Search in sources :

Example 1 with JSPolicyRepresentation

use of org.keycloak.representations.idm.authorization.JSPolicyRepresentation in project keycloak by keycloak.

the class UMAPolicyProviderFactory method onUpdate.

@Override
public void onUpdate(Policy policy, UmaPermissionRepresentation representation, AuthorizationProvider authorization) {
    PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
    Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
    for (Policy associatedPolicy : associatedPolicies) {
        AbstractPolicyRepresentation associatedRep = ModelToRepresentation.toRepresentation(associatedPolicy, authorization, false, false);
        if ("role".equals(associatedRep.getType())) {
            RolePolicyRepresentation rep = RolePolicyRepresentation.class.cast(associatedRep);
            rep.setRoles(new HashSet<>());
            Set<String> updatedRoles = representation.getRoles();
            if (updatedRoles != null) {
                for (String role : updatedRoles) {
                    rep.addRole(role);
                }
            }
            if (rep.getRoles().isEmpty()) {
                policyStore.delete(associatedPolicy.getId());
            } else {
                RepresentationToModel.toModel(rep, authorization, associatedPolicy);
            }
        } else if ("js".equals(associatedRep.getType())) {
            JSPolicyRepresentation rep = JSPolicyRepresentation.class.cast(associatedRep);
            if (representation.getCondition() != null) {
                rep.setCode(representation.getCondition());
                RepresentationToModel.toModel(rep, authorization, associatedPolicy);
            } else {
                policyStore.delete(associatedPolicy.getId());
            }
        } else if ("group".equals(associatedRep.getType())) {
            GroupPolicyRepresentation rep = GroupPolicyRepresentation.class.cast(associatedRep);
            rep.setGroups(new HashSet<>());
            Set<String> updatedGroups = representation.getGroups();
            if (updatedGroups != null) {
                for (String group : updatedGroups) {
                    rep.addGroupPath(group);
                }
            }
            if (rep.getGroups().isEmpty()) {
                policyStore.delete(associatedPolicy.getId());
            } else {
                RepresentationToModel.toModel(rep, authorization, associatedPolicy);
            }
        } else if ("client".equals(associatedRep.getType())) {
            ClientPolicyRepresentation rep = ClientPolicyRepresentation.class.cast(associatedRep);
            rep.setClients(new HashSet<>());
            Set<String> updatedClients = representation.getClients();
            if (updatedClients != null) {
                for (String client : updatedClients) {
                    rep.addClient(client);
                }
            }
            if (rep.getClients().isEmpty()) {
                policyStore.delete(associatedPolicy.getId());
            } else {
                RepresentationToModel.toModel(rep, authorization, associatedPolicy);
            }
        } else if ("user".equals(associatedRep.getType())) {
            UserPolicyRepresentation rep = UserPolicyRepresentation.class.cast(associatedRep);
            rep.setUsers(new HashSet<>());
            Set<String> updatedUsers = representation.getUsers();
            if (updatedUsers != null) {
                for (String user : updatedUsers) {
                    rep.addUser(user);
                }
            }
            if (rep.getUsers().isEmpty()) {
                policyStore.delete(associatedPolicy.getId());
            } else {
                RepresentationToModel.toModel(rep, authorization, associatedPolicy);
            }
        }
    }
    Set<String> updatedRoles = representation.getRoles();
    if (updatedRoles != null) {
        boolean createPolicy = true;
        for (Policy associatedPolicy : associatedPolicies) {
            if ("role".equals(associatedPolicy.getType())) {
                createPolicy = false;
            }
        }
        if (createPolicy) {
            for (String role : updatedRoles) {
                createRolePolicy(policy, policyStore, role, policy.getOwner());
            }
        }
    }
    Set<String> updatedGroups = representation.getGroups();
    if (updatedGroups != null) {
        boolean createPolicy = true;
        for (Policy associatedPolicy : associatedPolicies) {
            if ("group".equals(associatedPolicy.getType())) {
                createPolicy = false;
            }
        }
        if (createPolicy) {
            for (String group : updatedGroups) {
                createGroupPolicy(policy, policyStore, group, policy.getOwner());
            }
        }
    }
    Set<String> updatedClients = representation.getClients();
    if (updatedClients != null) {
        boolean createPolicy = true;
        for (Policy associatedPolicy : associatedPolicies) {
            if ("client".equals(associatedPolicy.getType())) {
                createPolicy = false;
            }
        }
        if (createPolicy) {
            for (String client : updatedClients) {
                createClientPolicy(policy, policyStore, client, policy.getOwner());
            }
        }
    }
    Set<String> updatedUsers = representation.getUsers();
    if (updatedUsers != null) {
        boolean createPolicy = true;
        for (Policy associatedPolicy : associatedPolicies) {
            if ("user".equals(associatedPolicy.getType())) {
                createPolicy = false;
            }
        }
        if (createPolicy) {
            for (String user : updatedUsers) {
                createUserPolicy(policy, policyStore, user, policy.getOwner());
            }
        }
    }
    String condition = representation.getCondition();
    if (condition != null) {
        boolean createPolicy = true;
        for (Policy associatedPolicy : associatedPolicies) {
            if ("js".equals(associatedPolicy.getType())) {
                createPolicy = false;
            }
        }
        if (createPolicy) {
            createJSPolicy(policy, policyStore, condition, policy.getOwner());
        }
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) HashSet(java.util.HashSet) Set(java.util.Set) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation) AbstractPolicyRepresentation(org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) PolicyStore(org.keycloak.authorization.store.PolicyStore) HashSet(java.util.HashSet)

