public void addClientRole(String clientId, String roleName) { addRole(clientId + "/" + roleName); }
@Override public void onCreate(Policy policy, UmaPermissionRepresentation representation, AuthorizationProvider authorization) { policy.setOwner(representation.getOwner()); PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore(); Set<String> roles = representation.getRoles(); createRolePolicy(policy, policyStore, role, representation.getOwner()); Set<String> groups = representation.getGroups(); createGroupPolicy(policy, policyStore, group, representation.getOwner()); Set<String> clients = representation.getClients(); createClientPolicy(policy, policyStore, client, representation.getOwner()); Set<String> users = representation.getUsers(); createUserPolicy(policy, policyStore, user, representation.getOwner()); String condition = representation.getCondition(); createJSPolicy(policy, policyStore, condition, representation.getOwner());
/** * Updates an existing user-managed permission * * @param permission the permission to update */ public void update(final UmaPermissionRepresentation permission) { if (permission == null) { throw new IllegalArgumentException("Permission must not be null"); } if (permission.getId() == null) { throw new IllegalArgumentException("Permission id must not be null"); } Callable<Void> callable = new Callable<Void>() { @Override public Void call() throws Exception { http.<Void>put(serverConfiguration.getPolicyEndpoint() + "/"+ permission.getId()) .authorizationBearer(pat.call()) .json(JsonSerialization.writeValueAsBytes(permission)).execute(); return null; } }; try { callable.call(); } catch (Exception cause) { Throwables.retryAndWrapExceptionIfNecessary(callable, pat, "Error updating policy for resource [" + resourceId + "]", cause); } }
@Override public UmaPermissionRepresentation toRepresentation(Policy policy, AuthorizationProvider authorization) { UmaPermissionRepresentation representation = new UmaPermissionRepresentation(); representation.setScopes(policy.getScopes().stream().map(Scope::getName).collect(Collectors.toSet())); representation.setOwner(policy.getOwner()); representation.addClientRole(ClientModel.class.cast(role.getContainer()).getClientId(),role.getName()); } else { representation.addRole(role.getName()); representation.setCondition(rep.getCode()); } else if ("group".equals(associatedRep.getType())) { GroupPolicyRepresentation rep = GroupPolicyRepresentation.class.cast(associatedRep); representation.addGroup(ModelToRepresentation.buildGroupPath(realm.getGroupById(definition.getId()))); representation.addClient(realm.getClientById(client).getClientId()); representation.addUser(authorization.getKeycloakSession().users().getUserById(user, realm).getUsername());
Set<String> updatedRoles = representation.getRoles(); JSPolicyRepresentation rep = JSPolicyRepresentation.class.cast(associatedRep); if (representation.getCondition() != null) { rep.setCode(representation.getCondition()); RepresentationToModel.toModel(rep, authorization, associatedPolicy); } else { Set<String> updatedGroups = representation.getGroups(); Set<String> updatedClients = representation.getClients(); Set<String> updatedUsers = representation.getUsers(); Set<String> updatedRoles = representation.getRoles(); Set<String> updatedGroups = representation.getGroups(); Set<String> updatedClients = representation.getClients(); Set<String> updatedUsers = representation.getUsers(); String condition = representation.getCondition();
@Override public Void call() throws Exception { http.<Void>put(serverConfiguration.getPolicyEndpoint() + "/"+ permission.getId()) .authorizationBearer(pat.call()) .json(JsonSerialization.writeValueAsBytes(permission)).execute(); return null; } };