MapResourceAdapter.java
/*
* Copyright 2022 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.models.map.authorization.adapter;
import org.keycloak.authorization.model.PermissionTicket;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.store.PermissionTicketStore;
import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.models.map.authorization.entity.MapResourceEntity;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
public class MapResourceAdapter extends AbstractResourceModel<MapResourceEntity> {
private final RealmModel realm;
private ResourceServer resourceServer;
public MapResourceAdapter(RealmModel realm, ResourceServer resourceServer, MapResourceEntity entity, StoreFactory storeFactory) {
super(entity, storeFactory);
Objects.requireNonNull(realm);
this.realm = realm;
this.resourceServer = resourceServer;
}
@Override
public String getId() {
return entity.getId();
}
@Override
public String getName() {
return entity.getName();
}
@Override
public void setName(String name) {
throwExceptionIfReadonly();
entity.setName(name);
}
@Override
public String getDisplayName() {
return entity.getDisplayName();
}
@Override
public void setDisplayName(String name) {
throwExceptionIfReadonly();
entity.setDisplayName(name);
}
@Override
public Set<String> getUris() {
Set<String> uris = entity.getUris();
return uris == null ? Collections.emptySet() : entity.getUris();
}
@Override
public void updateUris(Set<String> uri) {
throwExceptionIfReadonly();
entity.setUris(uri);
}
@Override
public String getType() {
return entity.getType();
}
@Override
public void setType(String type) {
throwExceptionIfReadonly();
entity.setType(type);
}
@Override
public List<Scope> getScopes() {
Set<String> ids = entity.getScopeIds();
ResourceServer resourceServer = getResourceServer();
return ids == null ? Collections.emptyList() : ids.stream()
.map(id -> storeFactory
.getScopeStore().findById(realm, resourceServer, id))
.collect(Collectors.toList());
}
@Override
public String getIconUri() {
return entity.getIconUri();
}
@Override
public void setIconUri(String iconUri) {
throwExceptionIfReadonly();
entity.setIconUri(iconUri);
}
@Override
public ResourceServer getResourceServer() {
if (resourceServer == null) {
resourceServer = storeFactory.getResourceServerStore().findById(realm, entity.getResourceServerId());
}
return resourceServer;
}
@Override
public String getOwner() {
return entity.getOwner();
}
@Override
public boolean isOwnerManagedAccess() {
Boolean isOMA = entity.isOwnerManagedAccess();
return isOMA == null ? false : isOMA;
}
@Override
public void setOwnerManagedAccess(boolean ownerManagedAccess) {
throwExceptionIfReadonly();
entity.setOwnerManagedAccess(ownerManagedAccess);
}
@Override
public void updateScopes(Set<Scope> scopes) {
throwExceptionIfReadonly();
PermissionTicketStore permissionStore = storeFactory.getPermissionTicketStore();
PolicyStore policyStore = storeFactory.getPolicyStore();
for (Scope scope : getScopes()) {
if (!scopes.contains(scope)) {
// The scope^ was removed from the Resource
// Remove permission tickets based on the scope
List<PermissionTicket> permissions = permissionStore.findByScope(getResourceServer(), scope);
for (PermissionTicket permission : permissions) {
permissionStore.delete(realm, permission.getId());
}
// Remove the scope from each Policy for this Resource
policyStore.findByResource(getResourceServer(), this, policy -> policy.removeScope(scope));
}
}
entity.setScopeIds(scopes.stream().map(Scope::getId).collect(Collectors.toSet()));
}
@Override
public Map<String, List<String>> getAttributes() {
Map<String, List<String>> attrs = entity.getAttributes();
return attrs == null ? Collections.emptyMap() : Collections.unmodifiableMap(new HashMap<>(attrs));
}
@Override
public String getSingleAttribute(String name) {
List<String> attributeValues = entity.getAttribute(name);
return attributeValues == null || attributeValues.isEmpty() ? null : attributeValues.get(0);
}
@Override
public List<String> getAttribute(String name) {
return entity.getAttribute(name);
}
@Override
public void setAttribute(String name, List<String> values) {
throwExceptionIfReadonly();
entity.setAttribute(name, values);
}
@Override
public void removeAttribute(String name) {
throwExceptionIfReadonly();
entity.removeAttribute(name);
}
@Override
public String toString() {
return String.format("%s@%08x", getId(), System.identityHashCode(this));
}
}