private void createClientPolicy(Policy policy, PolicyStore policyStore, String client, String owner) { ClientPolicyRepresentation rep = new ClientPolicyRepresentation(); rep.setName(KeycloakModelUtils.generateId()); rep.addClient(client); Policy associatedPolicy = policyStore.create(rep, policy.getResourceServer()); associatedPolicy.setOwner(owner); policy.addAssociatedPolicy(associatedPolicy); }
@Override public void onUpdate(Policy policy, ClientPolicyRepresentation representation, AuthorizationProvider authorization) { updateClients(policy, representation.getClients(), authorization); }
@Override public ClientPolicyRepresentation toRepresentation(Policy policy, AuthorizationProvider authorization) { ClientPolicyRepresentation representation = new ClientPolicyRepresentation(); representation.setClients(new HashSet<>(Arrays.asList(getClients(policy)))); return representation; }
ClientPolicyRepresentation rep = ClientPolicyRepresentation.class.cast(associatedRep); rep.setClients(new HashSet<>()); rep.addClient(client); if (rep.getClients().isEmpty()) { policyStore.delete(associatedPolicy.getId()); } else {
@Override public void onCreate(Policy policy, ClientPolicyRepresentation representation, AuthorizationProvider authorization) { updateClients(policy, representation.getClients(), authorization); }
@Override public void onExport(Policy policy, PolicyRepresentation representation, AuthorizationProvider authorization) { ClientPolicyRepresentation userRep = toRepresentation(policy, authorization); Map<String, String> config = new HashMap<>(); try { RealmModel realm = authorization.getRealm(); config.put("clients", JsonSerialization.writeValueAsString(userRep.getClients().stream().map(id -> realm.getClientById(id).getClientId()).collect(Collectors.toList()))); } catch (IOException cause) { throw new RuntimeException("Failed to export user policy [" + policy.getName() + "]", cause); } representation.setConfig(config); }
ClientPolicyRepresentation rep = ClientPolicyRepresentation.class.cast(associatedRep); for (String client : rep.getClients()) { representation.addClient(realm.getClientById(client).getClientId());
@Override public void evaluate(Evaluation evaluation) { ClientPolicyRepresentation representation = representationFunction.apply(evaluation.getPolicy(), evaluation.getAuthorizationProvider()); AuthorizationProvider authorizationProvider = evaluation.getAuthorizationProvider(); RealmModel realm = authorizationProvider.getKeycloakSession().getContext().getRealm(); EvaluationContext context = evaluation.getContext(); for (String client : representation.getClients()) { ClientModel clientModel = realm.getClientById(client); if (context.getAttributes().containsValue("kc.client.id", clientModel.getClientId())) { evaluation.grant(); return; } } }