use of org.keycloak.representations.idm.authorization.JSPolicyRepresentation in project keycloak by keycloak.
the class UMAPolicyProviderFactory method onUpdate.
@Override
public void onUpdate(Policy policy, UmaPermissionRepresentation representation, AuthorizationProvider authorization) {
PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore();
Set<Policy> associatedPolicies = policy.getAssociatedPolicies();
for (Policy associatedPolicy : associatedPolicies) {
AbstractPolicyRepresentation associatedRep = ModelToRepresentation.toRepresentation(associatedPolicy, authorization, false, false);
if ("role".equals(associatedRep.getType())) {
RolePolicyRepresentation rep = RolePolicyRepresentation.class.cast(associatedRep);
rep.setRoles(new HashSet<>());
Set<String> updatedRoles = representation.getRoles();
if (updatedRoles != null) {
for (String role : updatedRoles) {
rep.addRole(role);
}
}
if (rep.getRoles().isEmpty()) {
policyStore.delete(associatedPolicy.getId());
} else {
RepresentationToModel.toModel(rep, authorization, associatedPolicy);
}
} else if ("js".equals(associatedRep.getType())) {
JSPolicyRepresentation rep = JSPolicyRepresentation.class.cast(associatedRep);
if (representation.getCondition() != null) {
rep.setCode(representation.getCondition());
RepresentationToModel.toModel(rep, authorization, associatedPolicy);
} else {
policyStore.delete(associatedPolicy.getId());
}
} else if ("group".equals(associatedRep.getType())) {
GroupPolicyRepresentation rep = GroupPolicyRepresentation.class.cast(associatedRep);
rep.setGroups(new HashSet<>());
Set<String> updatedGroups = representation.getGroups();
if (updatedGroups != null) {
for (String group : updatedGroups) {
rep.addGroupPath(group);
}
}
if (rep.getGroups().isEmpty()) {
policyStore.delete(associatedPolicy.getId());
} else {
RepresentationToModel.toModel(rep, authorization, associatedPolicy);
}
} else if ("client".equals(associatedRep.getType())) {
ClientPolicyRepresentation rep = ClientPolicyRepresentation.class.cast(associatedRep);
rep.setClients(new HashSet<>());
Set<String> updatedClients = representation.getClients();
if (updatedClients != null) {
for (String client : updatedClients) {
rep.addClient(client);
}
}
if (rep.getClients().isEmpty()) {
policyStore.delete(associatedPolicy.getId());
} else {
RepresentationToModel.toModel(rep, authorization, associatedPolicy);
}
} else if ("user".equals(associatedRep.getType())) {
UserPolicyRepresentation rep = UserPolicyRepresentation.class.cast(associatedRep);
rep.setUsers(new HashSet<>());
Set<String> updatedUsers = representation.getUsers();
if (updatedUsers != null) {
for (String user : updatedUsers) {
rep.addUser(user);
}
}
if (rep.getUsers().isEmpty()) {
policyStore.delete(associatedPolicy.getId());
} else {
RepresentationToModel.toModel(rep, authorization, associatedPolicy);
}
}
}
Set<String> updatedRoles = representation.getRoles();
if (updatedRoles != null) {
boolean createPolicy = true;
for (Policy associatedPolicy : associatedPolicies) {
if ("role".equals(associatedPolicy.getType())) {
createPolicy = false;
}
}
if (createPolicy) {
for (String role : updatedRoles) {
createRolePolicy(policy, policyStore, role, policy.getOwner());
}
}
}
Set<String> updatedGroups = representation.getGroups();
if (updatedGroups != null) {
boolean createPolicy = true;
for (Policy associatedPolicy : associatedPolicies) {
if ("group".equals(associatedPolicy.getType())) {
createPolicy = false;
}
}
if (createPolicy) {
for (String group : updatedGroups) {
createGroupPolicy(policy, policyStore, group, policy.getOwner());
}
}
}
Set<String> updatedClients = representation.getClients();
if (updatedClients != null) {
boolean createPolicy = true;
for (Policy associatedPolicy : associatedPolicies) {
if ("client".equals(associatedPolicy.getType())) {
createPolicy = false;
}
}
if (createPolicy) {
for (String client : updatedClients) {
createClientPolicy(policy, policyStore, client, policy.getOwner());
}
}
}
Set<String> updatedUsers = representation.getUsers();
if (updatedUsers != null) {
boolean createPolicy = true;
for (Policy associatedPolicy : associatedPolicies) {
if ("user".equals(associatedPolicy.getType())) {
createPolicy = false;
}
}
if (createPolicy) {
for (String user : updatedUsers) {
createUserPolicy(policy, policyStore, user, policy.getOwner());
}
}
}
String condition = representation.getCondition();
if (condition != null) {
boolean createPolicy = true;
for (Policy associatedPolicy : associatedPolicies) {
if ("js".equals(associatedPolicy.getType())) {
createPolicy = false;
}
}
if (createPolicy) {
createJSPolicy(policy, policyStore, condition, policy.getOwner());
}
}
}
use of org.keycloak.representations.idm.authorization.JSPolicyRepresentation in project keycloak by keycloak.
the class UMAPolicyProviderFactory method createJSPolicy.
private void createJSPolicy(Policy policy, PolicyStore policyStore, String condition, String owner) {
JSPolicyRepresentation rep = new JSPolicyRepresentation();
rep.setName(KeycloakModelUtils.generateId());
rep.setCode(condition);
Policy associatedPolicy = policyStore.create(rep, policy.getResourceServer());
associatedPolicy.setOwner(owner);
policy.addAssociatedPolicy(associatedPolicy);
}
use of org.keycloak.representations.idm.authorization.JSPolicyRepresentation in project keycloak by keycloak.
the class AggregatePolicyManagementTest method testCreateWithChildAndSelectedPolicy.
@Test
public void testCreateWithChildAndSelectedPolicy() {
refreshPageAndWaitForLoad();
AggregatePolicyRepresentation expected = new AggregatePolicyRepresentation();
expected.setName("Test Child Create And Select Aggregate Policy");
expected.setDescription("description");
expected.addPolicy("Policy C");
AggregatePolicy policy = authorizationPage.authorizationTabs().policies().create(expected, false);
RolePolicyRepresentation childRolePolicy = new RolePolicyRepresentation();
childRolePolicy.setName(UUID.randomUUID().toString());
childRolePolicy.addRole("Role A");
policy.createPolicy(childRolePolicy);
expected.addPolicy(childRolePolicy.getName());
UserPolicyRepresentation childUserPolicy = new UserPolicyRepresentation();
childUserPolicy.setName(UUID.randomUUID().toString());
childUserPolicy.setDescription("description");
childUserPolicy.addUser("user a");
policy.createPolicy(childUserPolicy);
expected.addPolicy(childUserPolicy.getName());
ClientPolicyRepresentation childClientPolicy = new ClientPolicyRepresentation();
childClientPolicy.setName(UUID.randomUUID().toString());
childClientPolicy.setDescription("description");
childClientPolicy.addClient("client a");
policy.createPolicy(childClientPolicy);
expected.addPolicy(childClientPolicy.getName());
JSPolicyRepresentation childJSPolicy = new JSPolicyRepresentation();
childJSPolicy.setName(UUID.randomUUID().toString());
childJSPolicy.setDescription("description");
childJSPolicy.setCode("$evaluation.grant();");
policy.createPolicy(childJSPolicy);
expected.addPolicy(childJSPolicy.getName());
TimePolicyRepresentation childTimePolicy = new TimePolicyRepresentation();
childTimePolicy.setName(UUID.randomUUID().toString());
childTimePolicy.setDescription("description");
childTimePolicy.setNotBefore("2017-01-01 00:00:00");
childTimePolicy.setNotBefore("2018-01-01 00:00:00");
policy.createPolicy(childTimePolicy);
expected.addPolicy(childTimePolicy.getName());
GroupPolicyRepresentation childGroupPolicy = new GroupPolicyRepresentation();
childGroupPolicy.setName(UUID.randomUUID().toString());
childGroupPolicy.setDescription("description");
childGroupPolicy.setGroupsClaim("groups");
childGroupPolicy.addGroupPath("/Group A", true);
policy.createPolicy(childGroupPolicy);
expected.addPolicy(childGroupPolicy.getName());
policy.form().save();
assertAlertSuccess();
authorizationPage.navigateTo();
AggregatePolicy actual = authorizationPage.authorizationTabs().policies().name(expected.getName());
assertPolicy(expected, actual);
}
use of org.keycloak.representations.idm.authorization.JSPolicyRepresentation in project keycloak by keycloak.
the class JSPolicyManagementTest method testUpdate.
@Test
public void testUpdate() throws InterruptedException {
authorizationPage.navigateTo();
JSPolicyRepresentation expected = new JSPolicyRepresentation();
expected.setName("Test JS Policy");
expected.setDescription("description");
expected.setCode("$evaluation.grant();");
expected = createPolicy(expected);
String previousName = expected.getName();
expected.setName("Changed Test JS Policy");
expected.setDescription("Changed description");
expected.setLogic(Logic.NEGATIVE);
expected.setCode("$evaluation.deny();");
authorizationPage.navigateTo();
authorizationPage.authorizationTabs().policies().update(previousName, expected);
assertAlertSuccess();
authorizationPage.navigateTo();
JSPolicy actual = authorizationPage.authorizationTabs().policies().name(expected.getName());
assertPolicy(expected, actual);
}
use of org.keycloak.representations.idm.authorization.JSPolicyRepresentation in project keycloak by keycloak.
the class JSPolicyManagementTest method assertPolicy.
private JSPolicyRepresentation assertPolicy(JSPolicyRepresentation expected, JSPolicy policy) {
JSPolicyRepresentation actual = policy.toRepresentation();
assertEquals(expected.getName(), actual.getName());
assertEquals(expected.getDescription(), actual.getDescription());
assertEquals(expected.getLogic(), actual.getLogic());
assertEquals(expected.getCode(), actual.getCode());
return actual;
}
Aggregations