From 00742a62dd926a7c3d9ce78a1d42dd06a31a5b73 Mon Sep 17 00:00:00 2001 From: Michal Hajas Date: Fri, 2 Feb 2024 16:51:32 +0100 Subject: [PATCH] Remove RealmModel from authorization services interfaces (#26708) Closes #26530 Signed-off-by: Michal Hajas --- .../client/ClientPolicyProviderFactory.java | 2 +- .../ClientScopePolicyProviderFactory.java | 5 +- .../permission/UMAPolicyProviderFactory.java | 14 +-- .../role/RolePolicyProviderFactory.java | 2 +- ...ispanCacheStoreFactoryProviderFactory.java | 9 -- .../PermissionTicketAdapter.java | 17 ++- .../authorization/PolicyAdapter.java | 13 +- .../authorization/ResourceAdapter.java | 10 +- .../authorization/ResourceServerAdapter.java | 18 +-- .../authorization/ScopeAdapter.java | 7 +- .../StoreFactoryCacheSession.java | 115 +++++++++--------- .../store/JPAAuthorizationStoreFactory.java | 9 -- .../jpa/store/JPAPermissionTicketStore.java | 25 ++-- .../jpa/store/JPAPolicyStore.java | 19 ++- .../jpa/store/JPAResourceServerStore.java | 9 +- .../jpa/store/JPAResourceStore.java | 15 ++- .../jpa/store/JPAScopeStore.java | 11 +- .../jpa/store/PermissionTicketAdapter.java | 10 +- .../jpa/store/PolicyAdapter.java | 6 +- .../jpa/store/ResourceAdapter.java | 4 +- .../jpa/store/ResourceServerAdapter.java | 8 +- .../authorization/jpa/store/ScopeAdapter.java | 2 +- .../authorization/AuthorizationProvider.java | 63 +++++----- .../UserManagedPermissionUtil.java | 10 +- .../authorization/model/ResourceServer.java | 8 -- .../authorization/permission/Permissions.java | 4 +- ...ionTicketAwareDecisionResultCollector.java | 10 +- .../store/PermissionTicketStore.java | 45 +++---- .../authorization/store/PolicyStore.java | 23 ++-- .../store/ResourceServerStore.java | 6 +- .../authorization/store/ResourceStore.java | 56 ++++----- .../authorization/store/ScopeStore.java | 9 +- .../ClientApplicationSynchronizer.java | 4 +- .../syncronization/GroupSynchronizer.java | 4 +- .../syncronization/UserSynchronizer.java | 20 ++- .../models/utils/RepresentationToModel.java | 22 ++-- .../admin/PolicyEvaluationService.java | 2 +- .../admin/PolicyResourceService.java | 2 +- .../authorization/admin/PolicyService.java | 10 +- .../admin/ResourceSetService.java | 20 +-- .../authorization/admin/ScopeService.java | 15 ++- .../PolicyEvaluationResponseBuilder.java | 2 +- .../AuthorizationTokenService.java | 9 +- .../permission/AbstractPermissionService.java | 2 +- .../permission/PermissionTicketService.java | 16 +-- .../policy/UserManagedPermissionService.java | 4 +- .../account/resources/ResourceService.java | 11 +- .../account/resources/ResourcesService.java | 12 +- .../admin/permissions/ClientPermissions.java | 4 +- .../admin/permissions/GroupPermissions.java | 16 +-- .../IdentityProviderPermissions.java | 4 +- .../admin/permissions/RolePermissions.java | 10 +- .../admin/permissions/UserPermissions.java | 18 ++- .../UserManagedPermissionServiceTest.java | 10 +- .../model/authz/ConcurrentAuthzTest.java | 20 +-- 55 files changed, 343 insertions(+), 458 deletions(-) diff --git a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java index 6f11f929629..bf63e2a82c0 100644 --- a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java +++ b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/client/ClientPolicyProviderFactory.java @@ -140,7 +140,7 @@ public class ClientPolicyProviderFactory implements PolicyProviderFactory filters = new HashMap<>(); filters.put(Policy.FilterOption.TYPE, new String[] { getId() }); - policyStore.find(realm, null, filters, null, null).forEach(new Consumer() { + policyStore.find(null, filters, null, null).forEach(new Consumer() { @Override public void accept(Policy policy) { @@ -94,7 +93,7 @@ public class ClientScopePolicyProviderFactory implements PolicyProviderFactory associatedPolicies = policy.getAssociatedPolicies(); - RealmModel realm = policy.getResourceServer().getRealm(); for (Policy associatedPolicy : associatedPolicies) { AbstractPolicyRepresentation associatedRep = ModelToRepresentation.toRepresentation(associatedPolicy, authorization, false, false); @@ -144,7 +143,7 @@ public class UMAPolicyProviderFactory implements PolicyProviderFactory { protected boolean isUpdated() { if (updated != null) return true; if (!invalidated) return false; - updated = cacheSession.getPolicyStoreDelegate().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, cacheSession.getResourceServerStore().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, cached.getResourceServerId()), cached.getId()); + updated = cacheSession.getPolicyStoreDelegate().findById(cacheSession.getResourceServerStore().findById(cached.getResourceServerId()), cached.getId()); if (updated == null) throw new IllegalStateException("Not found in database"); return true; } @@ -113,7 +112,7 @@ public class PolicyAdapter implements Policy, CachedModel { @Override public ResourceServer getResourceServer() { - return cacheSession.getResourceServerStore().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, cached.getResourceServerId()); + return cacheSession.getResourceServerStore().findById(cached.getResourceServerId()); } @Override @@ -209,7 +208,7 @@ public class PolicyAdapter implements Policy, CachedModel { PolicyStore policyStore = cacheSession.getPolicyStore(); String resourceServerId = cached.getResourceServerId(); for (String id : cached.getAssociatedPoliciesIds(modelSupplier)) { - Policy policy = policyStore.findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, cacheSession.getResourceServerStore().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServerId), id); + Policy policy = policyStore.findById(cacheSession.getResourceServerStore().findById(resourceServerId), id); if (policy == null) { // probably because the policy was removed continue; @@ -230,7 +229,7 @@ public class PolicyAdapter implements Policy, CachedModel { ResourceStore resourceStore = cacheSession.getResourceStore(); ResourceServer resourceServer = getResourceServer(); for (String resourceId : cached.getResourcesIds(modelSupplier)) { - Resource resource = resourceStore.findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, resourceId); + Resource resource = resourceStore.findById(resourceServer, resourceId); cacheSession.cacheResource(resource); resources.add(resource); } @@ -295,7 +294,7 @@ public class PolicyAdapter implements Policy, CachedModel { ResourceServer resourceServer = getResourceServer(); ScopeStore scopeStore = cacheSession.getScopeStore(); for (String scopeId : cached.getScopesIds(modelSupplier)) { - Scope scope = scopeStore.findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, scopeId); + Scope scope = scopeStore.findById(resourceServer, scopeId); cacheSession.cacheScope(scope); scopes.add(scope); } @@ -330,6 +329,6 @@ public class PolicyAdapter implements Policy, CachedModel { } private Policy getPolicyModel() { - return cacheSession.getPolicyStoreDelegate().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, cacheSession.getResourceServerStore().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, cached.getResourceServerId()), cached.getId()); + return cacheSession.getPolicyStoreDelegate().findById(cacheSession.getResourceServerStore().findById(cached.getResourceServerId()), cached.getId()); } } diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/ResourceAdapter.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/ResourceAdapter.java index b40e2ec9a5d..4c65c4a4253 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/ResourceAdapter.java +++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/ResourceAdapter.java @@ -81,7 +81,7 @@ public class ResourceAdapter implements Resource, CachedModel { protected boolean isUpdated() { if (updated != null) return true; if (!invalidated) return false; - updated = cacheSession.getResourceStoreDelegate().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, getResourceServer(), cached.getId()); + updated = cacheSession.getResourceStoreDelegate().findById(getResourceServer(), cached.getId()); if (updated == null) throw new IllegalStateException("Not found in database"); return true; } @@ -134,7 +134,7 @@ public class ResourceAdapter implements Resource, CachedModel { @Override public ResourceServer getResourceServer() { - return cacheSession.getResourceServerStore().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, cached.getResourceServerId()); + return cacheSession.getResourceServerStore().findById(cached.getResourceServerId()); } @Override @@ -172,7 +172,7 @@ public class ResourceAdapter implements Resource, CachedModel { if (scopes != null) return scopes; scopes = new LinkedList<>(); for (String scopeId : cached.getScopesIds(modelSupplier)) { - scopes.add(cacheSession.getScopeStore().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, getResourceServer(), scopeId)); + scopes.add(cacheSession.getScopeStore().findById(getResourceServer(), scopeId)); } return scopes = Collections.unmodifiableList(scopes); } @@ -206,7 +206,7 @@ public class ResourceAdapter implements Resource, CachedModel { List permissions = permissionStore.findByScope(getResourceServer(), scope); for (PermissionTicket permission : permissions) { - permissionStore.delete(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, permission.getId()); + permissionStore.delete(permission.getId()); } } } @@ -282,6 +282,6 @@ public class ResourceAdapter implements Resource, CachedModel { } private Resource getResourceModel() { - return cacheSession.getResourceStoreDelegate().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, getResourceServer(), cached.getId()); + return cacheSession.getResourceStoreDelegate().findById(getResourceServer(), cached.getId()); } } diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/ResourceServerAdapter.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/ResourceServerAdapter.java index 3c918008e2d..0faa29eaa38 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/ResourceServerAdapter.java +++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/ResourceServerAdapter.java @@ -18,9 +18,6 @@ package org.keycloak.models.cache.infinispan.authorization; import org.keycloak.authorization.model.CachedModel; import org.keycloak.authorization.model.ResourceServer; -import org.keycloak.authorization.store.PermissionTicketStore; -import org.keycloak.models.ClientModel; -import org.keycloak.models.RealmModel; import org.keycloak.models.cache.infinispan.authorization.entities.CachedResourceServer; import org.keycloak.representations.idm.authorization.DecisionStrategy; import org.keycloak.representations.idm.authorization.PolicyEnforcementMode; @@ -32,21 +29,19 @@ import org.keycloak.representations.idm.authorization.PolicyEnforcementMode; public class ResourceServerAdapter implements ResourceServer, CachedModel { protected CachedResourceServer cached; protected StoreFactoryCacheSession cacheSession; - private RealmModel realm; protected ResourceServer updated; - public ResourceServerAdapter(RealmModel realm, CachedResourceServer cached, - StoreFactoryCacheSession cacheSession) { + public ResourceServerAdapter(CachedResourceServer cached, + StoreFactoryCacheSession cacheSession) { this.cached = cached; this.cacheSession = cacheSession; - this.realm = realm; } @Override public ResourceServer getDelegateForUpdate() { if (updated == null) { cacheSession.registerResourceServerInvalidation(cached.getId()); - updated = cacheSession.getResourceServerStoreDelegate().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, cached.getId()); + updated = cacheSession.getResourceServerStoreDelegate().findById(cached.getId()); if (updated == null) throw new IllegalStateException("Not found in database"); } return updated; @@ -73,7 +68,7 @@ public class ResourceServerAdapter implements ResourceServer, CachedModel { public Scope getDelegateForUpdate() { if (updated == null) { cacheSession.registerScopeInvalidation(cached.getId(), cached.getName(), cached.getResourceServerId()); - updated = cacheSession.getScopeStoreDelegate().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, getResourceServer(), cached.getId()); + updated = cacheSession.getScopeStoreDelegate().findById(getResourceServer(), cached.getId()); if (updated == null) throw new IllegalStateException("Not found in database"); } return updated; @@ -67,7 +66,7 @@ public class ScopeAdapter implements Scope, CachedModel { protected boolean isUpdated() { if (updated != null) return true; if (!invalidated) return false; - updated = cacheSession.getScopeStoreDelegate().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, getResourceServer(), cached.getId()); + updated = cacheSession.getScopeStoreDelegate().findById(getResourceServer(), cached.getId()); if (updated == null) throw new IllegalStateException("Not found in database"); return true; } @@ -119,7 +118,7 @@ public class ScopeAdapter implements Scope, CachedModel { @Override public ResourceServer getResourceServer() { - return cacheSession.getResourceServerStore().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, cached.getResourceServerId()); + return cacheSession.getResourceServerStore().findById(cached.getResourceServerId()); } @Override diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheSession.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheSession.java index 5065919acb9..2424a6462a2 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheSession.java +++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/StoreFactoryCacheSession.java @@ -47,7 +47,6 @@ import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakTransaction; import org.keycloak.models.ModelException; -import org.keycloak.models.RealmModel; import org.keycloak.models.cache.authorization.CachedStoreFactoryProvider; import org.keycloak.models.cache.infinispan.authorization.entities.CachedPermissionTicket; import org.keycloak.models.cache.infinispan.authorization.entities.CachedPolicy; @@ -310,9 +309,9 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { return Collections.emptySet(); } - ResourceServer resourceServer = getResourceServerStore().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, serverId); + ResourceServer resourceServer = getResourceServerStore().findById(serverId); return resources.stream().map(resourceId -> { - Resource resource = getResourceStore().findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, resourceId); + Resource resource = getResourceStore().findById(resourceServer, resourceId); String type = resource.getType(); if (type != null) { @@ -451,7 +450,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { public void delete(ClientModel client) { String id = client.getId(); if (id == null) return; - ResourceServer server = findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, id); + ResourceServer server = findById(id); if (server == null) return; cache.invalidateObject(id); @@ -462,7 +461,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { } @Override - public ResourceServer findById(RealmModel realm, String id) { + public ResourceServer findById(String id) { if (id == null) return null; CachedResourceServer cached = cache.get(id, CachedResourceServer.class); if (cached != null) { @@ -472,7 +471,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { if (cached == null) { Long loaded = cache.getCurrentRevision(id); if (! modelMightExist(id)) return null; - ResourceServer model = getResourceServerStoreDelegate().findById(realm, id); + ResourceServer model = getResourceServerStoreDelegate().findById(id); if (model == null) { setModelDoesNotExists(id, loaded); return null; @@ -481,18 +480,18 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { cached = new CachedResourceServer(loaded, model); cache.addRevisioned(cached, startupRevision); } else if (invalidations.contains(id)) { - return getResourceServerStoreDelegate().findById(realm, id); + return getResourceServerStoreDelegate().findById(id); } else if (managedResourceServers.containsKey(id)) { return managedResourceServers.get(id); } - ResourceServerAdapter adapter = new ResourceServerAdapter(realm, cached, StoreFactoryCacheSession.this); - managedResourceServers.put(id, adapter); + ResourceServerAdapter adapter = new ResourceServerAdapter(cached, StoreFactoryCacheSession.this); + managedResourceServers.put(id, adapter); return adapter; } @Override public ResourceServer findByClient(ClientModel client) { - return findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, client.getId()); + return findById(client.getId()); } } @@ -510,19 +509,19 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { } @Override - public void delete(RealmModel realm, String id) { + public void delete(String id) { if (id == null) return; - Scope scope = findById(realm, null, id); + Scope scope = findById(null, id); if (scope == null) return; cache.invalidateObject(id); invalidationEvents.add(ScopeRemovedEvent.create(id, scope.getName(), scope.getResourceServer().getId())); cache.scopeRemoval(id, scope.getName(), scope.getResourceServer().getId(), invalidations); - getScopeStoreDelegate().delete(realm, id); + getScopeStoreDelegate().delete(id); } @Override - public Scope findById(RealmModel realm, ResourceServer resourceServer, String id) { + public Scope findById(ResourceServer resourceServer, String id) { if (id == null) return null; CachedScope cached = cache.get(id, CachedScope.class); if (cached != null) { @@ -531,7 +530,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { if (cached == null) { Long loaded = cache.getCurrentRevision(id); if (! modelMightExist(id)) return null; - Scope model = getScopeStoreDelegate().findById(realm, resourceServer, id); + Scope model = getScopeStoreDelegate().findById(resourceServer, id); if (model == null) { setModelDoesNotExists(id, loaded); return null; @@ -540,7 +539,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { cached = new CachedScope(loaded, model); cache.addRevisioned(cached, startupRevision); } else if (invalidations.contains(id)) { - return getScopeStoreDelegate().findById(realm, resourceServer, id); + return getScopeStoreDelegate().findById(resourceServer, id); } else if (managedScopes.containsKey(id)) { return managedScopes.get(id); } @@ -573,7 +572,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { if (invalidations.contains(id)) { return getScopeStoreDelegate().findByName(resourceServer, name); } - return findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, id); + return findById(resourceServer, id); } } @@ -593,29 +592,29 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { @Override public Resource create(ResourceServer resourceServer, String id, String name, String owner) { Resource resource = getResourceStoreDelegate().create(resourceServer, id, name, owner); - Resource cached = findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, resource.getId()); + Resource cached = findById(resourceServer, resource.getId()); registerResourceInvalidation(resource.getId(), resource.getName(), resource.getType(), resource.getUris(), resource.getScopes().stream().map(Scope::getId).collect(Collectors.toSet()), resourceServer.getId(), resource.getOwner()); if (cached == null) { - cached = findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, resource.getId()); + cached = findById(resourceServer, resource.getId()); } return cached; } @Override - public void delete(RealmModel realm, String id) { + public void delete(String id) { if (id == null) return; - Resource resource = findById(realm, null, id); + Resource resource = findById(null, id); if (resource == null) return; cache.invalidateObject(id); invalidationEvents.add(ResourceRemovedEvent.create(id, resource.getName(), resource.getType(), resource.getUris(), resource.getOwner(), resource.getScopes().stream().map(Scope::getId).collect(Collectors.toSet()), resource.getResourceServer().getId())); cache.resourceRemoval(id, resource.getName(), resource.getType(), resource.getUris(), resource.getOwner(), resource.getScopes().stream().map(Scope::getId).collect(Collectors.toSet()), resource.getResourceServer().getId(), invalidations); - getResourceStoreDelegate().delete(realm, id); + getResourceStoreDelegate().delete(id); } @Override - public Resource findById(RealmModel realm, ResourceServer resourceServer, String id) { + public Resource findById(ResourceServer resourceServer, String id) { if (id == null) return null; CachedResource cached = cache.get(id, CachedResource.class); if (cached != null) { @@ -624,7 +623,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { if (cached == null) { Long loaded = cache.getCurrentRevision(id); if (! modelMightExist(id)) return null; - Resource model = getResourceStoreDelegate().findById(realm, resourceServer, id); + Resource model = getResourceStoreDelegate().findById(resourceServer, id); if (model == null) { setModelDoesNotExists(id, loaded); return null; @@ -633,7 +632,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { cached = new CachedResource(loaded, model); cache.addRevisioned(cached, startupRevision); } else if (invalidations.contains(id)) { - return getResourceStoreDelegate().findById(realm, resourceServer, id); + return getResourceStoreDelegate().findById(resourceServer, id); } else if (managedResources.containsKey(id)) { return managedResources.get(id); } @@ -666,20 +665,20 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { } @Override - public List findByOwner(RealmModel realm, ResourceServer resourceServer, String ownerId) { + public List findByOwner(ResourceServer resourceServer, String ownerId) { String resourceServerId = resourceServer == null ? null : resourceServer.getId(); String cacheKey = getResourceByOwnerCacheKey(ownerId, resourceServerId); - return cacheQuery(cacheKey, ResourceListQuery.class, () -> getResourceStoreDelegate().findByOwner(realm, resourceServer, ownerId), + return cacheQuery(cacheKey, ResourceListQuery.class, () -> getResourceStoreDelegate().findByOwner(resourceServer, ownerId), (revision, resources) -> new ResourceListQuery(revision, cacheKey, resources.stream().map(Resource::getId).collect(Collectors.toSet()), resourceServerId), resourceServer); } @Override - public void findByOwner(RealmModel realm, ResourceServer resourceServer, String ownerId, Consumer consumer) { + public void findByOwner(ResourceServer resourceServer, String ownerId, Consumer consumer) { String resourceServerId = resourceServer == null ? null : resourceServer.getId(); String cacheKey = getResourceByOwnerCacheKey(ownerId, resourceServerId); cacheQuery(cacheKey, ResourceListQuery.class, () -> { List resources = new ArrayList<>(); - getResourceStoreDelegate().findByOwner(realm, resourceServer, ownerId, new Consumer() { + getResourceStoreDelegate().findByOwner(resourceServer, ownerId, new Consumer() { @Override public void accept(Resource resource) { consumer.andThen(resources::add) @@ -698,8 +697,8 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { } @Override - public List find(RealmModel realm, ResourceServer resourceServer, Map attributes, Integer firstResult, Integer maxResults) { - return getResourceStoreDelegate().find(realm, resourceServer, attributes, firstResult, maxResults); + public List find(ResourceServer resourceServer, Map attributes, Integer firstResult, Integer maxResults) { + return getResourceStoreDelegate().find(resourceServer, attributes, firstResult, maxResults); } @Override @@ -837,9 +836,9 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { Set resources = query.getResources(); if (consumer != null) { - resources.stream().map(resourceId -> (R) findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, resourceId)).forEach(consumer); + resources.stream().map(resourceId -> (R) findById(resourceServer, resourceId)).forEach(consumer); } else { - model = resources.stream().map(resourceId -> (R) findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, resourceId)).collect(Collectors.toList()); + model = resources.stream().map(resourceId -> (R) findById(resourceServer, resourceId)).collect(Collectors.toList()); } } @@ -855,18 +854,18 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { @Override public Policy create(ResourceServer resourceServer, AbstractPolicyRepresentation representation) { Policy policy = getPolicyStoreDelegate().create(resourceServer, representation); - Policy cached = findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, policy.getId()); + Policy cached = findById(resourceServer, policy.getId()); registerPolicyInvalidation(policy.getId(), representation.getName(), representation.getResources(), representation.getScopes(), null, resourceServer.getId()); if (cached == null) { - cached = findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, policy.getId()); + cached = findById(resourceServer, policy.getId()); } return cached; } @Override - public void delete(RealmModel realm, String id) { + public void delete(String id) { if (id == null) return; - Policy policy = findById(realm, null, id); + Policy policy = findById(null, id); if (policy == null) return; cache.invalidateObject(id); @@ -880,12 +879,12 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { Set scopes = policy.getScopes().stream().map(Scope::getId).collect(Collectors.toSet()); invalidationEvents.add(PolicyRemovedEvent.create(id, policy.getName(), resources, resourceTypes, scopes, resourceServer.getId())); cache.policyRemoval(id, policy.getName(), resources, resourceTypes, scopes, resourceServer.getId(), invalidations); - getPolicyStoreDelegate().delete(realm, id); + getPolicyStoreDelegate().delete(id); } @Override - public Policy findById(RealmModel realm, ResourceServer resourceServer, String id) { + public Policy findById(ResourceServer resourceServer, String id) { if (id == null) return null; CachedPolicy cached = cache.get(id, CachedPolicy.class); @@ -894,7 +893,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { } if (cached == null) { if (! modelMightExist(id)) return null; - Policy model = getPolicyStoreDelegate().findById(realm, resourceServer, id); + Policy model = getPolicyStoreDelegate().findById(resourceServer, id); Long loaded = cache.getCurrentRevision(id); if (model == null) { setModelDoesNotExists(id, loaded); @@ -904,7 +903,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { cached = new CachedPolicy(loaded, model); cache.addRevisioned(cached, startupRevision); } else if (invalidations.contains(id)) { - return getPolicyStoreDelegate().findById(realm, resourceServer, id); + return getPolicyStoreDelegate().findById(resourceServer, id); } else if (managedPolicies.containsKey(id)) { return managedPolicies.get(id); } @@ -941,8 +940,8 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { } @Override - public List find(RealmModel realm, ResourceServer resourceServer, Map attributes, Integer firstResult, Integer maxResults) { - return getPolicyStoreDelegate().find(realm, resourceServer, attributes, firstResult, maxResults); + public List find(ResourceServer resourceServer, Map attributes, Integer firstResult, Integer maxResults) { + return getPolicyStoreDelegate().find(resourceServer, attributes, firstResult, maxResults); } @Override @@ -1086,10 +1085,10 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { if (consumer != null) { for (String id : policies) { - consumer.accept((R) findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, id)); + consumer.accept((R) findById(resourceServer, id)); } } else { - model = policies.stream().map(resourceId -> (R) findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, resourceId)) + model = policies.stream().map(resourceId -> (R) findById(resourceServer, resourceId)) .filter(Objects::nonNull).collect(Collectors.toList()); } } @@ -1114,9 +1113,9 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { } @Override - public void delete(RealmModel realm, String id) { + public void delete(String id) { if (id == null) return; - PermissionTicket permission = findById(realm, null, id); + PermissionTicket permission = findById(null, id); if (permission == null) return; cache.invalidateObject(id); @@ -1126,13 +1125,13 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { } invalidationEvents.add(PermissionTicketRemovedEvent.create(id, permission.getOwner(), permission.getRequester(), permission.getResource().getId(), permission.getResource().getName(), scopeId, permission.getResourceServer().getId())); cache.permissionTicketRemoval(id, permission.getOwner(), permission.getRequester(), permission.getResource().getId(), permission.getResource().getName(),scopeId, permission.getResourceServer().getId(), invalidations); - getPermissionTicketStoreDelegate().delete(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, id); + getPermissionTicketStoreDelegate().delete(id); UserManagedPermissionUtil.removePolicy(permission, StoreFactoryCacheSession.this); } @Override - public PermissionTicket findById(RealmModel realm, ResourceServer resourceServer, String id) { + public PermissionTicket findById(ResourceServer resourceServer, String id) { if (id == null) return null; CachedPermissionTicket cached = cache.get(id, CachedPermissionTicket.class); @@ -1142,7 +1141,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { if (cached == null) { Long loaded = cache.getCurrentRevision(id); if (! modelMightExist(id)) return null; - PermissionTicket model = getPermissionTicketStoreDelegate().findById(realm, resourceServer, id); + PermissionTicket model = getPermissionTicketStoreDelegate().findById(resourceServer, id); if (model == null) { setModelDoesNotExists(id, loaded); return null; @@ -1151,7 +1150,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { cached = new CachedPermissionTicket(loaded, model); cache.addRevisioned(cached, startupRevision); } else if (invalidations.contains(id)) { - return getPermissionTicketStoreDelegate().findById(realm, resourceServer, id); + return getPermissionTicketStoreDelegate().findById(resourceServer, id); } else if (managedPermissionTickets.containsKey(id)) { return managedPermissionTickets.get(id); } @@ -1177,8 +1176,8 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { } @Override - public List find(RealmModel realm, ResourceServer resourceServer, Map attributes, Integer firstResult, Integer maxResult) { - return getPermissionTicketStoreDelegate().find(realm, resourceServer, attributes, firstResult, maxResult); + public List find(ResourceServer resourceServer, Map attributes, Integer firstResult, Integer maxResult) { + return getPermissionTicketStoreDelegate().find(resourceServer, attributes, firstResult, maxResult); } @Override @@ -1198,13 +1197,13 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { } @Override - public List findGrantedResources(RealmModel realm, String requester, String name, Integer first, Integer max) { - return getPermissionTicketStoreDelegate().findGrantedResources(realm, requester, name, first, max); + public List findGrantedResources(String requester, String name, Integer first, Integer max) { + return getPermissionTicketStoreDelegate().findGrantedResources(requester, name, first, max); } @Override - public List findGrantedOwnerResources(RealmModel realm, String owner, Integer firstResult, Integer maxResults) { - return getPermissionTicketStoreDelegate().findGrantedOwnerResources(realm, owner, firstResult, maxResults); + public List findGrantedOwnerResources(String owner, Integer firstResult, Integer maxResults) { + return getPermissionTicketStoreDelegate().findGrantedOwnerResources(owner, firstResult, maxResults); } private List cacheQuery(String cacheKey, Class queryType, Supplier> resultSupplier, BiFunction, Q> querySupplier, ResourceServer resourceServer) { @@ -1223,7 +1222,7 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider { } else if (query.isInvalid(invalidations)) { return resultSupplier.get(); } else { - return query.getPermissions().stream().map(resourceId -> (R) findById(InfinispanCacheStoreFactoryProviderFactory.NULL_REALM, resourceServer, resourceId)).collect(Collectors.toList()); + return query.getPermissions().stream().map(resourceId -> (R) findById(resourceServer, resourceId)).collect(Collectors.toList()); } } } diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAAuthorizationStoreFactory.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAAuthorizationStoreFactory.java index e6e8fb211c6..ad0dd221a4f 100644 --- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAAuthorizationStoreFactory.java +++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAAuthorizationStoreFactory.java @@ -35,15 +35,6 @@ import static org.keycloak.models.jpa.JpaRealmProviderFactory.PROVIDER_PRIORITY; */ public class JPAAuthorizationStoreFactory implements AuthorizationStoreFactory { - /** - * Legacy store doesn't store realm id for any entity and no method there is using new introduced RealmModel parameter. - * The parameter was introduced for usage only in the new storage. Therefore, in some cases we may break our rule specified in JavaDoc - * and use {@code null} value as parameter that otherwise cannot be {@code null}. We need to be careful and place such value only to a method call - * that cannot end up in the new store because it would end with {@link NullPointerException}. To mark all places where we do this, - * we use this variable so it is easily searchable. - */ - public static final RealmModel NULL_REALM = null; - @Override public StoreFactory create(KeycloakSession session) { AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class); diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAPermissionTicketStore.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAPermissionTicketStore.java index 4e8b30b8a59..f124174c662 100644 --- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAPermissionTicketStore.java +++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAPermissionTicketStore.java @@ -41,7 +41,6 @@ import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.store.PermissionTicketStore; import org.keycloak.authorization.store.ResourceStore; import org.keycloak.common.util.Time; -import org.keycloak.models.RealmModel; import org.keycloak.models.utils.KeycloakModelUtils; import jakarta.persistence.LockModeType; @@ -152,7 +151,7 @@ public class JPAPermissionTicketStore implements PermissionTicketStore { } @Override - public void delete(RealmModel realm, String id) { + public void delete(String id) { PermissionTicketEntity policy = entityManager.find(PermissionTicketEntity.class, id, LockModeType.PESSIMISTIC_WRITE); if (policy != null) { this.entityManager.remove(policy); @@ -161,7 +160,7 @@ public class JPAPermissionTicketStore implements PermissionTicketStore { @Override - public PermissionTicket findById(RealmModel realm, ResourceServer resourceServer, String id) { + public PermissionTicket findById(ResourceServer resourceServer, String id) { if (id == null) { return null; } @@ -185,7 +184,7 @@ public class JPAPermissionTicketStore implements PermissionTicketStore { PermissionTicketStore ticketStore = provider.getStoreFactory().getPermissionTicketStore(); for (String id : result) { - PermissionTicket ticket = ticketStore.findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, id); + PermissionTicket ticket = ticketStore.findById(resourceServer, id); if (Objects.nonNull(ticket)) { list.add(ticket); } @@ -212,7 +211,7 @@ public class JPAPermissionTicketStore implements PermissionTicketStore { PermissionTicketStore ticketStore = provider.getStoreFactory().getPermissionTicketStore(); for (String id : result) { - PermissionTicket ticket = ticketStore.findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, id); + PermissionTicket ticket = ticketStore.findById(resourceServer, id); if (Objects.nonNull(ticket)) { list.add(ticket); } @@ -222,7 +221,7 @@ public class JPAPermissionTicketStore implements PermissionTicketStore { } @Override - public List find(RealmModel realm, ResourceServer resourceServer, Map attributes, Integer firstResult, Integer maxResult) { + public List find(ResourceServer resourceServer, Map attributes, Integer firstResult, Integer maxResult) { CriteriaBuilder builder = entityManager.getCriteriaBuilder(); CriteriaQuery querybuilder = builder.createQuery(String.class); Root root = querybuilder.from(PermissionTicketEntity.class); @@ -240,7 +239,7 @@ public class JPAPermissionTicketStore implements PermissionTicketStore { PermissionTicketStore ticketStore = provider.getStoreFactory().getPermissionTicketStore(); for (String id : result) { - PermissionTicket ticket = ticketStore.findById(realm, resourceServer, id); + PermissionTicket ticket = ticketStore.findById(resourceServer, id); if (Objects.nonNull(ticket)) { list.add(ticket); } @@ -256,7 +255,7 @@ public class JPAPermissionTicketStore implements PermissionTicketStore { filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString()); filters.put(PermissionTicket.FilterOption.REQUESTER, userId); - return find(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, filters, null, null); + return find(resourceServer, filters, null, null); } @Override @@ -267,11 +266,11 @@ public class JPAPermissionTicketStore implements PermissionTicketStore { filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString()); filters.put(PermissionTicket.FilterOption.REQUESTER, userId); - return find(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, filters, null, null); + return find(resourceServer, filters, null, null); } @Override - public List findGrantedResources(RealmModel realm, String requester, String name, Integer first, Integer max) { + public List findGrantedResources(String requester, String name, Integer first, Integer max) { TypedQuery query = name == null ? entityManager.createNamedQuery("findGrantedResources", String.class) : entityManager.createNamedQuery("findGrantedResourcesByName", String.class); @@ -288,7 +287,7 @@ public class JPAPermissionTicketStore implements PermissionTicketStore { ResourceStore resourceStore = provider.getStoreFactory().getResourceStore(); for (String id : result) { - Resource resource = resourceStore.findById(realm, null, id); + Resource resource = resourceStore.findById(null, id); if (Objects.nonNull(resource)) { list.add(resource); @@ -299,7 +298,7 @@ public class JPAPermissionTicketStore implements PermissionTicketStore { } @Override - public List findGrantedOwnerResources(RealmModel realm, String owner, Integer firstResult, Integer maxResults) { + public List findGrantedOwnerResources(String owner, Integer firstResult, Integer maxResults) { TypedQuery query = entityManager.createNamedQuery("findGrantedOwnerResources", String.class); query.setFlushMode(FlushModeType.COMMIT); @@ -310,7 +309,7 @@ public class JPAPermissionTicketStore implements PermissionTicketStore { ResourceStore resourceStore = provider.getStoreFactory().getResourceStore(); for (String id : result) { - Resource resource = resourceStore.findById(realm, null, id); + Resource resource = resourceStore.findById(null, id); if (Objects.nonNull(resource)) { list.add(resource); diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAPolicyStore.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAPolicyStore.java index 24b738090cd..dd4a10b39bf 100644 --- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAPolicyStore.java +++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAPolicyStore.java @@ -42,7 +42,6 @@ import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.StoreFactory; -import org.keycloak.models.RealmModel; import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation; import jakarta.persistence.LockModeType; @@ -83,7 +82,7 @@ public class JPAPolicyStore implements PolicyStore { } @Override - public void delete(RealmModel realm, String id) { + public void delete(String id) { PolicyEntity policy = entityManager.find(PolicyEntity.class, id, LockModeType.PESSIMISTIC_WRITE); if (policy != null) { this.entityManager.remove(policy); @@ -92,7 +91,7 @@ public class JPAPolicyStore implements PolicyStore { @Override - public Policy findById(RealmModel realm, ResourceServer resourceServer, String id) { + public Policy findById(ResourceServer resourceServer, String id) { if (id == null) { return null; } @@ -130,7 +129,7 @@ public class JPAPolicyStore implements PolicyStore { List result = query.getResultList(); List list = new LinkedList<>(); for (String id : result) { - Policy policy = provider.getStoreFactory().getPolicyStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, id); + Policy policy = provider.getStoreFactory().getPolicyStore().findById(resourceServer, id); if (Objects.nonNull(policy)) { list.add(policy); } @@ -139,7 +138,7 @@ public class JPAPolicyStore implements PolicyStore { } @Override - public List find(RealmModel realm, ResourceServer resourceServer, Map attributes, Integer firstResult, Integer maxResults) { + public List find(ResourceServer resourceServer, Map attributes, Integer firstResult, Integer maxResults) { CriteriaBuilder builder = entityManager.getCriteriaBuilder(); CriteriaQuery querybuilder = builder.createQuery(String.class); Root root = querybuilder.from(PolicyEntity.class); @@ -200,7 +199,7 @@ public class JPAPolicyStore implements PolicyStore { List list = new LinkedList<>(); PolicyStore policyStore = provider.getStoreFactory().getPolicyStore(); for (String id : result) { - Policy policy = policyStore.findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, id); + Policy policy = policyStore.findById(resourceServer, id); if (Objects.nonNull(policy)) { list.add(policy); } @@ -219,7 +218,7 @@ public class JPAPolicyStore implements PolicyStore { PolicyStore storeFactory = provider.getStoreFactory().getPolicyStore(); closing(query.getResultStream() - .map(entity -> storeFactory.findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, entity.getId())) + .map(entity -> storeFactory.findById(resourceServer, entity.getId())) .filter(Objects::nonNull)) .forEach(consumer::accept); } @@ -255,7 +254,7 @@ public class JPAPolicyStore implements PolicyStore { PolicyStore storeFactory = provider.getStoreFactory().getPolicyStore(); for (PolicyEntity entity : query.getResultList()) { - list.add(storeFactory.findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, entity.getId())); + list.add(storeFactory.findById(resourceServer, entity.getId())); } return list; @@ -296,7 +295,7 @@ public class JPAPolicyStore implements PolicyStore { List result = query.getResultList(); List list = new LinkedList<>(); for (String id : result) { - Policy policy = provider.getStoreFactory().getPolicyStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, id); + Policy policy = provider.getStoreFactory().getPolicyStore().findById(resourceServer, id); if (Objects.nonNull(policy)) { list.add(policy); } @@ -316,7 +315,7 @@ public class JPAPolicyStore implements PolicyStore { List result = query.getResultList(); List list = new LinkedList<>(); for (String id : result) { - Policy policy = provider.getStoreFactory().getPolicyStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, id); + Policy policy = provider.getStoreFactory().getPolicyStore().findById(resourceServer, id); if (Objects.nonNull(policy)) { list.add(policy); } diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAResourceServerStore.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAResourceServerStore.java index 5bb6674c0e7..1c3c5b9a8b2 100644 --- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAResourceServerStore.java +++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAResourceServerStore.java @@ -25,7 +25,6 @@ import org.keycloak.authorization.jpa.entities.ScopeEntity; import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.store.ResourceServerStore; import org.keycloak.models.ModelException; -import org.keycloak.models.RealmModel; import org.keycloak.storage.StorageId; import jakarta.persistence.EntityManager; @@ -58,7 +57,7 @@ public class JPAResourceServerStore implements ResourceServerStore { this.entityManager.persist(entity); - return new ResourceServerAdapter(client.getRealm(), entity, entityManager, provider.getStoreFactory()); + return new ResourceServerAdapter(entity, entityManager, provider.getStoreFactory()); } @Override @@ -122,14 +121,14 @@ public class JPAResourceServerStore implements ResourceServerStore { } @Override - public ResourceServer findById(RealmModel realm, String id) { + public ResourceServer findById(String id) { ResourceServerEntity entity = entityManager.find(ResourceServerEntity.class, id); if (entity == null) return null; - return new ResourceServerAdapter(provider.getRealm(), entity, entityManager, provider.getStoreFactory()); + return new ResourceServerAdapter(entity, entityManager, provider.getStoreFactory()); } @Override public ResourceServer findByClient(ClientModel client) { - return findById(JPAAuthorizationStoreFactory.NULL_REALM, client.getId()); + return findById(client.getId()); } } diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAResourceStore.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAResourceStore.java index 14f2e8954b4..375b929c188 100644 --- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAResourceStore.java +++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAResourceStore.java @@ -23,7 +23,6 @@ import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.store.ResourceStore; import org.keycloak.authorization.store.StoreFactory; -import org.keycloak.models.RealmModel; import org.keycloak.models.utils.KeycloakModelUtils; import jakarta.persistence.EntityManager; @@ -80,7 +79,7 @@ public class JPAResourceStore implements ResourceStore { } @Override - public void delete(RealmModel realm, String id) { + public void delete(String id) { ResourceEntity resource = entityManager.getReference(ResourceEntity.class, id); if (resource == null) return; @@ -89,7 +88,7 @@ public class JPAResourceStore implements ResourceStore { } @Override - public Resource findById(RealmModel realm, ResourceServer resourceServer, String id) { + public Resource findById(ResourceServer resourceServer, String id) { if (id == null) { return null; } @@ -100,7 +99,7 @@ public class JPAResourceStore implements ResourceStore { } @Override - public void findByOwner(RealmModel realm, ResourceServer resourceServer, String ownerId, Consumer consumer) { + public void findByOwner(ResourceServer resourceServer, String ownerId, Consumer consumer) { findByOwnerFilter(ownerId, resourceServer, consumer, -1, -1); } @@ -127,7 +126,7 @@ public class JPAResourceStore implements ResourceStore { } ResourceStore resourceStore = provider.getStoreFactory().getResourceStore(); - closing(query.getResultStream().map(id -> resourceStore.findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, id.getId()))).forEach(consumer); + closing(query.getResultStream().map(id -> resourceStore.findById(resourceServer, id.getId()))).forEach(consumer); } @Override @@ -141,7 +140,7 @@ public class JPAResourceStore implements ResourceStore { ResourceStore resourceStore = provider.getStoreFactory().getResourceStore(); for (String id : result) { - Resource resource = resourceStore.findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, id); + Resource resource = resourceStore.findById(resourceServer, id); if (resource != null) { list.add(resource); @@ -152,7 +151,7 @@ public class JPAResourceStore implements ResourceStore { } @Override - public List find(RealmModel realm, ResourceServer resourceServer, Map attributes, Integer firstResult, Integer maxResults) { + public List find(ResourceServer resourceServer, Map attributes, Integer firstResult, Integer maxResults) { CriteriaBuilder builder = entityManager.getCriteriaBuilder(); CriteriaQuery querybuilder = builder.createQuery(String.class); Root root = querybuilder.from(ResourceEntity.class); @@ -205,7 +204,7 @@ public class JPAResourceStore implements ResourceStore { ResourceStore resourceStore = provider.getStoreFactory().getResourceStore(); for (String id : result) { - Resource resource = resourceStore.findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, id); + Resource resource = resourceStore.findById(resourceServer, id); if (resource != null) { list.add(resource); diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAScopeStore.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAScopeStore.java index 72707dc1bc3..a67064cac61 100644 --- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAScopeStore.java +++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAScopeStore.java @@ -35,7 +35,6 @@ import org.keycloak.authorization.jpa.entities.ScopeEntity; import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.store.ScopeStore; -import org.keycloak.models.RealmModel; import org.keycloak.models.utils.KeycloakModelUtils; import jakarta.persistence.LockModeType; @@ -79,7 +78,7 @@ public class JPAScopeStore implements ScopeStore { } @Override - public void delete(RealmModel realm, String id) { + public void delete(String id) { ScopeEntity scope = entityManager.find(ScopeEntity.class, id, LockModeType.PESSIMISTIC_WRITE); if (scope != null) { @@ -88,7 +87,7 @@ public class JPAScopeStore implements ScopeStore { } @Override - public Scope findById(RealmModel realm, ResourceServer resourceServer, String id) { + public Scope findById(ResourceServer resourceServer, String id) { if (id == null) { return null; } @@ -109,7 +108,7 @@ public class JPAScopeStore implements ScopeStore { query.setParameter("name", name); String id = query.getSingleResult(); - return provider.getStoreFactory().getScopeStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, id); + return provider.getStoreFactory().getScopeStore().findById(resourceServer, id); } catch (NoResultException nre) { return null; } @@ -125,7 +124,7 @@ public class JPAScopeStore implements ScopeStore { List result = query.getResultList(); List list = new LinkedList<>(); for (String id : result) { - list.add(provider.getStoreFactory().getScopeStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, id)); + list.add(provider.getStoreFactory().getScopeStore().findById(resourceServer, id)); } return list; } @@ -160,7 +159,7 @@ public class JPAScopeStore implements ScopeStore { List result = paginateQuery(query, firstResult, maxResults).getResultList(); List list = new LinkedList<>(); for (String id : result) { - list.add(provider.getStoreFactory().getScopeStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, id)); + list.add(provider.getStoreFactory().getScopeStore().findById(resourceServer, id)); } return list; diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/PermissionTicketAdapter.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/PermissionTicketAdapter.java index fda99cab249..9902d026bb8 100644 --- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/PermissionTicketAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/PermissionTicketAdapter.java @@ -90,7 +90,7 @@ public class PermissionTicketAdapter implements PermissionTicket, JpaModel set = new HashSet<>(); ResourceServer resourceServer = getResourceServer(); for (ResourceEntity res : entity.getResources()) { - set.add(storeFactory.getResourceStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, res.getId())); + set.add(storeFactory.getResourceStore().findById(resourceServer, res.getId())); } return Collections.unmodifiableSet(set); } @@ -180,7 +180,7 @@ public class PolicyAdapter extends AbstractAuthorizationModel implements Policy, Set set = new HashSet<>(); ResourceServer resourceServer = getResourceServer(); for (ScopeEntity res : entity.getScopes()) { - set.add(storeFactory.getScopeStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, res.getId())); + set.add(storeFactory.getScopeStore().findById(resourceServer, res.getId())); } return Collections.unmodifiableSet(set); } diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceAdapter.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceAdapter.java index 3ed97e39742..127c94c9687 100644 --- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceAdapter.java @@ -118,7 +118,7 @@ public class ResourceAdapter extends AbstractAuthorizationModel implements Resou List scopes = new LinkedList<>(); ResourceServer resourceServer = getResourceServer(); for (ScopeEntity scope : entity.getScopes()) { - scopes.add(storeFactory.getScopeStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, resourceServer, scope.getId())); + scopes.add(storeFactory.getScopeStore().findById(resourceServer, scope.getId())); } return Collections.unmodifiableList(scopes); @@ -138,7 +138,7 @@ public class ResourceAdapter extends AbstractAuthorizationModel implements Resou @Override public ResourceServer getResourceServer() { - return storeFactory.getResourceServerStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, entity.getResourceServer()); + return storeFactory.getResourceServerStore().findById(entity.getResourceServer()); } @Override diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceServerAdapter.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceServerAdapter.java index e17ca2199eb..c47f79a6e7f 100644 --- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceServerAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ResourceServerAdapter.java @@ -20,7 +20,6 @@ import org.keycloak.authorization.jpa.entities.ResourceServerEntity; import org.keycloak.authorization.model.AbstractAuthorizationModel; import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.store.StoreFactory; -import org.keycloak.models.RealmModel; import org.keycloak.models.jpa.JpaModel; import org.keycloak.representations.idm.authorization.DecisionStrategy; import org.keycloak.representations.idm.authorization.PolicyEnforcementMode; @@ -36,7 +35,7 @@ public class ResourceServerAdapter extends AbstractAuthorizationModel implements private EntityManager em; private StoreFactory storeFactory; - public ResourceServerAdapter(RealmModel realm, ResourceServerEntity entity, EntityManager em, StoreFactory storeFactory) { + public ResourceServerAdapter(ResourceServerEntity entity, EntityManager em, StoreFactory storeFactory) { super(storeFactory); this.entity = entity; this.em = em; @@ -93,11 +92,6 @@ public class ResourceServerAdapter extends AbstractAuthorizationModel implements return getId(); } - @Override - public RealmModel getRealm() { - return null; - } - @Override public boolean equals(Object o) { if (this == o) return true; diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ScopeAdapter.