Search in sources :

Example 1 with ClientPolicyConditionRepresentation

use of org.keycloak.representations.idm.ClientPolicyConditionRepresentation in project keycloak by keycloak.

the class JsonParserTest method testReadClientPolicy.

@Test
public void testReadClientPolicy() throws Exception {
    InputStream is = getClass().getClassLoader().getResourceAsStream("sample-client-policy.json");
    ClientPoliciesRepresentation clientPolicies = JsonSerialization.readValue(is, ClientPoliciesRepresentation.class);
    Assert.assertEquals(clientPolicies.getPolicies().size(), 1);
    ClientPolicyRepresentation clientPolicy = clientPolicies.getPolicies().get(0);
    Assert.assertEquals("some-policy", clientPolicy.getName());
    List<ClientPolicyConditionRepresentation> conditions = clientPolicy.getConditions();
    Assert.assertEquals(conditions.size(), 1);
    ClientPolicyConditionRepresentation condition = conditions.get(0);
    Assert.assertEquals("some-condition", condition.getConditionProviderId());
    ClientPolicyConditionConfigurationRepresentation configRep = JsonSerialization.mapper.convertValue(condition.getConfiguration(), ClientPolicyConditionConfigurationRepresentation.class);
    Assert.assertEquals(true, configRep.isNegativeLogic());
    Assert.assertEquals("val1", configRep.getConfigAsMap().get("string-option"));
    Assert.assertEquals(14, configRep.getConfigAsMap().get("int-option"));
    Assert.assertEquals(true, configRep.getConfigAsMap().get("bool-option"));
    Assert.assertNull(configRep.getConfigAsMap().get("not-existing-option"));
}
Also used : ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation) ClientPolicyConditionConfigurationRepresentation(org.keycloak.representations.idm.ClientPolicyConditionConfigurationRepresentation) InputStream(java.io.InputStream) ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation) ClientPolicyConditionRepresentation(org.keycloak.representations.idm.ClientPolicyConditionRepresentation) Test(org.junit.Test)

Example 2 with ClientPolicyConditionRepresentation

use of org.keycloak.representations.idm.ClientPolicyConditionRepresentation in project keycloak by keycloak.

the class ClientPoliciesUtil method getEnabledClientPolicies.

/**
 * Gets existing enabled client policies in a realm.
 * not return null.
 */
static List<ClientPolicy> getEnabledClientPolicies(KeycloakSession session, RealmModel realm) {
    // get existing profiles as json
    String policiesJson = getClientPoliciesJsonString(realm);
    if (policiesJson == null) {
        return Collections.emptyList();
    }
    // deserialize existing policies (json -> representation)
    ClientPoliciesRepresentation policiesRep = null;
    try {
        policiesRep = convertClientPoliciesJsonToRepresentation(policiesJson);
    } catch (ClientPolicyException e) {
        logger.warnv("Failed to serialize client policies json string. err={0}, errDetail={1}", e.getError(), e.getErrorDetail());
        return Collections.emptyList();
    }
    if (policiesRep == null || policiesRep.getPolicies() == null) {
        return Collections.emptyList();
    }
    // constructing existing policies (representation -> model)
    List<ClientPolicy> policyList = new ArrayList<>();
    for (ClientPolicyRepresentation policyRep : policiesRep.getPolicies()) {
        // ignore policy without name
        if (policyRep.getName() == null) {
            logger.warnf("Ignored client policy without name in the realm %s", realm.getName());
            continue;
        }
        // pick up only enabled policy
        if (policyRep.isEnabled() == null || policyRep.isEnabled() == false) {
            continue;
        }
        ClientPolicy policyModel = new ClientPolicy();
        policyModel.setName(policyRep.getName());
        policyModel.setDescription(policyRep.getDescription());
        policyModel.setEnable(true);
        List<ClientPolicyConditionProvider> conditions = new ArrayList<>();
        if (policyRep.getConditions() != null) {
            for (ClientPolicyConditionRepresentation conditionRep : policyRep.getConditions()) {
                ClientPolicyConditionProvider provider = getConditionProvider(session, realm, conditionRep.getConditionProviderId(), conditionRep.getConfiguration());
                conditions.add(provider);
            }
        }
        policyModel.setConditions(conditions);
        if (policyRep.getProfiles() != null) {
            policyModel.setProfiles(policyRep.getProfiles().stream().collect(Collectors.toList()));
        }
        policyList.add(policyModel);
    }
    return policyList;
}
Also used : ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation) ClientPolicyConditionProvider(org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider) ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation) ArrayList(java.util.ArrayList) ClientPolicyConditionRepresentation(org.keycloak.representations.idm.ClientPolicyConditionRepresentation)

Example 3 with ClientPolicyConditionRepresentation

use of org.keycloak.representations.idm.ClientPolicyConditionRepresentation in project keycloak by keycloak.

the class ClientPoliciesUtil method getValidatedClientPoliciesForUpdate.

/**
 * get validated and modified client policies as representation.
 * it can be constructed by merging proposed client policies with existing client policies.
 * not return null.
 *
 * @param session
 * @param realm
 * @param proposedPoliciesRep
 */
static ClientPoliciesRepresentation getValidatedClientPoliciesForUpdate(KeycloakSession session, RealmModel realm, ClientPoliciesRepresentation proposedPoliciesRep, List<ClientProfileRepresentation> existingGlobalProfiles) throws ClientPolicyException {
    if (realm == null) {
        throw new ClientPolicyException("realm not specified.");
    }
    // no policy contained (it is valid)
    List<ClientPolicyRepresentation> proposedPolicyRepList = proposedPoliciesRep.getPolicies();
    if (proposedPolicyRepList == null || proposedPolicyRepList.isEmpty()) {
        proposedPolicyRepList = new ArrayList<>();
        proposedPoliciesRep.setPolicies(new ArrayList<>());
    }
    // Policy without name not allowed
    if (proposedPolicyRepList.stream().anyMatch(clientPolicy -> clientPolicy.getName() == null || clientPolicy.getName().isEmpty())) {
        throw new ClientPolicyException("proposed client policy name missing.");
    }
    // duplicated policy name is not allowed.
    if (proposedPolicyRepList.size() != proposedPolicyRepList.stream().map(i -> i.getName()).distinct().count()) {
        throw new ClientPolicyException("proposed client policy name duplicated.");
    }
    // construct updating policies from existing policies and proposed policies
    ClientPoliciesRepresentation updatingPoliciesRep = new ClientPoliciesRepresentation();
    updatingPoliciesRep.setPolicies(new ArrayList<>());
    List<ClientPolicyRepresentation> updatingPoliciesList = updatingPoliciesRep.getPolicies();
    for (ClientPolicyRepresentation proposedPolicyRep : proposedPoliciesRep.getPolicies()) {
        // newly proposed builtin policy not allowed because builtin policy cannot added/deleted/modified.
        Boolean enabled = (proposedPolicyRep.isEnabled() != null) ? proposedPolicyRep.isEnabled() : Boolean.FALSE;
        // basically, proposed policy totally overrides existing policy except for enabled field..
        ClientPolicyRepresentation policyRep = new ClientPolicyRepresentation();
        policyRep.setName(proposedPolicyRep.getName());
        policyRep.setDescription(proposedPolicyRep.getDescription());
        policyRep.setEnabled(enabled);
        policyRep.setConditions(new ArrayList<>());
        if (proposedPolicyRep.getConditions() != null) {
            for (ClientPolicyConditionRepresentation conditionRep : proposedPolicyRep.getConditions()) {
                if (!isValidCondition(session, conditionRep.getConditionProviderId())) {
                    throw new ClientPolicyException("the proposed client policy contains the condition with its invalid configuration.");
                }
                policyRep.getConditions().add(conditionRep);
            }
        }
        Set<String> existingProfileNames = existingGlobalProfiles.stream().map(ClientProfileRepresentation::getName).collect(Collectors.toSet());
        ClientProfilesRepresentation reps = getClientProfilesRepresentation(session, realm);
        policyRep.setProfiles(new ArrayList<>());
        if (reps.getProfiles() != null) {
            existingProfileNames.addAll(reps.getProfiles().stream().map(ClientProfileRepresentation::getName).collect(Collectors.toSet()));
        }
