Search in sources :

Example 16 with ClientPolicyRepresentation

use of org.keycloak.representations.idm.authorization.ClientPolicyRepresentation in project keycloak by keycloak.

the class ClientPolicyManagementTest method testUpdate.

@Test
public void testUpdate() throws InterruptedException {
    authorizationPage.navigateTo();
    ClientPolicyRepresentation expected = new ClientPolicyRepresentation();
    expected.setName("Test Client Policy");
    expected.setDescription("description");
    expected.addClient("client a");
    expected.addClient("client b");
    expected.addClient("client c");
    expected = createPolicy(expected);
    String previousName = expected.getName();
    expected.setName("Changed Test Client Policy");
    expected.setDescription("Changed description");
    expected.setLogic(Logic.NEGATIVE);
    expected.setClients(expected.getClients().stream().filter(client -> !client.equals("client b")).collect(Collectors.toSet()));
    authorizationPage.navigateTo();
    authorizationPage.authorizationTabs().policies().update(previousName, expected);
    assertAlertSuccess();
    authorizationPage.navigateTo();
    ClientPolicy actual = authorizationPage.authorizationTabs().policies().name(expected.getName());
    assertPolicy(expected, actual);
}
Also used : ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) ClientPolicy(org.keycloak.testsuite.console.page.clients.authorization.policy.ClientPolicy) Test(org.junit.Test)

Example 17 with ClientPolicyRepresentation

use of org.keycloak.representations.idm.authorization.ClientPolicyRepresentation in project keycloak by keycloak.

the class ClientPolicyProviderFactory method toRepresentation.

@Override
public ClientPolicyRepresentation toRepresentation(Policy policy, AuthorizationProvider authorization) {
    ClientPolicyRepresentation representation = new ClientPolicyRepresentation();
    representation.setClients(new HashSet<>(Arrays.asList(getClients(policy))));
    return representation;
}
Also used : ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)

Example 18 with ClientPolicyRepresentation

use of org.keycloak.representations.idm.authorization.ClientPolicyRepresentation in project keycloak by keycloak.

the class UMAPolicyProviderFactory method toRepresentation.

@Override
public UmaPermissionRepresentation toRepresentation(Policy policy, AuthorizationProvider authorization) {
    UmaPermissionRepresentation representation = new UmaPermissionRepresentation();
    representation.setScopes(policy.getScopes().stream().map(Scope::getName).collect(Collectors.toSet()));
    representation.setOwner(policy.getOwner());
    for (Policy associatedPolicy : policy.getAssociatedPolicies()) {
        AbstractPolicyRepresentation associatedRep = ModelToRepresentation.toRepresentation(associatedPolicy, authorization, false, false);
        RealmModel realm = authorization.getRealm();
        if ("role".equals(associatedRep.getType())) {
            RolePolicyRepresentation rep = RolePolicyRepresentation.class.cast(associatedRep);
            for (RoleDefinition definition : rep.getRoles()) {
                RoleModel role = realm.getRoleById(definition.getId());
                if (role.isClientRole()) {
                    representation.addClientRole(ClientModel.class.cast(role.getContainer()).getClientId(), role.getName());
                } else {
                    representation.addRole(role.getName());
                }
            }
        } else if ("js".equals(associatedRep.getType())) {
            JSPolicyRepresentation rep = JSPolicyRepresentation.class.cast(associatedRep);
            representation.setCondition(rep.getCode());
        } else if ("group".equals(associatedRep.getType())) {
            GroupPolicyRepresentation rep = GroupPolicyRepresentation.class.cast(associatedRep);
            for (GroupDefinition definition : rep.getGroups()) {
                representation.addGroup(ModelToRepresentation.buildGroupPath(realm.getGroupById(definition.getId())));
            }
        } else if ("client".equals(associatedRep.getType())) {
            ClientPolicyRepresentation rep = ClientPolicyRepresentation.class.cast(associatedRep);
            for (String client : rep.getClients()) {
                representation.addClient(realm.getClientById(client).getClientId());
            }
        } else if ("user".equals(associatedPolicy.getType())) {
            UserPolicyRepresentation rep = UserPolicyRepresentation.class.cast(associatedRep);
            for (String user : rep.getUsers()) {
                representation.addUser(authorization.getKeycloakSession().users().getUserById(realm, user).getUsername());
            }
        }
    }
    return representation;
}
Also used : Policy(org.keycloak.authorization.model.Policy) RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) RoleDefinition(org.keycloak.representations.idm.authorization.RolePolicyRepresentation.RoleDefinition) RoleModel(org.keycloak.models.RoleModel) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation) AbstractPolicyRepresentation(org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation) RealmModel(org.keycloak.models.RealmModel) Scope(org.keycloak.authorization.model.Scope) GroupDefinition(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation.GroupDefinition) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation)

Example 19 with ClientPolicyRepresentation

use of org.keycloak.representations.idm.authorization.ClientPolicyRepresentation in project keycloak by keycloak.

the class ClientPolicyProvider method evaluate.

