Search in sources :

Example 16 with ClientPoliciesRepresentation

use of org.keycloak.representations.idm.ClientPoliciesRepresentation in project keycloak by keycloak.

the class ClientPoliciesTest method testPoliciesFormView.

@Test
public void testPoliciesFormView() throws Exception {
    final String profileName = "mega-profile";
    final String policyName = "mega-policy";
    final String policyName2 = "mega-policy^2";
    final String policyDesc = "mega-desc";
    clientPoliciesPage.navigateTo();
    clientPoliciesPage.assertCurrent();
    clientPoliciesPage.policiesTable().clickCreatePolicy();
    createClientPolicyPage.assertCurrent();
    // create policy
    createClientPolicyPage.form().setPolicyName(policyName);
    createClientPolicyPage.form().setDescription(policyDesc);
    assertTrue(createClientPolicyPage.form().isEnabled());
    createClientPolicyPage.form().save();
    assertAlertSuccess();
    clientPolicyPage.setPolicyName(policyName);
    clientPolicyPage.assertCurrent();
    assertEquals(policyName, clientPolicyPage.form().getPolicyName());
    clientPolicyPage.conditionsTable().clickCreateCondition();
    // create condition
    createConditionPage.setPolicyName(policyName);
    createConditionPage.assertCurrent();
    createConditionPage.form().setConditionType(ClientAccessTypeConditionFactory.PROVIDER_ID);
    assertEquals(Stream.of(ClientAccessTypeConditionFactory.TYPE_CONFIDENTIAL).collect(Collectors.toSet()), conditionPage.form().getSelect2SelectedItems());
    createConditionPage.form().selectSelect2Item(ClientAccessTypeConditionFactory.TYPE_BEARERONLY);
    createConditionPage.form().save();
    assertAlertSuccess();
    // edit condition
    clientPolicyPage.assertCurrent();
    clientPolicyPage.conditionsTable().clickEditCondition(ClientAccessTypeConditionFactory.PROVIDER_ID);
    conditionPage.setUriParameters(policyName, 0);
    conditionPage.assertCurrent();
    assertEquals(Stream.of(ClientAccessTypeConditionFactory.TYPE_CONFIDENTIAL, ClientAccessTypeConditionFactory.TYPE_BEARERONLY).collect(Collectors.toSet()), conditionPage.form().getSelect2SelectedItems());
    createConditionPage.form().selectSelect2Item(ClientAccessTypeConditionFactory.TYPE_PUBLIC);
    createConditionPage.form().save();
    // create profile via REST
    ClientProfilesRepresentation profiles = new ClientProfilesBuilder().addProfile(new ClientProfileBuilder().createProfile(profileName, "desc").addExecutor(HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID, createHolderOfKeyEnforceExecutorConfig(true)).toRepresentation()).toRepresentation();
    testRealmResource().clientPoliciesProfilesResource().updateProfiles(profiles);
    refreshPageAndWaitForLoad();
    // add profile to policy
    clientPolicyPage.profilesTable().addProfile(GLOBAL_PROFILE);
    clientPolicyPage.profilesTable().addProfile(profileName);
    assertEquals(Arrays.asList(GLOBAL_PROFILE, profileName), clientPolicyPage.profilesTable().getProfiles());
    // remove profile
    clientPolicyPage.profilesTable().clickDeleteProfile(GLOBAL_PROFILE);
    assertAlertSuccess();
    // assert JSON
    ClientPoliciesRepresentation expected = new ClientPoliciesBuilder().addPolicy(new ClientPolicyBuilder().createPolicy(policyName, policyDesc, true).addCondition(ClientAccessTypeConditionFactory.PROVIDER_ID, createClientAccessTypeConditionConfig(Arrays.asList(ClientAccessTypeConditionFactory.TYPE_CONFIDENTIAL, ClientAccessTypeConditionFactory.TYPE_BEARERONLY, ClientAccessTypeConditionFactory.TYPE_PUBLIC))).addProfile(profileName).toRepresentation()).toRepresentation();
    assertClientPolicy(expected);
    // remove condition
    clientPolicyPage.navigateTo();
    clientPolicyPage.conditionsTable().clickDeleteCondition(ClientAccessTypeConditionFactory.PROVIDER_ID);
    modalDialog.confirmDeletion();
    assertAlertSuccess();
    expected.getPolicies().get(0).getConditions().remove(0);
    assertClientPolicy(expected);
    assertFalse(clientPolicyPage.conditionsTable().isRowPresent(ClientAccessTypeConditionFactory.PROVIDER_ID));
    // edit policy
    clientPolicyPage.form().setPolicyName(policyName2);
    clientPolicyPage.form().setEnabled(false);
    clientPolicyPage.form().save();
    assertAlertSuccess();
    clientPoliciesPage.navigateTo();
    assertEquals(policyDesc, clientPoliciesPage.policiesTable().getDescription(policyName2));
    assertFalse(clientPoliciesPage.policiesTable().isEnabled(policyName2));
    // remove policy
    clientPoliciesPage.policiesTable().clickDeletePolicy(policyName2);
    modalDialog.confirmDeletion();
    assertAlertSuccess();
    assertClientPolicy(new ClientPoliciesRepresentation());
    assertFalse(clientPoliciesPage.policiesTable().isRowPresent(policyName2));
}
Also used : ClientProfileBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder) ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation) ClientProfilesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder) ClientPoliciesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder) ClientPolicyBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder) ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation) Test(org.junit.Test)

Example 17 with ClientPoliciesRepresentation

use of org.keycloak.representations.idm.ClientPoliciesRepresentation in project keycloak by keycloak.

the class ClientPoliciesTest method cleanup.

@After
public void cleanup() {
    testRealmResource().clientPoliciesPoliciesResource().updatePolicies(new ClientPoliciesRepresentation());
    testRealmResource().clientPoliciesProfilesResource().updateProfiles(new ClientProfilesRepresentation());
}
Also used : ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation) ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation) After(org.junit.After)

Example 18 with ClientPoliciesRepresentation

use of org.keycloak.representations.idm.ClientPoliciesRepresentation in project keycloak by keycloak.

the class ClientPoliciesTest method assertClientPolicy.

private void assertClientPolicy(ClientPoliciesRepresentation expected) {
    ClientPoliciesRepresentation actual = testRealmResource().clientPoliciesPoliciesResource().getPolicies();
    assertEquals(expected, actual);
}
Also used : ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation)

Example 19 with ClientPoliciesRepresentation

use of org.keycloak.representations.idm.ClientPoliciesRepresentation in project keycloak by keycloak.

the class ClientPoliciesUtil method getEnabledClientPolicies.

/**
 * Gets existing enabled client policies in a realm.
 * not return null.
 */
static List<ClientPolicy> getEnabledClientPolicies(KeycloakSession session, RealmModel realm) {
    // get existing profiles as json
    String policiesJson = getClientPoliciesJsonString(realm);
    if (policiesJson == null) {
        return Collections.emptyList();
    }
    // deserialize existing policies (json -> representation)
    ClientPoliciesRepresentation policiesRep = null;
    try {
        policiesRep = convertClientPoliciesJsonToRepresentation(policiesJson);
    } catch (ClientPolicyException e) {
        logger.warnv("Failed to serialize client policies json string. err={0}, errDetail={1}", e.getError(), e.getErrorDetail());
        return Collections.emptyList();
    }
    if (policiesRep == null || policiesRep.getPolicies() == null) {
        return Collections.emptyList();
    }
    // constructing existing policies (representation -> model)
    List<ClientPolicy> policyList = new ArrayList<>();
    for (ClientPolicyRepresentation policyRep : policiesRep.getPolicies()) {
        // ignore policy without name
        if (policyRep.getName() == null) {
            logger.warnf("Ignored client policy without name in the realm %s", realm.getName());
            continue;
        }
        // pick up only enabled policy
        if (policyRep.isEnabled() == null || policyRep.isEnabled() == false) {
            continue;
        }
        ClientPolicy policyModel = new ClientPolicy();
        policyModel.setName(policyRep.getName());
        policyModel.setDescription(policyRep.getDescription());
        policyModel.setEnable(true);
        List<ClientPolicyConditionProvider> conditions = new ArrayList<>();
        if (policyRep.getConditions() != null) {
            for (ClientPolicyConditionRepresentation conditionRep : policyRep.getConditions()) {
                ClientPolicyConditionProvider provider = getConditionProvider(session, realm, conditionRep.getConditionProviderId(), conditionRep.getConfiguration());
                conditions.add(provider);
            }
        }
        policyModel.setConditions(conditions);
        if (policyRep.getProfiles() != null) {
            policyModel.setProfiles(policyRep.getProfiles().stream().collect(Collectors.toList()));
        }
        policyList.add(policyModel);
    }
    return policyList;
}
Also used : ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation) ClientPolicyConditionProvider(org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider) ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation) ArrayList(java.util.ArrayList) ClientPolicyConditionRepresentation(org.keycloak.representations.idm.ClientPolicyConditionRepresentation)

Example 20 with ClientPoliciesRepresentation

use of org.keycloak.representations.idm.ClientPoliciesRepresentation in project keycloak by keycloak.

the class ClientPoliciesUtil method getValidatedClientPoliciesForUpdate.

/**
 * get validated and modified client policies as representation.
 * it can be constructed by merging proposed client policies with existing client policies.
 * not return null.
 *
 * @param session
 * @param realm
 * @param proposedPoliciesRep
 */
static ClientPoliciesRepresentation getValidatedClientPoliciesForUpdate(KeycloakSession session, RealmModel realm, ClientPoliciesRepresentation proposedPoliciesRep, List<ClientProfileRepresentation> existingGlobalProfiles) throws ClientPolicyException {
    if (realm == null) {
        throw new ClientPolicyException("realm not specified.");
    }
    // no policy contained (it is valid)
    List<ClientPolicyRepresentation> proposedPolicyRepList = proposedPoliciesRep.getPolicies();
    if (proposedPolicyRepList == null || proposedPolicyRepList.isEmpty()) {
        proposedPolicyRepList = new ArrayList<>();
        proposedPoliciesRep.setPolicies(new ArrayList<>());
    }
    // Policy without name not allowed
    if (proposedPolicyRepList.stream().anyMatch(clientPolicy -> clientPolicy.getName() == null || clientPolicy.getName().isEmpty())) {
        throw new ClientPolicyException("proposed client policy name missing.");
    }
    // duplicated policy name is not allowed.
    if (proposedPolicyRepList.size() != proposedPolicyRepList.stream().map(i -> i.getName()).distinct().count()) {
        throw new ClientPolicyException("proposed client policy name duplicated.");
    }
    // construct updating policies from existing policies and proposed policies
    ClientPoliciesRepresentation updatingPoliciesRep = new ClientPoliciesRepresentation();
    updatingPoliciesRep.setPolicies(new ArrayList<>());
    List<ClientPolicyRepresentation> updatingPoliciesList = updatingPoliciesRep.getPolicies();
    for (ClientPolicyRepresentation proposedPolicyRep : proposedPoliciesRep.getPolicies()) {
        // newly proposed builtin policy not allowed because builtin policy cannot added/deleted/modified.
        Boolean enabled = (proposedPolicyRep.isEnabled() != null) ? proposedPolicyRep.isEnabled() : Boolean.FALSE;
        // basically, proposed policy totally overrides existing policy except for enabled field..
        ClientPolicyRepresentation policyRep = new ClientPolicyRepresentation();
        policyRep.setName(proposedPolicyRep.getName());
        policyRep.setDescription(proposedPolicyRep.getDescription());
        policyRep.setEnabled(enabled);
        policyRep.setConditions(new ArrayList<>());
        if (proposedPolicyRep.getConditions() != null) {
            for (ClientPolicyConditionRepresentation conditionRep : proposedPolicyRep.getConditions()) {
                if (!isValidCondition(session, conditionRep.getConditionProviderId())) {
                    throw new ClientPolicyException("the proposed client policy contains the condition with its invalid configuration.");
                }
                policyRep.getConditions().add(conditionRep);
            }
        }
        Set<String> existingProfileNames = existingGlobalProfiles.stream().map(ClientProfileRepresentation::getName).collect(Collectors.toSet());
        ClientProfilesRepresentation reps = getClientProfilesRepresentation(session, realm);
        policyRep.setProfiles(new ArrayList<>());
        if (reps.getProfiles() != null) {
            existingProfileNames.addAll(reps.getProfiles().stream().map(ClientProfileRepresentation::getName).collect(Collectors.toSet()));
        }
        if (proposedPolicyRep.getProfiles() != null) {
            for (String profileName : proposedPolicyRep.getProfiles()) {
