Search in sources :

Example 1 with ClientPolicyRepresentation

use of org.keycloak.representations.idm.ClientPolicyRepresentation in project keycloak by keycloak.

the class ClientPoliciesImportExportTest method testRealmExportImport.

private void testRealmExportImport() throws Exception {
    testingClient.testing().exportImport().setAction(ExportImportConfig.ACTION_EXPORT);
    testingClient.testing().exportImport().setRealmName("test");
    testingClient.testing().exportImport().runExport();
    // Delete some realm (and some data in admin realm)
    adminClient.realm("test").remove();
    Assert.assertNames(adminClient.realms().findAll(), "master");
    // Configure import
    testingClient.testing().exportImport().setAction(ExportImportConfig.ACTION_IMPORT);
    testingClient.testing().exportImport().runImport();
    // Ensure data are imported back, but just for "test" realm
    Assert.assertNames(adminClient.realms().findAll(), "master", "test");
    assertExpectedLoadedProfiles((ClientProfilesRepresentation reps) -> {
        ClientProfileRepresentation rep = getProfileRepresentation(reps, "ordinal-test-profile", false);
        assertExpectedProfile(rep, "ordinal-test-profile", "The profile that can be loaded.");
    });
    assertExpectedLoadedPolicies((ClientPoliciesRepresentation reps) -> {
        ClientPolicyRepresentation rep = getPolicyRepresentation(reps, "new-policy");
        assertExpectedPolicy("new-policy", "duplicated profiles are ignored.", true, Arrays.asList("ordinal-test-profile", "lack-of-builtin-field-test-profile"), rep);
    });
}
Also used : ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation) ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation) ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation) ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation)

Example 2 with ClientPolicyRepresentation

use of org.keycloak.representations.idm.ClientPolicyRepresentation in project keycloak by keycloak.

the class JsonParserTest method testReadClientPolicy.

@Test
public void testReadClientPolicy() throws Exception {
    InputStream is = getClass().getClassLoader().getResourceAsStream("sample-client-policy.json");
    ClientPoliciesRepresentation clientPolicies = JsonSerialization.readValue(is, ClientPoliciesRepresentation.class);
    Assert.assertEquals(clientPolicies.getPolicies().size(), 1);
    ClientPolicyRepresentation clientPolicy = clientPolicies.getPolicies().get(0);
    Assert.assertEquals("some-policy", clientPolicy.getName());
    List<ClientPolicyConditionRepresentation> conditions = clientPolicy.getConditions();
    Assert.assertEquals(conditions.size(), 1);
    ClientPolicyConditionRepresentation condition = conditions.get(0);
    Assert.assertEquals("some-condition", condition.getConditionProviderId());
    ClientPolicyConditionConfigurationRepresentation configRep = JsonSerialization.mapper.convertValue(condition.getConfiguration(), ClientPolicyConditionConfigurationRepresentation.class);
    Assert.assertEquals(true, configRep.isNegativeLogic());
    Assert.assertEquals("val1", configRep.getConfigAsMap().get("string-option"));
    Assert.assertEquals(14, configRep.getConfigAsMap().get("int-option"));
    Assert.assertEquals(true, configRep.getConfigAsMap().get("bool-option"));
    Assert.assertNull(configRep.getConfigAsMap().get("not-existing-option"));
}
Also used : ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation) ClientPolicyConditionConfigurationRepresentation(org.keycloak.representations.idm.ClientPolicyConditionConfigurationRepresentation) InputStream(java.io.InputStream) ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation) ClientPolicyConditionRepresentation(org.keycloak.representations.idm.ClientPolicyConditionRepresentation) Test(org.junit.Test)

Example 3 with ClientPolicyRepresentation

use of org.keycloak.representations.idm.ClientPolicyRepresentation in project keycloak by keycloak.

the class AbstractClientPoliciesTest method assertExpectedLoadedPolicies.

