@Override public SecurityContext securityContext() { return delegate.securityContext(); }
@Override public SecurityContext securityContext() { return delegate.securityContext(); }
@Override public void properties(RequestContext ctx, ResourceState props) throws Exception { for (String prop : props.getPropertyNames()) { createApplicationClient((ResourceState) props.getProperty(prop), ctx.securityContext()); } }
@Override public void createMember(RequestContext ctx, ResourceState state, Responder responder) throws Exception { if (this.applicationClients.containsKey(state.id())) { responder.resourceAlreadyExists(state.id()); return; } SimpleApplicationClientResource client = createApplicationClient(state, ctx.securityContext()); responder.resourceCreated(client); }
public AuthzDecision isRequestAllowed(RequestContext req) { SecurityContext secCtx = req.securityContext(); AuthzDecision roleDecision = isRolesAllowed(secCtx.getRoles()); AuthzDecision usernameDecision = isUserAllowed(secCtx.getSubject()); return roleDecision.mergeDecision(usernameDecision); }
@Override public void onInbound(InboundInterceptorContext context) throws Exception { ResourceRequest req = context.request(); final RequestContext requestContext = req.requestContext(); final DefaultSecurityContext securityContext = (DefaultSecurityContext) requestContext.securityContext(); final String token = getBearerToken(requestContext); if (token != null) { initSecurityContext(context, req, securityContext, token); } else { context.forward(); } }
public AuthzDecision isRequestAllowed(RequestContext req) { SecurityContext secCtx = req.securityContext(); AuthzDecision roleDecision = isRolesAllowed(secCtx.getRoles()); AuthzDecision usernameDecision = isUserAllowed(secCtx.getSubject()); return roleDecision.mergeDecision(usernameDecision); }
@Override public void delete(RequestContext ctx, Responder responder) throws Exception { this.parent.securityClient().deleteApplication(ctx.securityContext().getToken(), LiveOak.LIVEOAK_APP_REALM, this.appKey); this.parent.deleteMember(this.id); responder.resourceDeleted(this); }
@Override public void updateProperties(RequestContext ctx, ResourceState state, Responder responder) throws Exception { state.putProperty("app-key", this.appKey); this.type = (String) state.getProperty("type"); this.redirectUris = state.getPropertyAsList("redirect-uris"); this.webOrigins = state.getPropertyAsList("web-origins"); // Update keycloak application ApplicationRepresentation app = this.parent.securityClient().application(ctx.securityContext().getToken(), LiveOak.LIVEOAK_APP_REALM, this.appKey); app.setRedirectUris(redirectUris); app.setWebOrigins(this.webOrigins); this.parent.securityClient().updateApplication(ctx.securityContext().getToken(), LiveOak.LIVEOAK_APP_REALM, app); this.applicationRoles = state.getPropertyAsList("app-roles"); // Check keycloak roles checkApplicationRoles(ctx.securityContext().getToken(), false); // Update keycloak scope mappings updateScopeMappings(ctx.securityContext().getToken()); responder.resourceUpdated(this); }
@Override public void delete(RequestContext ctx, Responder responder) throws Exception { ConfigVersioningResponder configVersioningResponder = new ConfigVersioningResponder(responder, resourceVersioned(), versionedResourcePath(), this.client, ctx.securityContext()); delegate().delete(ctx, new DeleteResponder(configVersioningResponder)); } }
@Override public void createMember(RequestContext ctx, ResourceState state, Responder responder) throws Exception { delegate().createMember(ctx, filter(state), new ConfigVersioningResponder(responder, resourceVersioned(), versionedResourcePath(), this.client, ctx.securityContext())); }
@Override public void createMember(RequestContext ctx, ResourceState state, Responder responder) throws Exception { File dir = null; String dirPath = (String) state.getProperty("dir"); if (dirPath != null) { dir = new File(dirPath); GitHelper.initRepo(dir); } InternalApplication app = this.applicationRegistry.createApplication(state.id(), (String) state.getProperty("name"), dir, installDir -> { try { log.debug("Init git repo for: " + installDir); Git gitRepo = GitHelper.initRepo(installDir); GitHelper.addAllAndCommit(gitRepo, ctx.securityContext().getUser(), "Initial creation of LiveOak application"); gitRepo.close(); } catch (Exception e) { throw new RuntimeException(e); } }); responder.resourceCreated(app.resource()); }
@Override public void delete(RequestContext ctx, Responder responder) throws Exception { // Delete all child resource configurations, and it's own delegate().delete(ctx, new ConfigResourcePersistingResponder(null, extensionConfigDirectory, new ConfigVersioningResponder(responder, application.versioned(), application.versionedResourcePath(), client, ctx.securityContext()) ) ); }
@Override public void createMember(RequestContext ctx, ResourceState state, Responder responder) throws Exception { delegate().createMember(ctx, state, new ConfigResourcePersistingResponder(state, extensionConfigDirectory, new ConfigVersioningResponder(responder, application.versioned(), application.versionedResourcePath(), client, ctx.securityContext()) ) ); }
@Override public void delete(RequestContext ctx, Responder responder) throws Exception { configManager.removeResource(id()); new ConfigVersioningResponder(responder, resourceVersioned(), versionedResourcePath(), this.client, ctx.securityContext()).resourceDeleted(this.delegate()); }
@Override public void updateProperties(RequestContext ctx, ResourceState state, Responder responder) throws Exception { this.configValuesTree = storeConfigEnvVars(state); //TODO Filter state delegate().updateProperties(ctx, state, new ConfigResourcePersistingResponder(state, extensionConfigDirectory, new ConfigVersioningResponder(responder, application.versioned(), application.versionedResourcePath(), client, ctx.securityContext()) ) ); }
@Override public void createMember(RequestContext ctx, ResourceState state, Responder responder) throws Exception { InternalApplication internalApp = this.application.application(); InternalApplicationExtension ext = internalApp.extend(state.id(), state); new ConfigVersioningResponder(responder, internalApp.versioned(), internalApp.versionedResourcePath(), this.client, ctx.securityContext()).resourceCreated(ext.adminResource()); }
@Override public void updateProperties(RequestContext ctx, ResourceState state, Responder responder) throws Exception { cleanup(state); this.configValuesTree = storeConfigEnvVars(state); delegate().updateProperties(ctx, filter(state), new RootResourceConfigPersistingResponder(this, state, new ConfigVersioningResponder(responder, resourceVersioned(), versionedResourcePath(), this.client, ctx.securityContext()) ) ); }
@Override public void onOutbound(OutboundInterceptorContext context) throws Exception { ResourceResponse response = context.response(); if (context.request().requestType() == RequestType.READ && response.responseType() == ResourceResponse.ResponseType.READ && response.state() != null) { ResourcePath resourcePath = new ResourcePath(response.resource().uri().toString()); SecurityContext securityContext = context.request().requestContext().securityContext(); // Process just members of response.state() and not the state itself as resource has been already authorized at onInbound processMembers(resourcePath, response.state(), securityContext, new Consumer<ResourceState>() { @Override public void accept(ResourceState authorizedState) { response.setState(authorizedState); context.forward(); } }); } else { super.onOutbound(context); } }
@Override public void createMember(RequestContext ctx, ResourceState state, Responder responder) throws Exception { delegate().createMember(ctx, state, new ConfigResourcePersistingResponder(state, delegate().baseConfig(extension.application().configurationDirectory()), new ConfigVersioningResponder(responder, extension.application().versioned(), extension.application().versionedResourcePath(), client, ctx.securityContext()) ) ); }