From afa9471c7ce2dd3ed5fcfdec48f81c63f42a659f Mon Sep 17 00:00:00 2001 From: Pedro Igor Date: Tue, 28 Jun 2016 11:41:58 -0300 Subject: [PATCH] [KEYCLOAK-3128] - Admin Client Authorization Endpoints --- .../authorization/AbstractPolicyEnforcer.java | 2 +- .../authorization/PolicyEnforcer.java | 2 +- .../TokenIntrospectionResponse.java | 2 +- .../drools/DroolsPolicyAdminResource.java | 18 +- .../org/keycloak/AuthorizationContext.java | 2 +- .../keycloak/representations/AccessToken.java | 2 +- .../idm/authorization/DecisionStrategy.java | 42 +++ .../idm/authorization/Logic.java | 36 ++ .../{ => idm}/authorization/Permission.java | 25 +- .../authorization/PolicyEnforcementMode.java | 40 +++ .../PolicyProviderRepresentation.java | 10 +- .../authorization}/PolicyRepresentation.java | 13 +- .../ResourceOwnerRepresentation.java | 10 +- .../ResourceRepresentation.java | 9 +- .../ResourceServerRepresentation.java | 11 +- .../authorization}/ScopeRepresentation.java | 9 +- .../AuthorizationClientExample.java | 2 +- .../resource/AuthorizationResource.java | 61 ++++ .../admin/client/resource/ClientResource.java | 2 + .../client/resource/PoliciesResource.java | 56 +++ .../admin/client/resource/PolicyResource.java | 45 +++ .../client/resource/ResourceResource.java | 45 +++ .../resource/ResourceScopeResource.java | 46 +++ .../resource/ResourceScopesResource.java | 50 +++ .../client/resource/ResourcesResource.java | 49 +++ .../infinispan/CachedPolicyStore.java | 2 + .../infinispan/CachedResourceServerStore.java | 1 + .../infinispan/entities/CachedPolicy.java | 2 + .../entities/CachedResourceServer.java | 1 + .../jpa/entities/PolicyEntity.java | 2 + .../jpa/entities/ResourceServerEntity.java | 1 + .../mongo/adapter/PolicyAdapter.java | 18 + .../mongo/adapter/ResourceServerAdapter.java | 17 + .../mongo/entities/PolicyEntity.java | 4 +- .../mongo/entities/ResourceServerEntity.java | 2 +- .../keycloak/authorization/model/Policy.java | 41 +-- .../authorization/model/ResourceServer.java | 22 +- .../evaluation/DecisionResultCollector.java | 11 +- .../policy/evaluation/DefaultEvaluation.java | 2 +- .../evaluation/DefaultPolicyEvaluator.java | 2 +- .../models/utils/RepresentationToModel.java | 4 +- .../authorization/admin/PolicyService.java | 12 +- .../admin/ResourceServerService.java | 325 +++++++++--------- .../admin/ResourceSetService.java | 7 +- .../authorization/admin/ScopeService.java | 2 +- .../PolicyEvaluationResponse.java | 5 +- .../authorization/admin/util/Models.java | 10 +- .../AuthorizationTokenService.java | 12 +- .../entitlement/EntitlementService.java | 5 +- .../permission/AbstractPermissionService.java | 20 +- .../permission/PermissionService.java | 12 - .../permission/PermissionTicket.java | 2 +- .../protection/resource/ResourceService.java | 6 +- .../authorization/util/Permissions.java | 2 +- .../AbstractPhotozAdminTest.java | 12 +- .../authorization/ResourceManagementTest.java | 2 +- .../ResourcePermissionManagementTest.java | 7 +- .../authorization/ScopeManagementTest.java | 2 +- 58 files changed, 819 insertions(+), 345 deletions(-) create mode 100644 core/src/main/java/org/keycloak/representations/idm/authorization/DecisionStrategy.java create mode 100644 core/src/main/java/org/keycloak/representations/idm/authorization/Logic.java rename core/src/main/java/org/keycloak/representations/{ => idm}/authorization/Permission.java (64%) create mode 100644 core/src/main/java/org/keycloak/representations/idm/authorization/PolicyEnforcementMode.java rename {services/src/main/java/org/keycloak/authorization/admin/representation => core/src/main/java/org/keycloak/representations/idm/authorization}/PolicyProviderRepresentation.java (81%) rename {services/src/main/java/org/keycloak/authorization/admin/representation => core/src/main/java/org/keycloak/representations/idm/authorization}/PolicyRepresentation.java (88%) rename {services/src/main/java/org/keycloak/authorization/admin/representation => core/src/main/java/org/keycloak/representations/idm/authorization}/ResourceOwnerRepresentation.java (78%) rename {services/src/main/java/org/keycloak/authorization/admin/representation => core/src/main/java/org/keycloak/representations/idm/authorization}/ResourceRepresentation.java (94%) rename {services/src/main/java/org/keycloak/authorization/admin/representation => core/src/main/java/org/keycloak/representations/idm/authorization}/ResourceServerRepresentation.java (89%) rename {services/src/main/java/org/keycloak/authorization/admin/representation => core/src/main/java/org/keycloak/representations/idm/authorization}/ScopeRepresentation.java (91%) create mode 100644 integration/admin-client/src/main/java/org/keycloak/admin/client/resource/AuthorizationResource.java create mode 100644 integration/admin-client/src/main/java/org/keycloak/admin/client/resource/PoliciesResource.java create mode 100644 integration/admin-client/src/main/java/org/keycloak/admin/client/resource/PolicyResource.java create mode 100644 integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourceResource.java create mode 100644 integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourceScopeResource.java create mode 100644 integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourceScopesResource.java create mode 100644 integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourcesResource.java diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java index 3ae286fc21..6b1fe19fd8 100644 --- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java +++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java @@ -29,7 +29,7 @@ import org.keycloak.representations.AccessToken; import org.keycloak.representations.adapters.config.PolicyEnforcerConfig; import org.keycloak.representations.adapters.config.PolicyEnforcerConfig.EnforcementMode; import org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig; -import org.keycloak.representations.authorization.Permission; +import org.keycloak.representations.idm.authorization.Permission; import java.net.URI; import java.util.Collections; diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/PolicyEnforcer.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/PolicyEnforcer.java index d413327c59..5c2612449d 100644 --- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/PolicyEnforcer.java +++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/PolicyEnforcer.java @@ -30,7 +30,7 @@ import org.keycloak.authorization.client.resource.ProtectedResource; import org.keycloak.representations.adapters.config.AdapterConfig; import org.keycloak.representations.adapters.config.PolicyEnforcerConfig; import org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig; -import org.keycloak.representations.authorization.Permission; +import org.keycloak.representations.idm.authorization.Permission; import java.util.ArrayList; import java.util.HashSet; diff --git a/authz/client/src/main/java/org/keycloak/authorization/client/representation/TokenIntrospectionResponse.java b/authz/client/src/main/java/org/keycloak/authorization/client/representation/TokenIntrospectionResponse.java index 7eaccb4a2e..8fcc6f31e0 100644 --- a/authz/client/src/main/java/org/keycloak/authorization/client/representation/TokenIntrospectionResponse.java +++ b/authz/client/src/main/java/org/keycloak/authorization/client/representation/TokenIntrospectionResponse.java @@ -19,7 +19,7 @@ package org.keycloak.authorization.client.representation; import com.fasterxml.jackson.annotation.JsonProperty; import org.keycloak.representations.JsonWebToken; -import org.keycloak.representations.authorization.Permission; +import org.keycloak.representations.idm.authorization.Permission; import java.util.List; diff --git a/authz/policy/drools/src/main/java/org/keycloak/authorization/policy/provider/drools/DroolsPolicyAdminResource.java b/authz/policy/drools/src/main/java/org/keycloak/authorization/policy/provider/drools/DroolsPolicyAdminResource.java index 1ee1d34c6e..c6e570157e 100644 --- a/authz/policy/drools/src/main/java/org/keycloak/authorization/policy/provider/drools/DroolsPolicyAdminResource.java +++ b/authz/policy/drools/src/main/java/org/keycloak/authorization/policy/provider/drools/DroolsPolicyAdminResource.java @@ -1,9 +1,25 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.keycloak.authorization.policy.provider.drools; -import org.keycloak.authorization.admin.representation.PolicyRepresentation; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.policy.provider.PolicyProviderAdminService; +import org.keycloak.representations.idm.authorization.PolicyRepresentation; import org.kie.api.runtime.KieContainer; import javax.ws.rs.Consumes; diff --git a/core/src/main/java/org/keycloak/AuthorizationContext.java b/core/src/main/java/org/keycloak/AuthorizationContext.java index 4aa5503613..05bb97d7a3 100644 --- a/core/src/main/java/org/keycloak/AuthorizationContext.java +++ b/core/src/main/java/org/keycloak/AuthorizationContext.java @@ -19,7 +19,7 @@ package org.keycloak; import org.keycloak.representations.AccessToken; import org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig; -import org.keycloak.representations.authorization.Permission; +import org.keycloak.representations.idm.authorization.Permission; import java.util.List; diff --git a/core/src/main/java/org/keycloak/representations/AccessToken.java b/core/src/main/java/org/keycloak/representations/AccessToken.java index 7d7fdea4a2..4ef6831678 100755 --- a/core/src/main/java/org/keycloak/representations/AccessToken.java +++ b/core/src/main/java/org/keycloak/representations/AccessToken.java @@ -19,7 +19,7 @@ package org.keycloak.representations; import com.fasterxml.jackson.annotation.JsonIgnore; import com.fasterxml.jackson.annotation.JsonProperty; -import org.keycloak.representations.authorization.Permission; +import org.keycloak.representations.idm.authorization.Permission; import java.io.Serializable; import java.util.HashMap; diff --git a/core/src/main/java/org/keycloak/representations/idm/authorization/DecisionStrategy.java b/core/src/main/java/org/keycloak/representations/idm/authorization/DecisionStrategy.java new file mode 100644 index 