diff --git a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/group/GroupPolicyProvider.java b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/group/GroupPolicyProvider.java index e2782c63ab6..9813acc1252 100644 --- a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/group/GroupPolicyProvider.java +++ b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/group/GroupPolicyProvider.java @@ -30,7 +30,7 @@ import org.keycloak.authorization.attribute.Attributes.Entry; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.policy.evaluation.Evaluation; -import org.keycloak.authorization.policy.provider.PartialEvaluationPolicyProvider; +import org.keycloak.authorization.fgap.evaluation.partial.PartialEvaluationPolicyProvider; import org.keycloak.authorization.policy.provider.PolicyProvider; import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.StoreFactory; diff --git a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/permission/ScopePolicyProviderFactory.java b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/permission/ScopePolicyProviderFactory.java index 889133366e7..4dc3eb6ccd7 100644 --- a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/permission/ScopePolicyProviderFactory.java +++ b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/permission/ScopePolicyProviderFactory.java @@ -17,7 +17,7 @@ package org.keycloak.authorization.policy.provider.permission; import org.keycloak.Config; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.policy.provider.PolicyProvider; diff --git a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProvider.java b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProvider.java index 9b56d5f6eec..0b8a92ad8ff 100644 --- a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProvider.java +++ b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProvider.java @@ -30,7 +30,7 @@ import org.keycloak.authorization.identity.UserModelIdentity; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.policy.evaluation.Evaluation; -import org.keycloak.authorization.policy.provider.PartialEvaluationPolicyProvider; +import org.keycloak.authorization.fgap.evaluation.partial.PartialEvaluationPolicyProvider; import org.keycloak.authorization.policy.provider.PolicyProvider; import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.StoreFactory; diff --git a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/user/UserPolicyProvider.java b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/user/UserPolicyProvider.java index feac66225fc..5f75c26afa3 100644 --- a/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/user/UserPolicyProvider.java +++ b/authz/policy/common/src/main/java/org/keycloak/authorization/policy/provider/user/UserPolicyProvider.java @@ -25,7 +25,7 @@ import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.policy.evaluation.Evaluation; -import org.keycloak.authorization.policy.provider.PartialEvaluationPolicyProvider; +import org.keycloak.authorization.fgap.evaluation.partial.PartialEvaluationPolicyProvider; import org.keycloak.authorization.policy.provider.PolicyProvider; import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.StoreFactory; diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/DefaultLazyLoader.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/DefaultLazyLoader.java index b8619226854..80b735292cf 100644 --- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/DefaultLazyLoader.java +++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/DefaultLazyLoader.java @@ -16,7 +16,7 @@ */ package org.keycloak.models.cache.infinispan; -import static org.keycloak.authorization.AdminPermissionsSchema.runWithoutAuthorization; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.runWithoutAuthorization; import java.util.function.Function; import java.util.function.Supplier; diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/PolicyEntity.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/PolicyEntity.java index 2ec8499a143..f4ea7697b9f 100644 --- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/PolicyEntity.java +++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/entities/PolicyEntity.java @@ -42,7 +42,7 @@ import org.hibernate.annotations.BatchSize; import org.hibernate.annotations.Fetch; import org.hibernate.annotations.FetchMode; import org.hibernate.annotations.Nationalized; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.representations.idm.authorization.DecisionStrategy; import org.keycloak.representations.idm.authorization.Logic; diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAPolicyStore.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAPolicyStore.java index 85b31fd9249..35c65a51c4b 100644 --- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAPolicyStore.java +++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAPolicyStore.java @@ -38,7 +38,7 @@ import jakarta.persistence.criteria.Predicate; import jakarta.persistence.criteria.Root; import org.hibernate.Session; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.jpa.entities.PolicyEntity; import org.keycloak.authorization.model.Policy; diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/GroupAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/GroupAdapter.java index 680bb3ca8c5..0ed3b5f666e 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/GroupAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/GroupAdapter.java @@ -21,8 +21,8 @@ import jakarta.persistence.criteria.CriteriaBuilder; import jakarta.persistence.criteria.CriteriaQuery; import jakarta.persistence.criteria.Predicate; import jakarta.persistence.criteria.Root; -import org.keycloak.authorization.AdminPermissionsSchema; -import org.keycloak.authorization.policy.provider.PartialEvaluationStorageProvider; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.evaluation.partial.PartialEvaluationStorageProvider; import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.models.ClientModel; import org.keycloak.models.GroupModel; diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaClientProviderFactory.java b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaClientProviderFactory.java index f1542d9370e..db9a24e4328 100644 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaClientProviderFactory.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaClientProviderFactory.java @@ -18,7 +18,7 @@ package org.keycloak.models.jpa; import org.keycloak.Config; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.common.Profile; import org.keycloak.connections.jpa.JpaConnectionProvider; import org.keycloak.models.ClientProvider; diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaRealmProvider.java b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaRealmProvider.java index 481990a24db..2b767cf5225 100644 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaRealmProvider.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaRealmProvider.java @@ -43,7 +43,7 @@ import java.util.stream.Collectors; import java.util.stream.Stream; import org.hibernate.Session; import org.jboss.logging.Logger; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.client.clienttype.ClientTypeManager; import org.keycloak.common.Profile; import org.keycloak.common.util.Time; diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserPartialEvaluationProvider.java b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserPartialEvaluationProvider.java index c3fcf51a76b..334a3dc1057 100644 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserPartialEvaluationProvider.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserPartialEvaluationProvider.java @@ -17,8 +17,8 @@ package org.keycloak.models.jpa; -import static org.keycloak.authorization.AdminPermissionsSchema.GROUPS_RESOURCE_TYPE; -import static org.keycloak.authorization.AdminPermissionsSchema.USERS_RESOURCE_TYPE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.GROUPS_RESOURCE_TYPE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.USERS_RESOURCE_TYPE; import java.util.ArrayList; import java.util.List; @@ -34,10 +34,10 @@ import jakarta.persistence.criteria.Path; import jakarta.persistence.criteria.Predicate; import jakarta.persistence.criteria.Root; import jakarta.persistence.criteria.Subquery; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.jpa.entities.ResourceEntity; -import org.keycloak.authorization.policy.provider.PartialEvaluationContext; -import org.keycloak.authorization.policy.provider.PartialEvaluationStorageProvider; +import org.keycloak.authorization.fgap.evaluation.partial.PartialEvaluationContext; +import org.keycloak.authorization.fgap.evaluation.partial.PartialEvaluationStorageProvider; import org.keycloak.common.Profile; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java index 2ad3c26c3d9..3f900113628 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java @@ -18,7 +18,7 @@ package org.keycloak.models.jpa; import jakarta.persistence.criteria.Path; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.common.util.Time; import org.keycloak.component.ComponentModel; import org.keycloak.credential.CredentialModel; diff --git a/rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/AvailableRoleMappingResource.java b/rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/AvailableRoleMappingResource.java index 7d47e3188d7..fc126c69725 100644 --- a/rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/AvailableRoleMappingResource.java +++ b/rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/AvailableRoleMappingResource.java @@ -22,7 +22,7 @@ import org.eclipse.microprofile.openapi.annotations.media.Schema; import org.eclipse.microprofile.openapi.annotations.responses.APIResponse; import org.keycloak.admin.ui.rest.model.ClientRole; import org.keycloak.admin.ui.rest.model.RoleMapper; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.common.Profile; import org.keycloak.models.AdminRoles; import org.keycloak.models.ClientModel; @@ -35,12 +35,12 @@ import org.keycloak.models.UserModel; import org.keycloak.models.UserProvider; import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; -import static org.keycloak.authorization.AdminPermissionsSchema.MAP_ROLE; -import static org.keycloak.authorization.AdminPermissionsSchema.MAP_ROLE_CLIENT_SCOPE; -import static org.keycloak.authorization.AdminPermissionsSchema.MAP_ROLE_COMPOSITE; -import static org.keycloak.authorization.AdminPermissionsSchema.MAP_ROLES; -import static org.keycloak.authorization.AdminPermissionsSchema.MAP_ROLES_CLIENT_SCOPE; -import static org.keycloak.authorization.AdminPermissionsSchema.MAP_ROLES_COMPOSITE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.MAP_ROLE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.MAP_ROLE_CLIENT_SCOPE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.MAP_ROLE_COMPOSITE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.MAP_ROLES; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.MAP_ROLES_CLIENT_SCOPE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.MAP_ROLES_COMPOSITE; public class AvailableRoleMappingResource extends RoleMappingResource { public AvailableRoleMappingResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth) { diff --git a/rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/BruteForceUsersResource.java b/rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/BruteForceUsersResource.java index 9fcdcbd7ec9..65ee93ebb9b 100644 --- a/rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/BruteForceUsersResource.java +++ b/rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/BruteForceUsersResource.java @@ -17,7 +17,7 @@ import org.eclipse.microprofile.openapi.annotations.media.Schema; import org.eclipse.microprofile.openapi.annotations.responses.APIResponse; import org.jboss.logging.Logger; import org.keycloak.admin.ui.rest.model.BruteUser; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.common.util.Time; import org.keycloak.models.Constants; import org.keycloak.models.KeycloakSession; diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/AuthorizationProvider.java b/server-spi-private/src/main/java/org/keycloak/authorization/AuthorizationProvider.java index e5f538876e9..2632614e4bc 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/AuthorizationProvider.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/AuthorizationProvider.java @@ -26,6 +26,7 @@ import java.util.function.Consumer; import java.util.stream.Collectors; import java.util.stream.Stream; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.model.PermissionTicket; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Resource; diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/AdminPermissionsSchema.java b/server-spi-private/src/main/java/org/keycloak/authorization/fgap/AdminPermissionsSchema.java similarity index 98% rename from server-spi-private/src/main/java/org/keycloak/authorization/AdminPermissionsSchema.java rename to server-spi-private/src/main/java/org/keycloak/authorization/fgap/AdminPermissionsSchema.java index 030bdc85589..64234313525 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/AdminPermissionsSchema.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/fgap/AdminPermissionsSchema.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.keycloak.authorization; +package org.keycloak.authorization.fgap; import java.util.HashSet; import java.util.List; @@ -28,12 +28,15 @@ import jakarta.persistence.criteria.CriteriaBuilder; import jakarta.persistence.criteria.CriteriaQuery; import jakarta.persistence.criteria.Path; import jakarta.persistence.criteria.Predicate; +import org.keycloak.authorization.AuthorizationProvider; +import org.keycloak.authorization.fgap.evaluation.FGAPPolicyEvaluator; +import org.keycloak.authorization.fgap.evaluation.partial.PartialEvaluator; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.policy.evaluation.PolicyEvaluator; -import org.keycloak.authorization.policy.provider.PartialEvaluationStorageProvider; +import org.keycloak.authorization.fgap.evaluation.partial.PartialEvaluationStorageProvider; import org.keycloak.authorization.store.ResourceStore; import org.keycloak.authorization.store.ScopeStore; import org.keycloak.authorization.store.StoreFactory; diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/FGAPDecision.java b/server-spi-private/src/main/java/org/keycloak/authorization/fgap/evaluation/FGAPDecision.java similarity index 89% rename from server-spi-private/src/main/java/org/keycloak/authorization/FGAPDecision.java rename to server-spi-private/src/main/java/org/keycloak/authorization/fgap/evaluation/FGAPDecision.java index 8676b110790..cad93c0233f 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/FGAPDecision.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/fgap/evaluation/FGAPDecision.java @@ -15,23 +15,24 @@ * limitations under the License. */ -package org.keycloak.authorization; +package org.keycloak.authorization.fgap.evaluation; import java.util.HashMap; import java.util.Map; import java.util.Set; +import org.keycloak.authorization.Decision; import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.permission.ResourcePermission; import org.keycloak.authorization.policy.evaluation.Evaluation; -public class FGAPDecision implements Decision { +class FGAPDecision implements Decision { private final Decision decision; private final Map> scopesGrantedByResource = new HashMap<>(); - public FGAPDecision(Decision decision) { + FGAPDecision(Decision decision) { this.decision = decision; } diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/FGAPEvaluation.java b/server-spi-private/src/main/java/org/keycloak/authorization/fgap/evaluation/FGAPEvaluation.java similarity index 94% rename from server-spi-private/src/main/java/org/keycloak/authorization/FGAPEvaluation.java rename to server-spi-private/src/main/java/org/keycloak/authorization/fgap/evaluation/FGAPEvaluation.java index 5646cb005f8..f12507a6772 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/FGAPEvaluation.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/fgap/evaluation/FGAPEvaluation.java @@ -15,14 +15,15 @@ * limitations under the License. */ -package org.keycloak.authorization; +package org.keycloak.authorization.fgap.evaluation; -import static org.keycloak.authorization.AdminPermissionsSchema.SCHEMA; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.SCHEMA; import java.util.HashSet; import java.util.Map; import java.util.Set; +import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.Decision.Effect; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Resource; @@ -32,12 +33,12 @@ import org.keycloak.authorization.policy.evaluation.Evaluation; import org.keycloak.authorization.policy.evaluation.EvaluationContext; import org.keycloak.authorization.policy.evaluation.Realm; -public class FGAPEvaluation implements Evaluation { +class FGAPEvaluation implements Evaluation { private final Evaluation evaluation; private final Map> scopesGrantedByResource; - public FGAPEvaluation(Evaluation evaluation, Map> scopesGrantedByResource) { + FGAPEvaluation(Evaluation evaluation, Map> scopesGrantedByResource) { this.evaluation = evaluation; this.scopesGrantedByResource = scopesGrantedByResource; } diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/FGAPPolicyEvaluator.java b/server-spi-private/src/main/java/org/keycloak/authorization/fgap/evaluation/FGAPPolicyEvaluator.java similarity index 88% rename from server-spi-private/src/main/java/org/keycloak/authorization/FGAPPolicyEvaluator.java rename to server-spi-private/src/main/java/org/keycloak/authorization/fgap/evaluation/FGAPPolicyEvaluator.java index 7132c7abe64..769a2ccfbd7 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/FGAPPolicyEvaluator.