Java Code Examples for org.keycloak.representations.AccessToken#setAuthorization()

The following examples show how to use org.keycloak.representations.AccessToken#setAuthorization() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: KeycloakAdapterPolicyEnforcer.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Override
protected boolean isAuthorized(PathConfig pathConfig, PolicyEnforcerConfig.MethodConfig methodConfig, AccessToken accessToken, OIDCHttpFacade httpFacade, Map<String, List<String>> claims) {
    AccessToken original = accessToken;

    if (super.isAuthorized(pathConfig, methodConfig, accessToken, httpFacade, claims)) {
        return true;
    }

    accessToken = requestAuthorizationToken(pathConfig, methodConfig, httpFacade, claims);

    if (accessToken == null) {
        return false;
    }

    AccessToken.Authorization authorization = original.getAuthorization();

    if (authorization == null) {
        authorization = new AccessToken.Authorization();
        authorization.setPermissions(new ArrayList<Permission>());
    }

    AccessToken.Authorization newAuthorization = accessToken.getAuthorization();

    if (newAuthorization != null) {
        Collection<Permission> grantedPermissions = authorization.getPermissions();
        Collection<Permission> newPermissions = newAuthorization.getPermissions();

        for (Permission newPermission : newPermissions) {
            if (!grantedPermissions.contains(newPermission)) {
                grantedPermissions.add(newPermission);
            }
        }
    }

    original.setAuthorization(authorization);

    return super.isAuthorized(pathConfig, methodConfig, accessToken, httpFacade, claims);
}
 
Example 2
Source File: AuthorizationTokenService.java    From keycloak with Apache License 2.0 4 votes vote down vote up
private AuthorizationResponse createAuthorizationResponse(KeycloakIdentity identity, Collection<Permission> entitlements, KeycloakAuthorizationRequest request, ClientModel targetClient) {
    KeycloakSession keycloakSession = request.getKeycloakSession();
    AccessToken accessToken = identity.getAccessToken();
    RealmModel realm = request.getRealm();
    UserSessionProvider sessions = keycloakSession.sessions();
    UserSessionModel userSessionModel = sessions.getUserSession(realm, accessToken.getSessionState());

    if (userSessionModel == null) {
        userSessionModel = sessions.getOfflineUserSession(realm, accessToken.getSessionState());
    }

    ClientModel client = realm.getClientByClientId(accessToken.getIssuedFor());
    AuthenticatedClientSessionModel clientSession = userSessionModel.getAuthenticatedClientSessionByClient(targetClient.getId());
    ClientSessionContext clientSessionCtx;

    if (clientSession == null) {
        RootAuthenticationSessionModel rootAuthSession = keycloakSession.authenticationSessions().getRootAuthenticationSession(realm, userSessionModel.getId());

        if (rootAuthSession == null) {
            if (userSessionModel.getUser().getServiceAccountClientLink() == null) {
                rootAuthSession = keycloakSession.authenticationSessions().createRootAuthenticationSession(userSessionModel.getId(), realm);
            } else {
                // if the user session is associated with a service account
                rootAuthSession = new AuthenticationSessionManager(keycloakSession).createAuthenticationSession(realm, false);
            }
        }

        AuthenticationSessionModel authSession = rootAuthSession.createAuthenticationSession(targetClient);

        authSession.setAuthenticatedUser(userSessionModel.getUser());
        authSession.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
        authSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(keycloakSession.getContext().getUri().getBaseUri(), realm.getName()));

        AuthenticationManager.setClientScopesInSession(authSession);
        clientSessionCtx = TokenManager.attachAuthenticationSession(keycloakSession, userSessionModel, authSession);
    } else {
        clientSessionCtx = DefaultClientSessionContext.fromClientSessionScopeParameter(clientSession, keycloakSession);
    }

    TokenManager tokenManager = request.getTokenManager();
    EventBuilder event = request.getEvent();
    AccessTokenResponseBuilder responseBuilder = tokenManager.responseBuilder(realm, client, event, keycloakSession, userSessionModel, clientSessionCtx)
            .generateAccessToken()
            .generateRefreshToken();
    AccessToken rpt = responseBuilder.getAccessToken();
    Authorization authorization = new Authorization();

    authorization.setPermissions(entitlements);

    rpt.setAuthorization(authorization);

    RefreshToken refreshToken = responseBuilder.getRefreshToken();

    refreshToken.issuedFor(client.getClientId());
    refreshToken.setAuthorization(authorization);

    if (!rpt.hasAudience(targetClient.getClientId())) {
        rpt.audience(targetClient.getClientId());
    }

    return new AuthorizationResponse(responseBuilder.build(), isUpgraded(request, authorization));
}