public boolean hasResourcePermission(String resourceName) { return hasPermission(resourceName, null); }
public AuthorizationContext enforce(OIDCHttpFacade facade) { if (LOGGER.isDebugEnabled()) { LOGGER.debugv("Policy enforcement is enabled. Enforcing policy decisions for path [{0}].", facade.getRequest().getURI()); } AuthorizationContext context = new KeycloakAdapterPolicyEnforcer(this).authorize(facade); if (LOGGER.isDebugEnabled()) { LOGGER.debugv("Policy enforcement result for path [{0}] is : {1}", facade.getRequest().getURI(), context.isGranted() ? "GRANTED" : "DENIED"); LOGGER.debugv("Returning authorization context with permissions:"); for (Permission permission : context.getPermissions()) { LOGGER.debug(permission); } } return context; }
private boolean isAuthorized() { PolicyEnforcer policyEnforcer = this.deployment.getPolicyEnforcer(); if (policyEnforcer == null) { log.debugv("Policy enforcement is disabled."); return true; } try { OIDCHttpFacade facade = (OIDCHttpFacade) this.facade; AuthorizationContext authorizationContext = policyEnforcer.enforce(facade); RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) facade.getSecurityContext(); if (session != null) { session.setAuthorizationContext(authorizationContext); return authorizationContext.isGranted(); } return true; } catch (Exception e) { throw new RuntimeException("Failed to enforce policy decisions.", e); } } }