use of org.keycloak.representations.idm.ClientPolicyRepresentation in project keycloak by keycloak.
the class ClientPoliciesImportExportTest method testRealmExportImport.
private void testRealmExportImport() throws Exception {
testingClient.testing().exportImport().setAction(ExportImportConfig.ACTION_EXPORT);
testingClient.testing().exportImport().setRealmName("test");
testingClient.testing().exportImport().runExport();
// Delete some realm (and some data in admin realm)
adminClient.realm("test").remove();
Assert.assertNames(adminClient.realms().findAll(), "master");
// Configure import
testingClient.testing().exportImport().setAction(ExportImportConfig.ACTION_IMPORT);
testingClient.testing().exportImport().runImport();
// Ensure data are imported back, but just for "test" realm
Assert.assertNames(adminClient.realms().findAll(), "master", "test");
assertExpectedLoadedProfiles((ClientProfilesRepresentation reps) -> {
ClientProfileRepresentation rep = getProfileRepresentation(reps, "ordinal-test-profile", false);
assertExpectedProfile(rep, "ordinal-test-profile", "The profile that can be loaded.");
});
assertExpectedLoadedPolicies((ClientPoliciesRepresentation reps) -> {
ClientPolicyRepresentation rep = getPolicyRepresentation(reps, "new-policy");
assertExpectedPolicy("new-policy", "duplicated profiles are ignored.", true, Arrays.asList("ordinal-test-profile", "lack-of-builtin-field-test-profile"), rep);
});
}
use of org.keycloak.representations.idm.ClientPolicyRepresentation in project keycloak by keycloak.
the class JsonParserTest method testReadClientPolicy.
@Test
public void testReadClientPolicy() throws Exception {
InputStream is = getClass().getClassLoader().getResourceAsStream("sample-client-policy.json");
ClientPoliciesRepresentation clientPolicies = JsonSerialization.readValue(is, ClientPoliciesRepresentation.class);
Assert.assertEquals(clientPolicies.getPolicies().size(), 1);
ClientPolicyRepresentation clientPolicy = clientPolicies.getPolicies().get(0);
Assert.assertEquals("some-policy", clientPolicy.getName());
List<ClientPolicyConditionRepresentation> conditions = clientPolicy.getConditions();
Assert.assertEquals(conditions.size(), 1);
ClientPolicyConditionRepresentation condition = conditions.get(0);
Assert.assertEquals("some-condition", condition.getConditionProviderId());
ClientPolicyConditionConfigurationRepresentation configRep = JsonSerialization.mapper.convertValue(condition.getConfiguration(), ClientPolicyConditionConfigurationRepresentation.class);
Assert.assertEquals(true, configRep.isNegativeLogic());
Assert.assertEquals("val1", configRep.getConfigAsMap().get("string-option"));
Assert.assertEquals(14, configRep.getConfigAsMap().get("int-option"));
Assert.assertEquals(true, configRep.getConfigAsMap().get("bool-option"));
Assert.assertNull(configRep.getConfigAsMap().get("not-existing-option"));
}
use of org.keycloak.representations.idm.ClientPolicyRepresentation in project keycloak by keycloak.
the class AbstractClientPoliciesTest method assertExpectedLoadedPolicies.
protected void assertExpectedLoadedPolicies(Consumer<ClientPoliciesRepresentation> modifiedAssertion) {
// retrieve loaded builtin policies
ClientPoliciesRepresentation actualPoliciesRep = getPolicies();
// same policies
assertExpectedPolicies(Arrays.asList("new-policy", "lack-of-builtin-field-test-policy"), actualPoliciesRep);
// each policy - new-policy - updated
ClientPolicyRepresentation actualPolicyRep = getPolicyRepresentation(actualPoliciesRep, "new-policy");
modifiedAssertion.accept(actualPoliciesRep);
// each condition
assertExpectedConditions(Arrays.asList(ClientAccessTypeConditionFactory.PROVIDER_ID, ClientRolesConditionFactory.PROVIDER_ID, ClientScopesConditionFactory.PROVIDER_ID), actualPolicyRep);
assertExpectedClientAccessTypeCondition(Arrays.asList(ClientAccessTypeConditionFactory.TYPE_PUBLIC, ClientAccessTypeConditionFactory.TYPE_BEARERONLY), actualPolicyRep);
assertExpectedClientRolesCondition(Arrays.asList(SAMPLE_CLIENT_ROLE), actualPolicyRep);
assertExpectedClientScopesCondition(ClientScopesConditionFactory.OPTIONAL, Arrays.asList(SAMPLE_CLIENT_ROLE), actualPolicyRep);
// each policy - lack-of-builtin-field-test-policy
actualPolicyRep = getPolicyRepresentation(actualPoliciesRep, "lack-of-builtin-field-test-policy");
assertExpectedPolicy("lack-of-builtin-field-test-policy", "Without builtin field that is treated as builtin=false.", false, Arrays.asList("lack-of-builtin-field-test-profile"), actualPolicyRep);
// each condition
assertExpectedConditions(Arrays.asList(ClientUpdaterContextConditionFactory.PROVIDER_ID, ClientUpdaterSourceGroupsConditionFactory.PROVIDER_ID, ClientUpdaterSourceHostsConditionFactory.PROVIDER_ID, ClientUpdaterSourceRolesConditionFactory.PROVIDER_ID), actualPolicyRep);
assertExpectedClientUpdateContextCondition(Arrays.asList(ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER), actualPolicyRep);
assertExpectedClientUpdateSourceGroupsCondition(Arrays.asList("topGroup"), actualPolicyRep);
assertExpectedClientUpdateSourceHostsCondition(Arrays.asList("localhost", "127.0.0.1"), actualPolicyRep);
assertExpectedClientUpdateSourceRolesCondition(Arrays.asList(AdminRoles.CREATE_CLIENT), actualPolicyRep);
}
use of org.keycloak.representations.idm.ClientPolicyRepresentation in project keycloak by keycloak.
