private <T extends Policy> List<Realm> findSamePolicyChildren(final Realm realm, final T policy) { List<Realm> result = new ArrayList<>(); for (Realm child : findChildren(realm)) { if ((policy instanceof AccountPolicy && child.getAccountPolicy() == null || policy.equals(child.getAccountPolicy())) || (policy instanceof PasswordPolicy && child.getPasswordPolicy() == null || policy.equals(child.getPasswordPolicy()))) { result.add(child); result.addAll(findSamePolicyChildren(child, policy)); } } return result; }
private List<AccountPolicy> getAccountPolicies(final User user) { List<AccountPolicy> policies = new ArrayList<>(); // add resource policies findAllResources(user).stream(). map(resource -> resource.getAccountPolicy()). filter(policy -> policy != null). forEachOrdered(policy -> policies.add(policy)); // add realm policies realmDAO.findAncestors(user.getRealm()).stream(). map(realm -> realm.getAccountPolicy()). filter(policy -> policy != null). forEachOrdered(policy -> policies.add(policy)); return policies; }
@Override public AccountPolicy getAccountPolicy() { return accountPolicy == null && getParent() != null ? getParent().getAccountPolicy() : accountPolicy; }
protected Set<? extends ExternalResource> getPassthroughResources(final User user) { Set<? extends ExternalResource> result = null; // 1. look for assigned resources, pick the ones whose account policy has authentication resources for (ExternalResource resource : userDAO.findAllResources(user)) { if (resource.getAccountPolicy() != null && !resource.getAccountPolicy().getResources().isEmpty()) { if (result == null) { result = resource.getAccountPolicy().getResources(); } else { result.retainAll(resource.getAccountPolicy().getResources()); } } } // 2. look for realms, pick the ones whose account policy has authentication resources for (Realm realm : realmDAO.findAncestors(user.getRealm())) { if (realm.getAccountPolicy() != null && !realm.getAccountPolicy().getResources().isEmpty()) { if (result == null) { result = realm.getAccountPolicy().getResources(); } else { result.retainAll(realm.getAccountPolicy().getResources()); } } } return result == null ? Collections.emptySet() : result; }
protected Set<? extends ExternalResource> getPassthroughResources(final User user) { Set<? extends ExternalResource> result = null; // 1. look for assigned resources, pick the ones whose account policy has authentication resources for (ExternalResource resource : userDAO.findAllResources(user)) { if (resource.getAccountPolicy() != null && !resource.getAccountPolicy().getResources().isEmpty()) { if (result == null) { result = resource.getAccountPolicy().getResources(); } else { result.retainAll(resource.getAccountPolicy().getResources()); } } } // 2. look for realms, pick the ones whose account policy has authentication resources for (Realm realm : realmDAO.findAncestors(user.getRealm())) { if (realm.getAccountPolicy() != null && !realm.getAccountPolicy().getResources().isEmpty()) { if (result == null) { result = realm.getAccountPolicy().getResources(); } else { result.retainAll(realm.getAccountPolicy().getResources()); } } } return result == null ? Collections.emptySet() : result; }
@Override public RealmTO getRealmTO(final Realm realm, final boolean admin) { RealmTO realmTO = new RealmTO(); realmTO.setKey(realm.getKey()); realmTO.setName(realm.getName()); realmTO.setParent(realm.getParent() == null ? null : realm.getParent().getKey()); realmTO.setFullPath(realm.getFullPath()); if (admin) { realmTO.setAccountPolicy(realm.getAccountPolicy() == null ? null : realm.getAccountPolicy().getKey()); realmTO.setPasswordPolicy(realm.getPasswordPolicy() == null ? null : realm.getPasswordPolicy().getKey()); realm.getActions().forEach(action -> { realmTO.getActions().add(action.getKey()); }); realm.getTemplates().forEach(template -> { realmTO.getTemplates().put(template.getAnyType().getKey(), template.get()); }); realm.getResources().forEach(resource -> { realmTO.getResources().add(resource.getKey()); }); } return realmTO; }