Examples with ClientPolicyRepresentation org.keycloak.representations.idm.authorization.ClientPolicyRepresentation used on opensource projects

Search in sources :

Example 1 with ClientPolicyRepresentation

use of org.keycloak.representations.idm.authorization.ClientPolicyRepresentation in project keycloak by keycloak.

the class UMAPolicyProviderFactory method onUpdate.

@Override
public void onUpdate(Policy policy, UmaPermissionRepresentation representation, AuthorizationProvider authorization) {
    PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
    Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
    for (Policy associatedPolicy : associatedPolicies) {
        AbstractPolicyRepresentation associatedRep = ModelToRepresentation.toRepresentation(associatedPolicy, authorization, false, false);
        if ("role".equals(associatedRep.getType())) {
            RolePolicyRepresentation rep = RolePolicyRepresentation.class.cast(associatedRep);
            rep.setRoles(new HashSet<>());
            Set<String> updatedRoles = representation.getRoles();
            if (updatedRoles != null) {
                for (String role : updatedRoles) {
                    rep.addRole(role);
                }
            }
            if (rep.getRoles().isEmpty()) {
                policyStore.delete(associatedPolicy.getId());
            } else {
                RepresentationToModel.toModel(rep, authorization, associatedPolicy);
            }
        } else if ("js".equals(associatedRep.getType())) {
            JSPolicyRepresentation rep = JSPolicyRepresentation.class.cast(associatedRep);
            if (representation.getCondition() != null) {
                rep.setCode(representation.getCondition());
                RepresentationToModel.toModel(rep, authorization, associatedPolicy);
            } else {
                policyStore.delete(associatedPolicy.getId());
            }
        } else if ("group".equals(associatedRep.getType())) {
            GroupPolicyRepresentation rep = GroupPolicyRepresentation.class.cast(associatedRep);
            rep.setGroups(new HashSet<>());
            Set<String> updatedGroups = representation.getGroups();
            if (updatedGroups != null) {
                for (String group : updatedGroups) {
                    rep.addGroupPath(group);
                }
            }
            if (rep.getGroups().isEmpty()) {
                policyStore.delete(associatedPolicy.getId());
            } else {
                RepresentationToModel.toModel(rep, authorization, associatedPolicy);
            }
        } else if ("client".equals(associatedRep.getType())) {
            ClientPolicyRepresentation rep = ClientPolicyRepresentation.class.cast(associatedRep);
            rep.setClients(new HashSet<>());
            Set<String> updatedClients = representation.getClients();
            if (updatedClients != null) {
                for (String client : updatedClients) {
                    rep.addClient(client);
                }
            }
            if (rep.getClients().isEmpty()) {
                policyStore.delete(associatedPolicy.getId());
            } else {
                RepresentationToModel.toModel(rep, authorization, associatedPolicy);
            }
        } else if ("user".equals(associatedRep.getType())) {
            UserPolicyRepresentation rep = UserPolicyRepresentation.class.cast(associatedRep);
            rep.setUsers(new HashSet<>());
            Set<String> updatedUsers = representation.getUsers();
            if (updatedUsers != null) {
                for (String user : updatedUsers) {
                    rep.addUser(user);
                }
            }
            if (rep.getUsers().isEmpty()) {
                policyStore.delete(associatedPolicy.getId());
            } else {
                RepresentationToModel.toModel(rep, authorization, associatedPolicy);
            }
        }
    }
    Set<String> updatedRoles = representation.getRoles();
    if (updatedRoles != null) {
        boolean createPolicy = true;
        for (Policy associatedPolicy : associatedPolicies) {
            if ("role".equals(associatedPolicy.getType())) {
                createPolicy = false;
            }
        }
        if (createPolicy) {
            for (String role : updatedRoles) {
                createRolePolicy(policy, policyStore, role, policy.getOwner());
            }
        }
    }
    Set<String> updatedGroups = representation.getGroups();
    if (updatedGroups != null) {
        boolean createPolicy = true;
        for (Policy associatedPolicy : associatedPolicies) {
            if ("group".equals(associatedPolicy.getType())) {
                createPolicy = false;
            }
        }
        if (createPolicy) {
            for (String group : updatedGroups) {
                createGroupPolicy(policy, policyStore, group, policy.getOwner());
            }
        }
    }
    Set<String> updatedClients = representation.getClients();
    if (updatedClients != null) {
        boolean createPolicy = true;
        for (Policy associatedPolicy : associatedPolicies) {
            if ("client".equals(associatedPolicy.getType())) {
                createPolicy = false;
            }
        }
        if (createPolicy) {
            for (String client : updatedClients) {
                createClientPolicy(policy, policyStore, client, policy.getOwner());
            }
        }
    }
    Set<String> updatedUsers = representation.getUsers();
    if (updatedUsers != null) {
        boolean createPolicy = true;
        for (Policy associatedPolicy : associatedPolicies) {
            if ("user".equals(associatedPolicy.getType())) {
                createPolicy = false;
            }
        }
        if (createPolicy) {
            for (String user : updatedUsers) {
                createUserPolicy(policy, policyStore, user, policy.getOwner());
            }
        }
    }
    String condition = representation.getCondition();
    if (condition != null) {
        boolean createPolicy = true;
        for (Policy associatedPolicy : associatedPolicies) {
            if ("js".equals(associatedPolicy.getType())) {
                createPolicy = false;
            }
        }
        if (createPolicy) {
            createJSPolicy(policy, policyStore, condition, policy.getOwner());
        }
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) HashSet(java.util.HashSet) Set(java.util.Set) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation) AbstractPolicyRepresentation(org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) PolicyStore(org.keycloak.authorization.store.PolicyStore) HashSet(java.util.HashSet)

Example 2 with ClientPolicyRepresentation

use of org.keycloak.representations.idm.authorization.ClientPolicyRepresentation in project keycloak by keycloak.

the class UMAPolicyProviderFactory method createClientPolicy.

private void createClientPolicy(Policy policy, PolicyStore policyStore, String client, String owner) {
    ClientPolicyRepresentation rep = new ClientPolicyRepresentation();
    rep.setName(KeycloakModelUtils.generateId());
    rep.addClient(client);
    Policy associatedPolicy = policyStore.create(rep, policy.getResourceServer());
    associatedPolicy.setOwner(owner);
    policy.addAssociatedPolicy(associatedPolicy);
}
Also used : Policy(org.keycloak.authorization.model.Policy) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)

Example 3 with ClientPolicyRepresentation

use of org.keycloak.representations.idm.authorization.ClientPolicyRepresentation in project keycloak by keycloak.

the class ClientPolicyProviderFactory method onExport.

@Override
public void onExport(Policy policy, PolicyRepresentation representation, AuthorizationProvider authorization) {
    ClientPolicyRepresentation userRep = toRepresentation(policy, authorization);
    Map<String, String> config = new HashMap<>();
    try {
        RealmModel realm = authorization.getRealm();
        config.put("clients", JsonSerialization.writeValueAsString(userRep.getClients().stream().map(id -> realm.getClientById(id).getClientId()).collect(Collectors.toList())));
    } catch (IOException cause) {
        throw new RuntimeException("Failed to export user policy [" + policy.getName() + "]", cause);
    }
    representation.setConfig(config);
}
Also used : RealmModel(org.keycloak.models.RealmModel) ClientModel(org.keycloak.models.ClientModel) Arrays(java.util.Arrays) StoreFactory(org.keycloak.authorization.store.StoreFactory) HashMap(java.util.HashMap) Config(org.keycloak.Config) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) Map(java.util.Map) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) ResourceServer(org.keycloak.authorization.model.ResourceServer) PolicyProviderFactory(org.keycloak.authorization.policy.provider.PolicyProviderFactory) RealmModel(org.keycloak.models.RealmModel) Set(java.util.Set) KeycloakSession(org.keycloak.models.KeycloakSession) IOException(java.io.IOException) PolicyStore(org.keycloak.authorization.store.PolicyStore) ClientRemovedEvent(org.keycloak.models.ClientModel.ClientRemovedEvent) Collectors(java.util.stream.Collectors) JsonSerialization(org.keycloak.util.JsonSerialization) Policy(org.keycloak.authorization.model.Policy) ResourceServerStore(org.keycloak.authorization.store.ResourceServerStore) List(java.util.List) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) KeycloakSessionFactory(org.keycloak.models.KeycloakSessionFactory) PolicyProvider(org.keycloak.authorization.policy.provider.PolicyProvider) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) HashMap(java.util.HashMap) IOException(java.io.IOException)

Example 4 with ClientPolicyRepresentation

use of org.keycloak.representations.idm.authorization.ClientPolicyRepresentation in project keycloak by keycloak.

the class ClientTokenExchangeSAML2Test method addDirectExchanger.

private static void addDirectExchanger(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName(TEST);
    RoleModel exampleRole = realm.addRole("example");
    AdminPermissionManagement management = AdminPermissions.management(session, realm);
    ClientModel directExchanger = realm.addClient("direct-exchanger");
    directExchanger.setName("direct-exchanger");
    directExchanger.setClientId("direct-exchanger");
    directExchanger.setPublicClient(false);
    directExchanger.setDirectAccessGrantsEnabled(true);
    directExchanger.setEnabled(true);
    directExchanger.setSecret("secret");
    directExchanger.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    directExchanger.setFullScopeAllowed(false);
    // permission for client to client exchange to "target" client
    management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_SIGNED_TARGET), true);
    management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_ENCRYPTED_TARGET), true);
    management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_SIGNED_AND_ENCRYPTED_TARGET), true);
    management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_UNSIGNED_AND_UNENCRYPTED_TARGET), true);
    ClientPolicyRepresentation clientImpersonateRep = new ClientPolicyRepresentation();
    clientImpersonateRep.setName("clientImpersonatorsDirect");
    clientImpersonateRep.addClient(directExchanger.getId());
    ResourceServer server = management.realmResourceServer();
    Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(clientImpersonateRep, server);
    management.users().setPermissionsEnabled(true);
    management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy);
    management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
    UserModel impersonatedUser = session.users().addUser(realm, "impersonated-user");
    impersonatedUser.setEnabled(true);
    session.userCredentialManager().updateCredential(realm, impersonatedUser, UserCredentialModel.password("password"));
    impersonatedUser.grantRole(exampleRole);
}
Also used : RealmModel(org.keycloak.models.RealmModel) Policy(org.keycloak.authorization.model.Policy) UserModel(org.keycloak.models.UserModel) ClientModel(org.keycloak.models.ClientModel) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) RoleModel(org.keycloak.models.RoleModel) ResourceServer(org.keycloak.authorization.model.ResourceServer) AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)

Example 5 with ClientPolicyRepresentation

use of org.keycloak.representations.idm.authorization.ClientPolicyRepresentation in project keycloak by keycloak.

the class ClientPolicyManagementTest method testGenericConfig.

@Test
public void testGenericConfig() {
    AuthorizationResource authorization = getClient().authorization();
    ClientPolicyRepresentation representation = new ClientPolicyRepresentation();
    representation.setName("Test Generic Config Permission");
    representation.addClient("Client A");
    ClientPoliciesResource policies = authorization.policies().client();
    try (Response response = policies.create(representation)) {
        ClientPolicyRepresentation created = response.readEntity(ClientPolicyRepresentation.class);
        PolicyResource policy = authorization.policies().policy(created.getId());
        PolicyRepresentation genericConfig = policy.toRepresentation();
        assertNotNull(genericConfig.getConfig());
        assertNotNull(genericConfig.getConfig().get("clients"));
        ClientRepresentation user = getRealm().clients().findByClientId("Client A").get(0);
        assertTrue(genericConfig.getConfig().get("clients").contains(user.getId()));
    }
}
Also used : Response(javax.ws.rs.core.Response) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) ClientPolicyResource(org.keycloak.admin.client.resource.ClientPolicyResource) PolicyResource(org.keycloak.admin.client.resource.PolicyResource) ClientPoliciesResource(org.keycloak.admin.client.resource.ClientPoliciesResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test)

Aggregations

ClientPolicyRepresentation (org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)29 Policy (org.keycloak.authorization.model.Policy)12 Test (org.junit.Test)10 RealmModel (org.keycloak.models.RealmModel)10 ResourceServer (org.keycloak.authorization.model.ResourceServer)9 ClientModel (org.keycloak.models.ClientModel)9 AdminPermissionManagement (org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)7 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)5 ClientPoliciesResource (org.keycloak.admin.client.resource.ClientPoliciesResource)5 RoleModel (org.keycloak.models.RoleModel)5 Response (javax.ws.rs.core.Response)4 ClientPolicyResource (org.keycloak.admin.client.resource.ClientPolicyResource)4 UserModel (org.keycloak.models.UserModel)4 GroupPolicyRepresentation (org.keycloak.representations.idm.authorization.GroupPolicyRepresentation)4 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)4 RolePolicyRepresentation (org.keycloak.representations.idm.authorization.RolePolicyRepresentation)4 UserPolicyRepresentation (org.keycloak.representations.idm.authorization.UserPolicyRepresentation)4 AbstractPolicyRepresentation (org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation)3 PolicyRepresentation (org.keycloak.representations.idm.authorization.PolicyRepresentation)3 HashSet (java.util.HashSet)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial