Package org.keycloak.authorization.store
Interface PermissionTicketStore
- All Known Implementing Classes:
JPAPermissionTicketStore
,StoreFactoryCacheSession.PermissionTicketCache
public interface PermissionTicketStore
A
PermissionTicketStore
is responsible to manage the persistence of PermissionTicket
instances.- Author:
- Pedro Igor
-
Method Summary
Modifier and TypeMethodDescriptionlong
count
(ResourceServer resourceServer, Map<PermissionTicket.FilterOption, String> attributes) Returns count ofPermissionTicket
, filtered by the given attributes.create
(ResourceServer resourceServer, Resource resource, Scope scope, String requester) Creates a newPermissionTicket
instance.void
delete
(RealmModel realm, String id) Deletes a permission from the underlying persistence mechanism.find
(RealmModel realm, ResourceServer resourceServer, Map<PermissionTicket.FilterOption, String> attributes, Integer firstResult, Integer maxResults) Returns a list ofPermissionTicket
, filtered by the given attributes.findById
(RealmModel realm, ResourceServer resourceServer, String id) Returns aPermissionTicket
with the givenid
findByResource
(ResourceServer resourceServer, Resource resource) Returns a list ofPermissionTicket
associated with theresource
.findByScope
(ResourceServer resourceServer, Scope scope) Returns a list ofPermissionTicket
associated with thescope
.findGranted
(ResourceServer resourceServer, String userId) Returns a list ofPermissionTicket
granted to the givenuserId
.findGranted
(ResourceServer resourceServer, String resourceName, String userId) findGrantedOwnerResources
(RealmModel realm, String owner, Integer firstResult, Integer maxResults) Returns a list ofResource
granted by the owner to other usersfindGrantedResources
(RealmModel realm, String requester, String name, Integer firstResult, Integer maxResults) Returns a list ofResource
granted to the givenrequester
-
Method Details
-
count
Returns count ofPermissionTicket
, filtered by the given attributes.- Parameters:
resourceServer
- the resource server. Cannot benull
.attributes
- permission tickets that do not match the attributes are not included with the count; possible filter options are given byPermissionTicket.FilterOption
- Returns:
- an integer indicating the amount of permission tickets
- Throws:
IllegalArgumentException
- when there is an unknown attribute in theattributes
map
-
create
PermissionTicket create(ResourceServer resourceServer, Resource resource, Scope scope, String requester) Creates a newPermissionTicket
instance.- Parameters:
resourceServer
- the resource server to which this permission ticket belongs. Cannot benull
.resource
- resource. Cannot benull
.scope
- scope. Cannot benull
requester
- requester of the permission- Returns:
- a new instance of
PermissionTicket
-
delete
Deletes a permission from the underlying persistence mechanism.- Parameters:
realm
- realm. Cannot benull
.id
- the id of the policy to delete
-
findById
Returns aPermissionTicket
with the givenid
- Parameters:
realm
- the realm. Cannot benull
.resourceServer
- the resource server. Ignored ifnull
.id
- the identifier of the permission- Returns:
- a permission with the given identifier.
-
findByResource
Returns a list ofPermissionTicket
associated with theresource
.- Parameters:
resourceServer
- the resource server. Cannot benull
.resource
- the resource. Cannot benull
- Returns:
- a list of permissions associated with the given resource
-
findByScope
Returns a list ofPermissionTicket
associated with thescope
.- Parameters:
resourceServer
- the resource server. Cannot benull
.scope
- the scope. Cannot benull
.- Returns:
- a list of permissions associated with the given scopes
-
find
List<PermissionTicket> find(RealmModel realm, ResourceServer resourceServer, Map<PermissionTicket.FilterOption, String> attributes, Integer firstResult, Integer maxResults) Returns a list ofPermissionTicket
, filtered by the given attributes.- Parameters:
realm
- the realm. Cannot benull
.resourceServer
- a resource server that resulting tickets should belong to. Ignored ifnull
.attributes
- a map of keys and values to filter on; possible filter options are given byPermissionTicket.FilterOption
firstResult
- first result to return. Ignored if negative ornull
.maxResults
- maximum number of results to return. Ignored if negative ornull
.- Returns:
- a list of filtered and paginated permissions
- Throws:
IllegalArgumentException
- when there is an unknown attribute in theattributes
map
-
findGranted
Returns a list ofPermissionTicket
granted to the givenuserId
.- Parameters:
resourceServer
- the resource server. Cannot benull
userId
- the user id- Returns:
- a list of permissions granted for a particular user
-
findGranted
List<PermissionTicket> findGranted(ResourceServer resourceServer, String resourceName, String userId) - Parameters:
resourceServer
- the resource server. Cannot benull
.resourceName
- the name of a resourceuserId
- the user id- Returns:
- a list of permissions granted for a particular user TODO: investigate a way how to replace resourceName with Resource class
-
findGrantedResources
List<Resource> findGrantedResources(RealmModel realm, String requester, String name, Integer firstResult, Integer maxResults) Returns a list ofResource
granted to the givenrequester
- Parameters:
realm
- realm that is searched. Cannot benull
requester
- the requestername
- the keyword to query resources by name or null if any resourcefirstResult
- first result to return. Ignored if negative ornull
.maxResults
- maximum number of results to return. Ignored if negative ornull
.- Returns:
- a list of
Resource
granted to the givenrequester
-
findGrantedOwnerResources
List<Resource> findGrantedOwnerResources(RealmModel realm, String owner, Integer firstResult, Integer maxResults) Returns a list ofResource
granted by the owner to other users- Parameters:
realm
-owner
- the ownerfirstResult
- first result to return. Ignored if negative ornull
.maxResults
- maximum number of results to return. Ignored if negative ornull
.- Returns:
- a list of
Resource
granted by the owner
-