Examples with ClientPolicyRepresentation org.keycloak.representations.idm.authorization.ClientPolicyRepresentation used on opensource projects

Search in sources :

Example 26 with ClientPolicyRepresentation

use of org.keycloak.representations.idm.authorization.ClientPolicyRepresentation in project keycloak by keycloak.

the class BrokerLinkAndTokenExchangeTest method setupRealm.

public static void setupRealm(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName(CHILD_IDP);
    ClientModel client = realm.getClientByClientId(ClientApp.DEPLOYMENT_NAME);
    IdentityProviderModel idp = realm.getIdentityProviderByAlias(PARENT_IDP);
    Assert.assertNotNull(idp);
    ClientModel directExchanger = realm.addClient("direct-exchanger");
    directExchanger.setClientId("direct-exchanger");
    directExchanger.setPublicClient(false);
    directExchanger.setDirectAccessGrantsEnabled(true);
    directExchanger.setEnabled(true);
    directExchanger.setSecret("secret");
    directExchanger.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    directExchanger.setFullScopeAllowed(false);
    AdminPermissionManagement management = AdminPermissions.management(session, realm);
    management.idps().setPermissionsEnabled(idp, true);
    ClientPolicyRepresentation clientRep = new ClientPolicyRepresentation();
    clientRep.setName("toIdp");
    clientRep.addClient(client.getId());
    clientRep.addClient(directExchanger.getId());
    ResourceServer server = management.realmResourceServer();
    Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(clientRep, server);
    management.idps().exchangeToPermission(idp).addAssociatedPolicy(clientPolicy);
    // permission for user impersonation for a client
    ClientPolicyRepresentation clientImpersonateRep = new ClientPolicyRepresentation();
    clientImpersonateRep.setName("clientImpersonators");
    clientImpersonateRep.addClient(directExchanger.getId());
    server = management.realmResourceServer();
    Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(clientImpersonateRep, server);
    management.users().setPermissionsEnabled(true);
    management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy);
    management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
}
Also used : RealmModel(org.keycloak.models.RealmModel) Policy(org.keycloak.authorization.model.Policy) ClientModel(org.keycloak.models.ClientModel) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) IdentityProviderModel(org.keycloak.models.IdentityProviderModel) ResourceServer(org.keycloak.authorization.model.ResourceServer) AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)

Example 27 with ClientPolicyRepresentation

use of org.keycloak.representations.idm.authorization.ClientPolicyRepresentation in project keycloak by keycloak.

the class ClientTokenExchangeSAML2Test method setupRealm.