        if (proposedPolicyRep.getProfiles() != null) {
            for (String profileName : proposedPolicyRep.getProfiles()) {
                if (!existingProfileNames.contains(profileName)) {
                    logger.warnf("Client policy %s referred not existing profile %s");
                    throw new ClientPolicyException("referring not existing client profile not allowed.");
                }
            }
            proposedPolicyRep.getProfiles().stream().distinct().forEach(profileName -> policyRep.getProfiles().add(profileName));
        }
        updatingPoliciesList.add(policyRep);
    }
    return updatingPoliciesRep;
}
Also used : ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation) ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation) Profile(org.keycloak.common.Profile) Logger(org.jboss.logging.Logger) Constants(org.keycloak.models.Constants) ArrayList(java.util.ArrayList) ComponentModel(org.keycloak.component.ComponentModel) ClientPolicyConditionConfigurationRepresentation(org.keycloak.representations.idm.ClientPolicyConditionConfigurationRepresentation) JsonNode(com.fasterxml.jackson.databind.JsonNode) LinkedList(java.util.LinkedList) ClientPolicyConditionProvider(org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider) ClientPolicyExecutorProvider(org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProvider) ClientPolicyConditionRepresentation(org.keycloak.representations.idm.ClientPolicyConditionRepresentation) ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation) ClientPolicyExecutorConfigurationRepresentation(org.keycloak.representations.idm.ClientPolicyExecutorConfigurationRepresentation) RealmModel(org.keycloak.models.RealmModel) Set(java.util.Set) KeycloakSession(org.keycloak.models.KeycloakSession) IOException(java.io.IOException) Collectors(java.util.stream.Collectors) JsonConfigComponentModel(org.keycloak.component.JsonConfigComponentModel) ClientPolicyExecutorRepresentation(org.keycloak.representations.idm.ClientPolicyExecutorRepresentation) ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation) JsonSerialization(org.keycloak.util.JsonSerialization) List(java.util.List) Collections(java.util.Collections) InputStream(java.io.InputStream) ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation) ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation) ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation) ClientPolicyConditionRepresentation(org.keycloak.representations.idm.ClientPolicyConditionRepresentation) ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation)

Aggregations

ClientPoliciesRepresentation (org.keycloak.representations.idm.ClientPoliciesRepresentation)3 ClientPolicyConditionRepresentation (org.keycloak.representations.idm.ClientPolicyConditionRepresentation)3 ClientPolicyRepresentation (org.keycloak.representations.idm.ClientPolicyRepresentation)3 InputStream (java.io.InputStream)2 ArrayList (java.util.ArrayList)2 ClientPolicyConditionConfigurationRepresentation (org.keycloak.representations.idm.ClientPolicyConditionConfigurationRepresentation)2 ClientPolicyConditionProvider (org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider)2 JsonNode (com.fasterxml.jackson.databind.JsonNode)1 IOException (java.io.IOException)1 Collections (java.util.Collections)1 LinkedList (java.util.LinkedList)1 List (java.util.List)1 Set (java.util.Set)1 Collectors (java.util.stream.Collectors)1 Logger (org.jboss.logging.Logger)1 Test (org.junit.Test)1 Profile (org.keycloak.common.Profile)1 ComponentModel (org.keycloak.component.ComponentModel)1 JsonConfigComponentModel (org.keycloak.component.JsonConfigComponentModel)1 Constants (org.keycloak.models.Constants)1