Example 2 with JSPolicyRepresentation

use of org.keycloak.representations.idm.authorization.JSPolicyRepresentation in project keycloak by keycloak.

the class UMAPolicyProviderFactory method createJSPolicy.

private void createJSPolicy(Policy policy, PolicyStore policyStore, String condition, String owner) {
    JSPolicyRepresentation rep = new JSPolicyRepresentation();
    rep.setName(KeycloakModelUtils.generateId());
    rep.setCode(condition);
    Policy associatedPolicy = policyStore.create(rep, policy.getResourceServer());
    associatedPolicy.setOwner(owner);
    policy.addAssociatedPolicy(associatedPolicy);
}
Also used : Policy(org.keycloak.authorization.model.Policy) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation)

Example 3 with JSPolicyRepresentation

use of org.keycloak.representations.idm.authorization.JSPolicyRepresentation in project keycloak by keycloak.

the class AggregatePolicyManagementTest method testCreateWithChildAndSelectedPolicy.

@Test
public void testCreateWithChildAndSelectedPolicy() {
    refreshPageAndWaitForLoad();
    AggregatePolicyRepresentation expected = new AggregatePolicyRepresentation();
    expected.setName("Test Child Create And Select Aggregate Policy");
    expected.setDescription("description");
    expected.addPolicy("Policy C");
    AggregatePolicy policy = authorizationPage.authorizationTabs().policies().create(expected, false);
    RolePolicyRepresentation childRolePolicy = new RolePolicyRepresentation();
    childRolePolicy.setName(UUID.randomUUID().toString());
    childRolePolicy.addRole("Role A");
    policy.createPolicy(childRolePolicy);
    expected.addPolicy(childRolePolicy.getName());
    UserPolicyRepresentation childUserPolicy = new UserPolicyRepresentation();
    childUserPolicy.setName(UUID.randomUUID().toString());
    childUserPolicy.setDescription("description");
    childUserPolicy.addUser("user a");
    policy.createPolicy(childUserPolicy);
    expected.addPolicy(childUserPolicy.getName());
    ClientPolicyRepresentation childClientPolicy = new ClientPolicyRepresentation();
    childClientPolicy.setName(UUID.randomUUID().toString());
    childClientPolicy.setDescription("description");
    childClientPolicy.addClient("client a");
    policy.createPolicy(childClientPolicy);
    expected.addPolicy(childClientPolicy.getName());
    JSPolicyRepresentation childJSPolicy = new JSPolicyRepresentation();
    childJSPolicy.setName(UUID.randomUUID().toString());
    childJSPolicy.setDescription("description");
    childJSPolicy.setCode("$evaluation.grant();");
    policy.createPolicy(childJSPolicy);
    expected.addPolicy(childJSPolicy.getName());
    TimePolicyRepresentation childTimePolicy = new TimePolicyRepresentation();
    childTimePolicy.setName(UUID.randomUUID().toString());
    childTimePolicy.setDescription("description");
    childTimePolicy.setNotBefore("2017-01-01 00:00:00");
    childTimePolicy.setNotBefore("2018-01-01 00:00:00");
    policy.createPolicy(childTimePolicy);
    expected.addPolicy(childTimePolicy.getName());
    GroupPolicyRepresentation childGroupPolicy = new GroupPolicyRepresentation();
    childGroupPolicy.setName(UUID.randomUUID().toString());
    childGroupPolicy.setDescription("description");
    childGroupPolicy.setGroupsClaim("groups");
    childGroupPolicy.addGroupPath("/Group A", true);
    policy.createPolicy(childGroupPolicy);
    expected.addPolicy(childGroupPolicy.getName());
    policy.form().save();
    assertAlertSuccess();
    authorizationPage.navigateTo();
    AggregatePolicy actual = authorizationPage.authorizationTabs().policies().name(expected.getName());
    assertPolicy(expected, actual);
}
Also used : RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) TimePolicyRepresentation(org.keycloak.representations.idm.authorization.TimePolicyRepresentation) AggregatePolicy(org.keycloak.testsuite.console.page.clients.authorization.policy.AggregatePolicy) GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation) AggregatePolicyRepresentation(org.keycloak.representations.idm.authorization.AggregatePolicyRepresentation) Test(org.junit.Test)

