Search in sources :

Example 6 with ClientPolicyRepresentation

use of org.keycloak.representations.idm.authorization.ClientPolicyRepresentation in project keycloak by keycloak.

the class ClientPolicyManagementTest method assertRepresentation.

private void assertRepresentation(ClientPolicyRepresentation representation, ClientPolicyResource permission) {
    ClientPolicyRepresentation actual = permission.toRepresentation();
    assertRepresentation(representation, actual, () -> permission.resources(), () -> Collections.emptyList(), () -> permission.associatedPolicies());
    assertEquals(representation.getClients().size(), actual.getClients().size());
    assertEquals(0, actual.getClients().stream().filter(clientId -> !representation.getClients().stream().filter(userName -> getClientName(clientId).equalsIgnoreCase(userName)).findFirst().isPresent()).count());
}
Also used : ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)

Example 7 with ClientPolicyRepresentation

use of org.keycloak.representations.idm.authorization.ClientPolicyRepresentation in project keycloak by keycloak.

the class ClientPolicyManagementTest method testCreate.

@Test
public void testCreate() {
    AuthorizationResource authorization = getClient().authorization();
    ClientPolicyRepresentation representation = new ClientPolicyRepresentation();
    representation.setName("Realm Client Policy");
    representation.setDescription("description");
    representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
    representation.setLogic(Logic.NEGATIVE);
    representation.addClient("Client A");
    representation.addClient("Client B");
    assertCreated(authorization, representation);
}
Also used : ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) Test(org.junit.Test)

Example 8 with ClientPolicyRepresentation

use of org.keycloak.representations.idm.authorization.ClientPolicyRepresentation in project keycloak by keycloak.

the class ClientPolicyManagementTest method assertCreated.

private void assertCreated(AuthorizationResource authorization, ClientPolicyRepresentation representation) {
    ClientPoliciesResource permissions = authorization.policies().client();
    try (Response response = permissions.create(representation)) {
        ClientPolicyRepresentation created = response.readEntity(ClientPolicyRepresentation.class);
        ClientPolicyResource permission = permissions.findById(created.getId());
        assertRepresentation(representation, permission);
    }
}
Also used : Response(javax.ws.rs.core.Response) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) ClientPoliciesResource(org.keycloak.admin.client.resource.ClientPoliciesResource) ClientPolicyResource(org.keycloak.admin.client.resource.ClientPolicyResource)

Example 9 with ClientPolicyRepresentation

use of org.keycloak.representations.idm.authorization.ClientPolicyRepresentation in project keycloak by keycloak.

the class ClientPolicyManagementTest method testUpdate.

@Test
public void testUpdate() {
    AuthorizationResource authorization = getClient().authorization();
    ClientPolicyRepresentation representation = new ClientPolicyRepresentation();
    representation.setName("Update Test Client Policy");
    representation.setDescription("description");
    representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
    representation.setLogic(Logic.NEGATIVE);
    representation.addClient("Client A");
    representation.addClient("Client B");
    representation.addClient("Client C");
    assertCreated(authorization, representation);
    representation.setName("changed");
    representation.setDescription("changed");
    representation.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
    representation.setLogic(Logic.POSITIVE);
    representation.setClients(representation.getClients().stream().filter(userName -> !userName.equals("Client A")).collect(Collectors.toSet()));
    ClientPoliciesResource policies = authorization.policies().client();
    ClientPolicyResource permission = policies.findById(representation.getId());
    permission.update(representation);
    assertRepresentation(representation, permission);
    representation.setClients(representation.getClients().stream().filter(userName -> !userName.equals("Client C")).collect(Collectors.toSet()));
    permission.update(representation);
    assertRepresentation(representation, permission);
}
Also used : ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) ClientPoliciesResource(org.keycloak.admin.client.resource.ClientPoliciesResource) ClientPolicyResource(org.keycloak.admin.client.resource.ClientPolicyResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) Test(org.junit.Test)

Example 10 with ClientPolicyRepresentation

use of org.keycloak.representations.idm.authorization.ClientPolicyRepresentation in project keycloak by keycloak.

the class FineGrainAdminUnitTest method setupTokenExchange.

private static void setupTokenExchange(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName("master");
    ClientModel client = session.clients().getClientByClientId(realm, "tokenexclient");
    if (client != null) {
        return;
    }
    ClientModel tokenexclient = realm.addClient("tokenexclient");
    tokenexclient.setEnabled(true);
    tokenexclient.addRedirectUri("http://localhost:*");
    tokenexclient.setPublicClient(false);
    tokenexclient.setSecret("password");
    tokenexclient.setDirectAccessGrantsEnabled(true);
    // permission for client to client exchange to "target" client
    ClientModel adminCli = realm.getClientByClientId(ConfigUtil.DEFAULT_CLIENT);
    AdminPermissionManagement management = AdminPermissions.management(session, realm);
    management.clients().setPermissionsEnabled(adminCli, true);
    ClientPolicyRepresentation clientRep = new ClientPolicyRepresentation();
    clientRep.setName("to");
    clientRep.addClient(tokenexclient.getId());
    ResourceServer server = management.realmResourceServer();
    Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(clientRep, server);
    management.clients().exchangeToPermission(adminCli).addAssociatedPolicy(clientPolicy);
}
Also used : RealmModel(org.keycloak.models.RealmModel) Policy(org.keycloak.authorization.model.Policy) ClientModel(org.keycloak.models.ClientModel) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) ResourceServer(org.keycloak.authorization.model.ResourceServer) AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)

Aggregations

ClientPolicyRepresentation (org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)29 Policy (org.keycloak.authorization.model.Policy)12 Test (org.junit.Test)10 RealmModel (org.keycloak.models.RealmModel)10 ResourceServer (org.keycloak.authorization.model.ResourceServer)9 ClientModel (org.keycloak.models.ClientModel)9 AdminPermissionManagement (org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)7 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)5 ClientPoliciesResource (org.keycloak.admin.client.resource.ClientPoliciesResource)5 RoleModel (org.keycloak.models.RoleModel)5 Response (javax.ws.rs.core.Response)4 ClientPolicyResource (org.keycloak.admin.client.resource.ClientPolicyResource)4 UserModel (org.keycloak.models.UserModel)4 GroupPolicyRepresentation (org.keycloak.representations.idm.authorization.GroupPolicyRepresentation)4 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)4 RolePolicyRepresentation (org.keycloak.representations.idm.authorization.RolePolicyRepresentation)4 UserPolicyRepresentation (org.keycloak.representations.idm.authorization.UserPolicyRepresentation)4 AbstractPolicyRepresentation (org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation)3 PolicyRepresentation (org.keycloak.representations.idm.authorization.PolicyRepresentation)3 HashSet (java.util.HashSet)2