All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.keycloak.authorization.client.resource.PermissionResource Maven / Gradle / Ivy

There is a newer version: 26.0.3
Show newest version
/*
 * JBoss, Home of Professional Open Source
 *
 * Copyright 2015 Red Hat, Inc. and/or its affiliates.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.keycloak.authorization.client.resource;

import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.concurrent.Callable;

import com.fasterxml.jackson.core.type.TypeReference;
import org.keycloak.authorization.client.representation.ServerConfiguration;
import org.keycloak.authorization.client.util.Http;
import org.keycloak.authorization.client.util.Throwables;
import org.keycloak.authorization.client.util.TokenCallable;
import org.keycloak.representations.idm.authorization.PermissionRequest;
import org.keycloak.representations.idm.authorization.PermissionResponse;
import org.keycloak.representations.idm.authorization.PermissionTicketRepresentation;
import org.keycloak.util.JsonSerialization;

/**
 * An entry point for managing permission tickets using the Protection API.
 *
 * @author Pedro Igor
 */
public class PermissionResource {

    private final Http http;
    private final ServerConfiguration serverConfiguration;
    private final TokenCallable pat;

    public PermissionResource(Http http, ServerConfiguration serverConfiguration, TokenCallable pat) {
        this.http = http;
        this.serverConfiguration = serverConfiguration;
        this.pat = pat;
    }

    /**
     * @deprecated use {@link #create(PermissionRequest)}
     * @param request
     * @return
     */
    @Deprecated
    public PermissionResponse forResource(PermissionRequest request) {
        return create(request);
    }

    public Long count(final String resourceId,
                      final String scopeId,
                      final String owner,
                      final String requester,
                      final Boolean granted,
                      final Boolean returnNames) {
        Callable callable = new Callable() {
            @Override
            public Long call() throws Exception {
                return http.get(serverConfiguration.getPermissionEndpoint()+"/ticket/count")
                        .authorizationBearer(pat.call())
                        .param("resourceId", resourceId)
                        .param("scopeId", scopeId)
                        .param("owner", owner)
                        .param("requester", requester)
                        .param("granted", granted == null ? null : granted.toString())
                        .param("returnNames", returnNames == null ? null : returnNames.toString())
                        .response().json(new TypeReference(){}).execute();
            }
        };
        try {
            return callable.call();
        } catch (Exception cause) {
            return Throwables.retryAndWrapExceptionIfNecessary(callable, pat, "Error querying permission ticket count", cause);
        }
    }

    /**
     * Creates a new permission ticket for a single resource and scope(s).
     *
     * @param request the {@link PermissionRequest} representing the resource and scope(s) (not {@code null})
     * @return a permission response holding a permission ticket with the requested permissions
     */
    public PermissionResponse create(PermissionRequest request) {
        return create(Arrays.asList(request));
    }

    /**
     * Creates a new permission ticket for a set of one or more resource and scope(s).
     *
     * @param requests the {@link PermissionRequest} representing the resource and scope(s) (not {@code null})
     * @return a permission response holding a permission ticket with the requested permissions
     */
    public PermissionResponse create(final List requests) {
        if (requests == null || requests.isEmpty()) {
            throw new IllegalArgumentException("Permission request must not be null or empty");
        }
        Callable callable = new Callable() {
            @Override
            public PermissionResponse call() throws Exception {
                return http.post(serverConfiguration.getPermissionEndpoint())
                        .authorizationBearer(pat.call())
                        .json(JsonSerialization.writeValueAsBytes(requests))
                        .response().json(PermissionResponse.class).execute();
            }
        };
        try {
            return callable.call();
        } catch (Exception cause) {
            return Throwables.retryAndWrapExceptionIfNecessary(callable, pat, "Error creating permission ticket", cause);
        }
    }

    /**
     * Creates a new uma permission for a single resource and scope(s).
     *
     * @param ticket the {@link PermissionTicketRepresentation} representing the resource and scope(s) (not {@code null})
     * @return a permission response holding the permission ticket representation
     */
    public PermissionTicketRepresentation create(final PermissionTicketRepresentation ticket) {
        if (ticket == null) {
            throw new IllegalArgumentException("Permission ticket must not be null or empty");
        }
        if (ticket.getRequester() == null && ticket.getRequesterName() == null) {
            throw new IllegalArgumentException("Permission ticket must have a requester");
        }
        if (ticket.getResource() == null && ticket.getResourceName() == null) {
            throw new IllegalArgumentException("Permission ticket must have a resource");
        }
        if (ticket.getScope() == null && ticket.getScopeName() == null) {
            throw new IllegalArgumentException("Permission ticket must have a scope");
        }
        Callable callable = new Callable() {
            @Override
            public PermissionTicketRepresentation call() throws Exception {
                return http.post(serverConfiguration.getPermissionEndpoint()+"/ticket")
                        .json(JsonSerialization.writeValueAsBytes(ticket))
                        .authorizationBearer(pat.call())
                        .response().json(new TypeReference(){}).execute();
            }
        };
        try {
            return callable.call();
        } catch (Exception cause) {
            return Throwables.retryAndWrapExceptionIfNecessary(callable, pat, "Error updating permission ticket", cause);
        }
    }
    