Example 4 with JSPolicyRepresentation

use of org.keycloak.representations.idm.authorization.JSPolicyRepresentation in project keycloak by keycloak.

the class JSPolicyManagementTest method testUpdate.

@Test
public void testUpdate() throws InterruptedException {
    authorizationPage.navigateTo();
    JSPolicyRepresentation expected = new JSPolicyRepresentation();
    expected.setName("Test JS Policy");
    expected.setDescription("description");
    expected.setCode("$evaluation.grant();");
    expected = createPolicy(expected);
    String previousName = expected.getName();
    expected.setName("Changed Test JS Policy");
    expected.setDescription("Changed description");
    expected.setLogic(Logic.NEGATIVE);
    expected.setCode("$evaluation.deny();");
    authorizationPage.navigateTo();
    authorizationPage.authorizationTabs().policies().update(previousName, expected);
    assertAlertSuccess();
    authorizationPage.navigateTo();
    JSPolicy actual = authorizationPage.authorizationTabs().policies().name(expected.getName());
    assertPolicy(expected, actual);
}
Also used : JSPolicy(org.keycloak.testsuite.console.page.clients.authorization.policy.JSPolicy) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) Test(org.junit.Test)

Example 5 with JSPolicyRepresentation

use of org.keycloak.representations.idm.authorization.JSPolicyRepresentation in project keycloak by keycloak.

the class JSPolicyManagementTest method assertPolicy.

private JSPolicyRepresentation assertPolicy(JSPolicyRepresentation expected, JSPolicy policy) {
    JSPolicyRepresentation actual = policy.toRepresentation();
    assertEquals(expected.getName(), actual.getName());
    assertEquals(expected.getDescription(), actual.getDescription());
    assertEquals(expected.getLogic(), actual.getLogic());
    assertEquals(expected.getCode(), actual.getCode());
    return actual;
}
Also used : JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation)

Aggregations

JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)60 Test (org.junit.Test)30 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)29 ClientResource (org.keycloak.admin.client.resource.ClientResource)27 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)23 Response (javax.ws.rs.core.Response)21 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)21 AuthzClient (org.keycloak.authorization.client.AuthzClient)20 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)20 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)18 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)18 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)17 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)17 OAuthClient (org.keycloak.testsuite.util.OAuthClient)17 ScopePermissionRepresentation (org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)16 Policy (org.keycloak.authorization.model.Policy)13 Permission (org.keycloak.representations.idm.authorization.Permission)13 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)11 ResourceServer (org.keycloak.authorization.model.ResourceServer)11 StoreFactory (org.keycloak.authorization.store.StoreFactory)11