SPI for getting User Permissions from keycloak

taru · April 26, 2024, 10:38am

I want my SPI to return the user profile from the keycloak when i create/update the user, the user profile should have ----> basic detais, userRoles, userPermissions, claims as shown below, ----------------------------- “{“id":“094073fb-0f5e-419f-a582-d25b8b5b5903”,“email”:"admin@admin.com”,“firstName”:“Admin”,“lastName”:“listener”,“userRoles”:[“default-roles-portal-realm”,“create-client”,“uma_protection”,“read-token”,“view-profile”,“view-groups”,“view-consent”,“view-applications”,“manage-consent”,“manage-account-links”,“delete-account”],“userPermissions”:,“claims”:null}”

but I am not getting the userPermissions, it is coming emppty I tried getting permissions by few methods below -----------
public List getPermissions(UserModel user) {

    String realmName = System.getenv("realm_name");
    RealmModel realm = this.model.getRealmByName(realmName);

    ClientModel client = realm.getClientByClientId("portal-client");
    log.info("client: " + client);

    log.info("getPermissions is triggered...........................");
    List<UserPermission> userPermissions = new ArrayList<>();
    StoreFactory storeFactory = session.getProvider(StoreFactory.class);
    log.info("storeFactory: " + storeFactory);

    AuthorizationProvider authorizationProvider = session.getProvider(AuthorizationProvider.class);
     log.info("authorizationProvider: " + authorizationProvider);
     
    PermissionTicketStore permissionTicketStore = storeFactory.getPermissionTicketStore();
    log.info("permissionTicketStore: " + permissionTicketStore);
    ResourceServerStore resourceServerStore = storeFactory.getResourceServerStore();
    log.info("resourceServerStore: " + resourceServerStore);
    ResourceServer resourceServer = resourceServerStore.findByClient(client);

    log.info("resourceServer: " + resourceServer);
    if (resourceServer != null) {
        log.info("resourceServer is not null...........................");
        List<PermissionTicket> permissionTickets = permissionTicketStore.findGranted(resourceServer, user.getId());
        log.info("user.getId(): " + user.getId());
        log.info("permissionTickets: " + permissionTickets);
        for (PermissionTicket permissionTicket : permissionTickets) {
            log.info("permissionTicket: loop:  " + permissionTicket);
            UserPermission userPermission = new UserPermission();
            userPermission.setResourceId(permissionTicket.getResource().getId());
            log.info("permissionTicket.getResource().getId(): " + permissionTicket.getResource().getId());
            userPermission.setResourceName(permissionTicket.getResource().getName());
            log.info("permissionTicket.getResource().getName(): " + permissionTicket.getResource().getName());
            userPermission.setActions(getScopeNames(permissionTicket.getResource()));
            log.info("getScopeNames(permissionTicket.getResource()): " + getScopeNames(permissionTicket.getResource()));
            userPermissions.add(userPermission);
        }
    }

    return userPermissions;
}  ---            **List<PermissionTicket> permissionTickets = permissionTicketStore.findGranted(resourceServer, user.getId());**

** is coming empty**------
-------------------------------------2nd i tried -------------->
public List getPermissions(UserModel user) {

    String realmName = System.getenv("realm_name");
    RealmModel realm = this.model.getRealmByName(realmName);

    ClientModel client = realm.getClientByClientId("portal-client");
    log.info("client: " + client);

    log.info("getPermissions is triggered...........................");
    List<UserPermission> userPermissions = new ArrayList<>();

    AuthorizationProvider authorizationProvider = session.getProvider(AuthorizationProvider.class);
    log.info("authorizationProvider: " + authorizationProvider);

    ResourceServer resourceServer = authorizationProvider.getStoreFactory().getResourceServerStore().findById(client.getId());

    Policy policy =  authorizationProvider.getStoreFactory().getPolicyStore().findById(resourceServer, user.getId());
    log.info("policy: " + policy);


    if (policy != null) {
        List<PermissionTicket> permissionTickets = authorizationProvider.getStoreFactory().getPermissionTicketStore().findGranted(resourceServer, user.getId());
        log.info("permissionTickets: " + permissionTickets);
        for (PermissionTicket permissionTicket : permissionTickets) {
            log.info("permissionTicket: " + permissionTicket);
            Resource resource = permissionTicket.getResource();
            UserPermission userPermission = new UserPermission();
            userPermission.setResourceId(resource.getId());
            userPermission.setResourceName(resource.getName());
            List<String> actions = new ArrayList<>();
            for (Scope scope : resource.getScopes()) {
                actions.add(scope.getName());
            }
            userPermission.setActions(actions);
            userPermissions.add(userPermission);
        }
    }

    return userPermissions;

} still the permissions is not coming

-----------------------------3rd -----------------------------
public List getPermissions(UserModel user) {

    String realmName = System.getenv("realm_name");
    RealmModel realm = this.model.getRealmByName(realmName);
    ClientModel client = realm.getClientByClientId("portal-client");

    AuthorizationProvider authorizationProvider = session.getProvider(AuthorizationProvider.class);
    ResourceServer resourceServer = authorizationProvider.getStoreFactory().getResourceServerStore().findById(client.getId());
    log.info("resourceServer: " + resourceServer);
    Evaluators evaluators = authorizationProvider.evaluators();
    log.info("evaluators: " + evaluators);
    AuthorizationRequest request = new AuthorizationRequest();
    log.info("request: " + request);

    final Map<String, Resource> resourceMap = authorizationProvider
            .getStoreFactory()
            .getResourceStore()
            .findByType(resourceServer, resourceServer.getId())
            .stream()
            .collect(Collectors.toMap(Resource::getId, r -> r));


    log.info("resourceMap: " + resourceMap);
    // Generate a permission evaluator for all resources of given type
    final PermissionEvaluator permissionEvaluator = evaluators
            .from(
                    resourceMap
                            .entrySet()
                            .stream()
                            .map(r -> new ResourcePermission(r.getValue(), Collections.emptyList(), resourceServer))
                            .collect(Collectors.toList()),
                    new DefaultEvaluationContext(new UserModelIdentity(realm, user), this.session));
    log.info("permissionEvaluator: " + permissionEvaluator);
    // Evaluate permission and put them in a result set.
    final Collection<Permission> permissions = permissionEvaluator.evaluate(resourceServer, request);
    final List<UserPermission> userPermissions = new ArrayList<>();
    for (final Permission permission : permissions) {
        log.info("permission: " + permission);
        if (resourceMap.containsKey(permission.getResourceId())) {
            UserPermission userPermission = new UserPermission();
            userPermission.setResourceId(permission.getResourceId());
            userPermission.setResourceName(resourceMap.get(permission.getResourceId()).getName());
            userPermission.setActions((permission.getScopes()).stream().toList());
            userPermissions.add(userPermission);
        }
    }

    return userPermissions;
} -----this also the resourceMap is null how to populate permission there

---------------------and the last one ---------
public List getPermissions(UserModel user) {

    String realmName = System.getenv("realm_name");
    RealmModel realm = this.model.getRealmByName(realmName);
    ClientModel client = realm.getClientByClientId("portal-client");
    AuthenticationManager.AuthResult auth = new AppAuthManager.BearerTokenAuthenticator(session).authenticate();
    if (auth == null || auth.getToken() == null) {
        throw new NotAuthorizedException("Bearer");
    }
    AuthorizationProvider authorizationProvider = session.getProvider(AuthorizationProvider.class);
    ResourceServer resourceServer = authorizationProvider.getStoreFactory().getResourceServerStore().findById(client.getId());
    log.info("resourceServer: " + resourceServer);
    Evaluators evaluators = authorizationProvider.evaluators();
    log.info("evaluators: " + evaluators);
    AuthorizationRequest request = new AuthorizationRequest();
    log.info("request: " + request);
    request.setSubjectToken(auth.getToken().toString());

    final Map<String, Resource> resourceMap = authorizationProvider
            .getStoreFactory()
            .getResourceStore()
            .findByType(resourceServer, resourceServer.getId())
            .stream()
            .collect(Collectors.toMap(Resource::getId, r -> r));


    log.info("resourceMap: " + resourceMap);
    // Generate a permission evaluator for all resources of given type
    final PermissionEvaluator permissionEvaluator = evaluators
            .from(
                    resourceMap
                            .entrySet()
                            .stream()
                            .map(r -> new ResourcePermission(r.getValue(), Collections.emptyList(), resourceServer))
                            .collect(Collectors.toList()),
                    new DefaultEvaluationContext(new UserModelIdentity(realm, user), this.session));
    log.info("permissionEvaluator: " + permissionEvaluator);
    // Evaluate permission and put them in a result set.
    final Collection<Permission> permissions = permissionEvaluator.evaluate(resourceServer, request);
    final List<UserPermission> userPermissions = new ArrayList<>();
    for (final Permission permission : permissions) {
        log.info("permission: " + permission);
        if (resourceMap.containsKey(permission.getResourceId())) {
            UserPermission userPermission = new UserPermission();
            userPermission.setResourceId(permission.getResourceId());
            userPermission.setResourceName(resourceMap.get(permission.getResourceId()).getName());
            userPermission.setActions((permission.getScopes()).stream().toList());
            userPermissions.add(userPermission);
        }
    }

    return userPermissions;
} --please tell me the solution, which class which method is requied

Topic	Replies	Views
Get all the User Claims in the user profile using the SPI Getting advice admin-console , admin-rest , authentication , oidc	28	May 6, 2024
Obtaining user from custom SPI	287	June 24, 2022
Request about custom claims Configuring the server authentication	292	July 16, 2021
Get user password in getUserByUsername method of User Storage SPI Getting advice user-federation	317	February 13, 2023
Keycloak rewrite spi question	331	August 2, 2021

SPI for getting User Permissions from keycloak

Related Topics