use of org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider in project keycloak by keycloak.
the class ClientPoliciesUtil method getConditionProvider.
private static ClientPolicyConditionProvider getConditionProvider(KeycloakSession session, RealmModel realm, String providerId, JsonNode config) {
ComponentModel componentModel = new JsonConfigComponentModel(ClientPolicyConditionProvider.class, realm.getId(), providerId, config);
ClientPolicyConditionProvider conditionProvider = session.getComponentProvider(ClientPolicyConditionProvider.class, componentModel.getId(), sessionFactory -> componentModel);
if (conditionProvider == null) {
// condition's provider not found. just skip it.
throw new IllegalStateException("Condition with provider ID " + providerId + " not found");
}
ClientPolicyConditionConfigurationRepresentation configuration = (ClientPolicyConditionConfigurationRepresentation) JsonSerialization.mapper.convertValue(config, conditionProvider.getConditionConfigurationClass());
conditionProvider.setupConfiguration(configuration);
return conditionProvider;
}
use of org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider in project keycloak by keycloak.
the class ClientPoliciesUtil method getEnabledClientPolicies.
/**
* Gets existing enabled client policies in a realm.
* not return null.
*/
static List<ClientPolicy> getEnabledClientPolicies(KeycloakSession session, RealmModel realm) {
// get existing profiles as json
String policiesJson = getClientPoliciesJsonString(realm);
if (policiesJson == null) {
return Collections.emptyList();
}
// deserialize existing policies (json -> representation)
ClientPoliciesRepresentation policiesRep = null;
try {
policiesRep = convertClientPoliciesJsonToRepresentation(policiesJson);
} catch (ClientPolicyException e) {
logger.warnv("Failed to serialize client policies json string. err={0}, errDetail={1}", e.getError(), e.getErrorDetail());
return Collections.emptyList();
}
if (policiesRep == null || policiesRep.getPolicies() == null) {
return Collections.emptyList();
}
// constructing existing policies (representation -> model)
List<ClientPolicy> policyList = new ArrayList<>();
for (ClientPolicyRepresentation policyRep : policiesRep.getPolicies()) {
// ignore policy without name
if (policyRep.getName() == null) {
logger.warnf("Ignored client policy without name in the realm %s", realm.getName());
continue;
}
// pick up only enabled policy
if (policyRep.isEnabled() == null || policyRep.isEnabled() == false) {
continue;
}
ClientPolicy policyModel = new ClientPolicy();
policyModel.setName(policyRep.getName());
policyModel.setDescription(policyRep.getDescription());
policyModel.setEnable(true);
List<ClientPolicyConditionProvider> conditions = new ArrayList<>();
if (policyRep.getConditions() != null) {
for (ClientPolicyConditionRepresentation conditionRep : policyRep.getConditions()) {
ClientPolicyConditionProvider provider = getConditionProvider(session, realm, conditionRep.getConditionProviderId(), conditionRep.getConfiguration());
conditions.add(provider);
}
}
policyModel.setConditions(conditions);
if (policyRep.getProfiles() != null) {
policyModel.setProfiles(policyRep.getProfiles().stream().collect(Collectors.toList()));
}
policyList.add(policyModel);
}
return policyList;
}
use of org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider in project keycloak by keycloak.
the class DefaultClientPolicyManager method triggerOnEvent.
@Override
public void triggerOnEvent(ClientPolicyContext context) throws ClientPolicyException {
if (!Profile.isFeatureEnabled(Profile.Feature.CLIENT_POLICIES)) {
return;
}
RealmModel realm = session.getContext().getRealm();
logger.tracev("POLICY OPERATION :: context realm = {0}, event = {1}", realm.getName(), context.getEvent());
doPolicyOperation((ClientPolicyConditionProvider condition) -> condition.applyPolicy(context), (ClientPolicyExecutorProvider executor) -> executor.executeOnEvent(context), realm);
}
use of org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider in project keycloak by keycloak.
the class DefaultClientPolicyManager method isSatisfied.
private boolean isSatisfied(ClientPolicy policy, ClientConditionOperation op) throws ClientPolicyException {
if (policy.getConditions() == null || policy.getConditions().isEmpty()) {
logger.tracev("NO CONDITION :: policy name = {0}", policy.getName());
return false;
}
boolean ret = false;
for (ClientPolicyConditionProvider condition : policy.getConditions()) {
logger.tracev("CONDITION OPERATION :: policy name = {0}, condition name = {1}, provider id = {2}", policy.getName(), condition.getName(), condition.getProviderId());
try {
ClientPolicyVote vote = op.run(condition);
if (condition.isNegativeLogic()) {
if (vote == ClientPolicyVote.YES) {
vote = ClientPolicyVote.NO;
} else if (vote == ClientPolicyVote.NO) {
vote = ClientPolicyVote.YES;
}
}
if (vote == ClientPolicyVote.ABSTAIN) {
logger.tracev("CONDITION SKIP :: policy name = {0}, condition name = {1}, provider id = {2}", policy.getName(), condition.getName(), condition.getProviderId());
continue;
} else if (vote == ClientPolicyVote.NO) {
logger.tracev("CONDITION NEGATIVE :: policy name = {0}, condition name = {1}, provider id = {2}", policy.getName(), condition.getName(), condition.getProviderId());
return false;
}
ret = true;
} catch (ClientPolicyException e) {
logger.tracev("CONDITION EXCEPTION :: policy name = {0}, provider id = {1}, error = {2}, error detail = {3}", condition.getName(), condition.getProviderId(), e.getError(), e.getErrorDetail());
throw e;
}
}
if (ret == true) {
logger.tracev("CONDITIONS SATISFIED :: policy name = {0}", policy.getName());
} else {
logger.tracev("CONDITIONS UNSATISFIED :: policy name = {0}", policy.getName());
}
return ret;
}
Aggregations