Search in sources :

Example 1 with ClientPolicyConditionProvider

use of org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider in project keycloak by keycloak.

the class ClientPoliciesUtil method getConditionProvider.

private static ClientPolicyConditionProvider getConditionProvider(KeycloakSession session, RealmModel realm, String providerId, JsonNode config) {
    ComponentModel componentModel = new JsonConfigComponentModel(ClientPolicyConditionProvider.class, realm.getId(), providerId, config);
    ClientPolicyConditionProvider conditionProvider = session.getComponentProvider(ClientPolicyConditionProvider.class, componentModel.getId(), sessionFactory -> componentModel);
    if (conditionProvider == null) {
        // condition's provider not found. just skip it.
        throw new IllegalStateException("Condition with provider ID " + providerId + " not found");
    }
    ClientPolicyConditionConfigurationRepresentation configuration = (ClientPolicyConditionConfigurationRepresentation) JsonSerialization.mapper.convertValue(config, conditionProvider.getConditionConfigurationClass());
    conditionProvider.setupConfiguration(configuration);
    return conditionProvider;
}
Also used : ClientPolicyConditionProvider(org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider) ClientPolicyConditionConfigurationRepresentation(org.keycloak.representations.idm.ClientPolicyConditionConfigurationRepresentation) ComponentModel(org.keycloak.component.ComponentModel) JsonConfigComponentModel(org.keycloak.component.JsonConfigComponentModel) JsonConfigComponentModel(org.keycloak.component.JsonConfigComponentModel)

Example 2 with ClientPolicyConditionProvider

use of org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider in project keycloak by keycloak.

the class ClientPoliciesUtil method getEnabledClientPolicies.

/**
 * Gets existing enabled client policies in a realm.
 * not return null.
 */
static List<ClientPolicy> getEnabledClientPolicies(KeycloakSession session, RealmModel realm) {
    // get existing profiles as json
    String policiesJson = getClientPoliciesJsonString(realm);
    if (policiesJson == null) {
        return Collections.emptyList();
    }
    // deserialize existing policies (json -> representation)
    ClientPoliciesRepresentation policiesRep = null;
    try {
        policiesRep = convertClientPoliciesJsonToRepresentation(policiesJson);
    } catch (ClientPolicyException e) {
        logger.warnv("Failed to serialize client policies json string. err={0}, errDetail={1}", e.getError(), e.getErrorDetail());
        return Collections.emptyList();
    }
    if (policiesRep == null || policiesRep.getPolicies() == null) {
        return Collections.emptyList();
    }
    // constructing existing policies (representation -> model)
    List<ClientPolicy> policyList = new ArrayList<>();
    for (ClientPolicyRepresentation policyRep : policiesRep.getPolicies()) {
        // ignore policy without name
        if (policyRep.getName() == null) {
            logger.warnf("Ignored client policy without name in the realm %s", realm.getName());
            continue;
        }
        // pick up only enabled policy
        if (policyRep.isEnabled() == null || policyRep.isEnabled() == false) {
            continue;
        }
        ClientPolicy policyModel = new ClientPolicy();
        policyModel.setName(policyRep.getName());
        policyModel.setDescription(policyRep.getDescription());
        policyModel.setEnable(true);
        List<ClientPolicyConditionProvider> conditions = new ArrayList<>();
        if (policyRep.getConditions() != null) {
            for (ClientPolicyConditionRepresentation conditionRep : policyRep.getConditions()) {
                ClientPolicyConditionProvider provider = getConditionProvider(session, realm, conditionRep.getConditionProviderId(), conditionRep.getConfiguration());
                conditions.add(provider);
            }
        }
        policyModel.setConditions(conditions);
        if (policyRep.getProfiles() != null) {
            policyModel.setProfiles(policyRep.getProfiles().stream().collect(Collectors.toList()));
        }
        policyList.add(policyModel);
    }
    return policyList;
}
Also used : ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation) ClientPolicyConditionProvider(org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider) ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation) ArrayList(java.util.ArrayList) ClientPolicyConditionRepresentation(org.keycloak.representations.idm.ClientPolicyConditionRepresentation)

Example 3 with ClientPolicyConditionProvider

use of org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider in project keycloak by keycloak.

the class DefaultClientPolicyManager method triggerOnEvent.

@Override
public void triggerOnEvent(ClientPolicyContext context) throws ClientPolicyException {
    if (!Profile.isFeatureEnabled(Profile.Feature.CLIENT_POLICIES)) {
        return;
    }
    RealmModel realm = session.getContext().getRealm();
    logger.tracev("POLICY OPERATION :: context realm = {0}, event = {1}", realm.getName(), context.getEvent());
    doPolicyOperation((ClientPolicyConditionProvider condition) -> condition.applyPolicy(context), (ClientPolicyExecutorProvider executor) -> executor.executeOnEvent(context), realm);
}
Also used : RealmModel(org.keycloak.models.RealmModel) ClientPolicyConditionProvider(org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider) ClientPolicyExecutorProvider(org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProvider)

Example 4 with ClientPolicyConditionProvider

use of org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider in project keycloak by keycloak.

the class DefaultClientPolicyManager method isSatisfied.

private boolean isSatisfied(ClientPolicy policy, ClientConditionOperation op) throws ClientPolicyException {
    if (policy.getConditions() == null || policy.getConditions().isEmpty()) {
        logger.tracev("NO CONDITION :: policy name = {0}", policy.getName());
        return false;
    }
    boolean ret = false;
    for (ClientPolicyConditionProvider condition : policy.getConditions()) {
        logger.tracev("CONDITION OPERATION :: policy name = {0}, condition name = {1}, provider id = {2}", policy.getName(), condition.getName(), condition.getProviderId());
        try {
            ClientPolicyVote vote = op.run(condition);
            if (condition.isNegativeLogic()) {
                if (vote == ClientPolicyVote.YES) {
                    vote = ClientPolicyVote.NO;
                } else if (vote == ClientPolicyVote.NO) {
                    vote = ClientPolicyVote.YES;
                }
            }
            if (vote == ClientPolicyVote.ABSTAIN) {
                logger.tracev("CONDITION SKIP :: policy name = {0}, condition name = {1}, provider id = {2}", policy.getName(), condition.getName(), condition.getProviderId());
                continue;
            } else if (vote == ClientPolicyVote.NO) {
                logger.tracev("CONDITION NEGATIVE :: policy name = {0}, condition name = {1}, provider id = {2}", policy.getName(), condition.getName(), condition.getProviderId());
                return false;
            }
            ret = true;
        } catch (ClientPolicyException e) {
            logger.tracev("CONDITION EXCEPTION :: policy name = {0}, provider id = {1}, error = {2}, error detail = {3}", condition.getName(), condition.getProviderId(), e.getError(), e.getErrorDetail());
            throw e;
        }
    }
    if (ret == true) {
        logger.tracev("CONDITIONS SATISFIED :: policy name = {0}", policy.getName());
    } else {
        logger.tracev("CONDITIONS UNSATISFIED :: policy name = {0}", policy.getName());
    }
    return ret;
}
Also used : ClientPolicyConditionProvider(org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider)

Aggregations

ClientPolicyConditionProvider (org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider)4 ArrayList (java.util.ArrayList)1 ComponentModel (org.keycloak.component.ComponentModel)1 JsonConfigComponentModel (org.keycloak.component.JsonConfigComponentModel)1 RealmModel (org.keycloak.models.RealmModel)1 ClientPoliciesRepresentation (org.keycloak.representations.idm.ClientPoliciesRepresentation)1 ClientPolicyConditionConfigurationRepresentation (org.keycloak.representations.idm.ClientPolicyConditionConfigurationRepresentation)1 ClientPolicyConditionRepresentation (org.keycloak.representations.idm.ClientPolicyConditionRepresentation)1 ClientPolicyRepresentation (org.keycloak.representations.idm.ClientPolicyRepresentation)1 ClientPolicyExecutorProvider (org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProvider)1