Package org.keycloak.authorization
Class AdminPermissionsSchema
java.lang.Object
org.keycloak.representations.idm.authorization.AuthorizationSchema
org.keycloak.authorization.AdminPermissionsSchema
-
Nested Class Summary
Nested classes/interfaces inherited from class org.keycloak.representations.idm.authorization.AuthorizationSchema
AuthorizationSchema.ResourceTypeDeserializer -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final ResourceTypestatic final Stringstatic final ResourceTypestatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final ResourceTypestatic final Stringstatic final AdminPermissionsSchemastatic final ResourceTypestatic final Stringstatic final Stringstatic final String -
Method Summary
Modifier and TypeMethodDescriptionvoidaddUResourceTypeResource(KeycloakSession session, ResourceServer resourceServer, Policy policy, String resourceType) List<jakarta.persistence.criteria.Predicate>applyAuthorizationFilters(KeycloakSession session, ResourceType resourceType, PartialEvaluationStorageProvider evaluator, RealmModel realm, jakarta.persistence.criteria.CriteriaBuilder builder, jakarta.persistence.criteria.CriteriaQuery<?> queryBuilder, jakarta.persistence.criteria.Path<?> path) List<jakarta.persistence.criteria.Predicate>applyAuthorizationFilters(KeycloakSession session, ResourceType resourceType, RealmModel realm, jakarta.persistence.criteria.CriteriaBuilder builder, jakarta.persistence.criteria.CriteriaQuery<?> queryBuilder, jakarta.persistence.criteria.Path<?> path) getAuthorizationSchema(ClientModel client) getOrCreateResource(KeycloakSession session, ResourceServer resourceServer, String policyType, String resourceType, String id) getPolicyEvaluator(KeycloakSession session, ResourceServer resourceServer) getResourceName(KeycloakSession session, Policy policy, Resource resource) getResourceName(KeycloakSession session, ResourceServer resourceServer, String resourceType, String resourceName) getResourceTypeResource(KeycloakSession session, ResourceServer resourceServer, String resourceType) getScope(KeycloakSession session, ResourceServer resourceServer, String resourceType, String id) getScopeAliases(String resourceType, Scope scope) voidinit(KeycloakSession session, RealmModel realm) booleanisAdminPermissionClient(RealmModel realm, String id) booleanstatic booleanisSkipEvaluation(KeycloakSession session) Returns if authorization is disabled in the context of the givensessionat the moment that this method is called.booleanisSupportedPolicyType(KeycloakSession session, ResourceServer resourceServer, String type) voidremoveOrphanResources(Policy policy, AuthorizationProvider authorization) voidremoveResource(Resource resource, Policy policy, AuthorizationProvider authorization) voidremoveResourceObject(AuthorizationProvider authorization, ProviderEvent event) static voidrunWithoutAuthorization(KeycloakSession session, Runnable runnable) Disables authorization and evaluation of permissions for realm resource types when executing the givenrunnablein the context of the givensession.voidthrowExceptionIfAdminPermissionClient(KeycloakSession session, String id) voidthrowExceptionIfResourceTypeOrScopesNotProvided(KeycloakSession session, ResourceServer resourceServer, AbstractPolicyRepresentation rep) Methods inherited from class org.keycloak.representations.idm.authorization.AuthorizationSchema
getResourceTypes
-
Field Details
-
CLIENTS_RESOURCE_TYPE
- See Also:
-
GROUPS_RESOURCE_TYPE
- See Also:
-
ROLES_RESOURCE_TYPE
- See Also:
-
USERS_RESOURCE_TYPE
- See Also:
-
MANAGE
- See Also:
-
VIEW
- See Also:
-
MAP_ROLES
- See Also:
-
MAP_ROLES_CLIENT_SCOPE
- See Also:
-
MAP_ROLES_COMPOSITE
- See Also:
-
MANAGE_MEMBERSHIP
- See Also:
-
MANAGE_MEMBERS
- See Also:
-
VIEW_MEMBERS
- See Also:
-
IMPERSONATE_MEMBERS
- See Also:
-
MAP_ROLE
- See Also:
-
MAP_ROLE_CLIENT_SCOPE
- See Also:
-
MAP_ROLE_COMPOSITE
- See Also:
-
IMPERSONATE
- See Also:
-
MANAGE_GROUP_MEMBERSHIP
- See Also:
-
CLIENTS
-
GROUPS
-
ROLES
-
USERS
-
SCHEMA
-
-
Method Details
-
getOrCreateResource
public Resource getOrCreateResource(KeycloakSession session, ResourceServer resourceServer, String policyType, String resourceType, String id) -
getResourceTypeResource
public Resource getResourceTypeResource(KeycloakSession session, ResourceServer resourceServer, String resourceType) -
isSupportedPolicyType
public boolean isSupportedPolicyType(KeycloakSession session, ResourceServer resourceServer, String type) -
isAdminPermissionClient
-
throwExceptionIfAdminPermissionClient
-
throwExceptionIfResourceTypeOrScopesNotProvided
public void throwExceptionIfResourceTypeOrScopesNotProvided(KeycloakSession session, ResourceServer resourceServer, AbstractPolicyRepresentation rep) -
getScope
public Scope getScope(KeycloakSession session, ResourceServer resourceServer, String resourceType, String id) -
init
-
isAdminPermissionsEnabled
-
getAuthorizationSchema
-
removeResource
-
removeOrphanResources
-
getResourceName
-
getResourceName
public String getResourceName(KeycloakSession session, ResourceServer resourceServer, String resourceType, String resourceName) -
addUResourceTypeResource
public void addUResourceTypeResource(KeycloakSession session, ResourceServer resourceServer, Policy policy, String resourceType) -
removeResourceObject
-
applyAuthorizationFilters
public List<jakarta.persistence.criteria.Predicate> applyAuthorizationFilters(KeycloakSession session, ResourceType resourceType, RealmModel realm, jakarta.persistence.criteria.CriteriaBuilder builder, jakarta.persistence.criteria.CriteriaQuery<?> queryBuilder, jakarta.persistence.criteria.Path<?> path) -
applyAuthorizationFilters
public List<jakarta.persistence.criteria.Predicate> applyAuthorizationFilters(KeycloakSession session, ResourceType resourceType, PartialEvaluationStorageProvider evaluator, RealmModel realm, jakarta.persistence.criteria.CriteriaBuilder builder, jakarta.persistence.criteria.CriteriaQuery<?> queryBuilder, jakarta.persistence.criteria.Path<?> path) -
getPolicyEvaluator
-
getScopeAliases
-
runWithoutAuthorization
Disables authorization and evaluation of permissions for realm resource types when executing the given
runnablein the context of the givensession.This method should be used whenever a code block should be executed without any evaluation or filtering based on the permissions set to a realm. For instance, when caching realm resources where access enforcement does not apply.
- Parameters:
session- the session. Ifnull, authorization is enabled when executing the code blockrunnable- the runnable to execute
-
isSkipEvaluation
Returns if authorization is disabled in the context of the givensessionat the moment that this method is called.- Parameters:
session- the session- Returns:
trueif authorization is disabled. Otherwise, returnsfalse. Otherwise,false.- See Also:
-