예제 #1
0
  protected void addComposites(AccessToken token, RoleModel role) {
    AccessToken.Access access = null;
    if (role.getContainer() instanceof RealmModel) {
      access = token.getRealmAccess();
      if (token.getRealmAccess() == null) {
        access = new AccessToken.Access();
        token.setRealmAccess(access);
      } else if (token.getRealmAccess().getRoles() != null
          && token.getRealmAccess().isUserInRole(role.getName())) return;

    } else {
      ClientModel app = (ClientModel) role.getContainer();
      access = token.getResourceAccess(app.getClientId());
      if (access == null) {
        access = token.addAccess(app.getClientId());
        if (app.isSurrogateAuthRequired()) access.verifyCaller(true);
      } else if (access.isUserInRole(role.getName())) return;
    }
    access.addRole(role.getName());
    if (!role.isComposite()) return;

    for (RoleModel composite : role.getComposites()) {
      addComposites(token, composite);
    }
  }
예제 #2
0
 @Override
 public AccessToken transformAccessToken(
     AccessToken token,
     ProtocolMapperModel mappingModel,
     KeycloakSession session,
     UserSessionModel userSession,
     ClientSessionModel clientSession) {
   String role = mappingModel.getConfig().get(ROLE_CONFIG);
   String[] scopedRole = KeycloakModelUtils.parseRole(role);
   String appName = scopedRole[0];
   String roleName = scopedRole[1];
   if (appName != null) {
     token.addAccess(appName).addRole(roleName);
   } else {
     AccessToken.Access access = token.getRealmAccess();
     if (access == null) {
       access = new AccessToken.Access();
       token.setRealmAccess(access);
     }
     access.addRole(role);
   }
   return token;
 }