Example 6 with ClientProfilesRepresentation
use of org.keycloak.representations.idm.ClientProfilesRepresentation in project keycloak by keycloak.
the class ClientPoliciesUtil method getValidatedGlobalClientProfilesRepresentation.
/**
* get validated and modified global (built-in) client profiles set on keycloak app as representation.
* it is loaded from json file enclosed in keycloak's binary.
* not return null.
*/
static List<ClientProfileRepresentation> getValidatedGlobalClientProfilesRepresentation(KeycloakSession session, InputStream is) throws ClientPolicyException {
// load builtin client profiles representation
ClientProfilesRepresentation proposedProfilesRep = null;
try {
proposedProfilesRep = JsonSerialization.readValue(is, ClientProfilesRepresentation.class);
} catch (Exception e) {
throw new ClientPolicyException("failed to deserialize global proposed client profiles json string.", e.getMessage());
}
if (proposedProfilesRep == null) {
return Collections.emptyList();
}
// no profile contained (it is valid)
List<ClientProfileRepresentation> proposedProfileRepList = proposedProfilesRep.getProfiles();
if (proposedProfileRepList == null || proposedProfileRepList.isEmpty()) {
return Collections.emptyList();
}
// duplicated profile name is not allowed.
if (proposedProfileRepList.size() != proposedProfileRepList.stream().map(i -> i.getName()).distinct().count()) {
throw new ClientPolicyException("proposed global client profile name duplicated.");
}
// construct validated and modified profiles from builtin profiles in JSON file enclosed in keycloak binary.
List<ClientProfileRepresentation> updatingProfileList = new LinkedList<>();
for (ClientProfileRepresentation proposedProfileRep : proposedProfilesRep.getProfiles()) {
if (proposedProfileRep.getName() == null) {
throw new ClientPolicyException("client profile without its name not allowed.");
}
ClientProfileRepresentation profileRep = new ClientProfileRepresentation();
profileRep.setName(proposedProfileRep.getName());
profileRep.setDescription(proposedProfileRep.getDescription());
// to prevent returning null
profileRep.setExecutors(new ArrayList<>());
if (proposedProfileRep.getExecutors() != null) {
for (ClientPolicyExecutorRepresentation executorRep : proposedProfileRep.getExecutors()) {
// Skip the check if feature is disabled as then the executor implementations are disabled
if (Profile.isFeatureEnabled(Profile.Feature.CLIENT_POLICIES) && !isValidExecutor(session, executorRep.getExecutorProviderId())) {
throw new ClientPolicyException("proposed client profile contains the executor with its invalid configuration.");
}
profileRep.getExecutors().add(executorRep);
}
}
updatingProfileList.add(profileRep);
}
return updatingProfileList;
}
Also used :
ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation)
ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation)
Profile(org.keycloak.common.Profile)
Logger(org.jboss.logging.Logger)
Constants(org.keycloak.models.Constants)
ArrayList(java.util.ArrayList)
ComponentModel(org.keycloak.component.ComponentModel)
ClientPolicyConditionConfigurationRepresentation(org.keycloak.representations.idm.ClientPolicyConditionConfigurationRepresentation)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
LinkedList(java.util.LinkedList)
ClientPolicyConditionProvider(org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider)
ClientPolicyExecutorProvider(org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProvider)
ClientPolicyConditionRepresentation(org.keycloak.representations.idm.ClientPolicyConditionRepresentation)
ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation)
ClientPolicyExecutorConfigurationRepresentation(org.keycloak.representations.idm.ClientPolicyExecutorConfigurationRepresentation)
RealmModel(org.keycloak.models.RealmModel)
Set(java.util.Set)
KeycloakSession(org.keycloak.models.KeycloakSession)
IOException(java.io.IOException)
Collectors(java.util.stream.Collectors)
JsonConfigComponentModel(org.keycloak.component.JsonConfigComponentModel)
ClientPolicyExecutorRepresentation(org.keycloak.representations.idm.ClientPolicyExecutorRepresentation)
ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation)
JsonSerialization(org.keycloak.util.JsonSerialization)
List(java.util.List)
Collections(java.util.Collections)
InputStream(java.io.InputStream)
ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation)
ClientPolicyExecutorRepresentation(org.keycloak.representations.idm.ClientPolicyExecutorRepresentation)
ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation)
IOException(java.io.IOException)
LinkedList(java.util.LinkedList)
Example 7 with ClientProfilesRepresentation
use of org.keycloak.representations.idm.ClientProfilesRepresentation in project keycloak by keycloak.
the class DefaultClientPolicyManager method updateClientProfiles.
@Override
public void updateClientProfiles(RealmModel realm, ClientProfilesRepresentation clientProfiles) throws ClientPolicyException {
try {
if (clientProfiles == null) {
throw new ClientPolicyException("Passing null clientProfiles not allowed");
}
ClientProfilesRepresentation validatedProfilesRep = ClientPoliciesUtil.getValidatedClientProfilesForUpdate(session, realm, clientProfiles, globalClientProfilesSupplier.get());
String validatedJsonString = ClientPoliciesUtil.convertClientProfilesRepresentationToJson(validatedProfilesRep);
ClientPoliciesUtil.setClientProfilesJsonString(realm, validatedJsonString);
logger.tracev("UPDATE PROFILES :: realm = {0}, validated and modified PUT = {1}", realm.getName(), validatedJsonString);
} catch (ClientPolicyException e) {
logger.warnv("VALIDATE SERIALIZE PROFILES FAILED :: error = {0}, error detail = {1}", e.getError(), e.getErrorDetail());
throw e;
}
}
Also used :
ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation)
Example 8 with ClientProfilesRepresentation
use of org.keycloak.representations.idm.ClientProfilesRepresentation in project keycloak by keycloak.
the class DefaultClientPolicyManager method updateRealmRepresentationFromModel.
@Override
public void updateRealmRepresentationFromModel(RealmModel realm, RealmRepresentation rep) {
try {
// client profiles that filter out global profiles..
ClientProfilesRepresentation filteredOutProfiles = getClientProfiles(realm, false);
rep.setParsedClientProfiles(filteredOutProfiles);
ClientPoliciesRepresentation filteredOutPolicies = getClientPolicies(realm);
rep.setParsedClientPolicies(filteredOutPolicies);
} catch (ClientPolicyException cpe) {
throw new IllegalStateException("Exception during export client profiles or client policies", cpe);
}
}
Also used :
ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation)
ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation)
Example 9 with ClientProfilesRepresentation
use of org.keycloak.representations.idm.ClientProfilesRepresentation in project keycloak by keycloak.
the class ClientPoliciesTest method testProfilesFormView.
@Test
public void testProfilesFormView() throws Exception {
final String profileName = "mega-profile";
final String profileName2 = "mega-profile^2";
final String profileDesc = "mega-desc";
clientProfilesPage.navigateTo();
clientProfilesPage.assertCurrent();
clientProfilesPage.profilesTable().clickCreateProfile();
createClientProfilePage.assertCurrent();
// create profile
createClientProfilePage.form().setProfileName(profileName);
createClientProfilePage.form().setDescription(profileDesc);
createClientProfilePage.form().save();
assertAlertSuccess();
clientProfilePage.setProfileName(profileName);
clientProfilePage.assertCurrent();
assertEquals(profileName, clientProfilePage.form().getProfileName());
clientProfilePage.executorsTable().clickCreateExecutor();
// create executors
createExecutorPage.setProfileName(profileName);
createExecutorPage.assertCurrent();
createExecutorPage.form().setExecutorType(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID);
assertTrue(createExecutorPage.form().getSelect2SelectedItems().isEmpty());
createExecutorPage.form().selectSelect2Item(JWTClientAuthenticator.PROVIDER_ID);
createExecutorPage.form().selectSelect2Item(ClientIdAndSecretAuthenticator.PROVIDER_ID);
createExecutorPage.form().save();
assertAlertSuccess();
clientProfilePage.assertCurrent();
clientProfilePage.executorsTable().clickEditExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID);
executorPage.setUriParameters(profileName, 0);
executorPage.assertCurrent();
assertEquals(Stream.of(JWTClientAuthenticator.PROVIDER_ID, ClientIdAndSecretAuthenticator.PROVIDER_ID).collect(Collectors.toSet()), executorPage.form().getSelect2SelectedItems());
createExecutorPage.navigateTo();
createExecutorPage.form().setExecutorType(HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID);
assertFalse(createExecutorPage.form().isAutoConfigure());
createExecutorPage.form().setAutoConfigure(true);
createExecutorPage.form().save();
clientProfilePage.executorsTable().clickEditExecutor(HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID);
executorPage.setUriParameters(profileName, 1);
executorPage.assertCurrent();
assertTrue(executorPage.form().isAutoConfigure());
// assert JSON
ClientProfilesRepresentation expected = new ClientProfilesBuilder().addProfile(new ClientProfileBuilder().createProfile(profileName, profileDesc).addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, createSecureClientAuthenticatorExecutorConfig(Arrays.asList(JWTClientAuthenticator.PROVIDER_ID, ClientIdAndSecretAuthenticator.PROVIDER_ID), JWTClientAuthenticator.PROVIDER_ID)).addExecutor(HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID, createHolderOfKeyEnforceExecutorConfig(true)).toRepresentation()).toRepresentation();
assertClientProfile(expected, false);
// remove executor
clientProfilePage.navigateTo();
clientProfilePage.executorsTable().clickDeleteExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID);
modalDialog.confirmDeletion();
assertAlertSuccess();
expected.getProfiles().get(0).getExecutors().remove(0);
assertClientProfile(expected, false);
assertFalse(clientProfilePage.executorsTable().isRowPresent(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID));
// edit executor
clientProfilePage.executorsTable().clickEditExecutor(HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID);
executorPage.form().setAutoConfigure(false);
executorPage.form().save();
expected.getProfiles().get(0).getExecutors().get(0).setConfiguration(JsonSerialization.mapper.readValue(JsonSerialization.mapper.writeValueAsBytes(createHolderOfKeyEnforceExecutorConfig(false)), JsonNode.class));
assertClientProfile(expected, false);
// edit profile
clientProfilePage.form().setProfileName(profileName2);
clientProfilePage.form().save();
assertAlertSuccess();
clientProfilesPage.navigateTo();
assertEquals(profileDesc, clientProfilesPage.profilesTable().getDescription(profileName2));
// remove profile
clientProfilesPage.profilesTable().clickDeleteProfile(profileName2);
modalDialog.confirmDeletion();
assertAlertSuccess();
assertClientProfile(new ClientProfilesRepresentation(), false);
assertFalse(clientProfilesPage.profilesTable().isRowPresent(profileName2));
}
Also used :
ClientProfileBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder)
ClientProfilesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder)
ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
Test(org.junit.Test)
Example 10 with ClientProfilesRepresentation
use of org.keycloak.representations.idm.ClientProfilesRepresentation in project keycloak by keycloak.
the class ClientPoliciesTest method testProfilesJsonView.
@Test
public void testProfilesJsonView() throws Exception {
clientProfilesJsonPage.navigateTo();
ClientProfilesRepresentation profiles = testRealmResource().clientPoliciesProfilesResource().getProfiles(true);
assertEquals(profiles, clientProfilesJsonPage.form().getProfiles());
profiles.getProfiles().add(new ClientProfileBuilder().createProfile("prof", "desc").addExecutor(HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID, createHolderOfKeyEnforceExecutorConfig(true)).toRepresentation());
testRealmResource().clientPoliciesProfilesResource().updateProfiles(profiles);
refreshPageAndWaitForLoad();
assertEquals(profiles, clientProfilesJsonPage.form().getProfiles());
profiles.getProfiles().add(new ClientProfileBuilder().createProfile("prof2", "desc2").toRepresentation());
clientProfilesJsonPage.form().setProfiles(profiles);
clientProfilesJsonPage.form().save();
assertAlertSuccess();
assertClientProfile(profiles, true);
clientProfilesJsonPage.form().setProfilesAsString("aaa");
clientProfilesJsonPage.form().save();
assertAlertDanger();
}
Also used :
ClientProfileBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder)
ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation)
Test(org.junit.Test)
Aggregations
ClientProfilesRepresentation (org.keycloak.representations.idm.ClientProfilesRepresentation)20
ClientPoliciesRepresentation (org.keycloak.representations.idm.ClientPoliciesRepresentation)11
ClientProfileRepresentation (org.keycloak.representations.idm.ClientProfileRepresentation)9
Test (org.junit.Test)6
ClientPolicyRepresentation (org.keycloak.representations.idm.ClientPolicyRepresentation)6
JsonNode (com.fasterxml.jackson.databind.JsonNode)4
IOException (java.io.IOException)4
InputStream (java.io.InputStream)3
ArrayList (java.util.ArrayList)3
Collections (java.util.Collections)3
LinkedList (java.util.LinkedList)3
List (java.util.List)3
Set (java.util.Set)3
Collectors (java.util.stream.Collectors)3
Logger (org.jboss.logging.Logger)3
Profile (org.keycloak.common.Profile)3
ComponentModel (org.keycloak.component.ComponentModel)3
JsonConfigComponentModel (org.keycloak.component.JsonConfigComponentModel)3
Constants (org.keycloak.models.Constants)3
KeycloakSession (org.keycloak.models.KeycloakSession)3
