libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

[KEYCLOAK-3130] - Permission checks to authorization admin endpoints

Browse source
This commit is contained in:
Pedro Igor 2016-06-17 15:25:44 -03:00
parent 111bcb7433
commit dd279dd0fd
4 changed files with 252 additions and 224 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
services/src/main/java/org/keycloak/authorization/admin/AuthorizationService.java
View file

@ -60,12 +60,16 @@ public class AuthorizationService {
} }
public void enable() { public void enable() {
if (!isEnabled()) {
resourceServer().create(); resourceServer().create();
} }
}
public void disable() { public void disable() {
if (isEnabled()) {
resourceServer().delete(); resourceServer().delete();
} }
}
public boolean isEnabled() { public boolean isEnabled() {
return this.resourceServer != null; return this.resourceServer != null;

13
services/src/main/java/org/keycloak/authorization/admin/PolicyService.java
View file

@ -31,6 +31,7 @@ import org.keycloak.authorization.policy.provider.PolicyProviderAdminService;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory; import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.StoreFactory; import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.services.resources.admin.RealmAuth;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE; import javax.ws.rs.DELETE;
@ -55,16 +56,19 @@ public class PolicyService {
private final ResourceServer resourceServer; private final ResourceServer resourceServer;
private final AuthorizationProvider authorization; private final AuthorizationProvider authorization;
private final RealmAuth auth;
public PolicyService(ResourceServer resourceServer, AuthorizationProvider authorization) { public PolicyService(ResourceServer resourceServer, AuthorizationProvider authorization, RealmAuth auth) {
this.resourceServer = resourceServer; this.resourceServer = resourceServer;
this.authorization = authorization; this.authorization = authorization;
this.auth = auth;
} }
@POST @POST
@Consumes("application/json") @Consumes("application/json")
@Produces("application/json") @Produces("application/json")
public Response create(PolicyRepresentation representation) { public Response create(PolicyRepresentation representation) {
this.auth.requireManage();
Policy policy = Models.toModel(representation, this.resourceServer, authorization); Policy policy = Models.toModel(representation, this.resourceServer, authorization);
updateResources(policy, authorization); updateResources(policy, authorization);
@ -91,6 +95,7 @@ public class PolicyService {
@Consumes("application/json") @Consumes("application/json")
@Produces("application/json") @Produces("application/json")
public Response update(@PathParam("id") String id, PolicyRepresentation representation) { public Response update(@PathParam("id") String id, PolicyRepresentation representation) {
this.auth.requireManage();
representation.setId(id); representation.setId(id);
StoreFactory storeFactory = authorization.getStoreFactory(); StoreFactory storeFactory = authorization.getStoreFactory();
Policy policy = storeFactory.getPolicyStore().findById(representation.getId()); Policy policy = storeFactory.getPolicyStore().findById(representation.getId());
@ -125,6 +130,7 @@ public class PolicyService {
@Path("{id}") @Path("{id}")
@DELETE @DELETE
public Response delete(@PathParam("id") String id) { public Response delete(@PathParam("id") String id) {
this.auth.requireManage();
StoreFactory storeFactory = authorization.getStoreFactory(); StoreFactory storeFactory = authorization.getStoreFactory();
PolicyStore policyStore = storeFactory.getPolicyStore(); PolicyStore policyStore = storeFactory.getPolicyStore();
Policy policy = policyStore.findById(id); Policy policy = policyStore.findById(id);
@ -156,6 +162,7 @@ public class PolicyService {
@GET @GET
@Produces("application/json") @Produces("application/json")
public Response findById(@PathParam("id") String id) { public Response findById(@PathParam("id") String id) {
this.auth.requireView();
StoreFactory storeFactory = authorization.getStoreFactory(); StoreFactory storeFactory = authorization.getStoreFactory();
Policy model = storeFactory.getPolicyStore().findById(id); Policy model = storeFactory.getPolicyStore().findById(id);
@ -169,6 +176,7 @@ public class PolicyService {
@GET @GET
@Produces("application/json") @Produces("application/json")
public Response findAll() { public Response findAll() {
