Example 6 with ClientProfileRepresentation
use of org.keycloak.representations.idm.ClientProfileRepresentation in project keycloak by keycloak.
the class ClientPoliciesUtil method getClientProfileModel.
/**
* Gets existing client profile of given name with resolved executor providers. It can be profile from realm or from global client profiles.
*/
static ClientProfile getClientProfileModel(KeycloakSession session, RealmModel realm, ClientProfilesRepresentation profilesRep, List<ClientProfileRepresentation> globalClientProfiles, String profileName) throws ClientPolicyException {
// Obtain profiles from realm
List<ClientProfileRepresentation> profiles = profilesRep.getProfiles();
if (profiles == null) {
profiles = new ArrayList<>();
}
// Add global profiles as well
profiles.addAll(globalClientProfiles);
ClientProfileRepresentation profileRep = profiles.stream().filter(clientProfile -> profileName.equals(clientProfile.getName())).findFirst().orElse(null);
if (profileRep == null) {
return null;
}
ClientProfile profileModel = new ClientProfile();
profileModel.setName(profileRep.getName());
profileModel.setDescription(profileRep.getDescription());
if (profileRep.getExecutors() == null) {
profileModel.setExecutors(new ArrayList<>());
return profileModel;
}
List<ClientPolicyExecutorProvider> executors = new ArrayList<>();
if (profileRep.getExecutors() != null) {
for (ClientPolicyExecutorRepresentation executorRep : profileRep.getExecutors()) {
ClientPolicyExecutorProvider provider = getExecutorProvider(session, realm, executorRep.getExecutorProviderId(), executorRep.getConfiguration());
executors.add(provider);
}
}
profileModel.setExecutors(executors);
return profileModel;
}
Also used :
ClientPolicyExecutorProvider(org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProvider)
ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation)
ClientPolicyExecutorRepresentation(org.keycloak.representations.idm.ClientPolicyExecutorRepresentation)
ArrayList(java.util.ArrayList)
Example 7 with ClientProfileRepresentation
use of org.keycloak.representations.idm.ClientProfileRepresentation in project keycloak by keycloak.
the class ClientPoliciesLoadUpdateTest method testUpdateValidProfilesAndPolicies.
@Test
public void testUpdateValidProfilesAndPolicies() throws Exception {
setupValidProfilesAndPolicies();
assertExpectedLoadedProfiles((ClientProfilesRepresentation reps) -> {
ClientProfileRepresentation rep = getProfileRepresentation(reps, "ordinal-test-profile", false);
assertExpectedProfile(rep, "ordinal-test-profile", "The profile that can be loaded.");
});
assertExpectedLoadedPolicies((ClientPoliciesRepresentation reps) -> {
ClientPolicyRepresentation rep = getPolicyRepresentation(reps, "new-policy");
assertExpectedPolicy("new-policy", "duplicated profiles are ignored.", true, Arrays.asList("ordinal-test-profile", "lack-of-builtin-field-test-profile"), rep);
});
// update existing profiles
String modifiedProfileDescription = "The profile has been updated.";
ClientProfilesRepresentation actualProfilesRep = getProfilesWithoutGlobals();
ClientProfilesBuilder profilesBuilder = new ClientProfilesBuilder();
actualProfilesRep.getProfiles().stream().forEach(i -> {
if (i.getName().equals("ordinal-test-profile")) {
i.setDescription(modifiedProfileDescription);
}
profilesBuilder.addProfile(i);
});
updateProfiles(profilesBuilder.toString());
assertExpectedLoadedProfiles((ClientProfilesRepresentation reps) -> {
ClientProfileRepresentation rep = getProfileRepresentation(reps, "ordinal-test-profile", false);
assertExpectedProfile(rep, "ordinal-test-profile", modifiedProfileDescription);
});
// update existing policies
String modifiedPolicyDescription = "The policy has also been updated.";
ClientPoliciesRepresentation actualPoliciesRep = getPolicies();
ClientPoliciesBuilder policiesBuilder = new ClientPoliciesBuilder();
actualPoliciesRep.getPolicies().stream().forEach(i -> {
if (i.getName().equals("new-policy")) {
i.setDescription(modifiedPolicyDescription);
i.setEnabled(null);
}
policiesBuilder.addPolicy(i);
});
updatePolicies(policiesBuilder.toString());
assertExpectedLoadedPolicies((ClientPoliciesRepresentation reps) -> {
ClientPolicyRepresentation rep = getPolicyRepresentation(reps, "new-policy");
assertExpectedPolicy("new-policy", modifiedPolicyDescription, false, Arrays.asList("ordinal-test-profile", "lack-of-builtin-field-test-profile"), rep);
});
}
Also used :
ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation)
ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation)
ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation)
ClientProfilesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder)
ClientPoliciesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder)
ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation)
Test(org.junit.Test)
Example 8 with ClientProfileRepresentation
use of org.keycloak.representations.idm.ClientProfileRepresentation in project keycloak by keycloak.
the class ClientPoliciesLoadUpdateTest method testDuplicatedProfiles.
@Test
public void testDuplicatedProfiles() throws Exception {
String beforeUpdateProfilesJson = ClientPoliciesUtil.convertClientProfilesRepresentationToJson(getProfilesWithGlobals());
// load profiles
ClientProfileRepresentation duplicatedProfileRep = (new ClientProfileBuilder()).createProfile("builtin-basic-security", "Enforce basic security level").addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, createSecureClientAuthenticatorExecutorConfig(Arrays.asList(ClientIdAndSecretAuthenticator.PROVIDER_ID, JWTClientAuthenticator.PROVIDER_ID), null)).addExecutor(PKCEEnforcerExecutorFactory.PROVIDER_ID, createPKCEEnforceExecutorConfig(Boolean.FALSE)).addExecutor("no-such-executor", createPKCEEnforceExecutorConfig(Boolean.TRUE)).toRepresentation();
ClientProfileRepresentation loadedProfileRep = (new ClientProfileBuilder()).createProfile("ordinal-test-profile", "The profile that can be loaded.").addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, createSecureClientAuthenticatorExecutorConfig(Collections.singletonList(JWTClientAuthenticator.PROVIDER_ID), JWTClientAuthenticator.PROVIDER_ID)).toRepresentation();
String json = (new ClientProfilesBuilder()).addProfile(duplicatedProfileRep).addProfile(loadedProfileRep).addProfile(duplicatedProfileRep).toString();
try {
updateProfiles(json);
fail();
} catch (ClientPolicyException cpe) {
assertEquals("Bad Request", cpe.getErrorDetail());
String afterFailedUpdateProfilesJson = ClientPoliciesUtil.convertClientProfilesRepresentationToJson(getProfilesWithGlobals());
assertEquals(beforeUpdateProfilesJson, afterFailedUpdateProfilesJson);
}
}
Also used :
ClientProfileBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder)
ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation)
ClientProfilesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder)
ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException)
Test(org.junit.Test)
Example 9 with ClientProfileRepresentation
use of org.keycloak.representations.idm.ClientProfileRepresentation in project keycloak by keycloak.
the class AbstractClientPoliciesTest method setupValidProfilesAndPolicies.
protected void setupValidProfilesAndPolicies() throws Exception {
// load profiles
ClientProfileRepresentation loadedProfileRep = (new ClientProfileBuilder()).createProfile("ordinal-test-profile", "The profile that can be loaded.").addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, createSecureClientAuthenticatorExecutorConfig(Arrays.asList(JWTClientAuthenticator.PROVIDER_ID), JWTClientAuthenticator.PROVIDER_ID)).toRepresentation();
ClientProfileRepresentation loadedProfileRepWithoutBuiltinField = (new ClientProfileBuilder()).createProfile("lack-of-builtin-field-test-profile", "Without builtin field that is treated as builtin=false.").addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, createSecureClientAuthenticatorExecutorConfig(Arrays.asList(JWTClientAuthenticator.PROVIDER_ID), JWTClientAuthenticator.PROVIDER_ID)).addExecutor(HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID, createHolderOfKeyEnforceExecutorConfig(Boolean.TRUE)).addExecutor(SecureClientUrisExecutorFactory.PROVIDER_ID, null).addExecutor(SecureRequestObjectExecutorFactory.PROVIDER_ID, null).addExecutor(SecureResponseTypeExecutorFactory.PROVIDER_ID, null).addExecutor(SecureSessionEnforceExecutorFactory.PROVIDER_ID, null).addExecutor(SecureSigningAlgorithmExecutorFactory.PROVIDER_ID, null).addExecutor(SecureSigningAlgorithmForSignedJwtExecutorFactory.PROVIDER_ID, null).toRepresentation();
String json = (new ClientProfilesBuilder()).addProfile(loadedProfileRep).addProfile(loadedProfileRepWithoutBuiltinField).toString();
updateProfiles(json);
// load policies
