I want my SPI to return the user profile from the keycloak when i create/update the user, the user profile should have ----> basic detais, userRoles, userPermissions, claims as shown below, ----------------------------- “{“id":“094073fb-0f5e-419f-a582-d25b8b5b5903”,“email”:"admin@admin.com”,“firstName”:“Admin”,“lastName”:“listener”,“userRoles”:[“default-roles-portal-realm”,“create-client”,“uma_protection”,“read-token”,“view-profile”,“view-groups”,“view-consent”,“view-applications”,“manage-consent”,“manage-account-links”,“delete-account”],“userPermissions”:,“claims”:null}”
but I am not getting the userPermissions, it is coming emppty I tried getting permissions by few methods below -----------
public List getPermissions(UserModel user) {
String realmName = System.getenv("realm_name");
RealmModel realm = this.model.getRealmByName(realmName);
ClientModel client = realm.getClientByClientId("portal-client");
log.info("client: " + client);
log.info("getPermissions is triggered...........................");
List<UserPermission> userPermissions = new ArrayList<>();
StoreFactory storeFactory = session.getProvider(StoreFactory.class);
log.info("storeFactory: " + storeFactory);
AuthorizationProvider authorizationProvider = session.getProvider(AuthorizationProvider.class);
log.info("authorizationProvider: " + authorizationProvider);
PermissionTicketStore permissionTicketStore = storeFactory.getPermissionTicketStore();
log.info("permissionTicketStore: " + permissionTicketStore);
ResourceServerStore resourceServerStore = storeFactory.getResourceServerStore();
log.info("resourceServerStore: " + resourceServerStore);
ResourceServer resourceServer = resourceServerStore.findByClient(client);
log.info("resourceServer: " + resourceServer);
if (resourceServer != null) {
log.info("resourceServer is not null...........................");
List<PermissionTicket> permissionTickets = permissionTicketStore.findGranted(resourceServer, user.getId());
log.info("user.getId(): " + user.getId());
log.info("permissionTickets: " + permissionTickets);
for (PermissionTicket permissionTicket : permissionTickets) {
log.info("permissionTicket: loop: " + permissionTicket);
UserPermission userPermission = new UserPermission();
userPermission.setResourceId(permissionTicket.getResource().getId());
log.info("permissionTicket.getResource().getId(): " + permissionTicket.getResource().getId());
userPermission.setResourceName(permissionTicket.getResource().getName());
log.info("permissionTicket.getResource().getName(): " + permissionTicket.getResource().getName());
userPermission.setActions(getScopeNames(permissionTicket.getResource()));
log.info("getScopeNames(permissionTicket.getResource()): " + getScopeNames(permissionTicket.getResource()));
userPermissions.add(userPermission);
}
}
return userPermissions;
} --- **List<PermissionTicket> permissionTickets = permissionTicketStore.findGranted(resourceServer, user.getId());**
** is coming empty**------
-------------------------------------2nd i tried -------------->
public List getPermissions(UserModel user) {
String realmName = System.getenv("realm_name");
RealmModel realm = this.model.getRealmByName(realmName);
ClientModel client = realm.getClientByClientId("portal-client");
log.info("client: " + client);
log.info("getPermissions is triggered...........................");
List<UserPermission> userPermissions = new ArrayList<>();
AuthorizationProvider authorizationProvider = session.getProvider(AuthorizationProvider.class);
log.info("authorizationProvider: " + authorizationProvider);
ResourceServer resourceServer = authorizationProvider.getStoreFactory().getResourceServerStore().findById(client.getId());
Policy policy = authorizationProvider.getStoreFactory().getPolicyStore().findById(resourceServer, user.getId());
log.info("policy: " + policy);
if (policy != null) {
List<PermissionTicket> permissionTickets = authorizationProvider.getStoreFactory().getPermissionTicketStore().findGranted(resourceServer, user.getId());
log.info("permissionTickets: " + permissionTickets);
for (PermissionTicket permissionTicket : permissionTickets) {
log.info("permissionTicket: " + permissionTicket);
Resource resource = permissionTicket.getResource();
UserPermission userPermission = new UserPermission();
userPermission.setResourceId(resource.getId());
userPermission.setResourceName(resource.getName());
List<String> actions = new ArrayList<>();
for (Scope scope : resource.getScopes()) {
actions.add(scope.getName());
}
userPermission.setActions(actions);
userPermissions.add(userPermission);
}
}
return userPermissions;
} still the permissions is not coming
-----------------------------3rd -----------------------------
public List getPermissions(UserModel user) {
String realmName = System.getenv("realm_name");
RealmModel realm = this.model.getRealmByName(realmName);
ClientModel client = realm.getClientByClientId("portal-client");
AuthorizationProvider authorizationProvider = session.getProvider(AuthorizationProvider.class);
ResourceServer resourceServer = authorizationProvider.getStoreFactory().getResourceServerStore().findById(client.getId());
log.info("resourceServer: " + resourceServer);
Evaluators evaluators = authorizationProvider.evaluators();
log.info("evaluators: " + evaluators);
AuthorizationRequest request = new AuthorizationRequest();
log.info("request: " + request);
final Map<String, Resource> resourceMap = authorizationProvider
.getStoreFactory()
.getResourceStore()
.findByType(resourceServer, resourceServer.getId())
.stream()
.collect(Collectors.toMap(Resource::getId, r -> r));
log.info("resourceMap: " + resourceMap);
// Generate a permission evaluator for all resources of given type
final PermissionEvaluator permissionEvaluator = evaluators
.from(
resourceMap
.entrySet()
.stream()
.map(r -> new ResourcePermission(r.getValue(), Collections.emptyList(), resourceServer))
.collect(Collectors.toList()),
new DefaultEvaluationContext(new UserModelIdentity(realm, user), this.session));
log.info("permissionEvaluator: " + permissionEvaluator);
// Evaluate permission and put them in a result set.
final Collection<Permission> permissions = permissionEvaluator.evaluate(resourceServer, request);
final List<UserPermission> userPermissions = new ArrayList<>();
for (final Permission permission : permissions) {
log.info("permission: " + permission);
if (resourceMap.containsKey(permission.getResourceId())) {
UserPermission userPermission = new UserPermission();
userPermission.setResourceId(permission.getResourceId());
userPermission.setResourceName(resourceMap.get(permission.getResourceId()).getName());
userPermission.setActions((permission.getScopes()).stream().toList());
userPermissions.add(userPermission);
}
}
return userPermissions;
} -----this also the resourceMap is null how to populate permission there
---------------------and the last one ---------
public List getPermissions(UserModel user) {
String realmName = System.getenv("realm_name");
RealmModel realm = this.model.getRealmByName(realmName);
ClientModel client = realm.getClientByClientId("portal-client");
AuthenticationManager.AuthResult auth = new AppAuthManager.BearerTokenAuthenticator(session).authenticate();
if (auth == null || auth.getToken() == null) {
throw new NotAuthorizedException("Bearer");
}
AuthorizationProvider authorizationProvider = session.getProvider(AuthorizationProvider.class);
ResourceServer resourceServer = authorizationProvider.getStoreFactory().getResourceServerStore().findById(client.getId());
log.info("resourceServer: " + resourceServer);
Evaluators evaluators = authorizationProvider.evaluators();
log.info("evaluators: " + evaluators);
AuthorizationRequest request = new AuthorizationRequest();
log.info("request: " + request);
request.setSubjectToken(auth.getToken().toString());
final Map<String, Resource> resourceMap = authorizationProvider
.getStoreFactory()
.getResourceStore()
.findByType(resourceServer, resourceServer.getId())
.stream()
.collect(Collectors.toMap(Resource::getId, r -> r));
log.info("resourceMap: " + resourceMap);
// Generate a permission evaluator for all resources of given type
final PermissionEvaluator permissionEvaluator = evaluators
.from(
resourceMap
.entrySet()
.stream()
.map(r -> new ResourcePermission(r.getValue(), Collections.emptyList(), resourceServer))
.collect(Collectors.toList()),
new DefaultEvaluationContext(new UserModelIdentity(realm, user), this.session));
log.info("permissionEvaluator: " + permissionEvaluator);
// Evaluate permission and put them in a result set.
final Collection<Permission> permissions = permissionEvaluator.evaluate(resourceServer, request);
final List<UserPermission> userPermissions = new ArrayList<>();
for (final Permission permission : permissions) {
log.info("permission: " + permission);
if (resourceMap.containsKey(permission.getResourceId())) {
UserPermission userPermission = new UserPermission();
userPermission.setResourceId(permission.getResourceId());
userPermission.setResourceName(resourceMap.get(permission.getResourceId()).getName());
userPermission.setActions((permission.getScopes()).stream().toList());
userPermissions.add(userPermission);
}
}
return userPermissions;
} --please tell me the solution, which class which method is requied