this.auth.requireView();
StoreFactory storeFactory = authorization.getStoreFactory(); StoreFactory storeFactory = authorization.getStoreFactory();
return Response.ok( return Response.ok(
storeFactory.getPolicyStore().findByResourceServer(resourceServer.getId()).stream() storeFactory.getPolicyStore().findByResourceServer(resourceServer.getId()).stream()
@ -181,6 +189,7 @@ public class PolicyService {
@GET @GET
@Produces("application/json") @Produces("application/json")
public Response findPolicyProviders() { public Response findPolicyProviders() {
this.auth.requireView();
return Response.ok( return Response.ok(
authorization.getProviderFactories().stream() authorization.getProviderFactories().stream()
.map(provider -> { .map(provider -> {
@ -198,6 +207,7 @@ public class PolicyService {
@Path("evaluate") @Path("evaluate")
public PolicyEvaluationService getPolicyEvaluateResource() { public PolicyEvaluationService getPolicyEvaluateResource() {
this.auth.requireView();
PolicyEvaluationService resource = new PolicyEvaluationService(this.resourceServer, this.authorization); PolicyEvaluationService resource = new PolicyEvaluationService(this.resourceServer, this.authorization);
ResteasyProviderFactory.getInstance().injectProperties(resource); ResteasyProviderFactory.getInstance().injectProperties(resource);
@ -207,6 +217,7 @@ public class PolicyService {
@Path("{policyType}") @Path("{policyType}")
public Object getPolicyTypeResource(@PathParam("policyType") String policyType) { public Object getPolicyTypeResource(@PathParam("policyType") String policyType) {
this.auth.requireView();
return getPolicyProviderAdminResource(policyType, this.authorization); return getPolicyProviderAdminResource(policyType, this.authorization);
} }

423
services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java
View file

@ -40,6 +40,7 @@ import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel; import org.keycloak.models.RoleModel;
import org.keycloak.models.UserFederationManager;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.services.resources.admin.RealmAuth; import org.keycloak.services.resources.admin.RealmAuth;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;
@ -60,7 +61,6 @@ import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import java.util.function.Consumer;
import java.util.stream.Collectors; import java.util.stream.Collectors;
/** /**
@ -70,89 +70,25 @@ public class ResourceServerService {
private final AuthorizationProvider authorization; private final AuthorizationProvider authorization;
private final RealmAuth auth; private final RealmAuth auth;
private final RealmModel realm;
private final KeycloakSession session;
private ResourceServer resourceServer; private ResourceServer resourceServer;
private final ClientModel client; private final ClientModel client;
public ResourceServerService(AuthorizationProvider authorization, ResourceServer resourceServer, ClientModel client, RealmAuth auth) { public ResourceServerService(AuthorizationProvider authorization, ResourceServer resourceServer, ClientModel client, RealmAuth auth) {
this.authorization = authorization; this.authorization = authorization;
this.session = authorization.getKeycloakSession();
this.client = client; this.client = client;
this.resourceServer = resourceServer; this.resourceServer = resourceServer;
this.realm = client.getRealm();
this.auth = auth; this.auth = auth;
} }
public void create() { public void create() {
if (resourceServer == null) { this.auth.requireManage();
RoleModel umaProtectionRole = client.getRole(Constants.AUTHZ_UMA_PROTECTION);
if (umaProtectionRole == null) {
umaProtectionRole = client.addRole(Constants.AUTHZ_UMA_PROTECTION);
}
KeycloakSession session = this.authorization.getKeycloakSession();
UserModel serviceAccount = session.users().getUserByServiceAccountClient(client);
if (!serviceAccount.hasRole(umaProtectionRole)) {
serviceAccount.grantRole(umaProtectionRole);
}
this.resourceServer = this.authorization.getStoreFactory().getResourceServerStore().create(this.client.getId()); this.resourceServer = this.authorization.getStoreFactory().getResourceServerStore().create(this.client.getId());
createDefaultRoles();
ResourceRepresentation defaultResource = new ResourceRepresentation(); createDefaultPermission(createDefaultResource(), createDefaultPolicy());
defaultResource.setName("Default Resource");
defaultResource.setUri("/*");