protected void assertExpectedLoadedPolicies(Consumer<ClientPoliciesRepresentation> modifiedAssertion) {
    // retrieve loaded builtin policies
    ClientPoliciesRepresentation actualPoliciesRep = getPolicies();
    // same policies
    assertExpectedPolicies(Arrays.asList("new-policy", "lack-of-builtin-field-test-policy"), actualPoliciesRep);
    // each policy - new-policy - updated
    ClientPolicyRepresentation actualPolicyRep = getPolicyRepresentation(actualPoliciesRep, "new-policy");
    modifiedAssertion.accept(actualPoliciesRep);
    // each condition
    assertExpectedConditions(Arrays.asList(ClientAccessTypeConditionFactory.PROVIDER_ID, ClientRolesConditionFactory.PROVIDER_ID, ClientScopesConditionFactory.PROVIDER_ID), actualPolicyRep);
    assertExpectedClientAccessTypeCondition(Arrays.asList(ClientAccessTypeConditionFactory.TYPE_PUBLIC, ClientAccessTypeConditionFactory.TYPE_BEARERONLY), actualPolicyRep);
    assertExpectedClientRolesCondition(Arrays.asList(SAMPLE_CLIENT_ROLE), actualPolicyRep);
    assertExpectedClientScopesCondition(ClientScopesConditionFactory.OPTIONAL, Arrays.asList(SAMPLE_CLIENT_ROLE), actualPolicyRep);
    // each policy - lack-of-builtin-field-test-policy
    actualPolicyRep = getPolicyRepresentation(actualPoliciesRep, "lack-of-builtin-field-test-policy");
    assertExpectedPolicy("lack-of-builtin-field-test-policy", "Without builtin field that is treated as builtin=false.", false, Arrays.asList("lack-of-builtin-field-test-profile"), actualPolicyRep);
    // each condition
    assertExpectedConditions(Arrays.asList(ClientUpdaterContextConditionFactory.PROVIDER_ID, ClientUpdaterSourceGroupsConditionFactory.PROVIDER_ID, ClientUpdaterSourceHostsConditionFactory.PROVIDER_ID, ClientUpdaterSourceRolesConditionFactory.PROVIDER_ID), actualPolicyRep);
    assertExpectedClientUpdateContextCondition(Arrays.asList(ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER), actualPolicyRep);
    assertExpectedClientUpdateSourceGroupsCondition(Arrays.asList("topGroup"), actualPolicyRep);
    assertExpectedClientUpdateSourceHostsCondition(Arrays.asList("localhost", "127.0.0.1"), actualPolicyRep);
    assertExpectedClientUpdateSourceRolesCondition(Arrays.asList(AdminRoles.CREATE_CLIENT), actualPolicyRep);
}
Also used : ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation) ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation)

Example 4 with ClientPolicyRepresentation

use of org.keycloak.representations.idm.ClientPolicyRepresentation in project keycloak by keycloak.

the class AbstractClientPoliciesTest method deletePolicy.

protected void deletePolicy(String policyName) throws ClientPolicyException {
    if (policyName == null)
        return;
    ClientPoliciesRepresentation reps = getPolicies();
    if (reps.getPolicies().stream().anyMatch(i -> policyName.equals(i.getName()))) {
        ClientPolicyRepresentation rep = reps.getPolicies().stream().filter(i -> policyName.equals(i.getName())).collect(Collectors.toList()).get(0);
        reps.getPolicies().remove(rep);
        updatePolicies(convertToPoliciesJson(reps));
    } else {
        return;
    }
}
Also used : ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation) ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation)

Example 5 with ClientPolicyRepresentation

use of org.keycloak.representations.idm.ClientPolicyRepresentation in project keycloak by keycloak.

the class ClientPoliciesLoadUpdateTest method testLoadBuiltinProfilesAndPolicies.