0000000000..bd66bea40c --- /dev/null +++ b/core/src/main/java/org/keycloak/representations/idm/authorization/DecisionStrategy.java @@ -0,0 +1,42 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.representations.idm.authorization; + +/** + * The decision strategy dictates how the policies associated with a given policy are evaluated and how a final decision + * is obtained. + * + * @author Pedro Igor + */ +public enum DecisionStrategy { + + /** + * Defines that at least one policy must evaluate to a positive decision in order to the overall decision be also positive. + */ + AFFIRMATIVE, + + /** + * Defines that all policies must evaluate to a positive decision in order to the overall decision be also positive. + */ + UNANIMOUS, + + /** + * Defines that the number of positive decisions must be greater than the number of negative decisions. If the number of positive and negative is the same, + * the final decision will be negative. + */ + CONSENSUS +} diff --git a/core/src/main/java/org/keycloak/representations/idm/authorization/Logic.java b/core/src/main/java/org/keycloak/representations/idm/authorization/Logic.java new file mode 100644 index 0000000000..70c382e952 --- /dev/null +++ b/core/src/main/java/org/keycloak/representations/idm/authorization/Logic.java @@ -0,0 +1,36 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.representations.idm.authorization; + +/** + * The decision strategy dictates how the policies associated with a given policy are evaluated and how a final decision + * is obtained. + * + * @author Pedro Igor + */ +public enum Logic { + + /** + * Defines that this policy follows a positive logic. In other words, the final decision is the policy outcome. + */ + POSITIVE, + + /** + * Defines that this policy uses a logical negation. In other words, the final decision would be a negative of the policy outcome. + */ + NEGATIVE, +} diff --git a/core/src/main/java/org/keycloak/representations/authorization/Permission.java b/core/src/main/java/org/keycloak/representations/idm/authorization/Permission.java similarity index 64% rename from core/src/main/java/org/keycloak/representations/authorization/Permission.java rename to core/src/main/java/org/keycloak/representations/idm/authorization/Permission.java index 1daba2009f..47c26cf57c 100644 --- a/core/src/main/java/org/keycloak/representations/authorization/Permission.java +++ b/core/src/main/java/org/keycloak/representations/idm/authorization/Permission.java @@ -1,21 +1,20 @@ /* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * http://www.apache.org/licenses/LICENSE-2.0 * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ -package org.keycloak.representations.authorization; +package org.keycloak.representations.idm.authorization; import com.fasterxml.jackson.annotation.JsonProperty; diff --git a/core/src/main/java/org/keycloak/representations/idm/authorization/PolicyEnforcementMode.java b/core/src/main/java/org/keycloak/representations/idm/authorization/PolicyEnforcementMode.java new file mode 100644 index 0000000000..4d1eef67ed --- /dev/null +++ b/core/src/main/java/org/keycloak/representations/idm/authorization/PolicyEnforcementMode.java @@ -0,0 +1,40 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.representations.idm.authorization; + +/** + * The policy enforcement mode dictates how authorization requests are handled by the server. + * + * @author Pedro Igor + */ +public enum PolicyEnforcementMode { + + /** + * Requests are denied by default even when there is no policy associated with a given resource. + */ + ENFORCING, + + /** + * Requests are allowed even when there is no policy associated with a given resource. + */ + PERMISSIVE, + + /** + * Completely disables the evaluation of policies and allow access to any resource. + */ + DISABLED +} diff --git a/services/src/main/java/org/keycloak/authorization/admin/representation/PolicyProviderRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/authorization/PolicyProviderRepresentation.java similarity index 81% rename from services/src/main/java/org/keycloak/authorization/admin/representation/PolicyProviderRepresentation.java rename to core/src/main/java/org/keycloak/representations/idm/authorization/PolicyProviderRepresentation.java index add09b0c35..88cb0dd584 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/representation/PolicyProviderRepresentation.java +++ b/core/src/main/java/org/keycloak/representations/idm/authorization/PolicyProviderRepresentation.java @@ -1,13 +1,12 @@ /* - * JBoss, Home of Professional Open Source. - * Copyright 2016 Red Hat, Inc., and individual contributors - * as indicated by the @author tags. + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -15,8 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - -package org.keycloak.authorization.admin.representation; +package org.keycloak.representations.idm.authorization; /** * @author Pedro Igor diff --git a/services/src/main/java/org/keycloak/authorization/admin/representation/PolicyRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/authorization/PolicyRepresentation.java similarity index 88% rename from services/src/main/java/org/keycloak/authorization/admin/representation/PolicyRepresentation.java rename to core/src/main/java/org/keycloak/representations/idm/authorization/PolicyRepresentation.java index a3c302b255..dde36356f0 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/representation/PolicyRepresentation.java +++ b/core/src/main/java/org/keycloak/representations/idm/authorization/PolicyRepresentation.java @@ -1,13 +1,12 @@ /* - * JBoss, Home of Professional Open Source. - * Copyright 2016 Red Hat, Inc., and individual contributors - * as indicated by the @author tags. + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -15,11 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - -package org.keycloak.authorization.admin.representation; - -import org.keycloak.authorization.model.Policy.DecisionStrategy; -import org.keycloak.authorization.model.Policy.Logic; +package org.keycloak.representations.idm.authorization; import java.util.HashMap; import java.util.List; diff --git a/services/src/main/java/org/keycloak/authorization/admin/representation/ResourceOwnerRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/authorization/ResourceOwnerRepresentation.java similarity index 78% rename from services/src/main/java/org/keycloak/authorization/admin/representation/ResourceOwnerRepresentation.java rename to core/src/main/java/org/keycloak/representations/idm/authorization/ResourceOwnerRepresentation.java index 498ab9f02d..c058b9d112 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/representation/ResourceOwnerRepresentation.java +++ b/core/src/main/java/org/keycloak/representations/idm/authorization/ResourceOwnerRepresentation.java @@ -1,13 +1,12 @@ /* - * JBoss, Home of Professional Open Source. - * Copyright 2016 Red Hat, Inc., and individual contributors - * as indicated by the @author tags. + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -15,8 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - -package org.keycloak.authorization.admin.representation; +package org.keycloak.representations.idm.authorization; /** * @author Pedro Igor diff --git a/services/src/main/java/org/keycloak/authorization/admin/representation/ResourceRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/authorization/ResourceRepresentation.java similarity index 94% rename from services/src/main/java/org/keycloak/authorization/admin/representation/ResourceRepresentation.java rename to core/src/main/java/org/keycloak/representations/idm/authorization/ResourceRepresentation.java index b56248b020..6ccac3372a 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/representation/ResourceRepresentation.java +++ b/core/src/main/java/org/keycloak/representations/idm/authorization/ResourceRepresentation.java @@ -1,13 +1,12 @@ /* - * JBoss, Home of Professional Open Source. - * Copyright 2016 Red Hat, Inc., and individual contributors - * as indicated by the @author tags. + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -15,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.keycloak.authorization.admin.representation; +package org.keycloak.representations.idm.authorization; import com.fasterxml.jackson.annotation.JsonProperty; diff --git a/services/src/main/java/org/keycloak/authorization/admin/representation/ResourceServerRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/authorization/ResourceServerRepresentation.java similarity index 89% rename from services/src/main/java/org/keycloak/authorization/admin/representation/ResourceServerRepresentation.java rename to core/src/main/java/org/keycloak/representations/idm/authorization/ResourceServerRepresentation.java index 4549ef57c3..230cf76c47 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/representation/ResourceServerRepresentation.java +++ b/core/src/main/java/org/keycloak/representations/idm/authorization/ResourceServerRepresentation.java @@ -1,13 +1,12 @@ /* - * JBoss, Home of Professional Open Source. - * Copyright 2016 Red Hat, Inc., and individual contributors - * as indicated by the @author tags. + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -15,9 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.keycloak.authorization.admin.representation; - -import org.keycloak.authorization.model.ResourceServer.PolicyEnforcementMode; +package org.keycloak.representations.idm.authorization; import java.util.List; diff --git a/services/src/main/java/org/keycloak/authorization/admin/representation/ScopeRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/authorization/ScopeRepresentation.java similarity index 91% rename from services/src/main/java/org/keycloak/authorization/admin/representation/ScopeRepresentation.java rename to core/src/main/java/org/keycloak/representations/idm/authorization/ScopeRepresentation.java index 74efa7a1d7..39aa9c7bc2 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/representation/ScopeRepresentation.java +++ b/core/src/main/java/org/keycloak/representations/idm/authorization/ScopeRepresentation.java @@ -1,13 +1,12 @@ /* - * JBoss, Home of Professional Open Source. - * Copyright 2016 Red Hat, Inc., and individual contributors - * as indicated by the @author tags. + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -15,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.keycloak.authorization.admin.representation; +package org.keycloak.representations.idm.authorization; import java.net.URI; import java.util.List; diff --git a/examples/authz/hello-world/src/main/java/org/keycloak/authz/helloworld/AuthorizationClientExample.java b/examples/authz/hello-world/src/main/java/org/keycloak/authz/helloworld/AuthorizationClientExample.java index 2ab8788694..887a461057 100644 --- a/examples/authz/hello-world/src/main/java/org/keycloak/authz/helloworld/AuthorizationClientExample.java +++ b/examples/authz/hello-world/src/main/java/org/keycloak/authz/helloworld/AuthorizationClientExample.java @@ -26,7 +26,7 @@ import org.keycloak.authorization.client.representation.ResourceRepresentation; import org.keycloak.authorization.client.representation.ScopeRepresentation; import org.keycloak.authorization.client.representation.TokenIntrospectionResponse; import org.keycloak.authorization.client.resource.ProtectedResource; -import org.keycloak.representations.authorization.Permission; +import org.keycloak.representations.idm.authorization.Permission; import java.util.Set; diff --git a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/AuthorizationResource.java b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/AuthorizationResource.java new file mode 100644 index 0000000000..07276eca02 --- /dev/null +++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/AuthorizationResource.java @@ -0,0 +1,61 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.admin.client.resource; + +import org.keycloak.representations.idm.authorization.ResourceServerRepresentation; + +import javax.ws.rs.Consumes; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.PUT; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; + +/** + * @author Pedro Igor + */ +public interface AuthorizationResource { + + @PUT + @Consumes(MediaType.APPLICATION_JSON) + @Produces(MediaType.APPLICATION_JSON) + void update(ResourceServerRepresentation server); + + @GET + @Produces(MediaType.APPLICATION_JSON) + ResourceServerRepresentation getSettings(); + + @Path("/import") + @POST + @Consumes(MediaType.APPLICATION_JSON) + void importSettings(ResourceServerRepresentation server); + + @Path("/settings") + @GET + @Produces(MediaType.APPLICATION_JSON) + ResourceServerRepresentation exportSettings(); + + @Path("/resource") + ResourcesResource resources(); + + @Path("/scope") + ResourceScopesResource scopes(); + + @Path("/policy") + PoliciesResource policies(); +} diff --git a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ClientResource.java b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ClientResource.java index ca1745d05c..fb9640b646 100755 --- a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ClientResource.java +++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ClientResource.java @@ -142,4 +142,6 @@ public interface ClientResource { @Produces(MediaType.APPLICATION_JSON) GlobalRequestResult testNodesAvailable(); + @Path("/authz/resource-server") + AuthorizationResource authorization(); } \ No newline at end of file diff --git a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/PoliciesResource.java b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/PoliciesResource.java new file mode 100644 index 0000000000..fd5d43a9ca --- /dev/null +++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/PoliciesResource.java @@ -0,0 +1,56 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.admin.client.resource; + +import org.jboss.resteasy.annotations.cache.NoCache; +import org.keycloak.representations.idm.authorization.PolicyProviderRepresentation; +import org.keycloak.representations.idm.authorization.PolicyRepresentation; + +import javax.ws.rs.Consumes; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; +import java.util.List; + +/** + * @author Pedro Igor + */ +public interface PoliciesResource { + + @POST + @Consumes(MediaType.APPLICATION_JSON) + @Produces(MediaType.APPLICATION_JSON) + Response create(PolicyRepresentation representation); + + @Path("{id}") + PolicyResource policy(@PathParam("id") String id); + + @GET + @Produces(MediaType.APPLICATION_JSON) + @NoCache + List policies(); + + @Path("providers") + @GET + @Produces(MediaType.APPLICATION_JSON) + @NoCache + List policyProviders(); +} diff --git a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/PolicyResource.java b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/PolicyResource.java new file mode 100644 index 0000000000..9a450452b5 --- /dev/null +++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/PolicyResource.java @@ -0,0 +1,45 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.admin.client.resource; + +import org.jboss.resteasy.annotations.cache.NoCache; +import org.keycloak.representations.idm.authorization.PolicyRepresentation; + +import javax.ws.rs.Consumes; +import javax.ws.rs.DELETE; +import javax.ws.rs.GET; +import javax.ws.rs.PUT; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; + +/** + * @author Pedro Igor + */ +public interface PolicyResource { + + @GET + @Produces(MediaType.APPLICATION_JSON) + @NoCache + PolicyRepresentation toRepresentation(); + + @PUT + @Consumes(MediaType.APPLICATION_JSON) + void update(PolicyRepresentation representation); + + @DELETE + void remove(); +} diff --git a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourceResource.java b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourceResource.java new file mode 100644 index 0000000000..834cb0602e --- /dev/null +++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourceResource.java @@ -0,0 +1,45 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.admin.client.resource; + +import org.jboss.resteasy.annotations.cache.NoCache; +import org.keycloak.representations.idm.authorization.ResourceRepresentation; + +import javax.ws.rs.Consumes; +import javax.ws.rs.DELETE; +import javax.ws.rs.GET; +import javax.ws.rs.PUT; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; + +/** + * @author Pedro Igor + */ +public interface ResourceResource { + + @GET + @Produces(MediaType.APPLICATION_JSON) + @NoCache + ResourceRepresentation toRepresentation(); + + @PUT + @Consumes(MediaType.APPLICATION_JSON) + void update(ResourceRepresentation resource); + + @DELETE + void remove(); +} diff --git a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourceScopeResource.java b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourceScopeResource.java new file mode 100644 index 0000000000..4a0ad8e9fa --- /dev/null +++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourceScopeResource.java @@ -0,0 +1,46 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.admin.client.resource; + +import org.jboss.resteasy.annotations.cache.NoCache; +import org.keycloak.representations.idm.authorization.ResourceRepresentation; +import org.keycloak.representations.idm.authorization.ScopeRepresentation; + +import javax.ws.rs.Consumes; +import javax.ws.rs.DELETE; +import javax.ws.rs.GET; +import javax.ws.rs.PUT; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; + +/** + * @author Pedro Igor + */ +public interface ResourceScopeResource { + + @GET + @Produces(MediaType.APPLICATION_JSON) + @NoCache + ScopeRepresentation toRepresentation(); + + @PUT + @Consumes(MediaType.APPLICATION_JSON) + void update(ScopeRepresentation scope); + + @DELETE + void remove(); +} diff --git a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourceScopesResource.java b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourceScopesResource.java new file mode 100644 index 0000000000..88f5c74843 --- /dev/null +++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourceScopesResource.java @@ -0,0 +1,50 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.admin.client.resource; + +import org.jboss.resteasy.annotations.cache.NoCache; +import org.keycloak.representations.idm.authorization.ResourceRepresentation; +import org.keycloak.representations.idm.authorization.ScopeRepresentation; + +import javax.ws.rs.Consumes; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; +import java.util.List; + +/** + * @author Pedro Igor + */ +public interface ResourceScopesResource { + + @POST + @Consumes(MediaType.APPLICATION_JSON) + @Produces(MediaType.APPLICATION_JSON) + Response create(ScopeRepresentation scope); + + @Path("{id}") + ResourceScopeResource scope(@PathParam("id") String id); + + @GET + @NoCache + @Produces(MediaType.APPLICATION_JSON) + List scopes(); +} diff --git a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourcesResource.java b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourcesResource.java new file mode 100644 index 0000000000..1aaaa2352c --- /dev/null +++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourcesResource.java @@ -0,0 +1,49 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.admin.client.resource; + +import org.jboss.resteasy.annotations.cache.NoCache; +import org.keycloak.representations.idm.authorization.ResourceRepresentation; + +import javax.ws.rs.Consumes; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; +import java.util.List; + +/** + * @author Pedro Igor + */ +public interface ResourcesResource { + + @POST + @Consumes(MediaType.APPLICATION_JSON) + @Produces(MediaType.APPLICATION_JSON) + Response create(ResourceRepresentation resource); + + @Path("{id}") + ResourceResource resource(@PathParam("id") String id); + + @GET + @NoCache + @Produces(MediaType.APPLICATION_JSON) + List resources(); +} diff --git a/model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/CachedPolicyStore.java b/model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/CachedPolicyStore.java index f1855d334e..5178afc2f4 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/CachedPolicyStore.java +++ b/model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/CachedPolicyStore.java @@ -30,6 +30,8 @@ import org.keycloak.models.KeycloakSession; import org.keycloak.models.authorization.infinispan.InfinispanStoreFactoryProvider.CacheTransaction; import org.keycloak.models.authorization.infinispan.entities.CachedPolicy; import org.keycloak.models.entities.AbstractIdentifiableEntity; +import org.keycloak.representations.idm.authorization.DecisionStrategy; +import org.keycloak.representations.idm.authorization.Logic; import java.util.ArrayList; import java.util.HashSet; diff --git a/model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/CachedResourceServerStore.java b/model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/CachedResourceServerStore.java index 5779ae1bda..e03f3a7fdb 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/CachedResourceServerStore.java +++ b/model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/CachedResourceServerStore.java @@ -26,6 +26,7 @@ import org.keycloak.connections.infinispan.InfinispanConnectionProvider; import org.keycloak.models.KeycloakSession; import org.keycloak.models.authorization.infinispan.InfinispanStoreFactoryProvider.CacheTransaction; import org.keycloak.models.authorization.infinispan.entities.CachedResourceServer; +import org.keycloak.representations.idm.authorization.PolicyEnforcementMode; import java.util.ArrayList; import java.util.List; diff --git a/model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/entities/CachedPolicy.java b/model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/entities/CachedPolicy.java index 6c6230bfc3..fd2b48820c 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/entities/CachedPolicy.java +++ b/model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/entities/CachedPolicy.java @@ -23,6 +23,8 @@ import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.Scope; import org.keycloak.models.entities.AbstractIdentifiableEntity; +import org.keycloak.representations.idm.authorization.DecisionStrategy; +import org.keycloak.representations.idm.authorization.Logic; import java.util.HashMap; import java.util.Map; diff --git a/model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/entities/CachedResourceServer.java b/model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/entities/CachedResourceServer.java index fe595108f2..08a425a90c 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/entities/CachedResourceServer.java +++ b/model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/entities/CachedResourceServer.java @@ -19,6 +19,7 @@ package org.keycloak.models.authorization.infinispan.entities; import org.keycloak.authorization.model.ResourceServer; +import org.keycloak.representations.idm.authorization.PolicyEnforcementMode; /** * @author Pedro Igor diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/PolicyEntity.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/PolicyEntity.java index ddaf6371fa..a5a6b279da 100644 --- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/PolicyEntity.java +++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/PolicyEntity.java @@ -22,6 +22,8 @@ import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.Scope; import org.keycloak.models.entities.AbstractIdentifiableEntity; +import org.keycloak.representations.idm.authorization.DecisionStrategy; +import org.keycloak.representations.idm.authorization.Logic; import javax.persistence.Access; import javax.persistence.AccessType; diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/ResourceServerEntity.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/ResourceServerEntity.java index b74b231067..a0be18ae02 100644 --- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/ResourceServerEntity.java +++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/ResourceServerEntity.java @@ -19,6 +19,7 @@ package org.keycloak.authorization.jpa.entities; import org.keycloak.authorization.model.ResourceServer; +import org.keycloak.representations.idm.authorization.PolicyEnforcementMode; import javax.persistence.Access; import javax.persistence.AccessType; diff --git a/model/mongo/src/main/java/org/keycloak/authorization/mongo/adapter/PolicyAdapter.java b/model/mongo/src/main/java/org/keycloak/authorization/mongo/adapter/PolicyAdapter.java index 38cb87bf4e..2b28f16463 100644 --- a/model/mongo/src/main/java/org/keycloak/authorization/mongo/adapter/PolicyAdapter.java +++ b/model/mongo/src/main/java/org/keycloak/authorization/mongo/adapter/PolicyAdapter.java @@ -1,3 +1,19 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.keycloak.authorization.mongo.adapter; import org.keycloak.authorization.AuthorizationProvider; @@ -8,6 +24,8 @@ import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.mongo.entities.PolicyEntity; import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext; import org.keycloak.models.mongo.keycloak.adapters.AbstractMongoAdapter; +import org.keycloak.representations.idm.authorization.DecisionStrategy; +import org.keycloak.representations.idm.authorization.Logic; import java.util.Map; import java.util.Set; diff --git a/model/mongo/src/main/java/org/keycloak/authorization/mongo/adapter/ResourceServerAdapter.java b/model/mongo/src/main/java/org/keycloak/authorization/mongo/adapter/ResourceServerAdapter.java index 72feedb82a..1bfbf3f8db 100644 --- a/model/mongo/src/main/java/org/keycloak/authorization/mongo/adapter/ResourceServerAdapter.java +++ b/model/mongo/src/main/java/org/keycloak/authorization/mongo/adapter/ResourceServerAdapter.java @@ -1,9 +1,26 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.keycloak.authorization.mongo.adapter; import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.mongo.entities.ResourceServerEntity; import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext; import org.keycloak.models.mongo.keycloak.adapters.AbstractMongoAdapter; +import org.keycloak.representations.idm.authorization.PolicyEnforcementMode; /** * @author Pedro Igor diff --git a/model/mongo/src/main/java/org/keycloak/authorization/mongo/entities/PolicyEntity.java b/model/mongo/src/main/java/org/keycloak/authorization/mongo/entities/PolicyEntity.java index 9230b88a14..c489542c38 100644 --- a/model/mongo/src/main/java/org/keycloak/authorization/mongo/entities/PolicyEntity.java +++ b/model/mongo/src/main/java/org/keycloak/authorization/mongo/entities/PolicyEntity.java @@ -18,12 +18,12 @@ package org.keycloak.authorization.mongo.entities; -import org.keycloak.authorization.model.Policy.DecisionStrategy; -import org.keycloak.authorization.model.Policy.Logic; import org.keycloak.connections.mongo.api.MongoCollection; import org.keycloak.connections.mongo.api.MongoIdentifiableEntity; import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext; import org.keycloak.models.entities.AbstractIdentifiableEntity; +import org.keycloak.representations.idm.authorization.DecisionStrategy; +import org.keycloak.representations.idm.authorization.Logic; import java.util.HashMap; import java.util.HashSet; diff --git a/model/mongo/src/main/java/org/keycloak/authorization/mongo/entities/ResourceServerEntity.java b/model/mongo/src/main/java/org/keycloak/authorization/mongo/entities/ResourceServerEntity.java index 7013e1bfef..8167c4286a 100644 --- a/model/mongo/src/main/java/org/keycloak/authorization/mongo/entities/ResourceServerEntity.java +++ b/model/mongo/src/main/java/org/keycloak/authorization/mongo/entities/ResourceServerEntity.java @@ -18,11 +18,11 @@ package org.keycloak.authorization.mongo.entities; -import org.keycloak.authorization.model.ResourceServer.PolicyEnforcementMode; import org.keycloak.connections.mongo.api.MongoCollection; import org.keycloak.connections.mongo.api.MongoIdentifiableEntity; import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext; import org.keycloak.models.entities.AbstractIdentifiableEntity; +import org.keycloak.representations.idm.authorization.PolicyEnforcementMode; /** * @author Pedro Igor diff --git a/server-spi/src/main/java/org/keycloak/authorization/model/Policy.java b/server-spi/src/main/java/org/keycloak/authorization/model/Policy.java index 1960d6abb4..03596d948c 100644 --- a/server-spi/src/main/java/org/keycloak/authorization/model/Policy.java +++ b/server-spi/src/main/java/org/keycloak/authorization/model/Policy.java @@ -18,6 +18,9 @@ package org.keycloak.authorization.model; +import org.keycloak.representations.idm.authorization.DecisionStrategy; +import org.keycloak.representations.idm.authorization.Logic; + import java.util.Map; import java.util.Set; @@ -152,42 +155,4 @@ public interface Policy { void addResource(Resource resource); void removeResource(Resource resource); - - /** - * The decision strategy dictates how the policies associated with a given policy are evaluated and how a final decision - * is obtained. - */ - enum DecisionStrategy { - /** - * Defines that at least one policy must evaluate to a positive decision in order to the overall decision be also positive. - */ - AFFIRMATIVE, - - /** - * Defines that all policies must evaluate to a positive decision in order to the overall decision be also positive. - */ - UNANIMOUS, - - /** - * Defines that the number of positive decisions must be greater than the number of negative decisions. If the number of positive and negative is the same, - * the final decision will be negative. - */ - CONSENSUS - } - - /** - * The decision strategy dictates how the policies associated with a given policy are evaluated and how a final decision - * is obtained. - */ - enum Logic { - /** - * Defines that this policy follows a positive logic. In other words, the final decision is the policy outcome. - */ - POSITIVE, - - /** - * Defines that this policy uses a logical negation. In other words, the final decision would be a negative of the policy outcome. - */ - NEGATIVE, - } } diff --git a/server-spi/src/main/java/org/keycloak/authorization/model/ResourceServer.java b/server-spi/src/main/java/org/keycloak/authorization/model/ResourceServer.java index 2424c8d22e..d5b9ac46ab 100644 --- a/server-spi/src/main/java/org/keycloak/authorization/model/ResourceServer.java +++ b/server-spi/src/main/java/org/keycloak/authorization/model/ResourceServer.java @@ -18,6 +18,8 @@ package org.keycloak.authorization.model; +import