the class AbstractClientPoliciesTest method deletePolicy.
protected void deletePolicy(String policyName) throws ClientPolicyException {
if (policyName == null)
return;
ClientPoliciesRepresentation reps = getPolicies();
if (reps.getPolicies().stream().anyMatch(i -> policyName.equals(i.getName()))) {
ClientPolicyRepresentation rep = reps.getPolicies().stream().filter(i -> policyName.equals(i.getName())).collect(Collectors.toList()).get(0);
reps.getPolicies().remove(rep);
updatePolicies(convertToPoliciesJson(reps));
} else {
return;
}
}
use of org.keycloak.representations.idm.ClientPolicyRepresentation in project keycloak by keycloak.
the class ClientPoliciesLoadUpdateTest method testLoadBuiltinProfilesAndPolicies.
// Invalid formatted json profiles/policies are not accepted. Existing profiles/policies remain unchanged.
// Well-formed json but invalid semantic profiles/policies are not accepted. Existing profiles/policies remain unchanged.
// Recognized but invalid type fields are not accepted. Existing profiles/policies remain unchanged.
// Unrecognized fields of profiles/policies are not accepted. Existing profiles/policies are changed.
// Unrecognized fields of executors/conditions are accepted. Existing profiles/policies are changed.
// Duplicated fields of profiles/policies are accepted but the only last one is accepted. Existing profiles/policies are changed.
@Test
public void testLoadBuiltinProfilesAndPolicies() throws Exception {
// retrieve loaded global profiles
ClientProfilesRepresentation actualProfilesRep = getProfilesWithGlobals();
// same profiles
assertExpectedProfiles(actualProfilesRep, Arrays.asList(FAPI1_BASELINE_PROFILE_NAME, FAPI1_ADVANCED_PROFILE_NAME, FAPI_CIBA_PROFILE_NAME), Collections.emptyList());
// each profile - fapi-1-baseline
ClientProfileRepresentation actualProfileRep = getProfileRepresentation(actualProfilesRep, FAPI1_BASELINE_PROFILE_NAME, true);
assertExpectedProfile(actualProfileRep, FAPI1_BASELINE_PROFILE_NAME, "Client profile, which enforce clients to conform 'Financial-grade API Security Profile 1.0 - Part 1: Baseline' specification.");
// Test some executor
assertExpectedExecutors(Arrays.asList(SecureSessionEnforceExecutorFactory.PROVIDER_ID, PKCEEnforcerExecutorFactory.PROVIDER_ID, SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, SecureClientUrisExecutorFactory.PROVIDER_ID, ConsentRequiredExecutorFactory.PROVIDER_ID, FullScopeDisabledExecutorFactory.PROVIDER_ID), actualProfileRep);
assertExpectedSecureSessionEnforceExecutor(actualProfileRep);
// Check the "get" request without globals. Assert nothing loaded
actualProfilesRep = getProfilesWithoutGlobals();
assertExpectedProfiles(actualProfilesRep, null, Collections.emptyList());
// retrieve loaded builtin policies
ClientPoliciesRepresentation actualPoliciesRep = getPolicies();
// No global policies expected
assertExpectedPolicies(Collections.emptyList(), actualPoliciesRep);
ClientPolicyRepresentation actualPolicyRep = getPolicyRepresentation(actualPoliciesRep, "builtin-default-policy");
Assert.assertNull(actualPolicyRep);
}
Aggregations