// Invalid formatted json profiles/policies are not accepted. Existing profiles/policies remain unchanged.
// Well-formed json but invalid semantic profiles/policies are not accepted. Existing profiles/policies remain unchanged.
// Recognized but invalid type fields are not accepted. Existing profiles/policies remain unchanged.
// Unrecognized fields of profiles/policies are not accepted. Existing profiles/policies are changed.
// Unrecognized fields of executors/conditions are accepted. Existing profiles/policies are changed.
// Duplicated fields of profiles/policies are accepted but the only last one is accepted. Existing profiles/policies are changed.
@Test
public void testLoadBuiltinProfilesAndPolicies() throws Exception {
    // retrieve loaded global profiles
    ClientProfilesRepresentation actualProfilesRep = getProfilesWithGlobals();
    // same profiles
    assertExpectedProfiles(actualProfilesRep, Arrays.asList(FAPI1_BASELINE_PROFILE_NAME, FAPI1_ADVANCED_PROFILE_NAME, FAPI_CIBA_PROFILE_NAME), Collections.emptyList());
    // each profile - fapi-1-baseline
    ClientProfileRepresentation actualProfileRep = getProfileRepresentation(actualProfilesRep, FAPI1_BASELINE_PROFILE_NAME, true);
    assertExpectedProfile(actualProfileRep, FAPI1_BASELINE_PROFILE_NAME, "Client profile, which enforce clients to conform 'Financial-grade API Security Profile 1.0 - Part 1: Baseline' specification.");
    // Test some executor
    assertExpectedExecutors(Arrays.asList(SecureSessionEnforceExecutorFactory.PROVIDER_ID, PKCEEnforcerExecutorFactory.PROVIDER_ID, SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, SecureClientUrisExecutorFactory.PROVIDER_ID, ConsentRequiredExecutorFactory.PROVIDER_ID, FullScopeDisabledExecutorFactory.PROVIDER_ID), actualProfileRep);
    assertExpectedSecureSessionEnforceExecutor(actualProfileRep);
    // Check the "get" request without globals. Assert nothing loaded
    actualProfilesRep = getProfilesWithoutGlobals();
    assertExpectedProfiles(actualProfilesRep, null, Collections.emptyList());
    // retrieve loaded builtin policies
    ClientPoliciesRepresentation actualPoliciesRep = getPolicies();
    // No global policies expected
    assertExpectedPolicies(Collections.emptyList(), actualPoliciesRep);
    ClientPolicyRepresentation actualPolicyRep = getPolicyRepresentation(actualPoliciesRep, "builtin-default-policy");
    Assert.assertNull(actualPolicyRep);
}
Also used : ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation) ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation) ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation) ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation) Test(org.junit.Test)

Aggregations

ClientPolicyRepresentation (org.keycloak.representations.idm.ClientPolicyRepresentation)11 ClientPoliciesRepresentation (org.keycloak.representations.idm.ClientPoliciesRepresentation)9 ClientProfileRepresentation (org.keycloak.representations.idm.ClientProfileRepresentation)5 Test (org.junit.Test)4 ClientProfilesRepresentation (org.keycloak.representations.idm.ClientProfilesRepresentation)4 ClientPolicyConditionRepresentation (org.keycloak.representations.idm.ClientPolicyConditionRepresentation)3 ClientPoliciesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder)3 InputStream (java.io.InputStream)2 ArrayList (java.util.ArrayList)2 ClientPolicyConditionConfigurationRepresentation (org.keycloak.representations.idm.ClientPolicyConditionConfigurationRepresentation)2 ClientPolicyConditionProvider (org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider)2 ClientPolicyBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder)2 ClientProfilesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder)2 JsonNode (com.fasterxml.jackson.databind.JsonNode)1 IOException (java.io.IOException)1 Collections (java.util.Collections)1 LinkedList (java.util.LinkedList)1 List (java.util.List)1 Set (java.util.Set)1 Collectors (java.util.stream.Collectors)1