Commit graph

228 commits

Author SHA1 Message Date
Stefan Guilhen
8581886944 Add validation for role and time policies
Closes #28978

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-10-21 15:51:38 -03:00
Pedro Igor
b76f4f9c1b Avoid iterating over user policies when removing users
Closes #19358

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-10-15 15:01:40 +02:00
mposolda
b95d12a968 Add AuthzClientCryptoProvider to authz-client in keycloak main repository
closes #33831

Signed-off-by: mposolda <mposolda@gmail.com>
2024-10-15 08:16:14 +02:00
rmartinc
c532751ff4 Downgrade Java for client libraries to 8
Closes #33051

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-20 17:01:01 +02:00
mposolda
4b95b42590 Avoid releasing keycloak-authz-client-test artifact to maven repositories
closes #31653

Signed-off-by: mposolda <mposolda@gmail.com>
2024-09-05 11:57:08 +02:00
mposolda
cd947ce3bc Removing policy-enforcer from Keycloak repository
closes #32191

Signed-off-by: mposolda <mposolda@gmail.com>
2024-08-28 07:40:20 -03:00
mposolda
54a538b3ad Update RolePolicyRepresentation fields from 'boolean' to 'Boolean'
closes #32117

Signed-off-by: mposolda <mposolda@gmail.com>
2024-08-14 13:11:06 +02:00
Krishna Kumar
fc80cc75fe
Make createPatSupplier private to public
Closes #29986

Signed-off-by: Krishna Kumar <krishnachaurasia1998@gmail.com>
2024-07-23 11:11:42 +00:00
Diego Ramp
ae74d923d2 fix bad debugv({}) in favor of more tolerant debugf(%s)
Closes #31368

Signed-off-by: Diego Ramp <diego.ramp@mobi.ch>
2024-07-18 10:34:32 +02:00
mposolda
06f6173c8a Add suffix to keycloak-authz-client artifact in keycloak repository
closes #30926

Signed-off-by: mposolda <mposolda@gmail.com>
2024-07-17 14:59:09 +02:00
mposolda
5526976d1c Add suffix to keycloak-policy-enforcer artifacts in keycloak repository
closes #30927

Signed-off-by: mposolda <mposolda@gmail.com>
2024-07-17 12:03:23 +02:00
Pedro Igor
cbf7f208fb
Avoid iterating and updating all group policies when removing groups (#31057)
Closes #31056

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-08 13:57:20 +02:00
Romain LABAT
6615691c63
Support for service accounts when fetch roles is enabled (#30687)
Support for service accounts when fetch roles is enabled

Signed-off-by: Romain LABAT <contact@romainlabat.fr>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-25 18:00:26 -03:00
Douglas Palmer
5af3001122 Check if OSGI metadata can be removed entirely
Closes #29104

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-06-25 14:12:33 +02:00
Stefan Guilhen
52c9e440d6 Guard against NPE when fetching users associated with user policies.
Closes #28915

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-10 16:52:25 -03:00
Douglas Palmer
00bd6224fa Remove remaining Fuse adapter bits
Closes #28787

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-05-06 09:02:26 +02:00
Steven Hawkins
9486432f3f
fix: removing httpclient override (#28304)
we need to have a dependency on commons-logging-jboss-logging

closes: #21392

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-23 10:09:06 +02:00
Mark Banierink
ad32896725
replaced and removed deprecated token methods (#27715)
closes #19671 

Signed-off-by: Mark Banierink <mark.banierink@nedap.com>


Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-23 09:23:37 +02:00
Pedro Igor
8e48bac278 Ordering the group and role ids in the policy representation
Closes #28824

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-22 20:28:47 +02:00
Pedro Igor
4ec9fea8f7 Adding tests
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-03 08:04:17 -03:00
EnneS
365a3feafa Remove deleted roles from policy on update
Closes #26915

Signed-off-by: EnneS <nathan.soulier26@gmail.com>
2024-04-03 08:04:17 -03:00
Clemens Zagler
b44252fde9 authz/client: Fix getPermissions returning wrong type
Due to an issue with runtime type erasure, getPermissions returned a
List<LinkedHashSet> instead of List<Permission>.
Fixed and added test to catch this

Closes #16520

Signed-off-by: Clemens Zagler <c.zagler@noi.bz.it>
2024-04-02 11:09:43 -03:00
Pedro Igor
d12711e858 Allow fetching roles when evaluating role licies
Closes #20736

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-05 15:54:02 +01:00
Clemens Zagler
dca50bba3f Authz-client: fix ClassCast Exception when getting resource permissions
(#27483)

Signed-off-by: Clemens Zagler <c.zagler@noi.bz.it>
2024-03-04 22:19:36 +09:00
Steven Hawkins
402c7d9b18
Removing version overrides and further aligning with quarkus versions (#26788)
* elevating wildfly-elytron-http-oidc version management

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* removing testing dependency overrides

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* further version aligment with quarkus

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* adding a resteay-core-spi that can be overriden

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* removing hamcrest override

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* aligning with 3.7.1

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-02-07 17:57:23 +01:00
Michal Hajas
00742a62dd
Remove RealmModel from authorization services interfaces (#26708)
Closes #26530
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-02-02 16:51:32 +01:00
remi
b22efeec78 Add a toggle to use context attributes on the regex policy provider
Signed-off-by: remi <remi.tuveri@gmail.com>
2024-01-10 16:15:25 -03:00
Douglas Palmer
58d167fe59 Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user.
Closes #24651
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-01-08 19:32:01 -03:00
Alice W
cf19c06341 Add logging to the policy providers for general debugging purposes
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
2024-01-05 11:56:00 -03:00
Alice
69497382d8
Group scalability upgrades (#22700)
closes #22372 


Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-26 16:50:45 +02:00
Emilien Bondu
95a45f0910 Set headers before calling sendError() method
Closes #23325
2023-09-18 13:05:12 -03:00
Peter Zaoral
2b1c29a6f2 Use Quarkus Platform BOM
Closes #20570
Closes #15870

Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
2023-07-06 12:45:48 -03:00
Yoshiyuki Tabata
bd37875a66 allow specifying format of "permission" parameter in the UMA grant token
endpoint (#15947)
2023-05-29 08:56:39 -03:00
mposolda
1f5d3223ae Memory leak with PathCache.cache growing due the map was not synchronized
closes #19096
2023-05-24 08:16:58 -03:00
Pedro Igor
2cd82b9861 Exposing the authz client 2023-05-05 10:18:55 -03:00
Pedro Igor
79cd47a280 Built-in support for Jakarta Servlet 2023-04-28 08:26:58 +02:00
Hynek Mlnarik
0ddc71d987 Properly encode id in URL
Closes: #19816
2023-04-19 15:10:04 -03:00
Pedro Igor
409e1c3581 Policy Enforcer built-in support for Elytron and Jakarta
Closes #19540
2023-04-05 17:03:15 +02:00
Pedro Igor
a30b6842a6 Decouple the policy enforcer from adapters and provide a separate library
Closes keycloak#17353
2023-03-17 11:40:51 +01:00
Jon Koops
972ebb9650
Use a valid SemVer format for the SNAPSHOT version (#17334)
* Use a valid SemVer format for the SNAPSHOT version

* Update pom.xml

* Update pom.xml

---------

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2023-03-03 11:11:44 +01:00
Pedro Igor
712656765e Authz client not updated with the way of encoding the basic header
Closes #15086
2022-10-24 08:45:30 +02:00
Pedro Igor
a0079b516b
Allow setting response mode (#14104)
Closes #14083
2022-09-09 14:28:47 +02:00
yaokai2
0c654fa53b Add java logging for auth server response.
Closes #13557
2022-08-30 10:12:26 -03:00
yaokai2
df1384f2c6 Revert "Print response from http call to keycloak server"
This reverts commit a4cb23ac92ad95c3d06586b1c6ed7f4ccdef165e.
2022-08-30 10:12:26 -03:00
yaokai2
fb57d1972f Print response from http call to keycloak server
Closes #13557
2022-08-30 10:12:26 -03:00
Pedro Igor
2cc4b54404
Do not cache policies if they no longer exist (#12797)
Closes #12657

Co-authored-by: Michal Hajas <mhajas@redhat.com>

Co-authored-by: Michal Hajas <mhajas@redhat.com>
2022-08-25 13:52:30 +02:00
Pedro Igor
eda33a0b21 Concurrency issue when caching JS policies
Closes #12204
2022-08-17 16:30:32 -03:00
Pedro Igor
3d2c3fbc6a Support JSON objects when evaluating claims in regex policy
Closes #11514
2022-06-23 14:04:09 -03:00
Alexander Schwartz
850af55edc Ensure that only JDK 8 APIs are used where JDK 8 is still required.
Closes #10842
2022-06-20 14:44:33 -03:00
Michal Hajas
d3b43a9f59 Make sure there is always Realm or ResourceServer when searching for authz entities
Closes #11817
2022-05-11 07:20:01 -03:00