73 PermissionTicketStore ticketStore =
authorization.getStoreFactory().getPermissionTicketStore();
74 if (representation == null)
75 throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST,
"invalid_permission", Response.Status.BAD_REQUEST);
76 if (representation.getId() != null)
77 throw new ErrorResponseException(
"invalid_permission",
"created permissions should not have id", Response.Status.BAD_REQUEST);
78 if (representation.getResource() == null)
79 throw new ErrorResponseException(
"invalid_permission",
"created permissions should have resource", Response.Status.BAD_REQUEST);
80 if (representation.getScope() == null && representation.getScopeName() == null)
81 throw new ErrorResponseException(
"invalid_permission",
"created permissions should have scope or scopeName", Response.Status.BAD_REQUEST);
82 if (representation.getRequester() == null && representation.getRequesterName() == null)
83 throw new ErrorResponseException(
"invalid_permission",
"created permissions should have requester or requesterName", Response.Status.BAD_REQUEST);
85 ResourceStore rstore = this.
authorization.getStoreFactory().getResourceStore();
86 Resource resource = rstore.findById(representation.getResource(),
resourceServer.getId());
87 if (resource == null )
throw new ErrorResponseException(
"invalid_resource_id",
"Resource set with id [" + representation.getResource() +
"] does not exists in this server.", Response.Status.BAD_REQUEST);
90 throw new ErrorResponseException(
"not_authorised",
"permissions for [" + representation.getResource() +
"] can be only created by the owner", Response.Status.FORBIDDEN);
92 UserModel user = null;
93 if(representation.getRequester() != null)
94 user = this.
authorization.getKeycloakSession().userStorageManager().getUserById(representation.getRequester(), this.
authorization.getRealm());
96 user = this.
authorization.getKeycloakSession().userStorageManager().getUserByUsername(representation.getRequesterName(), this.
authorization.getRealm());
99 throw new ErrorResponseException(
"invalid_permission",
"Requester does not exists in this server as user.", Response.Status.BAD_REQUEST);
102 ScopeStore sstore = this.
authorization.getStoreFactory().getScopeStore();
104 if(representation.getScopeName() != null)
105 scope = sstore.findByName(representation.getScopeName(),
resourceServer.getId());
107 scope = sstore.findById(representation.getScope(),
resourceServer.getId());
109 if (scope == null && representation.getScope() !=null )
110 throw new ErrorResponseException(
"invalid_scope",
"Scope [" + representation.getScope() +
"] is invalid", Response.Status.BAD_REQUEST);
111 if (scope == null && representation.getScopeName() !=null )
112 throw new ErrorResponseException(
"invalid_scope",
"Scope [" + representation.getScopeName() +
"] is invalid", Response.Status.BAD_REQUEST);
114 boolean match = resource.getScopes().contains(scope);
117 throw new ErrorResponseException(
"invalid_resource_id",
"Resource set with id [" + representation.getResource() +
"] does not have Scope [" + scope.getName() +
"]", Response.Status.BAD_REQUEST);
119 Map<String, String> attributes =
new HashMap<String, String>();
120 attributes.put(PermissionTicket.RESOURCE, resource.getId());
121 attributes.put(PermissionTicket.SCOPE, scope.getId());
122 attributes.put(PermissionTicket.REQUESTER, user.getId());
124 if (!ticketStore.find(attributes,
resourceServer.getId(), -1, -1).isEmpty())
125 throw new ErrorResponseException(
"invalid_permission",
"Permission already exists", Response.Status.BAD_REQUEST);
127 PermissionTicket ticket = ticketStore.create(resource.getId(), scope.getId(), user.getId(),
resourceServer);
128 if(representation.isGranted())
129 ticket.setGrantedTimestamp(java.lang.System.currentTimeMillis());
130 representation = ModelToRepresentation.toRepresentation(ticket,
authorization);
131 return Response.ok(representation).build();
final AuthorizationProvider authorization
Definition: PermissionTicketService.java:59
final KeycloakIdentity identity
Definition: PermissionTicketService.java:60
final ResourceServer resourceServer
Definition: PermissionTicketService.java:61
String getId()
Definition: KeycloakIdentity.java:214