@Override
public void evaluate(Evaluation evaluation) {
    ClientPolicyRepresentation representation = representationFunction.apply(evaluation.getPolicy(), evaluation.getAuthorizationProvider());
    AuthorizationProvider authorizationProvider = evaluation.getAuthorizationProvider();
    RealmModel realm = authorizationProvider.getKeycloakSession().getContext().getRealm();
    EvaluationContext context = evaluation.getContext();
    for (String client : representation.getClients()) {
        ClientModel clientModel = realm.getClientById(client);
        if (context.getAttributes().containsValue("kc.client.id", clientModel.getClientId())) {
            evaluation.grant();
            return;
        }
    }
}
Also used : RealmModel(org.keycloak.models.RealmModel) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) ClientModel(org.keycloak.models.ClientModel) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) EvaluationContext(org.keycloak.authorization.policy.evaluation.EvaluationContext)

Example 20 with ClientPolicyRepresentation

use of org.keycloak.representations.idm.authorization.ClientPolicyRepresentation in project keycloak by keycloak.

the class ClientApplicationSynchronizer method removeFromClientPolicies.

private void removeFromClientPolicies(ClientRemovedEvent event, AuthorizationProvider authorizationProvider) {
    StoreFactory storeFactory = authorizationProvider.getStoreFactory();
    ResourceServerStore store = storeFactory.getResourceServerStore();
    ResourceServer resourceServer = store.findByClient(event.getClient());
    if (resourceServer != null) {
        storeFactory.getResourceServerStore().delete(event.getClient());
    }
    Map<Policy.FilterOption, String[]> attributes = new EnumMap<>(Policy.FilterOption.class);
    attributes.put(Policy.FilterOption.TYPE, new String[] { "client" });
    attributes.put(Policy.FilterOption.CONFIG, new String[] { "clients", event.getClient().getId() });
    attributes.put(Policy.FilterOption.ANY_OWNER, Policy.FilterOption.EMPTY_FILTER);
    List<Policy> search = storeFactory.getPolicyStore().findByResourceServer(attributes, null, -1, -1);
    for (Policy policy : search) {
        PolicyProviderFactory policyFactory = authorizationProvider.getProviderFactory(policy.getType());
        ClientPolicyRepresentation representation = ClientPolicyRepresentation.class.cast(policyFactory.toRepresentation(policy, authorizationProvider));
        Set<String> clients = representation.getClients();
        clients.remove(event.getClient().getId());
        if (clients.isEmpty()) {
            policyFactory.onRemove(policy, authorizationProvider);
            authorizationProvider.getStoreFactory().getPolicyStore().delete(policy.getId());
        } else {
            policyFactory.onUpdate(policy, representation, authorizationProvider);
        }
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) ResourceServerStore(org.keycloak.authorization.store.ResourceServerStore) PolicyProviderFactory(org.keycloak.authorization.policy.provider.PolicyProviderFactory) StoreFactory(org.keycloak.authorization.store.StoreFactory) ResourceServer(org.keycloak.authorization.model.ResourceServer) EnumMap(java.util.EnumMap)

Aggregations

ClientPolicyRepresentation (org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)29 Policy (org.keycloak.authorization.model.Policy)12 Test (org.junit.Test)10 RealmModel (org.keycloak.models.RealmModel)10 ResourceServer (org.keycloak.authorization.model.ResourceServer)9 ClientModel (org.keycloak.models.ClientModel)9 AdminPermissionManagement (org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)7 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)5 ClientPoliciesResource (org.keycloak.admin.client.resource.ClientPoliciesResource)5 RoleModel (org.keycloak.models.RoleModel)5 Response (javax.ws.rs.core.Response)4 ClientPolicyResource (org.keycloak.admin.client.resource.ClientPolicyResource)4 UserModel (org.keycloak.models.UserModel)4 GroupPolicyRepresentation (org.keycloak.representations.idm.authorization.GroupPolicyRepresentation)4 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)4 RolePolicyRepresentation (org.keycloak.representations.idm.authorization.RolePolicyRepresentation)4 UserPolicyRepresentation (org.keycloak.representations.idm.authorization.UserPolicyRepresentation)4 AbstractPolicyRepresentation (org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation)3 PolicyRepresentation (org.keycloak.representations.idm.authorization.PolicyRepresentation)3 HashSet (java.util.HashSet)2