public void addClientRole(String clientId, String name, boolean required) { addRole(clientId + "/" + name, required); }
@Override public RolePolicyRepresentation toRepresentation(Policy policy, AuthorizationProvider authorization) { RolePolicyRepresentation representation = new RolePolicyRepresentation(); try { representation.setRoles(new HashSet<>(Arrays.asList(JsonSerialization.readValue(policy.getConfig().get("roles"), RolePolicyRepresentation.RoleDefinition[].class)))); } catch (IOException cause) { throw new RuntimeException("Failed to deserialize roles", cause); } return representation; }
private void updateRoles(Policy policy, RolePolicyRepresentation representation, AuthorizationProvider authorization) { updateRoles(policy, authorization, representation.getRoles()); }
private void createRolePolicy(Policy policy, PolicyStore policyStore, String role, String owner) { RolePolicyRepresentation rep = new RolePolicyRepresentation(); rep.setName(KeycloakModelUtils.generateId()); rep.addRole(role, false); Policy associatedPolicy = policyStore.create(rep, policy.getResourceServer()); associatedPolicy.setOwner(owner); policy.addAssociatedPolicy(associatedPolicy); }
public void addRole(String name) { addRole(name, false); }
@Override public void onExport(Policy policy, PolicyRepresentation representation, AuthorizationProvider authorizationProvider) { Map<String, String> config = new HashMap<>(); Set<RolePolicyRepresentation.RoleDefinition> roles = toRepresentation(policy, authorizationProvider).getRoles(); for (RolePolicyRepresentation.RoleDefinition roleDefinition : roles) { RoleModel role = authorizationProvider.getRealm().getRoleById(roleDefinition.getId()); if (role.isClientRole()) { roleDefinition.setId(ClientModel.class.cast(role.getContainer()).getClientId() + "/" + role.getName()); } else { roleDefinition.setId(role.getName()); } } try { config.put("roles", JsonSerialization.writeValueAsString(roles)); } catch (IOException cause) { throw new RuntimeException("Failed to export role policy [" + policy.getName() + "]", cause); } representation.setConfig(config); }
public void addClientRole(String clientId, String name) { addRole(clientId + "/" +name, false); }
RolePolicyRepresentation rep = RolePolicyRepresentation.class.cast(associatedRep); for (RoleDefinition definition : rep.getRoles()) { RoleModel role = realm.getRoleById(definition.getId());
@Override public void evaluate(Evaluation evaluation) { Policy policy = evaluation.getPolicy(); Set<RolePolicyRepresentation.RoleDefinition> roleIds = representationFunction.apply(policy, evaluation.getAuthorizationProvider()).getRoles(); AuthorizationProvider authorizationProvider = evaluation.getAuthorizationProvider(); RealmModel realm = authorizationProvider.getKeycloakSession().getContext().getRealm(); Identity identity = evaluation.getContext().getIdentity(); for (RolePolicyRepresentation.RoleDefinition roleDefinition : roleIds) { RoleModel role = realm.getRoleById(roleDefinition.getId()); if (role != null) { boolean hasRole = hasRole(identity, role, realm); if (!hasRole && roleDefinition.isRequired()) { evaluation.deny(); return; } else if (hasRole) { evaluation.grant(); } } } }