[KEYCLOAK-3128] - Admin Client Authorization Endpoints

This commit is contained in:
Pedro Igor 2016-06-28 11:41:58 -03:00
parent 591a794247
commit afa9471c7c
58 changed files with 819 additions and 345 deletions

View file

@ -29,7 +29,7 @@ import org.keycloak.representations.AccessToken;
import org.keycloak.representations.adapters.config.PolicyEnforcerConfig; import org.keycloak.representations.adapters.config.PolicyEnforcerConfig;
import org.keycloak.representations.adapters.config.PolicyEnforcerConfig.EnforcementMode; import org.keycloak.representations.adapters.config.PolicyEnforcerConfig.EnforcementMode;
import org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig; import org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig;
import org.keycloak.representations.authorization.Permission; import org.keycloak.representations.idm.authorization.Permission;
import java.net.URI; import java.net.URI;
import java.util.Collections; import java.util.Collections;

View file

@ -30,7 +30,7 @@ import org.keycloak.authorization.client.resource.ProtectedResource;
import org.keycloak.representations.adapters.config.AdapterConfig; import org.keycloak.representations.adapters.config.AdapterConfig;
import org.keycloak.representations.adapters.config.PolicyEnforcerConfig; import org.keycloak.representations.adapters.config.PolicyEnforcerConfig;
import org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig; import org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig;
import org.keycloak.representations.authorization.Permission; import org.keycloak.representations.idm.authorization.Permission;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.HashSet; import java.util.HashSet;

View file

@ -19,7 +19,7 @@ package org.keycloak.authorization.client.representation;
import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonProperty;
import org.keycloak.representations.JsonWebToken; import org.keycloak.representations.JsonWebToken;
import org.keycloak.representations.authorization.Permission; import org.keycloak.representations.idm.authorization.Permission;
import java.util.List; import java.util.List;

View file

@ -1,9 +1,25 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.authorization.policy.provider.drools; package org.keycloak.authorization.policy.provider.drools;
import org.keycloak.authorization.admin.representation.PolicyRepresentation;
import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.policy.provider.PolicyProviderAdminService; import org.keycloak.authorization.policy.provider.PolicyProviderAdminService;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.kie.api.runtime.KieContainer; import org.kie.api.runtime.KieContainer;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;

View file

@ -19,7 +19,7 @@ package org.keycloak;
import org.keycloak.representations.AccessToken; import org.keycloak.representations.AccessToken;
import org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig; import org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig;
import org.keycloak.representations.authorization.Permission; import org.keycloak.representations.idm.authorization.Permission;
import java.util.List; import java.util.List;

View file

@ -19,7 +19,7 @@ package org.keycloak.representations;
import com.fasterxml.jackson.annotation.JsonIgnore; import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonProperty;
import org.keycloak.representations.authorization.Permission; import org.keycloak.representations.idm.authorization.Permission;
import java.io.Serializable; import java.io.Serializable;
import java.util.HashMap; import java.util.HashMap;

View file

@ -0,0 +1,42 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.representations.idm.authorization;
/**
* The decision strategy dictates how the policies associated with a given policy are evaluated and how a final decision
* is obtained.
*
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
public enum DecisionStrategy {
/**
* Defines that at least one policy must evaluate to a positive decision in order to the overall decision be also positive.
*/
AFFIRMATIVE,
/**
* Defines that all policies must evaluate to a positive decision in order to the overall decision be also positive.
*/
UNANIMOUS,
/**
* Defines that the number of positive decisions must be greater than the number of negative decisions. If the number of positive and negative is the same,
* the final decision will be negative.
*/
CONSENSUS
}

View file

@ -0,0 +1,36 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.representations.idm.authorization;
/**
* The decision strategy dictates how the policies associated with a given policy are evaluated and how a final decision
* is obtained.
*
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
public enum Logic {
/**
* Defines that this policy follows a positive logic. In other words, the final decision is the policy outcome.
*/
POSITIVE,
/**
* Defines that this policy uses a logical negation. In other words, the final decision would be a negative of the policy outcome.
*/
NEGATIVE,
}

View file

@ -13,9 +13,8 @@
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*
*/ */
package org.keycloak.representations.authorization; package org.keycloak.representations.idm.authorization;
import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonProperty;

View file

@ -0,0 +1,40 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.representations.idm.authorization;
/**
* The policy enforcement mode dictates how authorization requests are handled by the server.
*
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
public enum PolicyEnforcementMode {
/**
* Requests are denied by default even when there is no policy associated with a given resource.
*/
ENFORCING,
/**
* Requests are allowed even when there is no policy associated with a given resource.
*/
PERMISSIVE,
/**
* Completely disables the evaluation of policies and allow access to any resource.
*/
DISABLED
}

View file

@ -1,7 +1,6 @@
/* /*
* JBoss, Home of Professional Open Source. * Copyright 2016 Red Hat, Inc. and/or its affiliates
* Copyright 2016 Red Hat, Inc., and individual contributors * and other contributors as indicated by the @author tags.
* as indicated by the @author tags.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -15,8 +14,7 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.keycloak.representations.idm.authorization;
package org.keycloak.authorization.admin.representation;
/** /**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a> * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>

