public void removeGroup(String... ids) { if (groups != null) { for (String id : ids) { Iterator<GroupDefinition> iterator = groups.iterator(); while (iterator.hasNext()) { GroupDefinition group = iterator.next(); if (id.equals(group.getId()) || (group.getPath() != null && group.getPath().equals(id))) { iterator.remove(); } } } } }
public void addGroup(String id, boolean extendChildren) { if (groups == null) { groups = new HashSet<>(); } groups.add(new GroupDefinition(id, extendChildren)); }
GroupModel group = null; if (definition.getId() != null) { group = authorization.getRealm().getGroupById(definition.getId()); String path = definition.getPath(); String canonicalPath = path.startsWith("/") ? path.substring(1, path.length()) : path; throw new RuntimeException("Group with id [" + definition.getId() + "] not found"); definition.setId(group.getId()); definition.setPath(null);
representation.addGroup(ModelToRepresentation.buildGroupPath(realm.getGroupById(definition.getId())));
@Override public void evaluate(Evaluation evaluation) { AuthorizationProvider authorizationProvider = evaluation.getAuthorizationProvider(); GroupPolicyRepresentation policy = representationFunction.apply(evaluation.getPolicy(), authorizationProvider); RealmModel realm = authorizationProvider.getRealm(); Attributes.Entry groupsClaim = evaluation.getContext().getIdentity().getAttributes().getValue(policy.getGroupsClaim()); if (groupsClaim == null || groupsClaim.isEmpty()) { List<String> userGroups = evaluation.getRealm().getUserGroups(evaluation.getContext().getIdentity().getId()); groupsClaim = new Entry(policy.getGroupsClaim(), userGroups); } for (GroupPolicyRepresentation.GroupDefinition definition : policy.getGroups()) { GroupModel allowedGroup = realm.getGroupById(definition.getId()); for (int i = 0; i < groupsClaim.size(); i++) { String group = groupsClaim.asString(i); if (group.indexOf('/') != -1) { String allowedGroupPath = buildGroupPath(allowedGroup); if (group.equals(allowedGroupPath) || (definition.isExtendChildren() && group.startsWith(allowedGroupPath))) { evaluation.grant(); return; } } // in case the group from the claim does not represent a path, we just check an exact name match if (group.equals(allowedGroup.getName())) { evaluation.grant(); return; } } } }
@Override public void onExport(Policy policy, PolicyRepresentation representation, AuthorizationProvider authorization) { Map<String, String> config = new HashMap<>(); GroupPolicyRepresentation groupPolicy = toRepresentation(policy, authorization); Set<GroupPolicyRepresentation.GroupDefinition> groups = groupPolicy.getGroups(); for (GroupPolicyRepresentation.GroupDefinition definition: groups) { GroupModel group = authorization.getRealm().getGroupById(definition.getId()); definition.setId(null); definition.setPath(ModelToRepresentation.buildGroupPath(group)); } try { String groupsClaim = groupPolicy.getGroupsClaim(); if (groupsClaim != null) { config.put("groupsClaim", groupsClaim); } config.put("groups", JsonSerialization.writeValueAsString(groups)); } catch (IOException cause) { throw new RuntimeException("Failed to export group policy [" + policy.getName() + "]", cause); } representation.setConfig(config); }
public void addGroupPath(String path, boolean extendChildren) { if (groups == null) { groups = new HashSet<>(); } groups.add(new GroupDefinition(null, path, extendChildren)); }