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ScopeAdapter.java index df7d13181c7..fb0ab9bdd8f 100644 --- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ScopeAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/ScopeAdapter.java @@ -88,7 +88,7 @@ public class ScopeAdapter extends AbstractAuthorizationModel implements Scope, J @Override public ResourceServer getResourceServer() { - return storeFactory.getResourceServerStore().findById(JPAAuthorizationStoreFactory.NULL_REALM, entity.getResourceServer().getId()); + return storeFactory.getResourceServerStore().findById(entity.getResourceServer().getId()); } public static ScopeEntity toEntity(EntityManager em, Scope scope) { diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/AuthorizationProvider.java b/server-spi-private/src/main/java/org/keycloak/authorization/AuthorizationProvider.java index e7d3f756139..40eff1a7e5f 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/AuthorizationProvider.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/AuthorizationProvider.java @@ -250,21 +250,21 @@ public final class AuthorizationProvider implements Provider { } @Override - public void delete(RealmModel realm, String id) { - Scope scope = findById(realm, null, id); + public void delete(String id) { + Scope scope = findById(null, id); PermissionTicketStore ticketStore = AuthorizationProvider.this.getStoreFactory().getPermissionTicketStore(); List permissions = ticketStore.findByScope(scope.getResourceServer(), scope); for (PermissionTicket permission : permissions) { - ticketStore.delete(realm, permission.getId()); + ticketStore.delete(permission.getId()); } - delegate.delete(realm, id); + delegate.delete(id); } @Override - public Scope findById(RealmModel realm, ResourceServer resourceServer, String id) { - return delegate.findById(realm, resourceServer, id); + public Scope findById(ResourceServer resourceServer, String id) { + return delegate.findById(resourceServer, id); } @Override @@ -292,11 +292,10 @@ public final class AuthorizationProvider implements Provider { @Override public Policy create(ResourceServer resourceServer, AbstractPolicyRepresentation representation) { Set resources = representation.getResources(); - RealmModel realm = resourceServer.getRealm(); if (resources != null) { representation.setResources(resources.stream().map(id -> { - Resource resource = storeFactory.getResourceStore().findById(realm, resourceServer, id); + Resource resource = storeFactory.getResourceStore().findById(resourceServer, id); if (resource == null) { resource = storeFactory.getResourceStore().findByName(resourceServer, id); @@ -314,7 +313,7 @@ public final class AuthorizationProvider implements Provider { if (scopes != null) { representation.setScopes(scopes.stream().map(id -> { - Scope scope = storeFactory.getScopeStore().findById(realm, resourceServer, id); + Scope scope = storeFactory.getScopeStore().findById(resourceServer, id); if (scope == null) { scope = storeFactory.getScopeStore().findByName(resourceServer, id); @@ -333,7 +332,7 @@ public final class AuthorizationProvider implements Provider { if (policies != null) { representation.setPolicies(policies.stream().map(id -> { - Policy policy = storeFactory.getPolicyStore().findById(realm, resourceServer, id); + Policy policy = storeFactory.getPolicyStore().findById(resourceServer, id); if (policy == null) { policy = storeFactory.getPolicyStore().findByName(resourceServer, id); @@ -351,8 +350,8 @@ public final class AuthorizationProvider implements Provider { } @Override - public void delete(RealmModel realm, String id) { - Policy policy = findById(realm, null, id); + public void delete(String id) { + Policy policy = findById(null, id); if (policy != null) { ResourceServer resourceServer = policy.getResourceServer(); @@ -363,7 +362,7 @@ public final class AuthorizationProvider implements Provider { // only remove associated policies created from the policy being deleted if (associatedPolicy.getOwner() != null) { policy.removeAssociatedPolicy(associatedPolicy); - policyStore.delete(realm, associatedPolicy.getId()); + policyStore.delete(associatedPolicy.getId()); } } } @@ -371,17 +370,17 @@ public final class AuthorizationProvider implements Provider { findDependentPolicies(resourceServer, policy.getId()).forEach(dependentPolicy -> { dependentPolicy.removeAssociatedPolicy(policy); if (dependentPolicy.getAssociatedPolicies().isEmpty()) { - delete(realm, dependentPolicy.getId()); + delete(dependentPolicy.getId()); } }); - policyStore.delete(realm, id); + policyStore.delete(id); } } @Override - public Policy findById(RealmModel realm, ResourceServer resourceServer, String id) { - return policyStore.findById(realm, resourceServer, id); + public Policy findById(ResourceServer resourceServer, String id) { + return policyStore.findById(resourceServer, id); } @Override @@ -395,8 +394,8 @@ public final class AuthorizationProvider implements Provider { } @Override - public List find(RealmModel realm, ResourceServer resourceServer, Map attributes, Integer firstResult, Integer maxResults) { - return policyStore.find(realm, resourceServer, attributes, firstResult, maxResults); + public List find(ResourceServer resourceServer, Map attributes, Integer firstResult, Integer maxResults) { + return policyStore.find(resourceServer, attributes, firstResult, maxResults); } @Override @@ -461,14 +460,14 @@ public final class AuthorizationProvider implements Provider { } @Override - public void delete(RealmModel realm, String id) { - Resource resource = findById(realm, null, id); + public void delete(String id) { + Resource resource = findById(null, id); StoreFactory storeFactory = AuthorizationProvider.this.getStoreFactory(); PermissionTicketStore ticketStore = storeFactory.getPermissionTicketStore(); List permissions = ticketStore.findByResource(resource.getResourceServer(), resource); for (PermissionTicket permission : permissions) { - ticketStore.delete(realm, permission.getId()); + ticketStore.delete(permission.getId()); } PolicyStore policyStore = storeFactory.getPolicyStore(); @@ -476,28 +475,28 @@ public final class AuthorizationProvider implements Provider { for (Policy policyModel : policies) { if (policyModel.getResources().size() == 1) { - policyStore.delete(realm, policyModel.getId()); + policyStore.delete(policyModel.getId()); } else { policyModel.removeResource(resource); } } - delegate.delete(realm, id); + delegate.delete(id); } @Override - public Resource findById(RealmModel realm, ResourceServer resourceServer, String id) { - return delegate.findById(realm, resourceServer, id); + public Resource findById(ResourceServer resourceServer, String id) { + return delegate.findById(resourceServer, id); } @Override - public List findByOwner(RealmModel realm, ResourceServer resourceServer, String ownerId) { - return delegate.findByOwner(realm, resourceServer, ownerId); + public List findByOwner(ResourceServer resourceServer, String ownerId) { + return delegate.findByOwner(resourceServer, ownerId); } @Override - public void findByOwner(RealmModel realm, ResourceServer resourceServer, String ownerId, Consumer consumer) { - delegate.findByOwner(realm, resourceServer, ownerId, consumer); + public void findByOwner(ResourceServer resourceServer, String ownerId, Consumer consumer) { + delegate.findByOwner(resourceServer, ownerId, consumer); } @Override @@ -506,8 +505,8 @@ public final class AuthorizationProvider implements Provider { } @Override - public List find(RealmModel realm, ResourceServer resourceServer, Map attributes, Integer firstResult, Integer maxResults) { - return delegate.find(realm, resourceServer, attributes, firstResult, maxResults); + public List find(ResourceServer resourceServer, Map attributes, Integer firstResult, Integer maxResults) { + return delegate.find(resourceServer, attributes, firstResult, maxResults); } @Override diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/UserManagedPermissionUtil.java b/server-spi-private/src/main/java/org/keycloak/authorization/UserManagedPermissionUtil.java index 555adbdb153..a9c3fa9572f 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/UserManagedPermissionUtil.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/UserManagedPermissionUtil.java @@ -26,7 +26,6 @@ import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.StoreFactory; -import org.keycloak.models.RealmModel; import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.representations.idm.authorization.PolicyRepresentation; import org.keycloak.representations.idm.authorization.UserPolicyRepresentation; @@ -49,7 +48,7 @@ public class UserManagedPermissionUtil { filter.put(PermissionTicket.FilterOption.RESOURCE_ID, ticket.getResource().getId()); filter.put(PermissionTicket.FilterOption.POLICY_IS_NOT_NULL, Boolean.TRUE.toString()); - List tickets = storeFactory.getPermissionTicketStore().find(resourceServer.getRealm(), resourceServer, filter, null, null); + List tickets = storeFactory.getPermissionTicketStore().find(resourceServer, filter, null, null); if (!tickets.isEmpty()) { policy = tickets.iterator().next().getPolicy(); @@ -74,7 +73,6 @@ public class UserManagedPermissionUtil { public static void removePolicy(PermissionTicket ticket, StoreFactory storeFactory) { Policy policy = ticket.getPolicy(); - RealmModel realm = ticket.getResourceServer().getRealm(); if (policy != null) { Map filter = new EnumMap<>(PermissionTicket.FilterOption.class); @@ -84,16 +82,16 @@ public class UserManagedPermissionUtil { filter.put(PermissionTicket.FilterOption.RESOURCE_ID, ticket.getResource().getId()); filter.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString()); - List tickets = storeFactory.getPermissionTicketStore().find(realm, ticket.getResourceServer(), filter, null, null); + List tickets = storeFactory.getPermissionTicketStore().find(ticket.getResourceServer(), filter, null, null); if (tickets.isEmpty()) { PolicyStore policyStore = storeFactory.getPolicyStore(); for (Policy associatedPolicy : policy.getAssociatedPolicies()) { - policyStore.delete(realm, associatedPolicy.getId()); + policyStore.delete(associatedPolicy.getId()); } - policyStore.delete(realm, policy.getId()); + policyStore.delete(policy.getId()); } else if (ticket.getScope() != null) { policy.removeScope(ticket.getScope()); } diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/model/ResourceServer.java b/server-spi-private/src/main/java/org/keycloak/authorization/model/ResourceServer.java index 3468e00317b..13b320e21d9 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/model/ResourceServer.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/model/ResourceServer.java @@ -18,7 +18,6 @@ package org.keycloak.authorization.model; -import org.keycloak.models.RealmModel; import org.keycloak.representations.idm.authorization.DecisionStrategy; import org.keycloak.representations.idm.authorization.PolicyEnforcementMode; @@ -85,11 +84,4 @@ public interface ResourceServer { * @return id of client */ String getClientId(); - - /** - * Returns reference of a realm that this {@link ResourceServer} belongs to. - * - * @return reference of a realm - */ - RealmModel getRealm(); } diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/permission/Permissions.java b/server-spi-private/src/main/java/org/keycloak/authorization/permission/Permissions.java index f2e1e73d6e5..20d4d693789 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/permission/Permissions.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/permission/Permissions.java @@ -73,7 +73,7 @@ public final class Permissions { } // obtain all resources where owner is the resource server - resourceStore.findByOwner(resourceServer.getRealm(), resourceServer, resourceServer.getClientId(), resource -> { + resourceStore.findByOwner(resourceServer, resourceServer.getClientId(), resource -> { if (limit.decrementAndGet() >= 0) { evaluator.accept(createResourcePermissions(resource, resourceServer, resource.getScopes(), authorization, request)); } @@ -82,7 +82,7 @@ public final class Permissions { // resource server isn't current user if (!Objects.equals(resourceServer.getClientId(), identity.getId())) { // obtain all resources where owner is the current user - resourceStore.findByOwner(resourceServer.getRealm(), resourceServer, identity.getId(), resource -> { + resourceStore.findByOwner(resourceServer, identity.getId(), resource -> { if (limit.decrementAndGet() >= 0) { evaluator.accept(createResourcePermissions(resource, resourceServer, resource.getScopes(), authorization, request)); } diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/PermissionTicketAwareDecisionResultCollector.java b/server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/PermissionTicketAwareDecisionResultCollector.java index 452176c6f63..29912f27b5a 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/PermissionTicketAwareDecisionResultCollector.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/PermissionTicketAwareDecisionResultCollector.java @@ -32,7 +32,6 @@ import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.store.ResourceStore; import org.keycloak.authorization.store.ScopeStore; import org.keycloak.authorization.store.StoreFactory; -import org.keycloak.models.RealmModel; import org.keycloak.representations.idm.authorization.AuthorizationRequest; import org.keycloak.representations.idm.authorization.Permission; import org.keycloak.representations.idm.authorization.PermissionTicketToken; @@ -91,11 +90,10 @@ public class PermissionTicketAwareDecisionResultCollector extends DecisionPermis StoreFactory storeFactory = authorization.getStoreFactory(); ResourceStore resourceStore = storeFactory.getResourceStore(); List permissions = ticket.getPermissions(); - RealmModel realm = resourceServer.getRealm(); if (permissions != null) { for (Permission permission : permissions) { - Resource resource = resourceStore.findById(realm, resourceServer, permission.getResourceId()); + Resource resource = resourceStore.findById(resourceServer, permission.getResourceId()); if (resource == null) { resource = resourceStore.findByName(resourceServer, permission.getResourceId(), identity.getId()); @@ -118,7 +116,7 @@ public class PermissionTicketAwareDecisionResultCollector extends DecisionPermis filters.put(PermissionTicket.FilterOption.REQUESTER, identity.getId()); filters.put(PermissionTicket.FilterOption.SCOPE_IS_NULL, Boolean.TRUE.toString()); - List tickets = authorization.getStoreFactory().getPermissionTicketStore().find(realm, resourceServer, filters, null, null); + List tickets = authorization.getStoreFactory().getPermissionTicketStore().find(resourceServer, filters, null, null); if (tickets.isEmpty()) { authorization.getStoreFactory().getPermissionTicketStore().create(resourceServer, resource, null, identity.getId()); @@ -130,7 +128,7 @@ public class PermissionTicketAwareDecisionResultCollector extends DecisionPermis Scope scope = scopeStore.findByName(resourceServer, scopeId); if (scope == null) { - scope = scopeStore.findById(realm, resourceServer, scopeId); + scope = scopeStore.findById(resourceServer, scopeId); } Map filters = new EnumMap<>(PermissionTicket.FilterOption.class); @@ -139,7 +137,7 @@ public class PermissionTicketAwareDecisionResultCollector extends DecisionPermis filters.put(PermissionTicket.FilterOption.REQUESTER, identity.getId()); filters.put(PermissionTicket.FilterOption.SCOPE_ID, scope.getId()); - List tickets = authorization.getStoreFactory().getPermissionTicketStore().find(realm, resourceServer, filters, null, null); + List tickets = authorization.getStoreFactory().getPermissionTicketStore().find(resourceServer, filters, null, null); if (tickets.isEmpty()) { authorization.getStoreFactory().getPermissionTicketStore().create(resourceServer, resource, scope, identity.getId()); diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/store/PermissionTicketStore.java b/server-spi-private/src/main/java/org/keycloak/authorization/store/PermissionTicketStore.java index 362a6b6c94c..a8cc6c2796e 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/store/PermissionTicketStore.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/store/PermissionTicketStore.java @@ -24,7 +24,6 @@ import org.keycloak.authorization.model.PermissionTicket; import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.Scope; -import org.keycloak.models.RealmModel; /** * A {@link PermissionTicketStore} is responsible to manage the persistence of {@link org.keycloak.authorization.model.PermissionTicket} instances. @@ -37,7 +36,7 @@ public interface PermissionTicketStore { * Returns count of {@link PermissionTicket}, filtered by the given attributes. * * - * @param resourceServer the resource server. Cannot be {@code null}. + * @param resourceServer the resource server. * @param attributes permission tickets that do not match the attributes are not included with the count; possible filter options are given by {@link PermissionTicket.FilterOption} * @return an integer indicating the amount of permission tickets * @throws IllegalArgumentException when there is an unknown attribute in the {@code attributes} map @@ -49,7 +48,7 @@ public interface PermissionTicketStore { * * @param resourceServer the resource server to which this permission ticket belongs. Cannot be {@code null}. * @param resource resource. Cannot be {@code null}. - * @param scope scope. Cannot be {@code null} + * @param scope scope. * @param requester requester of the permission * @return a new instance of {@link PermissionTicket} */ @@ -58,22 +57,18 @@ public interface PermissionTicketStore { /** * Deletes a permission from the underlying persistence mechanism. * - * @param realm realm. Cannot be {@code null}. * @param id the id of the policy to delete */ - void delete(RealmModel realm, String id); + void delete(String id); /** * Returns a {@link PermissionTicket} with the given id * - * - * - * @param realm the realm. Cannot be {@code null}. * @param resourceServer the resource server. Ignored if {@code null}. - * @param id the identifier of the permission + * @param id the identifier of the permission * @return a permission with the given identifier. */ - PermissionTicket findById(RealmModel realm, ResourceServer resourceServer, String id); + PermissionTicket findById(ResourceServer resourceServer, String id); /** * Returns a list of {@link PermissionTicket} associated with the {@link org.keycloak.authorization.model.Resource resource}. @@ -97,18 +92,14 @@ public interface PermissionTicketStore { /** * Returns a list of {@link PermissionTicket}, filtered by the given attributes. * - * - * @param realm the realm. Cannot be {@code null}. * @param resourceServer a resource server that resulting tickets should belong to. Ignored if {@code null}. - * @param attributes a map of keys and values to filter on; possible filter options are given by {@link PermissionTicket.FilterOption} - * @param firstResult first result to return. Ignored if negative or {@code null}. - * @param maxResults maximum number of results to return. Ignored if negative or {@code null}. + * @param attributes a map of keys and values to filter on; possible filter options are given by {@link PermissionTicket.FilterOption} + * @param firstResult first result to return. Ignored if negative or {@code null}. + * @param maxResults maximum number of results to return. Ignored if negative or {@code null}. * @return a list of filtered and paginated permissions - * * @throws IllegalArgumentException when there is an unknown attribute in the {@code attributes} map - * */ - List find(RealmModel realm, ResourceServer resourceServer, Map attributes, Integer firstResult, Integer maxResults); + List find(ResourceServer resourceServer, Map attributes, Integer firstResult, Integer maxResults); /** * Returns a list of {@link PermissionTicket} granted to the given {@code userId}. @@ -134,25 +125,21 @@ public interface PermissionTicketStore { /** * Returns a list of {@link Resource} granted to the given {@code requester} * - * - * @param realm realm that is searched. Cannot be {@code null} - * @param requester the requester - * @param name the keyword to query resources by name or null if any resource + * @param requester the requester + * @param name the keyword to query resources by name or null if any resource * @param firstResult first result to return. Ignored if negative or {@code null}. - * @param maxResults maximum number of results to return. Ignored if negative or {@code null}. + * @param maxResults maximum number of results to return. Ignored if negative or {@code null}. * @return a list of {@link Resource} granted to the given {@code requester} */ - List findGrantedResources(RealmModel realm, String requester, String name, Integer firstResult, Integer maxResults); + List findGrantedResources(String requester, String name, Integer firstResult, Integer maxResults); /** * Returns a list of {@link Resource} granted by the owner to other users * - * - * @param realm - * @param owner the owner + * @param owner the owner * @param firstResult first result to return. Ignored if negative or {@code null}. - * @param maxResults maximum number of results to return. Ignored if negative or {@code null}. + * @param maxResults maximum number of results to return. Ignored if negative or {@code null}. * @return a list of {@link Resource} granted by the owner */ - List findGrantedOwnerResources(RealmModel realm, String owner, Integer firstResult, Integer maxResults); + List findGrantedOwnerResources(String owner, Integer firstResult, Integer maxResults); } diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/store/PolicyStore.java b/server-spi-private/src/main/java/org/keycloak/authorization/store/PolicyStore.java index be17f843d79..5fc5988a678 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/store/PolicyStore.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/store/PolicyStore.java @@ -26,7 +26,6 @@ import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.Scope; -import org.keycloak.models.RealmModel; import org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation; /** @@ -49,21 +48,18 @@ public interface PolicyStore { /** * Deletes a policy from the underlying persistence mechanism. * - * @param realm the realm that the removed policy belongs to. Cannot be {@code null} * @param id the id of the policy to delete */ - void delete(RealmModel realm, String id); + void delete(String id); /** * Returns a {@link Policy} with the given id * - * - * @param realm the realm. Cannot be {@code null}. * @param resourceServer the resource server. Ignored if {@code null}. - * @param id the identifier of the policy + * @param id the identifier of the policy * @return a policy with the given identifier. */ - Policy findById(RealmModel realm, ResourceServer resourceServer, String id); + Policy findById(ResourceServer resourceServer, String id); /** * Returns a {@link Policy} with the given name @@ -85,17 +81,14 @@ public interface PolicyStore { /** * Returns a list of {@link Policy} associated with a {@link ResourceServer} with the given resourceServerId. * - * - * @param realm the realm. Cannot be {@code null}. * @param resourceServer the identifier of a resource server. Ignored if {@code null}. - * @param attributes a map holding the attributes that will be used as a filter; possible filter options are given by {@link Policy.FilterOption} - * @param firstResult first result to return. Ignored if negative or {@code null}. - * @param maxResults maximum number of results to return. Ignored if negative or {@code null}. + * @param attributes a map holding the attributes that will be used as a filter; possible filter options are given by {@link Policy.FilterOption} + * @param firstResult first result to return. Ignored if negative or {@code null}. + * @param maxResults maximum number of results to return. Ignored if negative or {@code null}. * @return a list of policies that belong to the given resource server - * * @throws IllegalArgumentException when there is an unknown attribute in the {@code attributes} map */ - List find(RealmModel realm, ResourceServer resourceServer, Map attributes, Integer firstResult, Integer maxResults); + List find(ResourceServer resourceServer, Map attributes, Integer firstResult, Integer maxResults); /** * Returns a list of {@link Policy} associated with a {@link org.keycloak.authorization.model.Resource} @@ -189,7 +182,7 @@ public interface PolicyStore { /** * Returns a list of {@link Policy} that depends on another policy with the given id. * - * @param resourceServer the resource server + * @param resourceServer the resource server. Cannot be {@code null}. * @param id the id of the policy to query its dependents * @return a list of policies that depends on the a policy with the given identifier */ diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/store/ResourceServerStore.java b/server-spi-private/src/main/java/org/keycloak/authorization/store/ResourceServerStore.java index 4391814ef41..b02777742f2 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/store/ResourceServerStore.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/store/ResourceServerStore.java @@ -19,7 +19,6 @@ package org.keycloak.authorization.store; import org.keycloak.authorization.model.ResourceServer; import org.keycloak.models.ClientModel; -import org.keycloak.models.RealmModel; /** * A {@link ResourceServerStore} is responsible to manage the persistence of {@link ResourceServer} instances. @@ -47,13 +46,10 @@ public interface ResourceServerStore { /** * Returns a {@link ResourceServer} instance based on its identifier. * - * - * @param realm the realm. Cannot be {@code null}. * @param id the identifier of an existing resource server instance - * * @return the resource server instance with the given identifier or null if no instance was found */ - ResourceServer findById(RealmModel realm, String id); + ResourceServer findById(String id); /** * Returns a {@link ResourceServer} instance based on a client. diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/store/ResourceStore.java b/server-spi-private/src/main/java/org/keycloak/authorization/store/ResourceStore.java index da9683a69a7..3c139e40c4b 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/store/ResourceStore.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/store/ResourceStore.java @@ -19,7 +19,6 @@ package org.keycloak.authorization.store; import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.Scope; -import org.keycloak.models.RealmModel; import java.util.ArrayList; import java.util.LinkedList; @@ -61,45 +60,45 @@ public interface ResourceStore { /** * Removes a {@link Resource} instance, with the given {@code id} from the persistent storage. * - * @param realm the realm. Cannot be {@code null}. * @param id the identifier of an existing resource instance */ - void delete(RealmModel realm, String id); + void delete(String id); /** * Returns a {@link Resource} instance based on its identifier. * - * - * @param realm the realm. Cannot be {@code null}. * @param resourceServer the resource server. Ignored if {@code null} - * @param id the identifier of an existing resource instance + * @param id the identifier of an existing resource instance * @return the resource instance with the given identifier or null if no instance was found */ - Resource findById(RealmModel realm, ResourceServer resourceServer, String id); + Resource findById(ResourceServer resourceServer, String id); /** * Finds all {@link Resource} instances with the given {@code ownerId}. * - * - * - * @param realm the realm. Cannot be {@code null}. * @param resourceServer resource server. Ignored if {@code null} - * @param ownerId the identifier of the owner + * @param ownerId the identifier of the owner * @return a list with all resource instances owned by the given owner */ - default List findByOwner(RealmModel realm, ResourceServer resourceServer, String ownerId) { + default List findByOwner(ResourceServer resourceServer, String ownerId) { List list = new LinkedList<>(); - findByOwner(realm, resourceServer, ownerId, list::add); + findByOwner(resourceServer, ownerId, list::add); return list; } - void findByOwner(RealmModel realm, ResourceServer resourceServer, String ownerId, Consumer consumer); + + /** + * Effectively the same method as {@link #findByOwner(ResourceServer, String)}, however in the end + * the {@code consumer} is fed with the result. + * + */ + void findByOwner(ResourceServer resourceServer, String ownerId, Consumer consumer); /** * Finds all {@link Resource} instances associated with a given resource server. * - * @param resourceServer the identifier of the resource server. Cannot be {@code null}. + * @param resourceServer the identifier of the resource server. Searches for resources without a resourceServer if {@code null}. * @return a list with all resources associated with the given resource server */ List findByResourceServer(ResourceServer resourceServer); @@ -107,23 +106,20 @@ public interface ResourceStore { /** * Finds all {@link Resource} instances associated with a given resource server. * - * - * @param realm the realm. Cannot be {@code null}. * @param resourceServer the identifier of the resource server. Ignored if {@code null}. - * @param attributes a map holding the attributes that will be used as a filter; possible filter options are given by {@link Resource.FilterOption} - * @param firstResult first result to return. Ignored if negative or {@code null}. - * @param maxResults maximum number of results to return. Ignored if negative or {@code null}. + * @param attributes a map holding the attributes that will be used as a filter; possible filter options are given by {@link Resource.FilterOption} + * @param firstResult first result to return. Ignored if negative or {@code null}. + * @param maxResults maximum number of results to return. Ignored if negative or {@code null}. * @return a list with all resources associated with the given resource server - * * @throws IllegalArgumentException when there is an unknown attribute in the {@code attributes} map */ - List find(RealmModel realm, ResourceServer resourceServer, Map attributes, Integer firstResult, Integer maxResults); + List find(ResourceServer resourceServer, Map attributes, Integer firstResult, Integer maxResults); /** * Finds all {@link Resource} associated with a given scope. * * - * @param resourceServer the resource server. Cannot be {@code null}. + * @param resourceServer the resource server. Searches for resources without a resourceServer if {@code null}. * @param scopes one or more scope identifiers * @return a list of resources associated with the given scope(s) */ @@ -139,7 +135,7 @@ public interface ResourceStore { /** * Find a {@link Resource} by its name where the owner is the resource server itself. * - * @param resourceServer the resource server. Cannot be {@code null}. + * @param resourceServer the resource server. Searches for resources without a resourceServer if {@code null}. * @param name the name of the resource * @return a resource with the given name */ @@ -150,7 +146,7 @@ public interface ResourceStore { /** * Find a {@link Resource} by its name where the owner is the given ownerId. * - * @param resourceServer the identifier of the resource server. Cannot be {@code null}. + * @param resourceServer the identifier of the resource server. Searches for resources without a resourceServer if {@code null}. * @param name the name of the resource * @param ownerId the owner id * @return a resource with the given name @@ -158,10 +154,10 @@ public interface ResourceStore { Resource findByName(ResourceServer resourceServer, String name, String ownerId); /** - * Finds all {@link Resource} from {@link ResourceServer} with the given type. + * Finds all {@link Resource} associated with the {@link ResourceServer} with the given type. * * - * @param resourceServer the resource server. Cannot be {@code null}. + * @param resourceServer the resource server. Searches for resources without a resourceServer if {@code null}. * @param type the type of the resource * @return a list of resources with the given type */ @@ -176,7 +172,7 @@ public interface ResourceStore { /** * Finds all {@link Resource} from {@link ResourceServer} with the given type. * - * @param resourceServer the resource server id. Cannot be {@code null}. + * @param resourceServer the resource server id. Searches for resources without a resourceServer if {@code null}. * @param type the type of the resource * @param consumer the result consumer * @return a list of resources with the given type @@ -186,7 +182,7 @@ public interface ResourceStore { /** * Finds all {@link Resource} with the given type. * - * @param resourceServer the resource server id. Cannot be {@code null} + * @param resourceServer the resource server id. Searches for resources without a resourceServer if {@code null}. * @param type the type of the resource * @param owner the resource owner or null for any resource with a given type * @param consumer the result consumer @@ -197,7 +193,7 @@ public interface ResourceStore { /** * Finds all {@link Resource} by type where client represented by the {@code resourceServer} is not the owner * - * @param resourceServer the resourceServer. Cannot be {@code null}. + * @param resourceServer the resourceServer. Searches for resources without a resourceServer if {@code null}. * @param type searched type * @param consumer a consumer that will be fed with the resulting resources */ diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/store/ScopeStore.java b/server-spi-private/src/main/java/org/keycloak/authorization/store/ScopeStore.java index e3133c8884c..2821b2a3d11 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/store/ScopeStore.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/store/ScopeStore.java @@ -19,7 +19,6 @@ package org.keycloak.authorization.store; import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.Scope; -import org.keycloak.models.RealmModel; import java.util.List; import java.util.Map; @@ -57,20 +56,18 @@ public interface ScopeStore { /** * Deletes a scope from the underlying persistence mechanism. * - * @param realm the realm. Cannot be {@code null}. * @param id the id of the scope to delete */ - void delete(RealmModel realm, String id); + void delete(String id); /** * Returns a {@link Scope} with the given id * - * @param realm the realm. Cannot be {@code null}. * @param resourceServer the resource server id. Ignored if {@code null}. - * @param id the identifier of the scope + * @param id the identifier of the scope * @return a scope with the given identifier. */ - Scope findById(RealmModel realm, ResourceServer resourceServer, String id); + Scope findById(ResourceServer resourceServer, String id); /** * Returns a {@link Scope} with the given name diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java index c8ab487800e..969e92ec4ec 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java @@ -30,7 +30,6 @@ import org.keycloak.authorization.store.ResourceServerStore; import org.keycloak.authorization.store.StoreFactory; import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.models.ClientModel.ClientRemovedEvent; -import org.keycloak.models.RealmModel; import org.keycloak.provider.ProviderFactory; import org.keycloak.representations.idm.authorization.ClientPolicyRepresentation; @@ -51,7 +50,6 @@ public class ClientApplicationSynchronizer implements Synchronizer search = storeFactory.getPolicyStore().find(realm, null, attributes, null, null); + List search = storeFactory.getPolicyStore().find(null, attributes, null, null); for (Policy policy : search) { PolicyProviderFactory policyFactory = authorizationProvider.getProviderFactory(policy.getType()); diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/GroupSynchronizer.java b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/GroupSynchronizer.java index eae7c43eac0..d6db5300c74 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/GroupSynchronizer.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/GroupSynchronizer.java @@ -29,7 +29,6 @@ import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.StoreFactory; import org.keycloak.models.GroupModel; import org.keycloak.models.KeycloakSessionFactory; -import org.keycloak.models.RealmModel; import org.keycloak.provider.ProviderFactory; import org.keycloak.representations.idm.authorization.GroupPolicyRepresentation; @@ -46,14 +45,13 @@ public class GroupSynchronizer implements Synchronizer attributes = new EnumMap<>(Policy.FilterOption.class); attributes.put(Policy.FilterOption.TYPE, new String[] {"group"}); attributes.put(Policy.FilterOption.CONFIG, new String[] {"groups", group.getId()}); attributes.put(Policy.FilterOption.ANY_OWNER, Policy.FilterOption.EMPTY_FILTER); - List search = policyStore.find(realm, null, attributes, null, null); + List search = policyStore.find(null, attributes, null, null); for (Policy policy : search) { PolicyProviderFactory policyFactory = authorizationProvider.getProviderFactory(policy.getType()); diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/UserSynchronizer.java b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/UserSynchronizer.java index 62a363f0623..f43cf2f876d 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/UserSynchronizer.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/UserSynchronizer.java @@ -31,7 +31,6 @@ import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.ResourceStore; import org.keycloak.authorization.store.StoreFactory; import org.keycloak.models.KeycloakSessionFactory; -import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; import org.keycloak.models.UserModel.UserRemovedEvent; import org.keycloak.provider.ProviderFactory; @@ -56,14 +55,13 @@ public class UserSynchronizer implements Synchronizer { StoreFactory storeFactory = authorizationProvider.getStoreFactory(); PolicyStore policyStore = storeFactory.getPolicyStore(); UserModel userModel = event.getUser(); - RealmModel realm = event.getRealm(); Map attributes = new EnumMap<>(Policy.FilterOption.class); attributes.put(Policy.FilterOption.TYPE, new String[] {"user"}); attributes.put(Policy.FilterOption.CONFIG, new String[] {"users", userModel.getId()}); attributes.put(Policy.FilterOption.ANY_OWNER, new String[] {Boolean.TRUE.toString()}); - List search = policyStore.find(realm, null, attributes, null, null); + List search = policyStore.find(null, attributes, null, null); for (Policy policy : search) { PolicyProviderFactory policyFactory = authorizationProvider.getProviderFactory(policy.getType()); @@ -81,18 +79,17 @@ public class UserSynchronizer implements Synchronizer { PolicyStore policyStore = storeFactory.getPolicyStore(); ResourceStore resourceStore = storeFactory.getResourceStore(); UserModel userModel = event.getUser(); - RealmModel realm = event.getRealm(); - resourceStore.findByOwner(realm, null, userModel.getId(), resource -> { + resourceStore.findByOwner(null, userModel.getId(), resource -> { String resourceId = resource.getId(); policyStore.findByResource(resource.getResourceServer(), resource).forEach(policy -> { if (policy.getResources().size() == 1) { - policyStore.delete(realm, policy.getId()); + policyStore.delete(policy.getId()); } else { policy.removeResource(resource); } }); - resourceStore.delete(realm, resourceId); + resourceStore.delete(resourceId); }); } @@ -100,21 +97,20 @@ public class UserSynchronizer implements Synchronizer { StoreFactory storeFactory = authorizationProvider.getStoreFactory(); PermissionTicketStore ticketStore = storeFactory.getPermissionTicketStore(); UserModel userModel = event.getUser(); - RealmModel realm = event.getRealm(); Map attributes = new EnumMap<>(PermissionTicket.FilterOption.class); attributes.put(PermissionTicket.FilterOption.OWNER, userModel.getId()); - for (PermissionTicket ticket : ticketStore.find(realm, null, attributes, null, null)) { - ticketStore.delete(realm, ticket.getId()); + for (PermissionTicket ticket : ticketStore.find(null, attributes, null, null)) { + ticketStore.delete(ticket.getId()); } attributes.clear(); attributes.put(PermissionTicket.FilterOption.REQUESTER, userModel.getId()); - for (PermissionTicket ticket : ticketStore.find(realm, null, attributes, null, null)) { - ticketStore.delete(realm, ticket.getId()); + for (PermissionTicket ticket : ticketStore.find(null, attributes, null, null)) { + ticketStore.delete(ticket.getId()); } } } diff --git a/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java b/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java index 3c4ca360838..44519b6db3d 100755 --- a/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java +++ b/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java @@ -1120,7 +1120,6 @@ public class RepresentationToModel { private static Policy importPolicies(AuthorizationProvider authorization, ResourceServer resourceServer, List policiesToImport, String parentPolicyName) { StoreFactory storeFactory = authorization.getStoreFactory(); - RealmModel realm = resourceServer.getRealm(); for (PolicyRepresentation policyRepresentation : policiesToImport) { if (parentPolicyName != null && !parentPolicyName.equals(policyRepresentation.getName())) { @@ -1140,7 +1139,7 @@ public class RepresentationToModel { Policy policy = policyStore.findByName(resourceServer, policyName); if (policy == null) { - policy = policyStore.findById(realm, resourceServer, policyName); + policy = policyStore.findById(resourceServer, policyName); } if (policy == null) { @@ -1160,7 +1159,7 @@ public class RepresentationToModel { } PolicyStore policyStore = storeFactory.getPolicyStore(); - Policy policy = policyStore.findById(realm, resourceServer, policyRepresentation.getId()); + Policy policy = policyStore.findById(resourceServer, policyRepresentation.getId()); if (policy == null) { policy = policyStore.findByName(resourceServer, policyRepresentation.getName()); @@ -1267,7 +1266,6 @@ public class RepresentationToModel { return; } ResourceServer resourceServer = policy.getResourceServer(); - RealmModel realm = resourceServer.getRealm(); for (String scopeId : scopeIds) { boolean hasScope = false; @@ -1277,7 +1275,7 @@ public class RepresentationToModel { } } if (!hasScope) { - Scope scope = storeFactory.getScopeStore().findById(realm, resourceServer, scopeId); + Scope scope = storeFactory.getScopeStore().findById(resourceServer, scopeId); if (scope == null) { scope = storeFactory.getScopeStore().findByName(resourceServer, scopeId); @@ -1309,7 +1307,6 @@ public class RepresentationToModel { private static void updateAssociatedPolicies(Set policyIds, Policy policy, StoreFactory storeFactory) { ResourceServer resourceServer = policy.getResourceServer(); - RealmModel realm = resourceServer.getRealm(); if (policyIds != null) { if (policyIds.isEmpty()) { @@ -1331,7 +1328,7 @@ public class RepresentationToModel { } if (!hasPolicy) { - Policy associatedPolicy = policyStore.findById(realm, resourceServer, policyId); + Policy associatedPolicy = policyStore.findById(resourceServer, policyId); if (associatedPolicy == null) { associatedPolicy = policyStore.findByName(resourceServer, policyId); @@ -1369,7 +1366,6 @@ public class RepresentationToModel { } } ResourceServer resourceServer = policy.getResourceServer(); - RealmModel realm = resourceServer.getRealm(); for (String resourceId : resourceIds) { boolean hasResource = false; @@ -1379,7 +1375,7 @@ public class RepresentationToModel { } } if (!hasResource && !"".equals(resourceId)) { - Resource resource = storeFactory.getResourceStore().findById(realm, resourceServer, resourceId); + Resource resource = storeFactory.getResourceStore().findById(resourceServer, resourceId); if (resource == null) { resource = storeFactory.getResourceStore().findByName(resourceServer, resourceId); @@ -1445,7 +1441,7 @@ public class RepresentationToModel { Resource existing; if (resource.getId() != null) { - existing = resourceStore.findById(realm, resourceServer, resource.getId()); + existing = resourceStore.findById(resourceServer, resource.getId()); } else { existing = resourceStore.findByName(resourceServer, resource.getName(), ownerId); } @@ -1519,7 +1515,7 @@ public class RepresentationToModel { Scope existing; if (scope.getId() != null) { - existing = scopeStore.findById(resourceServer.getRealm(), resourceServer, scope.getId()); + existing = scopeStore.findById(resourceServer, scope.getId()); } else { existing = scopeStore.findByName(resourceServer, scope.getName()); } @@ -1545,13 +1541,13 @@ public class RepresentationToModel { public static PermissionTicket toModel(PermissionTicketRepresentation representation, ResourceServer resourceServer, AuthorizationProvider authorization) { PermissionTicketStore ticketStore = authorization.getStoreFactory().getPermissionTicketStore(); - PermissionTicket ticket = ticketStore.findById(resourceServer.getRealm(), resourceServer, representation.getId()); + PermissionTicket ticket = ticketStore.findById(resourceServer, representation.getId()); boolean granted = representation.isGranted(); if (granted && !ticket.isGranted()) { ticket.setGrantedTimestamp(System.currentTimeMillis()); } else if (!granted) { - ticketStore.delete(resourceServer.getRealm(), ticket.getId()); + ticketStore.delete(ticket.getId()); } return ticket; diff --git a/services/src/main/java/org/keycloak/authorization/admin/PolicyEvaluationService.java b/services/src/main/java/org/keycloak/authorization/admin/PolicyEvaluationService.java index f9f1385da9f..ef3c013a897 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/PolicyEvaluationService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/PolicyEvaluationService.java @@ -191,7 +191,7 @@ public class PolicyEvaluationService { Set scopes = givenScopes.stream().map(scopeRepresentation -> scopeStore.findByName(resourceServer, scopeRepresentation.getName())).collect(Collectors.toSet()); if (resource.getId() != null) { - Resource resourceModel = storeFactory.getResourceStore().findById(resourceServer.getRealm(), resourceServer, resource.getId()); + Resource resourceModel = storeFactory.getResourceStore().findById(resourceServer, resource.getId()); return new ArrayList<>(Arrays.asList( Permissions.createResourcePermissions(resourceModel, resourceServer, scopes, authorization, request))).stream(); } else if (resource.getType() != null) { diff --git a/services/src/main/java/org/keycloak/authorization/admin/PolicyResourceService.java b/services/src/main/java/org/keycloak/authorization/admin/PolicyResourceService.java index 11a8d2b376f..d97309b9ab6 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/PolicyResourceService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/PolicyResourceService.java @@ -114,7 +114,7 @@ public class PolicyResourceService { resource.onRemove(policy, authorization); } - policyStore.delete(resourceServer.getRealm(), policy.getId()); + policyStore.delete(policy.getId()); audit(policyRep, OperationType.DELETE); diff --git a/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java b/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java index b01f0a8ac01..89a872098dd 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java @@ -93,7 +93,7 @@ public class PolicyService { return doCreatePolicyTypeResource(type); } - Policy policy = authorization.getStoreFactory().getPolicyStore().findById(resourceServer.getRealm(), resourceServer, type); + Policy policy = authorization.getStoreFactory().getPolicyStore().findById(resourceServer, type); return doCreatePolicyResource(policy); } @@ -227,7 +227,7 @@ public class PolicyService { if (resource != null && !"".equals(resource.trim())) { ResourceStore resourceStore = storeFactory.getResourceStore(); - Resource resourceModel = resourceStore.findById(resourceServer.getRealm(), resourceServer, resource); + Resource resourceModel = resourceStore.findById(resourceServer, resource); if (resourceModel == null) { Map resourceFilters = new EnumMap<>(Resource.FilterOption.class); @@ -238,7 +238,7 @@ public class PolicyService { resourceFilters.put(Resource.FilterOption.OWNER, new String[]{owner}); } - Set resources = resourceStore.find(resourceServer.getRealm(), resourceServer, resourceFilters, -1, 1).stream().map(Resource::getId).collect(Collectors.toSet()); + Set resources = resourceStore.find(resourceServer, resourceFilters, -1, 1).stream().map(Resource::getId).collect(Collectors.toSet()); if (resources.isEmpty()) { return Response.noContent().build(); @@ -252,7 +252,7 @@ public class PolicyService { if (scope != null && !"".equals(scope.trim())) { ScopeStore scopeStore = storeFactory.getScopeStore(); - Scope scopeModel = scopeStore.findById(resourceServer.getRealm(), resourceServer, scope); + Scope scopeModel = scopeStore.findById(resourceServer, scope); if (scopeModel == null) { Map scopeFilters = new EnumMap<>(Scope.FilterOption.class); @@ -286,7 +286,7 @@ public class PolicyService { protected List doSearch(Integer firstResult, Integer maxResult, String fields, Map filters) { PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore(); - return policyStore.find(resourceServer.getRealm(), resourceServer, filters, firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS).stream() + return policyStore.find(resourceServer, filters, firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS).stream() .map(policy -> toRepresentation(policy, fields, authorization)) .collect(Collectors.toList()); } diff --git a/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java b/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java index 6ab0108faae..15225bbe123 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java @@ -160,7 +160,7 @@ public class ResourceSetService { resource.setId(id); StoreFactory storeFactory = this.authorization.getStoreFactory(); ResourceStore resourceStore = storeFactory.getResourceStore(); - Resource model = resourceStore.findById(resourceServer.getRealm(), resourceServer, resource.getId()); + Resource model = resourceStore.findById(resourceServer, resource.getId()); if (model == null) { return Response.status(Status.NOT_FOUND).build(); @@ -182,7 +182,7 @@ public class ResourceSetService { public Response delete(@PathParam("resource-id") String id) { requireManage(); StoreFactory storeFactory = authorization.getStoreFactory(); - Resource resource = storeFactory.getResourceStore().findById(resourceServer.getRealm(), resourceServer, id); + Resource resource = storeFactory.getResourceStore().findById(resourceServer, id); if (resource == null) { return Response.status(Status.NOT_FOUND).build(); @@ -191,7 +191,7 @@ public class ResourceSetService { //to be able to access all lazy loaded fields it's needed to create representation before it's deleted ResourceRepresentation resourceRep = toRepresentation(resource, resourceServer, authorization); - storeFactory.getResourceStore().delete(resourceServer.getRealm(), id); + storeFactory.getResourceStore().delete(id); audit(resourceRep, OperationType.DELETE); @@ -216,7 +216,7 @@ public class ResourceSetService { public Response findById(String id, Function toRepresentation) { requireView(); StoreFactory storeFactory = authorization.getStoreFactory(); - Resource model = storeFactory.getResourceStore().findById(resourceServer.getRealm(), resourceServer, id); + Resource model = storeFactory.getResourceStore().findById(resourceServer, id); if (model == null) { return Response.status(Status.NOT_FOUND).build(); @@ -239,7 +239,7 @@ public class ResourceSetService { public Response getScopes(@PathParam("resource-id") String id) { requireView(); StoreFactory storeFactory = authorization.getStoreFactory(); - Resource model = storeFactory.getResourceStore().findById(resourceServer.getRealm(), resourceServer, id); + Resource model = storeFactory.getResourceStore().findById(resourceServer, id); if (model == null) { return Response.status(Status.NOT_FOUND).build(); @@ -290,7 +290,7 @@ public class ResourceSetService { requireView(); StoreFactory storeFactory = authorization.getStoreFactory(); ResourceStore resourceStore = storeFactory.getResourceStore(); - Resource model = resourceStore.findById(resourceServer.getRealm(), resourceServer, id); + Resource model = resourceStore.findById(resourceServer, id); if (model == null) { return Response.status(Status.NOT_FOUND).build(); @@ -311,7 +311,7 @@ public class ResourceSetService { resourceFilter.put(Resource.FilterOption.OWNER, new String[]{resourceServer.getClientId()}); resourceFilter.put(Resource.FilterOption.TYPE, new String[]{model.getType()}); - for (Resource resourceType : resourceStore.find(resourceServer.getRealm(), resourceServer, resourceFilter, null, null)) { + for (Resource resourceType : resourceStore.find(resourceServer, resourceFilter, null, null)) { policies.addAll(policyStore.findByResource(resourceServer, resourceType)); } } @@ -347,7 +347,7 @@ public class ResourceSetService { public Response getAttributes(@PathParam("resource-id") String id) { requireView(); StoreFactory storeFactory = authorization.getStoreFactory(); - Resource model = storeFactory.getResourceStore().findById(resourceServer.getRealm(), resourceServer, id); + Resource model = storeFactory.getResourceStore().findById(resourceServer, id); if (model == null) { return Response.status(Status.NOT_FOUND).build(); @@ -475,7 +475,7 @@ public class ResourceSetService { search.put(Resource.FilterOption.SCOPE_ID, scopes.stream().map(Scope::getId).toArray(String[]::new)); } - List resources = storeFactory.getResourceStore().find(resourceServer.getRealm(), this.resourceServer, search, firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS); + List resources = storeFactory.getResourceStore().find(this.resourceServer, search, firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS); if (matchingUri != null && matchingUri && resources.isEmpty()) { Map attributes = new EnumMap<>(Resource.FilterOption.class); @@ -483,7 +483,7 @@ public class ResourceSetService { attributes.put(Resource.FilterOption.URI_NOT_NULL, new String[] {"true"}); attributes.put(Resource.FilterOption.OWNER, new String[] {resourceServer.getClientId()}); - List serverResources = storeFactory.getResourceStore().find(resourceServer.getRealm(), this.resourceServer, attributes, firstResult != null ? firstResult : -1, maxResult != null ? maxResult : -1); + List serverResources = storeFactory.getResourceStore().find(this.resourceServer, attributes, firstResult != null ? firstResult : -1, maxResult != null ? maxResult : -1); PathMatcher> pathMatcher = new PathMatcher>() { @Override diff --git a/services/src/main/java/org/keycloak/authorization/admin/ScopeService.java b/services/src/main/java/org/keycloak/authorization/admin/ScopeService.java index 6dd14e5ac2a..6ac772829c0 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/ScopeService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/ScopeService.java @@ -109,7 +109,7 @@ public class ScopeService { this.auth.realm().requireManageAuthorization(); scope.setId(id); StoreFactory storeFactory = authorization.getStoreFactory(); - Scope model = storeFactory.getScopeStore().findById(resourceServer.getRealm(), resourceServer, scope.getId()); + Scope model = storeFactory.getScopeStore().findById(resourceServer, scope.getId()); if (model == null) { return Response.status(Status.NOT_FOUND).build(); @@ -127,8 +127,7 @@ public class ScopeService { public Response delete(@PathParam("scope-id") String id) { this.auth.realm().requireManageAuthorization(); StoreFactory storeFactory = authorization.getStoreFactory(); - RealmModel realm = resourceServer.getRealm(); - Scope scope = storeFactory.getScopeStore().findById(realm, resourceServer, id); + Scope scope = storeFactory.getScopeStore().findById(resourceServer, id); if (scope == null) { return Response.status(Status.NOT_FOUND).build(); } @@ -144,7 +143,7 @@ public class ScopeService { for (Policy policyModel : policies) { if (policyModel.getScopes().size() == 1) { - policyStore.delete(realm, policyModel.getId()); + policyStore.delete(policyModel.getId()); } else { policyModel.removeScope(scope); } @@ -153,7 +152,7 @@ public class ScopeService { //to be able to access all lazy loaded fields it's needed to create representation before it's deleted ScopeRepresentation scopeRep = toRepresentation(scope); - storeFactory.getScopeStore().delete(realm, id); + storeFactory.getScopeStore().delete(id); audit(scopeRep, OperationType.DELETE); @@ -173,7 +172,7 @@ public class ScopeService { }) public Response findById(@PathParam("scope-id") String id) { this.auth.realm().requireViewAuthorization(); - Scope model = this.authorization.getStoreFactory().getScopeStore().findById(resourceServer.getRealm(), resourceServer, id); + Scope model = this.authorization.getStoreFactory().getScopeStore().findById(resourceServer, id); if (model == null) { return Response.status(Status.NOT_FOUND).build(); @@ -196,7 +195,7 @@ public class ScopeService { public Response getResources(@PathParam("scope-id") String id) { this.auth.realm().requireViewAuthorization(); StoreFactory storeFactory = this.authorization.getStoreFactory(); - Scope model = storeFactory.getScopeStore().findById(resourceServer.getRealm(), resourceServer, id); + Scope model = storeFactory.getScopeStore().findById(resourceServer, id); if (model == null) { return Response.status(Status.NOT_FOUND).build(); @@ -226,7 +225,7 @@ public class ScopeService { public Response getPermissions(@PathParam("scope-id") String id) { this.auth.realm().requireViewAuthorization(); StoreFactory storeFactory = this.authorization.getStoreFactory(); - Scope model = storeFactory.getScopeStore().findById(resourceServer.getRealm(), resourceServer, id); + Scope model = storeFactory.getScopeStore().findById(resourceServer, id); if (model == null) { return Response.status(Status.NOT_FOUND).build(); diff --git a/services/src/main/java/org/keycloak/authorization/admin/representation/PolicyEvaluationResponseBuilder.java b/services/src/main/java/org/keycloak/authorization/admin/representation/PolicyEvaluationResponseBuilder.java index a1672a2a471..9e7824b8bf9 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/representation/PolicyEvaluationResponseBuilder.java +++ b/services/src/main/java/org/keycloak/authorization/admin/representation/PolicyEvaluationResponseBuilder.java @@ -195,7 +195,7 @@ public class PolicyEvaluationResponseBuilder { filters.put(PermissionTicket.FilterOption.POLICY_ID, policy.getId()); - List tickets = authorization.getStoreFactory().getPermissionTicketStore().find(resourceServer.getRealm(), resourceServer, filters, -1, 1); + List tickets = authorization.getStoreFactory().getPermissionTicketStore().find(resourceServer, filters, -1, 1); if (!tickets.isEmpty()) { KeycloakSession keycloakSession = authorization.getKeycloakSession(); diff --git a/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java b/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java index 91ae169cf93..e10df7293f1 100644 --- a/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java +++ b/services/src/main/java/org/keycloak/authorization/authorization/AuthorizationTokenService.java @@ -508,7 +508,6 @@ public class AuthorizationTokenService { Map permissionsToEvaluate, ResourceStore resourceStore, ScopeStore scopeStore, AtomicInteger limit) { AccessToken rpt = request.getRpt(); - RealmModel realm = resourceServer.getRealm(); if (rpt != null && rpt.isActive()) { Authorization authorizationData = rpt.getAuthorization(); @@ -522,7 +521,7 @@ public class AuthorizationTokenService { break; } - Resource resource = resourceStore.findById(realm, resourceServer, grantedPermission.getResourceId()); + Resource resource = resourceStore.findById(resourceServer, grantedPermission.getResourceId()); if (resource != null) { ResourcePermission permission = permissionsToEvaluate.get(resource.getId()); @@ -606,7 +605,7 @@ public class AuthorizationTokenService { Resource resource; if (resourceId.indexOf('-') != -1) { - resource = resourceStore.findById(resourceServer.getRealm(), resourceServer, resourceId); + resource = resourceStore.findById(resourceServer, resourceId); } else { resource = null; } @@ -890,7 +889,7 @@ public class AuthorizationTokenService { search.put(Resource.FilterOption.URI, new String[] { uri }); ResourceServer resourceServer = storeFactory.getResourceServerStore() .findByClient(getRealm().getClientByClientId(getAudience())); - List resources = storeFactory.getResourceStore().find(getRealm(), resourceServer, search, -1, + List resources = storeFactory.getResourceStore().find(resourceServer, search, -1, Constants.DEFAULT_MAX_RESULTS); if (!matchingUri || !resources.isEmpty()) { @@ -901,7 +900,7 @@ public class AuthorizationTokenService { search.put(Resource.FilterOption.URI_NOT_NULL, new String[] { "true" }); search.put(Resource.FilterOption.OWNER, new String[] { resourceServer.getClientId() }); - List serverResources = storeFactory.getResourceStore().find(getRealm(), resourceServer, search, -1, -1); + List serverResources = storeFactory.getResourceStore().find(resourceServer, search, -1, -1); PathMatcher> pathMatcher = new PathMatcher>() { @Override diff --git a/services/src/main/java/org/keycloak/authorization/protection/permission/AbstractPermissionService.java b/services/src/main/java/org/keycloak/authorization/protection/permission/AbstractPermissionService.java index b4791939cda..367317ac1c0 100644 --- a/services/src/main/java/org/keycloak/authorization/protection/permission/AbstractPermissionService.java +++ b/services/src/main/java/org/keycloak/authorization/protection/permission/AbstractPermissionService.java @@ -74,7 +74,7 @@ public class AbstractPermissionService { throw new ErrorResponseException("invalid_resource_id", "Resource id or name not provided.", Response.Status.BAD_REQUEST); } } else { - Resource resource = resourceStore.findById(resourceServer.getRealm(), resourceServer, resourceSetId); + Resource resource = resourceStore.findById(resourceServer, resourceSetId); if (resource != null) { resources.add(resource); diff --git a/services/src/main/java/org/keycloak/authorization/protection/permission/PermissionTicketService.java b/services/src/main/java/org/keycloak/authorization/protection/permission/PermissionTicketService.java index 2038e4fe680..3c375498868 100644 --- a/services/src/main/java/org/keycloak/authorization/protection/permission/PermissionTicketService.java +++ b/services/src/main/java/org/keycloak/authorization/protection/permission/PermissionTicketService.java @@ -82,7 +82,7 @@ public class PermissionTicketService { throw new ErrorResponseException("invalid_permission", "created permissions should have requester or requesterName", Response.Status.BAD_REQUEST); ResourceStore rstore = this.authorization.getStoreFactory().getResourceStore(); - Resource resource = rstore.findById(resourceServer.getRealm(), resourceServer, representation.getResource()); + Resource resource = rstore.findById(resourceServer, representation.getResource()); if (resource == null ) throw new ErrorResponseException("invalid_resource_id", "Resource set with id [" + representation.getResource() + "] does not exists in this server.", Response.Status.BAD_REQUEST); if (!resource.getOwner().equals(this.identity.getId())) @@ -105,7 +105,7 @@ public class PermissionTicketService { if(representation.getScopeName() != null) scope = sstore.findByName(resourceServer, representation.getScopeName()); else - scope = sstore.findById(resourceServer.getRealm(), resourceServer, representation.getScope()); + scope = sstore.findById(resourceServer, representation.getScope()); if (scope == null && representation.getScope() !=null ) throw new ErrorResponseException("invalid_scope", "Scope [" + representation.getScope() + "] is invalid", Response.Status.BAD_REQUEST); @@ -122,7 +122,7 @@ public class PermissionTicketService { attributes.put(PermissionTicket.FilterOption.SCOPE_ID, scope.getId()); attributes.put(PermissionTicket.FilterOption.REQUESTER, user.getId()); - if (!ticketStore.find(resourceServer.getRealm(), resourceServer, attributes, null, null).isEmpty()) + if (!ticketStore.find(resourceServer, attributes, null, null).isEmpty()) throw new ErrorResponseException("invalid_permission", "Permission already exists", Response.Status.BAD_REQUEST); PermissionTicket ticket = ticketStore.create(resourceServer, resource, scope, user.getId()); @@ -140,7 +140,7 @@ public class PermissionTicketService { } PermissionTicketStore ticketStore = authorization.getStoreFactory().getPermissionTicketStore(); - PermissionTicket ticket = ticketStore.findById(resourceServer.getRealm(), resourceServer, representation.getId()); + PermissionTicket ticket = ticketStore.findById(resourceServer, representation.getId()); if (ticket == null) { throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "invalid_ticket", Response.Status.BAD_REQUEST); @@ -164,7 +164,7 @@ public class PermissionTicketService { } PermissionTicketStore ticketStore = authorization.getStoreFactory().getPermissionTicketStore(); - PermissionTicket ticket = ticketStore.findById(resourceServer.getRealm(), resourceServer, id); + PermissionTicket ticket = ticketStore.findById(resourceServer, id); if (ticket == null) { throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "invalid_ticket", Response.Status.BAD_REQUEST); @@ -173,7 +173,7 @@ public class PermissionTicketService { if (!ticket.getOwner().equals(this.identity.getId()) && !this.identity.isResourceServer() && !ticket.getRequester().equals(this.identity.getId())) throw new ErrorResponseException("not_authorised", "permissions for [" + ticket.getResource() + "] can be deleted only by the owner, the requester, or the resource server", Response.Status.FORBIDDEN); - ticketStore.delete(resourceServer.getRealm(), id); + ticketStore.delete(id); return Response.noContent().build(); } @@ -193,7 +193,7 @@ public class PermissionTicketService { Map filters = getFilters(storeFactory, resourceId, scopeId, owner, requester, granted); - return Response.ok().entity(permissionTicketStore.find(resourceServer.getRealm(), resourceServer, filters, firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS) + return Response.ok().entity(permissionTicketStore.find(resourceServer, filters, firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS) .stream() .map(permissionTicket -> ModelToRepresentation.toRepresentation(permissionTicket, authorization, returnNames == null ? false : returnNames)) .collect(Collectors.toList())) @@ -231,7 +231,7 @@ public class PermissionTicketService { if (scopeId != null) { ScopeStore scopeStore = storeFactory.getScopeStore(); - Scope scope = scopeStore.findById(resourceServer.getRealm(), resourceServer, scopeId); + Scope scope = scopeStore.findById(resourceServer, scopeId); if (scope == null) { scope = scopeStore.findByName(resourceServer, scopeId); diff --git a/services/src/main/java/org/keycloak/authorization/protection/policy/UserManagedPermissionService.java b/services/src/main/java/org/keycloak/authorization/protection/policy/UserManagedPermissionService.java index 0baf38f9009..dbde40afabf 100644 --- a/services/src/main/java/org/keycloak/authorization/protection/policy/UserManagedPermissionService.java +++ b/services/src/main/java/org/keycloak/authorization/protection/policy/UserManagedPermissionService.java @@ -128,7 +128,7 @@ public class UserManagedPermissionService { } private Policy getPolicy(@PathParam("policyId") String policyId) { - Policy existing = authorization.getStoreFactory().getPolicyStore().findById(resourceServer.getRealm(), resourceServer, policyId); + Policy existing = authorization.getStoreFactory().getPolicyStore().findById(resourceServer, policyId); if (existing == null) { throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Policy with [" + policyId + "] does not exist", Status.NOT_FOUND); @@ -139,7 +139,7 @@ public class UserManagedPermissionService { private void checkRequest(String resourceId, UmaPermissionRepresentation representation) { ResourceStore resourceStore = this.authorization.getStoreFactory().getResourceStore(); - Resource resource = resourceStore.findById(resourceServer.getRealm(), resourceServer, resourceId); + Resource resource = resourceStore.findById(resourceServer, resourceId); if (resource == null) { throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Resource [" + resourceId + "] cannot be found", Response.Status.BAD_REQUEST); diff --git a/services/src/main/java/org/keycloak/services/resources/account/resources/ResourceService.java b/services/src/main/java/org/keycloak/services/resources/account/resources/ResourceService.java index 84bab5f2303..6abaf1dd4f1 100644 --- a/services/src/main/java/org/keycloak/services/resources/account/resources/ResourceService.java +++ b/services/src/main/java/org/keycloak/services/resources/account/resources/ResourceService.java @@ -88,7 +88,7 @@ public class ResourceService extends AbstractResourceService { filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString()); filters.put(PermissionTicket.FilterOption.RESOURCE_ID, resource.getId()); - Collection resources = toPermissions(ticketStore.find(resourceServer.getRealm(), resourceServer, filters, null, null)); + Collection resources = toPermissions(ticketStore.find(resourceServer, filters, null, null)); Collection permissions = Collections.EMPTY_LIST; if (!resources.isEmpty()) { @@ -128,7 +128,6 @@ public class ResourceService extends AbstractResourceService { } Map filters = new EnumMap<>(PermissionTicket.FilterOption.class); - RealmModel realm = resourceServer.getRealm(); filters.put(PermissionTicket.FilterOption.RESOURCE_ID, resource.getId()); @@ -138,7 +137,7 @@ public class ResourceService extends AbstractResourceService { filters.put(PermissionTicket.FilterOption.REQUESTER, user.getId()); - List tickets = ticketStore.find(realm, resourceServer, filters, null, null); + List tickets = ticketStore.find(resourceServer, filters, null, null); // grants all requested permissions if (tickets.isEmpty()) { @@ -174,7 +173,7 @@ public class ResourceService extends AbstractResourceService { // remove all tickets that are not within the requested permissions for (PermissionTicket ticket : tickets) { - ticketStore.delete(realm, ticket.getId()); + ticketStore.delete(ticket.getId()); } } } @@ -199,7 +198,7 @@ public class ResourceService extends AbstractResourceService { Map requests = new HashMap<>(); - for (PermissionTicket ticket : ticketStore.find(resourceServer.getRealm(), resourceServer, filters, null, null)) { + for (PermissionTicket ticket : ticketStore.find(resourceServer, filters, null, null)) { requests.computeIfAbsent(ticket.getRequester(), requester -> new Permission(ticket, provider)).addScope(ticket.getScope().getName()); } @@ -216,7 +215,7 @@ public class ResourceService extends AbstractResourceService { org.keycloak.authorization.model.Scope scope = scopeStore.findByName(resourceServer, scopeId); if (scope == null) { - scope = scopeStore.findById(resourceServer.getRealm(), resourceServer, scopeId); + scope = scopeStore.findById(resourceServer, scopeId); } return scope; diff --git a/services/src/main/java/org/keycloak/services/resources/account/resources/ResourcesService.java b/services/src/main/java/org/keycloak/services/resources/account/resources/ResourcesService.java index 584fbd4b312..2824f7fa1dd 100644 --- a/services/src/main/java/org/keycloak/services/resources/account/resources/ResourcesService.java +++ b/services/src/main/java/org/keycloak/services/resources/account/resources/ResourcesService.java @@ -73,7 +73,7 @@ public class ResourcesService extends AbstractResourceService { filters.put(org.keycloak.authorization.model.Resource.FilterOption.NAME, new String[] { name }); } - return queryResponse((f, m) -> resourceStore.find(auth.getRealm(), null, filters, f, m).stream() + return queryResponse((f, m) -> resourceStore.find(null, filters, f, m).stream() .map(resource -> new Resource(resource, user, provider)), first, max); } @@ -90,7 +90,7 @@ public class ResourcesService extends AbstractResourceService { public Response getSharedWithMe(@QueryParam("name") String name, @QueryParam("first") Integer first, @QueryParam("max") Integer max) { - return queryResponse((f, m) -> toPermissions(ticketStore.findGrantedResources(auth.getRealm(), auth.getUser().getId(), name, f, m), false) + return queryResponse((f, m) -> toPermissions(ticketStore.findGrantedResources(auth.getUser().getId(), name, f, m), false) .stream(), first, max); } @@ -108,7 +108,7 @@ public class ResourcesService extends AbstractResourceService { @Produces(MediaType.APPLICATION_JSON) public Response getSharedWithOthers(@QueryParam("first") Integer first, @QueryParam("max") Integer max) { return queryResponse( - (f, m) -> toPermissions(ticketStore.findGrantedOwnerResources(auth.getRealm(), auth.getUser().getId(), f, m), true) + (f, m) -> toPermissions(ticketStore.findGrantedOwnerResources(auth.getUser().getId(), f, m), true) .stream(), first, max); } @@ -123,7 +123,7 @@ public class ResourcesService extends AbstractResourceService { filters.put(PermissionTicket.FilterOption.REQUESTER, user.getId()); filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.FALSE.toString()); - final List permissionTickets = ticketStore.find(auth.getRealm(), null, filters, null, null); + final List permissionTickets = ticketStore.find(null, filters, null, null); final List resourceList = new ArrayList<>(permissionTickets.size()); for (PermissionTicket ticket : permissionTickets) { @@ -138,7 +138,7 @@ public class ResourcesService extends AbstractResourceService { @Path("{id}") public Object getResource(@PathParam("id") String id) { - org.keycloak.authorization.model.Resource resource = resourceStore.findById(auth.getRealm(), null, id); + org.keycloak.authorization.model.Resource resource = resourceStore.findById(null, id); if (resource == null) { throw new NotFoundException("resource_not_found"); @@ -167,7 +167,7 @@ public class ResourcesService extends AbstractResourceService { filters.put(PermissionTicket.FilterOption.GRANTED, Boolean.TRUE.toString()); filters.put(PermissionTicket.FilterOption.RESOURCE_ID, resource.getId()); - tickets = ticketStore.find(auth.getRealm(), resource.getResourceServer(), filters, null, null); + tickets = ticketStore.find(resource.getResourceServer(), filters, null, null); } else { tickets = ticketStore.findGranted(resource.getResourceServer(), resource.getName(), user.getId()); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissions.java index 12dd0b647e4..b2ce15fc97b 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissions.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissions.java @@ -178,7 +178,7 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionM private void deletePolicy(String name, ResourceServer server) { Policy policy = authz.getStoreFactory().getPolicyStore().findByName(server, name); if (policy != null) { - authz.getStoreFactory().getPolicyStore().delete(server.getRealm(), policy.getId()); + authz.getStoreFactory().getPolicyStore().delete(policy.getId()); } } @@ -194,7 +194,7 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionM deletePolicy(getConfigurePermissionName(client), server); deletePolicy(getExchangeToPermissionName(client), server); Resource resource = authz.getStoreFactory().getResourceStore().findByName(server, getResourceName(client));; - if (resource != null) authz.getStoreFactory().getResourceStore().delete(server.getRealm(), resource.getId()); + if (resource != null) authz.getStoreFactory().getResourceStore().delete(resource.getId()); } @Override diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java index f576faa5a74..413d97c6766 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java @@ -25,10 +25,8 @@ import org.keycloak.authorization.permission.ResourcePermission; import org.keycloak.authorization.policy.evaluation.EvaluationContext; import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.ResourceStore; -import org.keycloak.common.Profile; import org.keycloak.models.AdminRoles; import org.keycloak.models.GroupModel; -import org.keycloak.models.RealmModel; import org.keycloak.representations.idm.authorization.Permission; import org.keycloak.services.ForbiddenException; @@ -462,29 +460,27 @@ class GroupPermissions implements GroupPermissionEvaluator, GroupPermissionManag ResourceServer server = root.realmResourceServer(); if (server == null) return; - RealmModel realm = server.getRealm(); - Policy managePermission = managePermission(group); if (managePermission != null) { - policyStore.delete(realm, managePermission.getId()); + policyStore.delete(managePermission.getId()); } Policy viewPermission = viewPermission(group); if (viewPermission != null) { - policyStore.delete(realm, viewPermission.getId()); + policyStore.delete(viewPermission.getId()); } Policy manageMembersPermission = manageMembersPermission(group); if (manageMembersPermission != null) { - policyStore.delete(realm, manageMembersPermission.getId()); + policyStore.delete(manageMembersPermission.getId()); } Policy viewMembersPermission = viewMembersPermission(group); if (viewMembersPermission != null) { - policyStore.delete(realm, viewMembersPermission.getId()); + policyStore.delete(viewMembersPermission.getId()); } Policy manageMembershipPermission = manageMembershipPermission(group); if (manageMembershipPermission != null) { - policyStore.delete(realm, manageMembershipPermission.getId()); + policyStore.delete(manageMembershipPermission.getId()); } Resource resource = groupResource(group); - if (resource != null) resourceStore.delete(realm, resource.getId()); + if (resource != null) resourceStore.delete(resource.getId()); } } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/IdentityProviderPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/IdentityProviderPermissions.java index 4349b140411..b56559b09e8 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/IdentityProviderPermissions.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/IdentityProviderPermissions.java @@ -92,7 +92,7 @@ class IdentityProviderPermissions implements IdentityProviderPermissionManageme private void deletePolicy(String name, ResourceServer server) { Policy policy = authz.getStoreFactory().getPolicyStore().findByName(server, name); if (policy != null) { - authz.getStoreFactory().getPolicyStore().delete(server.getRealm(), policy.getId()); + authz.getStoreFactory().getPolicyStore().delete(policy.getId()); } } @@ -102,7 +102,7 @@ class IdentityProviderPermissions implements IdentityProviderPermissionManageme if (server == null) return; deletePolicy(getExchangeToPermissionName(idp), server); Resource resource = authz.getStoreFactory().getResourceStore().findByName(server, getResourceName(idp));; - if (resource != null) authz.getStoreFactory().getResourceStore().delete(server.getRealm(), resource.getId()); + if (resource != null) authz.getStoreFactory().getResourceStore().delete(resource.getId()); } @Override diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/RolePermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/RolePermissions.java index d9850c26033..3ec99fe8945 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/RolePermissions.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/RolePermissions.java @@ -86,17 +86,15 @@ class RolePermissions implements RolePermissionEvaluator, RolePermissionManageme ResourceServer server = resourceServer(role); if (server == null) return; - RealmModel realm = server.getRealm(); - Policy policy = mapRolePermission(role); - if (policy != null) authz.getStoreFactory().getPolicyStore().delete(realm, policy.getId()); + if (policy != null) authz.getStoreFactory().getPolicyStore().delete(policy.getId()); policy = mapClientScopePermission(role); - if (policy != null) authz.getStoreFactory().getPolicyStore().delete(realm, policy.getId()); + if (policy != null) authz.getStoreFactory().getPolicyStore().delete(policy.getId()); policy = mapCompositePermission(role); - if (policy != null) authz.getStoreFactory().getPolicyStore().delete(realm, policy.getId()); + if (policy != null) authz.getStoreFactory().getPolicyStore().delete(policy.getId()); Resource resource = authz.getStoreFactory().getResourceStore().findByName(server, getRoleResourceName(role)); - if (resource != null) authz.getStoreFactory().getResourceStore().delete(realm, resource.getId()); + if (resource != null) authz.getStoreFactory().getResourceStore().delete(resource.getId()); } @Override diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java index dc5a0d26e93..2f504c419e9 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java @@ -29,13 +29,11 @@ import org.keycloak.authorization.permission.ResourcePermission; import org.keycloak.authorization.policy.evaluation.EvaluationContext; import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.ResourceStore; -import org.keycloak.common.Profile; import org.keycloak.models.AdminRoles; import org.keycloak.models.ClientModel; import org.keycloak.models.GroupModel; import org.keycloak.models.ImpersonationConstants; import org.keycloak.models.KeycloakSession; -import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; import org.keycloak.representations.idm.authorization.Permission; import org.keycloak.services.ForbiddenException; @@ -529,41 +527,39 @@ class UserPermissions implements UserPermissionEvaluator, UserPermissionManageme ResourceServer server = root.realmResourceServer(); if (server == null) return; - RealmModel realm = server.getRealm(); - Policy policy = managePermission(); if (policy != null) { - policyStore.delete(realm, policy.getId()); + policyStore.delete(policy.getId()); } policy = viewPermission(); if (policy != null) { - policyStore.delete(realm, policy.getId()); + policyStore.delete(policy.getId()); } policy = mapRolesPermission(); if (policy != null) { - policyStore.delete(realm, policy.getId()); + policyStore.delete(policy.getId()); } policy = manageGroupMembershipPermission(); if (policy != null) { - policyStore.delete(realm, policy.getId()); + policyStore.delete(policy.getId()); } policy = adminImpersonatingPermission(); if (policy != null) { - policyStore.delete(realm, policy.getId()); + policyStore.delete(policy.getId()); } policy = userImpersonatedPermission(); if (policy != null) { - policyStore.delete(realm, policy.getId()); + policyStore.delete(policy.getId()); } Resource usersResource = resourceStore.findByName(server, USERS_RESOURCE); if (usersResource != null) { - resourceStore.delete(realm, usersResource.getId()); + resourceStore.delete(usersResource.getId()); } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedPermissionServiceTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedPermissionServiceTest.java index f57abfec358..bbc4f0473aa 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedPermissionServiceTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedPermissionServiceTest.java @@ -537,11 +537,11 @@ public class UserManagedPermissionServiceTest extends AbstractResourceServerTest PolicyStore policyStore = provider.getStoreFactory().getPolicyStore(); List policies = policyStore - .find(realm, resourceServer, filters, null, null); + .find(resourceServer, filters, null, null); assertTrue(policies.isEmpty()); policies = policyStore - .find(realm, resourceServer, Collections.emptyMap(), null, null); + .find(resourceServer, Collections.emptyMap(), null, null); assertTrue(policies.isEmpty()); } @@ -964,7 +964,7 @@ public class UserManagedPermissionServiceTest extends AbstractResourceServerTest filters.put(OWNER, new String[] {user.getId()}); List policies = provider.getStoreFactory().getPolicyStore() - .find(realm, resourceServer, filters, null, null); + .find(resourceServer, filters, null, null); assertEquals(1, policies.size()); Policy policy = policies.get(0); @@ -973,13 +973,13 @@ public class UserManagedPermissionServiceTest extends AbstractResourceServerTest Resource resource = policy.getResources().iterator().next(); assertEquals("Resource A", resource.getName()); - provider.getStoreFactory().getResourceStore().delete(realm, resource.getId()); + provider.getStoreFactory().getResourceStore().delete(resource.getId()); filters = new HashMap<>(); filters.put(OWNER, new String[] {user.getId()}); policies = provider.getStoreFactory().getPolicyStore() - .find(realm, resourceServer, filters, null, null); + .find(resourceServer, filters, null, null); assertTrue(policies.isEmpty()); } diff --git a/testsuite/model/src/test/java/org/keycloak/testsuite/model/authz/ConcurrentAuthzTest.java b/testsuite/model/src/test/java/org/keycloak/testsuite/model/authz/ConcurrentAuthzTest.java index b3ca141b38a..96fefa272ad 100644 --- a/testsuite/model/src/test/java/org/keycloak/testsuite/model/authz/ConcurrentAuthzTest.java +++ b/testsuite/model/src/test/java/org/keycloak/testsuite/model/authz/ConcurrentAuthzTest.java @@ -95,7 +95,7 @@ public class ConcurrentAuthzTest extends KeycloakModelTest { String permissionId = withRealm(realmId, (session, realm) -> { AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); StoreFactory aStore = authorization.getStoreFactory(); - ResourceServer rs = aStore.getResourceServerStore().findById(realm, resourceServerId); + ResourceServer rs = aStore.getResourceServerStore().findById(resourceServerId); UserModel u = session.users().addUser(realm, "user" + index); @@ -113,20 +113,20 @@ public class ConcurrentAuthzTest extends KeycloakModelTest { AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); StoreFactory aStore = authorization.getStoreFactory(); - aStore.getPolicyStore().delete(realm, permissionId); + aStore.getPolicyStore().delete(permissionId); return null; }); withRealm(realmId, (session, realm) -> { AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); StoreFactory aStore = authorization.getStoreFactory(); - ResourceServer rs = aStore.getResourceServerStore().findById(realm, resourceServerId); + ResourceServer rs = aStore.getResourceServerStore().findById(resourceServerId); Map searchMap = new HashMap<>(); searchMap.put(Policy.FilterOption.TYPE, new String[]{"uma"}); searchMap.put(Policy.FilterOption.OWNER, new String[]{adminId}); searchMap.put(Policy.FilterOption.PERMISSION, new String[] {"true"}); - Set s = aStore.getPolicyStore().find(realm, rs, searchMap, 0, 500).stream().map(Policy::getId).collect(Collectors.toSet()); + Set s = aStore.getPolicyStore().find(rs, searchMap, 0, 500).stream().map(Policy::getId).collect(Collectors.toSet()); assertThat(s, not(contains(permissionId))); return null; }); @@ -140,7 +140,7 @@ public class ConcurrentAuthzTest extends KeycloakModelTest { AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); StoreFactory aStore = authorization.getStoreFactory(); UserModel u = session.users().getUserById(realm, adminId); - ResourceServer rs = aStore.getResourceServerStore().findById(realm, resourceServerId); + ResourceServer rs = aStore.getResourceServerStore().findById(resourceServerId); UmaPermissionRepresentation permission = new UmaPermissionRepresentation(); @@ -157,8 +157,8 @@ public class ConcurrentAuthzTest extends KeycloakModelTest { String createdPolicyId = withRealm(realmId, (session, realm) -> { AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); StoreFactory aStore = authorization.getStoreFactory(); - ResourceServer rs = aStore.getResourceServerStore().findById(realm, resourceServerId); - Policy permission = aStore.getPolicyStore().findById(realm, rs, permissionId); + ResourceServer rs = aStore.getResourceServerStore().findById(resourceServerId); + Policy permission = aStore.getPolicyStore().findById(rs, permissionId); UserPolicyRepresentation userRep = new UserPolicyRepresentation(); userRep.setName("isAdminUser" + index); @@ -171,8 +171,8 @@ public class ConcurrentAuthzTest extends KeycloakModelTest { withRealm(realmId, (session, realm) -> { AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); StoreFactory aStore = authorization.getStoreFactory(); - ResourceServer rs = aStore.getResourceServerStore().findById(realm, resourceServerId); - Policy permission = aStore.getPolicyStore().findById(realm, rs, permissionId); + ResourceServer rs = aStore.getResourceServerStore().findById(resourceServerId); + Policy permission = aStore.getPolicyStore().findById(rs, permissionId); assertThat(permission.getAssociatedPolicies(), not(contains(nullValue()))); ModelToRepresentation.toRepresentation(permission, authorization); @@ -183,7 +183,7 @@ public class ConcurrentAuthzTest extends KeycloakModelTest { withRealm(realmId, (session, realm) -> { AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); StoreFactory aStore = authorization.getStoreFactory(); - aStore.getPolicyStore().delete(realm, createdPolicyId); + aStore.getPolicyStore().delete(createdPolicyId); return null; }); });