All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.keycloak.representations.AccessToken Maven / Gradle / Ivy

/*
 * Copyright 2016 Red Hat, Inc. and/or its affiliates
 * and other contributors as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.keycloak.representations;

import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonProperty;
import org.keycloak.TokenCategory;
import org.keycloak.representations.idm.authorization.Permission;

import java.io.Serializable;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

/**
 * @author Bill Burke
 * @version $Revision: 1 $
 */
public class AccessToken extends IDToken {
    public static class Access implements Serializable {
        @JsonProperty("roles")
        protected Set roles;
        @JsonProperty("verify_caller")
        protected Boolean verifyCaller;

        public Access() {
        }

        public Access clone() {
            Access access = new Access();
            access.verifyCaller = verifyCaller;
            if (roles != null) {
                access.roles = new HashSet();
                access.roles.addAll(roles);
            }
            return access;
        }

        public Set getRoles() {
            return roles;
        }

        public Access roles(Set roles) {
            this.roles = roles;
            return this;
        }

        @JsonIgnore
        public boolean isUserInRole(String role) {
            if (roles == null) return false;
            return roles.contains(role);
        }

        public Access addRole(String role) {
            if (roles == null) roles = new HashSet();
            roles.add(role);
            return this;
        }

        public Boolean getVerifyCaller() {
            return verifyCaller;
        }

        public Access verifyCaller(Boolean required) {
            this.verifyCaller = required;
            return this;
        }
    }

    public static class Authorization implements Serializable {

        @JsonProperty("permissions")
        private Collection permissions;

        public Collection getPermissions() {
            return permissions;
        }

        public void setPermissions(Collection permissions) {
            this.permissions = permissions;
        }
    }

    // KEYCLOAK-6771 Certificate Bound Token
    // https://tools.ietf.org/html/draft-ietf-oauth-mtls-08#section-3.1
    public static class CertConf {
        @JsonProperty("x5t#S256")
        protected String certThumbprint;

        public String getCertThumbprint() {
            return certThumbprint;
        }

        public void setCertThumbprint(String certThumbprint) {
            this.certThumbprint = certThumbprint;
        }
    }

    @JsonProperty("trusted-certs")
    protected Set trustedCertificates;

    @JsonProperty("allowed-origins")
    protected Set allowedOrigins;

    @JsonProperty("realm_access")
    protected Access realmAccess;

    @JsonProperty("resource_access")
    protected Map resourceAccess;

    @JsonProperty("authorization")
    protected Authorization authorization;

    @JsonProperty("cnf")
    protected CertConf certConf;

    @JsonProperty("scope")
    protected String scope;

    @JsonIgnore
    public Map getResourceAccess() {
        return resourceAccess == null ? Collections.emptyMap() : resourceAccess;
    }

    public void setResourceAccess(Map resourceAccess) {
        this.resourceAccess = resourceAccess;
    }




    /**
     * Does the realm require verifying the caller?
     *
     * @return
     */
    @JsonIgnore
    public boolean isVerifyCaller() {
        if (getRealmAccess() != null && getRealmAccess().getVerifyCaller() != null)
            return getRealmAccess().getVerifyCaller().booleanValue();
        return false;
    }

    /**
     * Does the resource override the requirement of verifying the caller?
     *
     * @param resource
     * @return
     */
    @JsonIgnore
    public boolean isVerifyCaller(String resource) {
        Access access = getResourceAccess(resource);
        if (access != null && access.getVerifyCaller() != null) return access.getVerifyCaller().booleanValue();
        return false;
    }

    @JsonIgnore
    public Access getResourceAccess(String resource) {
        return resourceAccess == null ? null : resourceAccess.get(resource);
    }

    public Access addAccess(String service) {
        if (resourceAccess == null) {
            resourceAccess = new HashMap<>();
        }

        Access access = resourceAccess.get(service);
        if (access != null) return access;
        access = new Access();
        resourceAccess.put(service, access);
        return access;
    }

    @Override
    public AccessToken id(String id) {
        return (AccessToken) super.id(id);
    }

    @Override
    public AccessToken expiration(int expiration) {
        return (AccessToken) super.expiration(expiration);
    }

    @Override
    public AccessToken notBefore(int notBefore) {
        return (AccessToken) super.notBefore(notBefore);
    }


    @Override
    public AccessToken issuedAt(int issuedAt) {
        return (AccessToken) super.issuedAt(issuedAt);
    }

    @Override
    public AccessToken issuer(String issuer) {
        return (AccessToken) super.issuer(issuer);
    }

    @Override
    public AccessToken subject(String subject) {
        return (AccessToken) super.subject(subject);
    }

    @Override
    public AccessToken type(String type) {
        return (AccessToken) super.type(type);
    }

    public Set getAllowedOrigins() {
        return allowedOrigins;
    }

    public void setAllowedOrigins(Set allowedOrigins) {
        this.allowedOrigins = allowedOrigins;
    }

    public Access getRealmAccess() {
        return realmAccess;
    }

    public void setRealmAccess(Access realmAccess) {
        this.realmAccess = realmAccess;
    }

    public Set getTrustedCertificates() {
        return trustedCertificates;
    }

    public void setTrustedCertificates(Set trustedCertificates) {
        this.trustedCertificates = trustedCertificates;
    }

    @Override
    public AccessToken issuedFor(String issuedFor) {
        return (AccessToken)super.issuedFor(issuedFor);
    }

    public Authorization getAuthorization() {
        return authorization;
    }

    public void setAuthorization(Authorization authorization) {
        this.authorization = authorization;
    }
    
    public CertConf getCertConf() {
        return certConf;
    }

    public void setCertConf(CertConf certConf) {
        this.certConf = certConf;
    }

    public String getScope() {
        return scope;
    }

    public void setScope(String scope) {
        this.scope = scope;
    }

    @Override
    public TokenCategory getCategory() {
        return TokenCategory.ACCESS;
    }

}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy