default Set<GroupModel> getGroups(String search, int first, int max) { return getGroups().stream() .filter(group -> search == null || group.getName().toLowerCase().contains(search.toLowerCase())) .skip(first) .limit(max) .collect(Collectors.toCollection(LinkedHashSet::new)); }
@Override public String getName() { if (updated != null) return updated.getName(); return cached.getName(); }
default long getGroupsCountByNameContaining(String search) { if (search == null) { return getGroups().size(); } String s = search.toLowerCase(); return getGroups().stream().filter(group -> group.getName().toLowerCase().contains(s)).count(); }
public static void buildGroupPath(StringBuilder sb, GroupModel group) { if (group.getParent() != null) { buildGroupPath(sb, group.getParent()); } sb.append('/').append(group.getName()); }
@Override public String getName() { if (isUpdated()) return updated.getName(); return cached.getName(); }
public static GroupModel findGroupByPath(RealmModel realm, String path) { if (path == null) { return null; } if (path.startsWith("/")) { path = path.substring(1); } if (path.endsWith("/")) { path = path.substring(0, path.length() - 1); } String[] split = path.split("/"); if (split.length == 0) return null; GroupModel found = null; for (GroupModel group : realm.getTopLevelGroups()) { if (group.getName().equals(split[0])) { if (split.length == 1) { found = group; break; } else { if (split.length > 1) { found = findSubGroup(split, 1, group); if (found != null) break; } } } } return found; }
private static GroupModel findSubGroup(String[] path, int index, GroupModel parent) { for (GroupModel group : parent.getSubGroups()) { if (group.getName().equals(path[index])) { if (path.length == index + 1) { return group; } else { if (index + 1 < path.length) { GroupModel found = findSubGroup(path, index + 1, group); if (found != null) return found; } else { return null; } } } } return null; }
@Override public void setAttribute(Map<String, Object> attributes, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession session, ClientSessionContext clientSessionCt) { List<String> membership = new LinkedList<>(); boolean fullPath = useFullPath(mappingModel); for (GroupModel group : userSession.getUser().getGroups()) { if (fullPath) { membership.add(ModelToRepresentation.buildGroupPath(group)); } else { membership.add(group.getName()); } } setPlainAttribute(attributes, mappingModel, membership); }
public CachedGroup(Long revision, RealmModel realm, GroupModel group) { super(revision, group.getId()); this.realm = realm.getId(); this.name = group.getName(); this.parentId = group.getParentId(); this.attributes = new DefaultLazyLoader<>(source -> new MultivaluedHashMap<>(source.getAttributes()), MultivaluedHashMap::new); this.roleMappings = new DefaultLazyLoader<>(source -> source.getRoleMappings().stream().map(RoleModel::getId).collect(Collectors.toSet()), Collections::emptySet); this.subGroups = new DefaultLazyLoader<>(source -> source.getSubGroups().stream().map(GroupModel::getId).collect(Collectors.toSet()), Collections::emptySet); }
parent = topLevelGroups.stream().filter(groupModel -> groupModel.getName().equals(part)).findFirst().orElseThrow(() -> new RuntimeException("Top level group with name [" + part + "] not found")); } else { group = parent.getSubGroups().stream().filter(groupModel -> groupModel.getName().equals(part)).findFirst().orElseThrow(() -> new RuntimeException("Group with name [" + part + "] not found")); parent = group;
public CachedGroup(RealmModel realm, GroupModel group) { this.id = group.getId(); this.realm = realm.getId(); this.name = group.getName(); this.parentId = group.getParentId(); this.attributes.putAll(group.getAttributes()); for (RoleModel role : group.getRoleMappings()) { roleMappings.add(role.getId()); } Set<GroupModel> subGroups1 = group.getSubGroups(); if (subGroups1 != null) { for (GroupModel subGroup : subGroups1) { subGroups.add(subGroup.getId()); } } }
public static GroupRepresentation toRepresentation(GroupModel group, boolean full) { GroupRepresentation rep = new GroupRepresentation(); rep.setId(group.getId()); rep.setName(group.getName()); rep.setPath(buildGroupPath(group)); if (!full) return rep; // Role mappings Set<RoleModel> roles = group.getRoleMappings(); List<String> realmRoleNames = new ArrayList<>(); Map<String, List<String>> clientRoleNames = new HashMap<>(); for (RoleModel role : roles) { if (role.getContainer() instanceof RealmModel) { realmRoleNames.add(role.getName()); } else { ClientModel client = (ClientModel)role.getContainer(); String clientId = client.getClientId(); List<String> currentClientRoles = clientRoleNames.get(clientId); if (currentClientRoles == null) { currentClientRoles = new ArrayList<>(); clientRoleNames.put(clientId, currentClientRoles); } currentClientRoles.add(role.getName()); } } rep.setRealmRoles(realmRoleNames); rep.setClientRoles(clientRoleNames); Map<String, List<String>> attributes = group.getAttributes(); rep.setAttributes(attributes); return rep; }
@Override public void evaluate(Evaluation evaluation) { AuthorizationProvider authorizationProvider = evaluation.getAuthorizationProvider(); GroupPolicyRepresentation policy = representationFunction.apply(evaluation.getPolicy(), authorizationProvider); RealmModel realm = authorizationProvider.getRealm(); Attributes.Entry groupsClaim = evaluation.getContext().getIdentity().getAttributes().getValue(policy.getGroupsClaim()); if (groupsClaim == null || groupsClaim.isEmpty()) { List<String> userGroups = evaluation.getRealm().getUserGroups(evaluation.getContext().getIdentity().getId()); groupsClaim = new Entry(policy.getGroupsClaim(), userGroups); } for (GroupPolicyRepresentation.GroupDefinition definition : policy.getGroups()) { GroupModel allowedGroup = realm.getGroupById(definition.getId()); for (int i = 0; i < groupsClaim.size(); i++) { String group = groupsClaim.asString(i); if (group.indexOf('/') != -1) { String allowedGroupPath = buildGroupPath(allowedGroup); if (group.equals(allowedGroupPath) || (definition.isExtendChildren() && group.startsWith(allowedGroupPath))) { evaluation.grant(); return; } } // in case the group from the claim does not represent a path, we just check an exact name match if (group.equals(allowedGroup.getName())) { evaluation.grant(); return; } } } }