org.keycloak.representations.idm.authorization.PolicyEnforcementMode; + /** * Represents a resource server, whose resources are managed and protected. A resource server is basically an existing * client application in Keycloak that will also act as a resource server. @@ -68,24 +70,4 @@ public interface ResourceServer { * @param enforcementMode one of the available options in {@code PolicyEnforcementMode} */ void setPolicyEnforcementMode(PolicyEnforcementMode enforcementMode); - - /** - * The policy enforcement mode dictates how authorization requests are handled by the server. - */ - enum PolicyEnforcementMode { - /** - * Requests are denied by default even when there is no policy associated with a given resource. - */ - ENFORCING, - - /** - * Requests are allowed even when there is no policy associated with a given resource. - */ - PERMISSIVE, - - /** - * Completely disables the evaluation of policies and allow access to any resource. - */ - DISABLED - } } diff --git a/server-spi/src/main/java/org/keycloak/authorization/policy/evaluation/DecisionResultCollector.java b/server-spi/src/main/java/org/keycloak/authorization/policy/evaluation/DecisionResultCollector.java index f06eb3f4f2..abd3f935ce 100644 --- a/server-spi/src/main/java/org/keycloak/authorization/policy/evaluation/DecisionResultCollector.java +++ b/server-spi/src/main/java/org/keycloak/authorization/policy/evaluation/DecisionResultCollector.java @@ -21,6 +21,7 @@ package org.keycloak.authorization.policy.evaluation; import org.keycloak.authorization.Decision; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.permission.ResourcePermission; +import org.keycloak.representations.idm.authorization.DecisionStrategy; import java.util.HashMap; import java.util.List; @@ -81,17 +82,17 @@ public abstract class DecisionResultCollector implements Decision 0) { + if (DecisionStrategy.AFFIRMATIVE.equals(decisionStrategy) && grantCount > 0) { return true; - } else if (Policy.DecisionStrategy.UNANIMOUS.equals(decisionStrategy) && denyCount == 0) { + } else if (DecisionStrategy.UNANIMOUS.equals(decisionStrategy) && denyCount == 0) { return true; - } else if (Policy.DecisionStrategy.CONSENSUS.equals(decisionStrategy)) { + } else if (DecisionStrategy.CONSENSUS.equals(decisionStrategy)) { if (grantCount > denyCount) { return true; } diff --git a/server-spi/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultEvaluation.java b/server-spi/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultEvaluation.java index df379af30e..0bd5b6cab6 100644 --- a/server-spi/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultEvaluation.java +++ b/server-spi/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultEvaluation.java @@ -21,8 +21,8 @@ package org.keycloak.authorization.policy.evaluation; import org.keycloak.authorization.Decision; import org.keycloak.authorization.Decision.Effect; import org.keycloak.authorization.model.Policy; -import org.keycloak.authorization.model.Policy.Logic; import org.keycloak.authorization.permission.ResourcePermission; +import org.keycloak.representations.idm.authorization.Logic; /** * @author Pedro Igor diff --git a/server-spi/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultPolicyEvaluator.java b/server-spi/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultPolicyEvaluator.java index 8b12558a67..e2ef2f96d1 100644 --- a/server-spi/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultPolicyEvaluator.java +++ b/server-spi/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultPolicyEvaluator.java @@ -23,13 +23,13 @@ import org.keycloak.authorization.Decision; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.ResourceServer; -import org.keycloak.authorization.model.ResourceServer.PolicyEnforcementMode; import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.permission.ResourcePermission; import org.keycloak.authorization.policy.provider.PolicyProvider; import org.keycloak.authorization.policy.provider.PolicyProviderFactory; import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.StoreFactory; +import org.keycloak.representations.idm.authorization.PolicyEnforcementMode; import java.util.HashMap; import java.util.List; diff --git a/server-spi/src/main/java/org/keycloak/models/utils/RepresentationToModel.java b/server-spi/src/main/java/org/keycloak/models/utils/RepresentationToModel.java index 0bec4629d6..2516105d95 100755 --- a/server-spi/src/main/java/org/keycloak/models/utils/RepresentationToModel.java +++ b/server-spi/src/main/java/org/keycloak/models/utils/RepresentationToModel.java @@ -78,13 +78,13 @@ import org.keycloak.representations.idm.UserConsentRepresentation; import org.keycloak.representations.idm.UserFederationMapperRepresentation; import org.keycloak.representations.idm.UserFederationProviderRepresentation; import org.keycloak.representations.idm.UserRepresentation; +import org.keycloak.representations.idm.authorization.PolicyEnforcementMode; import java.io.IOException; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; import java.util.HashSet; -import java.util.Iterator; import java.util.LinkedList; import java.util.List; import java.util.Map; @@ -1002,7 +1002,7 @@ public class RepresentationToModel { ResourceServer resourceServer = resourceServerStore.create(client.getId()); resourceServer.setAllowRemoteResourceManagement(true); - resourceServer.setPolicyEnforcementMode(ResourceServer.PolicyEnforcementMode.ENFORCING); + resourceServer.setPolicyEnforcementMode(PolicyEnforcementMode.ENFORCING); } return client; diff --git a/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java b/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java index c34893fcb7..1b54d56a21 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java @@ -18,10 +18,9 @@ package org.keycloak.authorization.admin; import com.fasterxml.jackson.databind.ObjectMapper; +import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.keycloak.authorization.AuthorizationProvider; -import org.keycloak.authorization.admin.representation.PolicyProviderRepresentation; -import org.keycloak.authorization.admin.representation.PolicyRepresentation; import org.keycloak.authorization.admin.util.Models; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Resource; @@ -31,6 +30,8 @@ import org.keycloak.authorization.policy.provider.PolicyProviderAdminService; import org.keycloak.authorization.policy.provider.PolicyProviderFactory; import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.StoreFactory; +import org.keycloak.representations.idm.authorization.PolicyProviderRepresentation; +import org.keycloak.representations.idm.authorization.PolicyRepresentation; import org.keycloak.services.resources.admin.RealmAuth; import javax.ws.rs.Consumes; @@ -67,6 +68,7 @@ public class PolicyService { @POST @Consumes("application/json") @Produces("application/json") + @NoCache public Response create(PolicyRepresentation representation) { this.auth.requireManage(); Policy policy = Models.toModel(representation, this.resourceServer, authorization); @@ -94,6 +96,7 @@ public class PolicyService { @PUT @Consumes("application/json") @Produces("application/json") + @NoCache public Response update(@PathParam("id") String id, PolicyRepresentation representation) { this.auth.requireManage(); representation.setId(id); @@ -161,6 +164,7 @@ public class PolicyService { @Path("{id}") @GET @Produces("application/json") + @NoCache public Response findById(@PathParam("id") String id) { this.auth.requireView(); StoreFactory storeFactory = authorization.getStoreFactory(); @@ -175,6 +179,7 @@ public class PolicyService { @GET @Produces("application/json") + @NoCache public Response findAll() { this.auth.requireView(); StoreFactory storeFactory = authorization.getStoreFactory(); @@ -188,6 +193,7 @@ public class PolicyService { @Path("providers") @GET @Produces("application/json") + @NoCache public Response findPolicyProviders() { this.auth.requireView(); return Response.ok( @@ -292,7 +298,7 @@ public class PolicyService { boolean hasPolicy = false; for (Policy policyModel : new HashSet(policy.getAssociatedPolicies())) { - if (policyModel.getId().equals(policyId)) { + if (policyModel.getId().equals(policyId) || policyModel.getName().equals(policyId)) { hasPolicy = true; } } diff --git a/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java b/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java index 84e52954c3..5feb31c778 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java @@ -21,11 +21,6 @@ import org.jboss.resteasy.plugins.providers.multipart.InputPart; import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataInput; import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.keycloak.authorization.AuthorizationProvider; -import org.keycloak.authorization.admin.representation.PolicyRepresentation; -import org.keycloak.authorization.admin.representation.ResourceOwnerRepresentation; -import org.keycloak.authorization.admin.representation.ResourceRepresentation; -import org.keycloak.authorization.admin.representation.ResourceServerRepresentation; -import org.keycloak.authorization.admin.representation.ScopeRepresentation; import org.keycloak.authorization.admin.util.Models; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Resource; @@ -42,6 +37,13 @@ import org.keycloak.models.RealmModel; import org.keycloak.models.RoleModel; import org.keycloak.models.UserFederationManager; import org.keycloak.models.UserModel; +import org.keycloak.representations.idm.authorization.DecisionStrategy; +import org.keycloak.representations.idm.authorization.Logic; +import org.keycloak.representations.idm.authorization.PolicyRepresentation; +import org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation; +import org.keycloak.representations.idm.authorization.ResourceRepresentation; +import org.keycloak.representations.idm.authorization.ResourceServerRepresentation; +import org.keycloak.representations.idm.authorization.ScopeRepresentation; import org.keycloak.services.resources.admin.RealmAuth; import org.keycloak.util.JsonSerialization; @@ -191,212 +193,207 @@ public class ResourceServerService { return Response.ok(settings).build(); } + @Path("/import") @POST - @Consumes(MediaType.MULTIPART_FORM_DATA) - public Response importSettings(@Context final UriInfo uriInfo, MultipartFormDataInput input) throws IOException { + @Consumes(MediaType.APPLICATION_JSON) + public Response importSettings(@Context final UriInfo uriInfo, ResourceServerRepresentation rep) throws IOException { this.auth.requireManage(); - Map> uploadForm = input.getFormDataMap(); - List inputParts = uploadForm.get("file"); - for (InputPart inputPart : inputParts) { - ResourceServerRepresentation rep = JsonSerialization.readValue(inputPart.getBodyAsString(), ResourceServerRepresentation.class); + resourceServer.setPolicyEnforcementMode(rep.getPolicyEnforcementMode()); + resourceServer.setAllowRemoteResourceManagement(rep.isAllowRemoteResourceManagement()); - resourceServer.setPolicyEnforcementMode(rep.getPolicyEnforcementMode()); - resourceServer.setAllowRemoteResourceManagement(rep.isAllowRemoteResourceManagement()); + StoreFactory storeFactory = authorization.getStoreFactory(); + ResourceStore resourceStore = storeFactory.getResourceStore(); + ScopeStore scopeStore = storeFactory.getScopeStore(); + ScopeService scopeResource = new ScopeService(resourceServer, this.authorization, this.auth); - StoreFactory storeFactory = authorization.getStoreFactory(); - ResourceStore resourceStore = storeFactory.getResourceStore(); - ScopeStore scopeStore = storeFactory.getScopeStore(); - ScopeService scopeResource = new ScopeService(resourceServer, this.authorization, this.auth); + ResteasyProviderFactory.getInstance().injectProperties(scopeResource); - ResteasyProviderFactory.getInstance().injectProperties(scopeResource); + rep.getScopes().forEach(scope -> { + Scope existing = scopeStore.findByName(scope.getName(), resourceServer.getId()); - rep.getScopes().forEach(scope -> { - Scope existing = scopeStore.findByName(scope.getName(), resourceServer.getId()); + if (existing != null) { + scopeResource.update(existing.getId(), scope); + } else { + scopeResource.create(scope); + } + }); - if (existing != null) { - scopeResource.update(existing.getId(), scope); - } else { - scopeResource.create(scope); + ResourceSetService resourceSetResource = new ResourceSetService(resourceServer, this.authorization, this.auth); + + rep.getResources().forEach(resourceRepresentation -> { + ResourceOwnerRepresentation owner = resourceRepresentation.getOwner(); + + if (owner == null) { + owner = new ResourceOwnerRepresentation(); + } + + owner.setId(resourceServer.getClientId()); + + if (owner.getName() != null) { + UserModel user = this.session.users().getUserByUsername(owner.getName(), this.realm); + + if (user != null) { + owner.setId(user.getId()); } - }); + } - ResourceSetService resourceSetResource = new ResourceSetService(resourceServer, this.authorization, this.auth); + Resource existing = resourceStore.findByName(resourceRepresentation.getName(), this.resourceServer.getId()); - rep.getResources().forEach(resourceRepresentation -> { - ResourceOwnerRepresentation owner = resourceRepresentation.getOwner(); + if (existing != null) { + resourceSetResource.update(existing.getId(), resourceRepresentation); + } else { + resourceSetResource.create(resourceRepresentation); + } + }); - if (owner == null) { - owner = new ResourceOwnerRepresentation(); - } + PolicyStore policyStore = storeFactory.getPolicyStore(); + PolicyService policyResource = new PolicyService(resourceServer, this.authorization, this.auth); - owner.setId(resourceServer.getClientId()); + ResteasyProviderFactory.getInstance().injectProperties(policyResource); - if (owner.getName() != null) { - UserModel user = this.session.users().getUserByUsername(owner.getName(), this.realm); + rep.getPolicies().forEach(policyRepresentation -> { + Map config = policyRepresentation.getConfig(); - if (user != null) { - owner.setId(user.getId()); - } - } + String roles = config.get("roles"); - Resource existing = resourceStore.findByName(resourceRepresentation.getName(), this.resourceServer.getId()); + if (roles != null && !roles.isEmpty()) { + roles = roles.replace("[", ""); + roles = roles.replace("]", ""); - if (existing != null) { - resourceSetResource.update(existing.getId(), resourceRepresentation); - } else { - resourceSetResource.create(resourceRepresentation); - } - }); + if (!roles.isEmpty()) { + String roleNames = ""; - PolicyStore policyStore = storeFactory.getPolicyStore(); - PolicyService policyResource = new PolicyService(resourceServer, this.authorization, this.auth); - - ResteasyProviderFactory.getInstance().injectProperties(policyResource); - - rep.getPolicies().forEach(policyRepresentation -> { - Map config = policyRepresentation.getConfig(); - - String roles = config.get("roles"); - - if (roles != null && !roles.isEmpty()) { - roles = roles.replace("[", ""); - roles = roles.replace("]", ""); - - if (!roles.isEmpty()) { - String roleNames = ""; - - for (String role : roles.split(",")) { - if (!roleNames.isEmpty()) { - roleNames = roleNames + ","; - } - - role = role.replace("\"", ""); - - roleNames = roleNames + "\"" + this.realm.getRole(role).getId() + "\""; + for (String role : roles.split(",")) { + if (!roleNames.isEmpty()) { + roleNames = roleNames + ","; } - config.put("roles", "[" + roleNames + "]"); + role = role.replace("\"", ""); + + roleNames = roleNames + "\"" + this.realm.getRole(role).getId() + "\""; } + + config.put("roles", "[" + roleNames + "]"); } + } - String users = config.get("users"); + String users = config.get("users"); - if (users != null) { - users = users.replace("[", ""); - users = users.replace("]", ""); + if (users != null) { + users = users.replace("[", ""); + users = users.replace("]", ""); - if (!users.isEmpty()) { - String userNames = ""; + if (!users.isEmpty()) { + String userNames = ""; - for (String user : users.split(",")) { - if (!userNames.isEmpty()) { - userNames = userNames + ","; - } - - user = user.replace("\"", ""); - - userNames = userNames + "\"" + this.session.users().getUserByUsername(user, this.realm).getId() + "\""; + for (String user : users.split(",")) { + if (!userNames.isEmpty()) { + userNames = userNames + ","; } - config.put("users", "[" + userNames + "]"); + user = user.replace("\"", ""); + + userNames = userNames + "\"" + this.session.users().getUserByUsername(user, this.realm).getId() + "\""; } + + config.put("users", "[" + userNames + "]"); } + } - String scopes = config.get("scopes"); + String scopes = config.get("scopes"); - if (scopes != null && !scopes.isEmpty()) { - scopes = scopes.replace("[", ""); - scopes = scopes.replace("]", ""); + if (scopes != null && !scopes.isEmpty()) { + scopes = scopes.replace("[", ""); + scopes = scopes.replace("]", ""); - if (!scopes.isEmpty()) { - String scopeNames = ""; + if (!scopes.isEmpty()) { + String scopeNames = ""; - for (String scope : scopes.split(",")) { - if (!scopeNames.isEmpty()) { - scopeNames = scopeNames + ","; - } - - scope = scope.replace("\"", ""); - - Scope newScope = scopeStore.findByName(scope, resourceServer.getId()); - - if (newScope == null) { - throw new RuntimeException("Scope with name [" + scope + "] not defined."); - } - - scopeNames = scopeNames + "\"" + newScope.getId() + "\""; + for (String scope : scopes.split(",")) { + if (!scopeNames.isEmpty()) { + scopeNames = scopeNames + ","; } - config.put("scopes", "[" + scopeNames + "]"); - } - } + scope = scope.replace("\"", ""); - String policyResources = config.get("resources"); + Scope newScope = scopeStore.findByName(scope, resourceServer.getId()); - if (policyResources != null && !policyResources.isEmpty()) { - policyResources = policyResources.replace("[", ""); - policyResources = policyResources.replace("]", ""); - - if (!policyResources.isEmpty()) { - String resourceNames = ""; - - for (String resource : policyResources.split(",")) { - if (!resourceNames.isEmpty()) { - resourceNames = resourceNames + ","; - } - - resource = resource.replace("\"", ""); - - if ("".equals(resource)) { - continue; - } - - resourceNames = resourceNames + "\"" + storeFactory.getResourceStore().findByName(resource, resourceServer.getId()).getId() + "\""; + if (newScope == null) { + throw new RuntimeException("Scope with name [" + scope + "] not defined."); } - config.put("resources", "[" + resourceNames + "]"); + scopeNames = scopeNames + "\"" + newScope.getId() + "\""; } + + config.put("scopes", "[" + scopeNames + "]"); } + } - String applyPolicies = config.get("applyPolicies"); + String policyResources = config.get("resources"); - if (applyPolicies != null && !applyPolicies.isEmpty()) { - applyPolicies = applyPolicies.replace("[", ""); - applyPolicies = applyPolicies.replace("]", ""); + if (policyResources != null && !policyResources.isEmpty()) { + policyResources = policyResources.replace("[", ""); + policyResources = policyResources.replace("]", ""); - if (!applyPolicies.isEmpty()) { - String policyNames = ""; + if (!policyResources.isEmpty()) { + String resourceNames = ""; - for (String pId : applyPolicies.split(",")) { - if (!policyNames.isEmpty()) { - policyNames = policyNames + ","; - } - - pId = pId.replace("\"", "").trim(); - - Policy policy = policyStore.findByName(pId, resourceServer.getId()); - - if (policy == null) { - throw new RuntimeException("Policy with name [" + pId + "] not defined."); - } - - policyNames = policyNames + "\"" + policy.getId() + "\""; + for (String resource : policyResources.split(",")) { + if (!resourceNames.isEmpty()) { + resourceNames = resourceNames + ","; } - config.put("applyPolicies", "[" + policyNames + "]"); + resource = resource.replace("\"", ""); + + if ("".equals(resource)) { + continue; + } + + resourceNames = resourceNames + "\"" + storeFactory.getResourceStore().findByName(resource, resourceServer.getId()).getId() + "\""; } - } - Policy existing = policyStore.findByName(policyRepresentation.getName(), this.resourceServer.getId()); - - if (existing != null) { - policyResource.update(existing.getId(), policyRepresentation); - } else { - policyResource.create(policyRepresentation); + config.put("resources", "[" + resourceNames + "]"); } - }); - } + } + + String applyPolicies = config.get("applyPolicies"); + + if (applyPolicies != null && !applyPolicies.isEmpty()) { + applyPolicies = applyPolicies.replace("[", ""); + applyPolicies = applyPolicies.replace("]", ""); + + if (!applyPolicies.isEmpty()) { + String policyNames = ""; + + for (String pId : applyPolicies.split(",")) { + if (!policyNames.isEmpty()) { + policyNames = policyNames + ","; + } + + pId = pId.replace("\"", "").trim(); + + Policy policy = policyStore.findByName(pId, resourceServer.getId()); + + if (policy == null) { + throw new RuntimeException("Policy with name [" + pId + "] not defined."); + } + + policyNames = policyNames + "\"" + policy.getId() + "\""; + } + + config.put("applyPolicies", "[" + policyNames + "]"); + } + } + + Policy existing = policyStore.findByName(policyRepresentation.getName(), this.resourceServer.getId()); + + if (existing != null) { + policyResource.update(existing.getId(), policyRepresentation); + } else { + policyResource.create(policyRepresentation); + } + }); return Response.noContent().build(); } @@ -434,8 +431,8 @@ public class ResourceServerService { defaultPermission.setName("Default Permission"); defaultPermission.setType("resource"); defaultPermission.setDescription("A permission that applies to the default resource type"); - defaultPermission.setDecisionStrategy(Policy.DecisionStrategy.UNANIMOUS); - defaultPermission.setLogic(Policy.Logic.POSITIVE); + defaultPermission.setDecisionStrategy(DecisionStrategy.UNANIMOUS); + defaultPermission.setLogic(Logic.POSITIVE); HashMap defaultPermissionConfig = new HashMap<>(); @@ -454,8 +451,8 @@ public class ResourceServerService { defaultPolicy.setName("Only From Realm Policy"); defaultPolicy.setDescription("A policy that grants access only for users within this realm"); defaultPolicy.setType("js"); - defaultPolicy.setDecisionStrategy(Policy.DecisionStrategy.AFFIRMATIVE); - defaultPolicy.setLogic(Policy.Logic.POSITIVE); + defaultPolicy.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE); + defaultPolicy.setLogic(Logic.POSITIVE); HashMap defaultPolicyConfig = new HashMap<>(); diff --git a/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java b/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java index c9b30b2aaf..9078408a29 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java @@ -17,9 +17,8 @@ */ package org.keycloak.authorization.admin; +import org.jboss.resteasy.annotations.cache.NoCache; import org.keycloak.authorization.AuthorizationProvider; -import org.keycloak.authorization.admin.representation.ResourceRepresentation; -import org.keycloak.authorization.admin.representation.ScopeRepresentation; import org.keycloak.authorization.admin.util.Models; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Resource; @@ -27,6 +26,8 @@ import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.ResourceStore; import org.keycloak.authorization.store.StoreFactory; +import org.keycloak.representations.idm.authorization.ResourceRepresentation; +import org.keycloak.representations.idm.authorization.ScopeRepresentation; import org.keycloak.services.ErrorResponse; import org.keycloak.services.resources.admin.RealmAuth; @@ -136,6 +137,7 @@ public class ResourceSetService { @Path("{id}") @GET + @NoCache @Produces("application/json") public Response findById(@PathParam("id") String id) { requireView(); @@ -150,6 +152,7 @@ public class ResourceSetService { } @GET + @NoCache @Produces("application/json") public Response findAll() { requireView(); diff --git a/services/src/main/java/org/keycloak/authorization/admin/ScopeService.java b/services/src/main/java/org/keycloak/authorization/admin/ScopeService.java index 56291c801c..08bbed9485 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/ScopeService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/ScopeService.java @@ -18,13 +18,13 @@ package org.keycloak.authorization.admin; import org.keycloak.authorization.AuthorizationProvider; -import org.keycloak.authorization.admin.representation.ScopeRepresentation; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.StoreFactory; +import org.keycloak.representations.idm.authorization.ScopeRepresentation; import org.keycloak.services.ErrorResponse; import org.keycloak.services.resources.admin.RealmAuth; diff --git a/services/src/main/java/org/keycloak/authorization/admin/representation/PolicyEvaluationResponse.java b/services/src/main/java/org/keycloak/authorization/admin/representation/PolicyEvaluationResponse.java index 57b3e4eed3..ce1fe840dd 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/representation/PolicyEvaluationResponse.java +++ b/services/src/main/java/org/keycloak/authorization/admin/representation/PolicyEvaluationResponse.java @@ -28,7 +28,10 @@ import org.keycloak.authorization.policy.evaluation.Result; import org.keycloak.authorization.policy.evaluation.Result.PolicyResult; import org.keycloak.authorization.store.StoreFactory; import org.keycloak.authorization.util.Permissions; -import org.keycloak.representations.authorization.Permission; +import org.keycloak.representations.idm.authorization.Permission; +import org.keycloak.representations.idm.authorization.PolicyRepresentation; +import org.keycloak.representations.idm.authorization.ResourceRepresentation; +import org.keycloak.representations.idm.authorization.ScopeRepresentation; import java.util.ArrayList; import java.util.List; diff --git a/services/src/main/java/org/keycloak/authorization/admin/util/Models.java b/services/src/main/java/org/keycloak/authorization/admin/util/Models.java index abdd980be4..ca063ccc42 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/util/Models.java +++ b/services/src/main/java/org/keycloak/authorization/admin/util/Models.java @@ -20,11 +20,6 @@ package org.keycloak.authorization.admin.util; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.ErrorCode; -import org.keycloak.authorization.admin.representation.PolicyRepresentation; -import org.keycloak.authorization.admin.representation.ResourceOwnerRepresentation; -import org.keycloak.authorization.admin.representation.ResourceRepresentation; -import org.keycloak.authorization.admin.representation.ResourceServerRepresentation; -import org.keycloak.authorization.admin.representation.ScopeRepresentation; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.ResourceServer; @@ -36,6 +31,11 @@ import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; +import org.keycloak.representations.idm.authorization.PolicyRepresentation; +import org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation; +import org.keycloak.representations.idm.authorization.ResourceRepresentation; +import org.keycloak.representations.idm.authorization.ResourceServerRepresentation; +import org.keycloak.representations.idm.authorization.ScopeRepresentation; import org.keycloak.services.ErrorResponseException; import org.keycloak.util.JsonSerialization; diff --git a/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java b/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java index ad154a6bf7..405675a544 100644 --- a/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java +++ b/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java @@ -1,13 +1,12 @@ /* - * JBoss, Home of Professional Open Source. - * Copyright 2016 Red Hat, Inc., and individual contributors - * as indicated by the @author tags. + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -15,13 +14,11 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package org.keycloak.authorization.authorization; import org.jboss.resteasy.spi.HttpRequest; import org.keycloak.OAuthErrorException; import org.keycloak.authorization.AuthorizationProvider; -import org.keycloak.authorization.admin.representation.ScopeRepresentation; import org.keycloak.authorization.authorization.representation.AuthorizationRequest; import org.keycloak.authorization.authorization.representation.AuthorizationResponse; import org.keycloak.authorization.common.KeycloakEvaluationContext; @@ -39,7 +36,8 @@ import org.keycloak.jose.jws.JWSInputException; import org.keycloak.models.RealmModel; import org.keycloak.protocol.oidc.TokenManager; import org.keycloak.representations.AccessToken; -import org.keycloak.representations.authorization.Permission; +import org.keycloak.representations.idm.authorization.Permission; +import org.keycloak.representations.idm.authorization.ScopeRepresentation; import org.keycloak.services.ErrorResponseException; import org.keycloak.services.resources.Cors; diff --git a/services/src/main/java/org/keycloak/authorization/entitlement/EntitlementService.java b/services/src/main/java/org/keycloak/authorization/entitlement/EntitlementService.java index df6f54d098..ccc457d6b9 100644 --- a/services/src/main/java/org/keycloak/authorization/entitlement/EntitlementService.java +++ b/services/src/main/java/org/keycloak/authorization/entitlement/EntitlementService.java @@ -39,7 +39,7 @@ import org.keycloak.models.KeycloakContext; import org.keycloak.models.RealmModel; import org.keycloak.protocol.oidc.TokenManager; import org.keycloak.representations.AccessToken; -import org.keycloak.representations.authorization.Permission; +import org.keycloak.representations.idm.authorization.Permission; import org.keycloak.services.ErrorResponseException; import org.keycloak.services.resources.Cors; @@ -182,9 +182,8 @@ public class EntitlementService { AccessToken.Authorization authorization = new AccessToken.Authorization(); authorization.setPermissions(permissions); - accessToken.setAuthorization(authorization); - ; + return new TokenManager().encodeToken(realm, accessToken); } diff --git a/services/src/main/java/org/keycloak/authorization/protection/permission/AbstractPermissionService.java b/services/src/main/java/org/keycloak/authorization/protection/permission/AbstractPermissionService.java index cf2f9e01b6..910cee5569 100644 --- a/services/src/main/java/org/keycloak/authorization/protection/permission/AbstractPermissionService.java +++ b/services/src/main/java/org/keycloak/authorization/protection/permission/AbstractPermissionService.java @@ -1,8 +1,22 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.keycloak.authorization.protection.permission; import