    /**
     * Query the server for any permission ticket associated with the given scopeId.
     *
     * @param scopeId the scope id (not {@code null})
     * @return a list of permission tickets associated with the given scopeId
     */
    public List findByScope(final String scopeId) {
        if (scopeId == null) {
            throw new IllegalArgumentException("Scope id must not be null");
        }
        Callable> callable = new Callable>() {
            @Override
            public List call() throws Exception {
                return http.>get(serverConfiguration.getPermissionEndpoint()+"/ticket")
                        .authorizationBearer(pat.call())
                        .param("scopeId", scopeId)
                        .response().json(new TypeReference>(){}).execute();
            }
        };
        try {
            return callable.call();
        } catch (Exception cause) {
            return Throwables.retryAndWrapExceptionIfNecessary(callable, pat, "Error querying permission ticket by scope", cause);
        }
    }

    /**
     * Query the server for any permission ticket associated with the given resourceId.
     *
     * @param resourceId the resource id (not {@code null})
     * @return a list of permission tickets associated with the given resourceId
     */
    public List findByResource(final String resourceId) {
        if (resourceId == null) {
            throw new IllegalArgumentException("Resource id must not be null");
        }
        Callable> callable = new Callable>() {
            @Override
            public List call() throws Exception {
                return http.>get(serverConfiguration.getPermissionEndpoint()+"/ticket")
                        .authorizationBearer(pat.call())
                        .param("resourceId", resourceId)
                        .response().json(new TypeReference>(){}).execute();
            }
        };
        try {
            return callable.call();
        } catch (Exception cause) {
            return Throwables.retryAndWrapExceptionIfNecessary(callable, pat, "Error querying permission ticket by resource", cause);
        }
    }

    /**
     * Query the server for any permission ticket with the matching arguments.
     *
     * @param resourceId the resource id or name
     * @param scopeId the scope id or name
     * @param owner the owner id or name
     * @param requester the requester id or name
     * @param granted if true, only permission tickets marked as granted are returned.
     * @param returnNames if the response should include names for resource, scope and owner
     * @param firstResult the position of the first resource to retrieve
     * @param maxResult the maximum number of resources to retrieve
     * @return a list of permission tickets with the matching arguments
     */
    public List find(final String resourceId,
                                                     final String scopeId,
                                                     final String owner,
                                                     final String requester,
                                                     final Boolean granted,
                                                     final Boolean returnNames,
                                                     final Integer firstResult,
                                                     final Integer maxResult) {
        Callable> callable = new Callable>() {
            @Override
            public List call() throws Exception {
                return http.>get(serverConfiguration.getPermissionEndpoint()+"/ticket")
                        .authorizationBearer(pat.call())
                        .param("resourceId", resourceId)
                        .param("scopeId", scopeId)
                        .param("owner", owner)
                        .param("requester", requester)
                        .param("granted", granted == null ? null : granted.toString())
                        .param("returnNames", returnNames == null ? null : returnNames.toString())
                        .param("first", firstResult == null ? null : firstResult.toString())
                        .param("max", maxResult == null ? null : maxResult.toString())
                        .response().json(new TypeReference>(){}).execute();
            }
        };
        try {
            return callable.call();
        } catch (Exception cause) {
            return Throwables.retryAndWrapExceptionIfNecessary(callable, pat, "Error querying permission ticket", cause);
        }
    }

    /**
     * Updates a permission ticket.
     *
     * @param ticket the permission ticket
     */
    public void update(final PermissionTicketRepresentation ticket) {
        if (ticket == null) {
            throw new IllegalArgumentException("Permission ticket must not be null or empty");
        }
        if (ticket.getId() == null) {
            throw new IllegalArgumentException("Permission ticket must have an id");
        }
        Callable callable = new Callable() {
            @Override
            public Void call() throws Exception {
                http.put(serverConfiguration.getPermissionEndpoint()+"/ticket")
                        .json(JsonSerialization.writeValueAsBytes(ticket))
                        .authorizationBearer(pat.call())
                        .response()
                        .execute();
                return null;
            }
        };
        try {
            callable.call();
        } catch (Exception cause) {
            Throwables.retryAndWrapExceptionIfNecessary(callable, pat, "Error updating permission ticket", cause);
        }
    }

    /**
     * Deletes a permission ticket by ID.
     * @param ticketId the permission ticket ID
     */
    public void delete(final String ticketId) {
        if (ticketId == null || ticketId.trim().isEmpty()) {
            throw new IllegalArgumentException("Permission ticket ID must not be null or empty");
        }
        Callable callable = new Callable() {
            @Override
            public Void call() throws Exception {
                http.delete(serverConfiguration.getPermissionEndpoint() + "/ticket/" + ticketId)
                        .authorizationBearer(pat.call())
                        .response()
                        .execute();
                return null;
            }
        };
        try {
            callable.call();
        } catch (Exception cause) {
            Throwables.retryAndWrapExceptionIfNecessary(callable, pat, "Error updating permission ticket", cause);
        }
    }
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy