public static String buildGroupPath(GroupModel group) { StringBuilder sb = new StringBuilder(); buildGroupPath(sb, group); return sb.toString(); }
public static void buildGroupPath(StringBuilder sb, GroupModel group) { if (group.getParent() != null) { buildGroupPath(sb, group.getParent()); } sb.append('/').append(group.getName()); }
@Override public void setAttribute(Map<String, Object> attributes, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession session, ClientSessionContext clientSessionCt) { List<String> membership = new LinkedList<>(); boolean fullPath = useFullPath(mappingModel); for (GroupModel group : userSession.getUser().getGroups()) { if (fullPath) { membership.add(ModelToRepresentation.buildGroupPath(group)); } else { membership.add(group.getName()); } } setPlainAttribute(attributes, mappingModel, membership); }
@Override public void onExport(Policy policy, PolicyRepresentation representation, AuthorizationProvider authorization) { Map<String, String> config = new HashMap<>(); GroupPolicyRepresentation groupPolicy = toRepresentation(policy, authorization); Set<GroupPolicyRepresentation.GroupDefinition> groups = groupPolicy.getGroups(); for (GroupPolicyRepresentation.GroupDefinition definition: groups) { GroupModel group = authorization.getRealm().getGroupById(definition.getId()); definition.setId(null); definition.setPath(ModelToRepresentation.buildGroupPath(group)); } try { String groupsClaim = groupPolicy.getGroupsClaim(); if (groupsClaim != null) { config.put("groupsClaim", groupsClaim); } config.put("groups", JsonSerialization.writeValueAsString(groups)); } catch (IOException cause) { throw new RuntimeException("Failed to export group policy [" + policy.getName() + "]", cause); } representation.setConfig(config); }
public static GroupRepresentation toRepresentation(GroupModel group, boolean full) { GroupRepresentation rep = new GroupRepresentation(); rep.setId(group.getId()); rep.setName(group.getName()); rep.setPath(buildGroupPath(group)); if (!full) return rep; // Role mappings Set<RoleModel> roles = group.getRoleMappings(); List<String> realmRoleNames = new ArrayList<>(); Map<String, List<String>> clientRoleNames = new HashMap<>(); for (RoleModel role : roles) { if (role.getContainer() instanceof RealmModel) { realmRoleNames.add(role.getName()); } else { ClientModel client = (ClientModel)role.getContainer(); String clientId = client.getClientId(); List<String> currentClientRoles = clientRoleNames.get(clientId); if (currentClientRoles == null) { currentClientRoles = new ArrayList<>(); clientRoleNames.put(clientId, currentClientRoles); } currentClientRoles.add(role.getName()); } } rep.setRealmRoles(realmRoleNames); rep.setClientRoles(clientRoleNames); Map<String, List<String>> attributes = group.getAttributes(); rep.setAttributes(attributes); return rep; }
groups.add(ModelToRepresentation.buildGroupPath(group));
representation.addGroup(ModelToRepresentation.buildGroupPath(realm.getGroupById(definition.getId())));
@Override public void evaluate(Evaluation evaluation) { AuthorizationProvider authorizationProvider = evaluation.getAuthorizationProvider(); GroupPolicyRepresentation policy = representationFunction.apply(evaluation.getPolicy(), authorizationProvider); RealmModel realm = authorizationProvider.getRealm(); Attributes.Entry groupsClaim = evaluation.getContext().getIdentity().getAttributes().getValue(policy.getGroupsClaim()); if (groupsClaim == null || groupsClaim.isEmpty()) { List<String> userGroups = evaluation.getRealm().getUserGroups(evaluation.getContext().getIdentity().getId()); groupsClaim = new Entry(policy.getGroupsClaim(), userGroups); } for (GroupPolicyRepresentation.GroupDefinition definition : policy.getGroups()) { GroupModel allowedGroup = realm.getGroupById(definition.getId()); for (int i = 0; i < groupsClaim.size(); i++) { String group = groupsClaim.asString(i); if (group.indexOf('/') != -1) { String allowedGroupPath = buildGroupPath(allowedGroup); if (group.equals(allowedGroupPath) || (definition.isExtendChildren() && group.startsWith(allowedGroupPath))) { evaluation.grant(); return; } } // in case the group from the claim does not represent a path, we just check an exact name match if (group.equals(allowedGroup.getName())) { evaluation.grant(); return; } } } }
List<String> groupPaths = new LinkedList<>(); for (GroupModel group : defaultGroups) { groupPaths.add(ModelToRepresentation.buildGroupPath(group));