keycloak

mirror of https://github.com/keycloak/keycloak.git synced 2025-12-16 20:15:46 -06:00

Author	SHA1	Message	Date
Pedro Igor	89a8cddfd6	Make sure group permissions on view scope are not processed when querying users Closes #44329 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: vramik <vramik@redhat.com>	2025-12-08 14:39:40 +01:00
Stian Thorgersen	a2c1055f8d	Proposed import order (#43432 ) * Add importOrder to Spotless Closes #43235 Signed-off-by: stianst <stianst@gmail.com> * Re-order imports with Spotless Signed-off-by: stianst <stianst@gmail.com> --------- Signed-off-by: stianst <stianst@gmail.com>	2025-11-14 09:34:49 +01:00
stianst	aedd7fe5db	Remove unused imports as part of #43233 Signed-off-by: stianst <stianst@gmail.com>	2025-10-13 13:32:01 +02:00
Peter Skopek	1ad2444945	Add missing javadocs to published artifacts to allow Maven Central Portal Publisher pass validation process. Signed-off-by: Peter Skopek <pskopek@redhat.com>	2025-08-12 16:50:17 +02:00
Peter Skopek	651d651c30	Add missing artifact descriptions to allow Maven Central Portal Publisher pass validation process. (#40822 ) Signed-off-by: Peter Skopek <pskopek@redhat.com>	2025-08-12 16:50:17 +02:00
Pedro Igor	43a7b27301	Resolve roles inherited from groups and composite roles Closes #39850 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-05-26 14:15:06 -03:00
Pedro Igor	7aab9fade8	Move FGAP types to a specific package Closes #39712 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-05-22 09:53:16 -03:00
Pedro Igor	ae88d7921f	Improvements to partial evaluation Closes #38732 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-04-09 18:15:28 +02:00
Pedro Igor	a4000575a4	Initial support for partial evaluation Closes #38085 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-03-19 13:30:52 -03:00
Garth	e0806c6284	Add a null check to ClientModels loaded by ID from ClientPolicyRepresentation. Closes #37673 Signed-off-by: Garth <244253+xgp@users.noreply.github.com>	2025-03-07 10:48:07 -03:00
Alexander Schwartz	a357589c14	Apply a heuristic to look up by the role by ID or name Closes #36919 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-02-03 18:12:41 -03:00
Emilien Bondu	13e7d34cd3	Add new error type in authz client and handle properly missing resources errors to enable policy enforcer resource cache eviction/update. Closes #36560 Signed-off-by: Emilien Bondu <dev.ebondu@gmail.com>	2025-01-20 12:01:03 +01:00
vramik	8b5ebe98d8	[FGAP] Design AdminPermissionEvaluator implementation for FGAP v2 Closes #34921 Signed-off-by: vramik <vramik@redhat.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-01-15 16:05:14 -03:00
Stian Thorgersen	c1c147cb17	Restrict access to environment variables when at the server runtime (#36472 ) Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-01-15 09:36:19 +01:00
Stefan Guilhen	a43b65281d	Search user by id and fallback to username when needed - prevents performance issues when reading policies as users are always stored by id. Closes #35796 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-12-11 11:54:59 -03:00
Thomas Darimont	f61937f3d9	Prefer usage of `StandardCharsets.UTF_8` over `"UTF-8"` charset reference Fixes #35080 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-11-25 10:45:37 +00:00
Stefan Guilhen	8581886944	Add validation for role and time policies Closes #28978 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-10-21 15:51:38 -03:00
Pedro Igor	b76f4f9c1b	Avoid iterating over user policies when removing users Closes #19358 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-10-15 15:01:40 +02:00
mposolda	b95d12a968	Add AuthzClientCryptoProvider to authz-client in keycloak main repository closes #33831 Signed-off-by: mposolda <mposolda@gmail.com>	2024-10-15 08:16:14 +02:00
rmartinc	c532751ff4	Downgrade Java for client libraries to 8 Closes #33051 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-09-20 17:01:01 +02:00
mposolda	4b95b42590	Avoid releasing keycloak-authz-client-test artifact to maven repositories closes #31653 Signed-off-by: mposolda <mposolda@gmail.com>	2024-09-05 11:57:08 +02:00
mposolda	cd947ce3bc	Removing policy-enforcer from Keycloak repository closes #32191 Signed-off-by: mposolda <mposolda@gmail.com>	2024-08-28 07:40:20 -03:00
mposolda	54a538b3ad	Update RolePolicyRepresentation fields from 'boolean' to 'Boolean' closes #32117 Signed-off-by: mposolda <mposolda@gmail.com>	2024-08-14 13:11:06 +02:00
Krishna Kumar	fc80cc75fe	Make createPatSupplier private to public Closes #29986 Signed-off-by: Krishna Kumar <krishnachaurasia1998@gmail.com>	2024-07-23 11:11:42 +00:00
Diego Ramp	ae74d923d2	fix bad debugv({}) in favor of more tolerant debugf(%s) Closes #31368 Signed-off-by: Diego Ramp <diego.ramp@mobi.ch>	2024-07-18 10:34:32 +02:00
mposolda	06f6173c8a	Add suffix to keycloak-authz-client artifact in keycloak repository closes #30926 Signed-off-by: mposolda <mposolda@gmail.com>	2024-07-17 14:59:09 +02:00