View file

@ -1,7 +1,6 @@
/* /*
* JBoss, Home of Professional Open Source. * Copyright 2016 Red Hat, Inc. and/or its affiliates
* Copyright 2016 Red Hat, Inc., and individual contributors * and other contributors as indicated by the @author tags.
* as indicated by the @author tags.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -15,11 +14,7 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.keycloak.representations.idm.authorization;
package org.keycloak.authorization.admin.representation;
import org.keycloak.authorization.model.Policy.DecisionStrategy;
import org.keycloak.authorization.model.Policy.Logic;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;

View file

@ -1,7 +1,6 @@
/* /*
* JBoss, Home of Professional Open Source. * Copyright 2016 Red Hat, Inc. and/or its affiliates
* Copyright 2016 Red Hat, Inc., and individual contributors * and other contributors as indicated by the @author tags.
* as indicated by the @author tags.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -15,8 +14,7 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.keycloak.representations.idm.authorization;
package org.keycloak.authorization.admin.representation;
/** /**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a> * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>

View file

@ -1,7 +1,6 @@
/* /*
* JBoss, Home of Professional Open Source. * Copyright 2016 Red Hat, Inc. and/or its affiliates
* Copyright 2016 Red Hat, Inc., and individual contributors * and other contributors as indicated by the @author tags.
* as indicated by the @author tags.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -15,7 +14,7 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.keycloak.authorization.admin.representation; package org.keycloak.representations.idm.authorization;
import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonProperty;

View file

@ -1,7 +1,6 @@
/* /*
* JBoss, Home of Professional Open Source. * Copyright 2016 Red Hat, Inc. and/or its affiliates
* Copyright 2016 Red Hat, Inc., and individual contributors * and other contributors as indicated by the @author tags.
* as indicated by the @author tags.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -15,9 +14,7 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.keycloak.authorization.admin.representation; package org.keycloak.representations.idm.authorization;
import org.keycloak.authorization.model.ResourceServer.PolicyEnforcementMode;
import java.util.List; import java.util.List;

View file

@ -1,7 +1,6 @@
/* /*
* JBoss, Home of Professional Open Source. * Copyright 2016 Red Hat, Inc. and/or its affiliates
* Copyright 2016 Red Hat, Inc., and individual contributors * and other contributors as indicated by the @author tags.
* as indicated by the @author tags.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -15,7 +14,7 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.keycloak.authorization.admin.representation; package org.keycloak.representations.idm.authorization;
import java.net.URI; import java.net.URI;
import java.util.List; import java.util.List;

View file

@ -26,7 +26,7 @@ import org.keycloak.authorization.client.representation.ResourceRepresentation;
import org.keycloak.authorization.client.representation.ScopeRepresentation; import org.keycloak.authorization.client.representation.ScopeRepresentation;
import org.keycloak.authorization.client.representation.TokenIntrospectionResponse; import org.keycloak.authorization.client.representation.TokenIntrospectionResponse;
import org.keycloak.authorization.client.resource.ProtectedResource; import org.keycloak.authorization.client.resource.ProtectedResource;
import org.keycloak.representations.authorization.Permission; import org.keycloak.representations.idm.authorization.Permission;
import java.util.Set; import java.util.Set;

View file

@ -0,0 +1,61 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.admin.client.resource;
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
public interface AuthorizationResource {
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
void update(ResourceServerRepresentation server);
@GET
@Produces(MediaType.APPLICATION_JSON)
ResourceServerRepresentation getSettings();
@Path("/import")
@POST
@Consumes(MediaType.APPLICATION_JSON)
void importSettings(ResourceServerRepresentation server);
@Path("/settings")
@GET
@Produces(MediaType.APPLICATION_JSON)
ResourceServerRepresentation exportSettings();
@Path("/resource")
ResourcesResource resources();
@Path("/scope")
ResourceScopesResource scopes();
@Path("/policy")
PoliciesResource policies();
}

View file

@ -142,4 +142,6 @@ public interface ClientResource {
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
GlobalRequestResult testNodesAvailable(); GlobalRequestResult testNodesAvailable();
@Path("/authz/resource-server")
AuthorizationResource authorization();
} }

View file

@ -0,0 +1,56 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.admin.client.resource;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.representations.idm.authorization.PolicyProviderRepresentation;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.util.List;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
public interface PoliciesResource {
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
Response create(PolicyRepresentation representation);
@Path("{id}")
PolicyResource policy(@PathParam("id") String id);
@GET
@Produces(MediaType.APPLICATION_JSON)
@NoCache
List<PolicyRepresentation> policies();
@Path("providers")
@GET
@Produces(MediaType.APPLICATION_JSON)
@NoCache
List<PolicyProviderRepresentation> policyProviders();
}

View file

@ -0,0 +1,45 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.admin.client.resource;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
public interface PolicyResource {
@GET
@Produces(MediaType.APPLICATION_JSON)
@NoCache
PolicyRepresentation toRepresentation();
@PUT
@Consumes(MediaType.APPLICATION_JSON)
void update(PolicyRepresentation representation);
@DELETE
void remove();
}

View file

@ -0,0 +1,45 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.admin.client.resource;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
public interface ResourceResource {
@GET
@Produces(MediaType.APPLICATION_JSON)
@NoCache
ResourceRepresentation toRepresentation();
@PUT
@Consumes(MediaType.APPLICATION_JSON)
void update(ResourceRepresentation resource);
@DELETE
void remove();
}

View file

@ -0,0 +1,46 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.admin.client.resource;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
public interface ResourceScopeResource {
@GET
@Produces(MediaType.APPLICATION_JSON)
@NoCache
ScopeRepresentation toRepresentation();
@PUT
@Consumes(MediaType.APPLICATION_JSON)
void update(ScopeRepresentation scope);
@DELETE
void remove();
}

View file

@ -0,0 +1,50 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.admin.client.resource;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.util.List;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
public interface ResourceScopesResource {
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
Response create(ScopeRepresentation scope);
@Path("{id}")
ResourceScopeResource scope(@PathParam("id") String id);
@GET
@NoCache
@Produces(MediaType.APPLICATION_JSON)
List<ScopeRepresentation> scopes();
}

View file

@ -0,0 +1,49 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.admin.client.resource;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.util.List;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
public interface ResourcesResource {
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
Response create(ResourceRepresentation resource);
@Path("{id}")
ResourceResource resource(@PathParam("id") String id);
@GET
@NoCache
@Produces(MediaType.APPLICATION_JSON)
List<ResourceRepresentation> resources();
}

View file

@ -30,6 +30,8 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.authorization.infinispan.InfinispanStoreFactoryProvider.CacheTransaction; import org.keycloak.models.authorization.infinispan.InfinispanStoreFactoryProvider.CacheTransaction;
import org.keycloak.models.authorization.infinispan.entities.CachedPolicy; import org.keycloak.models.authorization.infinispan.entities.CachedPolicy;
import org.keycloak.models.entities.AbstractIdentifiableEntity; import org.keycloak.models.entities.AbstractIdentifiableEntity;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.HashSet; import java.util.HashSet;

View file

@ -26,6 +26,7 @@ import org.keycloak.connections.infinispan.InfinispanConnectionProvider;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
import org.keycloak.models.authorization.infinispan.InfinispanStoreFactoryProvider.CacheTransaction; import org.keycloak.models.authorization.infinispan.InfinispanStoreFactoryProvider.CacheTransaction;
import org.keycloak.models.authorization.infinispan.entities.CachedResourceServer; import org.keycloak.models.authorization.infinispan.entities.CachedResourceServer;
import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;

View file

@ -23,6 +23,8 @@ import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.model.Scope;
import org.keycloak.models.entities.AbstractIdentifiableEntity; import org.keycloak.models.entities.AbstractIdentifiableEntity;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;

View file

@ -19,6 +19,7 @@
package org.keycloak.models.authorization.infinispan.entities; package org.keycloak.models.authorization.infinispan.entities;
import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
/** /**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a> * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>

View file

@ -22,6 +22,8 @@ import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.model.Scope;
import org.keycloak.models.entities.AbstractIdentifiableEntity; import org.keycloak.models.entities.AbstractIdentifiableEntity;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic;
import javax.persistence.Access; import javax.persistence.Access;
import javax.persistence.AccessType; import javax.persistence.AccessType;

View file

@ -19,6 +19,7 @@
package org.keycloak.authorization.jpa.entities; package org.keycloak.authorization.jpa.entities;
import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
import javax.persistence.Access; import javax.persistence.Access;
import javax.persistence.AccessType; import javax.persistence.AccessType;

View file

@ -1,3 +1,19 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.authorization.mongo.adapter; package org.keycloak.authorization.mongo.adapter;
import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.AuthorizationProvider;
@ -8,6 +24,8 @@ import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.mongo.entities.PolicyEntity; import org.keycloak.authorization.mongo.entities.PolicyEntity;
import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext; import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
import org.keycloak.models.mongo.keycloak.adapters.AbstractMongoAdapter; import org.keycloak.models.mongo.keycloak.adapters.AbstractMongoAdapter;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;

View file

@ -1,9 +1,26 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.authorization.mongo.adapter; package org.keycloak.authorization.mongo.adapter;
import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.mongo.entities.ResourceServerEntity; import org.keycloak.authorization.mongo.entities.ResourceServerEntity;
import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext; import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
import org.keycloak.models.mongo.keycloak.adapters.AbstractMongoAdapter; import org.keycloak.models.mongo.keycloak.adapters.AbstractMongoAdapter;
import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
/** /**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a> * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>

View file

@ -18,12 +18,12 @@
package org.keycloak.authorization.mongo.entities; package org.keycloak.authorization.mongo.entities;
import org.keycloak.authorization.model.Policy.DecisionStrategy;
import org.keycloak.authorization.model.Policy.Logic;
import org.keycloak.connections.mongo.api.MongoCollection; import org.keycloak.connections.mongo.api.MongoCollection;
import org.keycloak.connections.mongo.api.MongoIdentifiableEntity; import org.keycloak.connections.mongo.api.MongoIdentifiableEntity;
import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext; import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
import org.keycloak.models.entities.AbstractIdentifiableEntity; import org.keycloak.models.entities.AbstractIdentifiableEntity;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;

View file

@ -18,11 +18,11 @@
package org.keycloak.authorization.mongo.entities; package org.keycloak.authorization.mongo.entities;
import org.keycloak.authorization.model.ResourceServer.PolicyEnforcementMode;
import org.keycloak.connections.mongo.api.MongoCollection; import org.keycloak.connections.mongo.api.MongoCollection;
import org.keycloak.connections.mongo.api.MongoIdentifiableEntity; import org.keycloak.connections.mongo.api.MongoIdentifiableEntity;
import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext; import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
import org.keycloak.models.entities.AbstractIdentifiableEntity; import org.keycloak.models.entities.AbstractIdentifiableEntity;
import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
/** /**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a> * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>

View file

@ -18,6 +18,9 @@
package org.keycloak.authorization.model; package org.keycloak.authorization.model;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
@ -152,42 +155,4 @@ public interface Policy {
void addResource(Resource resource); void addResource(Resource resource);
void removeResource(Resource resource); void removeResource(Resource resource);
/**
* The decision strategy dictates how the policies associated with a given policy are evaluated and how a final decision
* is obtained.
*/
enum DecisionStrategy {
/**
* Defines that at least one policy must evaluate to a positive decision in order to the overall decision be also positive.
*/
AFFIRMATIVE,
/**
* Defines that all policies must evaluate to a positive decision in order to the overall decision be also positive.
*/
UNANIMOUS,
/**
* Defines that the number of positive decisions must be greater than the number of negative decisions. If the number of positive and negative is the same,
* the final decision will be negative.
*/
CONSENSUS
}
/**
* The decision strategy dictates how the policies associated with a given policy are evaluated and how a final decision
* is obtained.
*/
enum Logic {
/**
* Defines that this policy follows a positive logic. In other words, the final decision is the policy outcome.
*/
POSITIVE,
/**
* Defines that this policy uses a logical negation. In other words, the final decision would be a negative of the policy outcome.
*/
NEGATIVE,
}
} }

View file

@ -18,6 +18,8 @@
package org.keycloak.authorization.model; package org.keycloak.authorization.model;
import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
/** /**
* Represents a resource server, whose resources are managed and protected. A resource server is basically an existing * Represents a resource server, whose resources are managed and protected. A resource server is basically an existing
* client application in Keycloak that will also act as a resource server. * client application in Keycloak that will also act as a resource server.
@ -68,24 +70,4 @@ public interface ResourceServer {
* @param enforcementMode one of the available options in {@code PolicyEnforcementMode} * @param enforcementMode one of the available options in {@code PolicyEnforcementMode}
*/ */
void setPolicyEnforcementMode(PolicyEnforcementMode enforcementMode); void setPolicyEnforcementMode(PolicyEnforcementMode enforcementMode);
/**
* The policy enforcement mode dictates how authorization requests are handled by the server.
*/
enum PolicyEnforcementMode {
/**
* Requests are denied by default even when there is no policy associated with a given resource.
*/
ENFORCING,
/**
* Requests are allowed even when there is no policy associated with a given resource.
*/
PERMISSIVE,
/**
* Completely disables the evaluation of policies and allow access to any resource.
*/
DISABLED
}
} }

View file

@ -21,6 +21,7 @@ package org.keycloak.authorization.policy.evaluation;
import org.keycloak.authorization.Decision; import org.keycloak.authorization.Decision;
import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.permission.ResourcePermission; import org.keycloak.authorization.permission.ResourcePermission;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
@ -81,17 +82,17 @@ public abstract class DecisionResultCollector implements Decision<DefaultEvaluat
} }
Policy policy = policyResult.getPolicy(); Policy policy = policyResult.getPolicy();
Policy.DecisionStrategy decisionStrategy = policy.getDecisionStrategy(); DecisionStrategy decisionStrategy = policy.getDecisionStrategy();
if (decisionStrategy == null) { if (decisionStrategy == null) {
decisionStrategy = Policy.DecisionStrategy.UNANIMOUS; decisionStrategy = DecisionStrategy.UNANIMOUS;
} }
if (Policy.DecisionStrategy.AFFIRMATIVE.equals(decisionStrategy) && grantCount > 0) { if (DecisionStrategy.AFFIRMATIVE.equals(decisionStrategy) && grantCount > 0) {
return true; return true;
} else if (Policy.DecisionStrategy.UNANIMOUS.equals(decisionStrategy) && denyCount == 0) { } else if (DecisionStrategy.UNANIMOUS.equals(decisionStrategy) && denyCount == 0) {
return true; return true;
} else if (Policy.DecisionStrategy.CONSENSUS.equals(decisionStrategy)) { } else if (DecisionStrategy.CONSENSUS.equals(decisionStrategy)) {
if (grantCount > denyCount) { if (grantCount > denyCount) {
return true; return true;
} }

View file

@ -21,8 +21,8 @@ package org.keycloak.authorization.policy.evaluation;
import org.keycloak.authorization.Decision; import org.keycloak.authorization.Decision;
import org.keycloak.authorization.Decision.Effect; import org.keycloak.authorization.Decision.Effect;
import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Policy.Logic;
import org.keycloak.authorization.permission.ResourcePermission; import org.keycloak.authorization.permission.ResourcePermission;
import org.keycloak.representations.idm.authorization.Logic;
/** /**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a> * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>

View file

@ -23,13 +23,13 @@ import org.keycloak.authorization.Decision;
import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.ResourceServer.PolicyEnforcementMode;
import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.permission.ResourcePermission; import org.keycloak.authorization.permission.ResourcePermission;
import org.keycloak.authorization.policy.provider.PolicyProvider; import org.keycloak.authorization.policy.provider.PolicyProvider;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory; import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.StoreFactory; import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;

View file

@ -78,13 +78,13 @@ import org.keycloak.representations.idm.UserConsentRepresentation;
import org.keycloak.representations.idm.UserFederationMapperRepresentation; import org.keycloak.representations.idm.UserFederationMapperRepresentation;
import org.keycloak.representations.idm.UserFederationProviderRepresentation; import org.keycloak.representations.idm.UserFederationProviderRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
import java.io.IOException; import java.io.IOException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collection; import java.util.Collection;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList; import java.util.LinkedList;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
@ -1002,7 +1002,7 @@ public class RepresentationToModel {
ResourceServer resourceServer = resourceServerStore.create(client.getId()); ResourceServer resourceServer = resourceServerStore.create(client.getId());
resourceServer.setAllowRemoteResourceManagement(true); resourceServer.setAllowRemoteResourceManagement(true);
resourceServer.setPolicyEnforcementMode(ResourceServer.PolicyEnforcementMode.ENFORCING); resourceServer.setPolicyEnforcementMode(PolicyEnforcementMode.ENFORCING);
} }
return client; return client;

View file

@ -18,10 +18,9 @@
package org.keycloak.authorization.admin; package org.keycloak.authorization.admin;
import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.ObjectMapper;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.admin.representation.PolicyProviderRepresentation;
import org.keycloak.authorization.admin.representation.PolicyRepresentation;
import org.keycloak.authorization.admin.util.Models; import org.keycloak.authorization.admin.util.Models;
import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.Resource;
@ -31,6 +30,8 @@ import org.keycloak.authorization.policy.provider.PolicyProviderAdminService;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory; import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.StoreFactory; import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.representations.idm.authorization.PolicyProviderRepresentation;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.services.resources.admin.RealmAuth; import org.keycloak.services.resources.admin.RealmAuth;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;
@ -67,6 +68,7 @@ public class PolicyService {
@POST @POST
@Consumes("application/json") @Consumes("application/json")
@Produces("application/json") @Produces("application/json")
@NoCache
public Response create(PolicyRepresentation representation) { public Response create(PolicyRepresentation representation) {
this.auth.requireManage(); this.auth.requireManage();
Policy policy = Models.toModel(representation, this.resourceServer, authorization); Policy policy = Models.toModel(representation, this.resourceServer, authorization);
@ -94,6 +96,7 @@ public class PolicyService {
@PUT @PUT
@Consumes("application/json") @Consumes("application/json")
@Produces("application/json") @Produces("application/json")
@NoCache
public Response update(@PathParam("id") String id, PolicyRepresentation representation) { public Response update(@PathParam("id") String id, PolicyRepresentation representation) {
this.auth.requireManage(); this.auth.requireManage();
representation.setId(id); representation.setId(id);
@ -161,6 +164,7 @@ public class PolicyService {
@Path("{id}") @Path("{id}")
@GET @GET
@Produces("application/json") @Produces("application/json")
@NoCache
public Response findById(@PathParam("id") String id) { public Response findById(@PathParam("id") String id) {
this.auth.requireView(); this.auth.requireView();
StoreFactory storeFactory = authorization.getStoreFactory(); StoreFactory storeFactory = authorization.getStoreFactory();
@ -175,6 +179,7 @@ public class PolicyService {
@GET @GET
@Produces("application/json") @Produces("application/json")
@NoCache
public Response findAll() { public Response findAll() {
this.auth.requireView(); this.auth.requireView();
StoreFactory storeFactory = authorization.getStoreFactory(); StoreFactory storeFactory = authorization.getStoreFactory();
@ -188,6 +193,7 @@ public class PolicyService {
@Path("providers") @Path("providers")
@GET @GET
@Produces("application/json") @Produces("application/json")
@NoCache
public Response findPolicyProviders() { public Response findPolicyProviders() {
this.auth.requireView(); this.auth.requireView();
return Response.ok( return Response.ok(
@ -292,7 +298,7 @@ public class PolicyService {
boolean hasPolicy = false; boolean hasPolicy = false;
for (Policy policyModel : new HashSet<Policy>(policy.getAssociatedPolicies())) { for (Policy policyModel : new HashSet<Policy>(policy.getAssociatedPolicies())) {
if (policyModel.getId().equals(policyId)) { if (policyModel.getId().equals(policyId) || policyModel.getName().equals(policyId)) {
hasPolicy = true; hasPolicy = true;
} }
} }

View file

@ -21,11 +21,6 @@ import org.jboss.resteasy.plugins.providers.multipart.InputPart;
import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataInput; import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataInput;
import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.admin.representation.PolicyRepresentation;
import org.keycloak.authorization.admin.representation.ResourceOwnerRepresentation;
import org.keycloak.authorization.admin.representation.ResourceRepresentation;
import org.keycloak.authorization.admin.representation.ResourceServerRepresentation;
import org.keycloak.authorization.admin.representation.ScopeRepresentation;
import org.keycloak.authorization.admin.util.Models; import org.keycloak.authorization.admin.util.Models;
import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.Resource;
@ -42,6 +37,13 @@ import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel; import org.keycloak.models.RoleModel;
import org.keycloak.models.UserFederationManager; import org.keycloak.models.UserFederationManager;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.services.resources.admin.RealmAuth; import org.keycloak.services.resources.admin.RealmAuth;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;
@ -191,15 +193,11 @@ public class ResourceServerService {
return Response.ok(settings).build(); return Response.ok(settings).build();
} }
@Path("/import")
@POST @POST
@Consumes(MediaType.MULTIPART_FORM_DATA) @Consumes(MediaType.APPLICATION_JSON)
public Response importSettings(@Context final UriInfo uriInfo, MultipartFormDataInput input) throws IOException { public Response importSettings(@Context final UriInfo uriInfo, ResourceServerRepresentation rep) throws IOException {
this.auth.requireManage(); this.auth.requireManage();
Map<String, List<InputPart>> uploadForm = input.getFormDataMap();
List<InputPart> inputParts = uploadForm.get("file");
for (InputPart inputPart : inputParts) {
ResourceServerRepresentation rep = JsonSerialization.readValue(inputPart.getBodyAsString(), ResourceServerRepresentation.class);
resourceServer.setPolicyEnforcementMode(rep.getPolicyEnforcementMode()); resourceServer.setPolicyEnforcementMode(rep.getPolicyEnforcementMode());
resourceServer.setAllowRemoteResourceManagement(rep.isAllowRemoteResourceManagement()); resourceServer.setAllowRemoteResourceManagement(rep.isAllowRemoteResourceManagement());
@ -396,7 +394,6 @@ public class ResourceServerService {
policyResource.create(policyRepresentation); policyResource.create(policyRepresentation);
} }
}); });
}
return Response.noContent().build(); return Response.noContent().build();
} }
@ -434,8 +431,8 @@ public class ResourceServerService {
defaultPermission.setName("Default Permission"); defaultPermission.setName("Default Permission");
defaultPermission.setType("resource"); defaultPermission.setType("resource");
defaultPermission.setDescription("A permission that applies to the default resource type"); defaultPermission.setDescription("A permission that applies to the default resource type");
defaultPermission.setDecisionStrategy(Policy.DecisionStrategy.UNANIMOUS); defaultPermission.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
defaultPermission.setLogic(Policy.Logic.POSITIVE); defaultPermission.setLogic(Logic.POSITIVE);
HashMap<String, String> defaultPermissionConfig = new HashMap<>(); HashMap<String, String> defaultPermissionConfig = new HashMap<>();
@ -454,8 +451,8 @@ public class ResourceServerService {
defaultPolicy.setName("Only From Realm Policy"); defaultPolicy.setName("Only From Realm Policy");
defaultPolicy.setDescription("A policy that grants access only for users within this realm"); defaultPolicy.setDescription("A policy that grants access only for users within this realm");
defaultPolicy.setType("js"); defaultPolicy.setType("js");
defaultPolicy.setDecisionStrategy(Policy.DecisionStrategy.AFFIRMATIVE); defaultPolicy.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
defaultPolicy.setLogic(Policy.Logic.POSITIVE); defaultPolicy.setLogic(Logic.POSITIVE);
HashMap<String, String> defaultPolicyConfig = new HashMap<>(); HashMap<String, String> defaultPolicyConfig = new HashMap<>();

View file

@ -17,9 +17,8 @@
*/ */
package org.keycloak.authorization.admin; package org.keycloak.authorization.admin;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.admin.representation.ResourceRepresentation;
import org.keycloak.authorization.admin.representation.ScopeRepresentation;
import org.keycloak.authorization.admin.util.Models; import org.keycloak.authorization.admin.util.Models;
import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.Resource;
@ -27,6 +26,8 @@ import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.ResourceStore; import org.keycloak.authorization.store.ResourceStore;
import org.keycloak.authorization.store.StoreFactory; import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.services.ErrorResponse; import org.keycloak.services.ErrorResponse;
import org.keycloak.services.resources.admin.RealmAuth; import org.keycloak.services.resources.admin.RealmAuth;
@ -136,6 +137,7 @@ public class ResourceSetService {
@Path("{id}") @Path("{id}")
@GET @GET
@NoCache
@Produces("application/json") @Produces("application/json")
public Response findById(@PathParam("id") String id) { public Response findById(@PathParam("id") String id) {
requireView(); requireView();
@ -150,6 +152,7 @@ public class ResourceSetService {
} }
@GET @GET
@NoCache
@Produces("application/json") @Produces("application/json")
public Response findAll() { public Response findAll() {
requireView(); requireView();

View file

@ -18,13 +18,13 @@
package org.keycloak.authorization.admin; package org.keycloak.authorization.admin;
import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.admin.representation.ScopeRepresentation;
import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.StoreFactory; import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.services.ErrorResponse; import org.keycloak.services.ErrorResponse;
import org.keycloak.services.resources.admin.RealmAuth; import org.keycloak.services.resources.admin.RealmAuth;

View file

@ -28,7 +28,10 @@ import org.keycloak.authorization.policy.evaluation.Result;
import org.keycloak.authorization.policy.evaluation.Result.PolicyResult; import org.keycloak.authorization.policy.evaluation.Result.PolicyResult;
import org.keycloak.authorization.store.StoreFactory; import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.authorization.util.Permissions; import org.keycloak.authorization.util.Permissions;
import org.keycloak.representations.authorization.Permission; import org.keycloak.representations.idm.authorization.Permission;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;

View file

@ -20,11 +20,6 @@ package org.keycloak.authorization.admin.util;
import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.ErrorCode; import org.keycloak.authorization.ErrorCode;
import org.keycloak.authorization.admin.representation.PolicyRepresentation;
import org.keycloak.authorization.admin.representation.ResourceOwnerRepresentation;
import org.keycloak.authorization.admin.representation.ResourceRepresentation;
import org.keycloak.authorization.admin.representation.ResourceServerRepresentation;
import org.keycloak.authorization.admin.representation.ScopeRepresentation;
import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.ResourceServer;
@ -36,6 +31,11 @@ import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.services.ErrorResponseException; import org.keycloak.services.ErrorResponseException;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;

View file

@ -1,7 +1,6 @@
/* /*
* JBoss, Home of Professional Open Source. * Copyright 2016 Red Hat, Inc. and/or its affiliates
* Copyright 2016 Red Hat, Inc., and individual contributors * and other contributors as indicated by the @author tags.
* as indicated by the @author tags.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -15,13 +14,11 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.keycloak.authorization.authorization; package org.keycloak.authorization.authorization;
import org.jboss.resteasy.spi.HttpRequest; import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.OAuthErrorException; import org.keycloak.OAuthErrorException;
import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.admin.representation.ScopeRepresentation;
import org.keycloak.authorization.authorization.representation.AuthorizationRequest; import org.keycloak.authorization.authorization.representation.AuthorizationRequest;
import org.keycloak.authorization.authorization.representation.AuthorizationResponse; import org.keycloak.authorization.authorization.representation.AuthorizationResponse;
import org.keycloak.authorization.common.KeycloakEvaluationContext; import org.keycloak.authorization.common.KeycloakEvaluationContext;
@ -39,7 +36,8 @@ import org.keycloak.jose.jws.JWSInputException;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oidc.TokenManager; import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.representations.AccessToken; import org.keycloak.representations.AccessToken;
import org.keycloak.representations.authorization.Permission; import org.keycloak.representations.idm.authorization.Permission;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.services.ErrorResponseException; import org.keycloak.services.ErrorResponseException;
import org.keycloak.services.resources.Cors; import org.keycloak.services.resources.Cors;

View file

@ -39,7 +39,7 @@ import org.keycloak.models.KeycloakContext;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oidc.TokenManager; import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.representations.AccessToken; import org.keycloak.representations.AccessToken;
import org.keycloak.representations.authorization.Permission; import org.keycloak.representations.idm.authorization.Permission;
import org.keycloak.services.ErrorResponseException; import org.keycloak.services.ErrorResponseException;
import org.keycloak.services.resources.Cors; import org.keycloak.services.resources.Cors;
@ -182,9 +182,8 @@ public class EntitlementService {
AccessToken.Authorization authorization = new AccessToken.Authorization(); AccessToken.Authorization authorization = new AccessToken.Authorization();
authorization.setPermissions(permissions); authorization.setPermissions(permissions);
accessToken.setAuthorization(authorization); accessToken.setAuthorization(authorization);
;
return new TokenManager().encodeToken(realm, accessToken); return new TokenManager().encodeToken(realm, accessToken);
} }

View file

@ -1,8 +1,22 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.authorization.protection.permission; package org.keycloak.authorization.protection.permission;
import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.admin.representation.ResourceRepresentation;
import org.keycloak.authorization.admin.representation.ScopeRepresentation;
import org.keycloak.authorization.common.KeycloakIdentity; import org.keycloak.authorization.common.KeycloakIdentity;
import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.ResourceServer;
@ -11,6 +25,8 @@ import org.keycloak.authorization.protection.permission.representation.Permissio
import org.keycloak.authorization.protection.permission.representation.PermissionResponse; import org.keycloak.authorization.protection.permission.representation.PermissionResponse;
import org.keycloak.authorization.store.StoreFactory; import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.jose.jws.JWSBuilder; import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.services.ErrorResponseException; import org.keycloak.services.ErrorResponseException;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;

View file

@ -18,27 +18,15 @@
package org.keycloak.authorization.protection.permission; package org.keycloak.authorization.protection.permission;
import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.admin.representation.ResourceRepresentation;
import org.keycloak.authorization.admin.representation.ScopeRepresentation;
import org.keycloak.authorization.common.KeycloakIdentity; import org.keycloak.authorization.common.KeycloakIdentity;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.protection.permission.representation.PermissionRequest; import org.keycloak.authorization.protection.permission.representation.PermissionRequest;
import org.keycloak.authorization.protection.permission.representation.PermissionResponse;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.services.ErrorResponseException;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;
import javax.ws.rs.POST; import javax.ws.rs.POST;
import javax.ws.rs.Produces; import javax.ws.rs.Produces;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import java.util.Arrays; import java.util.Arrays;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
/** /**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a> * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>

View file

@ -18,9 +18,9 @@
package org.keycloak.authorization.protection.permission; package org.keycloak.authorization.protection.permission;
import org.keycloak.TokenIdGenerator; import org.keycloak.TokenIdGenerator;
import org.keycloak.authorization.admin.representation.ResourceRepresentation;
import org.keycloak.representations.AccessToken; import org.keycloak.representations.AccessToken;
import org.keycloak.representations.JsonWebToken; import org.keycloak.representations.JsonWebToken;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;

View file

@ -19,15 +19,15 @@ package org.keycloak.authorization.protection.resource;
import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.admin.ResourceSetService; import org.keycloak.authorization.admin.ResourceSetService;
import org.keycloak.authorization.admin.representation.ResourceOwnerRepresentation;
import org.keycloak.authorization.admin.representation.ResourceRepresentation;
import org.keycloak.authorization.admin.representation.ScopeRepresentation;
import org.keycloak.authorization.admin.util.Models; import org.keycloak.authorization.admin.util.Models;
import org.keycloak.authorization.identity.Identity; import org.keycloak.authorization.identity.Identity;
import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.protection.resource.representation.UmaResourceRepresentation; import org.keycloak.authorization.protection.resource.representation.UmaResourceRepresentation;
import org.keycloak.authorization.protection.resource.representation.UmaScopeRepresentation; import org.keycloak.authorization.protection.resource.representation.UmaScopeRepresentation;
import org.keycloak.authorization.store.StoreFactory; import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.services.ErrorResponseException; import org.keycloak.services.ErrorResponseException;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;

View file

@ -28,7 +28,7 @@ import org.keycloak.authorization.permission.ResourcePermission;
import org.keycloak.authorization.policy.evaluation.Result; import org.keycloak.authorization.policy.evaluation.Result;
import org.keycloak.authorization.store.ResourceStore; import org.keycloak.authorization.store.ResourceStore;
import org.keycloak.authorization.store.StoreFactory; import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.representations.authorization.Permission; import org.keycloak.representations.idm.authorization.Permission;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;

View file

@ -1,7 +1,6 @@
/* /*
* JBoss, Home of Professional Open Source. * Copyright 2016 Red Hat, Inc. and/or its affiliates
* Copyright 2016 Red Hat, Inc., and individual contributors * and other contributors as indicated by the @author tags.
* as indicated by the @author tags.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -15,7 +14,6 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.keycloak.testsuite.authorization; package org.keycloak.testsuite.authorization;
import org.apache.commons.collections.map.HashedMap; import org.apache.commons.collections.map.HashedMap;
@ -23,8 +21,6 @@ import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.junit.Before; import org.junit.Before;
import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.Decision; import org.keycloak.authorization.Decision;
import org.keycloak.authorization.admin.representation.ResourceRepresentation;
import org.keycloak.authorization.admin.representation.ScopeRepresentation;
import org.keycloak.authorization.common.KeycloakEvaluationContext; import org.keycloak.authorization.common.KeycloakEvaluationContext;
import org.keycloak.authorization.common.KeycloakIdentity; import org.keycloak.authorization.common.KeycloakIdentity;
import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Policy;
@ -42,6 +38,8 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel; import org.keycloak.models.RoleModel;
import org.keycloak.representations.AccessToken; import org.keycloak.representations.AccessToken;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;
import javax.ws.rs.client.Invocation; import javax.ws.rs.client.Invocation;

View file

@ -19,8 +19,8 @@
package org.keycloak.testsuite.authorization; package org.keycloak.testsuite.authorization;
import org.junit.Test; import org.junit.Test;
import org.keycloak.authorization.admin.representation.ResourceRepresentation;
import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.Resource;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import javax.ws.rs.client.Entity; import javax.ws.rs.client.Entity;
import javax.ws.rs.client.Invocation.Builder; import javax.ws.rs.client.Invocation.Builder;

View file

@ -21,12 +21,13 @@ package org.keycloak.testsuite.authorization;
import org.apache.commons.collections.map.HashedMap; import org.apache.commons.collections.map.HashedMap;
import org.junit.Test; import org.junit.Test;
import org.keycloak.authorization.Decision.Effect; import org.keycloak.authorization.Decision.Effect;
import org.keycloak.authorization.admin.representation.PolicyRepresentation;
import org.keycloak.authorization.admin.representation.ResourceRepresentation;
import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.permission.ResourcePermission; import org.keycloak.authorization.permission.ResourcePermission;
import org.keycloak.authorization.policy.evaluation.DefaultEvaluation; import org.keycloak.authorization.policy.evaluation.DefaultEvaluation;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;
import javax.ws.rs.client.Entity; import javax.ws.rs.client.Entity;
@ -329,7 +330,7 @@ public class ResourcePermissionManagementTest extends AbstractPhotozAdminTest {
newPermission.setName("Album Resource Policy"); newPermission.setName("Album Resource Policy");
newPermission.setType("resource"); newPermission.setType("resource");
newPermission.setDecisionStrategy(Policy.DecisionStrategy.AFFIRMATIVE); newPermission.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
HashedMap config = new HashedMap(); HashedMap config = new HashedMap();

View file

@ -19,8 +19,8 @@
package org.keycloak.testsuite.authorization; package org.keycloak.testsuite.authorization;
import org.junit.Test; import org.junit.Test;
import org.keycloak.authorization.admin.representation.ScopeRepresentation;
import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.model.Scope;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import javax.ws.rs.client.Entity; import javax.ws.rs.client.Entity;
import javax.ws.rs.client.Invocation.Builder; import javax.ws.rs.client.Invocation.Builder;