {
|
||||||
return scopes.stream().map(scope -> new ResourcePermission(null, new ArrayList<>(Arrays.asList(scope)), resourceServer));
|
return scopes.stream().map(scope -> new ResourcePermission(null, new ArrayList<>(Arrays.asList(scope)), resourceServer));
|
||||||
|
@ -254,7 +254,7 @@ public class PolicyEvaluationService {
|
||||||
String clientId = representation.getClientId();
|
String clientId = representation.getClientId();
|
||||||
|
|
||||||
if (clientId == null) {
|
if (clientId == null) {
|
||||||
clientId = resourceServer.getId();
|
clientId = resourceServer.getClientId();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (clientId != null) {
|
if (clientId != null) {
|
||||||
|
@ -287,7 +287,7 @@ public class PolicyEvaluationService {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (client == null) {
|
if (client == null) {
|
||||||
client = realm.getClientById(resourceServer.getId());
|
client = realm.getClientById(resourceServer.getClientId());
|
||||||
}
|
}
|
||||||
|
|
||||||
accessToken.issuedFor(client.getClientId());
|
accessToken.issuedFor(client.getClientId());
|
||||||
|
|
|
@ -39,7 +39,6 @@ import org.keycloak.authorization.store.PolicyStore;
|
||||||
import org.keycloak.authorization.store.StoreFactory;
|
import org.keycloak.authorization.store.StoreFactory;
|
||||||
import org.keycloak.events.admin.OperationType;
|
import org.keycloak.events.admin.OperationType;
|
||||||
import org.keycloak.events.admin.ResourceType;
|
import org.keycloak.events.admin.ResourceType;
|
||||||
import org.keycloak.models.KeycloakSession;
|
|
||||||
import org.keycloak.models.utils.ModelToRepresentation;
|
import org.keycloak.models.utils.ModelToRepresentation;
|
||||||
import org.keycloak.models.utils.RepresentationToModel;
|
import org.keycloak.models.utils.RepresentationToModel;
|
||||||
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
|
import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation;
|
||||||
|
@ -155,7 +154,7 @@ public class PolicyResourceService {
|
||||||
return Response.status(Status.NOT_FOUND).build();
|
return Response.status(Status.NOT_FOUND).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
List<Policy> policies = authorization.getStoreFactory().getPolicyStore().findDependentPolicies(policy.getId(), resourceServer.getId());
|
List<Policy> policies = authorization.getStoreFactory().getPolicyStore().findDependentPolicies(resourceServer, policy.getId());
|
||||||
|
|
||||||
return Response.ok(policies.stream().map(policy -> {
|
return Response.ok(policies.stream().map(policy -> {
|
||||||
PolicyRepresentation representation1 = new PolicyRepresentation();
|
PolicyRepresentation representation1 = new PolicyRepresentation();
|
||||||
|
|
|
@ -88,7 +88,7 @@ public class PolicyService {
|
||||||
return doCreatePolicyTypeResource(type);
|
return doCreatePolicyTypeResource(type);
|
||||||
}
|
}
|
||||||
|
|
||||||
Policy policy = authorization.getStoreFactory().getPolicyStore().findById(type, resourceServer.getId());
|
Policy policy = authorization.getStoreFactory().getPolicyStore().findById(resourceServer, type);
|
||||||
|
|
||||||
return doCreatePolicyResource(policy);
|
return doCreatePolicyResource(policy);
|
||||||
}
|
}
|
||||||
|
@ -134,13 +134,13 @@ public class PolicyService {
|
||||||
|
|
||||||
public Policy create(AbstractPolicyRepresentation representation) {
|
public Policy create(AbstractPolicyRepresentation representation) {
|
||||||
PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
|
PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
|
||||||
Policy existing = policyStore.findByName(representation.getName(), resourceServer.getId());
|
Policy existing = policyStore.findByName(resourceServer, representation.getName());
|
||||||
|
|
||||||
if (existing != null) {
|
if (existing != null) {
|
||||||
throw new ErrorResponseException("Policy with name [" + representation.getName() + "] already exists", "Conflicting policy", Status.CONFLICT);
|
throw new ErrorResponseException("Policy with name [" + representation.getName() + "] already exists", "Conflicting policy", Status.CONFLICT);
|
||||||
}
|
}
|
||||||
|
|
||||||
return policyStore.create(representation, resourceServer);
|
return policyStore.create(resourceServer, representation);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("/search")
|
@Path("/search")
|
||||||
|
@ -158,7 +158,7 @@ public class PolicyService {
|
||||||
return Response.status(Status.BAD_REQUEST).build();
|
return Response.status(Status.BAD_REQUEST).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
Policy model = storeFactory.getPolicyStore().findByName(name, this.resourceServer.getId());
|
Policy model = storeFactory.getPolicyStore().findByName(this.resourceServer, name);
|
||||||
|
|
||||||
if (model == null) {
|
if (model == null) {
|
||||||
return Response.noContent().build();
|
return Response.noContent().build();
|
||||||
|
@ -206,7 +206,7 @@ public class PolicyService {
|
||||||
|
|
||||||
if (resource != null && !"".equals(resource.trim())) {
|
if (resource != null && !"".equals(resource.trim())) {
|
||||||
ResourceStore resourceStore = storeFactory.getResourceStore();
|
ResourceStore resourceStore = storeFactory.getResourceStore();
|
||||||
Resource resourceModel = resourceStore.findById(resource, resourceServer.getId());
|
Resource resourceModel = resourceStore.findById(resourceServer, resource);
|
||||||
|
|
||||||
if (resourceModel == null) {
|
if (resourceModel == null) {
|
||||||
Map<Resource.FilterOption, String[]> resourceFilters = new EnumMap<>(Resource.FilterOption.class);
|
Map<Resource.FilterOption, String[]> resourceFilters = new EnumMap<>(Resource.FilterOption.class);
|
||||||
|
@ -217,7 +217,7 @@ public class PolicyService {
|
||||||
resourceFilters.put(Resource.FilterOption.OWNER, new String[]{owner});
|
resourceFilters.put(Resource.FilterOption.OWNER, new String[]{owner});
|
||||||
}
|
}
|
||||||
|
|
||||||
Set<String> resources = resourceStore.findByResourceServer(resourceFilters, resourceServer.getId(), -1, 1).stream().map(Resource::getId).collect(Collectors.toSet());
|
Set<String> resources = resourceStore.findByResourceServer(resourceServer, resourceFilters, -1, 1).stream().map(Resource::getId).collect(Collectors.toSet());
|
||||||
|
|
||||||
if (resources.isEmpty()) {
|
if (resources.isEmpty()) {
|
||||||
return Response.noContent().build();
|
return Response.noContent().build();
|
||||||
|
@ -231,14 +231,14 @@ public class PolicyService {
|
||||||
|
|
||||||
if (scope != null && !"".equals(scope.trim())) {
|
if (scope != null && !"".equals(scope.trim())) {
|
||||||
ScopeStore scopeStore = storeFactory.getScopeStore();
|
ScopeStore scopeStore = storeFactory.getScopeStore();
|
||||||
Scope scopeModel = scopeStore.findById(scope, resourceServer.getId());
|
Scope scopeModel = scopeStore.findById(resourceServer, scope);
|
||||||
|
|
||||||
if (scopeModel == null) {
|
if (scopeModel == null) {
|
||||||
Map<Scope.FilterOption, String[]> scopeFilters = new EnumMap<>(Scope.FilterOption.class);
|
Map<Scope.FilterOption, String[]> scopeFilters = new EnumMap<>(Scope.FilterOption.class);
|
||||||
|
|
||||||
scopeFilters.put(Scope.FilterOption.NAME, new String[]{scope});
|
scopeFilters.put(Scope.FilterOption.NAME, new String[]{scope});
|
||||||
|
|
||||||
Set<String> scopes = scopeStore.findByResourceServer(scopeFilters, resourceServer.getId(), -1, 1).stream().map(Scope::getId).collect(Collectors.toSet());
|
Set<String> scopes = scopeStore.findByResourceServer(resourceServer, scopeFilters, -1, 1).stream().map(Scope::getId).collect(Collectors.toSet());
|
||||||
|
|
||||||
if (scopes.isEmpty()) {
|
if (scopes.isEmpty()) {
|
||||||
return Response.noContent().build();
|
return Response.noContent().build();
|
||||||
|
@ -265,7 +265,7 @@ public class PolicyService {
|
||||||
|
|
||||||
protected List<Object> doSearch(Integer firstResult, Integer maxResult, String fields, Map<Policy.FilterOption, String[]> filters) {
|
protected List<Object> doSearch(Integer firstResult, Integer maxResult, String fields, Map<Policy.FilterOption, String[]> filters) {
|
||||||
PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
|
PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
|
||||||
return policyStore.findByResourceServer(filters, resourceServer.getId(), firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS).stream()
|
return policyStore.findByResourceServer(resourceServer, filters, firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS).stream()
|
||||||
.map(policy -> toRepresentation(policy, fields, authorization))
|
.map(policy -> toRepresentation(policy, fields, authorization))
|
||||||
.collect(Collectors.toList());
|
.collect(Collectors.toList());
|
||||||
}
|
}
|
||||||
|
|
|
@ -113,7 +113,7 @@ public class ResourceSetService {
|
||||||
|
|
||||||
if (owner == null) {
|
if (owner == null) {
|
||||||
owner = new ResourceOwnerRepresentation();
|
owner = new ResourceOwnerRepresentation();
|
||||||
owner.setId(resourceServer.getId());
|
owner.setId(resourceServer.getClientId());
|
||||||
resource.setOwner(owner);
|
resource.setOwner(owner);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -123,13 +123,13 @@ public class ResourceSetService {
|
||||||
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "You must specify the resource owner.", Status.BAD_REQUEST);
|
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "You must specify the resource owner.", Status.BAD_REQUEST);
|
||||||
}
|
}
|
||||||
|
|
||||||
Resource existingResource = storeFactory.getResourceStore().findByName(resource.getName(), ownerId, this.resourceServer.getId());
|
Resource existingResource = storeFactory.getResourceStore().findByName(this.resourceServer, resource.getName(), ownerId);
|
||||||
|
|
||||||
if (existingResource != null) {
|
if (existingResource != null) {
|
||||||
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Resource with name [" + resource.getName() + "] already exists.", Status.CONFLICT);
|
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Resource with name [" + resource.getName() + "] already exists.", Status.CONFLICT);
|
||||||
}
|
}
|
||||||
|
|
||||||
return toRepresentation(toModel(resource, this.resourceServer, authorization), resourceServer.getId(), authorization);
|
return toRepresentation(toModel(resource, this.resourceServer, authorization), resourceServer, authorization);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
|
@ -141,7 +141,7 @@ public class ResourceSetService {
|
||||||
resource.setId(id);
|
resource.setId(id);
|
||||||
StoreFactory storeFactory = this.authorization.getStoreFactory();
|
StoreFactory storeFactory = this.authorization.getStoreFactory();
|
||||||
ResourceStore resourceStore = storeFactory.getResourceStore();
|
ResourceStore resourceStore = storeFactory.getResourceStore();
|
||||||
Resource model = resourceStore.findById(resource.getId(), resourceServer.getId());
|
Resource model = resourceStore.findById(resourceServer, resource.getId());
|
||||||
|
|
||||||
if (model == null) {
|
if (model == null) {
|
||||||
return Response.status(Status.NOT_FOUND).build();
|
return Response.status(Status.NOT_FOUND).build();
|
||||||
|
@ -159,7 +159,7 @@ public class ResourceSetService {
|
||||||
public Response delete(@PathParam("id") String id) {
|
public Response delete(@PathParam("id") String id) {
|
||||||
requireManage();
|
requireManage();
|
||||||
StoreFactory storeFactory = authorization.getStoreFactory();
|
StoreFactory storeFactory = authorization.getStoreFactory();
|
||||||
Resource resource = storeFactory.getResourceStore().findById(id, resourceServer.getId());
|
Resource resource = storeFactory.getResourceStore().findById(resourceServer, id);
|
||||||
|
|
||||||
if (resource == null) {
|
if (resource == null) {
|
||||||
return Response.status(Status.NOT_FOUND).build();
|
return Response.status(Status.NOT_FOUND).build();
|
||||||
|
@ -167,7 +167,7 @@ public class ResourceSetService {
|
||||||
|
|
||||||
storeFactory.getResourceStore().delete(id);
|
storeFactory.getResourceStore().delete(id);
|
||||||
|
|
||||||
audit(toRepresentation(resource, resourceServer.getId(), authorization), OperationType.DELETE);
|
audit(toRepresentation(resource, resourceServer, authorization), OperationType.DELETE);
|
||||||
|
|
||||||
return Response.noContent().build();
|
return Response.noContent().build();
|
||||||
}
|
}
|
||||||
|
@ -177,13 +177,13 @@ public class ResourceSetService {
|
||||||
@NoCache
|
@NoCache
|
||||||
@Produces("application/json")
|
@Produces("application/json")
|
||||||
public Response findById(@PathParam("id") String id) {
|
public Response findById(@PathParam("id") String id) {
|
||||||
return findById(id, resource -> toRepresentation(resource, resourceServer.getId(), authorization, true));
|
return findById(id, resource -> toRepresentation(resource, resourceServer, authorization, true));
|
||||||
}
|
}
|
||||||
|
|
||||||
public Response findById(String id, Function<Resource, ? extends ResourceRepresentation> toRepresentation) {
|
public Response findById(String id, Function<Resource, ? extends ResourceRepresentation> toRepresentation) {
|
||||||
requireView();
|
requireView();
|
||||||
StoreFactory storeFactory = authorization.getStoreFactory();
|
StoreFactory storeFactory = authorization.getStoreFactory();
|
||||||
Resource model = storeFactory.getResourceStore().findById(id, resourceServer.getId());
|
Resource model = storeFactory.getResourceStore().findById(resourceServer, id);
|
||||||
|
|
||||||
if (model == null) {
|
if (model == null) {
|
||||||
return Response.status(Status.NOT_FOUND).build();
|
return Response.status(Status.NOT_FOUND).build();
|
||||||
|
@ -199,7 +199,7 @@ public class ResourceSetService {
|
||||||
public Response getScopes(@PathParam("id") String id) {
|
public Response getScopes(@PathParam("id") String id) {
|
||||||
requireView();
|
requireView();
|
||||||
StoreFactory storeFactory = authorization.getStoreFactory();
|
StoreFactory storeFactory = authorization.getStoreFactory();
|
||||||
Resource model = storeFactory.getResourceStore().findById(id, resourceServer.getId());
|
Resource model = storeFactory.getResourceStore().findById(resourceServer, id);
|
||||||
|
|
||||||
if (model == null) {
|
if (model == null) {
|
||||||
return Response.status(Status.NOT_FOUND).build();
|
return Response.status(Status.NOT_FOUND).build();
|
||||||
|
@ -214,10 +214,10 @@ public class ResourceSetService {
|
||||||
return representation;
|
return representation;
|
||||||
}).collect(Collectors.toList());
|
}).collect(Collectors.toList());
|
||||||
|
|
||||||
if (model.getType() != null && !model.getOwner().equals(resourceServer.getId())) {
|
if (model.getType() != null && !model.getOwner().equals(resourceServer.getClientId())) {
|
||||||
ResourceStore resourceStore = authorization.getStoreFactory().getResourceStore();
|
ResourceStore resourceStore = authorization.getStoreFactory().getResourceStore();
|
||||||
for (Resource typed : resourceStore.findByType(model.getType(), resourceServer.getId())) {
|
for (Resource typed : resourceStore.findByType(resourceServer, model.getType())) {
|
||||||
if (typed.getOwner().equals(resourceServer.getId()) && !typed.getId().equals(model.getId())) {
|
if (typed.getOwner().equals(resourceServer.getClientId()) && !typed.getId().equals(model.getId())) {
|
||||||
scopes.addAll(typed.getScopes().stream().map(model1 -> {
|
scopes.addAll(typed.getScopes().stream().map(model1 -> {
|
||||||
ScopeRepresentation scope = new ScopeRepresentation();
|
ScopeRepresentation scope = new ScopeRepresentation();
|
||||||
scope.setId(model1.getId());
|
scope.setId(model1.getId());
|
||||||
|
@ -243,7 +243,7 @@ public class ResourceSetService {
|
||||||
requireView();
|
requireView();
|
||||||
StoreFactory storeFactory = authorization.getStoreFactory();
|
StoreFactory storeFactory = authorization.getStoreFactory();
|
||||||
ResourceStore resourceStore = storeFactory.getResourceStore();
|
ResourceStore resourceStore = storeFactory.getResourceStore();
|
||||||
Resource model = resourceStore.findById(id, resourceServer.getId());
|
Resource model = resourceStore.findById(resourceServer, id);
|
||||||
|
|
||||||
if (model == null) {
|
if (model == null) {
|
||||||
return Response.status(Status.NOT_FOUND).build();
|
return Response.status(Status.NOT_FOUND).build();
|
||||||
|
@ -252,23 +252,23 @@ public class ResourceSetService {
|
||||||
PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
|
PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
|
||||||
Set<Policy> policies = new HashSet<>();
|
Set<Policy> policies = new HashSet<>();
|
||||||
|
|
||||||
policies.addAll(policyStore.findByResource(model.getId(), resourceServer.getId()));
|
policies.addAll(policyStore.findByResource(resourceServer, model));
|
||||||
|
|
||||||
if (model.getType() != null) {
|
if (model.getType() != null) {
|
||||||
policies.addAll(policyStore.findByResourceType(model.getType(), resourceServer.getId()));
|
policies.addAll(policyStore.findByResourceType(resourceServer, model.getType()));
|
||||||
|
|
||||||
Map<Resource.FilterOption, String[]> resourceFilter = new EnumMap<>(Resource.FilterOption.class);
|
Map<Resource.FilterOption, String[]> resourceFilter = new EnumMap<>(Resource.FilterOption.class);
|
||||||
|
|
||||||
resourceFilter.put(Resource.FilterOption.OWNER, new String[]{resourceServer.getId()});
|
resourceFilter.put(Resource.FilterOption.OWNER, new String[]{resourceServer.getClientId()});
|
||||||
resourceFilter.put(Resource.FilterOption.TYPE, new String[]{model.getType()});
|
resourceFilter.put(Resource.FilterOption.TYPE, new String[]{model.getType()});
|
||||||
|
|
||||||
for (Resource resourceType : resourceStore.findByResourceServer(resourceFilter, resourceServer.getId(), -1, -1)) {
|
for (Resource resourceType : resourceStore.findByResourceServer(resourceServer, resourceFilter, null, null)) {
|
||||||
policies.addAll(policyStore.findByResource(resourceType.getId(), resourceServer.getId()));
|
policies.addAll(policyStore.findByResource(resourceServer, resourceType));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
policies.addAll(policyStore.findByScopeIds(model.getScopes().stream().map(scope -> scope.getId()).collect(Collectors.toList()), id, resourceServer.getId()));
|
policies.addAll(policyStore.findByScopes(resourceServer, model, model.getScopes()));
|
||||||
policies.addAll(policyStore.findByScopeIds(model.getScopes().stream().map(scope -> scope.getId()).collect(Collectors.toList()), null, resourceServer.getId()));
|
policies.addAll(policyStore.findByScopes(resourceServer, null, model.getScopes()));
|
||||||
|
|
||||||
List<PolicyRepresentation> representation = new ArrayList<>();
|
List<PolicyRepresentation> representation = new ArrayList<>();
|
||||||
|
|
||||||
|
@ -296,7 +296,7 @@ public class ResourceSetService {
|
||||||
public Response getAttributes(@PathParam("id") String id) {
|
public Response getAttributes(@PathParam("id") String id) {
|
||||||
requireView();
|
requireView();
|
||||||
StoreFactory storeFactory = authorization.getStoreFactory();
|
StoreFactory storeFactory = authorization.getStoreFactory();
|
||||||
Resource model = storeFactory.getResourceStore().findById(id, resourceServer.getId());
|
Resource model = storeFactory.getResourceStore().findById(resourceServer, id);
|
||||||
|
|
||||||
if (model == null) {
|
if (model == null) {
|
||||||
return Response.status(Status.NOT_FOUND).build();
|
return Response.status(Status.NOT_FOUND).build();
|
||||||
|
@ -317,13 +317,13 @@ public class ResourceSetService {
|
||||||
return Response.status(Status.BAD_REQUEST).build();
|
return Response.status(Status.BAD_REQUEST).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
Resource model = storeFactory.getResourceStore().findByName(name, this.resourceServer.getId());
|
Resource model = storeFactory.getResourceStore().findByName(this.resourceServer, name);
|
||||||
|
|
||||||
if (model == null) {
|
if (model == null) {
|
||||||
return Response.status(Status.NO_CONTENT).build();
|
return Response.status(Status.NO_CONTENT).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
return Response.ok(toRepresentation(model, this.resourceServer.getId(), authorization)).build();
|
return Response.ok(toRepresentation(model, this.resourceServer, authorization)).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
|
@ -340,7 +340,7 @@ public class ResourceSetService {
|
||||||
@QueryParam("deep") Boolean deep,
|
@QueryParam("deep") Boolean deep,
|
||||||
@QueryParam("first") Integer firstResult,
|
@QueryParam("first") Integer firstResult,
|
||||||
@QueryParam("max") Integer maxResult) {
|
@QueryParam("max") Integer maxResult) {
|
||||||
return find(id, name, uri, owner, type, scope, matchingUri, exactName, deep, firstResult, maxResult, (BiFunction<Resource, Boolean, ResourceRepresentation>) (resource, deep1) -> toRepresentation(resource, resourceServer.getId(), authorization, deep1));
|
return find(id, name, uri, owner, type, scope, matchingUri, exactName, deep, firstResult, maxResult, (BiFunction<Resource, Boolean, ResourceRepresentation>) (resource, deep1) -> toRepresentation(resource, resourceServer, authorization, deep1));
|
||||||
}
|
}
|
||||||
|
|
||||||
public Response find(@QueryParam("_id") String id,
|
public Response find(@QueryParam("_id") String id,
|
||||||
|
@ -403,7 +403,7 @@ public class ResourceSetService {
|
||||||
|
|
||||||
scopeFilter.put(Scope.FilterOption.NAME, new String[] {scope});
|
scopeFilter.put(Scope.FilterOption.NAME, new String[] {scope});
|
||||||
|
|
||||||
List<Scope> scopes = authorization.getStoreFactory().getScopeStore().findByResourceServer(scopeFilter, resourceServer.getId(), -1, -1);
|
List<Scope> scopes = authorization.getStoreFactory().getScopeStore().findByResourceServer(resourceServer, scopeFilter, null, null);
|
||||||
|
|
||||||
if (scopes.isEmpty()) {
|
if (scopes.isEmpty()) {
|
||||||
return Response.ok(Collections.emptyList()).build();
|
return Response.ok(Collections.emptyList()).build();
|
||||||
|
@ -412,15 +412,15 @@ public class ResourceSetService {
|
||||||
search.put(Resource.FilterOption.SCOPE_ID, scopes.stream().map(Scope::getId).toArray(String[]::new));
|
search.put(Resource.FilterOption.SCOPE_ID, scopes.stream().map(Scope::getId).toArray(String[]::new));
|
||||||
}
|
}
|
||||||
|
|
||||||
List<Resource> resources = storeFactory.getResourceStore().findByResourceServer(search, this.resourceServer.getId(), firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS);
|
List<Resource> resources = storeFactory.getResourceStore().findByResourceServer(this.resourceServer, search, firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS);
|
||||||
|
|
||||||
if (matchingUri != null && matchingUri && resources.isEmpty()) {
|
if (matchingUri != null && matchingUri && resources.isEmpty()) {
|
||||||
Map<Resource.FilterOption, String[]> attributes = new EnumMap<>(Resource.FilterOption.class);
|
Map<Resource.FilterOption, String[]> attributes = new EnumMap<>(Resource.FilterOption.class);
|
||||||
|
|
||||||
attributes.put(Resource.FilterOption.URI_NOT_NULL, new String[] {"true"});
|
attributes.put(Resource.FilterOption.URI_NOT_NULL, new String[] {"true"});
|
||||||
attributes.put(Resource.FilterOption.OWNER, new String[] {resourceServer.getId()});
|
attributes.put(Resource.FilterOption.OWNER, new String[] {resourceServer.getClientId()});
|
||||||
|
|
||||||
List<Resource> serverResources = storeFactory.getResourceStore().findByResourceServer(attributes, this.resourceServer.getId(), firstResult != null ? firstResult : -1, maxResult != null ? maxResult : -1);
|
List<Resource> serverResources = storeFactory.getResourceStore().findByResourceServer(this.resourceServer, attributes, firstResult != null ? firstResult : -1, maxResult != null ? maxResult : -1);
|
||||||
|
|
||||||
PathMatcher<Map.Entry<String, Resource>> pathMatcher = new PathMatcher<Map.Entry<String, Resource>>() {
|
PathMatcher<Map.Entry<String, Resource>> pathMatcher = new PathMatcher<Map.Entry<String, Resource>>() {
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -50,6 +50,7 @@ import javax.ws.rs.core.Response;
|
||||||
import javax.ws.rs.core.Response.Status;
|
import javax.ws.rs.core.Response.Status;
|
||||||
|
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
|
import java.util.Collections;
|
||||||
import java.util.EnumMap;
|
import java.util.EnumMap;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
@ -100,7 +101,7 @@ public class ScopeService {
|
||||||
this.auth.realm().requireManageAuthorization();
|
this.auth.realm().requireManageAuthorization();
|
||||||
scope.setId(id);
|
scope.setId(id);
|
||||||
StoreFactory storeFactory = authorization.getStoreFactory();
|
StoreFactory storeFactory = authorization.getStoreFactory();
|
||||||
Scope model = storeFactory.getScopeStore().findById(scope.getId(), resourceServer.getId());
|
Scope model = storeFactory.getScopeStore().findById(resourceServer, scope.getId());
|
||||||
|
|
||||||
if (model == null) {
|
if (model == null) {
|
||||||
return Response.status(Status.NOT_FOUND).build();
|
return Response.status(Status.NOT_FOUND).build();
|
||||||
|
@ -118,20 +119,19 @@ public class ScopeService {
|
||||||
public Response delete(@PathParam("id") String id) {
|
public Response delete(@PathParam("id") String id) {
|
||||||
this.auth.realm().requireManageAuthorization();
|
this.auth.realm().requireManageAuthorization();
|
||||||
StoreFactory storeFactory = authorization.getStoreFactory();
|
StoreFactory storeFactory = authorization.getStoreFactory();
|
||||||
List<Resource> resources = storeFactory.getResourceStore().findByScope(Arrays.asList(id), resourceServer.getId());
|
Scope scope = storeFactory.getScopeStore().findById(resourceServer, id);
|
||||||
|
|
||||||
if (!resources.isEmpty()) {
|
|
||||||
return ErrorResponse.error("Scopes can not be removed while associated with resources.", Status.BAD_REQUEST);
|
|
||||||
}
|
|
||||||
|
|
||||||
Scope scope = storeFactory.getScopeStore().findById(id, resourceServer.getId());
|
|
||||||
|
|
||||||
if (scope == null) {
|
if (scope == null) {
|
||||||
return Response.status(Status.NOT_FOUND).build();
|
return Response.status(Status.NOT_FOUND).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
List<Resource> resources = storeFactory.getResourceStore().findByScopes(resourceServer, Collections.singleton(scope));
|
||||||
|
if (!resources.isEmpty()) {
|
||||||
|
return ErrorResponse.error("Scopes can not be removed while associated with resources.", Status.BAD_REQUEST);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
PolicyStore policyStore = storeFactory.getPolicyStore();
|
PolicyStore policyStore = storeFactory.getPolicyStore();
|
||||||
List<Policy> policies = policyStore.findByScopeIds(Arrays.asList(scope.getId()), resourceServer.getId());
|
List<Policy> policies = policyStore.findByScopes(resourceServer, Collections.singletonList(scope));
|
||||||
|
|
||||||
for (Policy policyModel : policies) {
|
for (Policy policyModel : policies) {
|
||||||
if (policyModel.getScopes().size() == 1) {
|
if (policyModel.getScopes().size() == 1) {
|
||||||
|
@ -154,7 +154,7 @@ public class ScopeService {
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
public Response findById(@PathParam("id") String id) {
|
public Response findById(@PathParam("id") String id) {
|
||||||
this.auth.realm().requireViewAuthorization();
|
this.auth.realm().requireViewAuthorization();
|
||||||
Scope model = this.authorization.getStoreFactory().getScopeStore().findById(id, resourceServer.getId());
|
Scope model = this.authorization.getStoreFactory().getScopeStore().findById(resourceServer, id);
|
||||||
|
|
||||||
if (model == null) {
|
if (model == null) {
|
||||||
return Response.status(Status.NOT_FOUND).build();
|
return Response.status(Status.NOT_FOUND).build();
|
||||||
|
@ -170,13 +170,13 @@ public class ScopeService {
|
||||||
public Response getResources(@PathParam("id") String id) {
|
public Response getResources(@PathParam("id") String id) {
|
||||||
this.auth.realm().requireViewAuthorization();
|
this.auth.realm().requireViewAuthorization();
|
||||||
StoreFactory storeFactory = this.authorization.getStoreFactory();
|
StoreFactory storeFactory = this.authorization.getStoreFactory();
|
||||||
Scope model = storeFactory.getScopeStore().findById(id, resourceServer.getId());
|
Scope model = storeFactory.getScopeStore().findById(resourceServer, id);
|
||||||
|
|
||||||
if (model == null) {
|
if (model == null) {
|
||||||
return Response.status(Status.NOT_FOUND).build();
|
return Response.status(Status.NOT_FOUND).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
return Response.ok(storeFactory.getResourceStore().findByScope(Arrays.asList(model.getId()), resourceServer.getId()).stream().map(resource -> {
|
return Response.ok(storeFactory.getResourceStore().findByScopes(resourceServer, Collections.singleton(model)).stream().map(resource -> {
|
||||||
ResourceRepresentation representation = new ResourceRepresentation();
|
ResourceRepresentation representation = new ResourceRepresentation();
|
||||||
|
|
||||||
representation.setId(resource.getId());
|
representation.setId(resource.getId());
|
||||||
|
@ -193,7 +193,7 @@ public class ScopeService {
|
||||||
public Response getPermissions(@PathParam("id") String id) {
|
public Response getPermissions(@PathParam("id") String id) {
|
||||||
this.auth.realm().requireViewAuthorization();
|
this.auth.realm().requireViewAuthorization();
|
||||||
StoreFactory storeFactory = this.authorization.getStoreFactory();
|
StoreFactory storeFactory = this.authorization.getStoreFactory();
|
||||||
Scope model = storeFactory.getScopeStore().findById(id, resourceServer.getId());
|
Scope model = storeFactory.getScopeStore().findById(resourceServer, id);
|
||||||
|
|
||||||
if (model == null) {
|
if (model == null) {
|
||||||
return Response.status(Status.NOT_FOUND).build();
|
return Response.status(Status.NOT_FOUND).build();
|
||||||
|
@ -201,7 +201,7 @@ public class ScopeService {
|
||||||
|
|
||||||
PolicyStore policyStore = storeFactory.getPolicyStore();
|
PolicyStore policyStore = storeFactory.getPolicyStore();
|
||||||
|
|
||||||
return Response.ok(policyStore.findByScopeIds(Arrays.asList(model.getId()), resourceServer.getId()).stream().map(policy -> {
|
return Response.ok(policyStore.findByScopes(resourceServer, Collections.singletonList(model)).stream().map(policy -> {
|
||||||
PolicyRepresentation representation = new PolicyRepresentation();
|
PolicyRepresentation representation = new PolicyRepresentation();
|
||||||
|
|
||||||
representation.setId(policy.getId());
|
representation.setId(policy.getId());
|
||||||
|
@ -224,7 +224,7 @@ public class ScopeService {
|
||||||
return Response.status(Status.BAD_REQUEST).build();
|
return Response.status(Status.BAD_REQUEST).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
Scope model = storeFactory.getScopeStore().findByName(name, this.resourceServer.getId());
|
Scope model = storeFactory.getScopeStore().findByName(this.resourceServer, name);
|
||||||
|
|
||||||
if (model == null) {
|
if (model == null) {
|
||||||
return Response.status(Status.NO_CONTENT).build();
|
return Response.status(Status.NO_CONTENT).build();
|
||||||
|
@ -253,7 +253,7 @@ public class ScopeService {
|
||||||
}
|
}
|
||||||
|
|
||||||
return Response.ok(
|
return Response.ok(
|
||||||
this.authorization.getStoreFactory().getScopeStore().findByResourceServer(search, this.resourceServer.getId(), firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS).stream()
|
this.authorization.getStoreFactory().getScopeStore().findByResourceServer(this.resourceServer, search, firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS).stream()
|
||||||
.map(scope -> toRepresentation(scope))
|
.map(scope -> toRepresentation(scope))
|
||||||
.collect(Collectors.toList()))
|
.collect(Collectors.toList()))
|
||||||
.build();
|
.build();
|
||||||
|
|
|
@ -64,7 +64,7 @@ public class PolicyEvaluationResponseBuilder {
|
||||||
authorizationData.setPermissions(decision.results());
|
authorizationData.setPermissions(decision.results());
|
||||||
accessToken.setAuthorization(authorizationData);
|
accessToken.setAuthorization(authorizationData);
|
||||||
|
|
||||||
ClientModel clientModel = authorization.getRealm().getClientById(resourceServer.getId());
|
ClientModel clientModel = authorization.getRealm().getClientById(resourceServer.getClientId());
|
||||||
|
|
||||||
if (!accessToken.hasAudience(clientModel.getClientId())) {
|
if (!accessToken.hasAudience(clientModel.getClientId())) {
|
||||||
accessToken.audience(clientModel.getClientId());
|
accessToken.audience(clientModel.getClientId());
|
||||||
|
@ -194,7 +194,7 @@ public class PolicyEvaluationResponseBuilder {
|
||||||
|
|
||||||
filters.put(PermissionTicket.FilterOption.POLICY_ID, policy.getId());
|
filters.put(PermissionTicket.FilterOption.POLICY_ID, policy.getId());
|
||||||
|
|
||||||
List<PermissionTicket> tickets = authorization.getStoreFactory().getPermissionTicketStore().find(filters, policy.getResourceServer().getId(), -1, 1);
|
List<PermissionTicket> tickets = authorization.getStoreFactory().getPermissionTicketStore().find(policy.getResourceServer(), filters, -1, 1);
|
||||||
|
|
||||||
if (!tickets.isEmpty()) {
|
if (!tickets.isEmpty()) {
|
||||||
KeycloakSession keycloakSession = authorization.getKeycloakSession();
|
KeycloakSession keycloakSession = authorization.getKeycloakSession();
|
||||||
|
|
|
@ -224,7 +224,7 @@ public class AuthorizationTokenService {
|
||||||
|
|
||||||
if (isGranted(ticket, request, permissions)) {
|
if (isGranted(ticket, request, permissions)) {
|
||||||
AuthorizationProvider authorization = request.getAuthorization();
|
AuthorizationProvider authorization = request.getAuthorization();
|
||||||
ClientModel targetClient = authorization.getRealm().getClientById(resourceServer.getId());
|
ClientModel targetClient = authorization.getRealm().getClientById(resourceServer.getClientId());
|
||||||
Metadata metadata = request.getMetadata();
|
Metadata metadata = request.getMetadata();
|
||||||
String responseMode = metadata != null ? metadata.getResponseMode() : null;
|
String responseMode = metadata != null ? metadata.getResponseMode() : null;
|
||||||
|
|
||||||
|
@ -516,7 +516,7 @@ public class AuthorizationTokenService {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
Resource resource = resourceStore.findById(grantedPermission.getResourceId(), resourceServer.getId());
|
Resource resource = resourceStore.findById(resourceServer, grantedPermission.getResourceId());
|
||||||
|
|
||||||
if (resource != null) {
|
if (resource != null) {
|
||||||
ResourcePermission permission = permissionsToEvaluate.get(resource.getId());
|
ResourcePermission permission = permissionsToEvaluate.get(resource.getId());
|
||||||
|
@ -540,7 +540,7 @@ public class AuthorizationTokenService {
|
||||||
}
|
}
|
||||||
|
|
||||||
for (String scopeName : grantedPermission.getScopes()) {
|
for (String scopeName : grantedPermission.getScopes()) {
|
||||||
Scope scope = scopeStore.findByName(scopeName, resourceServer.getId());
|
Scope scope = scopeStore.findByName(resourceServer, scopeName);
|
||||||
|
|
||||||
if (scope != null) {
|
if (scope != null) {
|
||||||
if (!permission.getScopes().contains(scope)) {
|
if (!permission.getScopes().contains(scope)) {
|
||||||
|
@ -561,7 +561,7 @@ public class AuthorizationTokenService {
|
||||||
Set<Scope> requestedScopesModel) {
|
Set<Scope> requestedScopesModel) {
|
||||||
AtomicBoolean processed = new AtomicBoolean();
|
AtomicBoolean processed = new AtomicBoolean();
|
||||||
|
|
||||||
resourceStore.findByScope(requestedScopesModel.stream().map(Scope::getId).collect(Collectors.toList()), resourceServer.getId(), resource -> {
|
resourceStore.findByScopes(resourceServer, requestedScopesModel, resource -> {
|
||||||
if (limit != null && limit.get() <= 0) {
|
if (limit != null && limit.get() <= 0) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -600,7 +600,7 @@ public class AuthorizationTokenService {
|
||||||
Resource resource;
|
Resource resource;
|
||||||
|
|
||||||
if (resourceId.indexOf('-') != -1) {
|
if (resourceId.indexOf('-') != -1) {
|
||||||
resource = resourceStore.findById(resourceId, resourceServer.getId());
|
resource = resourceStore.findById(resourceServer, resourceId);
|
||||||
} else {
|
} else {
|
||||||
resource = null;
|
resource = null;
|
||||||
}
|
}
|
||||||
|
@ -610,33 +610,33 @@ public class AuthorizationTokenService {
|
||||||
} else if (resourceId.startsWith("resource-type:")) {
|
} else if (resourceId.startsWith("resource-type:")) {
|
||||||
// only resource types, no resource instances. resource types are owned by the resource server
|
// only resource types, no resource instances. resource types are owned by the resource server
|
||||||
String resourceType = resourceId.substring("resource-type:".length());
|
String resourceType = resourceId.substring("resource-type:".length());
|
||||||
resourceStore.findByType(resourceType, resourceServer.getId(), resourceServer.getId(),
|
resourceStore.findByType(resourceServer, resourceType, resourceServer.getClientId(),
|
||||||
resource1 -> addPermission(request, resourceServer, authorization, permissionsToEvaluate, limit, requestedScopesModel, resource1));
|
resource1 -> addPermission(request, resourceServer, authorization, permissionsToEvaluate, limit, requestedScopesModel, resource1));
|
||||||
} else if (resourceId.startsWith("resource-type-any:")) {
|
} else if (resourceId.startsWith("resource-type-any:")) {
|
||||||
// any resource with a given type
|
// any resource with a given type
|
||||||
String resourceType = resourceId.substring("resource-type-any:".length());
|
String resourceType = resourceId.substring("resource-type-any:".length());
|
||||||
resourceStore.findByType(resourceType, null, resourceServer.getId(),
|
resourceStore.findByType(resourceServer, resourceType, null,
|
||||||
resource12 -> addPermission(request, resourceServer, authorization, permissionsToEvaluate, limit, requestedScopesModel, resource12));
|
resource12 -> addPermission(request, resourceServer, authorization, permissionsToEvaluate, limit, requestedScopesModel, resource12));
|
||||||
} else if (resourceId.startsWith("resource-type-instance:")) {
|
} else if (resourceId.startsWith("resource-type-instance:")) {
|
||||||
// only resource instances with a given type
|
// only resource instances with a given type
|
||||||
String resourceType = resourceId.substring("resource-type-instance:".length());
|
String resourceType = resourceId.substring("resource-type-instance:".length());
|
||||||
resourceStore.findByTypeInstance(resourceType, resourceServer.getId(),
|
resourceStore.findByTypeInstance(resourceServer, resourceType,
|
||||||
resource13 -> addPermission(request, resourceServer, authorization, permissionsToEvaluate, limit, requestedScopesModel, resource13));
|
resource13 -> addPermission(request, resourceServer, authorization, permissionsToEvaluate, limit, requestedScopesModel, resource13));
|
||||||
} else if (resourceId.startsWith("resource-type-owner:")) {
|
} else if (resourceId.startsWith("resource-type-owner:")) {
|
||||||
// only resources where the current identity is the owner
|
// only resources where the current identity is the owner
|
||||||
String resourceType = resourceId.substring("resource-type-owner:".length());
|
String resourceType = resourceId.substring("resource-type-owner:".length());
|
||||||
resourceStore.findByType(resourceType, identity.getId(), resourceServer.getId(),
|
resourceStore.findByType(resourceServer, resourceType, identity.getId(),
|
||||||
resource14 -> addPermission(request, resourceServer, authorization, permissionsToEvaluate, limit, requestedScopesModel, resource14));
|
resource14 -> addPermission(request, resourceServer, authorization, permissionsToEvaluate, limit, requestedScopesModel, resource14));
|
||||||
} else {
|
} else {
|
||||||
Resource ownerResource = resourceStore.findByName(resourceId, identity.getId(), resourceServer.getId());
|
Resource ownerResource = resourceStore.findByName(resourceServer, resourceId, identity.getId());
|
||||||
|
|
||||||
if (ownerResource != null) {
|
if (ownerResource != null) {
|
||||||
permission.setResourceId(ownerResource.getId());
|
permission.setResourceId(ownerResource.getId());
|
||||||
addPermission(request, resourceServer, authorization, permissionsToEvaluate, limit, requestedScopesModel, ownerResource);
|
addPermission(request, resourceServer, authorization, permissionsToEvaluate, limit, requestedScopesModel, ownerResource);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!identity.isResourceServer() || !identity.getId().equals(resourceServer.getId())) {
|
if (!identity.isResourceServer() || !identity.getId().equals(resourceServer.getClientId())) {
|
||||||
List<PermissionTicket> tickets = storeFactory.getPermissionTicketStore().findGranted(resourceId, identity.getId(), resourceServer.getId());
|
List<PermissionTicket> tickets = storeFactory.getPermissionTicketStore().findGranted(resourceServer, resourceId, identity.getId());
|
||||||
|
|
||||||
if (!tickets.isEmpty()) {
|
if (!tickets.isEmpty()) {
|
||||||
List<Scope> scopes = new ArrayList<>();
|
List<Scope> scopes = new ArrayList<>();
|
||||||
|
@ -656,7 +656,7 @@ public class AuthorizationTokenService {
|
||||||
resourcePermission.setGranted(true);
|
resourcePermission.setGranted(true);
|
||||||
}
|
}
|
||||||
|
|
||||||
Resource serverResource = resourceStore.findByName(resourceId, resourceServer.getId());
|
Resource serverResource = resourceStore.findByName(resourceServer, resourceId);
|
||||||
|
|
||||||
if (serverResource != null) {
|
if (serverResource != null) {
|
||||||
permission.setResourceId(serverResource.getId());
|
permission.setResourceId(serverResource.getId());
|
||||||
|
@ -685,7 +685,7 @@ public class AuthorizationTokenService {
|
||||||
requestedScopes.addAll(Arrays.asList(clientAdditionalScopes.split(" ")));
|
requestedScopes.addAll(Arrays.asList(clientAdditionalScopes.split(" ")));
|
||||||
}
|
}
|
||||||
|
|
||||||
Set<Scope> requestedScopesModel = requestedScopes.stream().map(s -> scopeStore.findByName(s, resourceServer.getId())).filter(
|
Set<Scope> requestedScopesModel = requestedScopes.stream().map(s -> scopeStore.findByName(resourceServer, s)).filter(
|
||||||
Objects::nonNull).collect(Collectors.toSet());
|
Objects::nonNull).collect(Collectors.toSet());
|
||||||
|
|
||||||
if (!requestedScopes.isEmpty() && requestedScopesModel.isEmpty()) {
|
if (!requestedScopes.isEmpty() && requestedScopesModel.isEmpty()) {
|
||||||
|
|
|
@ -73,7 +73,7 @@ public class ProtectionService {
|
||||||
|
|
||||||
private AdminEventBuilder createAdminEventBuilder(KeycloakIdentity identity, ResourceServer resourceServer) {
|
private AdminEventBuilder createAdminEventBuilder(KeycloakIdentity identity, ResourceServer resourceServer) {
|
||||||
RealmModel realm = authorization.getRealm();
|
RealmModel realm = authorization.getRealm();
|
||||||
ClientModel client = realm.getClientById(resourceServer.getId());
|
ClientModel client = realm.getClientById(resourceServer.getClientId());
|
||||||
KeycloakSession keycloakSession = authorization.getKeycloakSession();
|
KeycloakSession keycloakSession = authorization.getKeycloakSession();
|
||||||
UserModel serviceAccount = keycloakSession.users().getServiceAccount(client);
|
UserModel serviceAccount = keycloakSession.users().getServiceAccount(client);
|
||||||
AdminEventBuilder adminEvent = new AdminEventBuilder(realm, new AdminAuth(realm, identity.getAccessToken(), serviceAccount, client), keycloakSession, clientConnection);
|
AdminEventBuilder adminEvent = new AdminEventBuilder(realm, new AdminAuth(realm, identity.getAccessToken(), serviceAccount, client), keycloakSession, clientConnection);
|
||||||
|
@ -118,7 +118,7 @@ public class ProtectionService {
|
||||||
ResourceServer resourceServer = getResourceServer(identity);
|
ResourceServer resourceServer = getResourceServer(identity);
|
||||||
KeycloakSession keycloakSession = authorization.getKeycloakSession();
|
KeycloakSession keycloakSession = authorization.getKeycloakSession();
|
||||||
RealmModel realm = keycloakSession.getContext().getRealm();
|
RealmModel realm = keycloakSession.getContext().getRealm();
|
||||||
ClientModel client = realm.getClientById(resourceServer.getId());
|
ClientModel client = realm.getClientById(resourceServer.getClientId());
|
||||||
|
|
||||||
if (checkProtectionScope) {
|
if (checkProtectionScope) {
|
||||||
if (!identity.hasClientRole(client.getClientId(), "uma_protection")) {
|
if (!identity.hasClientRole(client.getClientId(), "uma_protection")) {
|
||||||
|
|
|
@ -74,19 +74,19 @@ public class AbstractPermissionService {
|
||||||
throw new ErrorResponseException("invalid_resource_id", "Resource id or name not provided.", Response.Status.BAD_REQUEST);
|
throw new ErrorResponseException("invalid_resource_id", "Resource id or name not provided.", Response.Status.BAD_REQUEST);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
Resource resource = resourceStore.findById(resourceSetId, resourceServer.getId());
|
Resource resource = resourceStore.findById(resourceServer, resourceSetId);
|
||||||
|
|
||||||
if (resource != null) {
|
if (resource != null) {
|
||||||
resources.add(resource);
|
resources.add(resource);
|
||||||
} else {
|
} else {
|
||||||
Resource userResource = resourceStore.findByName(resourceSetId, identity.getId(), this.resourceServer.getId());
|
Resource userResource = resourceStore.findByName(this.resourceServer, resourceSetId, identity.getId());
|
||||||
|
|
||||||
if (userResource != null) {
|
if (userResource != null) {
|
||||||
resources.add(userResource);
|
resources.add(userResource);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!identity.isResourceServer()) {
|
if (!identity.isResourceServer()) {
|
||||||
Resource serverResource = resourceStore.findByName(resourceSetId, this.resourceServer.getId());
|
Resource serverResource = resourceStore.findByName(this.resourceServer, resourceSetId);
|
||||||
|
|
||||||
if (serverResource != null) {
|
if (serverResource != null) {
|
||||||
resources.add(serverResource);
|
resources.add(serverResource);
|
||||||
|
@ -127,13 +127,13 @@ public class AbstractPermissionService {
|
||||||
scope = resource.getScopes().stream().filter(scope1 -> scope1.getName().equals(scopeName)).findFirst().orElse(null);
|
scope = resource.getScopes().stream().filter(scope1 -> scope1.getName().equals(scopeName)).findFirst().orElse(null);
|
||||||
|
|
||||||
if (scope == null && resource.getType() != null) {
|
if (scope == null && resource.getType() != null) {
|
||||||
scope = resourceStore.findByType(resource.getType(), resourceServer.getId()).stream()
|
scope = resourceStore.findByType(resourceServer, resource.getType()).stream()
|
||||||
.filter(baseResource -> baseResource.getOwner().equals(resource.getResourceServer()))
|
.filter(baseResource -> baseResource.getOwner().equals(resourceServer.getClientId()))
|
||||||
.flatMap(resource1 -> resource1.getScopes().stream())
|
.flatMap(resource1 -> resource1.getScopes().stream())
|
||||||
.filter(baseScope -> baseScope.getName().equals(scopeName)).findFirst().orElse(null);
|
.filter(baseScope -> baseScope.getName().equals(scopeName)).findFirst().orElse(null);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
scope = authorization.getStoreFactory().getScopeStore().findByName(scopeName, resourceServer.getId());
|
scope = authorization.getStoreFactory().getScopeStore().findByName(resourceServer, scopeName);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (scope == null) {
|
if (scope == null) {
|
||||||
|
|
|
@ -83,7 +83,7 @@ public class PermissionTicketService {
|
||||||
throw new ErrorResponseException("invalid_permission", "created permissions should have requester or requesterName", Response.Status.BAD_REQUEST);
|
throw new ErrorResponseException("invalid_permission", "created permissions should have requester or requesterName", Response.Status.BAD_REQUEST);
|
||||||
|
|
||||||
ResourceStore rstore = this.authorization.getStoreFactory().getResourceStore();
|
ResourceStore rstore = this.authorization.getStoreFactory().getResourceStore();
|
||||||
Resource resource = rstore.findById(representation.getResource(), resourceServer.getId());
|
Resource resource = rstore.findById(resourceServer, representation.getResource());
|
||||||
if (resource == null ) throw new ErrorResponseException("invalid_resource_id", "Resource set with id [" + representation.getResource() + "] does not exists in this server.", Response.Status.BAD_REQUEST);
|
if (resource == null ) throw new ErrorResponseException("invalid_resource_id", "Resource set with id [" + representation.getResource() + "] does not exists in this server.", Response.Status.BAD_REQUEST);
|
||||||
|
|
||||||
if (!resource.getOwner().equals(this.identity.getId()))
|
if (!resource.getOwner().equals(this.identity.getId()))
|
||||||
|
@ -102,9 +102,9 @@ public class PermissionTicketService {
|
||||||
ScopeStore sstore = this.authorization.getStoreFactory().getScopeStore();
|
ScopeStore sstore = this.authorization.getStoreFactory().getScopeStore();
|
||||||
|
|
||||||
if(representation.getScopeName() != null)
|
if(representation.getScopeName() != null)
|
||||||
scope = sstore.findByName(representation.getScopeName(), resourceServer.getId());
|
scope = sstore.findByName(resourceServer, representation.getScopeName());
|
||||||
else
|
else
|
||||||
scope = sstore.findById(representation.getScope(), resourceServer.getId());
|
scope = sstore.findById(resourceServer, representation.getScope());
|
||||||
|
|
||||||
if (scope == null && representation.getScope() !=null )
|
if (scope == null && representation.getScope() !=null )
|
||||||
throw new ErrorResponseException("invalid_scope", "Scope [" + representation.getScope() + "] is invalid", Response.Status.BAD_REQUEST);
|
throw new ErrorResponseException("invalid_scope", "Scope [" + representation.getScope() + "] is invalid", Response.Status.BAD_REQUEST);
|
||||||
|
@ -121,10 +121,10 @@ public class PermissionTicketService {
|
||||||
attributes.put(PermissionTicket.FilterOption.SCOPE_ID, scope.getId());
|
attributes.put(PermissionTicket.FilterOption.SCOPE_ID, scope.getId());
|
||||||
attributes.put(PermissionTicket.FilterOption.REQUESTER, user.getId());
|
attributes.put(PermissionTicket.FilterOption.REQUESTER, user.getId());
|
||||||
|
|
||||||
if (!ticketStore.find(attributes, resourceServer.getId(), -1, -1).isEmpty())
|
if (!ticketStore.find(resourceServer, attributes, null, null).isEmpty())
|
||||||
throw new ErrorResponseException("invalid_permission", "Permission already exists", Response.Status.BAD_REQUEST);
|
throw new ErrorResponseException("invalid_permission", "Permission already exists", Response.Status.BAD_REQUEST);
|
||||||
|
|
||||||
PermissionTicket ticket = ticketStore.create(resource.getId(), scope.getId(), user.getId(), resourceServer);
|
PermissionTicket ticket = ticketStore.create(resourceServer, resource, scope, user.getId());
|
||||||
if(representation.isGranted())
|
if(representation.isGranted())
|
||||||
ticket.setGrantedTimestamp(java.lang.System.currentTimeMillis());
|
ticket.setGrantedTimestamp(java.lang.System.currentTimeMillis());
|
||||||
representation = ModelToRepresentation.toRepresentation(ticket, authorization);
|
representation = ModelToRepresentation.toRepresentation(ticket, authorization);
|
||||||
|
@ -139,7 +139,7 @@ public class PermissionTicketService {
|
||||||
}
|
}
|
||||||
|
|
||||||
PermissionTicketStore ticketStore = authorization.getStoreFactory().getPermissionTicketStore();
|
PermissionTicketStore ticketStore = authorization.getStoreFactory().getPermissionTicketStore();
|
||||||
PermissionTicket ticket = ticketStore.findById(representation.getId(), resourceServer.getId());
|
PermissionTicket ticket = ticketStore.findById(resourceServer, representation.getId());
|
||||||
|
|
||||||
if (ticket == null) {
|
if (ticket == null) {
|
||||||
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "invalid_ticket", Response.Status.BAD_REQUEST);
|
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "invalid_ticket", Response.Status.BAD_REQUEST);
|
||||||
|
@ -148,7 +148,7 @@ public class PermissionTicketService {
|
||||||
if (!ticket.getOwner().equals(this.identity.getId()) && !this.identity.isResourceServer())
|
if (!ticket.getOwner().equals(this.identity.getId()) && !this.identity.isResourceServer())
|
||||||
throw new ErrorResponseException("not_authorised", "permissions for [" + representation.getResource() + "] can be updated only by the owner or by the resource server", Response.Status.FORBIDDEN);
|
throw new ErrorResponseException("not_authorised", "permissions for [" + representation.getResource() + "] can be updated only by the owner or by the resource server", Response.Status.FORBIDDEN);
|
||||||
|
|
||||||
RepresentationToModel.toModel(representation, resourceServer.getId(), authorization);
|
RepresentationToModel.toModel(representation, resourceServer, authorization);
|
||||||
|
|
||||||
return Response.noContent().build();
|
return Response.noContent().build();
|
||||||
}
|
}
|
||||||
|
@ -163,7 +163,7 @@ public class PermissionTicketService {
|
||||||
}
|
}
|
||||||
|
|
||||||
PermissionTicketStore ticketStore = authorization.getStoreFactory().getPermissionTicketStore();
|
PermissionTicketStore ticketStore = authorization.getStoreFactory().getPermissionTicketStore();
|
||||||
PermissionTicket ticket = ticketStore.findById(id, resourceServer.getId());
|
PermissionTicket ticket = ticketStore.findById(resourceServer, id);
|
||||||
|
|
||||||
if (ticket == null) {
|
if (ticket == null) {
|
||||||
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "invalid_ticket", Response.Status.BAD_REQUEST);
|
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "invalid_ticket", Response.Status.BAD_REQUEST);
|
||||||
|
@ -192,7 +192,7 @@ public class PermissionTicketService {
|
||||||
|
|
||||||
Map<PermissionTicket.FilterOption, String> filters = getFilters(storeFactory, resourceId, scopeId, owner, requester, granted);
|
Map<PermissionTicket.FilterOption, String> filters = getFilters(storeFactory, resourceId, scopeId, owner, requester, granted);
|
||||||
|
|
||||||
return Response.ok().entity(permissionTicketStore.find(filters, resourceServer.getId(), firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS)
|
return Response.ok().entity(permissionTicketStore.find(resourceServer, filters, firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS)
|
||||||
.stream()
|
.stream()
|
||||||
.map(permissionTicket -> ModelToRepresentation.toRepresentation(permissionTicket, authorization, returnNames == null ? false : returnNames))
|
.map(permissionTicket -> ModelToRepresentation.toRepresentation(permissionTicket, authorization, returnNames == null ? false : returnNames))
|
||||||
.collect(Collectors.toList()))
|
.collect(Collectors.toList()))
|
||||||
|
@ -211,7 +211,7 @@ public class PermissionTicketService {
|
||||||
StoreFactory storeFactory = authorization.getStoreFactory();
|
StoreFactory storeFactory = authorization.getStoreFactory();
|
||||||
PermissionTicketStore permissionTicketStore = storeFactory.getPermissionTicketStore();
|
PermissionTicketStore permissionTicketStore = storeFactory.getPermissionTicketStore();
|
||||||
Map<PermissionTicket.FilterOption, String> filters = getFilters(storeFactory, resourceId, scopeId, owner, requester, granted);
|
Map<PermissionTicket.FilterOption, String> filters = getFilters(storeFactory, resourceId, scopeId, owner, requester, granted);
|
||||||
long count = permissionTicketStore.count(filters, resourceServer.getId());
|
long count = permissionTicketStore.count(resourceServer, filters);
|
||||||
|
|
||||||
return Response.ok().entity(count).build();
|
return Response.ok().entity(count).build();
|
||||||
}
|
}
|
||||||
|
@ -230,10 +230,10 @@ public class PermissionTicketService {
|
||||||
|
|
||||||
if (scopeId != null) {
|
if (scopeId != null) {
|
||||||
ScopeStore scopeStore = storeFactory.getScopeStore();
|
ScopeStore scopeStore = storeFactory.getScopeStore();
|
||||||
Scope scope = scopeStore.findById(scopeId, resourceServer.getId());
|
Scope scope = scopeStore.findById(resourceServer, scopeId);
|
||||||
|
|
||||||
if (scope == null) {
|
if (scope == null) {
|
||||||
scope = scopeStore.findByName(scopeId, resourceServer.getId());
|
scope = scopeStore.findByName(resourceServer, scopeId);
|
||||||
}
|
}
|
||||||
|
|
||||||
filters.put(PermissionTicket.FilterOption.SCOPE_ID, scope != null ? scope.getId() : scopeId);
|
filters.put(PermissionTicket.FilterOption.SCOPE_ID, scope != null ? scope.getId() : scopeId);
|
||||||
|
|
|
@ -132,7 +132,7 @@ public class UserManagedPermissionService {
|
||||||
}
|
}
|
||||||
|
|
||||||
private Policy getPolicy(@PathParam("policyId") String policyId) {
|
private Policy getPolicy(@PathParam("policyId") String policyId) {
|
||||||
Policy existing = authorization.getStoreFactory().getPolicyStore().findById(policyId, resourceServer.getId());
|
Policy existing = authorization.getStoreFactory().getPolicyStore().findById(resourceServer, policyId);
|
||||||
|
|
||||||
if (existing == null) {
|
if (existing == null) {
|
||||||
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Policy with [" + policyId + "] does not exist", Status.NOT_FOUND);
|
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Policy with [" + policyId + "] does not exist", Status.NOT_FOUND);
|
||||||
|
@ -143,7 +143,7 @@ public class UserManagedPermissionService {
|
||||||
|
|
||||||
private void checkRequest(String resourceId, UmaPermissionRepresentation representation) {
|
private void checkRequest(String resourceId, UmaPermissionRepresentation representation) {
|
||||||
ResourceStore resourceStore = this.authorization.getStoreFactory().getResourceStore();
|
ResourceStore resourceStore = this.authorization.getStoreFactory().getResourceStore();
|
||||||
Resource resource = resourceStore.findById(resourceId, resourceServer.getId());
|
Resource resource = resourceStore.findById(resourceServer, resourceId);
|
||||||
|
|
||||||
if (resource == null) {
|
if (resource == null) {
|
||||||
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Resource [" + resourceId + "] cannot be found", Response.Status.BAD_REQUEST);
|
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Resource [" + resourceId + "] cannot be found", Response.Status.BAD_REQUEST);
|
||||||
|
|
|
@ -309,11 +309,11 @@ public class ExportUtils {
|
||||||
representation.setName(null);
|
representation.setName(null);
|
||||||
representation.setClientId(null);
|
representation.setClientId(null);
|
||||||
|
|
||||||
List<ResourceRepresentation> resources = storeFactory.getResourceStore().findByResourceServer(settingsModel.getId())
|
List<ResourceRepresentation> resources = storeFactory.getResourceStore().findByResourceServer(settingsModel)
|
||||||
.stream().map(resource -> {
|
.stream().map(resource -> {
|
||||||
ResourceRepresentation rep = toRepresentation(resource, settingsModel.getId(), authorization);
|
ResourceRepresentation rep = toRepresentation(resource, settingsModel, authorization);
|
||||||
|
|
||||||
if (rep.getOwner().getId().equals(settingsModel.getId())) {
|
if (rep.getOwner().getId().equals(settingsModel.getClientId())) {
|
||||||
rep.setOwner((ResourceOwnerRepresentation) null);
|
rep.setOwner((ResourceOwnerRepresentation) null);
|
||||||
} else {
|
} else {
|
||||||
rep.getOwner().setId(null);
|
rep.getOwner().setId(null);
|
||||||
|
@ -331,16 +331,16 @@ public class ExportUtils {
|
||||||
List<PolicyRepresentation> policies = new ArrayList<>();
|
List<PolicyRepresentation> policies = new ArrayList<>();
|
||||||
PolicyStore policyStore = storeFactory.getPolicyStore();
|
PolicyStore policyStore = storeFactory.getPolicyStore();
|
||||||
|
|
||||||
policies.addAll(policyStore.findByResourceServer(settingsModel.getId())
|
policies.addAll(policyStore.findByResourceServer(settingsModel)
|
||||||
.stream().filter(policy -> !policy.getType().equals("resource") && !policy.getType().equals("scope") && policy.getOwner() == null)
|
.stream().filter(policy -> !policy.getType().equals("resource") && !policy.getType().equals("scope") && policy.getOwner() == null)
|
||||||
.map(policy -> createPolicyRepresentation(authorization, policy)).collect(Collectors.toList()));
|
.map(policy -> createPolicyRepresentation(authorization, policy)).collect(Collectors.toList()));
|
||||||
policies.addAll(policyStore.findByResourceServer(settingsModel.getId())
|
policies.addAll(policyStore.findByResourceServer(settingsModel)
|
||||||
.stream().filter(policy -> (policy.getType().equals("resource") || policy.getType().equals("scope") && policy.getOwner() == null))
|
.stream().filter(policy -> (policy.getType().equals("resource") || policy.getType().equals("scope") && policy.getOwner() == null))
|
||||||
.map(policy -> createPolicyRepresentation(authorization, policy)).collect(Collectors.toList()));
|
.map(policy -> createPolicyRepresentation(authorization, policy)).collect(Collectors.toList()));
|
||||||
|
|
||||||
representation.setPolicies(policies);
|
representation.setPolicies(policies);
|
||||||
|
|
||||||
List<ScopeRepresentation> scopes = storeFactory.getScopeStore().findByResourceServer(settingsModel.getId()).stream().map(scope -> {
|
List<ScopeRepresentation> scopes = storeFactory.getScopeStore().findByResourceServer(settingsModel).stream().map(scope -> {
|
||||||
ScopeRepresentation rep = toRepresentation(scope);
|
ScopeRepresentation rep = toRepresentation(scope);
|
||||||
|
|
||||||
rep.setPolicies(null);
|
rep.setPolicies(null);
|
||||||
|
|
|
@ -34,6 +34,7 @@ import org.keycloak.authorization.AuthorizationProvider;
|
||||||
import org.keycloak.authorization.model.PermissionTicket;
|
import org.keycloak.authorization.model.PermissionTicket;
|
||||||
import org.keycloak.authorization.model.Policy;
|
import org.keycloak.authorization.model.Policy;
|
||||||
import org.keycloak.authorization.model.Resource;
|
import org.keycloak.authorization.model.Resource;
|
||||||
|
import org.keycloak.authorization.model.ResourceServer;
|
||||||
import org.keycloak.authorization.model.Scope;
|
import org.keycloak.authorization.model.Scope;
|
||||||
import org.keycloak.authorization.store.PermissionTicketStore;
|
import org.keycloak.authorization.store.PermissionTicketStore;
|
||||||
import org.keycloak.common.util.Time;
|
import org.keycloak.common.util.Time;
|
||||||
|
@ -68,7 +69,7 @@ public class AuthorizationBean {
|
||||||
List<String> pathParameters = uriInfo.getPathParameters().get("resource_id");
|
List<String> pathParameters = uriInfo.getPathParameters().get("resource_id");
|
||||||
|
|
||||||
if (pathParameters != null && !pathParameters.isEmpty()) {
|
if (pathParameters != null && !pathParameters.isEmpty()) {
|
||||||
Resource resource = authorization.getStoreFactory().getResourceStore().findById(pathParameters.get(0), null);
|
Resource resource = authorization.getStoreFactory().getResourceStore().findById(null, pathParameters.get(0));
|
||||||
|
|
||||||
if (resource != null && !resource.getOwner().equals(user.getId())) {
|
if (resource != null && !resource.getOwner().equals(user.getId())) {
|
||||||
throw new RuntimeException("User [" + user.getUsername() + "] can not access resource [" + resource.getId() + "]");
|
throw new RuntimeException("User [" + user.getUsername() + "] can not access resource [" + resource.getId() + "]");
|
||||||
|
@ -104,7 +105,7 @@ public class AuthorizationBean {
|
||||||
|
|
||||||
public List<ResourceBean> getResources() {
|
public List<ResourceBean> getResources() {
|
||||||
if (resources == null) {
|
if (resources == null) {
|
||||||
resources = authorization.getStoreFactory().getResourceStore().findByOwner(user.getId(), null).stream()
|
resources = authorization.getStoreFactory().getResourceStore().findByOwner(null, user.getId()).stream()
|
||||||
.filter(Resource::isOwnerManagedAccess)
|
.filter(Resource::isOwnerManagedAccess)
|
||||||
.map(ResourceBean::new)
|
.map(ResourceBean::new)
|
||||||
.collect(Collectors.toList());
|
.collect(Collectors.toList());
|
||||||
|
@ -121,7 +122,7 @@ public class AuthorizationBean {
|
||||||
|
|
||||||
PermissionTicketStore ticketStore = authorization.getStoreFactory().getPermissionTicketStore();
|
PermissionTicketStore ticketStore = authorization.getStoreFactory().getPermissionTicketStore();
|
||||||
|
|
||||||
userSharedResources = toResourceRepresentation(ticketStore.find(filters, null, -1, -1));
|
userSharedResources = toResourceRepresentation(ticketStore.find(null, filters, null, null));
|
||||||
}
|
}
|
||||||
return userSharedResources;
|
return userSharedResources;
|
||||||
}
|
}
|
||||||
|
@ -139,7 +140,7 @@ public class AuthorizationBean {
|
||||||
}
|
}
|
||||||
|
|
||||||
private ResourceBean getResource(String id) {
|
private ResourceBean getResource(String id) {
|
||||||
return new ResourceBean(authorization.getStoreFactory().getResourceStore().findById(id, null));
|
return new ResourceBean(authorization.getStoreFactory().getResourceStore().findById(null, id));
|
||||||
}
|
}
|
||||||
|
|
||||||
public static class RequesterBean {
|
public static class RequesterBean {
|
||||||
|
@ -235,7 +236,8 @@ public class AuthorizationBean {
|
||||||
|
|
||||||
public ResourceBean(Resource resource) {
|
public ResourceBean(Resource resource) {
|
||||||
RealmModel realm = authorization.getRealm();
|
RealmModel realm = authorization.getRealm();
|
||||||
resourceServer = new ResourceServerBean(realm.getClientById(resource.getResourceServer()));
|
ResourceServer resourceServerModel = resource.getResourceServer();
|
||||||
|
resourceServer = new ResourceServerBean(realm.getClientById(resourceServerModel.getClientId()), resourceServerModel);
|
||||||
this.resource = resource;
|
this.resource = resource;
|
||||||
userOwner = authorization.getKeycloakSession().users().getUserById(realm, resource.getOwner());
|
userOwner = authorization.getKeycloakSession().users().getUserById(realm, resource.getOwner());
|
||||||
if (userOwner == null) {
|
if (userOwner == null) {
|
||||||
|
@ -304,7 +306,7 @@ public class AuthorizationBean {
|
||||||
filters.put(Policy.FilterOption.OWNER, new String[] {getClientOwner().getId()});
|
filters.put(Policy.FilterOption.OWNER, new String[] {getClientOwner().getId()});
|
||||||
}
|
}
|
||||||
|
|
||||||
List<Policy> policies = authorization.getStoreFactory().getPolicyStore().findByResourceServer(filters, getResourceServer().getId(), -1, -1);
|
List<Policy> policies = authorization.getStoreFactory().getPolicyStore().findByResourceServer(getResourceServer().getResourceServerModel(), filters, null, null);
|
||||||
|
|
||||||
if (policies.isEmpty()) {
|
if (policies.isEmpty()) {
|
||||||
return Collections.emptyList();
|
return Collections.emptyList();
|
||||||
|
@ -316,7 +318,7 @@ public class AuthorizationBean {
|
||||||
|
|
||||||
filters1.put(PermissionTicket.FilterOption.POLICY_ID, policy.getId());
|
filters1.put(PermissionTicket.FilterOption.POLICY_ID, policy.getId());
|
||||||
|
|
||||||
return authorization.getStoreFactory().getPermissionTicketStore().find(filters1, resourceServer.getId(), -1, 1)
|
return authorization.getStoreFactory().getPermissionTicketStore().find(resourceServer.getResourceServerModel(), filters1, -1, 1)
|
||||||
.isEmpty();
|
.isEmpty();
|
||||||
})
|
})
|
||||||
.map(ManagedPermissionBean::new).collect(Collectors.toList());
|
.map(ManagedPermissionBean::new).collect(Collectors.toList());
|
||||||
|
@ -368,19 +370,21 @@ public class AuthorizationBean {
|
||||||
}
|
}
|
||||||
|
|
||||||
private List<PermissionTicket> findPermissions(Map<PermissionTicket.FilterOption, String> filters) {
|
private List<PermissionTicket> findPermissions(Map<PermissionTicket.FilterOption, String> filters) {
|
||||||
return authorization.getStoreFactory().getPermissionTicketStore().find(filters, null, -1, -1);
|
return authorization.getStoreFactory().getPermissionTicketStore().find(null, filters, null, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
public class ResourceServerBean {
|
public class ResourceServerBean {
|
||||||
|
|
||||||
private ClientModel clientModel;
|
private ClientModel clientModel;
|
||||||
|
private ResourceServer resourceServer;
|
||||||
|
|
||||||
public ResourceServerBean(ClientModel clientModel) {
|
public ResourceServerBean(ClientModel clientModel, ResourceServer resourceServer) {
|
||||||
this.clientModel = clientModel;
|
this.clientModel = clientModel;
|
||||||
|
this.resourceServer = resourceServer;
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getId() {
|
public String getId() {
|
||||||
return clientModel.getId();
|
return resourceServer.getId();
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getName() {
|
public String getName() {
|
||||||
|
@ -410,6 +414,10 @@ public class AuthorizationBean {
|
||||||
public String getBaseUri() {
|
public String getBaseUri() {
|
||||||
return ResolveRelative.resolveRelativeUri(session, clientModel.getRootUrl(), clientModel.getBaseUrl());
|
return ResolveRelative.resolveRelativeUri(session, clientModel.getRootUrl(), clientModel.getBaseUrl());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public ResourceServer getResourceServerModel() {
|
||||||
|
return resourceServer;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public class ManagedPermissionBean {
|
public class ManagedPermissionBean {
|
||||||
|
|
|
@ -25,6 +25,7 @@ import org.keycloak.authorization.model.ResourceServer;
|
||||||
import org.keycloak.authorization.model.Scope;
|
import org.keycloak.authorization.model.Scope;
|
||||||
import org.keycloak.authorization.store.PermissionTicketStore;
|
import org.keycloak.authorization.store.PermissionTicketStore;
|
||||||
import org.keycloak.authorization.store.PolicyStore;
|
import org.keycloak.authorization.store.PolicyStore;
|
||||||
|
import org.keycloak.authorization.store.ScopeStore;
|
||||||
import org.keycloak.common.Profile;
|
import org.keycloak.common.Profile;
|
||||||
import org.keycloak.common.util.Base64Url;
|
import org.keycloak.common.util.Base64Url;
|
||||||
import org.keycloak.common.util.Time;
|
import org.keycloak.common.util.Time;
|
||||||
|
@ -110,6 +111,7 @@ import java.util.Map;
|
||||||
import java.util.Objects;
|
import java.util.Objects;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
|
import java.util.function.Predicate;
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -760,7 +762,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
|
||||||
|
|
||||||
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
|
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
|
||||||
PermissionTicketStore ticketStore = authorization.getStoreFactory().getPermissionTicketStore();
|
PermissionTicketStore ticketStore = authorization.getStoreFactory().getPermissionTicketStore();
|
||||||
Resource resource = authorization.getStoreFactory().getResourceStore().findById(resourceId, null);
|
Resource resource = authorization.getStoreFactory().getResourceStore().findById(null, resourceId);
|
||||||
|
|
||||||
if (resource == null) {
|
if (resource == null) {
|
||||||
return ErrorResponse.error("Invalid resource", Response.Status.BAD_REQUEST);
|
return ErrorResponse.error("Invalid resource", Response.Status.BAD_REQUEST);
|
||||||
|
@ -780,13 +782,14 @@ public class AccountFormService extends AbstractSecuredLocalService {
|
||||||
List<String> ids = new ArrayList<>(Arrays.asList(permissionId));
|
List<String> ids = new ArrayList<>(Arrays.asList(permissionId));
|
||||||
Iterator<String> iterator = ids.iterator();
|
Iterator<String> iterator = ids.iterator();
|
||||||
PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
|
PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
|
||||||
|
ResourceServer resourceServer = authorization.getStoreFactory().getResourceServerStore().findByClient(client);
|
||||||
Policy policy = null;
|
Policy policy = null;
|
||||||
|
|
||||||
while (iterator.hasNext()) {
|
while (iterator.hasNext()) {
|
||||||
String id = iterator.next();
|
String id = iterator.next();
|
||||||
|
|
||||||
if (!id.contains(":")) {
|
if (!id.contains(":")) {
|
||||||
policy = policyStore.findById(id, client.getId());
|
policy = policyStore.findById(resourceServer, id);
|
||||||
iterator.remove();
|
iterator.remove();
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -800,7 +803,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
for (String id : ids) {
|
for (String id : ids) {
|
||||||
scopesToKeep.add(authorization.getStoreFactory().getScopeStore().findById(id.split(":")[1], client.getId()));
|
scopesToKeep.add(authorization.getStoreFactory().getScopeStore().findById(resourceServer, id.split(":")[1]));
|
||||||
}
|
}
|
||||||
|
|
||||||
for (Scope scope : policy.getScopes()) {
|
for (Scope scope : policy.getScopes()) {
|
||||||
|
@ -829,7 +832,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
|
||||||
filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.FALSE.toString());
|
filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.FALSE.toString());
|
||||||
}
|
}
|
||||||
|
|
||||||
List<PermissionTicket> tickets = ticketStore.find(filters, resource.getResourceServer(), -1, -1);
|
List<PermissionTicket> tickets = ticketStore.find(resource.getResourceServer(), filters, null, null);
|
||||||
Iterator<PermissionTicket> iterator = tickets.iterator();
|
Iterator<PermissionTicket> iterator = tickets.iterator();
|
||||||
|
|
||||||
while (iterator.hasNext()) {
|
while (iterator.hasNext()) {
|
||||||
|
@ -884,8 +887,9 @@ public class AccountFormService extends AbstractSecuredLocalService {
|
||||||
|
|
||||||
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
|
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
|
||||||
PermissionTicketStore ticketStore = authorization.getStoreFactory().getPermissionTicketStore();
|
PermissionTicketStore ticketStore = authorization.getStoreFactory().getPermissionTicketStore();
|
||||||
Resource resource = authorization.getStoreFactory().getResourceStore().findById(resourceId, null);
|
ScopeStore scopeStore = authorization.getStoreFactory().getScopeStore();
|
||||||
ResourceServer resourceServer = authorization.getStoreFactory().getResourceServerStore().findById(resource.getResourceServer());
|
Resource resource = authorization.getStoreFactory().getResourceStore().findById(null, resourceId);
|
||||||
|
ResourceServer resourceServer = resource.getResourceServer();
|
||||||
|
|
||||||
if (resource == null) {
|
if (resource == null) {
|
||||||
return ErrorResponse.error("Invalid resource", Response.Status.BAD_REQUEST);
|
return ErrorResponse.error("Invalid resource", Response.Status.BAD_REQUEST);
|
||||||
|
@ -918,38 +922,39 @@ public class AccountFormService extends AbstractSecuredLocalService {
|
||||||
filters.put(PermissionTicket.FilterOption.OWNER, auth.getUser().getId());
|
filters.put(PermissionTicket.FilterOption.OWNER, auth.getUser().getId());
|
||||||
filters.put(PermissionTicket.FilterOption.REQUESTER, user.getId());
|
filters.put(PermissionTicket.FilterOption.REQUESTER, user.getId());
|
||||||
|
|
||||||
List<PermissionTicket> tickets = ticketStore.find(filters, resource.getResourceServer(), -1, -1);
|
List<PermissionTicket> tickets = ticketStore.find(resourceServer, filters, null, null);
|
||||||
|
final String userId = user.getId();
|
||||||
|
|
||||||
if (tickets.isEmpty()) {
|
if (tickets.isEmpty()) {
|
||||||
if (scopes != null && scopes.length > 0) {
|
if (scopes != null && scopes.length > 0) {
|
||||||
for (String scope : scopes) {
|
for (String scopeId : scopes) {
|
||||||
PermissionTicket ticket = ticketStore.create(resourceId, scope, user.getId(), resourceServer);
|
Scope scope = scopeStore.findById(resourceServer, scopeId);
|
||||||
|
PermissionTicket ticket = ticketStore.create(resourceServer, resource, scope, userId);
|
||||||
ticket.setGrantedTimestamp(System.currentTimeMillis());
|
ticket.setGrantedTimestamp(System.currentTimeMillis());
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (resource.getScopes().isEmpty()) {
|
if (resource.getScopes().isEmpty()) {
|
||||||
PermissionTicket ticket = ticketStore.create(resourceId, null, user.getId(), resourceServer);
|
PermissionTicket ticket = ticketStore.create(resourceServer, resource, null, userId);
|
||||||
ticket.setGrantedTimestamp(System.currentTimeMillis());
|
ticket.setGrantedTimestamp(System.currentTimeMillis());
|
||||||
} else {
|
} else {
|
||||||
for (Scope scope : resource.getScopes()) {
|
for (Scope scope : resource.getScopes()) {
|
||||||
PermissionTicket ticket = ticketStore.create(resourceId, scope.getId(), user.getId(), resourceServer);
|
PermissionTicket ticket = ticketStore.create(resourceServer, resource, scope, userId);
|
||||||
ticket.setGrantedTimestamp(System.currentTimeMillis());
|
ticket.setGrantedTimestamp(System.currentTimeMillis());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else if (scopes != null && scopes.length > 0) {
|
} else if (scopes != null && scopes.length > 0) {
|
||||||
List<String> grantScopes = new ArrayList<>(Arrays.asList(scopes));
|
List<String> grantScopes = new ArrayList<>(Arrays.asList(scopes));
|
||||||
|
Set<String> alreadyGrantedScopes = tickets.stream()
|
||||||
|
.map(PermissionTicket::getScope)
|
||||||
|
.map(Scope::getId)
|
||||||
|
.collect(Collectors.toSet());
|
||||||
|
|
||||||
for (PermissionTicket ticket : tickets) {
|
grantScopes.removeIf(alreadyGrantedScopes::contains);
|
||||||
Scope scope = ticket.getScope();
|
|
||||||
|
|
||||||
if (scope != null) {
|
for (String scopeId : grantScopes) {
|
||||||
grantScopes.remove(scope.getId());
|
Scope scope = scopeStore.findById(resourceServer, scopeId);
|
||||||
}
|
PermissionTicket ticket = ticketStore.create(resourceServer, resource, scope, userId);
|
||||||
}
|
|
||||||
|
|
||||||
for (String grantScope : grantScopes) {
|
|
||||||
PermissionTicket ticket = ticketStore.create(resourceId, grantScope, user.getId(), resourceServer);
|
|
||||||
ticket.setGrantedTimestamp(System.currentTimeMillis());
|
ticket.setGrantedTimestamp(System.currentTimeMillis());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -978,7 +983,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
|
||||||
}
|
}
|
||||||
|
|
||||||
for (String resourceId : resourceIds) {
|
for (String resourceId : resourceIds) {
|
||||||
Resource resource = authorization.getStoreFactory().getResourceStore().findById(resourceId, null);
|
Resource resource = authorization.getStoreFactory().getResourceStore().findById(null, resourceId);
|
||||||
|
|
||||||
if (resource == null) {
|
if (resource == null) {
|
||||||
return ErrorResponse.error("Invalid resource", Response.Status.BAD_REQUEST);
|
return ErrorResponse.error("Invalid resource", Response.Status.BAD_REQUEST);
|
||||||
|
@ -995,7 +1000,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
|
||||||
filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.FALSE.toString());
|
filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.FALSE.toString());
|
||||||
}
|
}
|
||||||
|
|
||||||
for (PermissionTicket ticket : ticketStore.find(filters, resource.getResourceServer(), -1, -1)) {
|
for (PermissionTicket ticket : ticketStore.find(resource.getResourceServer(), filters, null, null)) {
|
||||||
ticketStore.delete(ticket.getId());
|
ticketStore.delete(ticket.getId());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,6 +28,7 @@ import java.util.stream.Collectors;
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.keycloak.authorization.AuthorizationProvider;
|
import org.keycloak.authorization.AuthorizationProvider;
|
||||||
import org.keycloak.authorization.model.PermissionTicket;
|
import org.keycloak.authorization.model.PermissionTicket;
|
||||||
|
import org.keycloak.authorization.model.ResourceServer;
|
||||||
import org.keycloak.authorization.store.PermissionTicketStore;
|
import org.keycloak.authorization.store.PermissionTicketStore;
|
||||||
import org.keycloak.authorization.store.ResourceStore;
|
import org.keycloak.authorization.store.ResourceStore;
|
||||||
import org.keycloak.authorization.store.ScopeStore;
|
import org.keycloak.authorization.store.ScopeStore;
|
||||||
|
@ -82,7 +83,8 @@ public abstract class AbstractResourceService {
|
||||||
|
|
||||||
setScopes(resource.getScopes().stream().map(Scope::new).collect(Collectors.toSet()));
|
setScopes(resource.getScopes().stream().map(Scope::new).collect(Collectors.toSet()));
|
||||||
|
|
||||||
this.client = new Client(provider.getRealm().getClientById(resource.getResourceServer()));
|
ResourceServer resourceServer = resource.getResourceServer();
|
||||||
|
this.client = new Client(provider.getRealm().getClientById(resourceServer.getClientId()));
|
||||||
}
|
}
|
||||||
|
|
||||||
Resource(org.keycloak.authorization.model.Resource resource, AuthorizationProvider provider) {
|
Resource(org.keycloak.authorization.model.Resource resource, AuthorizationProvider provider) {
|
||||||
|
|
|
@ -58,7 +58,7 @@ public class ResourceService extends AbstractResourceService {
|
||||||
Auth auth, HttpRequest request) {
|
Auth auth, HttpRequest request) {
|
||||||
super(session, user, auth, request);
|
super(session, user, auth, request);
|
||||||
this.resource = resource;
|
this.resource = resource;
|
||||||
this.resourceServer = provider.getStoreFactory().getResourceServerStore().findByClient(provider.getRealm().getClientById(resource.getResourceServer()));
|
this.resourceServer = resource.getResourceServer();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -87,7 +87,7 @@ public class ResourceService extends AbstractResourceService {
|
||||||
filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString());
|
filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString());
|
||||||
filters.put(PermissionTicket.FilterOption.RESOURCE_ID, resource.getId());
|
filters.put(PermissionTicket.FilterOption.RESOURCE_ID, resource.getId());
|
||||||
|
|
||||||
Collection<ResourcePermission> resources = toPermissions(ticketStore.find(filters, null, -1, -1));
|
Collection<ResourcePermission> resources = toPermissions(ticketStore.find(null, filters, null, null));
|
||||||
Collection<Permission> permissions = Collections.EMPTY_LIST;
|
Collection<Permission> permissions = Collections.EMPTY_LIST;
|
||||||
|
|
||||||
if (!resources.isEmpty()) {
|
if (!resources.isEmpty()) {
|
||||||
|
@ -135,7 +135,7 @@ public class ResourceService extends AbstractResourceService {
|
||||||
|
|
||||||
filters.put(PermissionTicket.FilterOption.REQUESTER, user.getId());
|
filters.put(PermissionTicket.FilterOption.REQUESTER, user.getId());
|
||||||
|
|
||||||
List<PermissionTicket> tickets = ticketStore.find(filters, resource.getResourceServer(), -1, -1);
|
List<PermissionTicket> tickets = ticketStore.find(resource.getResourceServer(), filters, null, null);
|
||||||
|
|
||||||
// grants all requested permissions
|
// grants all requested permissions
|
||||||
if (tickets.isEmpty()) {
|
if (tickets.isEmpty()) {
|
||||||
|
@ -196,7 +196,7 @@ public class ResourceService extends AbstractResourceService {
|
||||||
|
|
||||||
Map<String, Permission> requests = new HashMap<>();
|
Map<String, Permission> requests = new HashMap<>();
|
||||||
|
|
||||||
for (PermissionTicket ticket : ticketStore.find(filters, null, -1, -1)) {
|
for (PermissionTicket ticket : ticketStore.find(null, filters, null, null)) {
|
||||||
requests.computeIfAbsent(ticket.getRequester(), requester -> new Permission(ticket, provider)).addScope(ticket.getScope().getName());
|
requests.computeIfAbsent(ticket.getRequester(), requester -> new Permission(ticket, provider)).addScope(ticket.getScope().getName());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -205,15 +205,15 @@ public class ResourceService extends AbstractResourceService {
|
||||||
|
|
||||||
private void grantPermission(UserModel user, String scopeId) {
|
private void grantPermission(UserModel user, String scopeId) {
|
||||||
org.keycloak.authorization.model.Scope scope = getScope(scopeId, resourceServer);
|
org.keycloak.authorization.model.Scope scope = getScope(scopeId, resourceServer);
|
||||||
PermissionTicket ticket = ticketStore.create(resource.getId(), scope.getId(), user.getId(), resourceServer);
|
PermissionTicket ticket = ticketStore.create(resourceServer, resource, scope, user.getId());
|
||||||
ticket.setGrantedTimestamp(Calendar.getInstance().getTimeInMillis());
|
ticket.setGrantedTimestamp(Calendar.getInstance().getTimeInMillis());
|
||||||
}
|
}
|
||||||
|
|
||||||
private org.keycloak.authorization.model.Scope getScope(String scopeId, ResourceServer resourceServer) {
|
private org.keycloak.authorization.model.Scope getScope(String scopeId, ResourceServer resourceServer) {
|
||||||
org.keycloak.authorization.model.Scope scope = scopeStore.findByName(scopeId, resourceServer.getId());
|
org.keycloak.authorization.model.Scope scope = scopeStore.findByName(resourceServer, scopeId);
|
||||||
|
|
||||||
if (scope == null) {
|
if (scope == null) {
|
||||||
scope = scopeStore.findById(scopeId, resourceServer.getId());
|
scope = scopeStore.findById(resourceServer, scopeId);
|
||||||
}
|
}
|
||||||
|
|
||||||
return scope;
|
return scope;
|
||||||
|
|
|
@ -73,7 +73,7 @@ public class ResourcesService extends AbstractResourceService {
|
||||||
filters.put(org.keycloak.authorization.model.Resource.FilterOption.NAME, new String[] { name });
|
filters.put(org.keycloak.authorization.model.Resource.FilterOption.NAME, new String[] { name });
|
||||||
}
|
}
|
||||||
|
|
||||||
return queryResponse((f, m) -> resourceStore.findByResourceServer(filters, null, f, m).stream()
|
return queryResponse((f, m) -> resourceStore.findByResourceServer(null, filters, f, m).stream()
|
||||||
.map(resource -> new Resource(resource, user, provider)), first, max);
|
.map(resource -> new Resource(resource, user, provider)), first, max);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -123,7 +123,7 @@ public class ResourcesService extends AbstractResourceService {
|
||||||
filters.put(PermissionTicket.FilterOption.REQUESTER, user.getId());
|
filters.put(PermissionTicket.FilterOption.REQUESTER, user.getId());
|
||||||
filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.FALSE.toString());
|
filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.FALSE.toString());
|
||||||
|
|
||||||
final List<PermissionTicket> permissionTickets = ticketStore.find(filters, null, -1, -1);
|
final List<PermissionTicket> permissionTickets = ticketStore.find(null, filters, null, null);
|
||||||
|
|
||||||
final List<ResourcePermission> resourceList = new ArrayList<>(permissionTickets.size());
|
final List<ResourcePermission> resourceList = new ArrayList<>(permissionTickets.size());
|
||||||
for (PermissionTicket ticket : permissionTickets) {
|
for (PermissionTicket ticket : permissionTickets) {
|
||||||
|
@ -138,7 +138,7 @@ public class ResourcesService extends AbstractResourceService {
|
||||||
|
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
public Object getResource(@PathParam("id") String id) {
|
public Object getResource(@PathParam("id") String id) {
|
||||||
org.keycloak.authorization.model.Resource resource = resourceStore.findById(id, null);
|
org.keycloak.authorization.model.Resource resource = resourceStore.findById(null, id);
|
||||||
|
|
||||||
if (resource == null) {
|
if (resource == null) {
|
||||||
throw new NotFoundException("resource_not_found");
|
throw new NotFoundException("resource_not_found");
|
||||||
|
@ -167,9 +167,9 @@ public class ResourcesService extends AbstractResourceService {
|
||||||
filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString());
|
filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString());
|
||||||
filters.put(PermissionTicket.FilterOption.RESOURCE_ID, resource.getId());
|
filters.put(PermissionTicket.FilterOption.RESOURCE_ID, resource.getId());
|
||||||
|
|
||||||
tickets = ticketStore.find(filters, null, -1, -1);
|
tickets = ticketStore.find(resource.getResourceServer(), filters, null, null);
|
||||||
} else {
|
} else {
|
||||||
tickets = ticketStore.findGranted(resource.getName(), user.getId(), null);
|
tickets = ticketStore.findGranted(resource.getResourceServer(), resource.getName(), user.getId());
|
||||||
}
|
}
|
||||||
|
|
||||||
for (PermissionTicket ticket : tickets) {
|
for (PermissionTicket ticket : tickets) {
|
||||||
|
|
|
@ -95,15 +95,15 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionM
|
||||||
ResourceServer server = root.findOrCreateResourceServer(client);
|
ResourceServer server = root.findOrCreateResourceServer(client);
|
||||||
Scope manageScope = manageScope(server);
|
Scope manageScope = manageScope(server);
|
||||||
if (manageScope == null) {
|
if (manageScope == null) {
|
||||||
manageScope = authz.getStoreFactory().getScopeStore().create(AdminPermissionManagement.MANAGE_SCOPE, server);
|
manageScope = authz.getStoreFactory().getScopeStore().create(server, AdminPermissionManagement.MANAGE_SCOPE);
|
||||||
}
|
}
|
||||||
Scope viewScope = viewScope(server);
|
Scope viewScope = viewScope(server);
|
||||||
if (viewScope == null) {
|
if (viewScope == null) {
|
||||||
viewScope = authz.getStoreFactory().getScopeStore().create(AdminPermissionManagement.VIEW_SCOPE, server);
|
viewScope = authz.getStoreFactory().getScopeStore().create(server, AdminPermissionManagement.VIEW_SCOPE);
|
||||||
}
|
}
|
||||||
Scope mapRoleScope = mapRolesScope(server);
|
Scope mapRoleScope = mapRolesScope(server);
|
||||||
if (mapRoleScope == null) {
|
if (mapRoleScope == null) {
|
||||||
mapRoleScope = authz.getStoreFactory().getScopeStore().create(MAP_ROLES_SCOPE, server);
|
mapRoleScope = authz.getStoreFactory().getScopeStore().create(server, MAP_ROLES_SCOPE);
|
||||||
}
|
}
|
||||||
Scope mapRoleClientScope = root.initializeScope(MAP_ROLES_CLIENT_SCOPE, server);
|
Scope mapRoleClientScope = root.initializeScope(MAP_ROLES_CLIENT_SCOPE, server);
|
||||||
Scope mapRoleCompositeScope = root.initializeScope(MAP_ROLES_COMPOSITE_SCOPE, server);
|
Scope mapRoleCompositeScope = root.initializeScope(MAP_ROLES_COMPOSITE_SCOPE, server);
|
||||||
|
@ -111,9 +111,9 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionM
|
||||||
Scope exchangeToScope = root.initializeScope(TOKEN_EXCHANGE, server);
|
Scope exchangeToScope = root.initializeScope(TOKEN_EXCHANGE, server);
|
||||||
|
|
||||||
String resourceName = getResourceName(client);
|
String resourceName = getResourceName(client);
|
||||||
Resource resource = authz.getStoreFactory().getResourceStore().findByName(resourceName, server.getId());
|
Resource resource = authz.getStoreFactory().getResourceStore().findByName(server, resourceName);
|
||||||
if (resource == null) {
|
if (resource == null) {
|
||||||
resource = authz.getStoreFactory().getResourceStore().create(resourceName, server, server.getId());
|
resource = authz.getStoreFactory().getResourceStore().create(server, resourceName, server.getClientId());
|
||||||
resource.setType("Client");
|
resource.setType("Client");
|
||||||
Set<Scope> scopeset = new HashSet<>();
|
Set<Scope> scopeset = new HashSet<>();
|
||||||
scopeset.add(configureScope);
|
scopeset.add(configureScope);
|
||||||
|
@ -126,44 +126,44 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionM
|
||||||
resource.updateScopes(scopeset);
|
resource.updateScopes(scopeset);
|
||||||
}
|
}
|
||||||
String managePermissionName = getManagePermissionName(client);
|
String managePermissionName = getManagePermissionName(client);
|
||||||
Policy managePermission = authz.getStoreFactory().getPolicyStore().findByName(managePermissionName, server.getId());
|
Policy managePermission = authz.getStoreFactory().getPolicyStore().findByName(server, managePermissionName);
|
||||||
if (managePermission == null) {
|
if (managePermission == null) {
|
||||||
Helper.addEmptyScopePermission(authz, server, managePermissionName, resource, manageScope);
|
Helper.addEmptyScopePermission(authz, server, managePermissionName, resource, manageScope);
|
||||||
}
|
}
|
||||||
String configurePermissionName = getConfigurePermissionName(client);
|
String configurePermissionName = getConfigurePermissionName(client);
|
||||||
Policy configurePermission = authz.getStoreFactory().getPolicyStore().findByName(configurePermissionName, server.getId());
|
Policy configurePermission = authz.getStoreFactory().getPolicyStore().findByName(server, configurePermissionName);
|
||||||
if (configurePermission == null) {
|
if (configurePermission == null) {
|
||||||
Helper.addEmptyScopePermission(authz, server, configurePermissionName, resource, configureScope);
|
Helper.addEmptyScopePermission(authz, server, configurePermissionName, resource, configureScope);
|
||||||
}
|
}
|
||||||
String viewPermissionName = getViewPermissionName(client);
|
String viewPermissionName = getViewPermissionName(client);
|
||||||
Policy viewPermission = authz.getStoreFactory().getPolicyStore().findByName(viewPermissionName, server.getId());
|
Policy viewPermission = authz.getStoreFactory().getPolicyStore().findByName(server, viewPermissionName);
|
||||||
if (viewPermission == null) {
|
if (viewPermission == null) {
|
||||||
Helper.addEmptyScopePermission(authz, server, viewPermissionName, resource, viewScope);
|
Helper.addEmptyScopePermission(authz, server, viewPermissionName, resource, viewScope);
|
||||||
}
|
}
|
||||||
String mapRolePermissionName = getMapRolesPermissionName(client);
|
String mapRolePermissionName = getMapRolesPermissionName(client);
|
||||||
Policy mapRolePermission = authz.getStoreFactory().getPolicyStore().findByName(mapRolePermissionName, server.getId());
|
Policy mapRolePermission = authz.getStoreFactory().getPolicyStore().findByName(server, mapRolePermissionName);
|
||||||
if (mapRolePermission == null) {
|
if (mapRolePermission == null) {
|
||||||
Helper.addEmptyScopePermission(authz, server, mapRolePermissionName, resource, mapRoleScope);
|
Helper.addEmptyScopePermission(authz, server, mapRolePermissionName, resource, mapRoleScope);
|
||||||
}
|
}
|
||||||
String mapRoleClientScopePermissionName = getMapRolesClientScopePermissionName(client);
|
String mapRoleClientScopePermissionName = getMapRolesClientScopePermissionName(client);
|
||||||
Policy mapRoleClientScopePermission = authz.getStoreFactory().getPolicyStore().findByName(mapRoleClientScopePermissionName, server.getId());
|
Policy mapRoleClientScopePermission = authz.getStoreFactory().getPolicyStore().findByName(server, mapRoleClientScopePermissionName);
|
||||||
if (mapRoleClientScopePermission == null) {
|
if (mapRoleClientScopePermission == null) {
|
||||||
Helper.addEmptyScopePermission(authz, server, mapRoleClientScopePermissionName, resource, mapRoleClientScope);
|
Helper.addEmptyScopePermission(authz, server, mapRoleClientScopePermissionName, resource, mapRoleClientScope);
|
||||||
}
|
}
|
||||||
String mapRoleCompositePermissionName = getMapRolesCompositePermissionName(client);
|
String mapRoleCompositePermissionName = getMapRolesCompositePermissionName(client);
|
||||||
Policy mapRoleCompositePermission = authz.getStoreFactory().getPolicyStore().findByName(mapRoleCompositePermissionName, server.getId());
|
Policy mapRoleCompositePermission = authz.getStoreFactory().getPolicyStore().findByName(server, mapRoleCompositePermissionName);
|
||||||
if (mapRoleCompositePermission == null) {
|
if (mapRoleCompositePermission == null) {
|
||||||
Helper.addEmptyScopePermission(authz, server, mapRoleCompositePermissionName, resource, mapRoleCompositeScope);
|
Helper.addEmptyScopePermission(authz, server, mapRoleCompositePermissionName, resource, mapRoleCompositeScope);
|
||||||
}
|
}
|
||||||
String exchangeToPermissionName = getExchangeToPermissionName(client);
|
String exchangeToPermissionName = getExchangeToPermissionName(client);
|
||||||
Policy exchangeToPermission = authz.getStoreFactory().getPolicyStore().findByName(exchangeToPermissionName, server.getId());
|
Policy exchangeToPermission = authz.getStoreFactory().getPolicyStore().findByName(server, exchangeToPermissionName);
|
||||||
if (exchangeToPermission == null) {
|
if (exchangeToPermission == null) {
|
||||||
Helper.addEmptyScopePermission(authz, server, exchangeToPermissionName, resource, exchangeToScope);
|
Helper.addEmptyScopePermission(authz, server, exchangeToPermissionName, resource, exchangeToScope);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private void deletePolicy(String name, ResourceServer server) {
|
private void deletePolicy(String name, ResourceServer server) {
|
||||||
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(name, server.getId());
|
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(server, name);
|
||||||
if (policy != null) {
|
if (policy != null) {
|
||||||
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
||||||
}
|
}
|
||||||
|
@ -180,7 +180,7 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionM
|
||||||
deletePolicy(getMapRolesCompositePermissionName(client), server);
|
deletePolicy(getMapRolesCompositePermissionName(client), server);
|
||||||
deletePolicy(getConfigurePermissionName(client), server);
|
deletePolicy(getConfigurePermissionName(client), server);
|
||||||
deletePolicy(getExchangeToPermissionName(client), server);
|
deletePolicy(getExchangeToPermissionName(client), server);
|
||||||
Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId());;
|
Resource resource = authz.getStoreFactory().getResourceStore().findByName(server, getResourceName(client));;
|
||||||
if (resource != null) authz.getStoreFactory().getResourceStore().delete(resource.getId());
|
if (resource != null) authz.getStoreFactory().getResourceStore().delete(resource.getId());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -189,7 +189,7 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionM
|
||||||
ResourceServer server = resourceServer(client);
|
ResourceServer server = resourceServer(client);
|
||||||
if (server == null) return false;
|
if (server == null) return false;
|
||||||
|
|
||||||
return authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId()) != null;
|
return authz.getStoreFactory().getResourceStore().findByName(server, getResourceName(client)) != null;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -204,22 +204,22 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionM
|
||||||
|
|
||||||
|
|
||||||
private Scope manageScope(ResourceServer server) {
|
private Scope manageScope(ResourceServer server) {
|
||||||
return authz.getStoreFactory().getScopeStore().findByName(AdminPermissionManagement.MANAGE_SCOPE, server.getId());
|
return authz.getStoreFactory().getScopeStore().findByName(server, AdminPermissionManagement.MANAGE_SCOPE);
|
||||||
}
|
}
|
||||||
|
|
||||||
private Scope exchangeToScope(ResourceServer server) {
|
private Scope exchangeToScope(ResourceServer server) {
|
||||||
return authz.getStoreFactory().getScopeStore().findByName(TOKEN_EXCHANGE, server.getId());
|
return authz.getStoreFactory().getScopeStore().findByName(server, TOKEN_EXCHANGE);
|
||||||
}
|
}
|
||||||
|
|
||||||
private Scope configureScope(ResourceServer server) {
|
private Scope configureScope(ResourceServer server) {
|
||||||
return authz.getStoreFactory().getScopeStore().findByName(CONFIGURE_SCOPE, server.getId());
|
return authz.getStoreFactory().getScopeStore().findByName(server, CONFIGURE_SCOPE);
|
||||||
}
|
}
|
||||||
|
|
||||||
private Scope viewScope(ResourceServer server) {
|
private Scope viewScope(ResourceServer server) {
|
||||||
return authz.getStoreFactory().getScopeStore().findByName(AdminPermissionManagement.VIEW_SCOPE, server.getId());
|
return authz.getStoreFactory().getScopeStore().findByName(server, AdminPermissionManagement.VIEW_SCOPE);
|
||||||
}
|
}
|
||||||
private Scope mapRolesScope(ResourceServer server) {
|
private Scope mapRolesScope(ResourceServer server) {
|
||||||
return authz.getStoreFactory().getScopeStore().findByName(MAP_ROLES_SCOPE, server.getId());
|
return authz.getStoreFactory().getScopeStore().findByName(server, MAP_ROLES_SCOPE);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -284,7 +284,7 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionM
|
||||||
public Resource resource(ClientModel client) {
|
public Resource resource(ClientModel client) {
|
||||||
ResourceServer server = resourceServer(client);
|
ResourceServer server = resourceServer(client);
|
||||||
if (server == null) return null;
|
if (server == null) return null;
|
||||||
Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId());
|
Resource resource = authz.getStoreFactory().getResourceStore().findByName(server, getResourceName(client));
|
||||||
if (resource == null) return null;
|
if (resource == null) return null;
|
||||||
return resource;
|
return resource;
|
||||||
}
|
}
|
||||||
|
@ -313,13 +313,13 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionM
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(to), server.getId());
|
Resource resource = authz.getStoreFactory().getResourceStore().findByName(server, getResourceName(to));
|
||||||
if (resource == null) {
|
if (resource == null) {
|
||||||
logger.debug("No resource object set up for target client");
|
logger.debug("No resource object set up for target client");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getExchangeToPermissionName(to), server.getId());
|
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(server, getExchangeToPermissionName(to));
|
||||||
if (policy == null) {
|
if (policy == null) {
|
||||||
logger.debug("No permission object set up for target client");
|
logger.debug("No permission object set up for target client");
|
||||||
return false;
|
return false;
|
||||||
|
@ -366,10 +366,10 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionM
|
||||||
ResourceServer server = resourceServer(client);
|
ResourceServer server = resourceServer(client);
|
||||||
if (server == null) return false;
|
if (server == null) return false;
|
||||||
|
|
||||||
Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId());
|
Resource resource = authz.getStoreFactory().getResourceStore().findByName(server, getResourceName(client));
|
||||||
if (resource == null) return false;
|
if (resource == null) return false;
|
||||||
|
|
||||||
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getManagePermissionName(client), server.getId());
|
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(server, getManagePermissionName(client));
|
||||||
if (policy == null) {
|
if (policy == null) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
@ -394,10 +394,10 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionM
|
||||||
ResourceServer server = resourceServer(client);
|
ResourceServer server = resourceServer(client);
|
||||||
if (server == null) return false;
|
if (server == null) return false;
|
||||||
|
|
||||||
Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId());
|
Resource resource = authz.getStoreFactory().getResourceStore().findByName(server, getResourceName(client));
|
||||||
if (resource == null) return false;
|
if (resource == null) return false;
|
||||||
|
|
||||||
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getConfigurePermissionName(client), server.getId());
|
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(server, getConfigurePermissionName(client));
|
||||||
if (policy == null) {
|
if (policy == null) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
@ -440,10 +440,10 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionM
|
||||||
ResourceServer server = resourceServer(client);
|
ResourceServer server = resourceServer(client);
|
||||||
if (server == null) return false;
|
if (server == null) return false;
|
||||||
|
|
||||||
Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId());
|
Resource resource = authz.getStoreFactory().getResourceStore().findByName(server, getResourceName(client));
|
||||||
if (resource == null) return false;
|
if (resource == null) return false;
|
||||||
|
|
||||||
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getViewPermissionName(client), server.getId());
|
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(server, getViewPermissionName(client));
|
||||||
if (policy == null) {
|
if (policy == null) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
@ -519,10 +519,10 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionM
|
||||||
ResourceServer server = resourceServer(client);
|
ResourceServer server = resourceServer(client);
|
||||||
if (server == null) return false;
|
if (server == null) return false;
|
||||||
|
|
||||||
Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId());
|
Resource resource = authz.getStoreFactory().getResourceStore().findByName(server, getResourceName(client));
|
||||||
if (resource == null) return false;
|
if (resource == null) return false;
|
||||||
|
|
||||||
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getMapRolesPermissionName(client), server.getId());
|
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(server, getMapRolesPermissionName(client));
|
||||||
if (policy == null) {
|
if (policy == null) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
@ -541,49 +541,49 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionM
|
||||||
public Policy exchangeToPermission(ClientModel client) {
|
public Policy exchangeToPermission(ClientModel client) {
|
||||||
ResourceServer server = resourceServer(client);
|
ResourceServer server = resourceServer(client);
|
||||||
if (server == null) return null;
|
if (server == null) return null;
|
||||||
return authz.getStoreFactory().getPolicyStore().findByName(getExchangeToPermissionName(client), server.getId());
|
return authz.getStoreFactory().getPolicyStore().findByName(server, getExchangeToPermissionName(client));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy mapRolesPermission(ClientModel client) {
|
public Policy mapRolesPermission(ClientModel client) {
|
||||||
ResourceServer server = resourceServer(client);
|
ResourceServer server = resourceServer(client);
|
||||||
if (server == null) return null;
|
if (server == null) return null;
|
||||||
return authz.getStoreFactory().getPolicyStore().findByName(getMapRolesPermissionName(client), server.getId());
|
return authz.getStoreFactory().getPolicyStore().findByName(server, getMapRolesPermissionName(client));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy mapRolesClientScopePermission(ClientModel client) {
|
public Policy mapRolesClientScopePermission(ClientModel client) {
|
||||||
ResourceServer server = resourceServer(client);
|
ResourceServer server = resourceServer(client);
|
||||||
if (server == null) return null;
|
if (server == null) return null;
|
||||||
return authz.getStoreFactory().getPolicyStore().findByName(getMapRolesClientScopePermissionName(client), server.getId());
|
return authz.getStoreFactory().getPolicyStore().findByName(server, getMapRolesClientScopePermissionName(client));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy mapRolesCompositePermission(ClientModel client) {
|
public Policy mapRolesCompositePermission(ClientModel client) {
|
||||||
ResourceServer server = resourceServer(client);
|
ResourceServer server = resourceServer(client);
|
||||||
if (server == null) return null;
|
if (server == null) return null;
|
||||||
return authz.getStoreFactory().getPolicyStore().findByName(getMapRolesCompositePermissionName(client), server.getId());
|
return authz.getStoreFactory().getPolicyStore().findByName(server, getMapRolesCompositePermissionName(client));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy managePermission(ClientModel client) {
|
public Policy managePermission(ClientModel client) {
|
||||||
ResourceServer server = resourceServer(client);
|
ResourceServer server = resourceServer(client);
|
||||||
if (server == null) return null;
|
if (server == null) return null;
|
||||||
return authz.getStoreFactory().getPolicyStore().findByName(getManagePermissionName(client), server.getId());
|
return authz.getStoreFactory().getPolicyStore().findByName(server, getManagePermissionName(client));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy configurePermission(ClientModel client) {
|
public Policy configurePermission(ClientModel client) {
|
||||||
ResourceServer server = resourceServer(client);
|
ResourceServer server = resourceServer(client);
|
||||||
if (server == null) return null;
|
if (server == null) return null;
|
||||||
return authz.getStoreFactory().getPolicyStore().findByName(getConfigurePermissionName(client), server.getId());
|
return authz.getStoreFactory().getPolicyStore().findByName(server, getConfigurePermissionName(client));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy viewPermission(ClientModel client) {
|
public Policy viewPermission(ClientModel client) {
|
||||||
ResourceServer server = resourceServer(client);
|
ResourceServer server = resourceServer(client);
|
||||||
if (server == null) return null;
|
if (server == null) return null;
|
||||||
return authz.getStoreFactory().getPolicyStore().findByName(getViewPermissionName(client), server.getId());
|
return authz.getStoreFactory().getPolicyStore().findByName(server, getViewPermissionName(client));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -596,10 +596,10 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionM
|
||||||
ResourceServer server = resourceServer(client);
|
ResourceServer server = resourceServer(client);
|
||||||
if (server == null) return false;
|
if (server == null) return false;
|
||||||
|
|
||||||
Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId());
|
Resource resource = authz.getStoreFactory().getResourceStore().findByName(server, getResourceName(client));
|
||||||
if (resource == null) return false;
|
if (resource == null) return false;
|
||||||
|
|
||||||
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getMapRolesCompositePermissionName(client), server.getId());
|
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(server, getMapRolesCompositePermissionName(client));
|
||||||
if (policy == null) {
|
if (policy == null) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
@ -610,7 +610,7 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionM
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
Scope scope = authz.getStoreFactory().getScopeStore().findByName(MAP_ROLES_COMPOSITE_SCOPE, server.getId());
|
Scope scope = authz.getStoreFactory().getScopeStore().findByName(server, MAP_ROLES_COMPOSITE_SCOPE);
|
||||||
return root.evaluatePermission(resource, server, scope);
|
return root.evaluatePermission(resource, server, scope);
|
||||||
}
|
}
|
||||||
@Override
|
@Override
|
||||||
|
@ -618,10 +618,10 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionM
|
||||||
ResourceServer server = resourceServer(client);
|
ResourceServer server = resourceServer(client);
|
||||||
if (server == null) return false;
|
if (server == null) return false;
|
||||||
|
|
||||||
Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(client), server.getId());
|
Resource resource = authz.getStoreFactory().getResourceStore().findByName(server, getResourceName(client));
|
||||||
if (resource == null) return false;
|
if (resource == null) return false;
|
||||||
|
|
||||||
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getMapRolesClientScopePermissionName(client), server.getId());
|
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(server, getMapRolesClientScopePermissionName(client));
|
||||||
if (policy == null) {
|
if (policy == null) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
@ -632,7 +632,7 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionM
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
Scope scope = authz.getStoreFactory().getScopeStore().findByName(MAP_ROLES_CLIENT_SCOPE, server.getId());
|
Scope scope = authz.getStoreFactory().getScopeStore().findByName(server, MAP_ROLES_CLIENT_SCOPE);
|
||||||
return root.evaluatePermission(resource, server, scope);
|
return root.evaluatePermission(resource, server, scope);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -105,9 +105,9 @@ class GroupPermissions implements GroupPermissionEvaluator, GroupPermissionManag
|
||||||
Scope manageMembershipScope = root.initializeRealmScope(MANAGE_MEMBERSHIP_SCOPE);
|
Scope manageMembershipScope = root.initializeRealmScope(MANAGE_MEMBERSHIP_SCOPE);
|
||||||
|
|
||||||
String groupResourceName = getGroupResourceName(group);
|
String groupResourceName = getGroupResourceName(group);
|
||||||
Resource groupResource = resourceStore.findByName(groupResourceName, server.getId());
|
Resource groupResource = resourceStore.findByName(server, groupResourceName);
|
||||||
if (groupResource == null) {
|
if (groupResource == null) {
|
||||||
groupResource = resourceStore.create(groupResourceName, server, server.getId());
|
groupResource = resourceStore.create(server, groupResourceName, server.getClientId());
|
||||||
Set<Scope> scopeset = new HashSet<>();
|
Set<Scope> scopeset = new HashSet<>();
|
||||||
scopeset.add(manageScope);
|
scopeset.add(manageScope);
|
||||||
scopeset.add(viewScope);
|
scopeset.add(viewScope);
|
||||||
|
@ -118,27 +118,27 @@ class GroupPermissions implements GroupPermissionEvaluator, GroupPermissionManag
|
||||||
groupResource.setType("Group");
|
groupResource.setType("Group");
|
||||||
}
|
}
|
||||||
String managePermissionName = getManagePermissionGroup(group);
|
String managePermissionName = getManagePermissionGroup(group);
|
||||||
Policy managePermission = policyStore.findByName(managePermissionName, server.getId());
|
Policy managePermission = policyStore.findByName(server, managePermissionName);
|
||||||
if (managePermission == null) {
|
if (managePermission == null) {
|
||||||
Helper.addEmptyScopePermission(authz, server, managePermissionName, groupResource, manageScope);
|
Helper.addEmptyScopePermission(authz, server, managePermissionName, groupResource, manageScope);
|
||||||
}
|
}
|
||||||
String viewPermissionName = getViewPermissionGroup(group);
|
String viewPermissionName = getViewPermissionGroup(group);
|
||||||
Policy viewPermission = policyStore.findByName(viewPermissionName, server.getId());
|
Policy viewPermission = policyStore.findByName(server, viewPermissionName);
|
||||||
if (viewPermission == null) {
|
if (viewPermission == null) {
|
||||||
Helper.addEmptyScopePermission(authz, server, viewPermissionName, groupResource, viewScope);
|
Helper.addEmptyScopePermission(authz, server, viewPermissionName, groupResource, viewScope);
|
||||||
}
|
}
|
||||||
String manageMembersPermissionName = getManageMembersPermissionGroup(group);
|
String manageMembersPermissionName = getManageMembersPermissionGroup(group);
|
||||||
Policy manageMembersPermission = policyStore.findByName(manageMembersPermissionName, server.getId());
|
Policy manageMembersPermission = policyStore.findByName(server, manageMembersPermissionName);
|
||||||
if (manageMembersPermission == null) {
|
if (manageMembersPermission == null) {
|
||||||
Helper.addEmptyScopePermission(authz, server, manageMembersPermissionName, groupResource, manageMembersScope);
|
Helper.addEmptyScopePermission(authz, server, manageMembersPermissionName, groupResource, manageMembersScope);
|
||||||
}
|
}
|
||||||
String viewMembersPermissionName = getViewMembersPermissionGroup(group);
|
String viewMembersPermissionName = getViewMembersPermissionGroup(group);
|
||||||
Policy viewMembersPermission = policyStore.findByName(viewMembersPermissionName, server.getId());
|
Policy viewMembersPermission = policyStore.findByName(server, viewMembersPermissionName);
|
||||||
if (viewMembersPermission == null) {
|
if (viewMembersPermission == null) {
|
||||||
Helper.addEmptyScopePermission(authz, server, viewMembersPermissionName, groupResource, viewMembersScope);
|
Helper.addEmptyScopePermission(authz, server, viewMembersPermissionName, groupResource, viewMembersScope);
|
||||||
}
|
}
|
||||||
String manageMembershipPermissionName = getManageMembershipPermissionGroup(group);
|
String manageMembershipPermissionName = getManageMembershipPermissionGroup(group);
|
||||||
Policy manageMembershipPermission = policyStore.findByName(manageMembershipPermissionName, server.getId());
|
Policy manageMembershipPermission = policyStore.findByName(server, manageMembershipPermissionName);
|
||||||
if (manageMembershipPermission == null) {
|
if (manageMembershipPermission == null) {
|
||||||
Helper.addEmptyScopePermission(authz, server, manageMembershipPermissionName, groupResource, manageMembershipScope);
|
Helper.addEmptyScopePermission(authz, server, manageMembershipPermissionName, groupResource, manageMembershipScope);
|
||||||
}
|
}
|
||||||
|
@ -162,7 +162,7 @@ class GroupPermissions implements GroupPermissionEvaluator, GroupPermissionManag
|
||||||
ResourceServer server = root.realmResourceServer();
|
ResourceServer server = root.realmResourceServer();
|
||||||
if (server == null) return false;
|
if (server == null) return false;
|
||||||
|
|
||||||
return resourceStore.findByName(getGroupResourceName(group), server.getId()) != null;
|
return resourceStore.findByName(server, getGroupResourceName(group)) != null;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -178,42 +178,42 @@ class GroupPermissions implements GroupPermissionEvaluator, GroupPermissionManag
|
||||||
public Policy viewMembersPermission(GroupModel group) {
|
public Policy viewMembersPermission(GroupModel group) {
|
||||||
ResourceServer server = root.realmResourceServer();
|
ResourceServer server = root.realmResourceServer();
|
||||||
if (server == null) return null;
|
if (server == null) return null;
|
||||||
return policyStore.findByName(getViewMembersPermissionGroup(group), server.getId());
|
return policyStore.findByName(server, getViewMembersPermissionGroup(group));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy manageMembersPermission(GroupModel group) {
|
public Policy manageMembersPermission(GroupModel group) {
|
||||||
ResourceServer server = root.realmResourceServer();
|
ResourceServer server = root.realmResourceServer();
|
||||||
if (server == null) return null;
|
if (server == null) return null;
|
||||||
return policyStore.findByName(getManageMembersPermissionGroup(group), server.getId());
|
return policyStore.findByName(server, getManageMembersPermissionGroup(group));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy manageMembershipPermission(GroupModel group) {
|
public Policy manageMembershipPermission(GroupModel group) {
|
||||||
ResourceServer server = root.realmResourceServer();
|
ResourceServer server = root.realmResourceServer();
|
||||||
if (server == null) return null;
|
if (server == null) return null;
|
||||||
return policyStore.findByName(getManageMembershipPermissionGroup(group), server.getId());
|
return policyStore.findByName(server, getManageMembershipPermissionGroup(group));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy viewPermission(GroupModel group) {
|
public Policy viewPermission(GroupModel group) {
|
||||||
ResourceServer server = root.realmResourceServer();
|
ResourceServer server = root.realmResourceServer();
|
||||||
if (server == null) return null;
|
if (server == null) return null;
|
||||||
return policyStore.findByName(getViewPermissionGroup(group), server.getId());
|
return policyStore.findByName(server, getViewPermissionGroup(group));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy managePermission(GroupModel group) {
|
public Policy managePermission(GroupModel group) {
|
||||||
ResourceServer server = root.realmResourceServer();
|
ResourceServer server = root.realmResourceServer();
|
||||||
if (server == null) return null;
|
if (server == null) return null;
|
||||||
return policyStore.findByName(getManagePermissionGroup(group), server.getId());
|
return policyStore.findByName(server, getManagePermissionGroup(group));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Resource resource(GroupModel group) {
|
public Resource resource(GroupModel group) {
|
||||||
ResourceServer server = root.realmResourceServer();
|
ResourceServer server = root.realmResourceServer();
|
||||||
if (server == null) return null;
|
if (server == null) return null;
|
||||||
Resource resource = resourceStore.findByName(getGroupResourceName(group), server.getId());
|
Resource resource = resourceStore.findByName(server, getGroupResourceName(group));
|
||||||
if (resource == null) return null;
|
if (resource == null) return null;
|
||||||
return resource;
|
return resource;
|
||||||
}
|
}
|
||||||
|
@ -325,7 +325,7 @@ class GroupPermissions implements GroupPermissionEvaluator, GroupPermissionManag
|
||||||
|
|
||||||
Set<String> granted = new HashSet<>();
|
Set<String> granted = new HashSet<>();
|
||||||
|
|
||||||
resourceStore.findByType("Group", server.getId(), resource -> {
|
resourceStore.findByType(server, "Group", resource -> {
|
||||||
if (hasPermission(resource, null, VIEW_MEMBERS_SCOPE, MANAGE_MEMBERS_SCOPE)) {
|
if (hasPermission(resource, null, VIEW_MEMBERS_SCOPE, MANAGE_MEMBERS_SCOPE)) {
|
||||||
granted.add(resource.getName().substring(RESOURCE_NAME_PREFIX.length()));
|
granted.add(resource.getName().substring(RESOURCE_NAME_PREFIX.length()));
|
||||||
}
|
}
|
||||||
|
@ -400,7 +400,7 @@ class GroupPermissions implements GroupPermissionEvaluator, GroupPermissionManag
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
Resource resource = resourceStore.findByName(getGroupResourceName(group), server.getId());
|
Resource resource = resourceStore.findByName(server, getGroupResourceName(group));
|
||||||
|
|
||||||
if (resource == null) {
|
if (resource == null) {
|
||||||
return false;
|
return false;
|
||||||
|
@ -437,7 +437,7 @@ class GroupPermissions implements GroupPermissionEvaluator, GroupPermissionManag
|
||||||
ResourceServer server = root.realmResourceServer();
|
ResourceServer server = root.realmResourceServer();
|
||||||
if (server == null) return null;
|
if (server == null) return null;
|
||||||
String groupResourceName = getGroupResourceName(group);
|
String groupResourceName = getGroupResourceName(group);
|
||||||
return resourceStore.findByName(groupResourceName, server.getId());
|
return resourceStore.findByName(server, groupResourceName);
|
||||||
}
|
}
|
||||||
|
|
||||||
private void deletePermissions(GroupModel group) {
|
private void deletePermissions(GroupModel group) {
|
||||||
|
|
|
@ -46,7 +46,7 @@ class Helper {
|
||||||
representation.addScope(scope.getName());
|
representation.addScope(scope.getName());
|
||||||
representation.addPolicy(policy.getName());
|
representation.addPolicy(policy.getName());
|
||||||
|
|
||||||
return authz.getStoreFactory().getPolicyStore().create(representation, resourceServer);
|
return authz.getStoreFactory().getPolicyStore().create(resourceServer, representation);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static Policy addEmptyScopePermission(AuthorizationProvider authz, ResourceServer resourceServer, String name, Resource resource, Scope scope) {
|
public static Policy addEmptyScopePermission(AuthorizationProvider authz, ResourceServer resourceServer, String name, Resource resource, Scope scope) {
|
||||||
|
@ -58,7 +58,7 @@ class Helper {
|
||||||
representation.addResource(resource.getName());
|
representation.addResource(resource.getName());
|
||||||
representation.addScope(scope.getName());
|
representation.addScope(scope.getName());
|
||||||
|
|
||||||
return authz.getStoreFactory().getPolicyStore().create(representation, resourceServer);
|
return authz.getStoreFactory().getPolicyStore().create(resourceServer, representation);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static Policy createRolePolicy(AuthorizationProvider authz, ResourceServer resourceServer, RoleModel role) {
|
public static Policy createRolePolicy(AuthorizationProvider authz, ResourceServer resourceServer, RoleModel role) {
|
||||||
|
@ -78,7 +78,7 @@ class Helper {
|
||||||
config.put("roles", roleValues);
|
config.put("roles", roleValues);
|
||||||
representation.setConfig(config);
|
representation.setConfig(config);
|
||||||
|
|
||||||
return authz.getStoreFactory().getPolicyStore().create(representation, resourceServer);
|
return authz.getStoreFactory().getPolicyStore().create(resourceServer, representation);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static String getRolePolicyName(RoleModel role) {
|
public static String getRolePolicyName(RoleModel role) {
|
||||||
|
|
|
@ -73,23 +73,23 @@ class IdentityProviderPermissions implements IdentityProviderPermissionManageme
|
||||||
Scope exchangeToScope = root.initializeScope(TOKEN_EXCHANGE, server);
|
Scope exchangeToScope = root.initializeScope(TOKEN_EXCHANGE, server);
|
||||||
|
|
||||||
String resourceName = getResourceName(idp);
|
String resourceName = getResourceName(idp);
|
||||||
Resource resource = authz.getStoreFactory().getResourceStore().findByName(resourceName, server.getId());
|
Resource resource = authz.getStoreFactory().getResourceStore().findByName(server, resourceName);
|
||||||
if (resource == null) {
|
if (resource == null) {
|
||||||
resource = authz.getStoreFactory().getResourceStore().create(resourceName, server, server.getId());
|
resource = authz.getStoreFactory().getResourceStore().create(server, resourceName, server.getClientId());
|
||||||
resource.setType("IdentityProvider");
|
resource.setType("IdentityProvider");
|
||||||
Set<Scope> scopeset = new HashSet<>();
|
Set<Scope> scopeset = new HashSet<>();
|
||||||
scopeset.add(exchangeToScope);
|
scopeset.add(exchangeToScope);
|
||||||
resource.updateScopes(scopeset);
|
resource.updateScopes(scopeset);
|
||||||
}
|
}
|
||||||
String exchangeToPermissionName = getExchangeToPermissionName(idp);
|
String exchangeToPermissionName = getExchangeToPermissionName(idp);
|
||||||
Policy exchangeToPermission = authz.getStoreFactory().getPolicyStore().findByName(exchangeToPermissionName, server.getId());
|
Policy exchangeToPermission = authz.getStoreFactory().getPolicyStore().findByName(server, exchangeToPermissionName);
|
||||||
if (exchangeToPermission == null) {
|
if (exchangeToPermission == null) {
|
||||||
Helper.addEmptyScopePermission(authz, server, exchangeToPermissionName, resource, exchangeToScope);
|
Helper.addEmptyScopePermission(authz, server, exchangeToPermissionName, resource, exchangeToScope);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private void deletePolicy(String name, ResourceServer server) {
|
private void deletePolicy(String name, ResourceServer server) {
|
||||||
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(name, server.getId());
|
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(server, name);
|
||||||
if (policy != null) {
|
if (policy != null) {
|
||||||
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
||||||
}
|
}
|
||||||
|
@ -100,7 +100,7 @@ class IdentityProviderPermissions implements IdentityProviderPermissionManageme
|
||||||
ResourceServer server = root.initializeRealmResourceServer();
|
ResourceServer server = root.initializeRealmResourceServer();
|
||||||
if (server == null) return;
|
if (server == null) return;
|
||||||
deletePolicy(getExchangeToPermissionName(idp), server);
|
deletePolicy(getExchangeToPermissionName(idp), server);
|
||||||
Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(idp), server.getId());;
|
Resource resource = authz.getStoreFactory().getResourceStore().findByName(server, getResourceName(idp));;
|
||||||
if (resource != null) authz.getStoreFactory().getResourceStore().delete(resource.getId());
|
if (resource != null) authz.getStoreFactory().getResourceStore().delete(resource.getId());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -109,7 +109,7 @@ class IdentityProviderPermissions implements IdentityProviderPermissionManageme
|
||||||
ResourceServer server = root.initializeRealmResourceServer();
|
ResourceServer server = root.initializeRealmResourceServer();
|
||||||
if (server == null) return false;
|
if (server == null) return false;
|
||||||
|
|
||||||
return authz.getStoreFactory().getResourceStore().findByName(getResourceName(idp), server.getId()) != null;
|
return authz.getStoreFactory().getResourceStore().findByName(server, getResourceName(idp)) != null;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -124,14 +124,14 @@ class IdentityProviderPermissions implements IdentityProviderPermissionManageme
|
||||||
|
|
||||||
|
|
||||||
private Scope exchangeToScope(ResourceServer server) {
|
private Scope exchangeToScope(ResourceServer server) {
|
||||||
return authz.getStoreFactory().getScopeStore().findByName(TOKEN_EXCHANGE, server.getId());
|
return authz.getStoreFactory().getScopeStore().findByName(server, TOKEN_EXCHANGE);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Resource resource(IdentityProviderModel idp) {
|
public Resource resource(IdentityProviderModel idp) {
|
||||||
ResourceServer server = root.initializeRealmResourceServer();
|
ResourceServer server = root.initializeRealmResourceServer();
|
||||||
if (server == null) return null;
|
if (server == null) return null;
|
||||||
Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(idp), server.getId());
|
Resource resource = authz.getStoreFactory().getResourceStore().findByName(server, getResourceName(idp));
|
||||||
if (resource == null) return null;
|
if (resource == null) return null;
|
||||||
return resource;
|
return resource;
|
||||||
}
|
}
|
||||||
|
@ -153,13 +153,13 @@ class IdentityProviderPermissions implements IdentityProviderPermissionManageme
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
Resource resource = authz.getStoreFactory().getResourceStore().findByName(getResourceName(to), server.getId());
|
Resource resource = authz.getStoreFactory().getResourceStore().findByName(server, getResourceName(to));
|
||||||
if (resource == null) {
|
if (resource == null) {
|
||||||
logger.debug("No resource object set up for target idp");
|
logger.debug("No resource object set up for target idp");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getExchangeToPermissionName(to), server.getId());
|
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(server, getExchangeToPermissionName(to));
|
||||||
if (policy == null) {
|
if (policy == null) {
|
||||||
logger.debug("No permission object set up for target idp");
|
logger.debug("No permission object set up for target idp");
|
||||||
return false;
|
return false;
|
||||||
|
@ -194,7 +194,7 @@ class IdentityProviderPermissions implements IdentityProviderPermissionManageme
|
||||||
public Policy exchangeToPermission(IdentityProviderModel idp) {
|
public Policy exchangeToPermission(IdentityProviderModel idp) {
|
||||||
ResourceServer server = root.initializeRealmResourceServer();
|
ResourceServer server = root.initializeRealmResourceServer();
|
||||||
if (server == null) return null;
|
if (server == null) return null;
|
||||||
return authz.getStoreFactory().getPolicyStore().findByName(getExchangeToPermissionName(idp), server.getId());
|
return authz.getStoreFactory().getPolicyStore().findByName(server, getExchangeToPermissionName(idp));
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -283,17 +283,17 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage
|
||||||
|
|
||||||
public Scope initializeRealmScope(String name) {
|
public Scope initializeRealmScope(String name) {
|
||||||
ResourceServer server = initializeRealmResourceServer();
|
ResourceServer server = initializeRealmResourceServer();
|
||||||
Scope scope = authz.getStoreFactory().getScopeStore().findByName(name, server.getId());
|
Scope scope = authz.getStoreFactory().getScopeStore().findByName(server, name);
|
||||||
if (scope == null) {
|
if (scope == null) {
|
||||||
scope = authz.getStoreFactory().getScopeStore().create(name, server);
|
scope = authz.getStoreFactory().getScopeStore().create(server, name);
|
||||||
}
|
}
|
||||||
return scope;
|
return scope;
|
||||||
}
|
}
|
||||||
|
|
||||||
public Scope initializeScope(String name, ResourceServer server) {
|
public Scope initializeScope(String name, ResourceServer server) {
|
||||||
Scope scope = authz.getStoreFactory().getScopeStore().findByName(name, server.getId());
|
Scope scope = authz.getStoreFactory().getScopeStore().findByName(server, name);
|
||||||
if (scope == null) {
|
if (scope == null) {
|
||||||
scope = authz.getStoreFactory().getScopeStore().create(name, server);
|
scope = authz.getStoreFactory().getScopeStore().create(server, name);
|
||||||
}
|
}
|
||||||
return scope;
|
return scope;
|
||||||
}
|
}
|
||||||
|
@ -316,7 +316,7 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage
|
||||||
public Scope realmScope(String scope) {
|
public Scope realmScope(String scope) {
|
||||||
ResourceServer server = realmResourceServer();
|
ResourceServer server = realmResourceServer();
|
||||||
if (server == null) return null;
|
if (server == null) return null;
|
||||||
return authz.getStoreFactory().getScopeStore().findByName(scope, server.getId());
|
return authz.getStoreFactory().getScopeStore().findByName(server, scope);
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean evaluatePermission(Resource resource, ResourceServer resourceServer, Scope... scope) {
|
public boolean evaluatePermission(Resource resource, ResourceServer resourceServer, Scope... scope) {
|
||||||
|
|
|
@ -81,7 +81,7 @@ class RolePermissions implements RolePermissionEvaluator, RolePermissionManageme
|
||||||
policy = mapCompositePermission(role);
|
policy = mapCompositePermission(role);
|
||||||
if (policy != null) authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
if (policy != null) authz.getStoreFactory().getPolicyStore().delete(policy.getId());
|
||||||
|
|
||||||
Resource resource = authz.getStoreFactory().getResourceStore().findByName(getRoleResourceName(role), server.getId());
|
Resource resource = authz.getStoreFactory().getResourceStore().findByName(server, getRoleResourceName(role));
|
||||||
if (resource != null) authz.getStoreFactory().getResourceStore().delete(resource.getId());
|
if (resource != null) authz.getStoreFactory().getResourceStore().delete(resource.getId());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -99,7 +99,7 @@ class RolePermissions implements RolePermissionEvaluator, RolePermissionManageme
|
||||||
public Policy mapRolePermission(RoleModel role) {
|
public Policy mapRolePermission(RoleModel role) {
|
||||||
ResourceServer server = resourceServer(role);
|
ResourceServer server = resourceServer(role);
|
||||||
if (server == null) return null;
|
if (server == null) return null;
|
||||||
return authz.getStoreFactory().getPolicyStore().findByName(getMapRolePermissionName(role), server.getId());
|
return authz.getStoreFactory().getPolicyStore().findByName(server, getMapRolePermissionName(role));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -107,7 +107,7 @@ class RolePermissions implements RolePermissionEvaluator, RolePermissionManageme
|
||||||
ResourceServer server = resourceServer(role);
|
ResourceServer server = resourceServer(role);
|
||||||
if (server == null) return null;
|
if (server == null) return null;
|
||||||
|
|
||||||
return authz.getStoreFactory().getPolicyStore().findByName(getMapCompositePermissionName(role), server.getId());
|
return authz.getStoreFactory().getPolicyStore().findByName(server, getMapCompositePermissionName(role));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -115,7 +115,7 @@ class RolePermissions implements RolePermissionEvaluator, RolePermissionManageme
|
||||||
ResourceServer server = resourceServer(role);
|
ResourceServer server = resourceServer(role);
|
||||||
if (server == null) return null;
|
if (server == null) return null;
|
||||||
|
|
||||||
return authz.getStoreFactory().getPolicyStore().findByName(getMapClientScopePermissionName(role), server.getId());
|
return authz.getStoreFactory().getPolicyStore().findByName(server, getMapClientScopePermissionName(role));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -123,7 +123,7 @@ class RolePermissions implements RolePermissionEvaluator, RolePermissionManageme
|
||||||
ResourceStore resourceStore = authz.getStoreFactory().getResourceStore();
|
ResourceStore resourceStore = authz.getStoreFactory().getResourceStore();
|
||||||
ResourceServer server = resourceServer(role);
|
ResourceServer server = resourceServer(role);
|
||||||
if (server == null) return null;
|
if (server == null) return null;
|
||||||
return resourceStore.findByName(getRoleResourceName(role), server.getId());
|
return resourceStore.findByName(server, getRoleResourceName(role));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -300,7 +300,7 @@ class RolePermissions implements RolePermissionEvaluator, RolePermissionManageme
|
||||||
ResourceServer resourceServer = resourceServer(role);
|
ResourceServer resourceServer = resourceServer(role);
|
||||||
if (resourceServer == null) return false;
|
if (resourceServer == null) return false;
|
||||||
|
|
||||||
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getMapRolePermissionName(role), resourceServer.getId());
|
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(resourceServer, getMapRolePermissionName(role));
|
||||||
if (policy == null || policy.getAssociatedPolicies().isEmpty()) {
|
if (policy == null || policy.getAssociatedPolicies().isEmpty()) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
@ -390,7 +390,7 @@ class RolePermissions implements RolePermissionEvaluator, RolePermissionManageme
|
||||||
ResourceServer resourceServer = resourceServer(role);
|
ResourceServer resourceServer = resourceServer(role);
|
||||||
if (resourceServer == null) return false;
|
if (resourceServer == null) return false;
|
||||||
|
|
||||||
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getMapCompositePermissionName(role), resourceServer.getId());
|
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(resourceServer, getMapCompositePermissionName(role));
|
||||||
if (policy == null || policy.getAssociatedPolicies().isEmpty()) {
|
if (policy == null || policy.getAssociatedPolicies().isEmpty()) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
@ -429,7 +429,7 @@ class RolePermissions implements RolePermissionEvaluator, RolePermissionManageme
|
||||||
ResourceServer resourceServer = resourceServer(role);
|
ResourceServer resourceServer = resourceServer(role);
|
||||||
if (resourceServer == null) return false;
|
if (resourceServer == null) return false;
|
||||||
|
|
||||||
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(getMapClientScopePermissionName(role), resourceServer.getId());
|
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(resourceServer, getMapClientScopePermissionName(role));
|
||||||
if (policy == null || policy.getAssociatedPolicies().isEmpty()) {
|
if (policy == null || policy.getAssociatedPolicies().isEmpty()) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
@ -520,21 +520,21 @@ class RolePermissions implements RolePermissionEvaluator, RolePermissionManageme
|
||||||
@Override
|
@Override
|
||||||
public Policy rolePolicy(ResourceServer server, RoleModel role) {
|
public Policy rolePolicy(ResourceServer server, RoleModel role) {
|
||||||
String policyName = Helper.getRolePolicyName(role);
|
String policyName = Helper.getRolePolicyName(role);
|
||||||
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(policyName, server.getId());
|
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(server, policyName);
|
||||||
if (policy != null) return policy;
|
if (policy != null) return policy;
|
||||||
return Helper.createRolePolicy(authz, server, role, policyName);
|
return Helper.createRolePolicy(authz, server, role, policyName);
|
||||||
}
|
}
|
||||||
|
|
||||||
private Scope mapRoleScope(ResourceServer server) {
|
private Scope mapRoleScope(ResourceServer server) {
|
||||||
return authz.getStoreFactory().getScopeStore().findByName(MAP_ROLE_SCOPE, server.getId());
|
return authz.getStoreFactory().getScopeStore().findByName(server, MAP_ROLE_SCOPE);
|
||||||
}
|
}
|
||||||
|
|
||||||
private Scope mapClientScope(ResourceServer server) {
|
private Scope mapClientScope(ResourceServer server) {
|
||||||
return authz.getStoreFactory().getScopeStore().findByName(MAP_ROLE_CLIENT_SCOPE_SCOPE, server.getId());
|
return authz.getStoreFactory().getScopeStore().findByName(server, MAP_ROLE_CLIENT_SCOPE_SCOPE);
|
||||||
}
|
}
|
||||||
|
|
||||||
private Scope mapCompositeScope(ResourceServer server) {
|
private Scope mapCompositeScope(ResourceServer server) {
|
||||||
return authz.getStoreFactory().getScopeStore().findByName(MAP_ROLE_COMPOSITE_SCOPE, server.getId());
|
return authz.getStoreFactory().getScopeStore().findByName(server, MAP_ROLE_COMPOSITE_SCOPE);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -546,21 +546,21 @@ class RolePermissions implements RolePermissionEvaluator, RolePermissionManageme
|
||||||
}
|
}
|
||||||
Scope mapRoleScope = mapRoleScope(server);
|
Scope mapRoleScope = mapRoleScope(server);
|
||||||
if (mapRoleScope == null) {
|
if (mapRoleScope == null) {
|
||||||
mapRoleScope = authz.getStoreFactory().getScopeStore().create(MAP_ROLE_SCOPE, server);
|
mapRoleScope = authz.getStoreFactory().getScopeStore().create(server, MAP_ROLE_SCOPE);
|
||||||
}
|
}
|
||||||
Scope mapClientScope = mapClientScope(server);
|
Scope mapClientScope = mapClientScope(server);
|
||||||
if (mapClientScope == null) {
|
if (mapClientScope == null) {
|
||||||
mapClientScope = authz.getStoreFactory().getScopeStore().create(MAP_ROLE_CLIENT_SCOPE_SCOPE, server);
|
mapClientScope = authz.getStoreFactory().getScopeStore().create(server, MAP_ROLE_CLIENT_SCOPE_SCOPE);
|
||||||
}
|
}
|
||||||
Scope mapCompositeScope = mapCompositeScope(server);
|
Scope mapCompositeScope = mapCompositeScope(server);
|
||||||
if (mapCompositeScope == null) {
|
if (mapCompositeScope == null) {
|
||||||
mapCompositeScope = authz.getStoreFactory().getScopeStore().create(MAP_ROLE_COMPOSITE_SCOPE, server);
|
mapCompositeScope = authz.getStoreFactory().getScopeStore().create(server, MAP_ROLE_COMPOSITE_SCOPE);
|
||||||
}
|
}
|
||||||
|
|
||||||
String roleResourceName = getRoleResourceName(role);
|
String roleResourceName = getRoleResourceName(role);
|
||||||
Resource resource = authz.getStoreFactory().getResourceStore().findByName(roleResourceName, server.getId());
|
Resource resource = authz.getStoreFactory().getResourceStore().findByName(server, roleResourceName);
|
||||||
if (resource == null) {
|
if (resource == null) {
|
||||||
resource = authz.getStoreFactory().getResourceStore().create(roleResourceName, server, server.getId());
|
resource = authz.getStoreFactory().getResourceStore().create(server, roleResourceName, server.getClientId());
|
||||||
Set<Scope> scopeset = new HashSet<>();
|
Set<Scope> scopeset = new HashSet<>();
|
||||||
scopeset.add(mapClientScope);
|
scopeset.add(mapClientScope);
|
||||||
scopeset.add(mapCompositeScope);
|
scopeset.add(mapCompositeScope);
|
||||||
|
|
|
@ -39,10 +39,8 @@ import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.representations.idm.authorization.Permission;
|
import org.keycloak.representations.idm.authorization.Permission;
|
||||||
import org.keycloak.services.ForbiddenException;
|
import org.keycloak.services.ForbiddenException;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
import java.util.Collections;
|
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.LinkedHashMap;
|
import java.util.LinkedHashMap;
|
||||||
|
@ -104,9 +102,9 @@ class UserPermissions implements UserPermissionEvaluator, UserPermissionManageme
|
||||||
Scope userImpersonatedScope = root.initializeRealmScope(USER_IMPERSONATED_SCOPE);
|
Scope userImpersonatedScope = root.initializeRealmScope(USER_IMPERSONATED_SCOPE);
|
||||||
Scope manageGroupMembershipScope = root.initializeRealmScope(MANAGE_GROUP_MEMBERSHIP_SCOPE);
|
Scope manageGroupMembershipScope = root.initializeRealmScope(MANAGE_GROUP_MEMBERSHIP_SCOPE);
|
||||||
|
|
||||||
Resource usersResource = resourceStore.findByName(USERS_RESOURCE, server.getId());
|
Resource usersResource = resourceStore.findByName(server, USERS_RESOURCE);
|
||||||
if (usersResource == null) {
|
if (usersResource == null) {
|
||||||
usersResource = resourceStore.create(USERS_RESOURCE, server, server.getId());
|
usersResource = resourceStore.create(server, USERS_RESOURCE, server.getClientId());
|
||||||
Set<Scope> scopeset = new HashSet<>();
|
Set<Scope> scopeset = new HashSet<>();
|
||||||
scopeset.add(manageScope);
|
scopeset.add(manageScope);
|
||||||
scopeset.add(viewScope);
|
scopeset.add(viewScope);
|
||||||
|
@ -116,27 +114,27 @@ class UserPermissions implements UserPermissionEvaluator, UserPermissionManageme
|
||||||
scopeset.add(userImpersonatedScope);
|
scopeset.add(userImpersonatedScope);
|
||||||
usersResource.updateScopes(scopeset);
|
usersResource.updateScopes(scopeset);
|
||||||
}
|
}
|
||||||
Policy managePermission = policyStore.findByName(MANAGE_PERMISSION_USERS, server.getId());
|
Policy managePermission = policyStore.findByName(server, MANAGE_PERMISSION_USERS);
|
||||||
if (managePermission == null) {
|
if (managePermission == null) {
|
||||||
Helper.addEmptyScopePermission(authz, server, MANAGE_PERMISSION_USERS, usersResource, manageScope);
|
Helper.addEmptyScopePermission(authz, server, MANAGE_PERMISSION_USERS, usersResource, manageScope);
|
||||||
}
|
}
|
||||||
Policy viewPermission = policyStore.findByName(VIEW_PERMISSION_USERS, server.getId());
|
Policy viewPermission = policyStore.findByName(server, VIEW_PERMISSION_USERS);
|
||||||
if (viewPermission == null) {
|
if (viewPermission == null) {
|
||||||
Helper.addEmptyScopePermission(authz, server, VIEW_PERMISSION_USERS, usersResource, viewScope);
|
Helper.addEmptyScopePermission(authz, server, VIEW_PERMISSION_USERS, usersResource, viewScope);
|
||||||
}
|
}
|
||||||
Policy mapRolesPermission = policyStore.findByName(MAP_ROLES_PERMISSION_USERS, server.getId());
|
Policy mapRolesPermission = policyStore.findByName(server, MAP_ROLES_PERMISSION_USERS);
|
||||||
if (mapRolesPermission == null) {
|
if (mapRolesPermission == null) {
|
||||||
Helper.addEmptyScopePermission(authz, server, MAP_ROLES_PERMISSION_USERS, usersResource, mapRolesScope);
|
Helper.addEmptyScopePermission(authz, server, MAP_ROLES_PERMISSION_USERS, usersResource, mapRolesScope);
|
||||||
}
|
}
|
||||||
Policy membershipPermission = policyStore.findByName(MANAGE_GROUP_MEMBERSHIP_PERMISSION_USERS, server.getId());
|
Policy membershipPermission = policyStore.findByName(server, MANAGE_GROUP_MEMBERSHIP_PERMISSION_USERS);
|
||||||
if (membershipPermission == null) {
|
if (membershipPermission == null) {
|
||||||
Helper.addEmptyScopePermission(authz, server, MANAGE_GROUP_MEMBERSHIP_PERMISSION_USERS, usersResource, manageGroupMembershipScope);
|
Helper.addEmptyScopePermission(authz, server, MANAGE_GROUP_MEMBERSHIP_PERMISSION_USERS, usersResource, manageGroupMembershipScope);
|
||||||
}
|
}
|
||||||
Policy impersonatePermission = policyStore.findByName(ADMIN_IMPERSONATING_PERMISSION, server.getId());
|
Policy impersonatePermission = policyStore.findByName(server, ADMIN_IMPERSONATING_PERMISSION);