ClientPolicyRepresentation loadedPolicyRepNotExistAndDuplicatedProfile = (new ClientPolicyBuilder()).createPolicy("new-policy", "duplicated profiles are ignored.", Boolean.TRUE).addCondition(ClientAccessTypeConditionFactory.PROVIDER_ID, createClientAccessTypeConditionConfig(Arrays.asList(ClientAccessTypeConditionFactory.TYPE_PUBLIC, ClientAccessTypeConditionFactory.TYPE_BEARERONLY))).addCondition(ClientRolesConditionFactory.PROVIDER_ID, createClientRolesConditionConfig(Arrays.asList(SAMPLE_CLIENT_ROLE))).addCondition(ClientScopesConditionFactory.PROVIDER_ID, createClientScopesConditionConfig(ClientScopesConditionFactory.OPTIONAL, Arrays.asList(SAMPLE_CLIENT_ROLE))).addProfile("ordinal-test-profile").addProfile("lack-of-builtin-field-test-profile").addProfile("ordinal-test-profile").toRepresentation();
ClientPolicyRepresentation loadedPolicyRepWithoutBuiltinField = (new ClientPolicyBuilder()).createPolicy("lack-of-builtin-field-test-policy", "Without builtin field that is treated as builtin=false.", null).addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID, createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER))).addCondition(ClientUpdaterSourceGroupsConditionFactory.PROVIDER_ID, createClientUpdateSourceGroupsConditionConfig(Arrays.asList("topGroup"))).addCondition(ClientUpdaterSourceHostsConditionFactory.PROVIDER_ID, createClientUpdateSourceHostsConditionConfig(Arrays.asList("localhost", "127.0.0.1"))).addCondition(ClientUpdaterSourceRolesConditionFactory.PROVIDER_ID, createClientUpdateSourceRolesConditionConfig(Arrays.asList(AdminRoles.CREATE_CLIENT))).addProfile("lack-of-builtin-field-test-profile").toRepresentation();
json = (new ClientPoliciesBuilder()).addPolicy(loadedPolicyRepNotExistAndDuplicatedProfile).addPolicy(loadedPolicyRepWithoutBuiltinField).toString();
updatePolicies(json);
}
Also used :
ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation)
ClientProfileBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder)
ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation)
ClientProfilesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder)
ClientPoliciesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder)
ClientPolicyBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder)
Example 10 with ClientProfileRepresentation
use of org.keycloak.representations.idm.ClientProfileRepresentation in project keycloak by keycloak.
the class AbstractClientPoliciesTest method updateProfile.
protected void updateProfile(ClientProfileRepresentation profileRep) throws ClientPolicyException {
if (profileRep == null || profileRep.getName() == null)
return;
String profileName = profileRep.getName();
ClientProfilesRepresentation reps = getProfilesWithoutGlobals();
if (reps.getProfiles().stream().anyMatch(i -> profileName.equals(i.getName()))) {
ClientProfileRepresentation rep = reps.getProfiles().stream().filter(i -> profileName.equals(i.getName())).collect(Collectors.toList()).get(0);
reps.getProfiles().remove(rep);
reps.getProfiles().add(profileRep);
updateProfiles(convertToProfilesJson(reps));
} else {
return;
}
}
Also used :
ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation)
ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation)
Aggregations
ClientProfileRepresentation (org.keycloak.representations.idm.ClientProfileRepresentation)12
ClientProfilesRepresentation (org.keycloak.representations.idm.ClientProfilesRepresentation)9
ClientPolicyRepresentation (org.keycloak.representations.idm.ClientPolicyRepresentation)7
ClientPoliciesRepresentation (org.keycloak.representations.idm.ClientPoliciesRepresentation)6
ArrayList (java.util.ArrayList)4
ClientPolicyExecutorRepresentation (org.keycloak.representations.idm.ClientPolicyExecutorRepresentation)4
ClientPolicyExecutorProvider (org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProvider)4
JsonNode (com.fasterxml.jackson.databind.JsonNode)3
IOException (java.io.IOException)3
InputStream (java.io.InputStream)3
Collections (java.util.Collections)3
LinkedList (java.util.LinkedList)3
List (java.util.List)3
Set (java.util.Set)3
Collectors (java.util.stream.Collectors)3
Logger (org.jboss.logging.Logger)3
Test (org.junit.Test)3
Profile (org.keycloak.common.Profile)3
ComponentModel (org.keycloak.component.ComponentModel)3
JsonConfigComponentModel (org.keycloak.component.JsonConfigComponentModel)3