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/fgap/evaluation/FGAPPolicyEvaluator.java @@ -16,14 +16,18 @@ * limitations under the License. */ -package org.keycloak.authorization; +package org.keycloak.authorization.fgap.evaluation; -import static org.keycloak.authorization.AdminPermissionsSchema.USERS_RESOURCE_TYPE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.USERS_RESOURCE_TYPE; import java.util.Map; import java.util.function.Consumer; +import org.keycloak.authorization.AuthorizationProvider; +import org.keycloak.authorization.Decision; import org.keycloak.authorization.Decision.Effect; +import org.keycloak.authorization.fgap.evaluation.partial.ResourceTypePolicyEvaluator; +import org.keycloak.authorization.fgap.evaluation.partial.UserResourceTypePolicyEvaluator; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.ResourceServer; @@ -38,7 +42,7 @@ import org.keycloak.authorization.store.StoreFactory; /** * A {@link PolicyEvaluator} specific for evaluating permisions in the context of the {@link org.keycloak.common.Profile.Feature#ADMIN_FINE_GRAINED_AUTHZ_V2} feature. */ -public class FGAPPolicyEvaluator extends DefaultPolicyEvaluator { +public final class FGAPPolicyEvaluator extends DefaultPolicyEvaluator { private final Map resourceTypePolicyEvaluators = Map.of(USERS_RESOURCE_TYPE, new UserResourceTypePolicyEvaluator()); diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/policy/provider/PartialEvaluationContext.java b/server-spi-private/src/main/java/org/keycloak/authorization/fgap/evaluation/partial/PartialEvaluationContext.java similarity index 97% rename from server-spi-private/src/main/java/org/keycloak/authorization/policy/provider/PartialEvaluationContext.java rename to server-spi-private/src/main/java/org/keycloak/authorization/fgap/evaluation/partial/PartialEvaluationContext.java index 24c8071bd29..fdc92f355f7 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/policy/provider/PartialEvaluationContext.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/fgap/evaluation/partial/PartialEvaluationContext.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.keycloak.authorization.policy.provider; +package org.keycloak.authorization.fgap.evaluation.partial; import static java.util.function.Predicate.not; @@ -31,7 +31,7 @@ import org.keycloak.representations.idm.authorization.ResourceType; * An {@link PartialEvaluationContext} instance provides access to contextual information when building a query for realm * resources of a given {@link ResourceType}. */ -public class PartialEvaluationContext { +public final class PartialEvaluationContext { private final ResourceType resourceType; private CriteriaQuery criteriaQuery; diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/policy/provider/PartialEvaluationPolicyProvider.java b/server-spi-private/src/main/java/org/keycloak/authorization/fgap/evaluation/partial/PartialEvaluationPolicyProvider.java similarity index 95% rename from server-spi-private/src/main/java/org/keycloak/authorization/policy/provider/PartialEvaluationPolicyProvider.java rename to server-spi-private/src/main/java/org/keycloak/authorization/fgap/evaluation/partial/PartialEvaluationPolicyProvider.java index 720dbb316e0..b77ec7689a3 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/policy/provider/PartialEvaluationPolicyProvider.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/fgap/evaluation/partial/PartialEvaluationPolicyProvider.java @@ -16,11 +16,12 @@ * limitations under the License. */ -package org.keycloak.authorization.policy.provider; +package org.keycloak.authorization.fgap.evaluation.partial; import java.util.stream.Stream; import org.keycloak.authorization.model.Policy; +import org.keycloak.authorization.policy.provider.PolicyProvider; import org.keycloak.models.KeycloakSession; import org.keycloak.models.UserModel; import org.keycloak.representations.idm.authorization.ResourceType; diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/policy/provider/PartialEvaluationStorageProvider.java b/server-spi-private/src/main/java/org/keycloak/authorization/fgap/evaluation/partial/PartialEvaluationStorageProvider.java similarity index 97% rename from server-spi-private/src/main/java/org/keycloak/authorization/policy/provider/PartialEvaluationStorageProvider.java rename to server-spi-private/src/main/java/org/keycloak/authorization/fgap/evaluation/partial/PartialEvaluationStorageProvider.java index 996e26bb138..a2ef2a308de 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/policy/provider/PartialEvaluationStorageProvider.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/fgap/evaluation/partial/PartialEvaluationStorageProvider.java @@ -16,7 +16,7 @@ * limitations under the License. */ -package org.keycloak.authorization.policy.provider; +package org.keycloak.authorization.fgap.evaluation.partial; import java.util.List; diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/PartialEvaluator.java b/server-spi-private/src/main/java/org/keycloak/authorization/fgap/evaluation/partial/PartialEvaluator.java similarity index 96% rename from server-spi-private/src/main/java/org/keycloak/authorization/PartialEvaluator.java rename to server-spi-private/src/main/java/org/keycloak/authorization/fgap/evaluation/partial/PartialEvaluator.java index 7e58fc170ca..aab1eac95ef 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/PartialEvaluator.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/fgap/evaluation/partial/PartialEvaluator.java @@ -15,9 +15,9 @@ * limitations under the License. */ -package org.keycloak.authorization; +package org.keycloak.authorization.fgap.evaluation.partial; -import static org.keycloak.authorization.AdminPermissionsSchema.isSkipEvaluation; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.isSkipEvaluation; import java.util.ArrayList; import java.util.HashMap; @@ -31,10 +31,8 @@ import jakarta.persistence.criteria.CriteriaQuery; import jakarta.persistence.criteria.Path; import jakarta.persistence.criteria.Predicate; import org.keycloak.Config; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.model.Policy; -import org.keycloak.authorization.policy.provider.PartialEvaluationContext; -import org.keycloak.authorization.policy.provider.PartialEvaluationPolicyProvider; -import org.keycloak.authorization.policy.provider.PartialEvaluationStorageProvider; import org.keycloak.authorization.policy.provider.PolicyProvider; import org.keycloak.common.Profile; import org.keycloak.models.AdminRoles; @@ -47,7 +45,7 @@ import org.keycloak.models.UserModel; import org.keycloak.representations.idm.authorization.Logic; import org.keycloak.representations.idm.authorization.ResourceType; -public class PartialEvaluator { +public final class PartialEvaluator { private static final String NO_ID = "none"; private static final String ID_FIELD = "id"; diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/ResourceTypePolicyEvaluator.java b/server-spi-private/src/main/java/org/keycloak/authorization/fgap/evaluation/partial/ResourceTypePolicyEvaluator.java similarity index 92% rename from server-spi-private/src/main/java/org/keycloak/authorization/ResourceTypePolicyEvaluator.java rename to server-spi-private/src/main/java/org/keycloak/authorization/fgap/evaluation/partial/ResourceTypePolicyEvaluator.java index 29542f8ea50..38681454f05 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/ResourceTypePolicyEvaluator.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/fgap/evaluation/partial/ResourceTypePolicyEvaluator.java @@ -15,10 +15,11 @@ * limitations under the License. */ -package org.keycloak.authorization; +package org.keycloak.authorization.fgap.evaluation.partial; import java.util.function.Consumer; +import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.permission.ResourcePermission; diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/UserResourceTypePolicyEvaluator.java b/server-spi-private/src/main/java/org/keycloak/authorization/fgap/evaluation/partial/UserResourceTypePolicyEvaluator.java similarity index 92% rename from server-spi-private/src/main/java/org/keycloak/authorization/UserResourceTypePolicyEvaluator.java rename to server-spi-private/src/main/java/org/keycloak/authorization/fgap/evaluation/partial/UserResourceTypePolicyEvaluator.java index f2ee4f5b48d..04368d33bba 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/UserResourceTypePolicyEvaluator.