libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

[KEYCLOAK-6621] - Removing unnecessary code to process scopes from typed resources

Browse source
This commit is contained in:
pedroigor 2018-02-22 15:41:27 -03:00
parent 028e78f46b
commit b0200d462d
8 changed files with 21 additions and 77 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
core/src/main/java/org/keycloak/representations/idm/authorization/ResourceRepresentation.java
View file

@ -51,9 +51,8 @@ public class ResourceRepresentation {
@JsonInclude(JsonInclude.Include.NON_EMPTY)
private List<PolicyRepresentation> policies;
private List<ScopeRepresentation> typedScopes;
private String displayName;
private String displayName;
/**
* Creates a new instance.
*
@ -187,14 +186,6 @@ public class ResourceRepresentation {
this.ownerManagedAccess = ownerManagedAccess;
}
public void setTypedScopes(List<ScopeRepresentation> typedScopes) {
this.typedScopes = typedScopes;
}
public List<ScopeRepresentation> getTypedScopes() {
return typedScopes;
}
public void addScope(String... scopeNames) {
if (scopes == null) {
scopes = new HashSet<>();

2
examples/authz/servlet-authz/servlet-authz-app-config.json
View file

@ -25,7 +25,6 @@
{
"name": "Premium Resource",
"uri": "/protected/premium/*",
"type": "urn:servlet-authz:protected:resource",
"scopes": [
{
"name": "urn:servlet-authz:protected:premium:access"
@ -34,7 +33,6 @@
},
{
"name": "Main Page",
"type": "urn:servlet-authz:protected:resource",
"scopes": [
{
"name": "urn:servlet-authz:page:main:actionForAdmin"

5
server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/DefaultPolicyEvaluator.java
View file

@ -86,11 +86,6 @@ public class DefaultPolicyEvaluator implements PolicyEvaluator {
return policies;
}, consumer);
}
if (scopes.isEmpty() && !resource.getScopes().isEmpty()) {
scopes.removeAll(resource.getScopes());
evaluatePolicies(() -> policyStore.findByScopeIds(resource.getScopes().stream().map(Scope::getId).collect(Collectors.toList()), resourceServer.getId()), consumer);
}
}
if (!scopes.isEmpty()) {

18
server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
View file

@ -841,24 +841,6 @@ public class ModelToRepresentation {
}
return scope;
}).collect(Collectors.toSet()));
if (resource.getType() != null) {
ResourceStore resourceStore = authorization.getStoreFactory().getResourceStore();
for (Resource typed : resourceStore.findByType(resource.getType(), resourceServer.getId())) {
if (typed.getOwner().equals(resourceServer.getId()) && !typed.getId().equals(resource.getId())) {
resource.setTypedScopes(typed.getScopes().stream().map(model1 -> {
ScopeRepresentation scope = new ScopeRepresentation();
scope.setId(model1.getId());
scope.setName(model1.getName());
String iconUri = model1.getIconUri();
if (iconUri != null) {
scope.setIconUri(iconUri);
}
return scope;
}).filter(scopeRepresentation -> !resource.getScopes().contains(scopeRepresentation)).collect(Collectors.toList()));
}
}
}
}
return resource;

2
testsuite/integration-arquillian/test-apps/servlet-authz/servlet-authz-app-authz-service.json
View file

@ -25,7 +25,6 @@
{
"name": "Premium Resource",
"uri": "/protected/premium/*",
"type": "urn:servlet-authz:protected:resource",
"scopes": [
{
"name": "urn:servlet-authz:protected:premium:access"
@ -34,7 +33,6 @@
},
{
"name": "Main Page",
"type": "urn:servlet-authz:protected:resource",
"scopes": [
{
"name": "urn:servlet-authz:page:main:actionForAdmin"

39
testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/servlet-policy-enforcer-authz-realm.json
View file

@ -62,64 +62,51 @@
"resources": [
{
"name": "Welcome Resource",
"uri": "",
"typedScopes": []
"uri": ""
},
{
"name": "Pattern 1",
"uri": "",
"typedScopes": []
"uri": ""
},
{
"name": "Pattern 2",
"uri": "/resource/resource-a",
"typedScopes": []
"uri": "/resource/resource-a"
},
{
"name": "Pattern 3",
"uri": "/resource/resource-b/test",
"typedScopes": []
"uri": "/resource/resource-b/test"
},
{
"name": "Pattern 4",
"uri": "/resource-c",
"typedScopes": []
"uri": "/resource-c"
},
{
"name": "Pattern 5",
"uri": "/resource/d/resource-d",
"typedScopes": []
"uri": "/resource/d/resource-d"
},
{
"name": "Pattern 6",
"uri": "",
"typedScopes": []
"uri": ""
},
{
"name": "Pattern 7",
"uri": "",
"typedScopes": []
"uri": ""
},
{
"name": "Pattern 8",
"typedScopes": []
"name": "Pattern 8"
},
{
"name": "Pattern 9",
"typedScopes": []
"name": "Pattern 9"
},
{
"name": "Pattern 10",
"typedScopes": []
"name": "Pattern 10"
},
{
"name": "Pattern 11",
"typedScopes": []
"name": "Pattern 11"
},
{
"name": "Pattern 12",
"uri": "/realm_uri",
"typedScopes": []
"uri": "/realm_uri"
}
],
"policies": [

12
testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/acme-resource-server-cleanup-test.json
View file

@ -13,8 +13,7 @@
{
"name": "urn:acme.com:scopes:admin:view"
}
],
"typedScopes": []
]
},
{
"name": "Role resource",
@ -24,8 +23,7 @@
{
"name": "urn:acme.com:scopes:role:view"
}
],
"typedScopes": []
]
},
{
"name": "User profile resource",
@ -38,8 +36,7 @@
{
"name": "urn:acme.com:scopes:userprofile:view"
}
],
"typedScopes": []
]
},
{
"name": "Account resource",
@ -49,8 +46,7 @@
{
"name": "urn:acme.com:scopes:account:manage"
}
],
"typedScopes": []
]
}
],
"policies": [

9
testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-2.2.1.Final.json
View file

@ -134,8 +134,7 @@
{
"name": "urn:photoz.com:scopes:profile:view"
}
],
"typedScopes": []
]
},
{
"name": "Album Resource",
@ -151,8 +150,7 @@
{
"name": "urn:photoz.com:scopes:album:delete"
}
],
"typedScopes": []
]
},
{
"name": "Admin Resources",
@ -162,8 +160,7 @@
{
"name": "urn:photoz.com:scopes:album:admin:manage"
}
],
"typedScopes": []
]
}
],
"policies": [