keycloak-aplcache
Changes
examples/authz/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.admin/Main.drl 2(+1 -1)
examples/authz/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.user/Main.drl 2(+1 -1)
examples/authz/photoz/photoz-restful-api/src/main/resources/photoz-restful-api-authz-service.json 2(+1 -1)
testsuite/integration-arquillian/test-apps/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.admin/Main.drl 2(+1 -1)
Details
diff --git a/examples/authz/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.admin/Main.drl b/examples/authz/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.admin/Main.drl
index deb1c84..c807f9b 100644
--- a/examples/authz/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.admin/Main.drl
+++ b/examples/authz/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.admin/Main.drl
@@ -7,7 +7,7 @@ rule "Authorize Admin Resources"
when
$evaluation : Evaluation(
$identity : context.identity,
- $identity.hasRole("admin")
+ $identity.hasRealmRole("admin")
)
then
$evaluation.grant();
diff --git a/examples/authz/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.user/Main.drl b/examples/authz/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.user/Main.drl
index 9b1677e..2ebc457 100644
--- a/examples/authz/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.user/Main.drl
+++ b/examples/authz/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.user/Main.drl
@@ -7,7 +7,7 @@ rule "Authorize View User Album"
when
$evaluation : Evaluation(
$identity : context.identity,
- $identity.hasRole("user")
+ $identity.hasRealmRole("user")
)
then
$evaluation.grant();
diff --git a/examples/authz/photoz/photoz-restful-api/src/main/resources/photoz-restful-api-authz-service.json b/examples/authz/photoz/photoz-restful-api/src/main/resources/photoz-restful-api-authz-service.json
index b6a93bc..28b87bc 100644
--- a/examples/authz/photoz/photoz-restful-api/src/main/resources/photoz-restful-api-authz-service.json
+++ b/examples/authz/photoz/photoz-restful-api/src/main/resources/photoz-restful-api-authz-service.json
@@ -113,7 +113,7 @@
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
- "code": "var context = $evaluation.getContext();\nvar identity = context.getIdentity();\nvar attributes = identity.getAttributes();\nvar email = attributes.getValue('email').asString(0);\n\nif (identity.hasRole('admin') || email.endsWith('@keycloak.org')) {\n $evaluation.grant();\n}"
+ "code": "var context = $evaluation.getContext();\nvar identity = context.getIdentity();\nvar attributes = identity.getAttributes();\nvar email = attributes.getValue('email').asString(0);\n\nif (identity.hasRealmRole('admin') || email.endsWith('@keycloak.org')) {\n $evaluation.grant();\n}"
}
},
{
diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/identity/Identity.java b/server-spi-private/src/main/java/org/keycloak/authorization/identity/Identity.java
index ad7057b..e203dfe 100644
--- a/server-spi-private/src/main/java/org/keycloak/authorization/identity/Identity.java
+++ b/server-spi-private/src/main/java/org/keycloak/authorization/identity/Identity.java
@@ -45,17 +45,6 @@ public interface Identity {
Attributes getAttributes();
/**
- * Indicates if this identity is granted with a role (realm or client) with the given <code>roleName</code>.
- *
- * @param roleName the name of the role
- *
- * @return true if the identity has the given role. Otherwise, it returns false.
- */
- default boolean hasRole(String roleName) {
- return hasRealmRole(roleName) || hasClientRole(roleName);
- }
-
- /**
* Indicates if this identity is granted with a realm role with the given <code>roleName</code>.
*
* @param roleName the name of the role
@@ -77,21 +66,4 @@ public interface Identity {
default boolean hasClientRole(String clientId, String roleName) {
return getAttributes().containsValue("kc.client." + clientId + ".roles", roleName);
}
-
- /**
- * Indicates if this identity is granted with a client role with the given <code>roleName</code>.
- *
- * @param roleName the name of the role
- *
- * @return true if the identity has the given role. Otherwise, it returns false.
