EnneS
365a3feafa
Remove deleted roles from policy on update
...
Closes #26915
Signed-off-by: EnneS <nathan.soulier26@gmail.com>
2024-04-03 08:04:17 -03:00
Clemens Zagler
b44252fde9
authz/client: Fix getPermissions returning wrong type
...
Due to an issue with runtime type erasure, getPermissions returned a
List<LinkedHashSet> instead of List<Permission>.
Fixed and added test to catch this
Closes #16520
Signed-off-by: Clemens Zagler <c.zagler@noi.bz.it>
2024-04-02 11:09:43 -03:00
Pedro Igor
d12711e858
Allow fetching roles when evaluating role licies
...
Closes #20736
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-05 15:54:02 +01:00
Clemens Zagler
dca50bba3f
Authz-client: fix ClassCast Exception when getting resource permissions
...
(#27483 )
Signed-off-by: Clemens Zagler <c.zagler@noi.bz.it>
2024-03-04 22:19:36 +09:00
Steven Hawkins
402c7d9b18
Removing version overrides and further aligning with quarkus versions ( #26788 )
...
* elevating wildfly-elytron-http-oidc version management
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* removing testing dependency overrides
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* further version aligment with quarkus
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* adding a resteay-core-spi that can be overriden
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* removing hamcrest override
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* aligning with 3.7.1
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-02-07 17:57:23 +01:00
Michal Hajas
00742a62dd
Remove RealmModel from authorization services interfaces ( #26708 )
...
Closes #26530
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-02-02 16:51:32 +01:00
remi
b22efeec78
Add a toggle to use context attributes on the regex policy provider
...
Signed-off-by: remi <remi.tuveri@gmail.com>
2024-01-10 16:15:25 -03:00
Douglas Palmer
58d167fe59
Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user.
...
Closes #24651
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-01-08 19:32:01 -03:00
Alice W
cf19c06341
Add logging to the policy providers for general debugging purposes
...
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
2024-01-05 11:56:00 -03:00
Alice
69497382d8
Group scalability upgrades ( #22700 )
...
closes #22372
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-26 16:50:45 +02:00
Emilien Bondu
95a45f0910
Set headers before calling sendError() method
...
Closes #23325
2023-09-18 13:05:12 -03:00
Peter Zaoral
2b1c29a6f2
Use Quarkus Platform BOM
...
Closes #20570
Closes #15870
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
2023-07-06 12:45:48 -03:00
Yoshiyuki Tabata
bd37875a66
allow specifying format of "permission" parameter in the UMA grant token
...
endpoint (#15947 )
2023-05-29 08:56:39 -03:00
mposolda
1f5d3223ae
Memory leak with PathCache.cache growing due the map was not synchronized
...
closes #19096
2023-05-24 08:16:58 -03:00
Pedro Igor
2cd82b9861
Exposing the authz client
2023-05-05 10:18:55 -03:00
Pedro Igor
79cd47a280
Built-in support for Jakarta Servlet
2023-04-28 08:26:58 +02:00
Hynek Mlnarik
0ddc71d987
Properly encode id in URL
...
Closes : #19816
2023-04-19 15:10:04 -03:00
Pedro Igor
409e1c3581
Policy Enforcer built-in support for Elytron and Jakarta
...
Closes #19540
2023-04-05 17:03:15 +02:00
Pedro Igor
a30b6842a6
Decouple the policy enforcer from adapters and provide a separate library
...
Closes keycloak#17353
2023-03-17 11:40:51 +01:00
Jon Koops
972ebb9650
Use a valid SemVer format for the SNAPSHOT version ( #17334 )
...
* Use a valid SemVer format for the SNAPSHOT version
* Update pom.xml
* Update pom.xml
---------
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2023-03-03 11:11:44 +01:00
Pedro Igor
712656765e
Authz client not updated with the way of encoding the basic header
...
Closes #15086
2022-10-24 08:45:30 +02:00
Pedro Igor
a0079b516b
Allow setting response mode ( #14104 )
...
Closes #14083
2022-09-09 14:28:47 +02:00
yaokai2
0c654fa53b
Add java logging for auth server response.
...
Closes #13557
2022-08-30 10:12:26 -03:00
yaokai2
df1384f2c6
Revert "Print response from http call to keycloak server"
...
This reverts commit a4cb23ac92ad95c3d06586b1c6ed7f4ccdef165e.
2022-08-30 10:12:26 -03:00
yaokai2
fb57d1972f
Print response from http call to keycloak server
...
Closes #13557
2022-08-30 10:12:26 -03:00
Pedro Igor
2cc4b54404
Do not cache policies if they no longer exist ( #12797 )
...
Closes #12657
Co-authored-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2022-08-25 13:52:30 +02:00
Pedro Igor
eda33a0b21
Concurrency issue when caching JS policies
...
Closes #12204
2022-08-17 16:30:32 -03:00
Pedro Igor
3d2c3fbc6a
Support JSON objects when evaluating claims in regex policy
...
Closes #11514
2022-06-23 14:04:09 -03:00
Alexander Schwartz
850af55edc
Ensure that only JDK 8 APIs are used where JDK 8 is still required.
...
Closes #10842
2022-06-20 14:44:33 -03:00
Michal Hajas
d3b43a9f59
Make sure there is always Realm or ResourceServer when searching for authz entities
...
Closes #11817
2022-05-11 07:20:01 -03:00
Stian Thorgersen
e3f3e65ac5
Remove JDK7 support for adapters ( #11607 )
...
Closes #11606
2022-04-27 08:33:23 +02:00
Pedro Igor
2cb5d8d972
Removing upload scripts feature ( #11117 )
...
Closes #9865
Co-authored-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2022-04-20 14:25:16 +02:00
Michal Hajas
99c06d1102
Authorization services refactoring
...
Closes : #10447
* Prepare logical layer to distinguish between ResourceServer id and client.id
* Reorder Authz methods: For entities outside of Authz we use RealmModel as first parameter for each method, to be consistent with this we move ResourceServer to the first place for each method in authz
* Prepare Logical (Models/Adapters) layer for returning other models instead of ids
* Replace resourceServerId with resourceServer model in PermissionTicketStore
* Replace resourceServerId with resourceServer model in PolicyStore
* Replace resourceServerId with resourceServer model in ScopeStore
* Replace resourceServerId with resourceServer model in ResourceStore
* Fix PermissionTicketStore bug
* Fix NPEs in caching layer
* Replace primitive int with Integer for pagination parameters
2022-03-22 20:49:40 +01:00
keycloak-bot
c71aa8b711
Set version to 999-SNAPSHOT ( #10784 )
2022-03-22 09:22:48 +01:00
Vlasta Ramik
aa6a131b73
Change String client.id to ClientModel client in ResourceServerStore
...
Closes #10442
2022-02-24 12:46:26 +01:00
keycloak-bot
d9f1a9b207
Set version to 18.0.0-SNAPSHOT ( #10165 )
2022-02-11 21:28:06 +01:00
keycloak-bot
9f3d4a7d42
Set version to 17.0.0-SNAPSHOT
2021-12-20 10:50:39 +01:00
stianst
9f79476520
KEYCLOAK-19403 Fix issues in IntelliJ
2021-09-28 08:11:39 +02:00
keycloak-bot
262ec3d031
Set version to 16.0.0-SNAPSHOT
2021-07-30 14:56:10 +02:00
Yoshiyuki Tabata
52ced98f92
KEYCLOAK-18503 Regex Policy for authorization service
2021-06-24 08:49:41 -03:00
keycloak-bot
13f7831a77
Set version to 15.0.0-SNAPSHOT
2021-06-18 10:42:27 +02:00
Michal Hajas
5c71c3d97f
KEYCLOAK-17764 Remove all clients querying fallback ( #8077 )
2021-05-26 13:18:58 +02:00
Michal Hajas
4b2c20c871
KEYCLOAK-17765 Remove doubled synchronization of UserPolicies on UserRemovedEvent
2021-05-25 10:31:05 +02:00
keycloak-bot
4b44f7d566
Set version to 14.0.0-SNAPSHOT
2021-05-06 14:55:01 +02:00
Yoshiyuki Tabata
45202bd49a
KEYCLOAK-17637 Client Scope Policy for authorization service
2021-04-26 08:58:33 -03:00
Pedro Igor
ffadbc3ba3
[KEYCLOAK-17173] - Support for script providers in keycloak.x
2021-02-22 10:12:36 -03:00
stefvdwel
8f719885fd
Fixed tests. Removed styling changes.
2021-02-17 09:40:19 -03:00
stefvdwel
b97f5eb128
Added PermissionTicket count test.
2021-02-17 09:40:19 -03:00
Pedro Igor
922d7da3ae
[KEYCLOAK-16497] - AuthzClient.create() fails when env variables are used in auth-server-url
2021-01-28 12:07:58 -03:00
Pedro Igor
0c501f8302
[KEYCLOAK-16837] - Authz client still relying on refresh tokens when doing client credentials
2021-01-27 12:23:32 -03:00