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/fgap/evaluation/partial/UserResourceTypePolicyEvaluator.java @@ -16,15 +16,17 @@ * limitations under the License. */ -package org.keycloak.authorization; +package org.keycloak.authorization.fgap.evaluation.partial; -import static org.keycloak.authorization.AdminPermissionsSchema.GROUPS_RESOURCE_TYPE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.GROUPS_RESOURCE_TYPE; import java.util.HashSet; import java.util.Set; import java.util.function.Consumer; import java.util.stream.Stream; +import org.keycloak.authorization.AuthorizationProvider; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.ResourceServer; @@ -37,7 +39,7 @@ import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; -public class UserResourceTypePolicyEvaluator implements ResourceTypePolicyEvaluator { +public final class UserResourceTypePolicyEvaluator implements ResourceTypePolicyEvaluator { @Override public void evaluate(ResourcePermission permission, AuthorizationProvider authorization, Consumer policyConsumer) { diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java index 7a67a702312..272866e83eb 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/ClientApplicationSynchronizer.java @@ -22,7 +22,7 @@ import java.util.List; import java.util.Map; import java.util.Set; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.ResourceServer; diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/GroupSynchronizer.java b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/GroupSynchronizer.java index 6e6a562584b..1e6ff68ec52 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/GroupSynchronizer.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/GroupSynchronizer.java @@ -1,6 +1,6 @@ package org.keycloak.authorization.store.syncronization; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.models.GroupModel.GroupRemovedEvent; import org.keycloak.models.KeycloakSessionFactory; diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/RoleSynchronizer.java b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/RoleSynchronizer.java index e3d382843ff..6d7828ed3ef 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/RoleSynchronizer.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/RoleSynchronizer.java @@ -1,6 +1,6 @@ package org.keycloak.authorization.store.syncronization; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.models.RoleContainerModel.RoleRemovedEvent; diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/UserSynchronizer.java b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/UserSynchronizer.java index 3759bd3fdf6..8d812ed1c4c 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/UserSynchronizer.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/store/syncronization/UserSynchronizer.java @@ -20,7 +20,7 @@ package org.keycloak.authorization.store.syncronization; import java.util.EnumMap; import java.util.Map; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.model.PermissionTicket; import org.keycloak.authorization.store.PermissionTicketStore; diff --git a/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java b/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java index cc9ee4f14d1..d90ff272dcf 100755 --- a/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java +++ b/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java @@ -24,7 +24,7 @@ import static org.keycloak.models.utils.StripSecretsUtils.stripSecrets; import org.jboss.logging.Logger; import org.keycloak.Config; import org.keycloak.authentication.otp.OTPApplicationProvider; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.AuthorizationProviderFactory; import org.keycloak.authorization.model.PermissionTicket; diff --git a/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java b/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java index 61f49c5f02c..3dc0a6efa1c 100755 --- a/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java +++ b/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java @@ -38,7 +38,7 @@ import java.util.stream.Stream; import org.jboss.logging.Logger; import org.keycloak.Config; import org.keycloak.OAuth2Constants; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.AuthorizationProviderFactory; import org.keycloak.authorization.model.PermissionTicket; diff --git a/services/src/main/java/org/keycloak/authorization/admin/PolicyEvaluationService.java b/services/src/main/java/org/keycloak/authorization/admin/PolicyEvaluationService.java index 351e927a0fc..9c4390d2b01 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/PolicyEvaluationService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/PolicyEvaluationService.java @@ -46,7 +46,7 @@ import org.eclipse.microprofile.openapi.annotations.responses.APIResponse; import org.eclipse.microprofile.openapi.annotations.responses.APIResponses; import org.jboss.logging.Logger; import org.keycloak.OAuthErrorException; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.admin.representation.PolicyEvaluationResponseBuilder; import org.keycloak.authorization.attribute.Attributes; diff --git a/services/src/main/java/org/keycloak/authorization/admin/PolicyResourceService.java b/services/src/main/java/org/keycloak/authorization/admin/PolicyResourceService.java index 105bd541298..7cff8c6beb5 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/PolicyResourceService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/PolicyResourceService.java @@ -31,7 +31,7 @@ import jakarta.ws.rs.core.Response; import jakarta.ws.rs.core.Response.Status; import org.jboss.resteasy.reactive.NoCache; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.ResourceServer; diff --git a/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java b/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java index d53f3100c01..1be1cc3abe5 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java @@ -43,7 +43,7 @@ import org.eclipse.microprofile.openapi.annotations.media.Schema; import org.eclipse.microprofile.openapi.annotations.responses.APIResponse; import org.eclipse.microprofile.openapi.annotations.responses.APIResponses; import org.jboss.resteasy.reactive.NoCache; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Resource; diff --git a/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java b/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java index 9017c76359b..d921752e6ec 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java @@ -34,7 +34,7 @@ import jakarta.ws.rs.core.UriInfo; import org.eclipse.microprofile.openapi.annotations.extensions.Extension; import org.eclipse.microprofile.openapi.annotations.responses.APIResponse; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.model.ResourceServer; import org.keycloak.events.admin.OperationType; diff --git a/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java b/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java index b9aad6df7fd..c6f9115c887 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java @@ -53,7 +53,7 @@ import org.eclipse.microprofile.openapi.annotations.responses.APIResponse; import org.eclipse.microprofile.openapi.annotations.responses.APIResponses; import org.jboss.resteasy.reactive.NoCache; import org.keycloak.OAuthErrorException; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Resource; diff --git a/services/src/main/java/org/keycloak/authorization/admin/ScopeService.java b/services/src/main/java/org/keycloak/authorization/admin/ScopeService.java index 266ba02be42..07523d231ce 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/ScopeService.java +++ b/services/src/main/java/org/keycloak/authorization/admin/ScopeService.java @@ -23,7 +23,7 @@ import org.eclipse.microprofile.openapi.annotations.media.Schema; import org.eclipse.microprofile.openapi.annotations.responses.APIResponse; import org.eclipse.microprofile.openapi.annotations.responses.APIResponses; import org.jboss.resteasy.reactive.NoCache; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Resource; diff --git a/services/src/main/java/org/keycloak/authorization/admin/representation/FGAPPolicyEvaluationResponseBuilder.java b/services/src/main/java/org/keycloak/authorization/admin/representation/FGAPPolicyEvaluationResponseBuilder.java index 8ff2ac5b595..2d45abe5677 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/representation/FGAPPolicyEvaluationResponseBuilder.java +++ b/services/src/main/java/org/keycloak/authorization/admin/representation/FGAPPolicyEvaluationResponseBuilder.java @@ -24,7 +24,7 @@ import java.util.function.Function; import java.util.stream.Collectors; import java.util.stream.Stream; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.Decision.Effect; import org.keycloak.authorization.admin.PolicyEvaluationService.EvaluationDecisionCollector; diff --git a/services/src/main/java/org/keycloak/authorization/admin/representation/PolicyEvaluationResponseBuilder.java b/services/src/main/java/org/keycloak/authorization/admin/representation/PolicyEvaluationResponseBuilder.java index f7311826d34..15ed662fdb8 100644 --- a/services/src/main/java/org/keycloak/authorization/admin/representation/PolicyEvaluationResponseBuilder.java +++ b/services/src/main/java/org/keycloak/authorization/admin/representation/PolicyEvaluationResponseBuilder.java @@ -16,7 +16,7 @@ */ package org.keycloak.authorization.admin.representation; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.Decision; import org.keycloak.authorization.admin.PolicyEvaluationService.EvaluationDecisionCollector; diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java index 8b69bd8198d..70826f28adc 100755 --- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java +++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java @@ -19,7 +19,7 @@ package org.keycloak.services.managers; import jakarta.ws.rs.ClientErrorException; import jakarta.ws.rs.core.Response; import org.keycloak.Config; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.common.Profile; import org.keycloak.common.enums.SslRequired; import org.keycloak.common.util.Encode; diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java index 0802187dbc0..bcead7c690e 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java @@ -24,7 +24,7 @@ import org.eclipse.microprofile.openapi.annotations.tags.Tag; import org.jboss.logging.Logger; import org.jboss.resteasy.reactive.NoCache; import org.keycloak.OAuthErrorException; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.admin.AuthorizationService; import org.keycloak.client.clienttype.ClientTypeException; import org.keycloak.common.ClientConnection; diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java index 57b2460d65b..72fa324d3ec 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java @@ -23,7 +23,7 @@ import org.eclipse.microprofile.openapi.annotations.responses.APIResponse; import org.eclipse.microprofile.openapi.annotations.tags.Tag; import org.jboss.logging.Logger; import org.jboss.resteasy.reactive.NoCache; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.admin.AuthorizationService; import org.keycloak.client.clienttype.ClientTypeException; import org.keycloak.common.Profile; diff --git a/services/src/main/java/org/keycloak/services/resources/admin/GroupResource.java b/services/src/main/java/org/keycloak/services/resources/admin/GroupResource.java index a6885db3b9e..ade1a522ff9 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/GroupResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/GroupResource.java @@ -21,7 +21,7 @@ import org.eclipse.microprofile.openapi.annotations.extensions.Extension; import org.eclipse.microprofile.openapi.annotations.parameters.Parameter; import org.eclipse.microprofile.openapi.annotations.tags.Tag; import org.jboss.resteasy.reactive.NoCache; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.common.Profile; import org.keycloak.common.util.ObjectUtil; import org.keycloak.events.admin.OperationType; diff --git a/services/src/main/java/org/keycloak/services/resources/admin/GroupsResource.java b/services/src/main/java/org/keycloak/services/resources/admin/GroupsResource.java index 1e9785b804b..e9262bb989e 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/GroupsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/GroupsResource.java @@ -40,7 +40,7 @@ import org.eclipse.microprofile.openapi.annotations.responses.APIResponse; import org.eclipse.microprofile.openapi.annotations.responses.APIResponses; import org.eclipse.microprofile.openapi.annotations.tags.Tag; import org.jboss.resteasy.reactive.NoCache; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.common.util.ObjectUtil; import org.keycloak.events.admin.OperationType; import org.keycloak.events.admin.ResourceType; diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java index deacaed42b5..e6af6b34c03 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java @@ -28,7 +28,7 @@ import org.eclipse.microprofile.openapi.annotations.responses.APIResponses; import org.eclipse.microprofile.openapi.annotations.tags.Tag; import org.jboss.logging.Logger; import org.jboss.resteasy.reactive.NoCache; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.common.ClientConnection; import org.keycloak.common.Profile; import org.keycloak.events.admin.OperationType; diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/AdminPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/AdminPermissions.java index 3f235480d72..c3695b20415 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/AdminPermissions.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/AdminPermissions.java @@ -16,7 +16,7 @@ */ package org.keycloak.services.resources.admin.permissions; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.common.Profile; import org.keycloak.models.ClientModel; import org.keycloak.models.GroupModel; diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissionEvaluator.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissionEvaluator.java index 826eb5302b8..8fcf6a1406b 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissionEvaluator.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissionEvaluator.java @@ -16,6 +16,7 @@ */ package org.keycloak.services.resources.admin.permissions; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.models.AdminRoles; import org.keycloak.models.ClientModel; import org.keycloak.models.ClientScopeModel; @@ -40,7 +41,7 @@ public interface ClientPermissionEvaluator { /** * Returns {@code true} if the caller has {@link org.keycloak.models.AdminRoles#MANAGE_CLIENTS} role. *

- * For V2 only: Also if it has permission to {@link org.keycloak.authorization.AdminPermissionsSchema#MANAGE}. + * For V2 only: Also if it has permission to {@link AdminPermissionsSchema#MANAGE}. */ boolean canManage(); @@ -52,7 +53,7 @@ public interface ClientPermissionEvaluator { /** * Returns {@code true} if the caller has {@link org.keycloak.models.AdminRoles#MANAGE_CLIENTS} role. *

- * For V2 only: Also if it has permission to {@link org.keycloak.authorization.AdminPermissionsSchema#MANAGE}. + * For V2 only: Also if it has permission to {@link AdminPermissionsSchema#MANAGE}. */ boolean canManageClientScopes(); @@ -64,7 +65,7 @@ public interface ClientPermissionEvaluator { /** * Returns {@code true} if the caller has at least one of the {@link org.keycloak.models.AdminRoles#MANAGE_CLIENTS} or {@link org.keycloak.models.AdminRoles#VIEW_CLIENTS} roles. *

- * For V2 only: Also if it has permission to {@link org.keycloak.authorization.AdminPermissionsSchema#VIEW}. + * For V2 only: Also if it has permission to {@link AdminPermissionsSchema#VIEW}. */ boolean canView(); @@ -109,7 +110,7 @@ public interface ClientPermissionEvaluator { *

* Or if the caller has a permission to {@link AdminPermissionManagement#MANAGE_SCOPE} the client. *

- * For V2 only: Also if the caller has a permission to {@link org.keycloak.authorization.AdminPermissionsSchema#MANAGE} all clients. + * For V2 only: Also if the caller has a permission to {@link AdminPermissionsSchema#MANAGE} all clients. */ boolean canManage(ClientModel client); @@ -139,7 +140,7 @@ public interface ClientPermissionEvaluator { *

* Or if the caller has a permission to {@link AdminPermissionManagement#VIEW_SCOPE} the client. *

- * For V2 only: Also if the caller has a permission to {@link org.keycloak.authorization.AdminPermissionsSchema#VIEW} all clients. + * For V2 only: Also if the caller has a permission to {@link AdminPermissionsSchema#VIEW} all clients. */ boolean canView(ClientModel client); @@ -151,7 +152,7 @@ public interface ClientPermissionEvaluator { /** * Returns {@code true} if the caller has {@link org.keycloak.models.AdminRoles#MANAGE_CLIENTS} role. *

- * For V2 only: Also if it has permission to {@link org.keycloak.authorization.AdminPermissionsSchema#MANAGE}. + * For V2 only: Also if it has permission to {@link AdminPermissionsSchema#MANAGE}. */ boolean canManage(ClientScopeModel clientScope); @@ -163,7 +164,7 @@ public interface ClientPermissionEvaluator { /** * Returns {@code true} if the caller has at least one of the {@link org.keycloak.models.AdminRoles#VIEW_CLIENTS} or {@link org.keycloak.models.AdminRoles#MANAGE_CLIENTS} roles. *

