Example 16 with ClientPoliciesRepresentation
use of org.keycloak.representations.idm.ClientPoliciesRepresentation in project keycloak by keycloak.
the class ClientPoliciesTest method testPoliciesFormView.
@Test
public void testPoliciesFormView() throws Exception {
final String profileName = "mega-profile";
final String policyName = "mega-policy";
final String policyName2 = "mega-policy^2";
final String policyDesc = "mega-desc";
clientPoliciesPage.navigateTo();
clientPoliciesPage.assertCurrent();
clientPoliciesPage.policiesTable().clickCreatePolicy();
createClientPolicyPage.assertCurrent();
// create policy
createClientPolicyPage.form().setPolicyName(policyName);
createClientPolicyPage.form().setDescription(policyDesc);
assertTrue(createClientPolicyPage.form().isEnabled());
createClientPolicyPage.form().save();
assertAlertSuccess();
clientPolicyPage.setPolicyName(policyName);
clientPolicyPage.assertCurrent();
assertEquals(policyName, clientPolicyPage.form().getPolicyName());
clientPolicyPage.conditionsTable().clickCreateCondition();
// create condition
createConditionPage.setPolicyName(policyName);
createConditionPage.assertCurrent();
createConditionPage.form().setConditionType(ClientAccessTypeConditionFactory.PROVIDER_ID);
assertEquals(Stream.of(ClientAccessTypeConditionFactory.TYPE_CONFIDENTIAL).collect(Collectors.toSet()), conditionPage.form().getSelect2SelectedItems());
createConditionPage.form().selectSelect2Item(ClientAccessTypeConditionFactory.TYPE_BEARERONLY);
createConditionPage.form().save();
assertAlertSuccess();
// edit condition
clientPolicyPage.assertCurrent();
clientPolicyPage.conditionsTable().clickEditCondition(ClientAccessTypeConditionFactory.PROVIDER_ID);
conditionPage.setUriParameters(policyName, 0);
conditionPage.assertCurrent();
assertEquals(Stream.of(ClientAccessTypeConditionFactory.TYPE_CONFIDENTIAL, ClientAccessTypeConditionFactory.TYPE_BEARERONLY).collect(Collectors.toSet()), conditionPage.form().getSelect2SelectedItems());
createConditionPage.form().selectSelect2Item(ClientAccessTypeConditionFactory.TYPE_PUBLIC);
createConditionPage.form().save();
// create profile via REST
ClientProfilesRepresentation profiles = new ClientProfilesBuilder().addProfile(new ClientProfileBuilder().createProfile(profileName, "desc").addExecutor(HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID, createHolderOfKeyEnforceExecutorConfig(true)).toRepresentation()).toRepresentation();
testRealmResource().clientPoliciesProfilesResource().updateProfiles(profiles);
refreshPageAndWaitForLoad();
// add profile to policy
clientPolicyPage.profilesTable().addProfile(GLOBAL_PROFILE);
clientPolicyPage.profilesTable().addProfile(profileName);
assertEquals(Arrays.asList(GLOBAL_PROFILE, profileName), clientPolicyPage.profilesTable().getProfiles());
// remove profile
clientPolicyPage.profilesTable().clickDeleteProfile(GLOBAL_PROFILE);
assertAlertSuccess();
// assert JSON
ClientPoliciesRepresentation expected = new ClientPoliciesBuilder().addPolicy(new ClientPolicyBuilder().createPolicy(policyName, policyDesc, true).addCondition(ClientAccessTypeConditionFactory.PROVIDER_ID, createClientAccessTypeConditionConfig(Arrays.asList(ClientAccessTypeConditionFactory.TYPE_CONFIDENTIAL, ClientAccessTypeConditionFactory.TYPE_BEARERONLY, ClientAccessTypeConditionFactory.TYPE_PUBLIC))).addProfile(profileName).toRepresentation()).toRepresentation();
assertClientPolicy(expected);
// remove condition
clientPolicyPage.navigateTo();
clientPolicyPage.conditionsTable().clickDeleteCondition(ClientAccessTypeConditionFactory.PROVIDER_ID);
modalDialog.confirmDeletion();
assertAlertSuccess();
expected.getPolicies().get(0).getConditions().remove(0);
assertClientPolicy(expected);
assertFalse(clientPolicyPage.conditionsTable().isRowPresent(ClientAccessTypeConditionFactory.PROVIDER_ID));
// edit policy
clientPolicyPage.form().setPolicyName(policyName2);
clientPolicyPage.form().setEnabled(false);
clientPolicyPage.form().save();
assertAlertSuccess();
clientPoliciesPage.navigateTo();
assertEquals(policyDesc, clientPoliciesPage.policiesTable().getDescription(policyName2));
assertFalse(clientPoliciesPage.policiesTable().isEnabled(policyName2));
// remove policy
clientPoliciesPage.policiesTable().clickDeletePolicy(policyName2);
modalDialog.confirmDeletion();
assertAlertSuccess();
assertClientPolicy(new ClientPoliciesRepresentation());
assertFalse(clientPoliciesPage.policiesTable().isRowPresent(policyName2));
}
Also used :
ClientProfileBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder)
ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation)
ClientProfilesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder)
ClientPoliciesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder)
ClientPolicyBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder)
ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation)
Test(org.junit.Test)
Example 17 with ClientPoliciesRepresentation
use of org.keycloak.representations.idm.ClientPoliciesRepresentation in project keycloak by keycloak.
the class ClientPoliciesTest method cleanup.
@After
public void cleanup() {
testRealmResource().clientPoliciesPoliciesResource().updatePolicies(new ClientPoliciesRepresentation());
testRealmResource().clientPoliciesProfilesResource().updateProfiles(new ClientProfilesRepresentation());
}
Also used :
ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation)
ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation)
After(org.junit.After)
Example 18 with ClientPoliciesRepresentation
use of org.keycloak.representations.idm.ClientPoliciesRepresentation in project keycloak by keycloak.
the class ClientPoliciesTest method assertClientPolicy.
private void assertClientPolicy(ClientPoliciesRepresentation expected) {
ClientPoliciesRepresentation actual = testRealmResource().clientPoliciesPoliciesResource().getPolicies();
assertEquals(expected, actual);
}
Also used :
ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation)
Example 19 with ClientPoliciesRepresentation
use of org.keycloak.representations.idm.ClientPoliciesRepresentation in project keycloak by keycloak.
the class ClientPoliciesUtil method getEnabledClientPolicies.
/**
* Gets existing enabled client policies in a realm.
* not return null.
*/
static List<ClientPolicy> getEnabledClientPolicies(KeycloakSession session, RealmModel realm) {
// get existing profiles as json
String policiesJson = getClientPoliciesJsonString(realm);
if (policiesJson == null) {
return Collections.emptyList();
}
// deserialize existing policies (json -> representation)
ClientPoliciesRepresentation policiesRep = null;
try {
policiesRep = convertClientPoliciesJsonToRepresentation(policiesJson);
} catch (ClientPolicyException e) {
logger.warnv("Failed to serialize client policies json string. err={0}, errDetail={1}", e.getError(), e.getErrorDetail());
return Collections.emptyList();
}
if (policiesRep == null || policiesRep.getPolicies() == null) {
return Collections.emptyList();
}
// constructing existing policies (representation -> model)
List<ClientPolicy> policyList = new ArrayList<>();
for (ClientPolicyRepresentation policyRep : policiesRep.getPolicies()) {
// ignore policy without name
if (policyRep.getName() == null) {
logger.warnf("Ignored client policy without name in the realm %s", realm.getName());
continue;
}
// pick up only enabled policy
if (policyRep.isEnabled() == null || policyRep.isEnabled() == false) {
continue;
}
ClientPolicy policyModel = new ClientPolicy();
policyModel.setName(policyRep.getName());
policyModel.setDescription(policyRep.getDescription());
policyModel.setEnable(true);
List<ClientPolicyConditionProvider> conditions = new ArrayList<>();
if (policyRep.getConditions() != null) {
for (ClientPolicyConditionRepresentation conditionRep : policyRep.getConditions()) {
ClientPolicyConditionProvider provider = getConditionProvider(session, realm, conditionRep.getConditionProviderId(), conditionRep.getConfiguration());
conditions.add(provider);
}
}
policyModel.setConditions(conditions);
if (policyRep.getProfiles() != null) {
policyModel.setProfiles(policyRep.getProfiles().stream().collect(Collectors.toList()));
}
policyList.add(policyModel);
}
return policyList;
}
Also used :
ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation)
ClientPolicyConditionProvider(org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider)
ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation)
ArrayList(java.util.ArrayList)
ClientPolicyConditionRepresentation(org.keycloak.representations.idm.ClientPolicyConditionRepresentation)
Example 20 with ClientPoliciesRepresentation
use of org.keycloak.representations.idm.ClientPoliciesRepresentation in project keycloak by keycloak.
the class ClientPoliciesUtil method getValidatedClientPoliciesForUpdate.
/**
* get validated and modified client policies as representation.
* it can be constructed by merging proposed client policies with existing client policies.
* not return null.
*
* @param session
* @param realm
* @param proposedPoliciesRep
*/
static ClientPoliciesRepresentation getValidatedClientPoliciesForUpdate(KeycloakSession session, RealmModel realm, ClientPoliciesRepresentation proposedPoliciesRep, List<ClientProfileRepresentation> existingGlobalProfiles) throws ClientPolicyException {
if (realm == null) {
throw new ClientPolicyException("realm not specified.");
}
// no policy contained (it is valid)
List<ClientPolicyRepresentation> proposedPolicyRepList = proposedPoliciesRep.getPolicies();
if (proposedPolicyRepList == null || proposedPolicyRepList.isEmpty()) {
proposedPolicyRepList = new ArrayList<>();
proposedPoliciesRep.setPolicies(new ArrayList<>());
}
// Policy without name not allowed
if (proposedPolicyRepList.stream().anyMatch(clientPolicy -> clientPolicy.getName() == null || clientPolicy.getName().isEmpty())) {
throw new ClientPolicyException("proposed client policy name missing.");
}
// duplicated policy name is not allowed.
if (proposedPolicyRepList.size() != proposedPolicyRepList.stream().map(i -> i.getName()).distinct().count()) {
throw new ClientPolicyException("proposed client policy name duplicated.");
}
// construct updating policies from existing policies and proposed policies
ClientPoliciesRepresentation updatingPoliciesRep = new ClientPoliciesRepresentation();
updatingPoliciesRep.setPolicies(new ArrayList<>());
List<ClientPolicyRepresentation> updatingPoliciesList = updatingPoliciesRep.getPolicies();
for (ClientPolicyRepresentation proposedPolicyRep : proposedPoliciesRep.getPolicies()) {
// newly proposed builtin policy not allowed because builtin policy cannot added/deleted/modified.
Boolean enabled = (proposedPolicyRep.isEnabled() != null) ? proposedPolicyRep.isEnabled() : Boolean.FALSE;
// basically, proposed policy totally overrides existing policy except for enabled field..