org.keycloak.authorization.AuthorizationProvider; -import org.keycloak.authorization.admin.representation.ResourceRepresentation; -import org.keycloak.authorization.admin.representation.ScopeRepresentation; import org.keycloak.authorization.common.KeycloakIdentity; import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.ResourceServer; @@ -11,6 +25,8 @@ import org.keycloak.authorization.protection.permission.representation.Permissio import org.keycloak.authorization.protection.permission.representation.PermissionResponse; import org.keycloak.authorization.store.StoreFactory; import org.keycloak.jose.jws.JWSBuilder; +import org.keycloak.representations.idm.authorization.ResourceRepresentation; +import org.keycloak.representations.idm.authorization.ScopeRepresentation; import org.keycloak.services.ErrorResponseException; import javax.ws.rs.core.Response; diff --git a/services/src/main/java/org/keycloak/authorization/protection/permission/PermissionService.java b/services/src/main/java/org/keycloak/authorization/protection/permission/PermissionService.java index 9d547307a3..4f2181fd03 100644 --- a/services/src/main/java/org/keycloak/authorization/protection/permission/PermissionService.java +++ b/services/src/main/java/org/keycloak/authorization/protection/permission/PermissionService.java @@ -18,27 +18,15 @@ package org.keycloak.authorization.protection.permission; import org.keycloak.authorization.AuthorizationProvider; -import org.keycloak.authorization.admin.representation.ResourceRepresentation; -import org.keycloak.authorization.admin.representation.ScopeRepresentation; import org.keycloak.authorization.common.KeycloakIdentity; -import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.ResourceServer; -import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.protection.permission.representation.PermissionRequest; -import org.keycloak.authorization.protection.permission.representation.PermissionResponse; -import org.keycloak.authorization.store.StoreFactory; -import org.keycloak.jose.jws.JWSBuilder; -import org.keycloak.services.ErrorResponseException; import javax.ws.rs.Consumes; import javax.ws.rs.POST; import javax.ws.rs.Produces; import javax.ws.rs.core.Response; -import javax.ws.rs.core.Response.Status; import java.util.Arrays; -import java.util.List; -import java.util.Set; -import java.util.stream.Collectors; /** * @author Pedro Igor diff --git a/services/src/main/java/org/keycloak/authorization/protection/permission/PermissionTicket.java b/services/src/main/java/org/keycloak/authorization/protection/permission/PermissionTicket.java index 9ee636898f..8726ce674f 100644 --- a/services/src/main/java/org/keycloak/authorization/protection/permission/PermissionTicket.java +++ b/services/src/main/java/org/keycloak/authorization/protection/permission/PermissionTicket.java @@ -18,9 +18,9 @@ package org.keycloak.authorization.protection.permission; import org.keycloak.TokenIdGenerator; -import org.keycloak.authorization.admin.representation.ResourceRepresentation; import org.keycloak.representations.AccessToken; import org.keycloak.representations.JsonWebToken; +import org.keycloak.representations.idm.authorization.ResourceRepresentation; import java.util.ArrayList; import java.util.List; diff --git a/services/src/main/java/org/keycloak/authorization/protection/resource/ResourceService.java b/services/src/main/java/org/keycloak/authorization/protection/resource/ResourceService.java index f4aaac576e..e45b976572 100644 --- a/services/src/main/java/org/keycloak/authorization/protection/resource/ResourceService.java +++ b/services/src/main/java/org/keycloak/authorization/protection/resource/ResourceService.java @@ -19,15 +19,15 @@ package org.keycloak.authorization.protection.resource; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.admin.ResourceSetService; -import org.keycloak.authorization.admin.representation.ResourceOwnerRepresentation; -import org.keycloak.authorization.admin.representation.ResourceRepresentation; -import org.keycloak.authorization.admin.representation.ScopeRepresentation; import org.keycloak.authorization.admin.util.Models; import org.keycloak.authorization.identity.Identity; import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.protection.resource.representation.UmaResourceRepresentation; import org.keycloak.authorization.protection.resource.representation.UmaScopeRepresentation; import org.keycloak.authorization.store.StoreFactory; +import org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation; +import org.keycloak.representations.idm.authorization.ResourceRepresentation; +import org.keycloak.representations.idm.authorization.ScopeRepresentation; import org.keycloak.services.ErrorResponseException; import javax.ws.rs.Consumes; diff --git a/services/src/main/java/org/keycloak/authorization/util/Permissions.java b/services/src/main/java/org/keycloak/authorization/util/Permissions.java index 43204b83f9..4d84b03ee5 100644 --- a/services/src/main/java/org/keycloak/authorization/util/Permissions.java +++ b/services/src/main/java/org/keycloak/authorization/util/Permissions.java @@ -28,7 +28,7 @@ import org.keycloak.authorization.permission.ResourcePermission; import org.keycloak.authorization.policy.evaluation.Result; import org.keycloak.authorization.store.ResourceStore; import org.keycloak.authorization.store.StoreFactory; -import org.keycloak.representations.authorization.Permission; +import org.keycloak.representations.idm.authorization.Permission; import java.util.ArrayList; import java.util.Arrays; diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/AbstractPhotozAdminTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/AbstractPhotozAdminTest.java index 0786eabec5..31b221b4a1 100644 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/AbstractPhotozAdminTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/AbstractPhotozAdminTest.java @@ -1,13 +1,12 @@ /* - * JBoss, Home of Professional Open Source. - * Copyright 2016 Red Hat, Inc., and individual contributors - * as indicated by the @author tags. + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -15,7 +14,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package org.keycloak.testsuite.authorization; import org.apache.commons.collections.map.HashedMap; @@ -23,8 +21,6 @@ import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.junit.Before; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.Decision; -import org.keycloak.authorization.admin.representation.ResourceRepresentation; -import org.keycloak.authorization.admin.representation.ScopeRepresentation; import org.keycloak.authorization.common.KeycloakEvaluationContext; import org.keycloak.authorization.common.KeycloakIdentity; import org.keycloak.authorization.model.Policy; @@ -42,6 +38,8 @@ import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.RoleModel; import org.keycloak.representations.AccessToken; +import org.keycloak.representations.idm.authorization.ResourceRepresentation; +import org.keycloak.representations.idm.authorization.ScopeRepresentation; import org.keycloak.util.JsonSerialization; import javax.ws.rs.client.Invocation; diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourceManagementTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourceManagementTest.java index f323265a50..4a6f9b61b7 100644 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourceManagementTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourceManagementTest.java @@ -19,8 +19,8 @@ package org.keycloak.testsuite.authorization; import org.junit.Test; -import org.keycloak.authorization.admin.representation.ResourceRepresentation; import org.keycloak.authorization.model.Resource; +import org.keycloak.representations.idm.authorization.ResourceRepresentation; import javax.ws.rs.client.Entity; import javax.ws.rs.client.Invocation.Builder; diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourcePermissionManagementTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourcePermissionManagementTest.java index a4cc5513be..50ab943b1d 100644 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourcePermissionManagementTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourcePermissionManagementTest.java @@ -21,12 +21,13 @@ package org.keycloak.testsuite.authorization; import org.apache.commons.collections.map.HashedMap; import org.junit.Test; import org.keycloak.authorization.Decision.Effect; -import org.keycloak.authorization.admin.representation.PolicyRepresentation; -import org.keycloak.authorization.admin.representation.ResourceRepresentation; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.permission.ResourcePermission; import org.keycloak.authorization.policy.evaluation.DefaultEvaluation; +import org.keycloak.representations.idm.authorization.DecisionStrategy; +import org.keycloak.representations.idm.authorization.PolicyRepresentation; +import org.keycloak.representations.idm.authorization.ResourceRepresentation; import org.keycloak.util.JsonSerialization; import javax.ws.rs.client.Entity; @@ -329,7 +330,7 @@ public class ResourcePermissionManagementTest extends AbstractPhotozAdminTest { newPermission.setName("Album Resource Policy"); newPermission.setType("resource"); - newPermission.setDecisionStrategy(Policy.DecisionStrategy.AFFIRMATIVE); + newPermission.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE); HashedMap config = new HashedMap(); diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ScopeManagementTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ScopeManagementTest.java index 839a813f2e..4566fe6b68 100644 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ScopeManagementTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ScopeManagementTest.java @@ -19,8 +19,8 @@ package org.keycloak.testsuite.authorization; import org.junit.Test; -import org.keycloak.authorization.admin.representation.ScopeRepresentation; import org.keycloak.authorization.model.Scope; +import org.keycloak.representations.idm.authorization.ScopeRepresentation; import javax.ws.rs.client.Entity; import javax.ws.rs.client.Invocation.Builder;