mposolda	5526976d1c	Add suffix to keycloak-policy-enforcer artifacts in keycloak repository closes #30927 Signed-off-by: mposolda <mposolda@gmail.com>	2024-07-17 12:03:23 +02:00
Pedro Igor	cbf7f208fb	Avoid iterating and updating all group policies when removing groups (#31057 ) Closes #31056 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-08 13:57:20 +02:00
Romain LABAT	6615691c63	Support for service accounts when fetch roles is enabled (#30687 ) Support for service accounts when fetch roles is enabled Signed-off-by: Romain LABAT <contact@romainlabat.fr> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-25 18:00:26 -03:00
Douglas Palmer	5af3001122	Check if OSGI metadata can be removed entirely Closes #29104 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-06-25 14:12:33 +02:00
Stefan Guilhen	52c9e440d6	Guard against NPE when fetching users associated with user policies. Closes #28915 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-05-10 16:52:25 -03:00
Douglas Palmer	00bd6224fa	Remove remaining Fuse adapter bits Closes #28787 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-05-06 09:02:26 +02:00
Steven Hawkins	9486432f3f	fix: removing httpclient override (#28304 ) we need to have a dependency on commons-logging-jboss-logging closes: #21392 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-04-23 10:09:06 +02:00
Mark Banierink	ad32896725	replaced and removed deprecated token methods (#27715 ) closes #19671 Signed-off-by: Mark Banierink <mark.banierink@nedap.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-23 09:23:37 +02:00
Pedro Igor	8e48bac278	Ordering the group and role ids in the policy representation Closes #28824 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-22 20:28:47 +02:00
Pedro Igor	4ec9fea8f7	Adding tests Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-03 08:04:17 -03:00
EnneS	365a3feafa	Remove deleted roles from policy on update Closes #26915 Signed-off-by: EnneS <nathan.soulier26@gmail.com>	2024-04-03 08:04:17 -03:00
Clemens Zagler	b44252fde9	authz/client: Fix getPermissions returning wrong type Due to an issue with runtime type erasure, getPermissions returned a List<LinkedHashSet> instead of List<Permission>. Fixed and added test to catch this Closes #16520 Signed-off-by: Clemens Zagler <c.zagler@noi.bz.it>	2024-04-02 11:09:43 -03:00
Pedro Igor	d12711e858	Allow fetching roles when evaluating role licies Closes #20736 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-03-05 15:54:02 +01:00
Clemens Zagler	dca50bba3f	Authz-client: fix ClassCast Exception when getting resource permissions (#27483) Signed-off-by: Clemens Zagler <c.zagler@noi.bz.it>	2024-03-04 22:19:36 +09:00
Steven Hawkins	402c7d9b18	Removing version overrides and further aligning with quarkus versions (#26788 ) * elevating wildfly-elytron-http-oidc version management Signed-off-by: Steve Hawkins <shawkins@redhat.com> * removing testing dependency overrides Signed-off-by: Steve Hawkins <shawkins@redhat.com> * further version aligment with quarkus Signed-off-by: Steve Hawkins <shawkins@redhat.com> * adding a resteay-core-spi that can be overriden Signed-off-by: Steve Hawkins <shawkins@redhat.com> * removing hamcrest override Signed-off-by: Steve Hawkins <shawkins@redhat.com> * aligning with 3.7.1 Signed-off-by: Steve Hawkins <shawkins@redhat.com> --------- Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-02-07 17:57:23 +01:00
Michal Hajas	00742a62dd	Remove RealmModel from authorization services interfaces (#26708 ) Closes #26530 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2024-02-02 16:51:32 +01:00
remi	b22efeec78	Add a toggle to use context attributes on the regex policy provider Signed-off-by: remi <remi.tuveri@gmail.com>	2024-01-10 16:15:25 -03:00
Douglas Palmer	58d167fe59	Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user. Closes #24651 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-01-08 19:32:01 -03:00
Alice W	cf19c06341	Add logging to the policy providers for general debugging purposes Signed-off-by: Alice W <105500542+alice-wondered@users.noreply.github.com>	2024-01-05 11:56:00 -03:00
Alice	69497382d8	Group scalability upgrades (#22700 ) closes #22372 Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2023-10-26 16:50:45 +02:00
Emilien Bondu	95a45f0910	Set headers before calling sendError() method Closes #23325	2023-09-18 13:05:12 -03:00
Peter Zaoral	2b1c29a6f2	Use Quarkus Platform BOM Closes #20570 Closes #15870 Co-authored-by: Peter Zaoral <pzaoral@redhat.com>	2023-07-06 12:45:48 -03:00
Yoshiyuki Tabata	bd37875a66	allow specifying format of "permission" parameter in the UMA grant token endpoint (#15947)	2023-05-29 08:56:39 -03:00
mposolda	1f5d3223ae	Memory leak with PathCache.cache growing due the map was not synchronized closes #19096	2023-05-24 08:16:58 -03:00

1 2 3 4 5

244 Commits