                if (!existingProfileNames.contains(profileName)) {
                    logger.warnf("Client policy %s referred not existing profile %s");
                    throw new ClientPolicyException("referring not existing client profile not allowed.");
                }
            }
            proposedPolicyRep.getProfiles().stream().distinct().forEach(profileName -> policyRep.getProfiles().add(profileName));
        }
        updatingPoliciesList.add(policyRep);
    }
    return updatingPoliciesRep;
}
Also used : ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation) ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation) Profile(org.keycloak.common.Profile) Logger(org.jboss.logging.Logger) Constants(org.keycloak.models.Constants) ArrayList(java.util.ArrayList) ComponentModel(org.keycloak.component.ComponentModel) ClientPolicyConditionConfigurationRepresentation(org.keycloak.representations.idm.ClientPolicyConditionConfigurationRepresentation) JsonNode(com.fasterxml.jackson.databind.JsonNode) LinkedList(java.util.LinkedList) ClientPolicyConditionProvider(org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider) ClientPolicyExecutorProvider(org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProvider) ClientPolicyConditionRepresentation(org.keycloak.representations.idm.ClientPolicyConditionRepresentation) ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation) ClientPolicyExecutorConfigurationRepresentation(org.keycloak.representations.idm.ClientPolicyExecutorConfigurationRepresentation) RealmModel(org.keycloak.models.RealmModel) Set(java.util.Set) KeycloakSession(org.keycloak.models.KeycloakSession) IOException(java.io.IOException) Collectors(java.util.stream.Collectors) JsonConfigComponentModel(org.keycloak.component.JsonConfigComponentModel) ClientPolicyExecutorRepresentation(org.keycloak.representations.idm.ClientPolicyExecutorRepresentation) ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation) JsonSerialization(org.keycloak.util.JsonSerialization) List(java.util.List) Collections(java.util.Collections) InputStream(java.io.InputStream) ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation) ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation) ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation) ClientPolicyConditionRepresentation(org.keycloak.representations.idm.ClientPolicyConditionRepresentation) ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation)

Aggregations

ClientPoliciesRepresentation (org.keycloak.representations.idm.ClientPoliciesRepresentation)21 ClientPolicyRepresentation (org.keycloak.representations.idm.ClientPolicyRepresentation)9 ClientProfilesRepresentation (org.keycloak.representations.idm.ClientProfilesRepresentation)9 Test (org.junit.Test)6 ClientProfileRepresentation (org.keycloak.representations.idm.ClientProfileRepresentation)4 ClientPolicyConditionRepresentation (org.keycloak.representations.idm.ClientPolicyConditionRepresentation)3 ClientPoliciesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder)3 IOException (java.io.IOException)2 InputStream (java.io.InputStream)2 ArrayList (java.util.ArrayList)2 ClientPolicyConditionConfigurationRepresentation (org.keycloak.representations.idm.ClientPolicyConditionConfigurationRepresentation)2 ClientPolicyException (org.keycloak.services.clientpolicy.ClientPolicyException)2 ClientPolicyConditionProvider (org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider)2 ClientPolicyBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder)2 ClientProfilesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder)2 JsonNode (com.fasterxml.jackson.databind.JsonNode)1 Collections (java.util.Collections)1 LinkedList (java.util.LinkedList)1 List (java.util.List)1 Set (java.util.Set)1