|
||||||
if (impersonatePermission == null) {
|
if (impersonatePermission == null) {
|
||||||
Helper.addEmptyScopePermission(authz, server, ADMIN_IMPERSONATING_PERMISSION, usersResource, impersonateScope);
|
Helper.addEmptyScopePermission(authz, server, ADMIN_IMPERSONATING_PERMISSION, usersResource, impersonateScope);
|
||||||
}
|
}
|
||||||
impersonatePermission = policyStore.findByName(USER_IMPERSONATED_PERMISSION, server.getId());
|
impersonatePermission = policyStore.findByName(server, USER_IMPERSONATED_PERMISSION);
|
||||||
if (impersonatePermission == null) {
|
if (impersonatePermission == null) {
|
||||||
Helper.addEmptyScopePermission(authz, server, USER_IMPERSONATED_PERMISSION, usersResource, userImpersonatedScope);
|
Helper.addEmptyScopePermission(authz, server, USER_IMPERSONATED_PERMISSION, usersResource, userImpersonatedScope);
|
||||||
}
|
}
|
||||||
|
@ -160,7 +158,7 @@ class UserPermissions implements UserPermissionEvaluator, UserPermissionManageme
|
||||||
ResourceServer server = root.realmResourceServer();
|
ResourceServer server = root.realmResourceServer();
|
||||||
if (server == null) return false;
|
if (server == null) return false;
|
||||||
|
|
||||||
Resource resource = resourceStore.findByName(USERS_RESOURCE, server.getId());
|
Resource resource = resourceStore.findByName(server, USERS_RESOURCE);
|
||||||
if (resource == null) return false;
|
if (resource == null) return false;
|
||||||
|
|
||||||
Policy policy = managePermission();
|
Policy policy = managePermission();
|
||||||
|
@ -186,38 +184,38 @@ class UserPermissions implements UserPermissionEvaluator, UserPermissionManageme
|
||||||
ResourceServer server = root.realmResourceServer();
|
ResourceServer server = root.realmResourceServer();
|
||||||
if (server == null) return null;
|
if (server == null) return null;
|
||||||
|
|
||||||
return resourceStore.findByName(USERS_RESOURCE, server.getId());
|
return resourceStore.findByName(server, USERS_RESOURCE);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy managePermission() {
|
public Policy managePermission() {
|
||||||
return policyStore.findByName(MANAGE_PERMISSION_USERS, root.realmResourceServer().getId());
|
return policyStore.findByName(root.realmResourceServer(), MANAGE_PERMISSION_USERS);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy viewPermission() {
|
public Policy viewPermission() {
|
||||||
return policyStore.findByName(VIEW_PERMISSION_USERS, root.realmResourceServer().getId());
|
return policyStore.findByName(root.realmResourceServer(), VIEW_PERMISSION_USERS);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy manageGroupMembershipPermission() {
|
public Policy manageGroupMembershipPermission() {
|
||||||
return policyStore.findByName(MANAGE_GROUP_MEMBERSHIP_PERMISSION_USERS, root.realmResourceServer().getId());
|
return policyStore.findByName(root.realmResourceServer(), MANAGE_GROUP_MEMBERSHIP_PERMISSION_USERS);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy mapRolesPermission() {
|
public Policy mapRolesPermission() {
|
||||||
return policyStore.findByName(MAP_ROLES_PERMISSION_USERS, root.realmResourceServer().getId());
|
return policyStore.findByName(root.realmResourceServer(), MAP_ROLES_PERMISSION_USERS);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy adminImpersonatingPermission() {
|
public Policy adminImpersonatingPermission() {
|
||||||
return policyStore.findByName(ADMIN_IMPERSONATING_PERMISSION, root.realmResourceServer().getId());
|
return policyStore.findByName(root.realmResourceServer(), ADMIN_IMPERSONATING_PERMISSION);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Policy userImpersonatedPermission() {
|
public Policy userImpersonatedPermission() {
|
||||||
return policyStore.findByName(USER_IMPERSONATED_PERMISSION, root.realmResourceServer().getId());
|
return policyStore.findByName(root.realmResourceServer(), USER_IMPERSONATED_PERMISSION);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -373,13 +371,13 @@ class UserPermissions implements UserPermissionEvaluator, UserPermissionManageme
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
Resource resource = resourceStore.findByName(USERS_RESOURCE, server.getId());
|
Resource resource = resourceStore.findByName(server, USERS_RESOURCE);
|
||||||
|
|
||||||
if (resource == null) {
|
if (resource == null) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(USER_IMPERSONATED_PERMISSION, server.getId());
|
Policy policy = authz.getStoreFactory().getPolicyStore().findByName(server, USER_IMPERSONATED_PERMISSION);
|
||||||
|
|
||||||
if (policy == null) {
|
if (policy == null) {
|
||||||
return true;
|
return true;
|
||||||
|
@ -481,7 +479,7 @@ class UserPermissions implements UserPermissionEvaluator, UserPermissionManageme
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
Resource resource = resourceStore.findByName(USERS_RESOURCE, server.getId());
|
Resource resource = resourceStore.findByName(server, USERS_RESOURCE);
|
||||||
List<String> expectedScopes = Arrays.asList(scopes);
|
List<String> expectedScopes = Arrays.asList(scopes);
|
||||||
|
|
||||||
if (resource == null) {
|
if (resource == null) {
|
||||||
|
@ -540,7 +538,7 @@ class UserPermissions implements UserPermissionEvaluator, UserPermissionManageme
|
||||||
policyStore.delete(policy.getId());
|
policyStore.delete(policy.getId());
|
||||||
|
|
||||||
}
|
}
|
||||||
Resource usersResource = resourceStore.findByName(USERS_RESOURCE, server.getId());
|
Resource usersResource = resourceStore.findByName(server, USERS_RESOURCE);
|
||||||
if (usersResource != null) {
|
if (usersResource != null) {
|
||||||
resourceStore.delete(usersResource.getId());
|
resourceStore.delete(usersResource.getId());
|
||||||
}
|
}
|
||||||
|
|
|
@ -290,7 +290,7 @@ public class BrokerLinkAndTokenExchangeTest extends AbstractServletsAdapterTest
|
||||||
clientRep.addClient(client.getId());
|
clientRep.addClient(client.getId());
|
||||||
clientRep.addClient(directExchanger.getId());
|
clientRep.addClient(directExchanger.getId());
|
||||||
ResourceServer server = management.realmResourceServer();
|
ResourceServer server = management.realmResourceServer();
|
||||||
Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(clientRep, server);
|
Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(server, clientRep);
|
||||||
management.idps().exchangeToPermission(idp).addAssociatedPolicy(clientPolicy);
|
management.idps().exchangeToPermission(idp).addAssociatedPolicy(clientPolicy);
|
||||||
|
|
||||||
|
|
||||||
|
@ -300,7 +300,7 @@ public class BrokerLinkAndTokenExchangeTest extends AbstractServletsAdapterTest
|
||||||
clientImpersonateRep.setName("clientImpersonators");
|
clientImpersonateRep.setName("clientImpersonators");
|
||||||
clientImpersonateRep.addClient(directExchanger.getId());
|
clientImpersonateRep.addClient(directExchanger.getId());
|
||||||
server = management.realmResourceServer();
|
server = management.realmResourceServer();
|
||||||
Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(clientImpersonateRep, server);
|
Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(server, clientImpersonateRep);
|
||||||
management.users().setPermissionsEnabled(true);
|
management.users().setPermissionsEnabled(true);
|
||||||
management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy);
|
management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy);
|
||||||
management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
|
management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
|
||||||
|
|
|
@ -95,7 +95,7 @@ public class AuthzCleanupTest extends AbstractKeycloakTest {
|
||||||
representation.setLogic(Logic.POSITIVE);
|
representation.setLogic(Logic.POSITIVE);
|
||||||
representation.addRole(roleName, true);
|
representation.addRole(roleName, true);
|
||||||
|
|
||||||
return authz.getStoreFactory().getPolicyStore().create(representation, resourceServer);
|
return authz.getStoreFactory().getPolicyStore().create(resourceServer, representation);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -40,7 +40,6 @@ import org.keycloak.models.utils.KeycloakModelUtils;
|
||||||
import org.keycloak.models.utils.RepresentationToModel;
|
import org.keycloak.models.utils.RepresentationToModel;
|
||||||
import org.keycloak.representations.idm.ClientRepresentation;
|
import org.keycloak.representations.idm.ClientRepresentation;
|
||||||
import org.keycloak.representations.idm.ClientScopeRepresentation;
|
import org.keycloak.representations.idm.ClientScopeRepresentation;
|
||||||
import org.keycloak.representations.idm.GroupRepresentation;
|
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
import org.keycloak.representations.idm.RoleRepresentation;
|
import org.keycloak.representations.idm.RoleRepresentation;
|
||||||
import org.keycloak.representations.idm.UserRepresentation;
|
import org.keycloak.representations.idm.UserRepresentation;
|
||||||
|
@ -274,7 +273,7 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
||||||
groupManagerRep.addUser("groupManager");
|
groupManagerRep.addUser("groupManager");
|
||||||
groupManagerRep.addUser("noMapperGroupManager");
|
groupManagerRep.addUser("noMapperGroupManager");
|
||||||
ResourceServer server = permissions.realmResourceServer();
|
ResourceServer server = permissions.realmResourceServer();
|
||||||
Policy groupManagerPolicy = permissions.authz().getStoreFactory().getPolicyStore().create(groupManagerRep, server);
|
Policy groupManagerPolicy = permissions.authz().getStoreFactory().getPolicyStore().create(server, groupManagerRep);
|
||||||
permissions.groups().manageMembersPermission(group).addAssociatedPolicy(groupManagerPolicy);
|
permissions.groups().manageMembersPermission(group).addAssociatedPolicy(groupManagerPolicy);
|
||||||
permissions.groups().manageMembershipPermission(group).addAssociatedPolicy(groupManagerPolicy);
|
permissions.groups().manageMembershipPermission(group).addAssociatedPolicy(groupManagerPolicy);
|
||||||
permissions.groups().viewPermission(group).addAssociatedPolicy(groupManagerPolicy);
|
permissions.groups().viewPermission(group).addAssociatedPolicy(groupManagerPolicy);
|
||||||
|
@ -288,7 +287,7 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
||||||
UserPolicyRepresentation userRep = new UserPolicyRepresentation();
|
UserPolicyRepresentation userRep = new UserPolicyRepresentation();
|
||||||
userRep.setName("userClientMapper");
|
userRep.setName("userClientMapper");
|
||||||
userRep.addUser("clientMapper");
|
userRep.addUser("clientMapper");
|
||||||
Policy userPolicy = permissions.authz().getStoreFactory().getPolicyStore().create(userRep, permissions.clients().resourceServer(client));
|
Policy userPolicy = permissions.authz().getStoreFactory().getPolicyStore().create(permissions.clients().resourceServer(client), userRep);
|
||||||
clientMapperPolicy.addAssociatedPolicy(userPolicy);
|
clientMapperPolicy.addAssociatedPolicy(userPolicy);
|
||||||
|
|
||||||
UserModel clientManager = session.users().addUser(realm, "clientManager");
|
UserModel clientManager = session.users().addUser(realm, "clientManager");
|
||||||
|
@ -300,7 +299,7 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
||||||
userRep = new UserPolicyRepresentation();
|
userRep = new UserPolicyRepresentation();
|
||||||
userRep.setName("clientManager");
|
userRep.setName("clientManager");
|
||||||
userRep.addUser("clientManager");
|
userRep.addUser("clientManager");
|
||||||
userPolicy = permissions.authz().getStoreFactory().getPolicyStore().create(userRep, permissions.clients().resourceServer(client));
|
userPolicy = permissions.authz().getStoreFactory().getPolicyStore().create(permissions.clients().resourceServer(client), userRep);
|
||||||
clientManagerPolicy.addAssociatedPolicy(userPolicy);
|
clientManagerPolicy.addAssociatedPolicy(userPolicy);
|
||||||
|
|
||||||
|
|
||||||
|
@ -313,7 +312,7 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
||||||
userRep = new UserPolicyRepresentation();
|
userRep = new UserPolicyRepresentation();
|
||||||
userRep.setName("clientConfigure");
|
userRep.setName("clientConfigure");
|
||||||
userRep.addUser("clientConfigurer");
|
userRep.addUser("clientConfigurer");
|
||||||
userPolicy = permissions.authz().getStoreFactory().getPolicyStore().create(userRep, permissions.clients().resourceServer(client));
|
userPolicy = permissions.authz().getStoreFactory().getPolicyStore().create(permissions.clients().resourceServer(client), userRep);
|
||||||
clientConfigurePolicy.addAssociatedPolicy(userPolicy);
|
clientConfigurePolicy.addAssociatedPolicy(userPolicy);
|
||||||
|
|
||||||
|
|
||||||
|
@ -326,7 +325,7 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
||||||
UserPolicyRepresentation groupViewMembersRep = new UserPolicyRepresentation();
|
UserPolicyRepresentation groupViewMembersRep = new UserPolicyRepresentation();
|
||||||
groupViewMembersRep.setName("groupMemberViewers");
|
groupViewMembersRep.setName("groupMemberViewers");
|
||||||
groupViewMembersRep.addUser("groupViewer");
|
groupViewMembersRep.addUser("groupViewer");
|
||||||
Policy groupViewMembersPolicy = permissions.authz().getStoreFactory().getPolicyStore().create(groupViewMembersRep, server);
|
Policy groupViewMembersPolicy = permissions.authz().getStoreFactory().getPolicyStore().create(server, groupViewMembersRep);
|
||||||
Policy groupViewMembersPermission = permissions.groups().viewMembersPermission(group);
|
Policy groupViewMembersPermission = permissions.groups().viewMembersPermission(group);
|
||||||
groupViewMembersPermission.addAssociatedPolicy(groupViewMembersPolicy);
|
groupViewMembersPermission.addAssociatedPolicy(groupViewMembersPolicy);
|
||||||
|
|
||||||
|
@ -825,7 +824,7 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
||||||
public static void invokeDelete(KeycloakSession session) {
|
public static void invokeDelete(KeycloakSession session) {
|
||||||
RealmModel realm = session.realms().getRealmByName(TEST);
|
RealmModel realm = session.realms().getRealmByName(TEST);
|
||||||
AdminPermissionManagement management = AdminPermissions.management(session, realm);
|
AdminPermissionManagement management = AdminPermissions.management(session, realm);
|
||||||
List<Resource> byResourceServer = management.authz().getStoreFactory().getResourceStore().findByResourceServer(management.realmResourceServer().getId());
|
List<Resource> byResourceServer = management.authz().getStoreFactory().getResourceStore().findByResourceServer(management.realmResourceServer());
|
||||||
Assert.assertEquals(5, byResourceServer.size());
|
Assert.assertEquals(5, byResourceServer.size());
|
||||||
RoleModel removedRole = realm.getRole("removedRole");
|
RoleModel removedRole = realm.getRole("removedRole");
|
||||||
realm.removeRole(removedRole);
|
realm.removeRole(removedRole);
|
||||||
|
@ -834,15 +833,15 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
||||||
client.removeRole(removedClientRole);
|
client.removeRole(removedClientRole);
|
||||||
GroupModel group = KeycloakModelUtils.findGroupByPath(realm, "removedGroup");
|
GroupModel group = KeycloakModelUtils.findGroupByPath(realm, "removedGroup");
|
||||||
realm.removeGroup(group);
|
realm.removeGroup(group);
|
||||||
byResourceServer = management.authz().getStoreFactory().getResourceStore().findByResourceServer(management.realmResourceServer().getId());
|
byResourceServer = management.authz().getStoreFactory().getResourceStore().findByResourceServer(management.realmResourceServer());
|
||||||
Assert.assertEquals(2, byResourceServer.size());
|
Assert.assertEquals(2, byResourceServer.size());
|
||||||
realm.removeClient(client.getId());
|
realm.removeClient(client.getId());
|
||||||
byResourceServer = management.authz().getStoreFactory().getResourceStore().findByResourceServer(management.realmResourceServer().getId());
|
byResourceServer = management.authz().getStoreFactory().getResourceStore().findByResourceServer(management.realmResourceServer());
|
||||||
Assert.assertEquals(1, byResourceServer.size());
|
Assert.assertEquals(1, byResourceServer.size());
|
||||||
management.users().setPermissionsEnabled(false);
|
management.users().setPermissionsEnabled(false);
|
||||||
Resource userResource = management.authz().getStoreFactory().getResourceStore().findByName("Users", management.realmResourceServer().getId());
|
Resource userResource = management.authz().getStoreFactory().getResourceStore().findByName(management.realmResourceServer(), "Users");
|
||||||
Assert.assertNull(userResource);
|
Assert.assertNull(userResource);
|
||||||
byResourceServer = management.authz().getStoreFactory().getResourceStore().findByResourceServer(management.realmResourceServer().getId());
|
byResourceServer = management.authz().getStoreFactory().getResourceStore().findByResourceServer(management.realmResourceServer());
|
||||||
Assert.assertEquals(0, byResourceServer.size());
|
Assert.assertEquals(0, byResourceServer.size());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1002,7 +1001,7 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
|
AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
|
||||||
|
|
||||||
Policy userPolicy = provider.getStoreFactory().getPolicyStore().create(userPolicyRepresentation, management.realmResourceServer());
|
Policy userPolicy = provider.getStoreFactory().getPolicyStore().create(management.realmResourceServer(), userPolicyRepresentation);
|
||||||
|
|
||||||
policy.addAssociatedPolicy(RepresentationToModel.toModel(userPolicyRepresentation, provider, userPolicy));
|
policy.addAssociatedPolicy(RepresentationToModel.toModel(userPolicyRepresentation, provider, userPolicy));
|
||||||
|
|
||||||
|
@ -1096,7 +1095,7 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
||||||
Policy policy = clientPermission.viewPermission(clientModel);
|
Policy policy = clientPermission.viewPermission(clientModel);
|
||||||
AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
|
AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
|
||||||
Policy userPolicy = provider.getStoreFactory().getPolicyStore()
|
Policy userPolicy = provider.getStoreFactory().getPolicyStore()
|
||||||
.create(userPolicyRepresentation, management.realmResourceServer());
|
.create(management.realmResourceServer(), userPolicyRepresentation);
|
||||||
|
|
||||||
policy.addAssociatedPolicy(RepresentationToModel.toModel(userPolicyRepresentation, provider, userPolicy));
|
policy.addAssociatedPolicy(RepresentationToModel.toModel(userPolicyRepresentation, provider, userPolicy));
|
||||||
});
|
});
|
||||||
|
@ -1127,8 +1126,9 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
|
AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
|
||||||
ClientModel realmAdminClient = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
|
ClientModel realmAdminClient = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
|
||||||
|
ResourceServer resourceServer = provider.getStoreFactory().getResourceServerStore().findByClient(realmAdminClient);
|
||||||
|
|
||||||
policy.addAssociatedPolicy(provider.getStoreFactory().getPolicyStore().findByName("Only regular-admin-user", realmAdminClient.getId()));
|
policy.addAssociatedPolicy(provider.getStoreFactory().getPolicyStore().findByName(resourceServer, "Only regular-admin-user"));
|
||||||
});
|
});
|
||||||
|
|
||||||
try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth",
|
try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth",
|
||||||
|
@ -1194,9 +1194,10 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
|
AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
|
||||||
ClientModel realmAdminClient = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
|
ClientModel realmAdminClient = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
|
||||||
|
ResourceServer resourceServer = provider.getStoreFactory().getResourceServerStore().findByClient(realmAdminClient);
|
||||||
|
|
||||||
policy.addAssociatedPolicy(provider.getStoreFactory().getPolicyStore()
|
policy.addAssociatedPolicy(provider.getStoreFactory().getPolicyStore()
|
||||||
.findByName("Only regular-admin-user", realmAdminClient.getId()));
|
.findByName(resourceServer, "Only regular-admin-user"));
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -1275,11 +1276,11 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
if (i == 15) {
|
if (i == 15) {
|
||||||
provider.getStoreFactory().getPolicyStore()
|
provider.getStoreFactory().getPolicyStore()
|
||||||
.create(userPolicyRepresentation, management.realmResourceServer());
|
.create(management.realmResourceServer(), userPolicyRepresentation);
|
||||||
}
|
}
|
||||||
|
|
||||||
policy.addAssociatedPolicy(provider.getStoreFactory().getPolicyStore()
|
policy.addAssociatedPolicy(provider.getStoreFactory().getPolicyStore()
|
||||||
.findByName("Only regular-admin-user", realmAdminClient.getId()));
|
.findByName(management.realmResourceServer(), "Only regular-admin-user"));
|
||||||
|
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
@ -1362,7 +1363,7 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
||||||
clientRep.setName("to");
|
clientRep.setName("to");
|
||||||
clientRep.addClient(tokenexclient.getId());
|
clientRep.addClient(tokenexclient.getId());
|
||||||
ResourceServer server = management.realmResourceServer();
|
ResourceServer server = management.realmResourceServer();
|
||||||
Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(clientRep, server);
|
Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(server, clientRep);
|
||||||
management.clients().exchangeToPermission(adminCli).addAssociatedPolicy(clientPolicy);
|
management.clients().exchangeToPermission(adminCli).addAssociatedPolicy(clientPolicy);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -78,8 +78,8 @@ public class PolicyEvaluationCompositeRoleTest extends AbstractAuthzTest {
|
||||||
ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().create(client);
|
ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().create(client);
|
||||||
Policy policy = createRolePolicy(authz, resourceServer, role1);
|
Policy policy = createRolePolicy(authz, resourceServer, role1);
|
||||||
|
|
||||||
Scope scope = authz.getStoreFactory().getScopeStore().create("myscope", resourceServer);
|
Scope scope = authz.getStoreFactory().getScopeStore().create(resourceServer, "myscope");
|
||||||
Resource resource = authz.getStoreFactory().getResourceStore().create("myresource", resourceServer, resourceServer.getId());
|
Resource resource = authz.getStoreFactory().getResourceStore().create(resourceServer, "myresource", resourceServer.getClientId());
|
||||||
addScopePermission(authz, resourceServer, "mypermission", resource, scope, policy);
|
addScopePermission(authz, resourceServer, "mypermission", resource, scope, policy);
|
||||||
|
|
||||||
RoleModel composite = realm.addRole("composite");
|
RoleModel composite = realm.addRole("composite");
|
||||||
|
@ -100,7 +100,7 @@ public class PolicyEvaluationCompositeRoleTest extends AbstractAuthzTest {
|
||||||
representation.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
|
representation.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
|
||||||
representation.setLogic(Logic.POSITIVE);
|
representation.setLogic(Logic.POSITIVE);
|
||||||
|
|
||||||
return authz.getStoreFactory().getPolicyStore().create(representation, resourceServer);
|
return authz.getStoreFactory().getPolicyStore().create(resourceServer, representation);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -116,7 +116,7 @@ public class PolicyEvaluationCompositeRoleTest extends AbstractAuthzTest {
|
||||||
config.put("roles", roleValues);
|
config.put("roles", roleValues);
|
||||||
representation.setConfig(config);
|
representation.setConfig(config);
|
||||||
|
|
||||||
return authz.getStoreFactory().getPolicyStore().create(representation, resourceServer);
|
return authz.getStoreFactory().getPolicyStore().create(resourceServer, representation);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -145,7 +145,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
|
||||||
policyRepresentation.setNotOnOrAfter(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(notOnOrAfterDate));
|
policyRepresentation.setNotOnOrAfter(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(notOnOrAfterDate));
|
||||||
|
|
||||||
// evaluation should succeed with the default context as it uses the current time as the date to be compared.
|
// evaluation should succeed with the default context as it uses the current time as the date to be compared.
