public CachedRole(RoleModel model, RealmModel realm) { composite = model.isComposite(); description = model.getDescription(); id = model.getId(); name = model.getName(); scopeParamRequired = model.isScopeParamRequired(); this.realm = realm.getId(); if (composite) { for (RoleModel child : model.getComposites()) { composites.add(child.getId()); } } }
@Override public boolean removeRole(RealmModel realm, RoleModel role) { listInvalidations.add(role.getContainer().getId()); invalidateRole(role.getId()); invalidationEvents.add(RoleRemovedEvent.create(role.getId(), role.getName(), role.getContainer().getId())); roleRemovalInvalidations(role.getId(), role.getName(), role.getContainer().getId()); return getRealmDelegate().removeRole(realm, role); }
@Override public boolean hasRole(RoleModel role) { if (updated != null) return updated.hasRole(role); if (cached.getRoleMappings().contains(role.getId())) return true; Set<RoleModel> mappings = getRoleMappings(); for (RoleModel mapping: mappings) { if (mapping.hasRole(role)) return true; } return false; }
private void addRoles(ClientModel client, RoleModel parent) { String[] names = new String[] { ROLE_VIEW_BEER, ROLE_MANAGE_BEER }; for (String name : names) { RoleModel role = client.addRole(name); role.setDescription("${role_" + name + "}"); parent.addCompositeRole(role); } }
public CachedRole(Long revision, RoleModel model, RealmModel realm) { super(revision, model.getId()); composite = model.isComposite(); description = model.getDescription(); name = model.getName(); this.realm = realm.getId(); if (composite) { for (RoleModel child : model.getComposites()) { composites.add(child.getId()); } } attributes = new DefaultLazyLoader<>(roleModel -> new MultivaluedHashMap<>(roleModel.getAttributes()), MultivaluedHashMap::new); }
for (RoleModel roleModel : allRoles) { RoleEntity roleEntity = new RoleEntity(); roleEntity.setId(roleModel.getId()); result.add(roleEntity); roleEntity.setName(roleModel.getName()); roleEntity.setDescription(roleModel.getDescription()); RoleContainerModel roleContainer = roleModel.getContainer(); if (roleContainer instanceof RealmModel) { RealmModel realm = (RealmModel)roleContainer; for (RoleModel composite : roleModel.getComposites()) { compositeRolesIds.add(composite.getId());
@Override public Set<RoleModel> getRealmRoleMappings() { Set<RoleModel> roleMappings = getRoleMappings(); Set<RoleModel> realmRoles = new HashSet<RoleModel>(); for (RoleModel role : roleMappings) { RoleContainerModel container = role.getContainer(); if (container instanceof RealmModel) { realmRoles.add(role); } } return realmRoles; }
Map<String, List<String>> grantedClientRoles = new HashMap<String, List<String>>(); for (RoleModel role : model.getGrantedRoles()) { if (role.getContainer() instanceof RealmModel) { grantedRealmRoles.add(role.getName()); } else { ClientModel client2 = (ClientModel) role.getContainer(); grantedClientRoles.put(clientId2, currentClientRoles); currentClientRoles.add(role.getName());
public static ClientRemovedEvent create(ClientModel client) { ClientRemovedEvent event = new ClientRemovedEvent(); event.realmId = client.getRealm().getId(); event.clientUuid = client.getId(); event.clientId = client.getClientId(); event.clientRoles = new HashMap<>(); for (RoleModel clientRole : client.getRoles()) { event.clientRoles.put(clientRole.getId(), clientRole.getName()); } return event; }
private void processRoles(Set<RoleModel> inputRoles, List<RoleModel> realmRoles, MultivaluedHashMap<String, ClientRoleEntry> clientRoles) { for (RoleModel role : inputRoles) { if (role.getContainer() instanceof RealmModel) { realmRoles.add(role); } else { ClientModel currentClient = (ClientModel) role.getContainer(); ClientRoleEntry clientRole = new ClientRoleEntry(currentClient.getClientId(), currentClient.getName(), role.getName(), role.getDescription()); clientRoles.add(currentClient.getClientId(), clientRole); } } }
RoleRepresentation roleRep = ModelToRepresentation.toRepresentation(role); Set<RoleModel> composites = role.getComposites(); if (composites != null && composites.size() > 0) { Set<String> compositeRealmRoles = null; RoleContainerModel crContainer = composite.getContainer(); if (crContainer instanceof RealmModel) { compositeRealmRoles = new HashSet<>(); compositeRealmRoles.add(composite.getName()); } else { if (compositeClientRoles == null) { compositeClientRoles.put(appName, currentAppComposites); currentAppComposites.add(composite.getName());
@Override public void onExport(Policy policy, PolicyRepresentation representation, AuthorizationProvider authorizationProvider) { Map<String, String> config = new HashMap<>(); Set<RolePolicyRepresentation.RoleDefinition> roles = toRepresentation(policy, authorizationProvider).getRoles(); for (RolePolicyRepresentation.RoleDefinition roleDefinition : roles) { RoleModel role = authorizationProvider.getRealm().getRoleById(roleDefinition.getId()); if (role.isClientRole()) { roleDefinition.setId(ClientModel.class.cast(role.getContainer()).getClientId() + "/" + role.getName()); } else { roleDefinition.setId(role.getName()); } } try { config.put("roles", JsonSerialization.writeValueAsString(roles)); } catch (IOException cause) { throw new RuntimeException("Failed to export role policy [" + policy.getName() + "]", cause); } representation.setConfig(config); }
public static List<String> getRoleNames(Collection<RoleModel> roles) { List<String> roleNames = new ArrayList<String>(); for (RoleModel role : roles) { roleNames.add(role.getName()); } return roleNames; }
public static void setupRealmRole(RealmModel realm) { if (realm.getName().equals(Config.getAdminRealm())) { return; } // don't need to do this for master realm String realmAdminApplicationClientId = Constants.REALM_MANAGEMENT_CLIENT_ID; ClientModel realmAdminApp = realm.getClientByClientId(realmAdminApplicationClientId); if (realmAdminApp.getRole(IMPERSONATION_ROLE) != null) return; RoleModel impersonationRole = realmAdminApp.addRole(IMPERSONATION_ROLE); impersonationRole.setDescription("${role_" + IMPERSONATION_ROLE + "}"); impersonationRole.setScopeParamRequired(false); RoleModel adminRole = realmAdminApp.getRole(AdminRoles.REALM_ADMIN); adminRole.addCompositeRole(impersonationRole); }
private boolean hasRole(Identity identity, RoleModel role, RealmModel realm) { String roleName = role.getName(); if (role.isClientRole()) { ClientModel clientModel = realm.getClientById(role.getContainerId()); return identity.hasClientRole(clientModel.getClientId(), roleName); } return identity.hasRealmRole(roleName); }
/** * Deep search if given role is descendant of composite role * * @param role role to check * @param composite composite role * @param visited set of already visited roles (used for recursion) * @return true if "role" is descendant of "composite" */ public static boolean searchFor(RoleModel role, RoleModel composite, Set<RoleModel> visited) { if (visited.contains(composite)) return false; visited.add(composite); Set<RoleModel> composites = composite.getComposites(); if (composites.contains(role)) return true; for (RoleModel contained : composites) { if (!contained.isComposite()) continue; if (searchFor(role, contained, visited)) return true; } return false; }
private void fillCompositeRoles(Map<String, RoleEntity> rolesMap, RoleContainerModel roleContainer, RealmModel realm) { for (RoleModel role : roleContainer.getRoles()) { RoleEntity roleEntity = rolesMap.get(role.getId()); if (roleEntity.getCompositeRoleIds() == null) { continue; } for (String compositeRoleId : roleEntity.getCompositeRoleIds()) { RoleModel compositeRole = realm.getRoleById(compositeRoleId); role.addCompositeRole(compositeRole); } } }
/** * @param roles * @param targetRole * @return true if targetRole is in roles (directly or indirectly via composite role) */ public static boolean hasRole(Set<RoleModel> roles, RoleModel targetRole) { if (roles.contains(targetRole)) return true; for (RoleModel mapping : roles) { if (mapping.hasRole(targetRole)) return true; } return false; }
public static void setupOfflineTokens(RealmModel realm) { if (realm.getRole(Constants.OFFLINE_ACCESS_ROLE) == null) { RoleModel role = realm.addRole(Constants.OFFLINE_ACCESS_ROLE); role.setDescription("${role_offline-access}"); role.setScopeParamRequired(true); realm.addDefaultRole(Constants.OFFLINE_ACCESS_ROLE); } }