ClientPolicyRepresentation policyRep = new ClientPolicyRepresentation();
policyRep.setName(proposedPolicyRep.getName());
policyRep.setDescription(proposedPolicyRep.getDescription());
policyRep.setEnabled(enabled);
policyRep.setConditions(new ArrayList<>());
if (proposedPolicyRep.getConditions() != null) {
for (ClientPolicyConditionRepresentation conditionRep : proposedPolicyRep.getConditions()) {
if (!isValidCondition(session, conditionRep.getConditionProviderId())) {
throw new ClientPolicyException("the proposed client policy contains the condition with its invalid configuration.");
}
policyRep.getConditions().add(conditionRep);
}
}
Set<String> existingProfileNames = existingGlobalProfiles.stream().map(ClientProfileRepresentation::getName).collect(Collectors.toSet());
ClientProfilesRepresentation reps = getClientProfilesRepresentation(session, realm);
policyRep.setProfiles(new ArrayList<>());
if (reps.getProfiles() != null) {
existingProfileNames.addAll(reps.getProfiles().stream().map(ClientProfileRepresentation::getName).collect(Collectors.toSet()));
}
if (proposedPolicyRep.getProfiles() != null) {
for (String profileName : proposedPolicyRep.getProfiles()) {
if (!existingProfileNames.contains(profileName)) {
logger.warnf("Client policy %s referred not existing profile %s");
throw new ClientPolicyException("referring not existing client profile not allowed.");
}
}
proposedPolicyRep.getProfiles().stream().distinct().forEach(profileName -> policyRep.getProfiles().add(profileName));
}
updatingPoliciesList.add(policyRep);
}
return updatingPoliciesRep;
}
Also used :
ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation)
ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation)
Profile(org.keycloak.common.Profile)
Logger(org.jboss.logging.Logger)
Constants(org.keycloak.models.Constants)
ArrayList(java.util.ArrayList)
ComponentModel(org.keycloak.component.ComponentModel)
ClientPolicyConditionConfigurationRepresentation(org.keycloak.representations.idm.ClientPolicyConditionConfigurationRepresentation)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
LinkedList(java.util.LinkedList)
ClientPolicyConditionProvider(org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider)
ClientPolicyExecutorProvider(org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProvider)
ClientPolicyConditionRepresentation(org.keycloak.representations.idm.ClientPolicyConditionRepresentation)
ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation)
ClientPolicyExecutorConfigurationRepresentation(org.keycloak.representations.idm.ClientPolicyExecutorConfigurationRepresentation)
RealmModel(org.keycloak.models.RealmModel)
Set(java.util.Set)
KeycloakSession(org.keycloak.models.KeycloakSession)
IOException(java.io.IOException)
Collectors(java.util.stream.Collectors)
JsonConfigComponentModel(org.keycloak.component.JsonConfigComponentModel)
ClientPolicyExecutorRepresentation(org.keycloak.representations.idm.ClientPolicyExecutorRepresentation)
ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation)
JsonSerialization(org.keycloak.util.JsonSerialization)
List(java.util.List)
Collections(java.util.Collections)
InputStream(java.io.InputStream)
ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation)
ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation)
ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation)
ClientPolicyConditionRepresentation(org.keycloak.representations.idm.ClientPolicyConditionRepresentation)
ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation)
Aggregations
ClientPoliciesRepresentation (org.keycloak.representations.idm.ClientPoliciesRepresentation)21
ClientPolicyRepresentation (org.keycloak.representations.idm.ClientPolicyRepresentation)9
ClientProfilesRepresentation (org.keycloak.representations.idm.ClientProfilesRepresentation)9
Test (org.junit.Test)6
ClientProfileRepresentation (org.keycloak.representations.idm.ClientProfileRepresentation)4
ClientPolicyConditionRepresentation (org.keycloak.representations.idm.ClientPolicyConditionRepresentation)3
ClientPoliciesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder)3
IOException (java.io.IOException)2
InputStream (java.io.InputStream)2
ArrayList (java.util.ArrayList)2
ClientPolicyConditionConfigurationRepresentation (org.keycloak.representations.idm.ClientPolicyConditionConfigurationRepresentation)2
ClientPolicyException (org.keycloak.services.clientpolicy.ClientPolicyException)2
ClientPolicyConditionProvider (org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider)2
ClientPolicyBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder)2
ClientProfilesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder)2
JsonNode (com.fasterxml.jackson.databind.JsonNode)1
Collections (java.util.Collections)1
LinkedList (java.util.LinkedList)1
List (java.util.List)1
Set (java.util.Set)1
