Examples with ClientProfileRepresentation org.keycloak.representations.idm.ClientProfileRepresentation used on opensource projects

Search in sources :

Example 1 with ClientProfileRepresentation

use of org.keycloak.representations.idm.ClientProfileRepresentation in project keycloak by keycloak.

the class ClientPoliciesImportExportTest method testRealmExportImport.

private void testRealmExportImport() throws Exception {
    testingClient.testing().exportImport().setAction(ExportImportConfig.ACTION_EXPORT);
    testingClient.testing().exportImport().setRealmName("test");
    testingClient.testing().exportImport().runExport();
    // Delete some realm (and some data in admin realm)
    adminClient.realm("test").remove();
    Assert.assertNames(adminClient.realms().findAll(), "master");
    // Configure import
    testingClient.testing().exportImport().setAction(ExportImportConfig.ACTION_IMPORT);
    testingClient.testing().exportImport().runImport();
    // Ensure data are imported back, but just for "test" realm
    Assert.assertNames(adminClient.realms().findAll(), "master", "test");
    assertExpectedLoadedProfiles((ClientProfilesRepresentation reps) -> {
        ClientProfileRepresentation rep = getProfileRepresentation(reps, "ordinal-test-profile", false);
        assertExpectedProfile(rep, "ordinal-test-profile", "The profile that can be loaded.");
    });
    assertExpectedLoadedPolicies((ClientPoliciesRepresentation reps) -> {
        ClientPolicyRepresentation rep = getPolicyRepresentation(reps, "new-policy");
        assertExpectedPolicy("new-policy", "duplicated profiles are ignored.", true, Arrays.asList("ordinal-test-profile", "lack-of-builtin-field-test-profile"), rep);
    });
}
Also used : ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation) ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation) ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation) ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation)

Example 2 with ClientProfileRepresentation

use of org.keycloak.representations.idm.ClientProfileRepresentation in project keycloak by keycloak.

the class AbstractClientPoliciesTest method assertExpectedLoadedProfiles.

protected void assertExpectedLoadedProfiles(Consumer<ClientProfilesRepresentation> modifiedAssertion) throws Exception {
    // retrieve loaded builtin profiles
    ClientProfilesRepresentation actualProfilesRep = getProfilesWithGlobals();
    // same profiles
    assertExpectedProfiles(actualProfilesRep, Arrays.asList(FAPI1_BASELINE_PROFILE_NAME, FAPI1_ADVANCED_PROFILE_NAME, FAPI_CIBA_PROFILE_NAME), Arrays.asList("ordinal-test-profile", "lack-of-builtin-field-test-profile"));
    // each profile - fapi-1-baseline
    ClientProfileRepresentation actualProfileRep = getProfileRepresentation(actualProfilesRep, FAPI1_BASELINE_PROFILE_NAME, true);
    assertExpectedProfile(actualProfileRep, FAPI1_BASELINE_PROFILE_NAME, "Client profile, which enforce clients to conform 'Financial-grade API Security Profile 1.0 - Part 1: Baseline' specification.");
    // each executor
    assertExpectedExecutors(Arrays.asList(SecureSessionEnforceExecutorFactory.PROVIDER_ID, PKCEEnforcerExecutorFactory.PROVIDER_ID, SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, SecureClientUrisExecutorFactory.PROVIDER_ID, ConsentRequiredExecutorFactory.PROVIDER_ID, FullScopeDisabledExecutorFactory.PROVIDER_ID), actualProfileRep);
    assertExpectedSecureSessionEnforceExecutor(actualProfileRep);
    // each profile - ordinal-test-profile - updated
    actualProfileRep = getProfileRepresentation(actualProfilesRep, "ordinal-test-profile", false);
    modifiedAssertion.accept(actualProfilesRep);
    // each executor
    assertExpectedExecutors(Arrays.asList(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID), actualProfileRep);
    assertExpectedSecureClientAuthEnforceExecutor(Arrays.asList(JWTClientAuthenticator.PROVIDER_ID), JWTClientAuthenticator.PROVIDER_ID, actualProfileRep);
    // each profile - lack-of-builtin-field-test-profile
    actualProfileRep = getProfileRepresentation(actualProfilesRep, "lack-of-builtin-field-test-profile", false);
    assertExpectedProfile(actualProfileRep, "lack-of-builtin-field-test-profile", "Without builtin field that is treated as builtin=false.");
    // each executor
    assertExpectedExecutors(Arrays.asList(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID, SecureClientUrisExecutorFactory.PROVIDER_ID, SecureRequestObjectExecutorFactory.PROVIDER_ID, SecureResponseTypeExecutorFactory.PROVIDER_ID, SecureSessionEnforceExecutorFactory.PROVIDER_ID, SecureSigningAlgorithmExecutorFactory.PROVIDER_ID, SecureSigningAlgorithmForSignedJwtExecutorFactory.PROVIDER_ID), actualProfileRep);
    assertExpectedSecureClientAuthEnforceExecutor(Arrays.asList(JWTClientAuthenticator.PROVIDER_ID), JWTClientAuthenticator.PROVIDER_ID, actualProfileRep);
    assertExpectedHolderOfKeyEnforceExecutor(true, actualProfileRep);
    assertExpectedSecureRedirectUriEnforceExecutor(actualProfileRep);
    assertExpectedSecureRequestObjectExecutor(actualProfileRep);
    assertExpectedSecureResponseTypeExecutor(actualProfileRep);
    assertExpectedSecureSessionEnforceExecutor(actualProfileRep);
    assertExpectedSecureSigningAlgorithmEnforceExecutor(actualProfileRep);
    assertExpectedSecureSigningAlgorithmForSignedJwtEnforceExecutor(actualProfileRep);
}
Also used : ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation) ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation)

Example 3 with ClientProfileRepresentation

use of org.keycloak.representations.idm.ClientProfileRepresentation in project keycloak by keycloak.

the class AbstractClientPoliciesTest method deleteProfile.

protected void deleteProfile(String profileName) throws ClientPolicyException {
    if (profileName == null)
        return;
    ClientProfilesRepresentation reps = getProfilesWithoutGlobals();
    if (reps.getProfiles().stream().anyMatch(i -> profileName.equals(i.getName()))) {
        ClientProfileRepresentation rep = reps.getProfiles().stream().filter(i -> profileName.equals(i.getName())).collect(Collectors.toList()).get(0);
        reps.getProfiles().remove(rep);
        updateProfiles(convertToProfilesJson(reps));
    } else {
        return;
    }
}
Also used : ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation) ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation)

Example 4 with ClientProfileRepresentation

use of org.keycloak.representations.idm.ClientProfileRepresentation in project keycloak by keycloak.

the class ClientPoliciesLoadUpdateTest method testLoadBuiltinProfilesAndPolicies.

// Invalid formatted json profiles/policies are not accepted. Existing profiles/policies remain unchanged.
// Well-formed json but invalid semantic profiles/policies are not accepted. Existing profiles/policies remain unchanged.
// Recognized but invalid type fields are not accepted. Existing profiles/policies remain unchanged.
// Unrecognized fields of profiles/policies are not accepted. Existing profiles/policies are changed.
// Unrecognized fields of executors/conditions are accepted. Existing profiles/policies are changed.
// Duplicated fields of profiles/policies are accepted but the only last one is accepted. Existing profiles/policies are changed.
@Test
public void testLoadBuiltinProfilesAndPolicies() throws Exception {
    // retrieve loaded global profiles
    ClientProfilesRepresentation actualProfilesRep = getProfilesWithGlobals();
    // same profiles
    assertExpectedProfiles(actualProfilesRep, Arrays.asList(FAPI1_BASELINE_PROFILE_NAME, FAPI1_ADVANCED_PROFILE_NAME, FAPI_CIBA_PROFILE_NAME), Collections.emptyList());
    // each profile - fapi-1-baseline
    ClientProfileRepresentation actualProfileRep = getProfileRepresentation(actualProfilesRep, FAPI1_BASELINE_PROFILE_NAME, true);
    assertExpectedProfile(actualProfileRep, FAPI1_BASELINE_PROFILE_NAME, "Client profile, which enforce clients to conform 'Financial-grade API Security Profile 1.0 - Part 1: Baseline' specification.");
    // Test some executor
    assertExpectedExecutors(Arrays.asList(SecureSessionEnforceExecutorFactory.PROVIDER_ID, PKCEEnforcerExecutorFactory.PROVIDER_ID, SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, SecureClientUrisExecutorFactory.PROVIDER_ID, ConsentRequiredExecutorFactory.PROVIDER_ID, FullScopeDisabledExecutorFactory.PROVIDER_ID), actualProfileRep);
    assertExpectedSecureSessionEnforceExecutor(actualProfileRep);
    // Check the "get" request without globals. Assert nothing loaded
    actualProfilesRep = getProfilesWithoutGlobals();
    assertExpectedProfiles(actualProfilesRep, null, Collections.emptyList());
    // retrieve loaded builtin policies
    ClientPoliciesRepresentation actualPoliciesRep = getPolicies();
    // No global policies expected
    assertExpectedPolicies(Collections.emptyList(), actualPoliciesRep);
    ClientPolicyRepresentation actualPolicyRep = getPolicyRepresentation(actualPoliciesRep, "builtin-default-policy");
    Assert.assertNull(actualPolicyRep);
}
Also used : ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation) ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation) ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation) ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation) Test(org.junit.Test)

Example 5 with ClientProfileRepresentation

use of org.keycloak.representations.idm.ClientProfileRepresentation in project keycloak by keycloak.

the class ClientPoliciesUtil method getValidatedGlobalClientProfilesRepresentation.

/**
 * get validated and modified global (built-in) client profiles set on keycloak app as representation.
 * it is loaded from json file enclosed in keycloak's binary.
 * not return null.
 */
static List<ClientProfileRepresentation> getValidatedGlobalClientProfilesRepresentation(KeycloakSession session, InputStream is) throws ClientPolicyException {
    // load builtin client profiles representation
    ClientProfilesRepresentation proposedProfilesRep = null;
    try {
        proposedProfilesRep = JsonSerialization.readValue(is, ClientProfilesRepresentation.class);
    } catch (Exception e) {
        throw new ClientPolicyException("failed to deserialize global proposed client profiles json string.", e.getMessage());
    }
    if (proposedProfilesRep == null) {
        return Collections.emptyList();
    }
    // no profile contained (it is valid)
    List<ClientProfileRepresentation> proposedProfileRepList = proposedProfilesRep.getProfiles();
    if (proposedProfileRepList == null || proposedProfileRepList.isEmpty()) {
        return Collections.emptyList();
    }
    // duplicated profile name is not allowed.
    if (proposedProfileRepList.size() != proposedProfileRepList.stream().map(i -> i.getName()).distinct().count()) {
        throw new ClientPolicyException("proposed global client profile name duplicated.");
    }
    // construct validated and modified profiles from builtin profiles in JSON file enclosed in keycloak binary.
    List<ClientProfileRepresentation> updatingProfileList = new LinkedList<>();
    for (ClientProfileRepresentation proposedProfileRep : proposedProfilesRep.getProfiles()) {
        if (proposedProfileRep.getName() == null) {
            throw new ClientPolicyException("client profile without its name not allowed.");
        }
        ClientProfileRepresentation profileRep = new ClientProfileRepresentation();
        profileRep.setName(proposedProfileRep.getName());
        profileRep.setDescription(proposedProfileRep.getDescription());
        // to prevent returning null
        profileRep.setExecutors(new ArrayList<>());
        if (proposedProfileRep.getExecutors() != null) {
            for (ClientPolicyExecutorRepresentation executorRep : proposedProfileRep.getExecutors()) {
                // Skip the check if feature is disabled as then the executor implementations are disabled
                if (Profile.isFeatureEnabled(Profile.Feature.CLIENT_POLICIES) && !isValidExecutor(session, executorRep.getExecutorProviderId())) {
                    throw new ClientPolicyException("proposed client profile contains the executor with its invalid configuration.");
                }
                profileRep.getExecutors().add(executorRep);
            }
        }
        updatingProfileList.add(profileRep);
    }
    return updatingProfileList;
}
Also used : ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation) ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation) Profile(org.keycloak.common.Profile) Logger(org.jboss.logging.Logger) Constants(org.keycloak.models.Constants) ArrayList(java.util.ArrayList) ComponentModel(org.keycloak.component.ComponentModel) ClientPolicyConditionConfigurationRepresentation(org.keycloak.representations.idm.ClientPolicyConditionConfigurationRepresentation) JsonNode(com.fasterxml.jackson.databind.JsonNode) LinkedList(java.util.LinkedList) ClientPolicyConditionProvider(org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider) ClientPolicyExecutorProvider(org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProvider) ClientPolicyConditionRepresentation(org.keycloak.representations.idm.ClientPolicyConditionRepresentation) ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation) ClientPolicyExecutorConfigurationRepresentation(org.keycloak.representations.idm.ClientPolicyExecutorConfigurationRepresentation) RealmModel(org.keycloak.models.RealmModel) Set(java.util.Set) KeycloakSession(org.keycloak.models.KeycloakSession) IOException(java.io.IOException) Collectors(java.util.stream.Collectors) JsonConfigComponentModel(org.keycloak.component.JsonConfigComponentModel) ClientPolicyExecutorRepresentation(org.keycloak.representations.idm.ClientPolicyExecutorRepresentation) ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation) JsonSerialization(org.keycloak.util.JsonSerialization) List(java.util.List) Collections(java.util.Collections) InputStream(java.io.InputStream) ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation) ClientPolicyExecutorRepresentation(org.keycloak.representations.idm.ClientPolicyExecutorRepresentation) ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation) IOException(java.io.IOException) LinkedList(java.util.LinkedList)

Aggregations

ClientProfileRepresentation (org.keycloak.representations.idm.ClientProfileRepresentation)12 ClientProfilesRepresentation (org.keycloak.representations.idm.ClientProfilesRepresentation)9 ClientPolicyRepresentation (org.keycloak.representations.idm.ClientPolicyRepresentation)7 ClientPoliciesRepresentation (org.keycloak.representations.idm.ClientPoliciesRepresentation)6 ArrayList (java.util.ArrayList)4 ClientPolicyExecutorRepresentation (org.keycloak.representations.idm.ClientPolicyExecutorRepresentation)4 ClientPolicyExecutorProvider (org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProvider)4 JsonNode (com.fasterxml.jackson.databind.JsonNode)3 IOException (java.io.IOException)3 InputStream (java.io.InputStream)3 Collections (java.util.Collections)3 LinkedList (java.util.LinkedList)3 List (java.util.List)3 Set (java.util.Set)3 Collectors (java.util.stream.Collectors)3 Logger (org.jboss.logging.Logger)3 Test (org.junit.Test)3 Profile (org.keycloak.common.Profile)3 ComponentModel (org.keycloak.component.ComponentModel)3 JsonConfigComponentModel (org.keycloak.component.JsonConfigComponentModel)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial