use of org.keycloak.representations.idm.ClientProfilesRepresentation in project keycloak by keycloak.
the class ClientPoliciesImportExportTest method testRealmExportImport.
private void testRealmExportImport() throws Exception {
testingClient.testing().exportImport().setAction(ExportImportConfig.ACTION_EXPORT);
testingClient.testing().exportImport().setRealmName("test");
testingClient.testing().exportImport().runExport();
// Delete some realm (and some data in admin realm)
adminClient.realm("test").remove();
Assert.assertNames(adminClient.realms().findAll(), "master");
// Configure import
testingClient.testing().exportImport().setAction(ExportImportConfig.ACTION_IMPORT);
testingClient.testing().exportImport().runImport();
// Ensure data are imported back, but just for "test" realm
Assert.assertNames(adminClient.realms().findAll(), "master", "test");
assertExpectedLoadedProfiles((ClientProfilesRepresentation reps) -> {
ClientProfileRepresentation rep = getProfileRepresentation(reps, "ordinal-test-profile", false);
assertExpectedProfile(rep, "ordinal-test-profile", "The profile that can be loaded.");
});
assertExpectedLoadedPolicies((ClientPoliciesRepresentation reps) -> {
ClientPolicyRepresentation rep = getPolicyRepresentation(reps, "new-policy");
assertExpectedPolicy("new-policy", "duplicated profiles are ignored.", true, Arrays.asList("ordinal-test-profile", "lack-of-builtin-field-test-profile"), rep);
});
}
use of org.keycloak.representations.idm.ClientProfilesRepresentation in project keycloak by keycloak.
the class AbstractClientPoliciesTest method assertExpectedLoadedProfiles.
protected void assertExpectedLoadedProfiles(Consumer<ClientProfilesRepresentation> modifiedAssertion) throws Exception {
// retrieve loaded builtin profiles
ClientProfilesRepresentation actualProfilesRep = getProfilesWithGlobals();
// same profiles
assertExpectedProfiles(actualProfilesRep, Arrays.asList(FAPI1_BASELINE_PROFILE_NAME, FAPI1_ADVANCED_PROFILE_NAME, FAPI_CIBA_PROFILE_NAME), Arrays.asList("ordinal-test-profile", "lack-of-builtin-field-test-profile"));
// each profile - fapi-1-baseline
ClientProfileRepresentation actualProfileRep = getProfileRepresentation(actualProfilesRep, FAPI1_BASELINE_PROFILE_NAME, true);
assertExpectedProfile(actualProfileRep, FAPI1_BASELINE_PROFILE_NAME, "Client profile, which enforce clients to conform 'Financial-grade API Security Profile 1.0 - Part 1: Baseline' specification.");
// each executor
assertExpectedExecutors(Arrays.asList(SecureSessionEnforceExecutorFactory.PROVIDER_ID, PKCEEnforcerExecutorFactory.PROVIDER_ID, SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, SecureClientUrisExecutorFactory.PROVIDER_ID, ConsentRequiredExecutorFactory.PROVIDER_ID, FullScopeDisabledExecutorFactory.PROVIDER_ID), actualProfileRep);
assertExpectedSecureSessionEnforceExecutor(actualProfileRep);
// each profile - ordinal-test-profile - updated
actualProfileRep = getProfileRepresentation(actualProfilesRep, "ordinal-test-profile", false);
modifiedAssertion.accept(actualProfilesRep);
// each executor
assertExpectedExecutors(Arrays.asList(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID), actualProfileRep);
assertExpectedSecureClientAuthEnforceExecutor(Arrays.asList(JWTClientAuthenticator.PROVIDER_ID), JWTClientAuthenticator.PROVIDER_ID, actualProfileRep);
// each profile - lack-of-builtin-field-test-profile
actualProfileRep = getProfileRepresentation(actualProfilesRep, "lack-of-builtin-field-test-profile", false);
assertExpectedProfile(actualProfileRep, "lack-of-builtin-field-test-profile", "Without builtin field that is treated as builtin=false.");
// each executor
assertExpectedExecutors(Arrays.asList(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID, SecureClientUrisExecutorFactory.PROVIDER_ID, SecureRequestObjectExecutorFactory.PROVIDER_ID, SecureResponseTypeExecutorFactory.PROVIDER_ID, SecureSessionEnforceExecutorFactory.PROVIDER_ID, SecureSigningAlgorithmExecutorFactory.PROVIDER_ID, SecureSigningAlgorithmForSignedJwtExecutorFactory.PROVIDER_ID), actualProfileRep);
assertExpectedSecureClientAuthEnforceExecutor(Arrays.asList(JWTClientAuthenticator.PROVIDER_ID), JWTClientAuthenticator.PROVIDER_ID, actualProfileRep);
assertExpectedHolderOfKeyEnforceExecutor(true, actualProfileRep);
assertExpectedSecureRedirectUriEnforceExecutor(actualProfileRep);
assertExpectedSecureRequestObjectExecutor(actualProfileRep);
assertExpectedSecureResponseTypeExecutor(actualProfileRep);
assertExpectedSecureSessionEnforceExecutor(actualProfileRep);
assertExpectedSecureSigningAlgorithmEnforceExecutor(actualProfileRep);
assertExpectedSecureSigningAlgorithmForSignedJwtEnforceExecutor(actualProfileRep);
}
use of org.keycloak.representations.idm.ClientProfilesRepresentation in project keycloak by keycloak.
the class AbstractClientPoliciesTest method deleteProfile.
protected void deleteProfile(String profileName) throws ClientPolicyException {
if (profileName == null)
return;
ClientProfilesRepresentation reps = getProfilesWithoutGlobals();
if (reps.getProfiles().stream().anyMatch(i -> profileName.equals(i.getName()))) {
ClientProfileRepresentation rep = reps.getProfiles().stream().filter(i -> profileName.equals(i.getName())).collect(Collectors.toList()).get(0);
reps.getProfiles().remove(rep);
updateProfiles(convertToProfilesJson(reps));
} else {
return;
}
}
use of org.keycloak.representations.idm.ClientProfilesRepresentation in project keycloak by keycloak.
the class ClientPoliciesLoadUpdateTest method testLoadBuiltinProfilesAndPolicies.
// Invalid formatted json profiles/policies are not accepted. Existing profiles/policies remain unchanged.
// Well-formed json but invalid semantic profiles/policies are not accepted. Existing profiles/policies remain unchanged.
// Recognized but invalid type fields are not accepted. Existing profiles/policies remain unchanged.
// Unrecognized fields of profiles/policies are not accepted. Existing profiles/policies are changed.
// Unrecognized fields of executors/conditions are accepted. Existing profiles/policies are changed.
// Duplicated fields of profiles/policies are accepted but the only last one is accepted. Existing profiles/policies are changed.
@Test
public void testLoadBuiltinProfilesAndPolicies() throws Exception {
// retrieve loaded global profiles
ClientProfilesRepresentation actualProfilesRep = getProfilesWithGlobals();
// same profiles
assertExpectedProfiles(actualProfilesRep, Arrays.asList(FAPI1_BASELINE_PROFILE_NAME, FAPI1_ADVANCED_PROFILE_NAME, FAPI_CIBA_PROFILE_NAME), Collections.emptyList());
// each profile - fapi-1-baseline
ClientProfileRepresentation actualProfileRep = getProfileRepresentation(actualProfilesRep, FAPI1_BASELINE_PROFILE_NAME, true);
assertExpectedProfile(actualProfileRep, FAPI1_BASELINE_PROFILE_NAME, "Client profile, which enforce clients to conform 'Financial-grade API Security Profile 1.0 - Part 1: Baseline' specification.");
// Test some executor
assertExpectedExecutors(Arrays.asList(SecureSessionEnforceExecutorFactory.PROVIDER_ID, PKCEEnforcerExecutorFactory.PROVIDER_ID, SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, SecureClientUrisExecutorFactory.PROVIDER_ID, ConsentRequiredExecutorFactory.PROVIDER_ID, FullScopeDisabledExecutorFactory.PROVIDER_ID), actualProfileRep);
assertExpectedSecureSessionEnforceExecutor(actualProfileRep);
// Check the "get" request without globals. Assert nothing loaded
actualProfilesRep = getProfilesWithoutGlobals();
assertExpectedProfiles(actualProfilesRep, null, Collections.emptyList());
// retrieve loaded builtin policies
ClientPoliciesRepresentation actualPoliciesRep = getPolicies();
// No global policies expected
assertExpectedPolicies(Collections.emptyList(), actualPoliciesRep);
ClientPolicyRepresentation actualPolicyRep = getPolicyRepresentation(actualPoliciesRep, "builtin-default-policy");
Assert.assertNull(actualPolicyRep);
}
use of org.keycloak.representations.idm.ClientProfilesRepresentation in project keycloak by keycloak.
the class MigrateTo14_0_0 method migrateRealm.
private void migrateRealm(KeycloakSession session, RealmModel realm) {
try {
session.clientPolicy().updateClientProfiles(realm, new ClientProfilesRepresentation());
session.clientPolicy().updateClientPolicies(realm, new ClientPoliciesRepresentation());
} catch (ClientPolicyException cpe) {
throw new ModelException("Exception during migration client profiles or client policies", cpe);
}
}
Aggregations