From e8dd05619b401ebc5bb3ff2eb94c5368c33bb733 Mon Sep 17 00:00:00 2001 From: sebastien blanc Date: Thu, 27 Oct 2016 14:41:52 +0200 Subject: [PATCH 1/2] KEYCLOAK-3796 : add missing setters --- .../adapters/config/PolicyEnforcerConfig.java | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/core/src/main/java/org/keycloak/representations/adapters/config/PolicyEnforcerConfig.java b/core/src/main/java/org/keycloak/representations/adapters/config/PolicyEnforcerConfig.java index 9cf710ac5d..f7607f8b11 100644 --- a/core/src/main/java/org/keycloak/representations/adapters/config/PolicyEnforcerConfig.java +++ b/core/src/main/java/org/keycloak/representations/adapters/config/PolicyEnforcerConfig.java @@ -101,6 +101,18 @@ public class PolicyEnforcerConfig { return accessDeniedPath; } + public void setUmaProtocolConfig(UmaProtocolConfig umaProtocolConfig) { + this.umaProtocolConfig = umaProtocolConfig; + } + + public void setEntitlementProtocolConfig(EntitlementProtocolConfig entitlementProtocolConfig) { + this.entitlementProtocolConfig = entitlementProtocolConfig; + } + + public void setAccessDeniedPath(String accessDeniedPath) { + this.accessDeniedPath = accessDeniedPath; + } + public static class PathConfig { private String name; From 621d234adc7a6ab57d179cd341b5517b49c97229 Mon Sep 17 00:00:00 2001 From: sebastien blanc Date: Thu, 27 Oct 2016 16:16:30 +0200 Subject: [PATCH 2/2] renaming fields to align with json names --- .../authorization/AbstractPolicyEnforcer.java | 2 +- .../BearerTokenPolicyEnforcer.java | 2 +- .../KeycloakAdapterPolicyEnforcer.java | 4 +-- .../adapters/config/PolicyEnforcerConfig.java | 30 +++++++++---------- 4 files changed, 19 insertions(+), 19 deletions(-) diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java index bbbf573e34..9377b0b0db 100644 --- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java +++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/AbstractPolicyEnforcer.java @@ -110,7 +110,7 @@ public abstract class AbstractPolicyEnforcer { protected boolean isAuthorized(PathConfig actualPathConfig, Set requiredScopes, AccessToken accessToken, OIDCHttpFacade httpFacade) { Request request = httpFacade.getRequest(); PolicyEnforcerConfig enforcerConfig = getEnforcerConfig(); - String accessDeniedPath = enforcerConfig.getAccessDeniedPath(); + String accessDeniedPath = enforcerConfig.getOnDenyRedirectTo(); if (accessDeniedPath != null) { if (request.getURI().contains(accessDeniedPath)) { diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/BearerTokenPolicyEnforcer.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/BearerTokenPolicyEnforcer.java index 91e23cf9b9..f8f88d4773 100644 --- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/BearerTokenPolicyEnforcer.java +++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/BearerTokenPolicyEnforcer.java @@ -41,7 +41,7 @@ public class BearerTokenPolicyEnforcer extends AbstractPolicyEnforcer { @Override protected boolean challenge(PathConfig pathConfig, Set requiredScopes, OIDCHttpFacade facade) { - if (getEnforcerConfig().getUmaProtocolConfig() != null) { + if (getEnforcerConfig().getUserManagedAccess() != null) { challengeUmaAuthentication(pathConfig, requiredScopes, facade); } else { challengeEntitlementAuthentication(facade); diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/KeycloakAdapterPolicyEnforcer.