[KEYCLOAK-3128] - Admin Client Authorization Endpoints

adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java

@@ -29,7 +29,7 @@ import org.keycloak.representations.AccessToken;
 import org.keycloak.representations.adapters.config.PolicyEnforcerConfig;
 import org.keycloak.representations.adapters.config.PolicyEnforcerConfig.EnforcementMode;
 import org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig;
-import org.keycloak.representations.authorization.Permission;
+import org.keycloak.representations.idm.authorization.Permission;
 
 import java.net.URI;
 import java.util.Collections;

adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/PolicyEnforcer.java

@@ -30,7 +30,7 @@ import org.keycloak.authorization.client.resource.ProtectedResource;
 import org.keycloak.representations.adapters.config.AdapterConfig;
 import org.keycloak.representations.adapters.config.PolicyEnforcerConfig;
 import org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig;
-import org.keycloak.representations.authorization.Permission;
+import org.keycloak.representations.idm.authorization.Permission;
 
 import java.util.ArrayList;
 import java.util.HashSet;

authz/client/src/main/java/org/keycloak/authorization/client/representation/TokenIntrospectionResponse.java

@@ -19,7 +19,7 @@ package org.keycloak.authorization.client.representation;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
 import org.keycloak.representations.JsonWebToken;
-import org.keycloak.representations.authorization.Permission;
+import org.keycloak.representations.idm.authorization.Permission;
 
 import java.util.List;
 

authz/policy/drools/src/main/java/org/keycloak/authorization/policy/provider/drools/DroolsPolicyAdminResource.java

@@ -1,9 +1,25 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package org.keycloak.authorization.policy.provider.drools;
 
-import org.keycloak.authorization.admin.representation.PolicyRepresentation;
 import org.keycloak.authorization.model.Policy;
 import org.keycloak.authorization.model.ResourceServer;
 import org.keycloak.authorization.policy.provider.PolicyProviderAdminService;
+import org.keycloak.representations.idm.authorization.PolicyRepresentation;
 import org.kie.api.runtime.KieContainer;
 
 import javax.ws.rs.Consumes;

core/src/main/java/org/keycloak/AuthorizationContext.java

@@ -19,7 +19,7 @@ package org.keycloak;
 
 import org.keycloak.representations.AccessToken;
 import org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig;
-import org.keycloak.representations.authorization.Permission;
+import org.keycloak.representations.idm.authorization.Permission;
 
 import java.util.List;
 

core/src/main/java/org/keycloak/representations/AccessToken.java

@@ -19,7 +19,7 @@ package org.keycloak.representations;
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonProperty;
-import org.keycloak.representations.authorization.Permission;
+import org.keycloak.representations.idm.authorization.Permission;
 
 import java.io.Serializable;
 import java.util.HashMap;

core/src/main/java/org/keycloak/representations/idm/authorization/DecisionStrategy.java

@@ -0,0 +1,42 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.representations.idm.authorization;
+
+/**
+ * The decision strategy dictates how the policies associated with a given policy are evaluated and how a final decision
+ * is obtained.
+ *
+ * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
+ */
+public enum DecisionStrategy {
+
+    /**
+     * Defines that at least one policy must evaluate to a positive decision in order to the overall decision be also positive.
+     */
+    AFFIRMATIVE,
+
+    /**
+     * Defines that all policies must evaluate to a positive decision in order to the overall decision be also positive.
+     */
+    UNANIMOUS,
+
+    /**
+     * Defines that the number of positive decisions must be greater than the number of negative decisions. If the number of positive and negative is the same,
+     * the final decision will be negative.
+     */
+    CONSENSUS
+}

core/src/main/java/org/keycloak/representations/idm/authorization/Logic.java

@@ -0,0 +1,36 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.representations.idm.authorization;
+
+/**
+ * The decision strategy dictates how the policies associated with a given policy are evaluated and how a final decision
+ * is obtained.
+ *
+ * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
+ */
+public enum Logic {
+
+    /**
+     * Defines that this policy follows a positive logic. In other words, the final decision is the policy outcome.
+     */
+    POSITIVE,
+
+    /**
+     * Defines that this policy uses a logical negation. In other words, the final decision would be a negative of the policy outcome.
+     */
+    NEGATIVE,
+}

core/src/main/java/org/keycloak/representations/idm/authorization/Permission.java

@@ -13,9 +13,8 @@
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
- *
  */
-package org.keycloak.representations.authorization;
+package org.keycloak.representations.idm.authorization;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
 

core/src/main/java/org/keycloak/representations/idm/authorization/PolicyEnforcementMode.java

@@ -0,0 +1,40 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.representations.idm.authorization;
+
+/**
+ * The policy enforcement mode dictates how authorization requests are handled by the server.
+ *
+ * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
+ */
+public enum PolicyEnforcementMode {
+
+    /**
+     * Requests are denied by default even when there is no policy associated with a given resource.
+     */
+    ENFORCING,
+
+    /**
+     * Requests are allowed even when there is no policy associated with a given resource.
+     */
+    PERMISSIVE,
+
+    /**
+     * Completely disables the evaluation of policies and allow access to any resource.
+     */
+    DISABLED
+}

core/src/main/java/org/keycloak/representations/idm/authorization/PolicyProviderRepresentation.java

@@ -1,7 +1,6 @@
 /*
- * JBoss, Home of Professional Open Source.
- * Copyright 2016 Red Hat, Inc., and individual contributors
- * as indicated by the @author tags.
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,8 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
-package org.keycloak.authorization.admin.representation;
+package org.keycloak.representations.idm.authorization;
 
 /**
  * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>

core/src/main/java/org/keycloak/representations/idm/authorization/PolicyRepresentation.java

@@ -1,7 +1,6 @@
 /*
- * JBoss, Home of Professional Open Source.
- * Copyright 2016 Red Hat, Inc., and individual contributors
- * as indicated by the @author tags.
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,11 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
-package org.keycloak.authorization.admin.representation;
-
-import org.keycloak.authorization.model.Policy.DecisionStrategy;
-import org.keycloak.authorization.model.Policy.Logic;
+package org.keycloak.representations.idm.authorization;
 
 import java.util.HashMap;
 import java.util.List;

core/src/main/java/org/keycloak/representations/idm/authorization/ResourceOwnerRepresentation.java

@@ -1,7 +1,6 @@
 /*
- * JBoss, Home of Professional Open Source.
- * Copyright 2016 Red Hat, Inc., and individual contributors
- * as indicated by the @author tags.
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,8 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
-package org.keycloak.authorization.admin.representation;
+package org.keycloak.representations.idm.authorization;
 
 /**
  * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>

core/src/main/java/org/keycloak/representations/idm/authorization/ResourceRepresentation.java

@@ -1,7 +1,6 @@
 /*
- * JBoss, Home of Professional Open Source.
- * Copyright 2016 Red Hat, Inc., and individual contributors
- * as indicated by the @author tags.
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.keycloak.authorization.admin.representation;
+package org.keycloak.representations.idm.authorization;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
 

core/src/main/java/org/keycloak/representations/idm/authorization/ResourceServerRepresentation.java

@@ -1,7 +1,6 @@
 /*
- * JBoss, Home of Professional Open Source.
- * Copyright 2016 Red Hat, Inc., and individual contributors
- * as indicated by the @author tags.
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,9 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.keycloak.authorization.admin.representation;
-
-import org.keycloak.authorization.model.ResourceServer.PolicyEnforcementMode;
+package org.keycloak.representations.idm.authorization;
 
 import java.util.List;
 

core/src/main/java/org/keycloak/representations/idm/authorization/ScopeRepresentation.java

@@ -1,7 +1,6 @@
 /*
- * JBoss, Home of Professional Open Source.
- * Copyright 2016 Red Hat, Inc., and individual contributors
- * as indicated by the @author tags.
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.keycloak.authorization.admin.representation;
+package org.keycloak.representations.idm.authorization;
 
 import java.net.URI;
 import java.util.List;

examples/authz/hello-world/src/main/java/org/keycloak/authz/helloworld/AuthorizationClientExample.java

@@ -26,7 +26,7 @@ import org.keycloak.authorization.client.representation.ResourceRepresentation;
 import org.keycloak.authorization.client.representation.ScopeRepresentation;
 import org.keycloak.authorization.client.representation.TokenIntrospectionResponse;
 import org.keycloak.authorization.client.resource.ProtectedResource;
-import org.keycloak.representations.authorization.Permission;
+import org.keycloak.representations.idm.authorization.Permission;
 
 import java.util.Set;
 

integration/admin-client/src/main/java/org/keycloak/admin/client/resource/AuthorizationResource.java

@@ -0,0 +1,61 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.admin.client.resource;
+
+import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+
+/**
+ * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
+ */
+public interface AuthorizationResource {
+
+    @PUT
+    @Consumes(MediaType.APPLICATION_JSON)
+    @Produces(MediaType.APPLICATION_JSON)
+    void update(ResourceServerRepresentation server);
+
+    @GET
+    @Produces(MediaType.APPLICATION_JSON)
+    ResourceServerRepresentation getSettings();
+
+    @Path("/import")
+    @POST
+    @Consumes(MediaType.APPLICATION_JSON)
+    void importSettings(ResourceServerRepresentation server);
+
+    @Path("/settings")
+    @GET
+    @Produces(MediaType.APPLICATION_JSON)
+    ResourceServerRepresentation exportSettings();
+
+    @Path("/resource")
+    ResourcesResource resources();
+
+    @Path("/scope")
+    ResourceScopesResource scopes();
+
+    @Path("/policy")
+    PoliciesResource policies();
+}

integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ClientResource.java

@@ -142,4 +142,6 @@ public interface ClientResource {
     @Produces(MediaType.APPLICATION_JSON)
     GlobalRequestResult testNodesAvailable();
 
+    @Path("/authz/resource-server")
+    AuthorizationResource authorization();
 }

integration/admin-client/src/main/java/org/keycloak/admin/client/resource/PoliciesResource.java

@@ -0,0 +1,56 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.admin.client.resource;
+
+import org.jboss.resteasy.annotations.cache.NoCache;
+import org.keycloak.representations.idm.authorization.PolicyProviderRepresentation;
+import org.keycloak.representations.idm.authorization.PolicyRepresentation;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import java.util.List;
+
+/**
+ * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
+ */
+public interface PoliciesResource {
+
+    @POST
+    @Consumes(MediaType.APPLICATION_JSON)
+    @Produces(MediaType.APPLICATION_JSON)
+    Response create(PolicyRepresentation representation);
+
+    @Path("{id}")
+    PolicyResource policy(@PathParam("id") String id);
+
+    @GET
+    @Produces(MediaType.APPLICATION_JSON)
+    @NoCache
+    List<PolicyRepresentation> policies();
+
+    @Path("providers")
+    @GET
+    @Produces(MediaType.APPLICATION_JSON)
+    @NoCache
+    List<PolicyProviderRepresentation> policyProviders();
+}

integration/admin-client/src/main/java/org/keycloak/admin/client/resource/PolicyResource.java

@@ -0,0 +1,45 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.admin.client.resource;
+
+import org.jboss.resteasy.annotations.cache.NoCache;
+import org.keycloak.representations.idm.authorization.PolicyRepresentation;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.GET;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+
+/**
+ * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
+ */
+public interface PolicyResource {
+
+    @GET
+    @Produces(MediaType.APPLICATION_JSON)
+    @NoCache
+    PolicyRepresentation toRepresentation();
+
+    @PUT
+    @Consumes(MediaType.APPLICATION_JSON)
+    void update(PolicyRepresentation representation);
+
+    @DELETE
+    void remove();
+}

integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourceResource.java

@@ -0,0 +1,45 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.admin.client.resource;
+
+import org.jboss.resteasy.annotations.cache.NoCache;
+import org.keycloak.representations.idm.authorization.ResourceRepresentation;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.GET;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+
+/**
+ * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
+ */
+public interface ResourceResource {
+
+    @GET
+    @Produces(MediaType.APPLICATION_JSON)
+    @NoCache
+    ResourceRepresentation toRepresentation();
+
+    @PUT
+    @Consumes(MediaType.APPLICATION_JSON)
+    void update(ResourceRepresentation resource);
+
+    @DELETE
+    void remove();
+}

integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourceScopeResource.java

@@ -0,0 +1,46 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.admin.client.resource;
+
+import org.jboss.resteasy.annotations.cache.NoCache;
+import org.keycloak.representations.idm.authorization.ResourceRepresentation;
+import org.keycloak.representations.idm.authorization.ScopeRepresentation;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.GET;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+
+/**
+ * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
+ */
+public interface ResourceScopeResource {
+
+    @GET
+    @Produces(MediaType.APPLICATION_JSON)
+    @NoCache
+    ScopeRepresentation toRepresentation();
+
+    @PUT
+    @Consumes(MediaType.APPLICATION_JSON)
+    void update(ScopeRepresentation scope);
+
+    @DELETE
+    void remove();
+}

integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourceScopesResource.java

@@ -0,0 +1,50 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.admin.client.resource;
+
+import org.jboss.resteasy.annotations.cache.NoCache;
+import org.keycloak.representations.idm.authorization.ResourceRepresentation;
+import org.keycloak.representations.idm.authorization.ScopeRepresentation;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import java.util.List;
+
+/**
+ * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
+ */
+public interface ResourceScopesResource {
+
+    @POST
+    @Consumes(MediaType.APPLICATION_JSON)
+    @Produces(MediaType.APPLICATION_JSON)
+    Response create(ScopeRepresentation scope);
+
+    @Path("{id}")
+    ResourceScopeResource scope(@PathParam("id") String id);
+
+    @GET
+    @NoCache
+    @Produces(MediaType.APPLICATION_JSON)
+    List<ScopeRepresentation> scopes();
+}

integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ResourcesResource.java

@@ -0,0 +1,49 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.admin.client.resource;
+
+import org.jboss.resteasy.annotations.cache.NoCache;
+import org.keycloak.representations.idm.authorization.ResourceRepresentation;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import java.util.List;
+
+/**
+ * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
+ */
+public interface ResourcesResource {
+
+    @POST
+    @Consumes(MediaType.APPLICATION_JSON)
+    @Produces(MediaType.APPLICATION_JSON)
+    Response create(ResourceRepresentation resource);
+
+    @Path("{id}")
+    ResourceResource resource(@PathParam("id") String id);
+
+    @GET
+    @NoCache
+    @Produces(MediaType.APPLICATION_JSON)
+    List<ResourceRepresentation> resources();
+}

model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/CachedPolicyStore.java

@@ -30,6 +30,8 @@ import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.authorization.infinispan.InfinispanStoreFactoryProvider.CacheTransaction;
 import org.keycloak.models.authorization.infinispan.entities.CachedPolicy;
 import org.keycloak.models.entities.AbstractIdentifiableEntity;
+import org.keycloak.representations.idm.authorization.DecisionStrategy;
+import org.keycloak.representations.idm.authorization.Logic;
 
 import java.util.ArrayList;
 import java.util.HashSet;

model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/CachedResourceServerStore.java

@@ -26,6 +26,7 @@ import org.keycloak.connections.infinispan.InfinispanConnectionProvider;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.authorization.infinispan.InfinispanStoreFactoryProvider.CacheTransaction;
 import org.keycloak.models.authorization.infinispan.entities.CachedResourceServer;
+import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
 
 import java.util.ArrayList;
 import java.util.List;

model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/entities/CachedPolicy.java

@@ -23,6 +23,8 @@ import org.keycloak.authorization.model.Resource;
 import org.keycloak.authorization.model.ResourceServer;
 import org.keycloak.authorization.model.Scope;
 import org.keycloak.models.entities.AbstractIdentifiableEntity;
+import org.keycloak.representations.idm.authorization.DecisionStrategy;
+import org.keycloak.representations.idm.authorization.Logic;
 
 import java.util.HashMap;
 import java.util.Map;

model/infinispan/src/main/java/org/keycloak/models/authorization/infinispan/entities/CachedResourceServer.java

@@ -19,6 +19,7 @@
 package org.keycloak.models.authorization.infinispan.entities;
 
 import org.keycloak.authorization.model.ResourceServer;
+import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
 
 /**
  * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>

model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/PolicyEntity.java

@@ -22,6 +22,8 @@ import org.keycloak.authorization.model.Policy;
 import org.keycloak.authorization.model.Resource;
 import org.keycloak.authorization.model.Scope;
 import org.keycloak.models.entities.AbstractIdentifiableEntity;
+import org.keycloak.representations.idm.authorization.DecisionStrategy;
+import org.keycloak.representations.idm.authorization.Logic;
 
 import javax.persistence.Access;
 import javax.persistence.AccessType;

model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/ResourceServerEntity.java

@@ -19,6 +19,7 @@
 package org.keycloak.authorization.jpa.entities;
 
 import org.keycloak.authorization.model.ResourceServer;
+import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
 
 import javax.persistence.Access;
 import javax.persistence.AccessType;

model/mongo/src/main/java/org/keycloak/authorization/mongo/adapter/PolicyAdapter.java

@@ -1,3 +1,19 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package org.keycloak.authorization.mongo.adapter;
 
 import org.keycloak.authorization.AuthorizationProvider;
@@ -8,6 +24,8 @@ import org.keycloak.authorization.model.Scope;
 import org.keycloak.authorization.mongo.entities.PolicyEntity;
 import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
 import org.keycloak.models.mongo.keycloak.adapters.AbstractMongoAdapter;
+import org.keycloak.representations.idm.authorization.DecisionStrategy;
+import org.keycloak.representations.idm.authorization.Logic;
 
 import java.util.Map;
 import java.util.Set;

model/mongo/src/main/java/org/keycloak/authorization/mongo/adapter/ResourceServerAdapter.java

@@ -1,9 +1,26 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package org.keycloak.authorization.mongo.adapter;
 
 import org.keycloak.authorization.model.ResourceServer;
 import org.keycloak.authorization.mongo.entities.ResourceServerEntity;
 import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
 import org.keycloak.models.mongo.keycloak.adapters.AbstractMongoAdapter;
+import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
 
 /**
  * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>

model/mongo/src/main/java/org/keycloak/authorization/mongo/entities/PolicyEntity.java

@@ -18,12 +18,12 @@
 
 package org.keycloak.authorization.mongo.entities;
 
-import org.keycloak.authorization.model.Policy.DecisionStrategy;
-import org.keycloak.authorization.model.Policy.Logic;
 import org.keycloak.connections.mongo.api.MongoCollection;
 import org.keycloak.connections.mongo.api.MongoIdentifiableEntity;
 import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
 import org.keycloak.models.entities.AbstractIdentifiableEntity;
+import org.keycloak.representations.idm.authorization.DecisionStrategy;
+import org.keycloak.representations.idm.authorization.Logic;
 
 import java.util.HashMap;
 import java.util.HashSet;

model/mongo/src/main/java/org/keycloak/authorization/mongo/entities/ResourceServerEntity.java

@@ -18,11 +18,11 @@
 
 package org.keycloak.authorization.mongo.entities;
 
-import org.keycloak.authorization.model.ResourceServer.PolicyEnforcementMode;
 import org.keycloak.connections.mongo.api.MongoCollection;
 import org.keycloak.connections.mongo.api.MongoIdentifiableEntity;
 import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
 import org.keycloak.models.entities.AbstractIdentifiableEntity;
+import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
 
 /**
  * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>

server-spi/src/main/java/org/keycloak/authorization/model/Policy.java

@@ -18,6 +18,9 @@
 
 package org.keycloak.authorization.model;
 
+import org.keycloak.representations.idm.authorization.DecisionStrategy;
+import org.keycloak.representations.idm.authorization.Logic;
+
 import java.util.Map;
 import java.util.Set;
 
@@ -152,42 +155,4 @@ public interface Policy {
     void addResource(Resource resource);
 
     void removeResource(Resource resource);
-
-    /**
-     * The decision strategy dictates how the policies associated with a given policy are evaluated and how a final decision
-     * is obtained.
-     */
-    enum DecisionStrategy {
-        /**
-         * Defines that at least one policy must evaluate to a positive decision in order to the overall decision be also positive.
-         */
-        AFFIRMATIVE,
-
-        /**
-         * Defines that all policies must evaluate to a positive decision in order to the overall decision be also positive.
-         */
-        UNANIMOUS,
-
-        /**
-         * Defines that the number of positive decisions must be greater than the number of negative decisions. If the number of positive and negative is the same,
-         * the final decision will be negative.
-         */
-        CONSENSUS
-    }
-
-    /**
-     * The decision strategy dictates how the policies associated with a given policy are evaluated and how a final decision
-     * is obtained.
-     */
-    enum Logic {
-        /**
-         * Defines that this policy follows a positive logic. In other words, the final decision is the policy outcome.
-         */
-        POSITIVE,
-
-        /**
-         * Defines that this policy uses a logical negation. In other words, the final decision would be a negative of the policy outcome.
-         */
-        NEGATIVE,
-    }
 }

server-spi/src/main/java/org/keycloak/authorization/model/ResourceServer.java

@@ -18,6 +18,8 @@
 
 package org.keycloak.authorization.model;
 
+import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
+
 /**
  * Represents a resource server, whose resources are managed and protected. A resource server is basically an existing
  * client application in Keycloak that will also act as a resource server.
@@ -68,24 +70,4 @@ public interface ResourceServer {
      * @param enforcementMode one of the available options in {@code PolicyEnforcementMode}
      */
     void setPolicyEnforcementMode(PolicyEnforcementMode enforcementMode);
-
-    /**
-     * The policy enforcement mode dictates how authorization requests are handled by the server.
-     */
-    enum PolicyEnforcementMode {
-        /**
-         * Requests are denied by default even when there is no policy associated with a given resource.
-         */
-        ENFORCING,
-
-        /**
-         * Requests are allowed even when there is no policy associated with a given resource.
-         */
-        PERMISSIVE,
-
-        /**
-         * Completely disables the evaluation of policies and allow access to any resource.
-         */
-        DISABLED
-    }
 }

server-spi/src/main/java/org/keycloak/authorization/policy/evaluation/DecisionResultCollector.java

@@ -21,6 +21,7 @@ package org.keycloak.authorization.policy.evaluation;
 import org.keycloak.authorization.Decision;
 import org.keycloak.authorization.model.Policy;
 import org.keycloak.authorization.permission.ResourcePermission;
+import org.keycloak.representations.idm.authorization.DecisionStrategy;
 
 import java.util.HashMap;
 import java.util.List;
@@ -81,17 +82,17 @@ public abstract class DecisionResultCollector implements Decision<DefaultEvaluat
         }
 
         Policy policy = policyResult.getPolicy();
-        Policy.DecisionStrategy decisionStrategy = policy.getDecisionStrategy();
+        DecisionStrategy decisionStrategy = policy.getDecisionStrategy();
 
         if (decisionStrategy == null) {
-            decisionStrategy = Policy.DecisionStrategy.UNANIMOUS;
+            decisionStrategy = DecisionStrategy.UNANIMOUS;
         }
 
-        if (Policy.DecisionStrategy.AFFIRMATIVE.equals(decisionStrategy) && grantCount > 0) {
+        if (DecisionStrategy.AFFIRMATIVE.equals(decisionStrategy) && grantCount > 0) {
             return true;
-        } else if (Policy.DecisionStrategy.UNANIMOUS.equals(decisionStrategy) && denyCount == 0) {
+        } else if (DecisionStrategy.UNANIMOUS.equals(decisionStrategy) && denyCount == 0) {
             return true;
-        } else if (Policy.DecisionStrategy.CONSENSUS.equals(decisionStrategy)) {
+        } else if (DecisionStrategy.CONSENSUS.equals(decisionStrategy)) {
             if (grantCount > denyCount) {
                 return true;
             }

server-spi/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultEvaluation.java