|
||||||
Policy policy = storeFactory.getPolicyStore().create(policyRepresentation, resourceServer);
|
Policy policy = storeFactory.getPolicyStore().create(resourceServer, policyRepresentation);
|
||||||
PolicyProvider provider = authorization.getProvider(policy.getType());
|
PolicyProvider provider = authorization.getProvider(policy.getType());
|
||||||
DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
|
DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
|
||||||
provider.evaluate(evaluation);
|
provider.evaluate(evaluation);
|
||||||
|
@ -181,7 +181,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
|
||||||
|
|
||||||
policyRepresentation.setCode(builder.toString());
|
policyRepresentation.setCode(builder.toString());
|
||||||
|
|
||||||
Policy policy = storeFactory.getPolicyStore().create(policyRepresentation, resourceServer);
|
Policy policy = storeFactory.getPolicyStore().create(resourceServer, policyRepresentation);
|
||||||
PolicyProvider provider = authorization.getProvider(policy.getType());
|
PolicyProvider provider = authorization.getProvider(policy.getType());
|
||||||
|
|
||||||
DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
|
DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
|
||||||
|
@ -340,7 +340,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
|
||||||
|
|
||||||
policyRepresentation.setCode(builder.toString());
|
policyRepresentation.setCode(builder.toString());
|
||||||
|
|
||||||
Policy policy = storeFactory.getPolicyStore().create(policyRepresentation, resourceServer);
|
Policy policy = storeFactory.getPolicyStore().create(resourceServer, policyRepresentation);
|
||||||
PolicyProvider provider = authorization.getProvider(policy.getType());
|
PolicyProvider provider = authorization.getProvider(policy.getType());
|
||||||
|
|
||||||
DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
|
DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
|
||||||
|
@ -387,7 +387,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
|
||||||
|
|
||||||
policyRepresentation.setCode(builder.toString());
|
policyRepresentation.setCode(builder.toString());
|
||||||
|
|
||||||
Policy policy = storeFactory.getPolicyStore().create(policyRepresentation, resourceServer);
|
Policy policy = storeFactory.getPolicyStore().create(resourceServer, policyRepresentation);
|
||||||
PolicyProvider provider = authorization.getProvider(policy.getType());
|
PolicyProvider provider = authorization.getProvider(policy.getType());
|
||||||
|
|
||||||
DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
|
DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
|
||||||
|
@ -434,7 +434,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
|
||||||
|
|
||||||
policyRepresentation.setCode(builder.toString());
|
policyRepresentation.setCode(builder.toString());
|
||||||
|
|
||||||
Policy policy = storeFactory.getPolicyStore().create(policyRepresentation, resourceServer);
|
Policy policy = storeFactory.getPolicyStore().create(resourceServer, policyRepresentation);
|
||||||
PolicyProvider provider = authorization.getProvider(policy.getType());
|
PolicyProvider provider = authorization.getProvider(policy.getType());
|
||||||
|
|
||||||
DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
|
DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
|
||||||
|
@ -482,7 +482,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
|
||||||
|
|
||||||
policyRepresentation.setCode(builder.toString());
|
policyRepresentation.setCode(builder.toString());
|
||||||
|
|
||||||
Policy policy = storeFactory.getPolicyStore().create(policyRepresentation, resourceServer);
|
Policy policy = storeFactory.getPolicyStore().create(resourceServer, policyRepresentation);
|
||||||
PolicyProvider provider = authorization.getProvider(policy.getType());
|
PolicyProvider provider = authorization.getProvider(policy.getType());
|
||||||
|
|
||||||
DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
|
DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
|
||||||
|
@ -514,7 +514,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
|
||||||
|
|
||||||
policyRepresentation.setCode(builder.toString());
|
policyRepresentation.setCode(builder.toString());
|
||||||
|
|
||||||
Policy policy = storeFactory.getPolicyStore().create(policyRepresentation, resourceServer);
|
Policy policy = storeFactory.getPolicyStore().create(resourceServer, policyRepresentation);
|
||||||
PolicyProvider provider = authorization.getProvider(policy.getType());
|
PolicyProvider provider = authorization.getProvider(policy.getType());
|
||||||
|
|
||||||
DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
|
DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
|
||||||
|
@ -546,7 +546,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
|
||||||
|
|
||||||
policyRepresentation.setCode(builder.toString());
|
policyRepresentation.setCode(builder.toString());
|
||||||
|
|
||||||
Policy policy = storeFactory.getPolicyStore().create(policyRepresentation, resourceServer);
|
Policy policy = storeFactory.getPolicyStore().create(resourceServer, policyRepresentation);
|
||||||
PolicyProvider provider = authorization.getProvider(policy.getType());
|
PolicyProvider provider = authorization.getProvider(policy.getType());
|
||||||
|
|
||||||
DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
|
DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
|
||||||
|
@ -584,7 +584,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
|
||||||
|
|
||||||
policyRepresentation.setCode(builder.toString());
|
policyRepresentation.setCode(builder.toString());
|
||||||
|
|
||||||
Policy policy = storeFactory.getPolicyStore().create(policyRepresentation, resourceServer);
|
Policy policy = storeFactory.getPolicyStore().create(resourceServer, policyRepresentation);
|
||||||
PolicyProvider provider = authorization.getProvider(policy.getType());
|
PolicyProvider provider = authorization.getProvider(policy.getType());
|
||||||
|
|
||||||
DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
|
DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
|
||||||
|
@ -617,9 +617,9 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
|
||||||
|
|
||||||
policyRepresentation.setCode(builder.toString());
|
policyRepresentation.setCode(builder.toString());
|
||||||
|
|
||||||
Policy policy = storeFactory.getPolicyStore().create(policyRepresentation, resourceServer);
|
Policy policy = storeFactory.getPolicyStore().create(resourceServer, policyRepresentation);
|
||||||
PolicyProvider provider = authorization.getProvider(policy.getType());
|
PolicyProvider provider = authorization.getProvider(policy.getType());
|
||||||
Resource resource = storeFactory.getResourceStore().create("testCheckResourceAttributesResource", resourceServer, resourceServer.getId());
|
Resource resource = storeFactory.getResourceStore().create(resourceServer, "testCheckResourceAttributesResource", resourceServer.getClientId());
|
||||||
|
|
||||||
resource.setAttribute("a1", Arrays.asList("1", "2"));
|
resource.setAttribute("a1", Arrays.asList("1", "2"));
|
||||||
resource.setAttribute("a2", Arrays.asList("3"));
|
resource.setAttribute("a2", Arrays.asList("3"));
|
||||||
|
@ -651,10 +651,10 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
|
||||||
|
|
||||||
policyRepresentation.setCode(builder.toString());
|
policyRepresentation.setCode(builder.toString());
|
||||||
|
|
||||||
Policy policy = storeFactory.getPolicyStore().create(policyRepresentation, resourceServer);
|
Policy policy = storeFactory.getPolicyStore().create(resourceServer, policyRepresentation);
|
||||||
|
|
||||||
Resource resource = storeFactory.getResourceStore().create("Resource A", resourceServer, resourceServer.getId());
|
Resource resource = storeFactory.getResourceStore().create(resourceServer, "Resource A", resourceServer.getClientId());
|
||||||
Scope scope = storeFactory.getScopeStore().create("Scope A", resourceServer);
|
Scope scope = storeFactory.getScopeStore().create(resourceServer, "Scope A");
|
||||||
|
|
||||||
resource.updateScopes(new HashSet<>(Arrays.asList(scope)));
|
resource.updateScopes(new HashSet<>(Arrays.asList(scope)));
|
||||||
|
|
||||||
|
@ -664,7 +664,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
|
||||||
permission.addPolicy(policy.getId());
|
permission.addPolicy(policy.getId());
|
||||||
permission.addResource(resource.getId());
|
permission.addResource(resource.getId());
|
||||||
|
|
||||||
storeFactory.getPolicyStore().create(permission, resourceServer);
|
storeFactory.getPolicyStore().create(resourceServer, permission);
|
||||||
|
|
||||||
session.getTransactionManager().commit();
|
session.getTransactionManager().commit();
|
||||||
|
|
||||||
|
@ -689,8 +689,8 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
|
||||||
StoreFactory storeFactory = authorization.getStoreFactory();
|
StoreFactory storeFactory = authorization.getStoreFactory();
|
||||||
ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
|
ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
|
||||||
|
|
||||||
Scope readScope = storeFactory.getScopeStore().create("read", resourceServer);
|
Scope readScope = storeFactory.getScopeStore().create(resourceServer, "read");
|
||||||
Scope writeScope = storeFactory.getScopeStore().create("write", resourceServer);
|
Scope writeScope = storeFactory.getScopeStore().create(resourceServer, "write");
|
||||||
|
|
||||||
JSPolicyRepresentation policy = new JSPolicyRepresentation();
|
JSPolicyRepresentation policy = new JSPolicyRepresentation();
|
||||||
|
|
||||||
|
@ -698,7 +698,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
|
||||||
policy.setCode("$evaluation.grant()");
|
policy.setCode("$evaluation.grant()");
|
||||||
policy.setLogic(Logic.NEGATIVE);
|
policy.setLogic(Logic.NEGATIVE);
|
||||||
|
|
||||||
storeFactory.getPolicyStore().create(policy, resourceServer);
|
storeFactory.getPolicyStore().create(resourceServer, policy);
|
||||||
|
|
||||||
ScopePermissionRepresentation readPermission = new ScopePermissionRepresentation();
|
ScopePermissionRepresentation readPermission = new ScopePermissionRepresentation();
|
||||||
|
|
||||||
|
@ -706,7 +706,7 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
|
||||||
readPermission.addScope(readScope.getId());
|
readPermission.addScope(readScope.getId());
|
||||||
readPermission.addPolicy(policy.getName());
|
readPermission.addPolicy(policy.getName());
|
||||||
|
|
||||||
storeFactory.getPolicyStore().create(readPermission, resourceServer);
|
storeFactory.getPolicyStore().create(resourceServer, readPermission);
|
||||||
|
|
||||||
ScopePermissionRepresentation writePermission = new ScopePermissionRepresentation();
|
ScopePermissionRepresentation writePermission = new ScopePermissionRepresentation();
|
||||||
|
|
||||||
|
@ -714,9 +714,9 @@ public class PolicyEvaluationTest extends AbstractAuthzTest {
|
||||||
writePermission.addScope(writeScope.getId());
|
writePermission.addScope(writeScope.getId());
|
||||||
writePermission.addPolicy(policy.getName());
|
writePermission.addPolicy(policy.getName());
|
||||||
|
|
||||||
storeFactory.getPolicyStore().create(writePermission, resourceServer);
|
storeFactory.getPolicyStore().create(resourceServer, writePermission);
|
||||||
|
|
||||||
Resource resource = storeFactory.getResourceStore().create(KeycloakModelUtils.generateId(), resourceServer, resourceServer.getId());
|
Resource resource = storeFactory.getResourceStore().create(resourceServer, KeycloakModelUtils.generateId(), resourceServer.getClientId());
|
||||||
|
|
||||||
PermissionEvaluator evaluator = authorization.evaluators().from(Arrays.asList(new ResourcePermission(resource, Arrays.asList(readScope, writeScope), resourceServer)), createEvaluationContext(session, Collections.emptyMap()));
|
PermissionEvaluator evaluator = authorization.evaluators().from(Arrays.asList(new ResourcePermission(resource, Arrays.asList(readScope, writeScope), resourceServer)), createEvaluationContext(session, Collections.emptyMap()));
|
||||||
Collection<Permission> permissions = evaluator.evaluate(resourceServer, null);
|
Collection<Permission> permissions = evaluator.evaluate(resourceServer, null);
|
||||||
|
|
|
@ -16,6 +16,7 @@ import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
|
||||||
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
|
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
import org.keycloak.authorization.model.ResourceServer;
|
||||||
|
|
||||||
@AuthServerContainerExclude(AuthServer.REMOTE)
|
@AuthServerContainerExclude(AuthServer.REMOTE)
|
||||||
public class UmaRepresentationTest extends AbstractResourceServerTest {
|
public class UmaRepresentationTest extends AbstractResourceServerTest {
|
||||||
|
@ -139,9 +140,10 @@ public class UmaRepresentationTest extends AbstractResourceServerTest {
|
||||||
AuthorizationBean authorizationBean = new AuthorizationBean(session, null, session.getContext().getUri());
|
AuthorizationBean authorizationBean = new AuthorizationBean(session, null, session.getContext().getUri());
|
||||||
ClientModel client = session.getContext().getRealm().getClientByClientId("resource-server-test");
|
ClientModel client = session.getContext().getRealm().getClientByClientId("resource-server-test");
|
||||||
UserModel user = session.userStorageManager().getUserByUsername(session.getContext().getRealm(), "marta");
|
UserModel user = session.userStorageManager().getUserByUsername(session.getContext().getRealm(), "marta");
|
||||||
|
ResourceServer resourceServer = authorization.getStoreFactory().getResourceServerStore().findByClient(client);
|
||||||
ResourceBean resourceBean = authorizationBean.new ResourceBean(
|
ResourceBean resourceBean = authorizationBean.new ResourceBean(
|
||||||
authorization.getStoreFactory().getResourceStore().findByName(
|
authorization.getStoreFactory().getResourceStore().findByName(
|
||||||
"Resource A", user.getId(), client.getId()
|
resourceServer, "Resource A", user.getId()
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -164,9 +166,10 @@ public class UmaRepresentationTest extends AbstractResourceServerTest {
|
||||||
|
|
||||||
AuthorizationBean authorizationBean = new AuthorizationBean(session, null, session.getContext().getUri());
|
AuthorizationBean authorizationBean = new AuthorizationBean(session, null, session.getContext().getUri());
|
||||||
ClientModel client = session.getContext().getRealm().getClientByClientId("resource-server-test");
|
ClientModel client = session.getContext().getRealm().getClientByClientId("resource-server-test");
|
||||||
|
ResourceServer resourceServer = authorization.getStoreFactory().getResourceServerStore().findByClient(client);
|
||||||
ResourceBean resourceBean = authorizationBean.new ResourceBean(
|
ResourceBean resourceBean = authorizationBean.new ResourceBean(
|
||||||
authorization.getStoreFactory().getResourceStore().findByName(
|
authorization.getStoreFactory().getResourceStore().findByName(
|
||||||
"Resource A", client.getId(), client.getId()
|
resourceServer, "Resource A", client.getId()
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
|
@ -41,6 +41,7 @@ import org.keycloak.authorization.client.resource.ProtectionResource;
|
||||||
import org.keycloak.authorization.client.util.HttpResponseException;
|
import org.keycloak.authorization.client.util.HttpResponseException;
|
||||||
import org.keycloak.authorization.model.Policy;
|
import org.keycloak.authorization.model.Policy;
|
||||||
import org.keycloak.authorization.model.Resource;
|
import org.keycloak.authorization.model.Resource;
|
||||||
|
import org.keycloak.authorization.model.ResourceServer;
|
||||||
import org.keycloak.common.Profile;
|
import org.keycloak.common.Profile;
|
||||||
import org.keycloak.models.ClientModel;
|
import org.keycloak.models.ClientModel;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
|
@ -916,13 +917,14 @@ public class UserManagedPermissionServiceTest extends AbstractResourceServerTest
|
||||||
ClientModel client = realm.getClientByClientId("resource-server-test");
|
ClientModel client = realm.getClientByClientId("resource-server-test");
|
||||||
AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
|
AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
|
||||||
UserModel user = session.users().getUserByUsername(realm, "marta");
|
UserModel user = session.users().getUserByUsername(realm, "marta");
|
||||||
|
ResourceServer resourceServer = provider.getStoreFactory().getResourceServerStore().findByClient(client);
|
||||||
Map<Policy.FilterOption, String[]> filters = new HashMap<>();
|
Map<Policy.FilterOption, String[]> filters = new HashMap<>();
|
||||||
|
|
||||||
filters.put(Policy.FilterOption.TYPE, new String[] {"uma"});
|
filters.put(Policy.FilterOption.TYPE, new String[] {"uma"});
|
||||||
filters.put(OWNER, new String[] {user.getId()});
|
filters.put(OWNER, new String[] {user.getId()});
|
||||||
|
|
||||||
List<Policy> policies = provider.getStoreFactory().getPolicyStore()
|
List<Policy> policies = provider.getStoreFactory().getPolicyStore()
|
||||||
.findByResourceServer(filters, client.getId(), -1, -1);
|
.findByResourceServer(resourceServer, filters, null, null);
|
||||||
assertEquals(1, policies.size());
|
assertEquals(1, policies.size());
|
||||||
|
|
||||||
Policy policy = policies.get(0);
|
Policy policy = policies.get(0);
|
||||||
|
@ -937,7 +939,7 @@ public class UserManagedPermissionServiceTest extends AbstractResourceServerTest
|
||||||
|
|
||||||
filters.put(OWNER, new String[] {user.getId()});
|
filters.put(OWNER, new String[] {user.getId()});
|
||||||
policies = provider.getStoreFactory().getPolicyStore()
|
policies = provider.getStoreFactory().getPolicyStore()
|
||||||
.findByResourceServer(filters, client.getId(), -1, -1);
|
.findByResourceServer(resourceServer, filters, null, null);
|
||||||
assertTrue(policies.isEmpty());
|
assertTrue(policies.isEmpty());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -969,13 +971,14 @@ public class UserManagedPermissionServiceTest extends AbstractResourceServerTest
|
||||||
ClientModel client = realm.getClientByClientId("resource-server-test");
|
ClientModel client = realm.getClientByClientId("resource-server-test");
|
||||||
AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
|
AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
|
||||||
UserModel user = session.users().getUserByUsername(realm, "marta");
|
UserModel user = session.users().getUserByUsername(realm, "marta");
|
||||||
|
ResourceServer resourceServer = provider.getStoreFactory().getResourceServerStore().findByClient(client);
|
||||||
Map<Policy.FilterOption, String[]> filters = new HashMap<>();
|
Map<Policy.FilterOption, String[]> filters = new HashMap<>();
|
||||||
|
|
||||||
filters.put(Policy.FilterOption.TYPE, new String[] {"uma"});
|
filters.put(Policy.FilterOption.TYPE, new String[] {"uma"});
|
||||||
filters.put(OWNER, new String[] {user.getId()});
|
filters.put(OWNER, new String[] {user.getId()});
|
||||||
|
|
||||||
List<Policy> policies = provider.getStoreFactory().getPolicyStore()
|
List<Policy> policies = provider.getStoreFactory().getPolicyStore()
|
||||||
.findByResourceServer(filters, client.getId(), -1, -1);
|
.findByResourceServer(resourceServer, filters, null, null);
|
||||||
assertEquals(1, policies.size());
|
assertEquals(1, policies.size());
|
||||||
|
|
||||||
Policy policy = policies.get(0);
|
Policy policy = policies.get(0);
|
||||||
|
@ -991,7 +994,7 @@ public class UserManagedPermissionServiceTest extends AbstractResourceServerTest
|
||||||
filters.put(OWNER, new String[] {user.getId()});
|
filters.put(OWNER, new String[] {user.getId()});
|
||||||
|
|
||||||
policies = provider.getStoreFactory().getPolicyStore()
|
policies = provider.getStoreFactory().getPolicyStore()
|
||||||
.findByResourceServer(filters, client.getId(), -1, -1);
|
.findByResourceServer(resourceServer, filters, null, null);
|
||||||
assertTrue(policies.isEmpty());
|
assertTrue(policies.isEmpty());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1023,13 +1026,14 @@ public class UserManagedPermissionServiceTest extends AbstractResourceServerTest
|
||||||
ClientModel client = realm.getClientByClientId("resource-server-test");
|
ClientModel client = realm.getClientByClientId("resource-server-test");
|
||||||
AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
|
AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
|
||||||
UserModel user = session.users().getUserByUsername(realm, "marta");
|
UserModel user = session.users().getUserByUsername(realm, "marta");
|
||||||
|
ResourceServer resourceServer = provider.getStoreFactory().getResourceServerStore().findByClient(client);
|
||||||
Map<Policy.FilterOption, String[]> filters = new HashMap<>();
|
Map<Policy.FilterOption, String[]> filters = new HashMap<>();
|
||||||
|
|
||||||
filters.put(Policy.FilterOption.TYPE, new String[] {"uma"});
|
filters.put(Policy.FilterOption.TYPE, new String[] {"uma"});
|
||||||
filters.put(OWNER, new String[] {user.getId()});
|
filters.put(OWNER, new String[] {user.getId()});
|
||||||
|
|
||||||
List<Policy> policies = provider.getStoreFactory().getPolicyStore()
|
List<Policy> policies = provider.getStoreFactory().getPolicyStore()
|
||||||
.findByResourceServer(filters, client.getId(), -1, -1);
|
.findByResourceServer(resourceServer, filters, null, null);
|
||||||
assertEquals(1, policies.size());
|
assertEquals(1, policies.size());
|
||||||
|
|
||||||
Policy policy = policies.get(0);
|
Policy policy = policies.get(0);
|
||||||
|
@ -1045,7 +1049,7 @@ public class UserManagedPermissionServiceTest extends AbstractResourceServerTest
|
||||||
filters.put(OWNER, new String[] {user.getId()});
|
filters.put(OWNER, new String[] {user.getId()});
|
||||||
|
|
||||||
policies = provider.getStoreFactory().getPolicyStore()
|
policies = provider.getStoreFactory().getPolicyStore()
|
||||||
.findByResourceServer(filters, client.getId(), -1, -1);
|
.findByResourceServer(resourceServer, filters, null, null);
|
||||||
assertTrue(policies.isEmpty());
|
assertTrue(policies.isEmpty());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -232,7 +232,7 @@ public class SocialLoginTest extends AbstractKeycloakTest {
|
||||||
AdminPermissionManagement management = AdminPermissions.management(session, realm);
|
AdminPermissionManagement management = AdminPermissions.management(session, realm);
|
||||||
management.users().setPermissionsEnabled(true);
|
management.users().setPermissionsEnabled(true);
|
||||||
ResourceServer server = management.realmResourceServer();
|
ResourceServer server = management.realmResourceServer();
|
||||||
Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(clientPolicyRep, server);
|
Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(server, clientPolicyRep);
|
||||||
management.users().adminImpersonatingPermission().addAssociatedPolicy(clientPolicy);
|
management.users().adminImpersonatingPermission().addAssociatedPolicy(clientPolicy);
|
||||||
management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
|
management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
|
||||||
realm.getIdentityProvidersStream().forEach(idp -> {
|
realm.getIdentityProvidersStream().forEach(idp -> {
|
||||||
|
|
|
@ -203,7 +203,7 @@ public class ClientTokenExchangeSAML2Test extends AbstractKeycloakTest {
|
||||||
assertNotNull(samlUnsignedAndUnencryptedTarget);
|
assertNotNull(samlUnsignedAndUnencryptedTarget);
|
||||||
|
|
||||||
ResourceServer server = management.realmResourceServer();
|
ResourceServer server = management.realmResourceServer();
|
||||||
Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(clientRep, server);
|
Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(server, clientRep);
|
||||||
management.clients().exchangeToPermission(samlSignedTarget).addAssociatedPolicy(clientPolicy);
|
management.clients().exchangeToPermission(samlSignedTarget).addAssociatedPolicy(clientPolicy);
|
||||||
management.clients().exchangeToPermission(samlEncryptedTarget).addAssociatedPolicy(clientPolicy);
|
management.clients().exchangeToPermission(samlEncryptedTarget).addAssociatedPolicy(clientPolicy);
|
||||||
management.clients().exchangeToPermission(samlSignedAndEncryptedTarget).addAssociatedPolicy(clientPolicy);
|
management.clients().exchangeToPermission(samlSignedAndEncryptedTarget).addAssociatedPolicy(clientPolicy);
|
||||||
|
@ -217,7 +217,7 @@ public class ClientTokenExchangeSAML2Test extends AbstractKeycloakTest {
|
||||||
clientImpersonateRep.addClient(directPublic.getId());
|
clientImpersonateRep.addClient(directPublic.getId());
|
||||||
clientImpersonateRep.addClient(directNoSecret.getId());
|
clientImpersonateRep.addClient(directNoSecret.getId());
|
||||||
server = management.realmResourceServer();
|
server = management.realmResourceServer();
|
||||||
Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(clientImpersonateRep, server);
|
Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(server, clientImpersonateRep);
|
||||||
management.users().setPermissionsEnabled(true);
|
management.users().setPermissionsEnabled(true);
|
||||||
management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy);
|
management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy);
|
||||||
management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
|
management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
|
||||||
|
@ -697,7 +697,7 @@ public class ClientTokenExchangeSAML2Test extends AbstractKeycloakTest {
|
||||||
clientImpersonateRep.addClient(directExchanger.getId());
|
clientImpersonateRep.addClient(directExchanger.getId());
|
||||||
|
|
||||||
ResourceServer server = management.realmResourceServer();
|
ResourceServer server = management.realmResourceServer();
|
||||||
Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(clientImpersonateRep, server);
|
Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(server, clientImpersonateRep);
|
||||||
management.users().setPermissionsEnabled(true);
|
management.users().setPermissionsEnabled(true);
|
||||||
management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy);
|
management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy);
|
||||||
management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
|
management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
|
||||||
|
|
|
@ -203,7 +203,7 @@ public class ClientTokenExchangeTest extends AbstractKeycloakTest {
|
||||||
clientRep.addClient(noRefreshToken.getId());
|
clientRep.addClient(noRefreshToken.getId());
|
||||||
|
|
||||||
ResourceServer server = management.realmResourceServer();
|
ResourceServer server = management.realmResourceServer();
|
||||||
Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(clientRep, server);
|
Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(server, clientRep);
|
||||||
management.clients().exchangeToPermission(target).addAssociatedPolicy(clientPolicy);
|
management.clients().exchangeToPermission(target).addAssociatedPolicy(clientPolicy);
|
||||||
|
|
||||||
// permission for user impersonation for a client
|
// permission for user impersonation for a client
|
||||||
|
@ -214,7 +214,7 @@ public class ClientTokenExchangeTest extends AbstractKeycloakTest {
|
||||||
clientImpersonateRep.addClient(directPublic.getId());
|
clientImpersonateRep.addClient(directPublic.getId());
|
||||||
clientImpersonateRep.addClient(directNoSecret.getId());
|
clientImpersonateRep.addClient(directNoSecret.getId());
|
||||||
server = management.realmResourceServer();
|
server = management.realmResourceServer();
|
||||||
Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(clientImpersonateRep, server);
|
Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(server, clientImpersonateRep);
|
||||||
management.users().setPermissionsEnabled(true);
|
management.users().setPermissionsEnabled(true);
|
||||||
management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy);
|
management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy);
|
||||||
management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
|
management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
|
||||||
|
@ -559,7 +559,7 @@ public class ClientTokenExchangeTest extends AbstractKeycloakTest {
|
||||||
clientImpersonateRep.addClient(directExchanger.getId());
|
clientImpersonateRep.addClient(directExchanger.getId());
|
||||||
|
|
||||||
ResourceServer server = management.realmResourceServer();
|
ResourceServer server = management.realmResourceServer();
|
||||||
Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(clientImpersonateRep, server);
|
Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(server, clientImpersonateRep);
|
||||||
management.users().setPermissionsEnabled(true);
|
management.users().setPermissionsEnabled(true);
|
||||||
management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy);
|
management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy);
|
||||||
management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
|
management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
|
||||||
|
|
Loading…
Reference in a new issue