- * For V2 only: Also if it has permission to {@link org.keycloak.authorization.AdminPermissionsSchema#VIEW}. + * For V2 only: Also if it has permission to {@link AdminPermissionsSchema#VIEW}. */ boolean canView(ClientScopeModel clientScope); @@ -175,21 +176,21 @@ public interface ClientPermissionEvaluator { /** * Returns {@code true} if the caller has a permission to {@link ClientPermissionManagement#MAP_ROLES_SCOPE} for the client. *

- * For V2 only: Also if the caller has a permission to {@link org.keycloak.authorization.AdminPermissionsSchema#MAP_ROLES} for all clients. + * For V2 only: Also if the caller has a permission to {@link AdminPermissionsSchema#MAP_ROLES} for all clients. */ boolean canMapRoles(ClientModel client); /** * Returns {@code true} if the caller has a permission to {@link ClientPermissionManagement#MAP_ROLES_COMPOSITE_SCOPE} for the client. *

- * For V2 only: Also if the caller has a permission to {@link org.keycloak.authorization.AdminPermissionsSchema#MAP_ROLES_COMPOSITE} for all clients. + * For V2 only: Also if the caller has a permission to {@link AdminPermissionsSchema#MAP_ROLES_COMPOSITE} for all clients. */ boolean canMapCompositeRoles(ClientModel client); /** * Returns {@code true} if the caller has a permission to {@link ClientPermissionManagement#MAP_ROLES_CLIENT_SCOPE} for the client. *

- * For V2 only: Also if the caller has a permission to {@link org.keycloak.authorization.AdminPermissionsSchema#MAP_ROLES_CLIENT_SCOPE} for all clients. + * For V2 only: Also if the caller has a permission to {@link AdminPermissionsSchema#MAP_ROLES_CLIENT_SCOPE} for all clients. */ boolean canMapClientScopeRoles(ClientModel client); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissions.java index 4ee82b58b53..2822b18a79e 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissions.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissions.java @@ -17,7 +17,7 @@ package org.keycloak.services.resources.admin.permissions; import org.jboss.logging.Logger; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.common.ClientModelIdentity; import org.keycloak.authorization.common.DefaultEvaluationContext; @@ -49,7 +49,7 @@ import java.util.Set; import jakarta.ws.rs.ForbiddenException; -import static org.keycloak.authorization.AdminPermissionsSchema.CLIENTS_RESOURCE_TYPE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.CLIENTS_RESOURCE_TYPE; import static org.keycloak.services.resources.admin.permissions.AdminPermissionManagement.TOKEN_EXCHANGE; /** diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissionsV2.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissionsV2.java index a95e4ce7846..326691206be 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissionsV2.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissionsV2.java @@ -16,9 +16,9 @@ */ package org.keycloak.services.resources.admin.permissions; -import static org.keycloak.authorization.AdminPermissionsSchema.CLIENTS_RESOURCE_TYPE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.CLIENTS_RESOURCE_TYPE; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Resource; diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/FineGrainedAdminPermissionEvaluator.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/FineGrainedAdminPermissionEvaluator.java index 80ccd04f711..547dc19f87f 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/FineGrainedAdminPermissionEvaluator.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/FineGrainedAdminPermissionEvaluator.java @@ -23,7 +23,7 @@ import java.util.Set; import java.util.function.Function; import java.util.stream.Collectors; import java.util.stream.Stream; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.ResourceServer; diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissionEvaluator.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissionEvaluator.java index e59ac9a0ff5..7daa520f61f 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissionEvaluator.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissionEvaluator.java @@ -16,7 +16,7 @@ */ package org.keycloak.services.resources.admin.permissions; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.models.AdminRoles; import org.keycloak.models.GroupModel; diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissionsV2.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissionsV2.java index 26854034024..c659f726236 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissionsV2.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissionsV2.java @@ -19,7 +19,7 @@ package org.keycloak.services.resources.admin.permissions; import java.util.Map; import java.util.Set; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Resource; diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/ModelRecord.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/ModelRecord.java index dd159012150..820408fd65c 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/ModelRecord.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/ModelRecord.java @@ -16,7 +16,7 @@ */ package org.keycloak.services.resources.admin.permissions; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.models.ClientModel; import org.keycloak.models.GroupModel; import org.keycloak.models.RoleModel; diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/RolePermissionsV2.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/RolePermissionsV2.java index 72cf44619db..29032ea824a 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/RolePermissionsV2.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/RolePermissionsV2.java @@ -17,7 +17,7 @@ package org.keycloak.services.resources.admin.permissions; -import static org.keycloak.authorization.AdminPermissionsSchema.ROLES_RESOURCE_TYPE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.ROLES_RESOURCE_TYPE; import static org.keycloak.models.utils.KeycloakModelUtils.getMasterRealmAdminManagementClientId; import static org.keycloak.services.managers.RealmManager.isAdministrationRealm; @@ -25,14 +25,13 @@ import java.util.Map; import java.util.Set; import org.jboss.logging.Logger; import org.keycloak.Config; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.model.Policy; import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.ResourceServer; import org.keycloak.models.AdminRoles; import org.keycloak.models.ClientModel; -import org.keycloak.models.ImpersonationConstants; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.RoleContainerModel; diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissionEvaluator.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissionEvaluator.java index c0fd08cc86d..c4b543b8962 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissionEvaluator.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissionEvaluator.java @@ -16,7 +16,7 @@ */ package org.keycloak.services.resources.admin.permissions; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.models.AdminRoles; import org.keycloak.models.ClientModel; import org.keycloak.models.ImpersonationConstants; diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissionsV2.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissionsV2.java index cd2061b573e..33cd40a6567 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissionsV2.