- */
- default boolean hasClientRole(String roleName) {
- return getAttributes().toMap().entrySet().stream().filter(entry -> {
- String key = entry.getKey();
- if (key.startsWith("kc.client") && key.endsWith(".roles")) {
- return getAttributes().containsValue(key, roleName);
- }
- return false;
- }).findFirst().isPresent();
- }
}
diff --git a/services/src/main/java/org/keycloak/authorization/common/ClientModelIdentity.java b/services/src/main/java/org/keycloak/authorization/common/ClientModelIdentity.java
index d2c6b67..f499a01 100644
--- a/services/src/main/java/org/keycloak/authorization/common/ClientModelIdentity.java
+++ b/services/src/main/java/org/keycloak/authorization/common/ClientModelIdentity.java
@@ -70,14 +70,4 @@ public class ClientModelIdentity implements Identity {
if (role == null) return false;
return serviceAccount.hasRole(role);
}
-
- @Override
- public boolean hasRole(String roleName) {
- throw new RuntimeException("Should not execute");
- }
-
- @Override
- public boolean hasClientRole(String roleName) {
- throw new RuntimeException("Should not execute");
- }
}
diff --git a/services/src/main/java/org/keycloak/authorization/common/UserModelIdentity.java b/services/src/main/java/org/keycloak/authorization/common/UserModelIdentity.java
index c54e4c0..2726913 100644
--- a/services/src/main/java/org/keycloak/authorization/common/UserModelIdentity.java
+++ b/services/src/main/java/org/keycloak/authorization/common/UserModelIdentity.java
@@ -64,14 +64,4 @@ public class UserModelIdentity implements Identity {
if (role == null) return false;
return user.hasRole(role);
}
-
- @Override
- public boolean hasRole(String roleName) {
- throw new RuntimeException("Should not execute");
- }
-
- @Override
- public boolean hasClientRole(String roleName) {
- throw new RuntimeException("Should not execute");
- }
}
diff --git a/testsuite/integration-arquillian/test-apps/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.admin/Main.drl b/testsuite/integration-arquillian/test-apps/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.admin/Main.drl
index deb1c84..c807f9b 100644
--- a/testsuite/integration-arquillian/test-apps/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.admin/Main.drl
+++ b/testsuite/integration-arquillian/test-apps/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.admin/Main.drl
@@ -7,7 +7,7 @@ rule "Authorize Admin Resources"
when
$evaluation : Evaluation(
$identity : context.identity,
- $identity.hasRole("admin")
+ $identity.hasRealmRole("admin")
)
then
$evaluation.grant();
diff --git a/testsuite/integration-arquillian/test-apps/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.user/Main.drl b/testsuite/integration-arquillian/test-apps/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.user/Main.drl
index 9b1677e..2ebc457 100644
--- a/testsuite/integration-arquillian/test-apps/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.user/Main.drl
+++ b/testsuite/integration-arquillian/test-apps/photoz/photoz-authz-policy/src/main/resources/com.photoz.authz.policy.user/Main.drl
@@ -7,7 +7,7 @@ rule "Authorize View User Album"
when
$evaluation : Evaluation(
$identity : context.identity,
- $identity.hasRole("user")
+ $identity.hasRealmRole("user")
)
then
$evaluation.grant();
diff --git a/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api-authz-service.json b/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api-authz-service.json
index ab34c88..ba44208 100644
--- a/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api-authz-service.json
+++ b/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api-authz-service.json
@@ -118,7 +118,7 @@
"decisionStrategy": "UNANIMOUS",
"config": {
"applyPolicies": "[]",
- "code": "var context = $evaluation.getContext();\nvar identity = context.getIdentity();\nvar attributes = identity.getAttributes();\nvar email = attributes.getValue('email').asString(0);\n\nif (identity.hasRole('admin') || email.endsWith('@keycloak.org')) {\n $evaluation.grant();\n}"
+ "code": "var context = $evaluation.getContext();\nvar identity = context.getIdentity();\nvar attributes = identity.getAttributes();\nvar email = attributes.getValue('email').asString(0);\n\nif (identity.hasRealmRole('admin') || email.endsWith('@keycloak.org')) {\n $evaluation.grant();\n}"
}
},
{
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/import-authorization-unordered-settings.json b/testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/import-authorization-unordered-settings.json
index 8bdb635..1d60090 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/import-authorization-unordered-settings.json
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/import-authorization-unordered-settings.json
@@ -159,7 +159,7 @@
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
- "code": "var context = $evaluation.getContext();\nvar identity = context.getIdentity();\nvar attributes = identity.getAttributes();\nvar email = attributes.getValue('email').asString(0);\n\nif (identity.hasRole('admin') || email.endsWith('@keycloak.org')) {\n $evaluation.grant();\n}"
+ "code": "var context = $evaluation.getContext();\nvar identity = context.getIdentity();\nvar attributes = identity.getAttributes();\nvar email = attributes.getValue('email').asString(0);\n\nif (identity.hasRealmRole('admin') || email.endsWith('@keycloak.org')) {\n $evaluation.grant();\n}"
}
},
{