defaultResource.setType("urn:" + this.client.getClientId() + ":resources:default");
getResourceSetResource().create(defaultResource);
PolicyRepresentation defaultPolicy = new PolicyRepresentation();
defaultPolicy.setName("Only From Realm Policy");
defaultPolicy.setDescription("A policy that grants access only for users within this realm");
defaultPolicy.setType("js");
defaultPolicy.setDecisionStrategy(Policy.DecisionStrategy.AFFIRMATIVE);
defaultPolicy.setLogic(Policy.Logic.POSITIVE);
HashMap<String, String> defaultPolicyConfig = new HashMap<>();
defaultPolicyConfig.put("code", "var context = $evaluation.getContext();\n" +
"\n" +
"// using attributes from the evaluation context to obtain the realm\n" +
"var contextAttributes = context.getAttributes();\n" +
"var realmName = contextAttributes.getValue('kc.authz.context.authc.realm').asString(0);\n" +
"\n" +
"// using attributes from the identity to obtain the issuer\n" +
"var identity = context.getIdentity();\n" +
"var identityAttributes = identity.getAttributes();\n" +
"var issuer = identityAttributes.getValue('iss').asString(0);\n" +
"\n" +
"// only users from the realm have access granted \n" +
"if (issuer.endsWith(realmName)) {\n" +
" $evaluation.grant();\n" +
"}");
defaultPolicy.setConfig(defaultPolicyConfig);
getPolicyResource().create(defaultPolicy);
PolicyRepresentation defaultPermission = new PolicyRepresentation();
defaultPermission.setName("Default Permission");
defaultPermission.setType("resource");
defaultPermission.setDescription("A permission that applies to the default resource type");
defaultPermission.setDecisionStrategy(Policy.DecisionStrategy.UNANIMOUS);
defaultPermission.setLogic(Policy.Logic.POSITIVE);
HashMap<String, String> defaultPermissionConfig = new HashMap<>();
defaultPermissionConfig.put("default", "true");
defaultPermissionConfig.put("defaultResourceType", defaultResource.getType());
defaultPermissionConfig.put("applyPolicies", "[\"Only From Realm Policy\"]");
defaultPermission.setConfig(defaultPermissionConfig);
getPolicyResource().create(defaultPermission);
}
} }
@PUT @PUT
@ -160,7 +96,6 @@ public class ResourceServerService {
@Produces("application/json") @Produces("application/json")
public Response update(ResourceServerRepresentation server) { public Response update(ResourceServerRepresentation server) {
this.auth.requireManage(); this.auth.requireManage();
this.resourceServer.setAllowRemoteResourceManagement(server.isAllowRemoteResourceManagement()); this.resourceServer.setAllowRemoteResourceManagement(server.isAllowRemoteResourceManagement());
this.resourceServer.setPolicyEnforcementMode(server.getPolicyEnforcementMode()); this.resourceServer.setPolicyEnforcementMode(server.getPolicyEnforcementMode());
@ -168,7 +103,7 @@ public class ResourceServerService {
} }
public void delete() { public void delete() {
if (this.resourceServer != null) { this.auth.requireManage();
StoreFactory storeFactory = authorization.getStoreFactory(); StoreFactory storeFactory = authorization.getStoreFactory();
ResourceStore resourceStore = storeFactory.getResourceStore(); ResourceStore resourceStore = storeFactory.getResourceStore();
String id = resourceServer.getId(); String id = resourceServer.getId();
@ -185,13 +120,12 @@ public class ResourceServerService {
storeFactory.getResourceServerStore().delete(id); storeFactory.getResourceServerStore().delete(id);
} }
}
@GET @GET
@Produces("application/json") @Produces("application/json")
public Response findById() { public Response findById() {
this.auth.requireView(); this.auth.requireView();
return Response.ok(Models.toRepresentation(this.resourceServer, getRealm())).build(); return Response.ok(Models.toRepresentation(this.resourceServer, this.realm)).build();
} }
@Path("/settings") @Path("/settings")
@ -200,7 +134,7 @@ public class ResourceServerService {
public Response exportSettings() { public Response exportSettings() {
this.auth.requireManage(); this.auth.requireManage();
StoreFactory storeFactory = authorization.getStoreFactory(); StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServerRepresentation settings = Models.toRepresentation(resourceServer, getRealm()); ResourceServerRepresentation settings = Models.toRepresentation(resourceServer, this.realm);
settings.setId(null); settings.setId(null);
settings.setName(null); settings.setName(null);
@ -224,11 +158,12 @@ public class ResourceServerService {
settings.setResources(resources); settings.setResources(resources);
List<PolicyRepresentation> policies = new ArrayList<>(); List<PolicyRepresentation> policies = new ArrayList<>();
PolicyStore policyStore = storeFactory.getPolicyStore();
policies.addAll(storeFactory.getPolicyStore().findByResourceServer(resourceServer.getId()) policies.addAll(policyStore.findByResourceServer(resourceServer.getId())
.stream().filter(policy -> !policy.getType().equals("resource") && !policy.getType().equals("scope")) .stream().filter(policy -> !policy.getType().equals("resource") && !policy.getType().equals("scope"))
.map(policy -> createPolicyRepresentation(storeFactory, policy)).collect(Collectors.toList())); .map(policy -> createPolicyRepresentation(storeFactory, policy)).collect(Collectors.toList()));
policies.addAll(storeFactory.getPolicyStore().findByResourceServer(resourceServer.getId()) policies.addAll(policyStore.findByResourceServer(resourceServer.getId())
.stream().filter(policy -> policy.getType().equals("resource") || policy.getType().equals("scope")) .stream().filter(policy -> policy.getType().equals("resource") || policy.getType().equals("scope"))
.map(policy -> createPolicyRepresentation(storeFactory, policy)).collect(Collectors.toList())); .map(policy -> createPolicyRepresentation(storeFactory, policy)).collect(Collectors.toList()));
@ -256,127 +191,10 @@ public class ResourceServerService {
return Response.ok(settings).build(); return Response.ok(settings).build();
} }
private PolicyRepresentation createPolicyRepresentation(StoreFactory storeFactory, Policy policy) {
PolicyRepresentation rep = Models.toRepresentation(policy, authorization);
rep.setId(null);
rep.setDependentPolicies(null);
Map<String, String> config = rep.getConfig();
String roles = config.get("roles");
if (roles != null && !roles.isEmpty()) {
roles = roles.replace("[", "");
roles = roles.replace("]", "");
if (!roles.isEmpty()) {
String roleNames = "";
for (String role : roles.split(",")) {
if (!roleNames.isEmpty()) {
roleNames = roleNames + ",";
}
role = role.replace("\"", "");
roleNames = roleNames + "\"" + getRealm().getRoleById(role).getName() + "\"";
}
config.put("roles", "[" + roleNames + "]");
}
}
String users = config.get("users");
if (users != null) {
users = users.replace("[", "");
users = users.replace("]", "");
if (!users.isEmpty()) {
String userNames = "";
for (String user : users.split(",")) {
if (!userNames.isEmpty()) {
userNames = userNames + ",";
}
user = user.replace("\"", "");
userNames = userNames + "\"" + this.authorization.getKeycloakSession().users().getUserById(user, getRealm()).getUsername() + "\"";
}
config.put("users", "[" + userNames + "]");
}
}
String scopes = config.get("scopes");
if (scopes != null && !scopes.isEmpty()) {
scopes = scopes.replace("[", "");
scopes = scopes.replace("]", "");
if (!scopes.isEmpty()) {
String scopeNames = "";
for (String scope : scopes.split(",")) {
if (!scopeNames.isEmpty()) {
scopeNames = scopeNames + ",";
}
scope = scope.replace("\"", "");
scopeNames = scopeNames + "\"" + storeFactory.getScopeStore().findById(scope).getName() + "\"";
}
config.put("scopes", "[" + scopeNames + "]");
}
}
String policyResources = config.get("resources");
if (policyResources != null && !policyResources.isEmpty()) {
policyResources = policyResources.replace("[", "");
policyResources = policyResources.replace("]", "");
if (!policyResources.isEmpty()) {
String resourceNames = "";
for (String resource : policyResources.split(",")) {
if (!resourceNames.isEmpty()) {
resourceNames = resourceNames + ",";
}
resource = resource.replace("\"", "");
resourceNames = resourceNames + "\"" + storeFactory.getResourceStore().findById(resource).getName() + "\"";
}
config.put("resources", "[" + resourceNames + "]");
}
}
String policyNames = "";
Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
if (!associatedPolicies.isEmpty()) {
for (Policy associatedPolicy : associatedPolicies) {
if (!policyNames.isEmpty()) {
policyNames = policyNames + ",";
}
policyNames = policyNames + "\"" + associatedPolicy.getName() + "\"";
}
config.put("applyPolicies", "[" + policyNames + "]");
}
return rep;
}
@POST @POST
@Consumes(MediaType.MULTIPART_FORM_DATA) @Consumes(MediaType.MULTIPART_FORM_DATA)
public Response importSettings(@Context final UriInfo uriInfo, MultipartFormDataInput input) throws IOException { public Response importSettings(@Context final UriInfo uriInfo, MultipartFormDataInput input) throws IOException {
this.auth.requireManage();
Map<String, List<InputPart>> uploadForm = input.getFormDataMap(); Map<String, List<InputPart>> uploadForm = input.getFormDataMap();
List<InputPart> inputParts = uploadForm.get("file"); List<InputPart> inputParts = uploadForm.get("file");
@ -415,7 +233,7 @@ public class ResourceServerService {
owner.setId(resourceServer.getClientId()); owner.setId(resourceServer.getClientId());
if (owner.getName() != null) { if (owner.getName() != null) {
UserModel user = this.authorization.getKeycloakSession().users().getUserByUsername(owner.getName(), getRealm()); UserModel user = this.session.users().getUserByUsername(owner.getName(), this.realm);
if (user != null) { if (user != null) {
owner.setId(user.getId()); owner.setId(user.getId());
@ -432,7 +250,7 @@ public class ResourceServerService {
}); });
PolicyStore policyStore = storeFactory.getPolicyStore(); PolicyStore policyStore = storeFactory.getPolicyStore();
PolicyService policyResource = new PolicyService(resourceServer, this.authorization); PolicyService policyResource = new PolicyService(resourceServer, this.authorization, this.auth);
ResteasyProviderFactory.getInstance().injectProperties(policyResource); ResteasyProviderFactory.getInstance().injectProperties(policyResource);
@ -455,7 +273,7 @@ public class ResourceServerService {
role = role.replace("\"", ""); role = role.replace("\"", "");
roleNames = roleNames + "\"" + getRealm().getRole(role).getId() + "\""; roleNames = roleNames + "\"" + this.realm.getRole(role).getId() + "\"";
} }
config.put("roles", "[" + roleNames + "]"); config.put("roles", "[" + roleNames + "]");
@ -478,7 +296,7 @@ public class ResourceServerService {
user = user.replace("\"", ""); user = user.replace("\"", "");
userNames = userNames + "\"" + this.authorization.getKeycloakSession().users().getUserByUsername(user, getRealm()).getId() + "\""; userNames = userNames + "\"" + this.session.users().getUserByUsername(user, this.realm).getId() + "\"";
} }
config.put("users", "[" + userNames + "]"); config.put("users", "[" + userNames + "]");
@ -603,15 +421,210 @@ public class ResourceServerService {
@Path("/policy") @Path("/policy")
public PolicyService getPolicyResource() { public PolicyService getPolicyResource() {
StoreFactory storeFactory = authorization.getStoreFactory(); PolicyService resource = new PolicyService(this.resourceServer, this.authorization, this.auth);
PolicyService resource = new PolicyService(this.resourceServer, this.authorization);
ResteasyProviderFactory.getInstance().injectProperties(resource); ResteasyProviderFactory.getInstance().injectProperties(resource);
return resource; return resource;
} }
private RealmModel getRealm() { private void createDefaultPermission(ResourceRepresentation resource, PolicyRepresentation policy) {
return this.authorization.getKeycloakSession().getContext().getRealm(); PolicyRepresentation defaultPermission = new PolicyRepresentation();
defaultPermission.setName("Default Permission");
defaultPermission.setType("resource");
defaultPermission.setDescription("A permission that applies to the default resource type");
defaultPermission.setDecisionStrategy(Policy.DecisionStrategy.UNANIMOUS);
defaultPermission.setLogic(Policy.Logic.POSITIVE);
HashMap<String, String> defaultPermissionConfig = new HashMap<>();
defaultPermissionConfig.put("default", "true");
defaultPermissionConfig.put("defaultResourceType", resource.getType());
defaultPermissionConfig.put("applyPolicies", "[\"" + policy.getName() + "\"]");
defaultPermission.setConfig(defaultPermissionConfig);
getPolicyResource().create(defaultPermission);
}
private PolicyRepresentation createDefaultPolicy() {
PolicyRepresentation defaultPolicy = new PolicyRepresentation();
defaultPolicy.setName("Only From Realm Policy");
defaultPolicy.setDescription("A policy that grants access only for users within this realm");
defaultPolicy.setType("js");
defaultPolicy.setDecisionStrategy(Policy.DecisionStrategy.AFFIRMATIVE);
defaultPolicy.setLogic(Policy.Logic.POSITIVE);
HashMap<String, String> defaultPolicyConfig = new HashMap<>();
defaultPolicyConfig.put("code", "var context = $evaluation.getContext();\n" +
"\n" +
"// using attributes from the evaluation context to obtain the realm\n" +
"var contextAttributes = context.getAttributes();\n" +
"var realmName = contextAttributes.getValue('kc.authz.context.authc.realm').asString(0);\n" +
"\n" +
"// using attributes from the identity to obtain the issuer\n" +
