KEYCLOAK-4727 KEYCLOAK-4652

keycloak · Apr 6, 2017 · 31074c3 · 31074c3
1 parent d1e71ac
commit 31074c3
Show file tree

Hide file tree

Showing 13 changed files with 852 additions and 253 deletions.
diff --git a/core/src/main/java/org/keycloak/representations/idm/authorization/DecisionEffect.java b/core/src/main/java/org/keycloak/representations/idm/authorization/DecisionEffect.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.representations.idm.authorization;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public enum DecisionEffect {
+    PERMIT,
+    DENY
+}
diff --git a/...presentation/PolicyEvaluationRequest.java → ...uthorization/PolicyEvaluationRequest.java b/...presentation/PolicyEvaluationRequest.java → ...uthorization/PolicyEvaluationRequest.java
@@ -16,8 +16,10 @@
  * limitations under the License.
  */
 
-package org.keycloak.authorization.admin.representation;
+package org.keycloak.representations.idm.authorization;
 
+import java.util.HashMap;
+import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -29,11 +31,11 @@
  */
 public class PolicyEvaluationRequest {
 
-    private Map<String, Map<String, String>> context;
+    private Map<String, Map<String, String>> context = new HashMap<>();
-    private List<Resource> resources;
+    private List<ResourceRepresentation> resources = new LinkedList<>();
     private String clientId;
     private String userId;
-    private List<String> roleIds;
+    private List<String> roleIds = new LinkedList<>();
     private boolean entitlements;
 
     public Map<String, Map<String, String>> getContext() {
@@ -44,11 +46,11 @@ public void setContext(Map<String, Map<String, String>> context) {
         this.context = context;
     }
 
-    public List<Resource> getResources() {
+    public List<ResourceRepresentation> getResources() {
         return this.resources;
     }
 
-    public void setResources(List<Resource> resources) {
+    public void setResources(List<ResourceRepresentation> resources) {
         this.resources = resources;
     }
 
@@ -84,7 +86,13 @@ public void setEntitlements(boolean entitlements) {
         this.entitlements = entitlements;
     }
 
-    public static class Resource extends ResourceRepresentation {
+    public PolicyEvaluationRequest addResource(String name, String... scopes) {
-
+        if (resources == null) {
+            resources = new LinkedList<>();
+        }
+        resources.add(new ResourceRepresentation(name, scopes));
+        return this;
     }
+
+
 }
diff --git a/...rc/main/java/org/keycloak/representations/idm/authorization/PolicyEvaluationResponse.java b/...rc/main/java/org/keycloak/representations/idm/authorization/PolicyEvaluationResponse.java
@@ -0,0 +1,173 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2016 Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.representations.idm.authorization;
+
+import org.keycloak.representations.AccessToken;
+import org.keycloak.representations.idm.authorization.DecisionEffect;
+import org.keycloak.representations.idm.authorization.PolicyRepresentation;
+import org.keycloak.representations.idm.authorization.ResourceRepresentation;
+import org.keycloak.representations.idm.authorization.ScopeRepresentation;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
+ */
+public class PolicyEvaluationResponse {
+
+    private List<EvaluationResultRepresentation> results;
+    private boolean entitlements;
+    private DecisionEffect status;
+    private AccessToken rpt;
+
+    public List<EvaluationResultRepresentation> getResults() {
+        return results;
+    }
+
+    public DecisionEffect getStatus() {
+        return status;
+    }
+
+    public boolean isEntitlements() {
+        return entitlements;
+    }
+
+    public AccessToken getRpt() {
+        return rpt;
+    }
+
+    public void setResults(List<EvaluationResultRepresentation> results) {
+        this.results = results;
+    }
+
+    public void setEntitlements(boolean entitlements) {
+        this.entitlements = entitlements;
+    }
+
+    public void setStatus(DecisionEffect status) {
+        this.status = status;
+    }
+
+    public void setRpt(AccessToken rpt) {
+        this.rpt = rpt;
+    }
+
+    public static class EvaluationResultRepresentation {
+
+        private ResourceRepresentation resource;
+        private List<ScopeRepresentation> scopes;
+        private List<PolicyResultRepresentation> policies;
+        private DecisionEffect status;
+        private List<ScopeRepresentation> allowedScopes = new ArrayList<>();
+
+        public void setResource(final ResourceRepresentation resource) {
+            this.resource = resource;
+        }
+
+        public ResourceRepresentation getResource() {
+            return resource;
+        }
+
+        public void setScopes(List<ScopeRepresentation> scopes) {
+            this.scopes = scopes;
+        }
+
+        public List<ScopeRepresentation> getScopes() {
+            return scopes;
+        }
+
+        public void setPolicies(final List<PolicyResultRepresentation> policies) {
+            this.policies = policies;
+        }
+
+        public List<PolicyResultRepresentation> getPolicies() {
+            return policies;
+        }
+
+        public void setStatus(final DecisionEffect status) {
+            this.status = status;
+        }
+
+        public DecisionEffect getStatus() {
+            return status;
+        }
+
+        public void setAllowedScopes(List<ScopeRepresentation> allowedScopes) {
+            this.allowedScopes = allowedScopes;
+        }
+
+        public List<ScopeRepresentation> getAllowedScopes() {
+            return allowedScopes;
+        }
+    }
+
+    public static class PolicyResultRepresentation {
+
+        private PolicyRepresentation policy;
+        private DecisionEffect status;
+        private List<PolicyResultRepresentation> associatedPolicies;
+        private List<ScopeRepresentation> scopes = new ArrayList<>();
+
+        public PolicyRepresentation getPolicy() {
+            return policy;
+        }
+
+        public void setPolicy(final PolicyRepresentation policy) {
+            this.policy = policy;
+        }
+
+        public DecisionEffect getStatus() {
+            return status;
+        }
+
+        public void setStatus(final DecisionEffect status) {
+            this.status = status;
+        }
+
+        public List<PolicyResultRepresentation> getAssociatedPolicies() {
+            return associatedPolicies;
+        }
+
+        public void setAssociatedPolicies(final List<PolicyResultRepresentation> associatedPolicies) {
+            this.associatedPolicies = associatedPolicies;
+        }
+
+        @Override
+        public int hashCode() {
+            return this.policy.hashCode();
+        }
+
+        @Override
+        public boolean equals(Object o) {
+            if (this == o) return true;
+            if (o == null || getClass() != o.getClass()) return false;
+            final PolicyResultRepresentation policy = (PolicyResultRepresentation) o;
+            return this.policy.equals(policy.getPolicy());
+        }
+
+        public void setScopes(List<ScopeRepresentation> scopes) {
+            this.scopes = scopes;
+        }
+
+        public List<ScopeRepresentation> getScopes() {
+            return scopes;
+        }
+    }
+}
diff --git a/.../src/main/java/org/keycloak/representations/idm/authorization/ResourceRepresentation.java b/.../src/main/java/org/keycloak/representations/idm/authorization/ResourceRepresentation.java
@@ -18,6 +18,8 @@
 
 import java.net.URI;
 import java.util.Collections;
+import java.util.HashSet;
+import java.util.LinkedList;
 import java.util.List;
 import java.util.Objects;
 import java.util.Set;
@@ -91,6 +93,15 @@ public ResourceRepresentation(String name, Set<ScopeRepresentation> scopes) {
         this(name, scopes, null, null, null);
     }
 
+    public ResourceRepresentation(String name, String... scopes) {
+        this.name = name;
+        this.scopes = new HashSet<>();
+        for (String s : scopes) {
+            ScopeRepresentation rep = new ScopeRepresentation(s);
+            this.scopes.add(rep);
+        }
+    }
+
     /**
      * Creates a new instance.
      *

diff --git a/...ation/admin-client/src/main/java/org/keycloak/admin/client/resource/PoliciesResource.java b/...ation/admin-client/src/main/java/org/keycloak/admin/client/resource/PoliciesResource.java
@@ -17,6 +17,8 @@
 package org.keycloak.admin.client.resource;
 
 import org.jboss.resteasy.annotations.cache.NoCache;
+import org.keycloak.representations.idm.authorization.PolicyEvaluationRequest;
+import org.keycloak.representations.idm.authorization.PolicyEvaluationResponse;
 import org.keycloak.representations.idm.authorization.PolicyProviderRepresentation;
 import org.keycloak.representations.idm.authorization.PolicyRepresentation;
 
@@ -53,4 +55,11 @@ public interface PoliciesResource {
     @Produces(MediaType.APPLICATION_JSON)
     @NoCache
     List<PolicyProviderRepresentation> policyProviders();
+
+    @POST
+    @Consumes("application/json")
+    @Produces("application/json")
+    @Path("evaluate")
+    PolicyEvaluationResponse evaluate(PolicyEvaluationRequest evaluationRequest);
+
 }
diff --git a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/UsersResource.java b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/UsersResource.java
@@ -36,11 +36,15 @@ public interface UsersResource {
     @GET
     @Produces(MediaType.APPLICATION_JSON)
     List<UserRepresentation> search(@QueryParam("username") String username,
-                                           @QueryParam("firstName") String firstName,
+                                    @QueryParam("firstName") String firstName,
-                                           @QueryParam("lastName") String lastName,
+                                    @QueryParam("lastName") String lastName,
-                                             @QueryParam("email") String email,
+                                    @QueryParam("email") String email,
-                                             @QueryParam("first") Integer firstResult,
+                                    @QueryParam("first") Integer firstResult,
-                                             @QueryParam("max") Integer maxResults);
+                                    @QueryParam("max") Integer maxResults);
+
+    @GET
+    @Produces(MediaType.APPLICATION_JSON)
+    List<UserRepresentation> search(@QueryParam("username") String username);
 
     @GET
     @Produces(MediaType.APPLICATION_JSON)