Example 11 with ClientPolicyRepresentation
use of org.keycloak.representations.idm.ClientPolicyRepresentation in project keycloak by keycloak.
the class ClientPoliciesUtil method getValidatedClientPoliciesForUpdate.
/**
* get validated and modified client policies as representation.
* it can be constructed by merging proposed client policies with existing client policies.
* not return null.
*
* @param session
* @param realm
* @param proposedPoliciesRep
*/
static ClientPoliciesRepresentation getValidatedClientPoliciesForUpdate(KeycloakSession session, RealmModel realm, ClientPoliciesRepresentation proposedPoliciesRep, List<ClientProfileRepresentation> existingGlobalProfiles) throws ClientPolicyException {
if (realm == null) {
throw new ClientPolicyException("realm not specified.");
}
// no policy contained (it is valid)
List<ClientPolicyRepresentation> proposedPolicyRepList = proposedPoliciesRep.getPolicies();
if (proposedPolicyRepList == null || proposedPolicyRepList.isEmpty()) {
proposedPolicyRepList = new ArrayList<>();
proposedPoliciesRep.setPolicies(new ArrayList<>());
}
// Policy without name not allowed
if (proposedPolicyRepList.stream().anyMatch(clientPolicy -> clientPolicy.getName() == null || clientPolicy.getName().isEmpty())) {
throw new ClientPolicyException("proposed client policy name missing.");
}
// duplicated policy name is not allowed.
if (proposedPolicyRepList.size() != proposedPolicyRepList.stream().map(i -> i.getName()).distinct().count()) {
throw new ClientPolicyException("proposed client policy name duplicated.");
}
// construct updating policies from existing policies and proposed policies
ClientPoliciesRepresentation updatingPoliciesRep = new ClientPoliciesRepresentation();
updatingPoliciesRep.setPolicies(new ArrayList<>());
List<ClientPolicyRepresentation> updatingPoliciesList = updatingPoliciesRep.getPolicies();
for (ClientPolicyRepresentation proposedPolicyRep : proposedPoliciesRep.getPolicies()) {
// newly proposed builtin policy not allowed because builtin policy cannot added/deleted/modified.
Boolean enabled = (proposedPolicyRep.isEnabled() != null) ? proposedPolicyRep.isEnabled() : Boolean.FALSE;
// basically, proposed policy totally overrides existing policy except for enabled field..
ClientPolicyRepresentation policyRep = new ClientPolicyRepresentation();
policyRep.setName(proposedPolicyRep.getName());
policyRep.setDescription(proposedPolicyRep.getDescription());
policyRep.setEnabled(enabled);
policyRep.setConditions(new ArrayList<>());
if (proposedPolicyRep.getConditions() != null) {
for (ClientPolicyConditionRepresentation conditionRep : proposedPolicyRep.getConditions()) {
if (!isValidCondition(session, conditionRep.getConditionProviderId())) {
throw new ClientPolicyException("the proposed client policy contains the condition with its invalid configuration.");
}
policyRep.getConditions().add(conditionRep);
}
}
Set<String> existingProfileNames = existingGlobalProfiles.stream().map(ClientProfileRepresentation::getName).collect(Collectors.toSet());
ClientProfilesRepresentation reps = getClientProfilesRepresentation(session, realm);
policyRep.setProfiles(new ArrayList<>());
if (reps.getProfiles() != null) {
existingProfileNames.addAll(reps.getProfiles().stream().map(ClientProfileRepresentation::getName).collect(Collectors.toSet()));
}
if (proposedPolicyRep.getProfiles() != null) {
for (String profileName : proposedPolicyRep.getProfiles()) {
if (!existingProfileNames.contains(profileName)) {
logger.warnf("Client policy %s referred not existing profile %s");
throw new ClientPolicyException("referring not existing client profile not allowed.");
}
}
proposedPolicyRep.getProfiles().stream().distinct().forEach(profileName -> policyRep.getProfiles().add(profileName));
}
updatingPoliciesList.add(policyRep);
}
return updatingPoliciesRep;
}
Also used :
ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation)
ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation)
Profile(org.keycloak.common.Profile)
Logger(org.jboss.logging.Logger)
Constants(org.keycloak.models.Constants)
ArrayList(java.util.ArrayList)
ComponentModel(org.keycloak.component.ComponentModel)
ClientPolicyConditionConfigurationRepresentation(org.keycloak.representations.idm.ClientPolicyConditionConfigurationRepresentation)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
LinkedList(java.util.LinkedList)
ClientPolicyConditionProvider(org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider)
ClientPolicyExecutorProvider(org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProvider)
ClientPolicyConditionRepresentation(org.keycloak.representations.idm.ClientPolicyConditionRepresentation)
ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation)
ClientPolicyExecutorConfigurationRepresentation(org.keycloak.representations.idm.ClientPolicyExecutorConfigurationRepresentation)
RealmModel(org.keycloak.models.RealmModel)
Set(java.util.Set)
KeycloakSession(org.keycloak.models.KeycloakSession)
IOException(java.io.IOException)
Collectors(java.util.stream.Collectors)
JsonConfigComponentModel(org.keycloak.component.JsonConfigComponentModel)
ClientPolicyExecutorRepresentation(org.keycloak.representations.idm.ClientPolicyExecutorRepresentation)
ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation)
JsonSerialization(org.keycloak.util.JsonSerialization)
List(java.util.List)
Collections(java.util.Collections)
InputStream(java.io.InputStream)
ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation)
ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation)
ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation)
ClientPolicyConditionRepresentation(org.keycloak.representations.idm.ClientPolicyConditionRepresentation)
ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation)
Aggregations
ClientPolicyRepresentation (org.keycloak.representations.idm.ClientPolicyRepresentation)11
ClientPoliciesRepresentation (org.keycloak.representations.idm.ClientPoliciesRepresentation)9
ClientProfileRepresentation (org.keycloak.representations.idm.ClientProfileRepresentation)5
Test (org.junit.Test)4
ClientProfilesRepresentation (org.keycloak.representations.idm.ClientProfilesRepresentation)4
ClientPolicyConditionRepresentation (org.keycloak.representations.idm.ClientPolicyConditionRepresentation)3
ClientPoliciesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder)3
InputStream (java.io.InputStream)2
ArrayList (java.util.ArrayList)2
ClientPolicyConditionConfigurationRepresentation (org.keycloak.representations.idm.ClientPolicyConditionConfigurationRepresentation)2
ClientPolicyConditionProvider (org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider)2
ClientPolicyBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder)2
ClientProfilesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder)2
JsonNode (com.fasterxml.jackson.databind.JsonNode)1
IOException (java.io.IOException)1
Collections (java.util.Collections)1
LinkedList (java.util.LinkedList)1
List (java.util.List)1
Set (java.util.Set)1
Collectors (java.util.stream.Collectors)1
