public void addRole(String name, boolean required) { if (roles == null) { roles = new HashSet<>(); } roles.add(new RoleDefinition(name, required)); }
RoleModel role = realm.getRoleById(definition.getId());
@Override public void evaluate(Evaluation evaluation) { Policy policy = evaluation.getPolicy(); Set<RolePolicyRepresentation.RoleDefinition> roleIds = representationFunction.apply(policy, evaluation.getAuthorizationProvider()).getRoles(); AuthorizationProvider authorizationProvider = evaluation.getAuthorizationProvider(); RealmModel realm = authorizationProvider.getKeycloakSession().getContext().getRealm(); Identity identity = evaluation.getContext().getIdentity(); for (RolePolicyRepresentation.RoleDefinition roleDefinition : roleIds) { RoleModel role = realm.getRoleById(roleDefinition.getId()); if (role != null) { boolean hasRole = hasRole(identity, role, realm); if (!hasRole && roleDefinition.isRequired()) { evaluation.deny(); return; } else if (hasRole) { evaluation.grant(); } } } }
@Override public void onExport(Policy policy, PolicyRepresentation representation, AuthorizationProvider authorizationProvider) { Map<String, String> config = new HashMap<>(); Set<RolePolicyRepresentation.RoleDefinition> roles = toRepresentation(policy, authorizationProvider).getRoles(); for (RolePolicyRepresentation.RoleDefinition roleDefinition : roles) { RoleModel role = authorizationProvider.getRealm().getRoleById(roleDefinition.getId()); if (role.isClientRole()) { roleDefinition.setId(ClientModel.class.cast(role.getContainer()).getClientId() + "/" + role.getName()); } else { roleDefinition.setId(role.getName()); } } try { config.put("roles", JsonSerialization.writeValueAsString(roles)); } catch (IOException cause) { throw new RuntimeException("Failed to export role policy [" + policy.getName() + "]", cause); } representation.setConfig(config); }