Commit graph

224 commits

Author SHA1 Message Date
mposolda
4b95b42590 Avoid releasing keycloak-authz-client-test artifact to maven repositories
closes #31653

Signed-off-by: mposolda <mposolda@gmail.com>
2024-09-05 11:57:08 +02:00
mposolda
cd947ce3bc Removing policy-enforcer from Keycloak repository
closes #32191

Signed-off-by: mposolda <mposolda@gmail.com>
2024-08-28 07:40:20 -03:00
mposolda
54a538b3ad Update RolePolicyRepresentation fields from 'boolean' to 'Boolean'
closes #32117

Signed-off-by: mposolda <mposolda@gmail.com>
2024-08-14 13:11:06 +02:00
Krishna Kumar
fc80cc75fe
Make createPatSupplier private to public
Closes #29986

Signed-off-by: Krishna Kumar <krishnachaurasia1998@gmail.com>
2024-07-23 11:11:42 +00:00
Diego Ramp
ae74d923d2 fix bad debugv({}) in favor of more tolerant debugf(%s)
Closes #31368

Signed-off-by: Diego Ramp <diego.ramp@mobi.ch>
2024-07-18 10:34:32 +02:00
mposolda
06f6173c8a Add suffix to keycloak-authz-client artifact in keycloak repository
closes #30926

Signed-off-by: mposolda <mposolda@gmail.com>
2024-07-17 14:59:09 +02:00
mposolda
5526976d1c Add suffix to keycloak-policy-enforcer artifacts in keycloak repository
closes #30927

Signed-off-by: mposolda <mposolda@gmail.com>
2024-07-17 12:03:23 +02:00
Pedro Igor
cbf7f208fb
Avoid iterating and updating all group policies when removing groups (#31057)
Closes #31056

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-08 13:57:20 +02:00
Romain LABAT
6615691c63
Support for service accounts when fetch roles is enabled (#30687)
Support for service accounts when fetch roles is enabled

Signed-off-by: Romain LABAT <contact@romainlabat.fr>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-25 18:00:26 -03:00
Douglas Palmer
5af3001122 Check if OSGI metadata can be removed entirely
Closes #29104

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-06-25 14:12:33 +02:00
Stefan Guilhen
52c9e440d6 Guard against NPE when fetching users associated with user policies.
Closes #28915

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-05-10 16:52:25 -03:00
Douglas Palmer
00bd6224fa Remove remaining Fuse adapter bits
Closes #28787

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-05-06 09:02:26 +02:00
Steven Hawkins
9486432f3f
fix: removing httpclient override (#28304)
we need to have a dependency on commons-logging-jboss-logging

closes: #21392

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-23 10:09:06 +02:00
Mark Banierink
ad32896725
replaced and removed deprecated token methods (#27715)
closes #19671 

Signed-off-by: Mark Banierink <mark.banierink@nedap.com>


Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-23 09:23:37 +02:00
Pedro Igor
8e48bac278 Ordering the group and role ids in the policy representation
Closes #28824

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-22 20:28:47 +02:00
Pedro Igor
4ec9fea8f7 Adding tests
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-03 08:04:17 -03:00
EnneS
365a3feafa Remove deleted roles from policy on update
Closes #26915

Signed-off-by: EnneS <nathan.soulier26@gmail.com>
2024-04-03 08:04:17 -03:00
Clemens Zagler
b44252fde9 authz/client: Fix getPermissions returning wrong type
Due to an issue with runtime type erasure, getPermissions returned a
List<LinkedHashSet> instead of List<Permission>.
Fixed and added test to catch this

Closes #16520

Signed-off-by: Clemens Zagler <c.zagler@noi.bz.it>
2024-04-02 11:09:43 -03:00
Pedro Igor
d12711e858 Allow fetching roles when evaluating role licies
Closes #20736

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-05 15:54:02 +01:00
Clemens Zagler
dca50bba3f Authz-client: fix ClassCast Exception when getting resource permissions
(#27483)

Signed-off-by: Clemens Zagler <c.zagler@noi.bz.it>
2024-03-04 22:19:36 +09:00
Steven Hawkins
402c7d9b18
Removing version overrides and further aligning with quarkus versions (#26788)
* elevating wildfly-elytron-http-oidc version management

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* removing testing dependency overrides

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* further version aligment with quarkus

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* adding a resteay-core-spi that can be overriden

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* removing hamcrest override

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* aligning with 3.7.1

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-02-07 17:57:23 +01:00
Michal Hajas
00742a62dd
Remove RealmModel from authorization services interfaces (#26708)
Closes #26530
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-02-02 16:51:32 +01:00
remi
b22efeec78 Add a toggle to use context attributes on the regex policy provider
Signed-off-by: remi <remi.tuveri@gmail.com>
2024-01-10 16:15:25 -03:00
Douglas Palmer
58d167fe59 Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user.
Closes #24651
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-01-08 19:32:01 -03:00
Alice W
cf19c06341 Add logging to the policy providers for general debugging purposes
Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>
2024-01-05 11:56:00 -03:00
Alice
69497382d8
Group scalability upgrades (#22700)
closes #22372 


Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-26 16:50:45 +02:00
Emilien Bondu
95a45f0910 Set headers before calling sendError() method
Closes #23325
2023-09-18 13:05:12 -03:00
Peter Zaoral
2b1c29a6f2 Use Quarkus Platform BOM
Closes #20570
Closes #15870

Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
2023-07-06 12:45:48 -03:00
Yoshiyuki Tabata
bd37875a66 allow specifying format of "permission" parameter in the UMA grant token
endpoint (#15947)
2023-05-29 08:56:39 -03:00
mposolda
1f5d3223ae Memory leak with PathCache.cache growing due the map was not synchronized
closes #19096
2023-05-24 08:16:58 -03:00
Pedro Igor
2cd82b9861 Exposing the authz client 2023-05-05 10:18:55 -03:00
Pedro Igor
79cd47a280 Built-in support for Jakarta Servlet 2023-04-28 08:26:58 +02:00
Hynek Mlnarik
0ddc71d987 Properly encode id in URL
Closes: #19816
2023-04-19 15:10:04 -03:00
Pedro Igor
409e1c3581 Policy Enforcer built-in support for Elytron and Jakarta
Closes #19540
2023-04-05 17:03:15 +02:00
Pedro Igor
a30b6842a6 Decouple the policy enforcer from adapters and provide a separate library
Closes keycloak#17353
2023-03-17 11:40:51 +01:00
Jon Koops
972ebb9650
Use a valid SemVer format for the SNAPSHOT version (#17334)
* Use a valid SemVer format for the SNAPSHOT version

* Update pom.xml

* Update pom.xml

---------

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2023-03-03 11:11:44 +01:00
Pedro Igor
712656765e Authz client not updated with the way of encoding the basic header
Closes #15086
2022-10-24 08:45:30 +02:00
Pedro Igor
a0079b516b
Allow setting response mode (#14104)
Closes #14083
2022-09-09 14:28:47 +02:00
yaokai2
0c654fa53b Add java logging for auth server response.
Closes #13557
2022-08-30 10:12:26 -03:00
yaokai2
df1384f2c6 Revert "Print response from http call to keycloak server"
This reverts commit a4cb23ac92ad95c3d06586b1c6ed7f4ccdef165e.
2022-08-30 10:12:26 -03:00
yaokai2
fb57d1972f Print response from http call to keycloak server
Closes #13557
2022-08-30 10:12:26 -03:00
Pedro Igor
2cc4b54404
Do not cache policies if they no longer exist (#12797)
Closes #12657

Co-authored-by: Michal Hajas <mhajas@redhat.com>

Co-authored-by: Michal Hajas <mhajas@redhat.com>
2022-08-25 13:52:30 +02:00
Pedro Igor
eda33a0b21 Concurrency issue when caching JS policies
Closes #12204
2022-08-17 16:30:32 -03:00
Pedro Igor
3d2c3fbc6a Support JSON objects when evaluating claims in regex policy
Closes #11514
2022-06-23 14:04:09 -03:00
Alexander Schwartz
850af55edc Ensure that only JDK 8 APIs are used where JDK 8 is still required.
Closes #10842
2022-06-20 14:44:33 -03:00
Michal Hajas
d3b43a9f59 Make sure there is always Realm or ResourceServer when searching for authz entities
Closes #11817
2022-05-11 07:20:01 -03:00
Stian Thorgersen
e3f3e65ac5
Remove JDK7 support for adapters (#11607)
Closes #11606
2022-04-27 08:33:23 +02:00
Pedro Igor
2cb5d8d972
Removing upload scripts feature (#11117)
Closes #9865

Co-authored-by: Michal Hajas <mhajas@redhat.com>

Co-authored-by: Michal Hajas <mhajas@redhat.com>
2022-04-20 14:25:16 +02:00
Michal Hajas
99c06d1102
Authorization services refactoring
Closes: #10447 

* Prepare logical layer to distinguish between ResourceServer id and client.id
* Reorder Authz methods: For entities outside of Authz we use RealmModel as first parameter for each method, to be consistent with this we move ResourceServer to the first place for each method in authz
* Prepare Logical (Models/Adapters) layer for returning other models instead of ids
* Replace resourceServerId with resourceServer model in PermissionTicketStore
* Replace resourceServerId with resourceServer model in PolicyStore
* Replace resourceServerId with resourceServer model in ScopeStore
* Replace resourceServerId with resourceServer model in ResourceStore
* Fix PermissionTicketStore bug
* Fix NPEs in caching layer
* Replace primitive int with Integer for pagination parameters
2022-03-22 20:49:40 +01:00
keycloak-bot
c71aa8b711
Set version to 999-SNAPSHOT (#10784) 2022-03-22 09:22:48 +01:00