Example 6 with GroupPolicyRepresentation
use of org.keycloak.representations.idm.authorization.GroupPolicyRepresentation in project keycloak by keycloak.
the class GroupPolicyManagementTest method assertRepresentation.
private void assertRepresentation(GroupPolicyRepresentation representation, GroupPolicyResource permission) {
GroupPolicyRepresentation actual = permission.toRepresentation();
assertRepresentation(representation, actual, () -> permission.resources(), () -> Collections.emptyList(), () -> permission.associatedPolicies());
assertEquals(representation.getGroups().size(), actual.getGroups().size());
assertEquals(0, actual.getGroups().stream().filter(actualDefinition -> !representation.getGroups().stream().filter(groupDefinition -> getGroupPath(actualDefinition.getId()).equals(getCanonicalGroupPath(groupDefinition.getPath())) && actualDefinition.isExtendChildren() == groupDefinition.isExtendChildren()).findFirst().isPresent()).count());
}
Also used :
GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation)
Example 7 with GroupPolicyRepresentation
use of org.keycloak.representations.idm.authorization.GroupPolicyRepresentation in project keycloak by keycloak.
the class GroupPolicyManagementTest method testRemoveWithoutPath.
@Test
public void testRemoveWithoutPath() {
GroupPolicyRepresentation representation = new GroupPolicyRepresentation();
representation.setName("Delete Group Path Policy");
representation.setGroupsClaim("groups");
representation.addGroup("Group A");
representation.removeGroup("Group A");
assertTrue(representation.getGroups().isEmpty());
}
Also used :
GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation)
Test(org.junit.Test)
Example 8 with GroupPolicyRepresentation
use of org.keycloak.representations.idm.authorization.GroupPolicyRepresentation in project keycloak by keycloak.
the class GroupSynchronizer method synchronize.
@Override
public void synchronize(GroupModel.GroupRemovedEvent event, KeycloakSessionFactory factory) {
ProviderFactory<AuthorizationProvider> providerFactory = factory.getProviderFactory(AuthorizationProvider.class);
AuthorizationProvider authorizationProvider = providerFactory.create(event.getKeycloakSession());
StoreFactory storeFactory = authorizationProvider.getStoreFactory();
PolicyStore policyStore = storeFactory.getPolicyStore();
GroupModel group = event.getGroup();
Map<Policy.FilterOption, String[]> attributes = new EnumMap<>(Policy.FilterOption.class);
attributes.put(Policy.FilterOption.TYPE, new String[] { "group" });
attributes.put(Policy.FilterOption.CONFIG, new String[] { "groups", group.getId() });
attributes.put(Policy.FilterOption.ANY_OWNER, Policy.FilterOption.EMPTY_FILTER);
List<Policy> search = policyStore.findByResourceServer(attributes, null, -1, -1);
for (Policy policy : search) {
PolicyProviderFactory policyFactory = authorizationProvider.getProviderFactory(policy.getType());
GroupPolicyRepresentation representation = GroupPolicyRepresentation.class.cast(policyFactory.toRepresentation(policy, authorizationProvider));
Set<GroupPolicyRepresentation.GroupDefinition> groups = representation.getGroups();
groups.removeIf(groupDefinition -> groupDefinition.getId().equals(group.getId()));
if (groups.isEmpty()) {
policyFactory.onRemove(policy, authorizationProvider);
policyStore.delete(policy.getId());
} else {
policyFactory.onUpdate(policy, representation, authorizationProvider);
}
}
}
Also used :
Policy(org.keycloak.authorization.model.Policy)
PolicyProviderFactory(org.keycloak.authorization.policy.provider.PolicyProviderFactory)
AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider)
GroupModel(org.keycloak.models.GroupModel)
StoreFactory(org.keycloak.authorization.store.StoreFactory)
GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation)
PolicyStore(org.keycloak.authorization.store.PolicyStore)
EnumMap(java.util.EnumMap)
Example 9 with GroupPolicyRepresentation
use of org.keycloak.representations.idm.authorization.GroupPolicyRepresentation in project keycloak by keycloak.
the class AggregatePolicyManagementTest method testCreateWithChildAndSelectedPolicy.
@Test
public void testCreateWithChildAndSelectedPolicy() {
refreshPageAndWaitForLoad();
AggregatePolicyRepresentation expected = new AggregatePolicyRepresentation();
expected.setName("Test Child Create And Select Aggregate Policy");
expected.setDescription("description");
expected.addPolicy("Policy C");
AggregatePolicy policy = authorizationPage.authorizationTabs().policies().create(expected, false);
RolePolicyRepresentation childRolePolicy = new RolePolicyRepresentation();
childRolePolicy.setName(UUID.randomUUID().toString());
childRolePolicy.addRole("Role A");
policy.createPolicy(childRolePolicy);
expected.addPolicy(childRolePolicy.getName());
UserPolicyRepresentation childUserPolicy = new UserPolicyRepresentation();
childUserPolicy.setName(UUID.randomUUID().toString());
childUserPolicy.setDescription("description");
childUserPolicy.addUser("user a");
policy.createPolicy(childUserPolicy);
expected.addPolicy(childUserPolicy.getName());
ClientPolicyRepresentation childClientPolicy = new ClientPolicyRepresentation();
childClientPolicy.setName(UUID.randomUUID().toString());
childClientPolicy.setDescription("description");
childClientPolicy.addClient("client a");
policy.createPolicy(childClientPolicy);
expected.addPolicy(childClientPolicy.getName());
JSPolicyRepresentation childJSPolicy = new JSPolicyRepresentation();
childJSPolicy.setName(UUID.randomUUID().toString());
childJSPolicy.setDescription("description");
childJSPolicy.setCode("$evaluation.grant();");
policy.createPolicy(childJSPolicy);
expected.addPolicy(childJSPolicy.getName());
TimePolicyRepresentation childTimePolicy = new TimePolicyRepresentation();
childTimePolicy.setName(UUID.randomUUID().toString());
childTimePolicy.setDescription("description");
childTimePolicy.setNotBefore("2017-01-01 00:00:00");
childTimePolicy.setNotBefore("2018-01-01 00:00:00");
policy.createPolicy(childTimePolicy);
expected.addPolicy(childTimePolicy.getName());
GroupPolicyRepresentation childGroupPolicy = new GroupPolicyRepresentation();
childGroupPolicy.setName(UUID.randomUUID().toString());
childGroupPolicy.setDescription("description");
childGroupPolicy.setGroupsClaim("groups");
childGroupPolicy.addGroupPath("/Group A", true);
policy.createPolicy(childGroupPolicy);
expected.addPolicy(childGroupPolicy.getName());
policy.form().save();
assertAlertSuccess();
authorizationPage.navigateTo();
AggregatePolicy actual = authorizationPage.authorizationTabs().policies().name(expected.getName());
assertPolicy(expected, actual);
}
Also used :
RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation)
ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)
UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation)
JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation)
TimePolicyRepresentation(org.keycloak.representations.idm.authorization.TimePolicyRepresentation)
AggregatePolicy(org.keycloak.testsuite.console.page.clients.authorization.policy.AggregatePolicy)
GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation)
AggregatePolicyRepresentation(org.keycloak.representations.idm.authorization.AggregatePolicyRepresentation)
Test(org.junit.Test)
Example 10 with GroupPolicyRepresentation
use of org.keycloak.representations.idm.authorization.GroupPolicyRepresentation in project keycloak by keycloak.
the class GroupPolicyManagementTest method testDeleteFromList.
@Test
public void testDeleteFromList() throws InterruptedException {
authorizationPage.navigateTo();
GroupPolicyRepresentation expected = new GroupPolicyRepresentation();
expected.setName("Test Delete Group Policy");
expected.setDescription("description");
expected.setGroupsClaim("groups");
expected.addGroupPath("/Group A", true);
expected.addGroupPath("/Group A/Group B/Group D");
expected.addGroupPath("Group F");
expected = createPolicy(expected);
authorizationPage.navigateTo();
authorizationPage.authorizationTabs().policies().deleteFromList(expected.getName());
authorizationPage.navigateTo();
assertNull(authorizationPage.authorizationTabs().policies().policies().findByName(expected.getName()));
}
Also used :
GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation)
Test(org.junit.Test)
Aggregations
GroupPolicyRepresentation (org.keycloak.representations.idm.authorization.GroupPolicyRepresentation)28
Test (org.junit.Test)13
AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)6
GroupPoliciesResource (org.keycloak.admin.client.resource.GroupPoliciesResource)4
GroupPolicyResource (org.keycloak.admin.client.resource.GroupPolicyResource)4
Policy (org.keycloak.authorization.model.Policy)4
ClientPolicyRepresentation (org.keycloak.representations.idm.authorization.ClientPolicyRepresentation)4
JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)4
RolePolicyRepresentation (org.keycloak.representations.idm.authorization.RolePolicyRepresentation)4
UserPolicyRepresentation (org.keycloak.representations.idm.authorization.UserPolicyRepresentation)4
HashSet (java.util.HashSet)3
Response (javax.ws.rs.core.Response)3
GroupModel (org.keycloak.models.GroupModel)3
AbstractPolicyRepresentation (org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation)3
WebElement (org.openqa.selenium.WebElement)3
IOException (java.io.IOException)2
List (java.util.List)2
NotFoundException (javax.ws.rs.NotFoundException)2
Drone (org.jboss.arquillian.drone.api.annotation.Drone)2
Page (org.jboss.arquillian.graphene.page.Page)2
