AbstractResourceService.java
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.services.resources.account.resources;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.keycloak.http.HttpRequest;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.PermissionTicket;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.store.PermissionTicketStore;
import org.keycloak.authorization.store.ResourceStore;
import org.keycloak.authorization.store.ScopeStore;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakUriInfo;
import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.services.managers.Auth;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
public abstract class AbstractResourceService {
protected final UserModel user;
protected final AuthorizationProvider provider;
protected final PermissionTicketStore ticketStore;
protected final ResourceStore resourceStore;
protected final ScopeStore scopeStore;
protected final KeycloakUriInfo uriInfo;
protected HttpRequest request;
protected Auth auth;
protected AbstractResourceService(KeycloakSession session, UserModel user, Auth auth, HttpRequest request) {
this.user = user;
this.auth = auth;
this.request = request;
provider = session.getProvider(AuthorizationProvider.class);
ticketStore = provider.getStoreFactory().getPermissionTicketStore();
resourceStore = provider.getStoreFactory().getResourceStore();
scopeStore = provider.getStoreFactory().getScopeStore();
uriInfo = session.getContext().getUri();
}
public static class Resource extends ResourceRepresentation {
private Client client;
public Resource() {
}
Resource(org.keycloak.authorization.model.Resource resource, UserModel owner, AuthorizationProvider provider) {
setId(resource.getId());
setName(resource.getName());
setDisplayName(resource.getDisplayName());
setUris(resource.getUris());
setIconUri(resource.getIconUri());
setScopes(resource.getScopes().stream().map(Scope::new).collect(Collectors.toSet()));
ResourceServer resourceServer = resource.getResourceServer();
this.client = new Client(provider.getRealm().getClientById(resourceServer.getClientId()));
}
Resource(org.keycloak.authorization.model.Resource resource, AuthorizationProvider provider) {
this(resource, null, provider);
}
public Client getClient() {
return client;
}
}
public static class ResourcePermission extends Resource {
private Map<String, Permission> permissions;
public ResourcePermission() {
}
ResourcePermission(PermissionTicket ticket, AuthorizationProvider provider) {
super(ticket.getResource(), provider);
setScopes(new HashSet<>());
}
ResourcePermission(org.keycloak.authorization.model.Resource resource, AuthorizationProvider provider) {
super(resource, provider);
setScopes(new HashSet<>());
}
public Collection<Permission> getPermissions() {
if (permissions == null) {
return null;
}
return permissions.values();
}
public void setPermissions(Collection<Permission> permissions) {
for (Permission permission : permissions) {
addPermission(permission.getUsername(), permission);
}
}
public void addPermission(String requester, Permission permission) {
if (permissions == null) {
permissions = new HashMap<>();
}
permissions.put(requester, permission);
}
public Permission getPermission(String requester) {
if (permissions == null) {
return null;
}
return permissions.get(requester);
}
}
public static class Permission extends UserRepresentation {
private List<String> scopes;
public Permission() {
}
Permission(String userId, AuthorizationProvider provider) {
UserModel user = provider.getKeycloakSession().users().getUserById(provider.getRealm(), userId);
setUsername(user.getUsername());
setFirstName(user.getFirstName());
setLastName(user.getLastName());
setEmail(user.getEmail());
}
Permission(PermissionTicket ticket, AuthorizationProvider provider) {
this(ticket.getRequester(), provider);
}
public Permission(String userName, String... scopes) {
setUsername(userName);
for (String scope : scopes) {
addScope(scope);
}
}
public List<String> getScopes() {
return scopes;
}
public void addScope(String... scope) {
if (scopes == null) {
scopes = new ArrayList<>();
}
scopes.addAll(Arrays.asList(scope));
}
}
public static class Scope extends ScopeRepresentation {
public Scope() {
}
Scope(org.keycloak.authorization.model.Scope scope) {
setName(scope.getName());
setDisplayName(scope.getDisplayName());
setIconUri(scope.getIconUri());
}
}
public static class Client extends ClientRepresentation {
public Client() {
}
Client(ClientModel client) {
setClientId(client.getClientId());
setName(client.getName());
setBaseUrl(client.getBaseUrl());
}
}
}