Search in sources :

Example 31 with JSPolicyRepresentation

use of org.keycloak.representations.idm.authorization.JSPolicyRepresentation in project keycloak by keycloak.

the class JSPolicyForm method toRepresentation.

public JSPolicyRepresentation toRepresentation() {
    JSPolicyRepresentation representation = new JSPolicyRepresentation();
    representation.setName(UIUtils.getTextInputValue(name));
    representation.setDescription(UIUtils.getTextInputValue(description));
    representation.setLogic(Logic.valueOf(UIUtils.getTextFromElement(logic.getFirstSelectedOption()).toUpperCase()));
    JavascriptExecutor scriptExecutor = (JavascriptExecutor) driver;
    representation.setCode((String) scriptExecutor.executeScript("return angular.element(document.getElementById('code')).scope().policy.code;"));
    return representation;
}
Also used : JavascriptExecutor(org.openqa.selenium.JavascriptExecutor) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation)

Example 32 with JSPolicyRepresentation

use of org.keycloak.representations.idm.authorization.JSPolicyRepresentation in project keycloak by keycloak.

the class UMAPolicyProviderFactory method toRepresentation.

@Override
public UmaPermissionRepresentation toRepresentation(Policy policy, AuthorizationProvider authorization) {
    UmaPermissionRepresentation representation = new UmaPermissionRepresentation();
    representation.setScopes(policy.getScopes().stream().map(Scope::getName).collect(Collectors.toSet()));
    representation.setOwner(policy.getOwner());
    for (Policy associatedPolicy : policy.getAssociatedPolicies()) {
        AbstractPolicyRepresentation associatedRep = ModelToRepresentation.toRepresentation(associatedPolicy, authorization, false, false);
        RealmModel realm = authorization.getRealm();
        if ("role".equals(associatedRep.getType())) {
            RolePolicyRepresentation rep = RolePolicyRepresentation.class.cast(associatedRep);
            for (RoleDefinition definition : rep.getRoles()) {
                RoleModel role = realm.getRoleById(definition.getId());
                if (role.isClientRole()) {
                    representation.addClientRole(ClientModel.class.cast(role.getContainer()).getClientId(), role.getName());
                } else {
                    representation.addRole(role.getName());
                }
            }
        } else if ("js".equals(associatedRep.getType())) {
            JSPolicyRepresentation rep = JSPolicyRepresentation.class.cast(associatedRep);
            representation.setCondition(rep.getCode());
        } else if ("group".equals(associatedRep.getType())) {
            GroupPolicyRepresentation rep = GroupPolicyRepresentation.class.cast(associatedRep);
            for (GroupDefinition definition : rep.getGroups()) {
                representation.addGroup(ModelToRepresentation.buildGroupPath(realm.getGroupById(definition.getId())));
            }
        } else if ("client".equals(associatedRep.getType())) {
            ClientPolicyRepresentation rep = ClientPolicyRepresentation.class.cast(associatedRep);
            for (String client : rep.getClients()) {
                representation.addClient(realm.getClientById(client).getClientId());
            }
        } else if ("user".equals(associatedPolicy.getType())) {
            UserPolicyRepresentation rep = UserPolicyRepresentation.class.cast(associatedRep);
            for (String user : rep.getUsers()) {
                representation.addUser(authorization.getKeycloakSession().users().getUserById(realm, user).getUsername());
            }
        }
    }
    return representation;
}
Also used : Policy(org.keycloak.authorization.model.Policy) RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) RoleDefinition(org.keycloak.representations.idm.authorization.RolePolicyRepresentation.RoleDefinition) RoleModel(org.keycloak.models.RoleModel) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation) AbstractPolicyRepresentation(org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation) RealmModel(org.keycloak.models.RealmModel) Scope(org.keycloak.authorization.model.Scope) GroupDefinition(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation.GroupDefinition) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation)

Example 33 with JSPolicyRepresentation

use of org.keycloak.representations.idm.authorization.JSPolicyRepresentation in project keycloak by keycloak.

the class DeployedScriptPolicyFactory method toRepresentation.

@Override
public JSPolicyRepresentation toRepresentation(Policy policy, AuthorizationProvider authorization) {
    JSPolicyRepresentation representation = new JSPolicyRepresentation();
    representation.setId(policy.getId());
    representation.setName(policy.getName());
    representation.setDescription(metadata.getDescription());
    representation.setType(getId());
    representation.setCode(metadata.getCode());
    return representation;
}
Also used : JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation)

Example 34 with JSPolicyRepresentation

use of org.keycloak.representations.idm.authorization.JSPolicyRepresentation in project keycloak by keycloak.

the class JSPolicyProviderFactory method toRepresentation.

@Override
public JSPolicyRepresentation toRepresentation(Policy policy, AuthorizationProvider authorization) {
    JSPolicyRepresentation representation = new JSPolicyRepresentation();
    representation.setCode(policy.getConfig().get("code"));
    return representation;
}
Also used : JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation)

Example 35 with JSPolicyRepresentation

use of org.keycloak.representations.idm.authorization.JSPolicyRepresentation in project keycloak by keycloak.

the class PolicyEvaluationTest method testCheckUserGroups.

public static void testCheckUserGroups(KeycloakSession session) {
    session.getContext().setRealm(session.realms().getRealmByName("authz-test"));
    AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
    ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
    StoreFactory storeFactory = authorization.getStoreFactory();
    ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
    JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
    policyRepresentation.setName("testCheckUserGroups");
    StringBuilder builder = new StringBuilder();
    builder.append("var realm = $evaluation.getRealm();");
    builder.append("var groups = realm.getUserGroups('jdoe');");
    builder.append("if (groups.size() == 2 && groups.contains('/Group A/Group B') && groups.contains('/Group A/Group D')) { $evaluation.grant(); }");
    policyRepresentation.setCode(builder.toString());
    Policy policy = storeFactory.getPolicyStore().create(policyRepresentation, resourceServer);
    PolicyProvider provider = authorization.getProvider(policy.getType());
    DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
    provider.evaluate(evaluation);
    Assert.assertEquals(Effect.PERMIT, evaluation.getEffect());
}
Also used : Policy(org.keycloak.authorization.model.Policy) ClientModel(org.keycloak.models.ClientModel) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) PolicyProvider(org.keycloak.authorization.policy.provider.PolicyProvider) StoreFactory(org.keycloak.authorization.store.StoreFactory) ResourceServer(org.keycloak.authorization.model.ResourceServer) DefaultEvaluation(org.keycloak.authorization.policy.evaluation.DefaultEvaluation)

Aggregations

JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)60 Test (org.junit.Test)30 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)29 ClientResource (org.keycloak.admin.client.resource.ClientResource)27 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)23 Response (javax.ws.rs.core.Response)21 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)21 AuthzClient (org.keycloak.authorization.client.AuthzClient)20 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)20 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)18 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)18 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)17 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)17 OAuthClient (org.keycloak.testsuite.util.OAuthClient)17 ScopePermissionRepresentation (org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)16 Policy (org.keycloak.authorization.model.Policy)13 Permission (org.keycloak.representations.idm.authorization.Permission)13 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)11 ResourceServer (org.keycloak.authorization.model.ResourceServer)11 StoreFactory (org.keycloak.authorization.store.StoreFactory)11