[KEYCLOAK-3128] - Admin Client Authorization Endpoints

2016-06-28 11:41:58 -03:00 · 2016-06-28 11:41:58 -03:00 · afa9471c7c
commit afa9471c7c
parent 591a794247
58 changed files with 819 additions and 345 deletions
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java
@ -29,7 +29,7 @@ import org.keycloak.representations.AccessToken;
 import org.keycloak.representations.adapters.config.PolicyEnforcerConfig;
 import org.keycloak.representations.adapters.config.PolicyEnforcerConfig.EnforcementMode;
 import org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig;
-import org.keycloak.representations.authorization.Permission;
+import org.keycloak.representations.idm.authorization.Permission;
 import java.net.URI;
 import java.util.Collections;
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/PolicyEnforcer.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/PolicyEnforcer.java
@ -30,7 +30,7 @@ import org.keycloak.authorization.client.resource.ProtectedResource;
 import org.keycloak.representations.adapters.config.AdapterConfig;
 import org.keycloak.representations.adapters.config.PolicyEnforcerConfig;
 import org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig;
-import org.keycloak.representations.authorization.Permission;
+import org.keycloak.representations.idm.authorization.Permission;
 import java.util.ArrayList;
 import java.util.HashSet;
--- a/authz/client/src/main/java/org/keycloak/authorization/client/representation/TokenIntrospectionResponse.java
+++ b/authz/client/src/main/java/org/keycloak/authorization/client/representation/TokenIntrospectionResponse.java
@ -19,7 +19,7 @@ package org.keycloak.authorization.client.representation;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import org.keycloak.representations.JsonWebToken;
-import org.keycloak.representations.authorization.Permission;
+import org.keycloak.representations.idm.authorization.Permission;
 import java.util.List;
--- a/authz/policy/drools/src/main/java/org/keycloak/authorization/policy/provider/drools/DroolsPolicyAdminResource.java
+++ b/authz/policy/drools/src/main/java/org/keycloak/authorization/policy/provider/drools/DroolsPolicyAdminResource.java
@ -1,9 +1,25 @@
 /*
 * Copyright 2016 Red Hat, Inc. and/or its affiliates
 * and other contributors as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.keycloak.authorization.policy.provider.drools;
 import org.keycloak.authorization.admin.representation.PolicyRepresentation;
 import org.keycloak.authorization.model.Policy;
 import org.keycloak.authorization.model.ResourceServer;
 import org.keycloak.authorization.policy.provider.PolicyProviderAdminService;
 import org.keycloak.representations.idm.authorization.PolicyRepresentation;
 import org.kie.api.runtime.KieContainer;
 import javax.ws.rs.Consumes;
--- a/core/src/main/java/org/keycloak/AuthorizationContext.java
+++ b/core/src/main/java/org/keycloak/AuthorizationContext.java
@ -19,7 +19,7 @@ package org.keycloak;
 import org.keycloak.representations.AccessToken;
 import org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig;
-import org.keycloak.representations.authorization.Permission;
+import org.keycloak.representations.idm.authorization.Permission;
 import java.util.List;
--- a/core/src/main/java/org/keycloak/representations/AccessToken.java
+++ b/core/src/main/java/org/keycloak/representations/AccessToken.java
@ -19,7 +19,7 @@ package org.keycloak.representations;
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonProperty;
-import org.keycloak.representations.authorization.Permission;
+import org.keycloak.representations.idm.authorization.Permission;
 import java.io.Serializable;
 import java.util.HashMap;
--- a/core/src/main/java/org/keycloak/representations/idm/authorization/DecisionStrategy.java
+++ b/core/src/main/java/org/keycloak/representations/idm/authorization/DecisionStrategy.java
@ -0,0 +1,42 @@
 /*
 * Copyright 2016 Red Hat, Inc. and/or its affiliates
 * and other contributors as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.keycloak.representations.idm.authorization;
 /**
 * The decision strategy dictates how the policies associated with a given policy are evaluated and how a final decision
 * is obtained.
 *
 * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
 */
 public enum DecisionStrategy {
    /**
     * Defines that at least one policy must evaluate to a positive decision in order to the overall decision be also positive.
     */
    AFFIRMATIVE,
    /**
     * Defines that all policies must evaluate to a positive decision in order to the overall decision be also positive.
     */
    UNANIMOUS,
    /**
     * Defines that the number of positive decisions must be greater than the number of negative decisions. If the number of positive and negative is the same,
     * the final decision will be negative.
     */
    CONSENSUS
 }
--- a/core/src/main/java/org/keycloak/representations/idm/authorization/Logic.java
+++ b/core/src/main/java/org/keycloak/representations/idm/authorization/Logic.java
@ -0,0 +1,36 @@
 /*
 * Copyright 2016 Red Hat, Inc. and/or its affiliates
 * and other contributors as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.keycloak.representations.idm.authorization;
 /**
 * The decision strategy dictates how the policies associated with a given policy are evaluated and how a final decision
 * is obtained.
 *
 * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
 */
 public enum Logic {
    /**
     * Defines that this policy follows a positive logic. In other words, the final decision is the policy outcome.
     */
    POSITIVE,
    /**
     * Defines that this policy uses a logical negation. In other words, the final decision would be a negative of the policy outcome.
     */
    NEGATIVE,
 }
--- a/core/src/main/java/org/keycloak/representations/idm/authorization/Permission.java
+++ b/core/src/main/java/org/keycloak/representations/idm/authorization/Permission.java
@ -1,21 +1,20 @@
 /*
- *  Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
- *  and other contributors as indicated by the @author tags.
+ * and other contributors as indicated by the @author tags.
 *
- *  Licensed under the Apache License, Version 2.0 (the "License");
+ * Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
+ * you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
+ * You may obtain a copy of the License at
 *
- *  http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-package org.keycloak.representations.authorization;
+package org.keycloak.representations.idm.authorization;
 import com.fasterxml.jackson.annotation.JsonProperty;
--- a/core/src/main/java/org/keycloak/representations/idm/authorization/PolicyEnforcementMode.java
+++ b/core/src/main/java/org/keycloak/representations/idm/authorization/PolicyEnforcementMode.java
@ -0,0 +1,40 @@
 /*
 * Copyright 2016 Red Hat, Inc. and/or its affiliates
 * and other contributors as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.keycloak.representations.idm.authorization;
 /**
 * The policy enforcement mode dictates how authorization requests are handled by the server.
 *
 * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
 */
 public enum PolicyEnforcementMode {
    /**
     * Requests are denied by default even when there is no policy associated with a given resource.
     */
    ENFORCING,
    /**
     * Requests are allowed even when there is no policy associated with a given resource.
     */
    PERMISSIVE,
    /**
     * Completely disables the evaluation of policies and allow access to any resource.
     */
    DISABLED
 }
--- a/services/src/main/java/org/keycloak/authorization/admin/representation/PolicyProviderRepresentation.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/representation/PolicyProviderRepresentation.java
@ -1,13 +1,12 @@
 /*
- * JBoss, Home of Professional Open Source.
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * Copyright 2016 Red Hat, Inc., and individual contributors
+ * and other contributors as indicated by the @author tags.
 * as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *     http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
@ -15,8 +14,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-
+package org.keycloak.representations.idm.authorization;
 package org.keycloak.authorization.admin.representation;
 /**
 * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
--- a/services/src/main/java/org/keycloak/authorization/admin/representation/PolicyRepresentation.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/representation/PolicyRepresentation.java
@ -1,13 +1,12 @@
 /*
- * JBoss, Home of Professional Open Source.
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * Copyright 2016 Red Hat, Inc., and individual contributors
+ * and other contributors as indicated by the @author tags.
 * as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *     http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
@ -15,11 +14,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-
+package org.keycloak.representations.idm.authorization;
 package org.keycloak.authorization.admin.representation;
 import org.keycloak.authorization.model.Policy.DecisionStrategy;
 import org.keycloak.authorization.model.Policy.Logic;
 import java.util.HashMap;
 import java.util.List;
--- a/services/src/main/java/org/keycloak/authorization/admin/representation/ResourceOwnerRepresentation.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/representation/ResourceOwnerRepresentation.java
@ -1,13 +1,12 @@
 /*
- * JBoss, Home of Professional Open Source.
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * Copyright 2016 Red Hat, Inc., and individual contributors
+ * and other contributors as indicated by the @author tags.
 * as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *     http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
@ -15,8 +14,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-
+package org.keycloak.representations.idm.authorization;
 package org.keycloak.authorization.admin.representation;
 /**
 * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
--- a/services/src/main/java/org/keycloak/authorization/admin/representation/ResourceRepresentation.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/representation/ResourceRepresentation.java
@ -1,13 +1,12 @@
 /*
- * JBoss, Home of Professional Open Source.
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * Copyright 2016 Red Hat, Inc., and individual contributors
+ * and other contributors as indicated by the @author tags.
 * as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *     http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
@ -15,7 +14,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-package org.keycloak.authorization.admin.representation;
+package org.keycloak.representations.idm.authorization;
 import com.fasterxml.jackson.annotation.JsonProperty;
--- a/services/src/main/java/org/keycloak/authorization/admin/representation/ResourceServerRepresentation.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/representation/ResourceServerRepresentation.java
@ -1,13 +1,12 @@
 /*
- * JBoss, Home of Professional Open Source.
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * Copyright 2016 Red Hat, Inc., and individual contributors
+ * and other contributors as indicated by the @author tags.
 * as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *     http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
@ -15,9 +14,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-package org.keycloak.authorization.admin.representation;
+package org.keycloak.representations.idm.authorization;
 import org.keycloak.authorization.model.ResourceServer.PolicyEnforcementMode;
 import java.util.List;
--- a/services/src/main/java/org/keycloak/authorization/admin/representation/ScopeRepresentation.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/representation/ScopeRepresentation.java
@ -1,13 +1,12 @@
 /*
- * JBoss, Home of Professional Open Source.
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * Copyright 2016 Red Hat, Inc., and individual contributors
+ * and other contributors as indicated by the @author tags.
 * as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *     http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
@ -15,7 +14,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-package org.keycloak.authorization.admin.representation;
+package org.keycloak.representations.idm.authorization;
 import java.net.URI;
 import java.util.List;
--- a/examples/authz/hello-world/src/main/java/org/keycloak/authz/helloworld/AuthorizationClientExample.java
+++ b/examples/authz/hello-world/src/main/java/org/keycloak/authz/helloworld/AuthorizationClientExample.java
@ -26,7 +26,7 @@ import org.keycloak.authorization.client.representation.ResourceRepresentation;
 import org.keycloak.authorization.client.representation.ScopeRepresentation;
 import org.keycloak.authorization.client.representation.TokenIntrospectionResponse;
 import org.keycloak.authorization.client.resource.ProtectedResource;
-import org.keycloak.representations.authorization.Permission;
+import org.keycloak.representations.idm.authorization.Permission;
 import java.util.Set;
--- a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/AuthorizationResource.java
+++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/AuthorizationResource.java
@ -0,0 +1,61 @@
 /*
 * Copyright 2016 Red Hat, Inc. and/or its affiliates
 * and other contributors as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.keycloak.admin.client.resource;
 import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
 import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
 /**
 * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
 */
 public interface AuthorizationResource {
    @PUT
    @Consumes(MediaType.APPLICATION_JSON)
    @Produces(MediaType.APPLICATION_JSON)
    void update(ResourceServerRepresentation server);
    @GET
    @Produces(MediaType.APPLICATION_JSON)
    ResourceServerRepresentation getSettings();
    @Path("/import")
    @POST
    @Consumes(MediaType.APPLICATION_JSON)
    void importSettings(ResourceServerRepresentation server);
    @Path("/settings")
    @GET
    @Produces(MediaType.APPLICATION_JSON)
    ResourceServerRepresentation exportSettings();
    @Path("/resource")
    ResourcesResource resources();
    @Path("/scope")
    ResourceScopesResource scopes();
    @Path("/policy")
    PoliciesResource policies();
 }
--- a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ClientResource.java
+++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ClientResource.java
@ -142,4 +142,6 @@ public interface ClientResource {
    @Produces(MediaType.APPLICATION_JSON)
    GlobalRequestResult testNodesAvailable();
    @Path("/authz/resource-server")
    AuthorizationResource authorization();
 }
--- a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/PoliciesResource.java
+++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/PoliciesResource.java
@ -0,0 +1,56 @@
 /*
 * Copyright 2016 Red Hat, Inc. and/or its affiliates
 * and other contributors as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.keycloak.admin.client.resource;
 import org.jboss.resteasy.annotations.cache.NoCache;
 import org.keycloak.representations.idm.authorization.PolicyProviderRepresentation;
 import org.keycloak.representations.idm.authorization.PolicyRepresentation;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import java.util.List;
 /**
 * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
 */
 public interface PoliciesResource {
    @POST
    @Consumes(MediaType.APPLICATION_JSON)
    @Produces(MediaType.APPLICATION_JSON)
    Response create(PolicyRepresentation representation);
    @Path("{id}")
    PolicyResource policy(@PathParam("id") String id);
    @GET
    @Produces(MediaType.APPLICATION_JSON)
    @NoCache
    List<PolicyRepresentation> policies();
    @Path("providers")
    @GET
    @Produces(MediaType.APPLICATION_JSON)
    @NoCache
    List<PolicyProviderRepresentation> policyProviders();
 }
--- a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/PolicyResource.java
+++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/PolicyResource.java
@ -0,0 +1,45 @@
 /*
 * Copyright 2016 Red Hat, Inc. and/or its affiliates
 * and other contributors as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.keycloak.admin.client.resource;
 import org.jboss.resteasy.annotations.cache.NoCache;
 import org.keycloak.representations.idm.authorization.PolicyRepresentation;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DELETE;
 import javax.ws.rs.GET;
 import javax.ws.rs.PUT;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
 /**
 * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
 */
 public interface PolicyResource {
    @GET
    @Produces(MediaType.APPLICATION_JSON)
    @NoCache
    PolicyRepresentation toRepresentation();
    @PUT
    @Consumes(MediaType.APPLICATION_JSON)
    void update(PolicyRepresentation representation);
    @DELETE
    void remove();
 }
--- a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourceResource.java
+++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourceResource.java
@ -0,0 +1,45 @@
 /*
 * Copyright 2016 Red Hat, Inc. and/or its affiliates
 * and other contributors as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.keycloak.admin.client.resource;
 import org.jboss.resteasy.annotations.cache.NoCache;
 import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DELETE;
 import javax.ws.rs.GET;
 import javax.ws.rs.PUT;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
 /**
 * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
 */
 public interface ResourceResource {
    @GET
    @Produces(MediaType.APPLICATION_JSON)
    @NoCache
    ResourceRepresentation toRepresentation();
    @PUT
    @Consumes(MediaType.APPLICATION_JSON)
    void update(ResourceRepresentation resource);
    @DELETE
    void remove();
 }
--- a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourceScopeResource.java
+++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourceScopeResource.java
@ -0,0 +1,46 @@
 /*
 * Copyright 2016 Red Hat, Inc. and/or its affiliates
 * and other contributors as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.keycloak.admin.client.resource;
 import org.jboss.resteasy.annotations.cache.NoCache;
 import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 import org.keycloak.representations.idm.authorization.ScopeRepresentation;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DELETE;
 import javax.ws.rs.GET;
 import javax.ws.rs.PUT;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
 /**
 * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
 */
 public interface ResourceScopeResource {
    @GET
    @Produces(MediaType.APPLICATION_JSON)
    @NoCache
    ScopeRepresentation toRepresentation();
    @PUT
    @Consumes(MediaType.APPLICATION_JSON)
    void update(ScopeRepresentation scope);
    @DELETE
    void remove();
 }
--- a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourceScopesResource.java
+++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourceScopesResource.java
@ -0,0 +1,50 @@
 /*
 * Copyright 2016 Red Hat, Inc. and/or its affiliates
 * and other contributors as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.keycloak.admin.client.resource;
 import org.jboss.resteasy.annotations.cache.NoCache;
 import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 import org.keycloak.representations.idm.authorization.ScopeRepresentation;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import java.util.List;
 /**
 * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
 */
 public interface ResourceScopesResource {
    @POST
    @Consumes(MediaType.APPLICATION_JSON)
    @Produces(MediaType.APPLICATION_JSON)
    Response create(ScopeRepresentation scope);
    @Path("{id}")
    ResourceScopeResource scope(@PathParam("id") String id);
    @GET
    @NoCache
    @Produces(MediaType.APPLICATION_JSON)
    List<ScopeRepresentation> scopes();
 }
--- a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourcesResource.java
+++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourcesResource.java
@ -0,0 +1,49 @@
 /*
 * Copyright 2016 Red Hat, Inc. and/or its affiliates
 * and other contributors as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.keycloak.admin.client.resource;
 import org.jboss.resteasy.annotations.cache.NoCache;
 import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import java.util.List;
 /**
 * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
 */
 public interface ResourcesResource {
    @POST
    @Consumes(MediaType.APPLICATION_JSON)
    @Produces(MediaType.APPLICATION_JSON)
    Response create(ResourceRepresentation resource);
    @Path("{id}")
    ResourceResource resource(@PathParam("id") String id);
    @GET
    @NoCache
    @Produces(MediaType.APPLICATION_JSON)
    List<ResourceRepresentation> resources();
 }
--- a/model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/CachedPolicyStore.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/CachedPolicyStore.java
@ -30,6 +30,8 @@ import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.authorization.infinispan.InfinispanStoreFactoryProvider.CacheTransaction;
 import org.keycloak.models.authorization.infinispan.entities.CachedPolicy;
 import org.keycloak.models.entities.AbstractIdentifiableEntity;
 import org.keycloak.representations.idm.authorization.DecisionStrategy;
 import org.keycloak.representations.idm.authorization.Logic;
 import java.util.ArrayList;
 import java.util.HashSet;
--- a/model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/CachedResourceServerStore.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/CachedResourceServerStore.java
@ -26,6 +26,7 @@ import org.keycloak.connections.infinispan.InfinispanConnectionProvider;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.authorization.infinispan.InfinispanStoreFactoryProvider.CacheTransaction;
 import org.keycloak.models.authorization.infinispan.entities.CachedResourceServer;
 import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
 import java.util.ArrayList;
 import java.util.List;
--- a/model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/entities/CachedPolicy.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/entities/CachedPolicy.java
@ -23,6 +23,8 @@ import org.keycloak.authorization.model.Resource;
 import org.keycloak.authorization.model.ResourceServer;
 import org.keycloak.authorization.model.Scope;
 import org.keycloak.models.entities.AbstractIdentifiableEntity;
 import org.keycloak.representations.idm.authorization.DecisionStrategy;
 import org.keycloak.representations.idm.authorization.Logic;
 import java.util.HashMap;
 import java.util.Map;
--- a/model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/entities/CachedResourceServer.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/entities/CachedResourceServer.java
@ -19,6 +19,7 @@
 package org.keycloak.models.authorization.infinispan.entities;
 import org.keycloak.authorization.model.ResourceServer;
 import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
 /**
 * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
--- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/PolicyEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/PolicyEntity.java
@ -22,6 +22,8 @@ import org.keycloak.authorization.model.Policy;
 import org.keycloak.authorization.model.Resource;
 import org.keycloak.authorization.model.Scope;
 import org.keycloak.models.entities.AbstractIdentifiableEntity;
 import org.keycloak.representations.idm.authorization.DecisionStrategy;
 import org.keycloak.representations.idm.authorization.Logic;
 import javax.persistence.Access;
 import javax.persistence.AccessType;
--- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/ResourceServerEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/ResourceServerEntity.java
@ -19,6 +19,7 @@
 package org.keycloak.authorization.jpa.entities;
 import org.keycloak.authorization.model.ResourceServer;
 import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
 import javax.persistence.Access;
 import javax.persistence.AccessType;
--- a/model/mongo/src/main/java/org/keycloak/authorization/mongo/adapter/PolicyAdapter.java
+++ b/model/mongo/src/main/java/org/keycloak/authorization/mongo/adapter/PolicyAdapter.java
@ -1,3 +1,19 @@
 /*
 * Copyright 2016 Red Hat, Inc. and/or its affiliates
 * and other contributors as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.keycloak.authorization.mongo.adapter;
 import org.keycloak.authorization.AuthorizationProvider;
@ -8,6 +24,8 @@ import org.keycloak.authorization.model.Scope;
 import org.keycloak.authorization.mongo.entities.PolicyEntity;
 import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
 import org.keycloak.models.mongo.keycloak.adapters.AbstractMongoAdapter;
 import org.keycloak.representations.idm.authorization.DecisionStrategy;
 import org.keycloak.representations.idm.authorization.Logic;
 import java.util.Map;
 import java.util.Set;
--- a/model/mongo/src/main/java/org/keycloak/authorization/mongo/adapter/ResourceServerAdapter.java
+++ b/model/mongo/src/main/java/org/keycloak/authorization/mongo/adapter/ResourceServerAdapter.java
@ -1,9 +1,26 @@
 /*
 * Copyright 2016 Red Hat, Inc. and/or its affiliates
 * and other contributors as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.keycloak.authorization.mongo.adapter;
 import org.keycloak.authorization.model.ResourceServer;
 import org.keycloak.authorization.mongo.entities.ResourceServerEntity;
 import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
 import org.keycloak.models.mongo.keycloak.adapters.AbstractMongoAdapter;
 import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
 /**
 * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
--- a/model/mongo/src/main/java/org/keycloak/authorization/mongo/entities/PolicyEntity.java
+++ b/model/mongo/src/main/java/org/keycloak/authorization/mongo/entities/PolicyEntity.java
@ -18,12 +18,12 @@
 package org.keycloak.authorization.mongo.entities;
 import org.keycloak.authorization.model.Policy.DecisionStrategy;
 import org.keycloak.authorization.model.Policy.Logic;
 import org.keycloak.connections.mongo.api.MongoCollection;
 import org.keycloak.connections.mongo.api.MongoIdentifiableEntity;
 import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
 import org.keycloak.models.entities.AbstractIdentifiableEntity;
 import org.keycloak.representations.idm.authorization.DecisionStrategy;
 import org.keycloak.representations.idm.authorization.Logic;
 import java.util.HashMap;
 import java.util.HashSet;
--- a/model/mongo/src/main/java/org/keycloak/authorization/mongo/entities/ResourceServerEntity.java
+++ b/model/mongo/src/main/java/org/keycloak/authorization/mongo/entities/ResourceServerEntity.java
@ -18,11 +18,11 @@
 package org.keycloak.authorization.mongo.entities;
 import org.keycloak.authorization.model.ResourceServer.PolicyEnforcementMode;
 import org.keycloak.connections.mongo.api.MongoCollection;
 import org.keycloak.connections.mongo.api.MongoIdentifiableEntity;
 import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
 import org.keycloak.models.entities.AbstractIdentifiableEntity;
 import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
 /**
 * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
--- a/server-spi/src/main/java/org/keycloak/authorization/model/Policy.java
+++ b/server-spi/src/main/java/org/keycloak/authorization/model/Policy.java
@ -18,6 +18,9 @@
 package org.keycloak.authorization.model;
 import org.keycloak.representations.idm.authorization.DecisionStrategy;
 import org.keycloak.representations.idm.authorization.Logic;
 import java.util.Map;
 import java.util.Set;
@ -152,42 +155,4 @@ public interface Policy {
    void addResource(Resource resource);
    void removeResource(Resource resource);
    /**
     * The decision strategy dictates how the policies associated with a given policy are evaluated and how a final decision
     * is obtained.