@@ -21,8 +21,8 @@ package org.keycloak.authorization.policy.evaluation;
 import org.keycloak.authorization.Decision;
 import org.keycloak.authorization.Decision.Effect;
 import org.keycloak.authorization.model.Policy;
-import org.keycloak.authorization.model.Policy.Logic;
 import org.keycloak.authorization.permission.ResourcePermission;
+import org.keycloak.representations.idm.authorization.Logic;
 
 /**
  * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>

server-spi/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultPolicyEvaluator.java

@@ -23,13 +23,13 @@ import org.keycloak.authorization.Decision;
 import org.keycloak.authorization.model.Policy;
 import org.keycloak.authorization.model.Resource;
 import org.keycloak.authorization.model.ResourceServer;
-import org.keycloak.authorization.model.ResourceServer.PolicyEnforcementMode;
 import org.keycloak.authorization.model.Scope;
 import org.keycloak.authorization.permission.ResourcePermission;
 import org.keycloak.authorization.policy.provider.PolicyProvider;
 import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
 import org.keycloak.authorization.store.PolicyStore;
 import org.keycloak.authorization.store.StoreFactory;
+import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
 
 import java.util.HashMap;
 import java.util.List;

server-spi/src/main/java/org/keycloak/models/utils/RepresentationToModel.java

@@ -78,13 +78,13 @@ import org.keycloak.representations.idm.UserConsentRepresentation;
 import org.keycloak.representations.idm.UserFederationMapperRepresentation;
 import org.keycloak.representations.idm.UserFederationProviderRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
+import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
 
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.HashSet;
-import java.util.Iterator;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
@@ -1002,7 +1002,7 @@ public class RepresentationToModel {
             ResourceServer resourceServer = resourceServerStore.create(client.getId());
 
             resourceServer.setAllowRemoteResourceManagement(true);
-            resourceServer.setPolicyEnforcementMode(ResourceServer.PolicyEnforcementMode.ENFORCING);
+            resourceServer.setPolicyEnforcementMode(PolicyEnforcementMode.ENFORCING);
         }
 
         return client;

services/src/main/java/org/keycloak/authorization/admin/PolicyService.java

@@ -18,10 +18,9 @@
 package org.keycloak.authorization.admin;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
+import org.jboss.resteasy.annotations.cache.NoCache;
 import org.jboss.resteasy.spi.ResteasyProviderFactory;
 import org.keycloak.authorization.AuthorizationProvider;
-import org.keycloak.authorization.admin.representation.PolicyProviderRepresentation;
-import org.keycloak.authorization.admin.representation.PolicyRepresentation;
 import org.keycloak.authorization.admin.util.Models;
 import org.keycloak.authorization.model.Policy;
 import org.keycloak.authorization.model.Resource;
@@ -31,6 +30,8 @@ import org.keycloak.authorization.policy.provider.PolicyProviderAdminService;
 import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
 import org.keycloak.authorization.store.PolicyStore;
 import org.keycloak.authorization.store.StoreFactory;
+import org.keycloak.representations.idm.authorization.PolicyProviderRepresentation;
+import org.keycloak.representations.idm.authorization.PolicyRepresentation;
 import org.keycloak.services.resources.admin.RealmAuth;
 
 import javax.ws.rs.Consumes;
@@ -67,6 +68,7 @@ public class PolicyService {
     @POST
     @Consumes("application/json")
     @Produces("application/json")
+    @NoCache
     public Response create(PolicyRepresentation representation) {
         this.auth.requireManage();
         Policy policy = Models.toModel(representation, this.resourceServer, authorization);
@@ -94,6 +96,7 @@ public class PolicyService {
     @PUT
     @Consumes("application/json")
     @Produces("application/json")
+    @NoCache
     public Response update(@PathParam("id") String id, PolicyRepresentation representation) {
         this.auth.requireManage();
         representation.setId(id);
@@ -161,6 +164,7 @@ public class PolicyService {
     @Path("{id}")
     @GET
     @Produces("application/json")
+    @NoCache
     public Response findById(@PathParam("id") String id) {
         this.auth.requireView();
         StoreFactory storeFactory = authorization.getStoreFactory();
@@ -175,6 +179,7 @@ public class PolicyService {
 
     @GET
     @Produces("application/json")
+    @NoCache
     public Response findAll() {
         this.auth.requireView();
         StoreFactory storeFactory = authorization.getStoreFactory();
@@ -188,6 +193,7 @@ public class PolicyService {
     @Path("providers")
     @GET
     @Produces("application/json")
+    @NoCache
     public Response findPolicyProviders() {
         this.auth.requireView();
         return Response.ok(
@@ -292,7 +298,7 @@ public class PolicyService {
                 boolean hasPolicy = false;
 
                 for (Policy policyModel : new HashSet<Policy>(policy.getAssociatedPolicies())) {
-                    if (policyModel.getId().equals(policyId)) {
+                    if (policyModel.getId().equals(policyId) || policyModel.getName().equals(policyId)) {
                         hasPolicy = true;
                     }
                 }