"var identity = context.getIdentity();\n" +
"var identityAttributes = identity.getAttributes();\n" +
"var issuer = identityAttributes.getValue('iss').asString(0);\n" +
"\n" +
"// only users from the realm have access granted \n" +
"if (issuer.endsWith(realmName)) {\n" +
" $evaluation.grant();\n" +
"}");
defaultPolicy.setConfig(defaultPolicyConfig);
getPolicyResource().create(defaultPolicy);
return defaultPolicy;
}
private ResourceRepresentation createDefaultResource() {
ResourceRepresentation defaultResource = new ResourceRepresentation();
defaultResource.setName("Default Resource");
defaultResource.setUri("/*");
defaultResource.setType("urn:" + this.client.getClientId() + ":resources:default");
getResourceSetResource().create(defaultResource);
return defaultResource;
}
private void createDefaultRoles() {
RoleModel umaProtectionRole = client.getRole(Constants.AUTHZ_UMA_PROTECTION);
if (umaProtectionRole == null) {
umaProtectionRole = client.addRole(Constants.AUTHZ_UMA_PROTECTION);
}
UserModel serviceAccount = this.session.users().getUserByServiceAccountClient(client);
if (!serviceAccount.hasRole(umaProtectionRole)) {
serviceAccount.grantRole(umaProtectionRole);
}
}
private PolicyRepresentation createPolicyRepresentation(StoreFactory storeFactory, Policy policy) {
PolicyRepresentation rep = Models.toRepresentation(policy, authorization);
rep.setId(null);
rep.setDependentPolicies(null);
Map<String, String> config = rep.getConfig();
String roles = config.get("roles");
if (roles != null && !roles.isEmpty()) {
roles = roles.replace("[", "");
roles = roles.replace("]", "");
if (!roles.isEmpty()) {
String roleNames = "";
for (String role : roles.split(",")) {
if (!roleNames.isEmpty()) {
roleNames = roleNames + ",";
}
role = role.replace("\"", "");
roleNames = roleNames + "\"" + this.realm.getRoleById(role).getName() + "\"";
}
config.put("roles", "[" + roleNames + "]");
}
}
String users = config.get("users");
if (users != null) {
users = users.replace("[", "");
users = users.replace("]", "");
if (!users.isEmpty()) {
UserFederationManager userManager = this.session.users();
String userNames = "";
for (String user : users.split(",")) {
if (!userNames.isEmpty()) {
userNames = userNames + ",";
}
user = user.replace("\"", "");
userNames = userNames + "\"" + userManager.getUserById(user, this.realm).getUsername() + "\"";
}
config.put("users", "[" + userNames + "]");
}
}
String scopes = config.get("scopes");
if (scopes != null && !scopes.isEmpty()) {
scopes = scopes.replace("[", "");
scopes = scopes.replace("]", "");
if (!scopes.isEmpty()) {
ScopeStore scopeStore = storeFactory.getScopeStore();
String scopeNames = "";
for (String scope : scopes.split(",")) {
if (!scopeNames.isEmpty()) {
scopeNames = scopeNames + ",";
}
scope = scope.replace("\"", "");
scopeNames = scopeNames + "\"" + scopeStore.findById(scope).getName() + "\"";
}
config.put("scopes", "[" + scopeNames + "]");
}
}
String policyResources = config.get("resources");
if (policyResources != null && !policyResources.isEmpty()) {
policyResources = policyResources.replace("[", "");
policyResources = policyResources.replace("]", "");
if (!policyResources.isEmpty()) {
ResourceStore resourceStore = storeFactory.getResourceStore();
String resourceNames = "";
for (String resource : policyResources.split(",")) {
if (!resourceNames.isEmpty()) {
resourceNames = resourceNames + ",";
}
resource = resource.replace("\"", "");
resourceNames = resourceNames + "\"" + resourceStore.findById(resource).getName() + "\"";
}
config.put("resources", "[" + resourceNames + "]");
}
}
String policyNames = "";
Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
if (!associatedPolicies.isEmpty()) {
for (Policy associatedPolicy : associatedPolicies) {
if (!policyNames.isEmpty()) {
policyNames = policyNames + ",";
}
policyNames = policyNames + "\"" + associatedPolicy.getName() + "\"";
}
config.put("applyPolicies", "[" + policyNames + "]");
}
return rep;
} }
} }

12
services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java
View file

@ -162,15 +162,15 @@ public class ResourceSetService {
.build(); .build();
} }
private void requireManage() {
if (this.auth != null) {
this.auth.requireManage();
}
}
private void requireView() { private void requireView() {
if (this.auth != null) { if (this.auth != null) {
this.auth.requireView(); this.auth.requireView();
} }
} }
private void requireManage() {
if (this.auth != null) {
this.auth.requireManage();
}
}
} }