private Set<GroupModel> getGroupModels(Collection<String> groupIds) { Set<GroupModel> groups = new LinkedHashSet<>(); for (String id : groupIds) { groups.add(realm.getGroupById(id)); } return groups; }
@Override public Set<GroupModel> getSubGroups() { TypedQuery<String> query = em.createNamedQuery("getGroupIdsByParent", String.class); query.setParameter("parent", group); List<String> ids = query.getResultList(); Set<GroupModel> set = new HashSet<>(); for (String id : ids) { GroupModel subGroup = realm.getGroupById(id); if (subGroup == null) continue; set.add(subGroup); } return set; }
@Override public Set<GroupModel> getGroups(RealmModel realm, String userId) { Set<GroupModel> set = new HashSet<>(); TypedQuery<FederatedUserGroupMembershipEntity> query = em.createNamedQuery("feduserGroupMembership", FederatedUserGroupMembershipEntity.class); query.setParameter("userId", userId); List<FederatedUserGroupMembershipEntity> results = query.getResultList(); if (results.size() == 0) return set; for (FederatedUserGroupMembershipEntity entity : results) { GroupModel group = realm.getGroupById(entity.getGroupId()); set.add(group); } return set; }
@Override public GroupModel getGroupById(String id) { if (updated != null) return updated.getGroupById(id); return cacheSession.getGroupById(id, this); }
@Override public Set<GroupModel> getGroups() { if (user.getGroupIds() == null || user.getGroupIds().size() == 0) return Collections.EMPTY_SET; Set<GroupModel> groups = new HashSet<>(); for (String id : user.getGroupIds()) { groups.add(realm.getGroupById(id)); } return groups; }
@Override public GroupModel getParent() { if (group.getParentId() == null) return null; return realm.getGroupById(group.getParentId()); }
@Override public GroupModel getParent() { GroupEntity parent = group.getParent(); if (parent == null) return null; return realm.getGroupById(parent.getId()); }
group = authorization.getRealm().getGroupById(definition.getId());
@Override public void onExport(Policy policy, PolicyRepresentation representation, AuthorizationProvider authorization) { Map<String, String> config = new HashMap<>(); GroupPolicyRepresentation groupPolicy = toRepresentation(policy, authorization); Set<GroupPolicyRepresentation.GroupDefinition> groups = groupPolicy.getGroups(); for (GroupPolicyRepresentation.GroupDefinition definition: groups) { GroupModel group = authorization.getRealm().getGroupById(definition.getId()); definition.setId(null); definition.setPath(ModelToRepresentation.buildGroupPath(group)); } try { String groupsClaim = groupPolicy.getGroupsClaim(); if (groupsClaim != null) { config.put("groupsClaim", groupsClaim); } config.put("groups", JsonSerialization.writeValueAsString(groups)); } catch (IOException cause) { throw new RuntimeException("Failed to export group policy [" + policy.getName() + "]", cause); } representation.setConfig(config); }
@Override public Set<GroupModel> getSubGroups() { DBObject query = new QueryBuilder() .and("realmId").is(realm.getId()) .and("parentId").is(getId()) .get(); List<MongoGroupEntity> groups = getMongoStore().loadEntities(MongoGroupEntity.class, query, invocationContext); Set<GroupModel> subGroups = new HashSet<>(); if (groups == null) return subGroups; for (MongoGroupEntity group : groups) { subGroups.add(realm.getGroupById(group.getId())); } return subGroups; }
representation.addGroup(ModelToRepresentation.buildGroupPath(realm.getGroupById(definition.getId())));
@Override public void evaluate(Evaluation evaluation) { AuthorizationProvider authorizationProvider = evaluation.getAuthorizationProvider(); GroupPolicyRepresentation policy = representationFunction.apply(evaluation.getPolicy(), authorizationProvider); RealmModel realm = authorizationProvider.getRealm(); Attributes.Entry groupsClaim = evaluation.getContext().getIdentity().getAttributes().getValue(policy.getGroupsClaim()); if (groupsClaim == null || groupsClaim.isEmpty()) { List<String> userGroups = evaluation.getRealm().getUserGroups(evaluation.getContext().getIdentity().getId()); groupsClaim = new Entry(policy.getGroupsClaim(), userGroups); } for (GroupPolicyRepresentation.GroupDefinition definition : policy.getGroups()) { GroupModel allowedGroup = realm.getGroupById(definition.getId()); for (int i = 0; i < groupsClaim.size(); i++) { String group = groupsClaim.asString(i); if (group.indexOf('/') != -1) { String allowedGroupPath = buildGroupPath(allowedGroup); if (group.equals(allowedGroupPath) || (definition.isExtendChildren() && group.startsWith(allowedGroupPath))) { evaluation.grant(); return; } } // in case the group from the claim does not represent a path, we just check an exact name match if (group.equals(allowedGroup.getName())) { evaluation.grant(); return; } } } }