services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java

@@ -21,11 +21,6 @@ import org.jboss.resteasy.plugins.providers.multipart.InputPart;
 import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataInput;
 import org.jboss.resteasy.spi.ResteasyProviderFactory;
 import org.keycloak.authorization.AuthorizationProvider;
-import org.keycloak.authorization.admin.representation.PolicyRepresentation;
-import org.keycloak.authorization.admin.representation.ResourceOwnerRepresentation;
-import org.keycloak.authorization.admin.representation.ResourceRepresentation;
-import org.keycloak.authorization.admin.representation.ResourceServerRepresentation;
-import org.keycloak.authorization.admin.representation.ScopeRepresentation;
 import org.keycloak.authorization.admin.util.Models;
 import org.keycloak.authorization.model.Policy;
 import org.keycloak.authorization.model.Resource;
@@ -42,6 +37,13 @@ import org.keycloak.models.RealmModel;
 import org.keycloak.models.RoleModel;
 import org.keycloak.models.UserFederationManager;
 import org.keycloak.models.UserModel;
+import org.keycloak.representations.idm.authorization.DecisionStrategy;
+import org.keycloak.representations.idm.authorization.Logic;
+import org.keycloak.representations.idm.authorization.PolicyRepresentation;
+import org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation;
+import org.keycloak.representations.idm.authorization.ResourceRepresentation;
+import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
+import org.keycloak.representations.idm.authorization.ScopeRepresentation;
 import org.keycloak.services.resources.admin.RealmAuth;
 import org.keycloak.util.JsonSerialization;
 
@@ -191,15 +193,11 @@ public class ResourceServerService {
         return Response.ok(settings).build();
     }
 
+    @Path("/import")
     @POST
-    @Consumes(MediaType.MULTIPART_FORM_DATA)
-    public Response importSettings(@Context final UriInfo uriInfo, MultipartFormDataInput input) throws IOException {
+    @Consumes(MediaType.APPLICATION_JSON)
+    public Response importSettings(@Context final UriInfo uriInfo, ResourceServerRepresentation rep) throws IOException {
         this.auth.requireManage();
-        Map<String, List<InputPart>> uploadForm = input.getFormDataMap();
-        List<InputPart> inputParts = uploadForm.get("file");
-
-        for (InputPart inputPart : inputParts) {
-            ResourceServerRepresentation rep = JsonSerialization.readValue(inputPart.getBodyAsString(), ResourceServerRepresentation.class);
 
         resourceServer.setPolicyEnforcementMode(rep.getPolicyEnforcementMode());
         resourceServer.setAllowRemoteResourceManagement(rep.isAllowRemoteResourceManagement());
@@ -396,7 +394,6 @@ public class ResourceServerService {
                 policyResource.create(policyRepresentation);
             }
         });
-        }
 
         return Response.noContent().build();
     }
@@ -434,8 +431,8 @@ public class ResourceServerService {
         defaultPermission.setName("Default Permission");
         defaultPermission.setType("resource");
         defaultPermission.setDescription("A permission that applies to the default resource type");
-        defaultPermission.setDecisionStrategy(Policy.DecisionStrategy.UNANIMOUS);
-        defaultPermission.setLogic(Policy.Logic.POSITIVE);
+        defaultPermission.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
+        defaultPermission.setLogic(Logic.POSITIVE);
 
         HashMap<String, String> defaultPermissionConfig = new HashMap<>();
 
@@ -454,8 +451,8 @@ public class ResourceServerService {
         defaultPolicy.setName("Only From Realm Policy");
         defaultPolicy.setDescription("A policy that grants access only for users within this realm");
         defaultPolicy.setType("js");
-        defaultPolicy.setDecisionStrategy(Policy.DecisionStrategy.AFFIRMATIVE);
-        defaultPolicy.setLogic(Policy.Logic.POSITIVE);
+        defaultPolicy.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
+        defaultPolicy.setLogic(Logic.POSITIVE);
 
         HashMap<String, String> defaultPolicyConfig = new HashMap<>();
 

services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java

@@ -17,9 +17,8 @@
  */
 package org.keycloak.authorization.admin;
 
+import org.jboss.resteasy.annotations.cache.NoCache;
 import org.keycloak.authorization.AuthorizationProvider;
-import org.keycloak.authorization.admin.representation.ResourceRepresentation;
-import org.keycloak.authorization.admin.representation.ScopeRepresentation;
 import org.keycloak.authorization.admin.util.Models;
 import org.keycloak.authorization.model.Policy;
 import org.keycloak.authorization.model.Resource;
@@ -27,6 +26,8 @@ import org.keycloak.authorization.model.ResourceServer;
 import org.keycloak.authorization.store.PolicyStore;
 import org.keycloak.authorization.store.ResourceStore;
 import org.keycloak.authorization.store.StoreFactory;
+import org.keycloak.representations.idm.authorization.ResourceRepresentation;
+import org.keycloak.representations.idm.authorization.ScopeRepresentation;
 import org.keycloak.services.ErrorResponse;
 import org.keycloak.services.resources.admin.RealmAuth;
 
@@ -136,6 +137,7 @@ public class ResourceSetService {
 
     @Path("{id}")
     @GET
+    @NoCache
     @Produces("application/json")
     public Response findById(@PathParam("id") String id) {
         requireView();
@@ -150,6 +152,7 @@ public class ResourceSetService {
     }
 
     @GET
+    @NoCache
     @Produces("application/json")
     public Response findAll() {
         requireView();

services/src/main/java/org/keycloak/authorization/admin/ScopeService.java

@@ -18,13 +18,13 @@
 package org.keycloak.authorization.admin;
 
 import org.keycloak.authorization.AuthorizationProvider;
-import org.keycloak.authorization.admin.representation.ScopeRepresentation;
 import org.keycloak.authorization.model.Policy;
 import org.keycloak.authorization.model.Resource;
 import org.keycloak.authorization.model.ResourceServer;
 import org.keycloak.authorization.model.Scope;
 import org.keycloak.authorization.store.PolicyStore;
 import org.keycloak.authorization.store.StoreFactory;
+import org.keycloak.representations.idm.authorization.ScopeRepresentation;
 import org.keycloak.services.ErrorResponse;
 import org.keycloak.services.resources.admin.RealmAuth;
 

services/src/main/java/org/keycloak/authorization/admin/representation/PolicyEvaluationResponse.java

@@ -28,7 +28,10 @@ import org.keycloak.authorization.policy.evaluation.Result;
 import org.keycloak.authorization.policy.evaluation.Result.PolicyResult;
 import org.keycloak.authorization.store.StoreFactory;
 import org.keycloak.authorization.util.Permissions;
-import org.keycloak.representations.authorization.Permission;
+import org.keycloak.representations.idm.authorization.Permission;
+import org.keycloak.representations.idm.authorization.PolicyRepresentation;
+import org.keycloak.representations.idm.authorization.ResourceRepresentation;
+import org.keycloak.representations.idm.authorization.ScopeRepresentation;
 
 import java.util.ArrayList;
 import java.util.List;

services/src/main/java/org/keycloak/authorization/admin/util/Models.java

@@ -20,11 +20,6 @@ package org.keycloak.authorization.admin.util;
 
 import org.keycloak.authorization.AuthorizationProvider;
 import org.keycloak.authorization.ErrorCode;
-import org.keycloak.authorization.admin.representation.PolicyRepresentation;
-import org.keycloak.authorization.admin.representation.ResourceOwnerRepresentation;
-import org.keycloak.authorization.admin.representation.ResourceRepresentation;
-import org.keycloak.authorization.admin.representation.ResourceServerRepresentation;
-import org.keycloak.authorization.admin.representation.ScopeRepresentation;
 import org.keycloak.authorization.model.Policy;
 import org.keycloak.authorization.model.Resource;
 import org.keycloak.authorization.model.ResourceServer;
@@ -36,6 +31,11 @@ import org.keycloak.models.ClientModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserModel;
+import org.keycloak.representations.idm.authorization.PolicyRepresentation;
+import org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation;
+import org.keycloak.representations.idm.authorization.ResourceRepresentation;
+import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
+import org.keycloak.representations.idm.authorization.ScopeRepresentation;
 import org.keycloak.services.ErrorResponseException;
 import org.keycloak.util.JsonSerialization;
 

services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java

@@ -1,7 +1,6 @@
 /*
- * JBoss, Home of Professional Open Source.
- * Copyright 2016 Red Hat, Inc., and individual contributors
- * as indicated by the @author tags.
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,13 +14,11 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package org.keycloak.authorization.authorization;
 
 import org.jboss.resteasy.spi.HttpRequest;
 import org.keycloak.OAuthErrorException;
 import org.keycloak.authorization.AuthorizationProvider;
-import org.keycloak.authorization.admin.representation.ScopeRepresentation;
 import org.keycloak.authorization.authorization.representation.AuthorizationRequest;
 import org.keycloak.authorization.authorization.representation.AuthorizationResponse;
 import org.keycloak.authorization.common.KeycloakEvaluationContext;
@@ -39,7 +36,8 @@ import org.keycloak.jose.jws.JWSInputException;
 import org.keycloak.models.RealmModel;
 import org.keycloak.protocol.oidc.TokenManager;
 import org.keycloak.representations.AccessToken;
-import org.keycloak.representations.authorization.Permission;
+import org.keycloak.representations.idm.authorization.Permission;
+import org.keycloak.representations.idm.authorization.ScopeRepresentation;
 import org.keycloak.services.ErrorResponseException;
 import org.keycloak.services.resources.Cors;
 

services/src/main/java/org/keycloak/authorization/entitlement/EntitlementService.java

@@ -39,7 +39,7 @@ import org.keycloak.models.KeycloakContext;
 import org.keycloak.models.RealmModel;
 import org.keycloak.protocol.oidc.TokenManager;
 import org.keycloak.representations.AccessToken;
-import org.keycloak.representations.authorization.Permission;
+import org.keycloak.representations.idm.authorization.Permission;
 import org.keycloak.services.ErrorResponseException;
 import org.keycloak.services.resources.Cors;
 
@@ -182,9 +182,8 @@ public class EntitlementService {
         AccessToken.Authorization authorization = new AccessToken.Authorization();
 
         authorization.setPermissions(permissions);
-
         accessToken.setAuthorization(authorization);
-        ;
+
         return new TokenManager().encodeToken(realm, accessToken);
     }
 

services/src/main/java/org/keycloak/authorization/protection/permission/AbstractPermissionService.java

@@ -1,8 +1,22 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package org.keycloak.authorization.protection.permission;
 
 import org.keycloak.authorization.AuthorizationProvider;
-import org.keycloak.authorization.admin.representation.ResourceRepresentation;
-import org.keycloak.authorization.admin.representation.ScopeRepresentation;
 import org.keycloak.authorization.common.KeycloakIdentity;
 import org.keycloak.authorization.model.Resource;
 import org.keycloak.authorization.model.ResourceServer;
@@ -11,6 +25,8 @@ import org.keycloak.authorization.protection.permission.representation.Permissio
 import org.keycloak.authorization.protection.permission.representation.PermissionResponse;
 import org.keycloak.authorization.store.StoreFactory;
 import org.keycloak.jose.jws.JWSBuilder;
+import org.keycloak.representations.idm.authorization.ResourceRepresentation;
+import org.keycloak.representations.idm.authorization.ScopeRepresentation;
 import org.keycloak.services.ErrorResponseException;
 
 import javax.ws.rs.core.Response;

services/src/main/java/org/keycloak/authorization/protection/permission/PermissionService.java

@@ -18,27 +18,15 @@
 package org.keycloak.authorization.protection.permission;
 
 import org.keycloak.authorization.AuthorizationProvider;
-import org.keycloak.authorization.admin.representation.ResourceRepresentation;
-import org.keycloak.authorization.admin.representation.ScopeRepresentation;
 import org.keycloak.authorization.common.KeycloakIdentity;
-import org.keycloak.authorization.model.Resource;
 import org.keycloak.authorization.model.ResourceServer;
-import org.keycloak.authorization.model.Scope;
 import org.keycloak.authorization.protection.permission.representation.PermissionRequest;
-import org.keycloak.authorization.protection.permission.representation.PermissionResponse;
-import org.keycloak.authorization.store.StoreFactory;
-import org.keycloak.jose.jws.JWSBuilder;
-import org.keycloak.services.ErrorResponseException;
 
 import javax.ws.rs.Consumes;
 import javax.ws.rs.POST;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.Response;
-import javax.ws.rs.core.Response.Status;
 import java.util.Arrays;
-import java.util.List;
-import java.util.Set;
-import java.util.stream.Collectors;
 