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/KeycloakAdapterPolicyEnforcer.java index 518c0549f7..a12fc84123 100644 --- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/KeycloakAdapterPolicyEnforcer.java +++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/authorization/KeycloakAdapterPolicyEnforcer.java @@ -88,7 +88,7 @@ public class KeycloakAdapterPolicyEnforcer extends AbstractPolicyEnforcer { @Override protected boolean challenge(PathConfig pathConfig, Set requiredScopes, OIDCHttpFacade facade) { - String accessDeniedPath = getEnforcerConfig().getAccessDeniedPath(); + String accessDeniedPath = getEnforcerConfig().getOnDenyRedirectTo(); HttpFacade.Response response = facade.getResponse(); if (accessDeniedPath != null) { @@ -107,7 +107,7 @@ public class KeycloakAdapterPolicyEnforcer extends AbstractPolicyEnforcer { AuthzClient authzClient = getAuthzClient(); KeycloakDeployment deployment = getPolicyEnforcer().getDeployment(); - if (getEnforcerConfig().getUmaProtocolConfig() != null) { + if (getEnforcerConfig().getUserManagedAccess() != null) { LOGGER.debug("Obtaining authorization for authenticated user."); PermissionRequest permissionRequest = new PermissionRequest(); diff --git a/core/src/main/java/org/keycloak/representations/adapters/config/PolicyEnforcerConfig.java b/core/src/main/java/org/keycloak/representations/adapters/config/PolicyEnforcerConfig.java index f7607f8b11..0c3faf8d53 100644 --- a/core/src/main/java/org/keycloak/representations/adapters/config/PolicyEnforcerConfig.java +++ b/core/src/main/java/org/keycloak/representations/adapters/config/PolicyEnforcerConfig.java @@ -39,11 +39,11 @@ public class PolicyEnforcerConfig { @JsonProperty("user-managed-access") @JsonInclude(JsonInclude.Include.NON_NULL) - private UmaProtocolConfig umaProtocolConfig; + private UmaProtocolConfig userManagedAccess; @JsonProperty("entitlement") @JsonInclude(JsonInclude.Include.NON_NULL) - private EntitlementProtocolConfig entitlementProtocolConfig; + private EntitlementProtocolConfig entitlement; @JsonProperty("paths") @JsonInclude(JsonInclude.Include.NON_EMPTY) @@ -55,7 +55,7 @@ public class PolicyEnforcerConfig { @JsonProperty("on-deny-redirect-to") @JsonInclude(JsonInclude.Include.NON_NULL) - private String accessDeniedPath; + private String onDenyRedirectTo; public Boolean isCreateResources() { return this.createResources; @@ -73,12 +73,12 @@ public class PolicyEnforcerConfig { this.enforcementMode = enforcementMode; } - public UmaProtocolConfig getUmaProtocolConfig() { - return this.umaProtocolConfig; + public UmaProtocolConfig getUserManagedAccess() { + return this.userManagedAccess; } - public EntitlementProtocolConfig getEntitlementProtocolConfig() { - return this.entitlementProtocolConfig; + public EntitlementProtocolConfig getEntitlement() { + return this.entitlement; } public Boolean isOnlineIntrospection() { @@ -97,20 +97,20 @@ public class PolicyEnforcerConfig { this.paths = paths; } - public String getAccessDeniedPath() { - return accessDeniedPath; + public String getOnDenyRedirectTo() { + return onDenyRedirectTo; } - public void setUmaProtocolConfig(UmaProtocolConfig umaProtocolConfig) { - this.umaProtocolConfig = umaProtocolConfig; + public void setUserManagedAccess(UmaProtocolConfig userManagedAccess) { + this.userManagedAccess = userManagedAccess; } - public void setEntitlementProtocolConfig(EntitlementProtocolConfig entitlementProtocolConfig) { - this.entitlementProtocolConfig = entitlementProtocolConfig; + public void setEntitlement(EntitlementProtocolConfig entitlement) { + this.entitlement = entitlement; } - public void setAccessDeniedPath(String accessDeniedPath) { - this.accessDeniedPath = accessDeniedPath; + public void setOnDenyRedirectTo(String onDenyRedirectTo) { + this.onDenyRedirectTo = onDenyRedirectTo; } public static class PathConfig {