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissionsV2.java @@ -20,7 +20,7 @@ import java.util.List; import java.util.Map; import jakarta.ws.rs.ForbiddenException; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.common.DefaultEvaluationContext; import org.keycloak.authorization.identity.UserModelIdentity; diff --git a/services/src/main/java/org/keycloak/utils/GroupUtils.java b/services/src/main/java/org/keycloak/utils/GroupUtils.java index df631400f33..eb47d96e48f 100644 --- a/services/src/main/java/org/keycloak/utils/GroupUtils.java +++ b/services/src/main/java/org/keycloak/utils/GroupUtils.java @@ -5,7 +5,7 @@ import java.util.Map; import java.util.Optional; import java.util.stream.Stream; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.models.GroupModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/AbstractPermissionTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/AbstractPermissionTest.java index 15514750706..0731d9a010e 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/AbstractPermissionTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/AbstractPermissionTest.java @@ -31,7 +31,7 @@ import java.util.stream.Collectors; import org.keycloak.admin.client.resource.PermissionsResource; import org.keycloak.admin.client.resource.PoliciesResource; import org.keycloak.admin.client.resource.ScopePermissionsResource; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.models.Constants; import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.representations.idm.GroupRepresentation; diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypeEvaluationTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypeEvaluationTest.java index b05ce7ec96f..e5fa452ab07 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypeEvaluationTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypeEvaluationTest.java @@ -23,11 +23,11 @@ import static org.hamcrest.Matchers.empty; import static org.hamcrest.Matchers.hasSize; import static org.hamcrest.Matchers.instanceOf; import static org.junit.Assert.fail; -import static org.keycloak.authorization.AdminPermissionsSchema.CLIENTS; -import static org.keycloak.authorization.AdminPermissionsSchema.MANAGE; -import static org.keycloak.authorization.AdminPermissionsSchema.MAP_ROLES; -import static org.keycloak.authorization.AdminPermissionsSchema.MAP_ROLES_COMPOSITE; -import static org.keycloak.authorization.AdminPermissionsSchema.VIEW; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.CLIENTS; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.MANAGE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.MAP_ROLES; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.MAP_ROLES_COMPOSITE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.VIEW; import java.util.List; import java.util.Set; @@ -45,7 +45,7 @@ import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.ClientsResource; import org.keycloak.admin.client.resource.ScopePermissionsResource; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.ClientScopeRepresentation; diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypeFilteringTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypeFilteringTest.java index 4a11ffeeec3..9236dd711a5 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypeFilteringTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypeFilteringTest.java @@ -20,8 +20,8 @@ package org.keycloak.tests.admin.authz.fgap; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.keycloak.authorization.AdminPermissionsSchema.CLIENTS_RESOURCE_TYPE; -import static org.keycloak.authorization.AdminPermissionsSchema.VIEW; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.CLIENTS_RESOURCE_TYPE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.VIEW; import java.util.List; import java.util.Map; diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypePermissionTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypePermissionTest.java index 1bfb93fb539..f47b2d792b8 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypePermissionTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypePermissionTest.java @@ -18,7 +18,7 @@ import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.keycloak.admin.client.resource.ScopePermissionResource; import org.keycloak.admin.client.resource.ScopePermissionsResource; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.authorization.ClientPolicyRepresentation; diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/FineGrainedPermissionsUsersTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/FineGrainedPermissionsUsersTest.java index b1c24a61823..75f4406d5cf 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/FineGrainedPermissionsUsersTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/FineGrainedPermissionsUsersTest.java @@ -4,7 +4,7 @@ import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.hasSize; -import static org.keycloak.authorization.AdminPermissionsSchema.VIEW; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.VIEW; import org.junit.jupiter.api.Test; import org.keycloak.admin.client.Keycloak; @@ -16,9 +16,7 @@ import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.authorization.UserPolicyRepresentation; import org.keycloak.testframework.annotations.InjectKeycloakUrls; -import org.keycloak.testframework.annotations.InjectUser; import org.keycloak.testframework.annotations.KeycloakIntegrationTest; -import org.keycloak.testframework.realm.ManagedUser; import org.keycloak.testframework.realm.UserConfigBuilder; import org.keycloak.testframework.server.KeycloakUrls; import org.keycloak.testframework.util.ApiUtil; diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypeEvaluationTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypeEvaluationTest.java index 2209b3323dd..084fa1869f5 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypeEvaluationTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypeEvaluationTest.java @@ -24,16 +24,16 @@ import static org.hamcrest.Matchers.instanceOf; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertTrue; import static org.junit.jupiter.api.Assertions.fail; -import static org.keycloak.authorization.AdminPermissionsSchema.GROUPS_RESOURCE_TYPE; -import static org.keycloak.authorization.AdminPermissionsSchema.IMPERSONATE; -import static org.keycloak.authorization.AdminPermissionsSchema.IMPERSONATE_MEMBERS; -import static org.keycloak.authorization.AdminPermissionsSchema.MANAGE; -import static org.keycloak.authorization.AdminPermissionsSchema.MANAGE_GROUP_MEMBERSHIP; -import static org.keycloak.authorization.AdminPermissionsSchema.MANAGE_MEMBERS; -import static org.keycloak.authorization.AdminPermissionsSchema.MANAGE_MEMBERSHIP; -import static org.keycloak.authorization.AdminPermissionsSchema.USERS_RESOURCE_TYPE; -import static org.keycloak.authorization.AdminPermissionsSchema.VIEW; -import static org.keycloak.authorization.AdminPermissionsSchema.VIEW_MEMBERS; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.GROUPS_RESOURCE_TYPE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.IMPERSONATE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.IMPERSONATE_MEMBERS; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.MANAGE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.MANAGE_GROUP_MEMBERSHIP; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.MANAGE_MEMBERS; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.MANAGE_MEMBERSHIP; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.USERS_RESOURCE_TYPE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.VIEW; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.VIEW_MEMBERS; import jakarta.ws.rs.ForbiddenException; import jakarta.ws.rs.NotFoundException; @@ -47,7 +47,7 @@ import org.junit.jupiter.api.Test; import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.resource.GroupsResource; import org.keycloak.admin.client.resource.ScopePermissionsResource; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.representations.idm.GroupRepresentation; import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.UserRepresentation; diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypeFilteringTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypeFilteringTest.java index 127cfeaba30..84c7004f412 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypeFilteringTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypeFilteringTest.java @@ -21,9 +21,9 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.keycloak.authorization.AdminPermissionsSchema.GROUPS_RESOURCE_TYPE; -import static org.keycloak.authorization.AdminPermissionsSchema.USERS_RESOURCE_TYPE; -import static org.keycloak.authorization.AdminPermissionsSchema.VIEW; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.GROUPS_RESOURCE_TYPE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.USERS_RESOURCE_TYPE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.VIEW; import java.util.List; import java.util.Set; diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypePermissionTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypePermissionTest.java index 00390f7fb96..97e99fcaffd 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypePermissionTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypePermissionTest.java @@ -22,7 +22,7 @@ import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.keycloak.admin.client.resource.ScopePermissionResource; import org.keycloak.admin.client.resource.ScopePermissionsResource; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.representations.idm.GroupRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.authorization.GroupPolicyRepresentation; diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/PermissionRESTTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/PermissionRESTTest.java