 /**
  * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>

services/src/main/java/org/keycloak/authorization/protection/permission/PermissionTicket.java

@@ -18,9 +18,9 @@
 package org.keycloak.authorization.protection.permission;
 
 import org.keycloak.TokenIdGenerator;
-import org.keycloak.authorization.admin.representation.ResourceRepresentation;
 import org.keycloak.representations.AccessToken;
 import org.keycloak.representations.JsonWebToken;
+import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 
 import java.util.ArrayList;
 import java.util.List;

services/src/main/java/org/keycloak/authorization/protection/resource/ResourceService.java

@@ -19,15 +19,15 @@ package org.keycloak.authorization.protection.resource;
 
 import org.keycloak.authorization.AuthorizationProvider;
 import org.keycloak.authorization.admin.ResourceSetService;
-import org.keycloak.authorization.admin.representation.ResourceOwnerRepresentation;
-import org.keycloak.authorization.admin.representation.ResourceRepresentation;
-import org.keycloak.authorization.admin.representation.ScopeRepresentation;
 import org.keycloak.authorization.admin.util.Models;
 import org.keycloak.authorization.identity.Identity;
 import org.keycloak.authorization.model.ResourceServer;
 import org.keycloak.authorization.protection.resource.representation.UmaResourceRepresentation;
 import org.keycloak.authorization.protection.resource.representation.UmaScopeRepresentation;
 import org.keycloak.authorization.store.StoreFactory;
+import org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation;
+import org.keycloak.representations.idm.authorization.ResourceRepresentation;
+import org.keycloak.representations.idm.authorization.ScopeRepresentation;
 import org.keycloak.services.ErrorResponseException;
 
 import javax.ws.rs.Consumes;

services/src/main/java/org/keycloak/authorization/util/Permissions.java

@@ -28,7 +28,7 @@ import org.keycloak.authorization.permission.ResourcePermission;
 import org.keycloak.authorization.policy.evaluation.Result;
 import org.keycloak.authorization.store.ResourceStore;
 import org.keycloak.authorization.store.StoreFactory;
-import org.keycloak.representations.authorization.Permission;
+import org.keycloak.representations.idm.authorization.Permission;
 
 import java.util.ArrayList;
 import java.util.Arrays;

testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/AbstractPhotozAdminTest.java

@@ -1,7 +1,6 @@
 /*
- * JBoss, Home of Professional Open Source.
- * Copyright 2016 Red Hat, Inc., and individual contributors
- * as indicated by the @author tags.
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +14,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package org.keycloak.testsuite.authorization;
 
 import org.apache.commons.collections.map.HashedMap;
@@ -23,8 +21,6 @@ import org.jboss.resteasy.spi.ResteasyProviderFactory;
 import org.junit.Before;
 import org.keycloak.authorization.AuthorizationProvider;
 import org.keycloak.authorization.Decision;
-import org.keycloak.authorization.admin.representation.ResourceRepresentation;
-import org.keycloak.authorization.admin.representation.ScopeRepresentation;
 import org.keycloak.authorization.common.KeycloakEvaluationContext;
 import org.keycloak.authorization.common.KeycloakIdentity;
 import org.keycloak.authorization.model.Policy;
@@ -42,6 +38,8 @@ import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RoleModel;
 import org.keycloak.representations.AccessToken;
+import org.keycloak.representations.idm.authorization.ResourceRepresentation;
+import org.keycloak.representations.idm.authorization.ScopeRepresentation;
 import org.keycloak.util.JsonSerialization;
 
 import javax.ws.rs.client.Invocation;

testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourceManagementTest.java

@@ -19,8 +19,8 @@
 package org.keycloak.testsuite.authorization;
 
 import org.junit.Test;
-import org.keycloak.authorization.admin.representation.ResourceRepresentation;
 import org.keycloak.authorization.model.Resource;
+import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 
 import javax.ws.rs.client.Entity;
 import javax.ws.rs.client.Invocation.Builder;

testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ResourcePermissionManagementTest.java

@@ -21,12 +21,13 @@ package org.keycloak.testsuite.authorization;
 import org.apache.commons.collections.map.HashedMap;
 import org.junit.Test;
 import org.keycloak.authorization.Decision.Effect;
-import org.keycloak.authorization.admin.representation.PolicyRepresentation;
-import org.keycloak.authorization.admin.representation.ResourceRepresentation;
 import org.keycloak.authorization.model.Policy;
 import org.keycloak.authorization.model.Resource;
 import org.keycloak.authorization.permission.ResourcePermission;
 import org.keycloak.authorization.policy.evaluation.DefaultEvaluation;
+import org.keycloak.representations.idm.authorization.DecisionStrategy;
+import org.keycloak.representations.idm.authorization.PolicyRepresentation;
+import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 import org.keycloak.util.JsonSerialization;
 
 import javax.ws.rs.client.Entity;
@@ -329,7 +330,7 @@ public class ResourcePermissionManagementTest extends AbstractPhotozAdminTest {
 
         newPermission.setName("Album Resource Policy");
         newPermission.setType("resource");
-        newPermission.setDecisionStrategy(Policy.DecisionStrategy.AFFIRMATIVE);
+        newPermission.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
 
         HashedMap config = new HashedMap();
 

testsuite/integration/src/test/java/org/keycloak/testsuite/authorization/ScopeManagementTest.java

@@ -19,8 +19,8 @@
 package org.keycloak.testsuite.authorization;
 
 import org.junit.Test;
-import org.keycloak.authorization.admin.representation.ScopeRepresentation;
 import org.keycloak.authorization.model.Scope;
+import org.keycloak.representations.idm.authorization.ScopeRepresentation;
 
 import javax.ws.rs.client.Entity;
 import javax.ws.rs.client.Invocation.Builder;