Search in sources :

Example 1 with ClientProfilesRepresentation

use of org.keycloak.representations.idm.ClientProfilesRepresentation in project keycloak by keycloak.

the class ClientPoliciesImportExportTest method testRealmExportImport.

private void testRealmExportImport() throws Exception {
    testingClient.testing().exportImport().setAction(ExportImportConfig.ACTION_EXPORT);
    testingClient.testing().exportImport().setRealmName("test");
    testingClient.testing().exportImport().runExport();
    // Delete some realm (and some data in admin realm)
    adminClient.realm("test").remove();
    Assert.assertNames(adminClient.realms().findAll(), "master");
    // Configure import
    testingClient.testing().exportImport().setAction(ExportImportConfig.ACTION_IMPORT);
    testingClient.testing().exportImport().runImport();
    // Ensure data are imported back, but just for "test" realm
    Assert.assertNames(adminClient.realms().findAll(), "master", "test");
    assertExpectedLoadedProfiles((ClientProfilesRepresentation reps) -> {
        ClientProfileRepresentation rep = getProfileRepresentation(reps, "ordinal-test-profile", false);
        assertExpectedProfile(rep, "ordinal-test-profile", "The profile that can be loaded.");
    });
    assertExpectedLoadedPolicies((ClientPoliciesRepresentation reps) -> {
        ClientPolicyRepresentation rep = getPolicyRepresentation(reps, "new-policy");
        assertExpectedPolicy("new-policy", "duplicated profiles are ignored.", true, Arrays.asList("ordinal-test-profile", "lack-of-builtin-field-test-profile"), rep);
    });
}
Also used : ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation) ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation) ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation) ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation)

Example 2 with ClientProfilesRepresentation

use of org.keycloak.representations.idm.ClientProfilesRepresentation in project keycloak by keycloak.

the class AbstractClientPoliciesTest method assertExpectedLoadedProfiles.

protected void assertExpectedLoadedProfiles(Consumer<ClientProfilesRepresentation> modifiedAssertion) throws Exception {
    // retrieve loaded builtin profiles
    ClientProfilesRepresentation actualProfilesRep = getProfilesWithGlobals();
    // same profiles
    assertExpectedProfiles(actualProfilesRep, Arrays.asList(FAPI1_BASELINE_PROFILE_NAME, FAPI1_ADVANCED_PROFILE_NAME, FAPI_CIBA_PROFILE_NAME), Arrays.asList("ordinal-test-profile", "lack-of-builtin-field-test-profile"));
    // each profile - fapi-1-baseline
    ClientProfileRepresentation actualProfileRep = getProfileRepresentation(actualProfilesRep, FAPI1_BASELINE_PROFILE_NAME, true);
    assertExpectedProfile(actualProfileRep, FAPI1_BASELINE_PROFILE_NAME, "Client profile, which enforce clients to conform 'Financial-grade API Security Profile 1.0 - Part 1: Baseline' specification.");
    // each executor
    assertExpectedExecutors(Arrays.asList(SecureSessionEnforceExecutorFactory.PROVIDER_ID, PKCEEnforcerExecutorFactory.PROVIDER_ID, SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, SecureClientUrisExecutorFactory.PROVIDER_ID, ConsentRequiredExecutorFactory.PROVIDER_ID, FullScopeDisabledExecutorFactory.PROVIDER_ID), actualProfileRep);
    assertExpectedSecureSessionEnforceExecutor(actualProfileRep);
    // each profile - ordinal-test-profile - updated
    actualProfileRep = getProfileRepresentation(actualProfilesRep, "ordinal-test-profile", false);
    modifiedAssertion.accept(actualProfilesRep);
    // each executor
    assertExpectedExecutors(Arrays.asList(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID), actualProfileRep);
    assertExpectedSecureClientAuthEnforceExecutor(Arrays.asList(JWTClientAuthenticator.PROVIDER_ID), JWTClientAuthenticator.PROVIDER_ID, actualProfileRep);
    // each profile - lack-of-builtin-field-test-profile
    actualProfileRep = getProfileRepresentation(actualProfilesRep, "lack-of-builtin-field-test-profile", false);
    assertExpectedProfile(actualProfileRep, "lack-of-builtin-field-test-profile", "Without builtin field that is treated as builtin=false.");
    // each executor
    assertExpectedExecutors(Arrays.asList(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID, SecureClientUrisExecutorFactory.PROVIDER_ID, SecureRequestObjectExecutorFactory.PROVIDER_ID, SecureResponseTypeExecutorFactory.PROVIDER_ID, SecureSessionEnforceExecutorFactory.PROVIDER_ID, SecureSigningAlgorithmExecutorFactory.PROVIDER_ID, SecureSigningAlgorithmForSignedJwtExecutorFactory.PROVIDER_ID), actualProfileRep);
    assertExpectedSecureClientAuthEnforceExecutor(Arrays.asList(JWTClientAuthenticator.PROVIDER_ID), JWTClientAuthenticator.PROVIDER_ID, actualProfileRep);
    assertExpectedHolderOfKeyEnforceExecutor(true, actualProfileRep);
    assertExpectedSecureRedirectUriEnforceExecutor(actualProfileRep);
    assertExpectedSecureRequestObjectExecutor(actualProfileRep);
    assertExpectedSecureResponseTypeExecutor(actualProfileRep);
    assertExpectedSecureSessionEnforceExecutor(actualProfileRep);
    assertExpectedSecureSigningAlgorithmEnforceExecutor(actualProfileRep);
    assertExpectedSecureSigningAlgorithmForSignedJwtEnforceExecutor(actualProfileRep);
}
Also used : ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation) ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation)

Example 3 with ClientProfilesRepresentation

use of org.keycloak.representations.idm.ClientProfilesRepresentation in project keycloak by keycloak.

the class AbstractClientPoliciesTest method deleteProfile.

protected void deleteProfile(String profileName) throws ClientPolicyException {
    if (profileName == null)
        return;
    ClientProfilesRepresentation reps = getProfilesWithoutGlobals();
    if (reps.getProfiles().stream().anyMatch(i -> profileName.equals(i.getName()))) {
        ClientProfileRepresentation rep = reps.getProfiles().stream().filter(i -> profileName.equals(i.getName())).collect(Collectors.toList()).get(0);
        reps.getProfiles().remove(rep);
        updateProfiles(convertToProfilesJson(reps));
    } else {
        return;
    }
}
Also used : ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation) ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation)

Example 4 with ClientProfilesRepresentation

use of org.keycloak.representations.idm.ClientProfilesRepresentation in project keycloak by keycloak.

the class ClientPoliciesLoadUpdateTest method testLoadBuiltinProfilesAndPolicies.

// Invalid formatted json profiles/policies are not accepted. Existing profiles/policies remain unchanged.
// Well-formed json but invalid semantic profiles/policies are not accepted. Existing profiles/policies remain unchanged.
// Recognized but invalid type fields are not accepted. Existing profiles/policies remain unchanged.
// Unrecognized fields of profiles/policies are not accepted. Existing profiles/policies are changed.
// Unrecognized fields of executors/conditions are accepted. Existing profiles/policies are changed.
// Duplicated fields of profiles/policies are accepted but the only last one is accepted. Existing profiles/policies are changed.
@Test
public void testLoadBuiltinProfilesAndPolicies() throws Exception {
    // retrieve loaded global profiles
    ClientProfilesRepresentation actualProfilesRep = getProfilesWithGlobals();
    // same profiles
    assertExpectedProfiles(actualProfilesRep, Arrays.asList(FAPI1_BASELINE_PROFILE_NAME, FAPI1_ADVANCED_PROFILE_NAME, FAPI_CIBA_PROFILE_NAME), Collections.emptyList());
    // each profile - fapi-1-baseline
    ClientProfileRepresentation actualProfileRep = getProfileRepresentation(actualProfilesRep, FAPI1_BASELINE_PROFILE_NAME, true);
    assertExpectedProfile(actualProfileRep, FAPI1_BASELINE_PROFILE_NAME, "Client profile, which enforce clients to conform 'Financial-grade API Security Profile 1.0 - Part 1: Baseline' specification.");
    // Test some executor
    assertExpectedExecutors(Arrays.asList(SecureSessionEnforceExecutorFactory.PROVIDER_ID, PKCEEnforcerExecutorFactory.PROVIDER_ID, SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, SecureClientUrisExecutorFactory.PROVIDER_ID, ConsentRequiredExecutorFactory.PROVIDER_ID, FullScopeDisabledExecutorFactory.PROVIDER_ID), actualProfileRep);
    assertExpectedSecureSessionEnforceExecutor(actualProfileRep);
    // Check the "get" request without globals. Assert nothing loaded
    actualProfilesRep = getProfilesWithoutGlobals();
    assertExpectedProfiles(actualProfilesRep, null, Collections.emptyList());
    // retrieve loaded builtin policies
    ClientPoliciesRepresentation actualPoliciesRep = getPolicies();
    // No global policies expected
    assertExpectedPolicies(Collections.emptyList(), actualPoliciesRep);
    ClientPolicyRepresentation actualPolicyRep = getPolicyRepresentation(actualPoliciesRep, "builtin-default-policy");
    Assert.assertNull(actualPolicyRep);
}
Also used : ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation) ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation) ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation) ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation) Test(org.junit.Test)

Example 5 with ClientProfilesRepresentation

use of org.keycloak.representations.idm.ClientProfilesRepresentation in project keycloak by keycloak.

the class MigrateTo14_0_0 method migrateRealm.

private void migrateRealm(KeycloakSession session, RealmModel realm) {
    try {
        session.clientPolicy().updateClientProfiles(realm, new ClientProfilesRepresentation());
        session.clientPolicy().updateClientPolicies(realm, new ClientPoliciesRepresentation());
    } catch (ClientPolicyException cpe) {
        throw new ModelException("Exception during migration client profiles or client policies", cpe);
    }
}
Also used : ModelException(org.keycloak.models.ModelException) ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation) ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation) ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException)

Aggregations

ClientProfilesRepresentation (org.keycloak.representations.idm.ClientProfilesRepresentation)20 ClientPoliciesRepresentation (org.keycloak.representations.idm.ClientPoliciesRepresentation)11 ClientProfileRepresentation (org.keycloak.representations.idm.ClientProfileRepresentation)9 Test (org.junit.Test)6 ClientPolicyRepresentation (org.keycloak.representations.idm.ClientPolicyRepresentation)6 JsonNode (com.fasterxml.jackson.databind.JsonNode)4 IOException (java.io.IOException)4 InputStream (java.io.InputStream)3 ArrayList (java.util.ArrayList)3 Collections (java.util.Collections)3 LinkedList (java.util.LinkedList)3 List (java.util.List)3 Set (java.util.Set)3 Collectors (java.util.stream.Collectors)3 Logger (org.jboss.logging.Logger)3 Profile (org.keycloak.common.Profile)3 ComponentModel (org.keycloak.component.ComponentModel)3 JsonConfigComponentModel (org.keycloak.component.JsonConfigComponentModel)3 Constants (org.keycloak.models.Constants)3 KeycloakSession (org.keycloak.models.KeycloakSession)3