index f54f723ec00..0c2bc6df359 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/PermissionRESTTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/PermissionRESTTest.java @@ -27,7 +27,7 @@ import static org.hamcrest.Matchers.notNullValue; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.fail; import org.junit.jupiter.api.Test; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.authorization.DecisionStrategy; import org.keycloak.representations.idm.authorization.PolicyEnforcementMode; diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/RoleResourceTypeEvaluationTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/RoleResourceTypeEvaluationTest.java index 50a92809440..f390d6bce1f 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/RoleResourceTypeEvaluationTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/RoleResourceTypeEvaluationTest.java @@ -24,7 +24,7 @@ import org.junit.jupiter.api.Test; import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.resource.ClientScopeResource; import org.keycloak.admin.client.resource.ScopePermissionsResource; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.ClientScopeRepresentation; import org.keycloak.representations.idm.RoleRepresentation; @@ -43,11 +43,11 @@ import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.instanceOf; import static org.hamcrest.Matchers.not; import static org.junit.Assert.fail; -import static org.keycloak.authorization.AdminPermissionsSchema.MAP_ROLE; -import static org.keycloak.authorization.AdminPermissionsSchema.MAP_ROLES; -import static org.keycloak.authorization.AdminPermissionsSchema.MAP_ROLE_CLIENT_SCOPE; -import static org.keycloak.authorization.AdminPermissionsSchema.MAP_ROLE_COMPOSITE; -import static org.keycloak.authorization.AdminPermissionsSchema.VIEW; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.MAP_ROLE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.MAP_ROLES; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.MAP_ROLE_CLIENT_SCOPE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.MAP_ROLE_COMPOSITE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.VIEW; @KeycloakIntegrationTest public class RoleResourceTypeEvaluationTest extends AbstractPermissionTest { diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/RoleResourceTypePermissionTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/RoleResourceTypePermissionTest.java index d98f0d9d28b..601416d8024 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/RoleResourceTypePermissionTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/RoleResourceTypePermissionTest.java @@ -21,7 +21,7 @@ import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.keycloak.admin.client.resource.ScopePermissionResource; import org.keycloak.admin.client.resource.ScopePermissionsResource; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.authorization.Logic; diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeEvaluationSpecTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeEvaluationSpecTest.java index ea8976aa027..71cd3e6259a 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeEvaluationSpecTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeEvaluationSpecTest.java @@ -21,12 +21,12 @@ import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.containsInAnyOrder; import static org.hamcrest.Matchers.is; import static org.junit.jupiter.api.Assertions.fail; -import static org.keycloak.authorization.AdminPermissionsSchema.GROUPS_RESOURCE_TYPE; -import static org.keycloak.authorization.AdminPermissionsSchema.MANAGE; -import static org.keycloak.authorization.AdminPermissionsSchema.MANAGE_MEMBERS; -import static org.keycloak.authorization.AdminPermissionsSchema.USERS_RESOURCE_TYPE; -import static org.keycloak.authorization.AdminPermissionsSchema.VIEW; -import static org.keycloak.authorization.AdminPermissionsSchema.VIEW_MEMBERS; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.GROUPS_RESOURCE_TYPE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.MANAGE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.MANAGE_MEMBERS; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.USERS_RESOURCE_TYPE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.VIEW; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.VIEW_MEMBERS; import java.util.ArrayList; import java.util.Collection; @@ -44,7 +44,7 @@ import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.resource.ScopePermissionsResource; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.representations.idm.GroupRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.authorization.DecisionEffect; diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeEvaluationTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeEvaluationTest.java index 99c807dc3a7..7fa139fa41b 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeEvaluationTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeEvaluationTest.java @@ -23,11 +23,11 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertTrue; import static org.junit.jupiter.api.Assertions.fail; -import static org.keycloak.authorization.AdminPermissionsSchema.IMPERSONATE; -import static org.keycloak.authorization.AdminPermissionsSchema.MANAGE; -import static org.keycloak.authorization.AdminPermissionsSchema.MANAGE_GROUP_MEMBERSHIP; -import static org.keycloak.authorization.AdminPermissionsSchema.MAP_ROLES; -import static org.keycloak.authorization.AdminPermissionsSchema.VIEW; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.IMPERSONATE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.MANAGE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.MANAGE_GROUP_MEMBERSHIP; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.MAP_ROLES; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.VIEW; import java.util.List; import java.util.Set; @@ -41,7 +41,7 @@ import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.KeycloakBuilder; import org.keycloak.admin.client.resource.ScopePermissionsResource; import org.keycloak.admin.client.resource.UsersResource; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.representations.idm.GroupRepresentation; import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.UserRepresentation; diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeFilteringTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeFilteringTest.java index a6283b747da..c198c55190a 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeFilteringTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeFilteringTest.java @@ -25,10 +25,10 @@ import static org.hamcrest.Matchers.not; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.keycloak.authorization.AdminPermissionsSchema.GROUPS_RESOURCE_TYPE; -import static org.keycloak.authorization.AdminPermissionsSchema.USERS_RESOURCE_TYPE; -import static org.keycloak.authorization.AdminPermissionsSchema.VIEW; -import static org.keycloak.authorization.AdminPermissionsSchema.VIEW_MEMBERS; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.GROUPS_RESOURCE_TYPE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.USERS_RESOURCE_TYPE; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.VIEW; +import static org.keycloak.authorization.fgap.AdminPermissionsSchema.VIEW_MEMBERS; import java.util.HashSet; import java.util.List; @@ -43,7 +43,7 @@ import org.junit.jupiter.api.Test; import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.resource.RolePoliciesResource; import org.keycloak.admin.client.resource.ScopePermissionsResource; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.models.AdminRoles; import org.keycloak.models.Constants; import org.keycloak.models.utils.KeycloakModelUtils; diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypePermissionTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypePermissionTest.java index 1044498c350..553bb150355 100644 --- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypePermissionTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypePermissionTest.java @@ -43,7 +43,7 @@ import org.junit.jupiter.api.Test; import org.keycloak.admin.client.resource.AuthorizationResource; import org.keycloak.admin.client.resource.ScopePermissionResource; import org.keycloak.admin.client.resource.ScopePermissionsResource; -import org.keycloak.authorization.AdminPermissionsSchema; +import org.keycloak.authorization.fgap.AdminPermissionsSchema; import org.keycloak.representations.idm.authorization.PolicyRepresentation; import org.keycloak.representations.idm.authorization.ResourceRepresentation; import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation;