use of org.keycloak.representations.idm.authorization.ClientPolicyRepresentation in project keycloak by keycloak.
the class ClientPolicyManagementTest method assertRepresentation.
private void assertRepresentation(ClientPolicyRepresentation representation, ClientPolicyResource permission) {
ClientPolicyRepresentation actual = permission.toRepresentation();
assertRepresentation(representation, actual, () -> permission.resources(), () -> Collections.emptyList(), () -> permission.associatedPolicies());
assertEquals(representation.getClients().size(), actual.getClients().size());
assertEquals(0, actual.getClients().stream().filter(clientId -> !representation.getClients().stream().filter(userName -> getClientName(clientId).equalsIgnoreCase(userName)).findFirst().isPresent()).count());
}
use of org.keycloak.representations.idm.authorization.ClientPolicyRepresentation in project keycloak by keycloak.
the class ClientPolicyManagementTest method testCreate.
@Test
public void testCreate() {
AuthorizationResource authorization = getClient().authorization();
ClientPolicyRepresentation representation = new ClientPolicyRepresentation();
representation.setName("Realm Client Policy");
representation.setDescription("description");
representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
representation.setLogic(Logic.NEGATIVE);
representation.addClient("Client A");
representation.addClient("Client B");
assertCreated(authorization, representation);
}
use of org.keycloak.representations.idm.authorization.ClientPolicyRepresentation in project keycloak by keycloak.
the class ClientPolicyManagementTest method assertCreated.
private void assertCreated(AuthorizationResource authorization, ClientPolicyRepresentation representation) {
ClientPoliciesResource permissions = authorization.policies().client();
try (Response response = permissions.create(representation)) {
ClientPolicyRepresentation created = response.readEntity(ClientPolicyRepresentation.class);
ClientPolicyResource permission = permissions.findById(created.getId());
assertRepresentation(representation, permission);
}
}
use of org.keycloak.representations.idm.authorization.ClientPolicyRepresentation in project keycloak by keycloak.
the class ClientPolicyManagementTest method testUpdate.
@Test
public void testUpdate() {
AuthorizationResource authorization = getClient().authorization();
ClientPolicyRepresentation representation = new ClientPolicyRepresentation();
representation.setName("Update Test Client Policy");
representation.setDescription("description");
representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
representation.setLogic(Logic.NEGATIVE);
representation.addClient("Client A");
representation.addClient("Client B");
representation.addClient("Client C");
assertCreated(authorization, representation);
representation.setName("changed");
representation.setDescription("changed");
representation.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
representation.setLogic(Logic.POSITIVE);
representation.setClients(representation.getClients().stream().filter(userName -> !userName.equals("Client A")).collect(Collectors.toSet()));
ClientPoliciesResource policies = authorization.policies().client();
ClientPolicyResource permission = policies.findById(representation.getId());
permission.update(representation);
assertRepresentation(representation, permission);
representation.setClients(representation.getClients().stream().filter(userName -> !userName.equals("Client C")).collect(Collectors.toSet()));
permission.update(representation);
assertRepresentation(representation, permission);
}
use of org.keycloak.representations.idm.authorization.ClientPolicyRepresentation in project keycloak by keycloak.
the class FineGrainAdminUnitTest method setupTokenExchange.
private static void setupTokenExchange(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("master");
ClientModel client = session.clients().getClientByClientId(realm, "tokenexclient");
if (client != null) {
return;
}
ClientModel tokenexclient = realm.addClient("tokenexclient");
tokenexclient.setEnabled(true);
tokenexclient.addRedirectUri("http://localhost:*");
tokenexclient.setPublicClient(false);
tokenexclient.setSecret("password");
tokenexclient.setDirectAccessGrantsEnabled(true);
// permission for client to client exchange to "target" client
ClientModel adminCli = realm.getClientByClientId(ConfigUtil.DEFAULT_CLIENT);
AdminPermissionManagement management = AdminPermissions.management(session, realm);
management.clients().setPermissionsEnabled(adminCli, true);
ClientPolicyRepresentation clientRep = new ClientPolicyRepresentation();
clientRep.setName("to");
clientRep.addClient(tokenexclient.getId());
ResourceServer server = management.realmResourceServer();
Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(clientRep, server);
management.clients().exchangeToPermission(adminCli).addAssociatedPolicy(clientPolicy);
}
Aggregations