     */
    enum DecisionStrategy {
        /**
         * Defines that at least one policy must evaluate to a positive decision in order to the overall decision be also positive.
         */
        AFFIRMATIVE,
        /**
         * Defines that all policies must evaluate to a positive decision in order to the overall decision be also positive.
         */
        UNANIMOUS,
        /**
         * Defines that the number of positive decisions must be greater than the number of negative decisions. If the number of positive and negative is the same,
         * the final decision will be negative.
         */
        CONSENSUS
    }
    /**
     * The decision strategy dictates how the policies associated with a given policy are evaluated and how a final decision
     * is obtained.
     */
    enum Logic {
        /**
         * Defines that this policy follows a positive logic. In other words, the final decision is the policy outcome.
         */
        POSITIVE,
        /**
         * Defines that this policy uses a logical negation. In other words, the final decision would be a negative of the policy outcome.
         */
        NEGATIVE,
    }
 }
--- a/server-spi/src/main/java/org/keycloak/authorization/model/ResourceServer.java
+++ b/server-spi/src/main/java/org/keycloak/authorization/model/ResourceServer.java
@ -18,6 +18,8 @@
 package org.keycloak.authorization.model;
 import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
 /**
 * Represents a resource server, whose resources are managed and protected. A resource server is basically an existing
 * client application in Keycloak that will also act as a resource server.
@ -68,24 +70,4 @@ public interface ResourceServer {
     * @param enforcementMode one of the available options in {@code PolicyEnforcementMode}
     */
    void setPolicyEnforcementMode(PolicyEnforcementMode enforcementMode);
    /**
     * The policy enforcement mode dictates how authorization requests are handled by the server.
     */
    enum PolicyEnforcementMode {
        /**
         * Requests are denied by default even when there is no policy associated with a given resource.
         */
        ENFORCING,
        /**
         * Requests are allowed even when there is no policy associated with a given resource.
         */
        PERMISSIVE,
        /**
         * Completely disables the evaluation of policies and allow access to any resource.
         */
        DISABLED
    }
 }
--- a/server-spi/src/main/java/org/keycloak/authorization/policy/evaluation/DecisionResultCollector.java
+++ b/server-spi/src/main/java/org/keycloak/authorization/policy/evaluation/DecisionResultCollector.java
@ -21,6 +21,7 @@ package org.keycloak.authorization.policy.evaluation;
 import org.keycloak.authorization.Decision;
 import org.keycloak.authorization.model.Policy;
 import org.keycloak.authorization.permission.ResourcePermission;
 import org.keycloak.representations.idm.authorization.DecisionStrategy;
 import java.util.HashMap;
 import java.util.List;
@ -81,17 +82,17 @@ public abstract class DecisionResultCollector implements Decision<DefaultEvaluat
        }
        Policy policy = policyResult.getPolicy();
-        Policy.DecisionStrategy decisionStrategy = policy.getDecisionStrategy();
+        DecisionStrategy decisionStrategy = policy.getDecisionStrategy();
        if (decisionStrategy == null) {
-            decisionStrategy = Policy.DecisionStrategy.UNANIMOUS;
+            decisionStrategy = DecisionStrategy.UNANIMOUS;
        }
-        if (Policy.DecisionStrategy.AFFIRMATIVE.equals(decisionStrategy) && grantCount > 0) {
+        if (DecisionStrategy.AFFIRMATIVE.equals(decisionStrategy) && grantCount > 0) {
            return true;
-        } else if (Policy.DecisionStrategy.UNANIMOUS.equals(decisionStrategy) && denyCount == 0) {
+        } else if (DecisionStrategy.UNANIMOUS.equals(decisionStrategy) && denyCount == 0) {
            return true;
-        } else if (Policy.DecisionStrategy.CONSENSUS.equals(decisionStrategy)) {
+        } else if (DecisionStrategy.CONSENSUS.equals(decisionStrategy)) {
            if (grantCount > denyCount) {
                return true;
            }
--- a/server-spi/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultEvaluation.java
+++ b/server-spi/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultEvaluation.java
@ -21,8 +21,8 @@ package org.keycloak.authorization.policy.evaluation;
 import org.keycloak.authorization.Decision;
 import org.keycloak.authorization.Decision.Effect;
 import org.keycloak.authorization.model.Policy;
 import org.keycloak.authorization.model.Policy.Logic;
 import org.keycloak.authorization.permission.ResourcePermission;
 import org.keycloak.representations.idm.authorization.Logic;
 /**
 * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
--- a/server-spi/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultPolicyEvaluator.java
+++ b/server-spi/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultPolicyEvaluator.java
@ -23,13 +23,13 @@ import org.keycloak.authorization.Decision;
 import org.keycloak.authorization.model.Policy;
 import org.keycloak.authorization.model.Resource;
 import org.keycloak.authorization.model.ResourceServer;
 import org.keycloak.authorization.model.ResourceServer.PolicyEnforcementMode;
 import org.keycloak.authorization.model.Scope;
 import org.keycloak.authorization.permission.ResourcePermission;
 import org.keycloak.authorization.policy.provider.PolicyProvider;
 import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
 import org.keycloak.authorization.store.PolicyStore;
 import org.keycloak.authorization.store.StoreFactory;
 import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
 import java.util.HashMap;
 import java.util.List;
--- a/server-spi/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
+++ b/server-spi/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
@ -78,13 +78,13 @@ import org.keycloak.representations.idm.UserConsentRepresentation;
 import org.keycloak.representations.idm.UserFederationMapperRepresentation;
 import org.keycloak.representations.idm.UserFederationProviderRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
@ -1002,7 +1002,7 @@ public class RepresentationToModel {
            ResourceServer resourceServer = resourceServerStore.create(client.getId());
            resourceServer.setAllowRemoteResourceManagement(true);
-            resourceServer.setPolicyEnforcementMode(ResourceServer.PolicyEnforcementMode.ENFORCING);
+            resourceServer.setPolicyEnforcementMode(PolicyEnforcementMode.ENFORCING);
        }
        return client;
--- a/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java
@ -18,10 +18,9 @@
 package org.keycloak.authorization.admin;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import org.jboss.resteasy.annotations.cache.NoCache;
 import org.jboss.resteasy.spi.ResteasyProviderFactory;
 import org.keycloak.authorization.AuthorizationProvider;
 import org.keycloak.authorization.admin.representation.PolicyProviderRepresentation;
 import org.keycloak.authorization.admin.representation.PolicyRepresentation;
 import org.keycloak.authorization.admin.util.Models;
 import org.keycloak.authorization.model.Policy;
 import org.keycloak.authorization.model.Resource;
@ -31,6 +30,8 @@ import org.keycloak.authorization.policy.provider.PolicyProviderAdminService;
 import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
 import org.keycloak.authorization.store.PolicyStore;
 import org.keycloak.authorization.store.StoreFactory;
 import org.keycloak.representations.idm.authorization.PolicyProviderRepresentation;
 import org.keycloak.representations.idm.authorization.PolicyRepresentation;
 import org.keycloak.services.resources.admin.RealmAuth;
 import javax.ws.rs.Consumes;
@ -67,6 +68,7 @@ public class PolicyService {
    @POST
    @Consumes("application/json")
    @Produces("application/json")
    @NoCache
    public Response create(PolicyRepresentation representation) {
        this.auth.requireManage();
        Policy policy = Models.toModel(representation, this.resourceServer, authorization);
@ -94,6 +96,7 @@ public class PolicyService {
    @PUT
    @Consumes("application/json")
    @Produces("application/json")
    @NoCache
    public Response update(@PathParam("id") String id, PolicyRepresentation representation) {
        this.auth.requireManage();
        representation.setId(id);
@ -161,6 +164,7 @@ public class PolicyService {
    @Path("{id}")
    @GET
    @Produces("application/json")
    @NoCache
    public Response findById(@PathParam("id") String id) {
        this.auth.requireView();
        StoreFactory storeFactory = authorization.getStoreFactory();
@ -175,6 +179,7 @@ public class PolicyService {
    @GET
    @Produces("application/json")
    @NoCache
    public Response findAll() {
        this.auth.requireView();
        StoreFactory storeFactory = authorization.getStoreFactory();
@ -188,6 +193,7 @@ public class PolicyService {
    @Path("providers")
    @GET
    @Produces("application/json")
    @NoCache
    public Response findPolicyProviders() {
        this.auth.requireView();
        return Response.ok(
@ -292,7 +298,7 @@ public class PolicyService {
                boolean hasPolicy = false;
                for (Policy policyModel : new HashSet<Policy>(policy.getAssociatedPolicies())) {
-                    if (policyModel.getId().equals(policyId)) {
+                    if (policyModel.getId().equals(policyId) || policyModel.getName().equals(policyId)) {
                        hasPolicy = true;
                    }
                }
--- a/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java
@ -21,11 +21,6 @@ import org.jboss.resteasy.plugins.providers.multipart.InputPart;
 import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataInput;
 import org.jboss.resteasy.spi.ResteasyProviderFactory;
 import org.keycloak.authorization.AuthorizationProvider;
 import org.keycloak.authorization.admin.representation.PolicyRepresentation;
 import org.keycloak.authorization.admin.representation.ResourceOwnerRepresentation;
 import org.keycloak.authorization.admin.representation.ResourceRepresentation;
 import org.keycloak.authorization.admin.representation.ResourceServerRepresentation;
 import org.keycloak.authorization.admin.representation.ScopeRepresentation;
 import org.keycloak.authorization.admin.util.Models;
 import org.keycloak.authorization.model.Policy;
 import org.keycloak.authorization.model.Resource;
@ -42,6 +37,13 @@ import org.keycloak.models.RealmModel;
 import org.keycloak.models.RoleModel;
 import org.keycloak.models.UserFederationManager;
 import org.keycloak.models.UserModel;
 import org.keycloak.representations.idm.authorization.DecisionStrategy;
 import org.keycloak.representations.idm.authorization.Logic;
 import org.keycloak.representations.idm.authorization.PolicyRepresentation;
 import org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation;
 import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
 import org.keycloak.representations.idm.authorization.ScopeRepresentation;
 import org.keycloak.services.resources.admin.RealmAuth;
 import org.keycloak.util.JsonSerialization;
@ -191,212 +193,207 @@ public class ResourceServerService {
        return Response.ok(settings).build();
    }
    @Path("/import")
    @POST
-    @Consumes(MediaType.MULTIPART_FORM_DATA)
+    @Consumes(MediaType.APPLICATION_JSON)
-    public Response importSettings(@Context final UriInfo uriInfo, MultipartFormDataInput input) throws IOException {
+    public Response importSettings(@Context final UriInfo uriInfo, ResourceServerRepresentation rep) throws IOException {
        this.auth.requireManage();
        Map<String, List<InputPart>> uploadForm = input.getFormDataMap();
        List<InputPart> inputParts = uploadForm.get("file");
-        for (InputPart inputPart : inputParts) {
+        resourceServer.setPolicyEnforcementMode(rep.getPolicyEnforcementMode());
-            ResourceServerRepresentation rep = JsonSerialization.readValue(inputPart.getBodyAsString(), ResourceServerRepresentation.class);
+        resourceServer.setAllowRemoteResourceManagement(rep.isAllowRemoteResourceManagement());
-            resourceServer.setPolicyEnforcementMode(rep.getPolicyEnforcementMode());
+        StoreFactory storeFactory = authorization.getStoreFactory();
-            resourceServer.setAllowRemoteResourceManagement(rep.isAllowRemoteResourceManagement());
+        ResourceStore resourceStore = storeFactory.getResourceStore();
        ScopeStore scopeStore = storeFactory.getScopeStore();
        ScopeService scopeResource = new ScopeService(resourceServer, this.authorization, this.auth);
-            StoreFactory storeFactory = authorization.getStoreFactory();
+        ResteasyProviderFactory.getInstance().injectProperties(scopeResource);
            ResourceStore resourceStore = storeFactory.getResourceStore();
            ScopeStore scopeStore = storeFactory.getScopeStore();
            ScopeService scopeResource = new ScopeService(resourceServer, this.authorization, this.auth);
-            ResteasyProviderFactory.getInstance().injectProperties(scopeResource);
+        rep.getScopes().forEach(scope -> {
            Scope existing = scopeStore.findByName(scope.getName(), resourceServer.getId());
-            rep.getScopes().forEach(scope -> {
+            if (existing != null) {
-                Scope existing = scopeStore.findByName(scope.getName(), resourceServer.getId());
+                scopeResource.update(existing.getId(), scope);
            } else {
                scopeResource.create(scope);
            }
        });
-                if (existing != null) {
+        ResourceSetService resourceSetResource = new ResourceSetService(resourceServer, this.authorization, this.auth);
-                    scopeResource.update(existing.getId(), scope);
+
-                } else {
+        rep.getResources().forEach(resourceRepresentation -> {
-                    scopeResource.create(scope);
+            ResourceOwnerRepresentation owner = resourceRepresentation.getOwner();
            if (owner == null) {
                owner = new ResourceOwnerRepresentation();
            }
            owner.setId(resourceServer.getClientId());
            if (owner.getName() != null) {
                UserModel user = this.session.users().getUserByUsername(owner.getName(), this.realm);
                if (user != null) {
                    owner.setId(user.getId());
                }
-            });
+            }
-            ResourceSetService resourceSetResource = new ResourceSetService(resourceServer, this.authorization, this.auth);
+            Resource existing = resourceStore.findByName(resourceRepresentation.getName(), this.resourceServer.getId());
-            rep.getResources().forEach(resourceRepresentation -> {
+            if (existing != null) {
-                ResourceOwnerRepresentation owner = resourceRepresentation.getOwner();
+                resourceSetResource.update(existing.getId(), resourceRepresentation);
            } else {
                resourceSetResource.create(resourceRepresentation);
            }
        });
-                if (owner == null) {
+        PolicyStore policyStore = storeFactory.getPolicyStore();
-                    owner = new ResourceOwnerRepresentation();
+        PolicyService policyResource = new PolicyService(resourceServer, this.authorization, this.auth);
                }
-                owner.setId(resourceServer.getClientId());
+        ResteasyProviderFactory.getInstance().injectProperties(policyResource);
-                if (owner.getName() != null) {
+        rep.getPolicies().forEach(policyRepresentation -> {
-                    UserModel user = this.session.users().getUserByUsername(owner.getName(), this.realm);
+            Map<String, String> config = policyRepresentation.getConfig();
-                    if (user != null) {
+            String roles = config.get("roles");
                        owner.setId(user.getId());
                    }
                }
-                Resource existing = resourceStore.findByName(resourceRepresentation.getName(), this.resourceServer.getId());
+            if (roles != null && !roles.isEmpty()) {
                roles = roles.replace("[", "");
                roles = roles.replace("]", "");
-                if (existing != null) {
+                if (!roles.isEmpty()) {
-                    resourceSetResource.update(existing.getId(), resourceRepresentation);
+                    String roleNames = "";
                } else {
                    resourceSetResource.create(resourceRepresentation);
                }
            });
-            PolicyStore policyStore = storeFactory.getPolicyStore();
+                    for (String role : roles.split(",")) {
-            PolicyService policyResource = new PolicyService(resourceServer, this.authorization, this.auth);
+                        if (!roleNames.isEmpty()) {
-
+                            roleNames = roleNames + ",";
            ResteasyProviderFactory.getInstance().injectProperties(policyResource);
            rep.getPolicies().forEach(policyRepresentation -> {
                Map<String, String> config = policyRepresentation.getConfig();
                String roles = config.get("roles");
                if (roles != null && !roles.isEmpty()) {
                    roles = roles.replace("[", "");
                    roles = roles.replace("]", "");
                    if (!roles.isEmpty()) {
                        String roleNames = "";
                        for (String role : roles.split(",")) {
                            if (!roleNames.isEmpty()) {
                                roleNames = roleNames + ",";
                            }
                            role = role.replace("\"", "");
                            roleNames = roleNames + "\"" + this.realm.getRole(role).getId() + "\"";
                        }
-                        config.put("roles", "[" + roleNames + "]");
+                        role = role.replace("\"", "");
                        roleNames = roleNames + "\"" + this.realm.getRole(role).getId() + "\"";
                    }
                    config.put("roles", "[" + roleNames + "]");
                }
            }
-                String users = config.get("users");
+            String users = config.get("users");
-                if (users != null) {
+            if (users != null) {
-                    users = users.replace("[", "");
+                users = users.replace("[", "");
-                    users = users.replace("]", "");
+                users = users.replace("]", "");
-                    if (!users.isEmpty()) {
+                if (!users.isEmpty()) {
-                        String userNames = "";
+                    String userNames = "";
-                        for (String user : users.split(",")) {
+                    for (String user : users.split(",")) {
-                            if (!userNames.isEmpty()) {
+                        if (!userNames.isEmpty()) {
-                                userNames =  userNames + ",";
+                            userNames =  userNames + ",";
                            }
                            user = user.replace("\"", "");
                            userNames = userNames + "\"" + this.session.users().getUserByUsername(user, this.realm).getId() + "\"";
                        }
-                        config.put("users", "[" + userNames + "]");
+                        user = user.replace("\"", "");
                        userNames = userNames + "\"" + this.session.users().getUserByUsername(user, this.realm).getId() + "\"";
                    }
                    config.put("users", "[" + userNames + "]");
                }
            }
-                String scopes = config.get("scopes");
+            String scopes = config.get("scopes");
-                if (scopes != null && !scopes.isEmpty()) {
+            if (scopes != null && !scopes.isEmpty()) {
-                    scopes = scopes.replace("[", "");
+                scopes = scopes.replace("[", "");
-                    scopes = scopes.replace("]", "");
+                scopes = scopes.replace("]", "");
-                    if (!scopes.isEmpty()) {
+                if (!scopes.isEmpty()) {
-                        String scopeNames = "";
+                    String scopeNames = "";
-                        for (String scope : scopes.split(",")) {
+                    for (String scope : scopes.split(",")) {
-                            if (!scopeNames.isEmpty()) {
+                        if (!scopeNames.isEmpty()) {
-                                scopeNames =  scopeNames + ",";
+                            scopeNames =  scopeNames + ",";
                            }
                            scope = scope.replace("\"", "");
                            Scope newScope = scopeStore.findByName(scope, resourceServer.getId());
                            if (newScope == null) {
                                throw new RuntimeException("Scope with name [" + scope + "] not defined.");
                            }
                            scopeNames = scopeNames + "\"" + newScope.getId() + "\"";
                        }
-                        config.put("scopes", "[" + scopeNames + "]");
+                        scope = scope.replace("\"", "");
                    }
                }
-                String policyResources = config.get("resources");
+                        Scope newScope = scopeStore.findByName(scope, resourceServer.getId());
-                if (policyResources != null && !policyResources.isEmpty()) {
+                        if (newScope == null) {
-                    policyResources = policyResources.replace("[", "");
+                            throw new RuntimeException("Scope with name [" + scope + "] not defined.");
                    policyResources = policyResources.replace("]", "");
                    if (!policyResources.isEmpty()) {
                        String resourceNames = "";
                        for (String resource : policyResources.split(",")) {
                            if (!resourceNames.isEmpty()) {
                                resourceNames =  resourceNames + ",";
                            }
                            resource = resource.replace("\"", "");
                            if ("".equals(resource)) {
                                continue;
                            }
                            resourceNames = resourceNames + "\"" + storeFactory.getResourceStore().findByName(resource, resourceServer.getId()).getId() + "\"";
                        }
-                        config.put("resources", "[" + resourceNames + "]");
+                        scopeNames = scopeNames + "\"" + newScope.getId() + "\"";
                    }
                    config.put("scopes", "[" + scopeNames + "]");
                }
            }
-                String applyPolicies = config.get("applyPolicies");
+            String policyResources = config.get("resources");
-                if (applyPolicies != null && !applyPolicies.isEmpty()) {
+            if (policyResources != null && !policyResources.isEmpty()) {
-                    applyPolicies = applyPolicies.replace("[", "");
+                policyResources = policyResources.replace("[", "");
-                    applyPolicies = applyPolicies.replace("]", "");
+                policyResources = policyResources.replace("]", "");
-                    if (!applyPolicies.isEmpty()) {
+                if (!policyResources.isEmpty()) {
-                        String policyNames = "";
+                    String resourceNames = "";
-                        for (String pId : applyPolicies.split(",")) {
+                    for (String resource : policyResources.split(",")) {
-                            if (!policyNames.isEmpty()) {
+                        if (!resourceNames.isEmpty()) {
-                                policyNames = policyNames + ",";
+                            resourceNames =  resourceNames + ",";
                            }
                            pId = pId.replace("\"", "").trim();
                            Policy policy = policyStore.findByName(pId, resourceServer.getId());
                            if (policy == null) {
                                throw new RuntimeException("Policy with name [" + pId + "] not defined.");
                            }
                            policyNames = policyNames + "\"" + policy.getId() + "\"";
                        }
-                        config.put("applyPolicies", "[" + policyNames + "]");
+                        resource = resource.replace("\"", "");
                        if ("".equals(resource)) {
                            continue;
                        }
                        resourceNames = resourceNames + "\"" + storeFactory.getResourceStore().findByName(resource, resourceServer.getId()).getId() + "\"";
                    }
                }
-                Policy existing = policyStore.findByName(policyRepresentation.getName(), this.resourceServer.getId());
+                    config.put("resources", "[" + resourceNames + "]");
                if (existing != null) {
                    policyResource.update(existing.getId(), policyRepresentation);
                } else {
                    policyResource.create(policyRepresentation);
                }
-            });
+            }
-        }
+
            String applyPolicies = config.get("applyPolicies");
            if (applyPolicies != null && !applyPolicies.isEmpty()) {
                applyPolicies = applyPolicies.replace("[", "");
                applyPolicies = applyPolicies.replace("]", "");
                if (!applyPolicies.isEmpty()) {
                    String policyNames = "";
                    for (String pId : applyPolicies.split(",")) {
                        if (!policyNames.isEmpty()) {
                            policyNames = policyNames + ",";
                        }
                        pId = pId.replace("\"", "").trim();
                        Policy policy = policyStore.findByName(pId, resourceServer.getId());
                        if (policy == null) {
                            throw new RuntimeException("Policy with name [" + pId + "] not defined.");
                        }
                        policyNames = policyNames + "\"" + policy.getId() + "\"";
                    }
                    config.put("applyPolicies", "[" + policyNames + "]");
                }
            }
            Policy existing = policyStore.findByName(policyRepresentation.getName(), this.resourceServer.getId());
            if (existing != null) {
                policyResource.update(existing.getId(), policyRepresentation);
            } else {
                policyResource.create(policyRepresentation);
            }
        });
        return Response.noContent().build();
    }
@ -434,8 +431,8 @@ public class ResourceServerService {
        defaultPermission.setName("Default Permission");
        defaultPermission.setType("resource");
        defaultPermission.setDescription("A permission that applies to the default resource type");
-        defaultPermission.setDecisionStrategy(Policy.DecisionStrategy.UNANIMOUS);
+        defaultPermission.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
-        defaultPermission.setLogic(Policy.Logic.POSITIVE);
+        defaultPermission.setLogic(Logic.POSITIVE);
        HashMap<String, String> defaultPermissionConfig = new HashMap<>();
@ -454,8 +451,8 @@ public class ResourceServerService {
        defaultPolicy.setName("Only From Realm Policy");
        defaultPolicy.setDescription("A policy that grants access only for users within this realm");
        defaultPolicy.setType("js");
-        defaultPolicy.setDecisionStrategy(Policy.DecisionStrategy.AFFIRMATIVE);
+        defaultPolicy.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
-        defaultPolicy.setLogic(Policy.Logic.POSITIVE);
+        defaultPolicy.setLogic(Logic.POSITIVE);
        HashMap<String, String> defaultPolicyConfig = new HashMap<>();
--- a/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java
@ -17,9 +17,8 @@
 */
 package org.keycloak.authorization.admin;
 import org.jboss.resteasy.annotations.cache.NoCache;
 import org.keycloak.authorization.AuthorizationProvider;
 import org.keycloak.authorization.admin.representation.ResourceRepresentation;
 import org.keycloak.authorization.admin.representation.ScopeRepresentation;
 import org.keycloak.authorization.admin.util.Models;
 import org.keycloak.authorization.model.Policy;
 import org.keycloak.authorization.model.Resource;
@ -27,6 +26,8 @@ import org.keycloak.authorization.model.ResourceServer;
 import org.keycloak.authorization.store.PolicyStore;
 import org.keycloak.authorization.store.ResourceStore;
 import org.keycloak.authorization.store.StoreFactory;
 import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 import org.keycloak.representations.idm.authorization.ScopeRepresentation;
 import org.keycloak.services.ErrorResponse;
 import org.keycloak.services.resources.admin.RealmAuth;
@ -136,6 +137,7 @@ public class ResourceSetService {
    @Path("{id}")
    @GET
    @NoCache
    @Produces("application/json")
    public Response findById(@PathParam("id") String id) {
        requireView();
@ -150,6 +152,7 @@ public class ResourceSetService {
    }
    @GET
    @NoCache
    @Produces("application/json")
    public Response findAll() {
        requireView();
--- a/services/src/main/java/org/keycloak/authorization/admin/ScopeService.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/ScopeService.java
@ -18,13 +18,13 @@
 package org.keycloak.authorization.admin;
 import org.keycloak.authorization.AuthorizationProvider;
 import org.keycloak.authorization.admin.representation.ScopeRepresentation;
 import org.keycloak.authorization.model.Policy;
 import org.keycloak.authorization.model.Resource;
 import org.keycloak.authorization.model.ResourceServer;
 import org.keycloak.authorization.model.Scope;
 import org.keycloak.authorization.store.PolicyStore;
 import org.keycloak.authorization.store.StoreFactory;
 import org.keycloak.representations.idm.authorization.ScopeRepresentation;
 import org.keycloak.services.ErrorResponse;
 import org.keycloak.services.resources.admin.RealmAuth;
--- a/services/src/main/java/org/keycloak/authorization/admin/representation/PolicyEvaluationResponse.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/representation/PolicyEvaluationResponse.java
@ -28,7 +28,10 @@ import org.keycloak.authorization.policy.evaluation.Result;
 import org.keycloak.authorization.policy.evaluation.Result.PolicyResult;
 import org.keycloak.authorization.store.StoreFactory;
 import org.keycloak.authorization.util.Permissions;
-import org.keycloak.representations.authorization.Permission;
+import org.keycloak.representations.idm.authorization.Permission;
 import org.keycloak.representations.idm.authorization.PolicyRepresentation;
 import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 import org.keycloak.representations.idm.authorization.ScopeRepresentation;
 import java.util.ArrayList;
 import java.util.List;
--- a/services/src/main/java/org/keycloak/authorization/admin/util/Models.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/util/Models.java
@ -20,11 +20,6 @@ package org.keycloak.authorization.admin.util;
 import org.keycloak.authorization.AuthorizationProvider;
 import org.keycloak.authorization.ErrorCode;
 import org.keycloak.authorization.admin.representation.PolicyRepresentation;
 import org.keycloak.authorization.admin.representation.ResourceOwnerRepresentation;
 import org.keycloak.authorization.admin.representation.ResourceRepresentation;
 import org.keycloak.authorization.admin.representation.ResourceServerRepresentation;
 import org.keycloak.authorization.admin.representation.ScopeRepresentation;
 import org.keycloak.authorization.model.Policy;
 import org.keycloak.authorization.model.Resource;
 import org.keycloak.authorization.model.ResourceServer;
@ -36,6 +31,11 @@ import org.keycloak.models.ClientModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.representations.idm.authorization.PolicyRepresentation;
 import org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation;
 import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
 import org.keycloak.representations.idm.authorization.ScopeRepresentation;
 import org.keycloak.services.ErrorResponseException;
 import org.keycloak.util.JsonSerialization;
--- a/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java
+++ b/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java
@ -1,13 +1,12 @@
 /*
- * JBoss, Home of Professional Open Source.
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * Copyright 2016 Red Hat, Inc., and individual contributors
+ * and other contributors as indicated by the @author tags.
 * as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *     http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
@ -15,13 +14,11 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.keycloak.authorization.authorization;
 import org.jboss.resteasy.spi.HttpRequest;
 import org.keycloak.OAuthErrorException;
 import org.keycloak.authorization.AuthorizationProvider;
 import org.keycloak.authorization.admin.representation.ScopeRepresentation;
 import org.keycloak.authorization.authorization.representation.AuthorizationRequest;
 import org.keycloak.authorization.authorization.representation.AuthorizationResponse;
 import org.keycloak.authorization.common.KeycloakEvaluationContext;
@ -39,7 +36,8 @@ import org.keycloak.jose.jws.JWSInputException;
 import org.keycloak.models.RealmModel;
 import org.keycloak.protocol.oidc.TokenManager;
 import org.keycloak.representations.AccessToken;
-import org.keycloak.representations.authorization.Permission;
+import org.keycloak.representations.idm.authorization.Permission;
 import org.keycloak.representations.idm.authorization.ScopeRepresentation;
 import org.keycloak.services.ErrorResponseException;
 import org.keycloak.services.resources.Cors;
--- a/services/src/main/java/org/keycloak/authorization/entitlement/EntitlementService.java
+++ b/services/src/main/java/org/keycloak/authorization/entitlement/EntitlementService.java
@ -39,7 +39,7 @@ import org.keycloak.models.KeycloakContext;
 import org.keycloak.models.RealmModel;
 import org.keycloak.protocol.oidc.TokenManager;
 import org.keycloak.representations.AccessToken;
-import org.keycloak.representations.authorization.Permission;
+import org.keycloak.representations.idm.authorization.Permission;
 import org.keycloak.services.ErrorResponseException;
 import org.keycloak.services.resources.Cors;
@ -182,9 +182,8 @@ public class EntitlementService {
        AccessToken.Authorization authorization = new AccessToken.Authorization();
        authorization.setPermissions(permissions);
        accessToken.setAuthorization(authorization);
-        ;
+
        return new TokenManager().encodeToken(realm, accessToken);
    }
--- a/services/src/main/java/org/keycloak/authorization/protection/permission/AbstractPermissionService.java
+++ b/services/src/main/java/org/keycloak/authorization/protection/permission/AbstractPermissionService.java
@ -1,8 +1,22 @@
 /*
 * Copyright 2016 Red Hat, Inc. and/or its affiliates
 * and other contributors as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.keycloak.authorization.protection.permission;
 import org.keycloak.authorization.AuthorizationProvider;
 import org.keycloak.authorization.admin.representation.ResourceRepresentation;
 import org.keycloak.authorization.admin.representation.ScopeRepresentation;
 import org.keycloak.authorization.common.KeycloakIdentity;
 import org.keycloak.authorization.model.Resource;
 import org.keycloak.authorization.model.ResourceServer;
@ -11,6 +25,8 @@ import org.keycloak.authorization.protection.permission.representation.Permissio
 import org.keycloak.authorization.protection.permission.representation.PermissionResponse;
 import org.keycloak.authorization.store.StoreFactory;
 import org.keycloak.jose.jws.JWSBuilder;
 import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 import org.keycloak.representations.idm.authorization.ScopeRepresentation;
 import org.keycloak.services.ErrorResponseException;
 import javax.ws.rs.core.Response;
--- a/services/src/main/java/org/keycloak/authorization/protection/permission/PermissionService.java
+++ b/services/src/main/java/org/keycloak/authorization/protection/permission/PermissionService.java
@ -18,27 +18,15 @@
 package org.keycloak.authorization.protection.permission;
 import org.keycloak.authorization.AuthorizationProvider;
 import org.keycloak.authorization.admin.representation.ResourceRepresentation;
 import org.keycloak.authorization.admin.representation.ScopeRepresentation;
 import org.keycloak.authorization.common.KeycloakIdentity;
 import org.keycloak.authorization.model.Resource;
 import org.keycloak.authorization.model.ResourceServer;
 import org.keycloak.authorization.model.Scope;
 import org.keycloak.authorization.protection.permission.representation.PermissionRequest;
 import org.keycloak.authorization.protection.permission.representation.PermissionResponse;
 import org.keycloak.authorization.store.StoreFactory;
 import org.keycloak.jose.jws.JWSBuilder;
 import org.keycloak.services.ErrorResponseException;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.POST;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.Status;
 import java.util.Arrays;
 import java.util.List;
 import java.util.Set;
 import java.util.stream.Collectors;
 /**
 * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
--- a/services/src/main/java/org/keycloak/authorization/protection/permission/PermissionTicket.java
+++ b/services/src/main/java/org/keycloak/authorization/protection/permission/PermissionTicket.java
@ -18,9 +18,9 @@
 package org.keycloak.authorization.protection.permission;
 import org.keycloak.TokenIdGenerator;
 import org.keycloak.authorization.admin.representation.ResourceRepresentation;
 import org.keycloak.representations.AccessToken;
 import org.keycloak.representations.JsonWebToken;
 import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 import java.util.ArrayList;
 import java.util.List;
--- a/services/src/main/java/org/keycloak/authorization/protection/resource/ResourceService.java
+++ b/services/src/main/java/org/keycloak/authorization/protection/resource/ResourceService.java
@ -19,15 +19,15 @@ package org.keycloak.authorization.protection.resource;
 import org.keycloak.authorization.AuthorizationProvider;
 import org.keycloak.authorization.admin.ResourceSetService;
 import org.keycloak.authorization.admin.representation.ResourceOwnerRepresentation;
 import org.keycloak.authorization.admin.representation.ResourceRepresentation;
 import org.keycloak.authorization.admin.representation.ScopeRepresentation;
 import org.keycloak.authorization.admin.util.Models;
 import org.keycloak.authorization.identity.Identity;
 import org.keycloak.authorization.model.ResourceServer;
 import org.keycloak.authorization.protection.resource.representation.UmaResourceRepresentation;
 import org.keycloak.authorization.protection.resource.representation.UmaScopeRepresentation;
 import org.keycloak.authorization.store.StoreFactory;
 import org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation;
 import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 import org.keycloak.representations.idm.authorization.ScopeRepresentation;
 import org.keycloak.services.ErrorResponseException;
 import javax.ws.rs.Consumes;
--- a/services/src/main/java/org/keycloak/authorization/util/Permissions.java
+++ b/services/src/main/java/org/keycloak/authorization/util/Permissions.java
@ -28,7 +28,7 @@ import org.keycloak.authorization.permission.ResourcePermission;
 import org.keycloak.authorization.policy.evaluation.Result;
 import org.keycloak.authorization.store.ResourceStore;
 import org.keycloak.authorization.store.StoreFactory;
-import org.keycloak.representations.authorization.Permission;
+import org.keycloak.representations.idm.authorization.Permission;
 import java.util.ArrayList;
 import java.util.Arrays;
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/AbstractPhotozAdminTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/AbstractPhotozAdminTest.java
@ -1,13 +1,12 @@
 /*
- * JBoss, Home of Professional Open Source.
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * Copyright 2016 Red Hat, Inc., and individual contributors
+ * and other contributors as indicated by the @author tags.
 * as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
- *     http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
@ -15,7 +14,6 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.keycloak.testsuite.authorization;
 import org.apache.commons.collections.map.HashedMap;
@ -23,8 +21,6 @@ import org.jboss.resteasy.spi.ResteasyProviderFactory;
 import org.junit.Before;
 import org.keycloak.authorization.AuthorizationProvider;
 import org.keycloak.authorization.Decision;
 import org.keycloak.authorization.admin.representation.ResourceRepresentation;
 import org.keycloak.authorization.admin.representation.ScopeRepresentation;
 import org.keycloak.authorization.common.KeycloakEvaluationContext;
 import org.keycloak.authorization.common.KeycloakIdentity;
 import org.keycloak.authorization.model.Policy;
@ -42,6 +38,8 @@ import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RoleModel;
 import org.keycloak.representations.AccessToken;
 import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 import org.keycloak.representations.idm.authorization.ScopeRepresentation;
 import org.keycloak.util.JsonSerialization;
 import javax.ws.rs.client.Invocation;
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourceManagementTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourceManagementTest.java
@ -19,8 +19,8 @@
 package org.keycloak.testsuite.authorization;
 import org.junit.Test;
 import org.keycloak.authorization.admin.representation.ResourceRepresentation;
 import org.keycloak.authorization.model.Resource;
 import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 import javax.ws.rs.client.Entity;
 import javax.ws.rs.client.Invocation.Builder;
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourcePermissionManagementTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourcePermissionManagementTest.java
@ -21,12 +21,13 @@ package org.keycloak.testsuite.authorization;
 import org.apache.commons.collections.map.HashedMap;
 import org.junit.Test;
 import org.keycloak.authorization.Decision.Effect;
 import org.keycloak.authorization.admin.representation.PolicyRepresentation;
 import org.keycloak.authorization.admin.representation.ResourceRepresentation;
 import org.keycloak.authorization.model.Policy;
 import org.keycloak.authorization.model.Resource;
 import org.keycloak.authorization.permission.ResourcePermission;
 import org.keycloak.authorization.policy.evaluation.DefaultEvaluation;
 import org.keycloak.representations.idm.authorization.DecisionStrategy;
 import org.keycloak.representations.idm.authorization.PolicyRepresentation;
 import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 import org.keycloak.util.JsonSerialization;
 import javax.ws.rs.client.Entity;
@ -329,7 +330,7 @@ public class ResourcePermissionManagementTest extends AbstractPhotozAdminTest {
        newPermission.setName("Album Resource Policy");
        newPermission.setType("resource");
-        newPermission.setDecisionStrategy(Policy.DecisionStrategy.AFFIRMATIVE);
+        newPermission.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
        HashedMap config = new HashedMap();
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ScopeManagementTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ScopeManagementTest.java
@ -19,8 +19,8 @@
 package org.keycloak.testsuite.authorization;
 import org.junit.Test;
 import org.keycloak.authorization.admin.representation.ScopeRepresentation;
 import org.keycloak.authorization.model.Scope;
 import org.keycloak.representations.idm.authorization.ScopeRepresentation;
 import javax.ws.rs.client.Entity;
 import javax.ws.rs.client.Invocation.Builder;