public static void setupRealm(KeycloakSession session) {
    addTargetClients(session);
    addDirectExchanger(session);
    RealmModel realm = session.realms().getRealmByName(TEST);
    RoleModel exampleRole = realm.getRole("example");
    AdminPermissionManagement management = AdminPermissions.management(session, realm);
    RoleModel impersonateRole = management.getRealmManagementClient().getRole(ImpersonationConstants.IMPERSONATION_ROLE);
    ClientModel clientExchanger = realm.addClient("client-exchanger");
    clientExchanger.setClientId("client-exchanger");
    clientExchanger.setPublicClient(false);
    clientExchanger.setDirectAccessGrantsEnabled(true);
    clientExchanger.setEnabled(true);
    clientExchanger.setSecret("secret");
    clientExchanger.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    clientExchanger.setFullScopeAllowed(false);
    clientExchanger.addScopeMapping(impersonateRole);
    clientExchanger.addProtocolMapper(UserSessionNoteMapper.createUserSessionNoteMapper(IMPERSONATOR_ID));
    clientExchanger.addProtocolMapper(UserSessionNoteMapper.createUserSessionNoteMapper(IMPERSONATOR_USERNAME));
    ClientModel illegal = realm.addClient("illegal");
    illegal.setClientId("illegal");
    illegal.setPublicClient(false);
    illegal.setDirectAccessGrantsEnabled(true);
    illegal.setEnabled(true);
    illegal.setSecret("secret");
    illegal.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    illegal.setFullScopeAllowed(false);
    ClientModel legal = realm.addClient("legal");
    legal.setClientId("legal");
    legal.setPublicClient(false);
    legal.setDirectAccessGrantsEnabled(true);
    legal.setEnabled(true);
    legal.setSecret("secret");
    legal.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    legal.setFullScopeAllowed(false);
    ClientModel directLegal = realm.addClient("direct-legal");
    directLegal.setClientId("direct-legal");
    directLegal.setPublicClient(false);
    directLegal.setDirectAccessGrantsEnabled(true);
    directLegal.setEnabled(true);
    directLegal.setSecret("secret");
    directLegal.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    directLegal.setFullScopeAllowed(false);
    ClientModel directPublic = realm.addClient("direct-public");
    directPublic.setClientId("direct-public");
    directPublic.setPublicClient(true);
    directPublic.setDirectAccessGrantsEnabled(true);
    directPublic.setEnabled(true);
    directPublic.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    directPublic.setFullScopeAllowed(false);
    ClientModel directNoSecret = realm.addClient("direct-no-secret");
    directNoSecret.setClientId("direct-no-secret");
    directNoSecret.setPublicClient(false);
    directNoSecret.setDirectAccessGrantsEnabled(true);
    directNoSecret.setEnabled(true);
    directNoSecret.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    directNoSecret.setFullScopeAllowed(false);
    // permission for client to client exchange to "target" client
    ClientPolicyRepresentation clientRep = new ClientPolicyRepresentation();
    clientRep.setName("to");
    clientRep.addClient(clientExchanger.getId());
    clientRep.addClient(legal.getId());
    clientRep.addClient(directLegal.getId());
    ClientModel samlSignedTarget = realm.getClientByClientId(SAML_SIGNED_TARGET);
    ClientModel samlEncryptedTarget = realm.getClientByClientId(SAML_ENCRYPTED_TARGET);
    ClientModel samlSignedAndEncryptedTarget = realm.getClientByClientId(SAML_SIGNED_AND_ENCRYPTED_TARGET);
    ClientModel samlUnsignedAndUnencryptedTarget = realm.getClientByClientId(SAML_UNSIGNED_AND_UNENCRYPTED_TARGET);
    assertNotNull(samlSignedTarget);
    assertNotNull(samlEncryptedTarget);
    assertNotNull(samlSignedAndEncryptedTarget);
    assertNotNull(samlUnsignedAndUnencryptedTarget);
    ResourceServer server = management.realmResourceServer();
    Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(clientRep, server);
    management.clients().exchangeToPermission(samlSignedTarget).addAssociatedPolicy(clientPolicy);
    management.clients().exchangeToPermission(samlEncryptedTarget).addAssociatedPolicy(clientPolicy);
    management.clients().exchangeToPermission(samlSignedAndEncryptedTarget).addAssociatedPolicy(clientPolicy);
    management.clients().exchangeToPermission(samlUnsignedAndUnencryptedTarget).addAssociatedPolicy(clientPolicy);
    // permission for user impersonation for a client
    ClientPolicyRepresentation clientImpersonateRep = new ClientPolicyRepresentation();
    clientImpersonateRep.setName("clientImpersonators");
    clientImpersonateRep.addClient(directLegal.getId());
    clientImpersonateRep.addClient(directPublic.getId());
    clientImpersonateRep.addClient(directNoSecret.getId());
    server = management.realmResourceServer();
    Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(clientImpersonateRep, server);
    management.users().setPermissionsEnabled(true);
    management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy);
    management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
    UserModel user = session.users().addUser(realm, "user");
    user.setEnabled(true);
    session.userCredentialManager().updateCredential(realm, user, UserCredentialModel.password("password"));
    user.grantRole(exampleRole);
    user.grantRole(impersonateRole);
    UserModel bad = session.users().addUser(realm, "bad-impersonator");
    bad.setEnabled(true);
    session.userCredentialManager().updateCredential(realm, bad, UserCredentialModel.password("password"));
}
Also used : RealmModel(org.keycloak.models.RealmModel) Policy(org.keycloak.authorization.model.Policy) UserModel(org.keycloak.models.UserModel) ClientModel(org.keycloak.models.ClientModel) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) RoleModel(org.keycloak.models.RoleModel) ResourceServer(org.keycloak.authorization.model.ResourceServer) AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)

Example 28 with ClientPolicyRepresentation

use of org.keycloak.representations.idm.authorization.ClientPolicyRepresentation in project keycloak by keycloak.

the class ClientPolicyManagementTest method assertPolicy.

private ClientPolicyRepresentation assertPolicy(ClientPolicyRepresentation expected, ClientPolicy policy) {
    ClientPolicyRepresentation actual = policy.toRepresentation();
    assertEquals(expected.getName(), actual.getName());
    assertEquals(expected.getDescription(), actual.getDescription());
    assertEquals(expected.getLogic(), actual.getLogic());
    assertNotNull(actual.getClients());
    assertEquals(expected.getClients().size(), actual.getClients().size());
    assertEquals(0, actual.getClients().stream().filter(actualClient -> !expected.getClients().stream().filter(expectedClient -> actualClient.equals(expectedClient)).findFirst().isPresent()).count());
    return actual;
}
Also used : ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)

Example 29 with ClientPolicyRepresentation

use of org.keycloak.representations.idm.authorization.ClientPolicyRepresentation in project keycloak by keycloak.

the class SocialLoginTest method setupClientExchangePermissions.

public static void setupClientExchangePermissions(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName(REALM);
    ClientModel client = session.clients().getClientByClientId(realm, EXCHANGE_CLIENT);
    // lazy init
    if (client != null)
        return;
    client = realm.addClient(EXCHANGE_CLIENT);
    client.setSecret("secret");
    client.setPublicClient(false);
    client.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    client.setEnabled(true);
    client.setDirectAccessGrantsEnabled(true);
    ClientPolicyRepresentation clientPolicyRep = new ClientPolicyRepresentation();
    clientPolicyRep.setName("client-policy");
    clientPolicyRep.addClient(client.getId());
    AdminPermissionManagement management = AdminPermissions.management(session, realm);
    management.users().setPermissionsEnabled(true);
    ResourceServer server = management.realmResourceServer();
    Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(clientPolicyRep, server);
    management.users().adminImpersonatingPermission().addAssociatedPolicy(clientPolicy);
    management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
    realm.getIdentityProvidersStream().forEach(idp -> {
        management.idps().setPermissionsEnabled(idp, true);
        management.idps().exchangeToPermission(idp).addAssociatedPolicy(clientPolicy);
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) Policy(org.keycloak.authorization.model.Policy) ClientModel(org.keycloak.models.ClientModel) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) ResourceServer(org.keycloak.authorization.model.ResourceServer) AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)

Aggregations

ClientPolicyRepresentation (org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)29 Policy (org.keycloak.authorization.model.Policy)12 Test (org.junit.Test)10 RealmModel (org.keycloak.models.RealmModel)10 ResourceServer (org.keycloak.authorization.model.ResourceServer)9 ClientModel (org.keycloak.models.ClientModel)9 AdminPermissionManagement (org.keycloak.services.resources.admin.permissions.AdminPermissionManagement)7 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)5 ClientPoliciesResource (org.keycloak.admin.client.resource.ClientPoliciesResource)5 RoleModel (org.keycloak.models.RoleModel)5 Response (javax.ws.rs.core.Response)4 ClientPolicyResource (org.keycloak.admin.client.resource.ClientPolicyResource)4 UserModel (org.keycloak.models.UserModel)4 GroupPolicyRepresentation (org.keycloak.representations.idm.authorization.GroupPolicyRepresentation)4 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)4 RolePolicyRepresentation (org.keycloak.representations.idm.authorization.RolePolicyRepresentation)4 UserPolicyRepresentation (org.keycloak.representations.idm.authorization.UserPolicyRepresentation)4 AbstractPolicyRepresentation (org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation)3 PolicyRepresentation (org.keycloak.representations.idm.authorization.PolicyRepresentation)3 HashSet (java.util.HashSet)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial