Example 1 with AdminClientRegisterContext
use of org.keycloak.services.clientpolicy.context.AdminClientRegisterContext in project keycloak by keycloak.
the class ClientsResource method createClient.
/**
* Create a new client
*
* Client's client_id must be unique!
*
* @param rep
* @return
*/
@POST
@Consumes(MediaType.APPLICATION_JSON)
public Response createClient(final ClientRepresentation rep) {
auth.clients().requireManage();
try {
session.clientPolicy().triggerOnEvent(new AdminClientRegisterContext(rep, auth.adminAuth()));
ClientModel clientModel = ClientManager.createClient(session, realm, rep);
if (TRUE.equals(rep.isServiceAccountsEnabled())) {
UserModel serviceAccount = session.users().getServiceAccount(clientModel);
if (serviceAccount == null) {
new ClientManager(new RealmManager(session)).enableServiceAccount(clientModel);
}
}
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), clientModel.getId()).representation(rep).success();
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION) && TRUE.equals(rep.getAuthorizationServicesEnabled())) {
AuthorizationService authorizationService = getAuthorizationService(clientModel);
authorizationService.enable(true);
ResourceServerRepresentation authorizationSettings = rep.getAuthorizationSettings();
if (authorizationSettings != null) {
authorizationService.resourceServer().importSettings(authorizationSettings);
}
}
ValidationUtil.validateClient(session, clientModel, true, r -> {
session.getTransactionManager().setRollbackOnly();
throw new ErrorResponseException(Errors.INVALID_INPUT, r.getAllLocalizedErrorsAsString(AdminRoot.getMessages(session, realm, auth.adminAuth().getToken().getLocale())), Response.Status.BAD_REQUEST);
});
session.clientPolicy().triggerOnEvent(new AdminClientRegisteredContext(clientModel, auth.adminAuth()));
return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(clientModel.getId()).build()).build();
} catch (ModelDuplicateException e) {
return ErrorResponse.exists("Client " + rep.getClientId() + " already exists");
} catch (ClientPolicyException cpe) {
throw new ErrorResponseException(cpe.getError(), cpe.getErrorDetail(), Response.Status.BAD_REQUEST);
}
}
Also used :
UserModel(org.keycloak.models.UserModel)
ClientModel(org.keycloak.models.ClientModel)
AdminClientRegisteredContext(org.keycloak.services.clientpolicy.context.AdminClientRegisteredContext)
AuthorizationService(org.keycloak.authorization.admin.AuthorizationService)
ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation)
ClientManager(org.keycloak.services.managers.ClientManager)
ModelDuplicateException(org.keycloak.models.ModelDuplicateException)
ErrorResponseException(org.keycloak.services.ErrorResponseException)
RealmManager(org.keycloak.services.managers.RealmManager)
AdminClientRegisterContext(org.keycloak.services.clientpolicy.context.AdminClientRegisterContext)
ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Example 2 with AdminClientRegisterContext
use of org.keycloak.services.clientpolicy.context.AdminClientRegisterContext in project keycloak by keycloak.
the class SecureClientUrisExecutor method executeOnEvent.
@Override
public void executeOnEvent(ClientPolicyContext context) throws ClientPolicyException {
switch(context.getEvent()) {
case REGISTER:
if (context instanceof AdminClientRegisterContext || context instanceof DynamicClientRegisterContext) {
ClientRepresentation clientRep = ((ClientCRUDContext) context).getProposedClientRepresentation();
confirmSecureUris(clientRep);
// Use rootUrl as default redirectUrl to avoid creation of redirectUris with wildcards, which is done at later stages during client creation
if (clientRep.getRootUrl() != null && (clientRep.getRedirectUris() == null || clientRep.getRedirectUris().isEmpty())) {
logger.debugf("Setup Redirect URI = %s for client %s", clientRep.getRootUrl(), clientRep.getClientId());
clientRep.setRedirectUris(Collections.singletonList(clientRep.getRootUrl()));
}
} else {
throw new ClientPolicyException(OAuthErrorException.INVALID_REQUEST, "not allowed input format.");
}
return;
case UPDATE:
if (context instanceof AdminClientUpdateContext || context instanceof DynamicClientUpdateContext) {
confirmSecureUris(((ClientCRUDContext) context).getProposedClientRepresentation());
} else {
throw new ClientPolicyException(OAuthErrorException.INVALID_REQUEST, "not allowed input format.");
}
return;
case AUTHORIZATION_REQUEST:
confirmSecureRedirectUri(((AuthorizationRequestContext) context).getRedirectUri());
return;
default:
return;
}
}
Also used :
ClientCRUDContext(org.keycloak.services.clientpolicy.context.ClientCRUDContext)
AdminClientUpdateContext(org.keycloak.services.clientpolicy.context.AdminClientUpdateContext)
DynamicClientUpdateContext(org.keycloak.services.clientpolicy.context.DynamicClientUpdateContext)
DynamicClientRegisterContext(org.keycloak.services.clientpolicy.context.DynamicClientRegisterContext)
AdminClientRegisterContext(org.keycloak.services.clientpolicy.context.AdminClientRegisterContext)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException)
Aggregations
ClientPolicyException (org.keycloak.services.clientpolicy.ClientPolicyException)2
AdminClientRegisterContext (org.keycloak.services.clientpolicy.context.AdminClientRegisterContext)2
Consumes (javax.ws.rs.Consumes)1
POST (javax.ws.rs.POST)1
AuthorizationService (org.keycloak.authorization.admin.AuthorizationService)1
ClientModel (org.keycloak.models.ClientModel)1
ModelDuplicateException (org.keycloak.models.ModelDuplicateException)1
UserModel (org.keycloak.models.UserModel)1
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)1
ResourceServerRepresentation (org.keycloak.representations.idm.authorization.ResourceServerRepresentation)1
ErrorResponseException (org.keycloak.services.ErrorResponseException)1
AdminClientRegisteredContext (org.keycloak.services.clientpolicy.context.AdminClientRegisteredContext)1
AdminClientUpdateContext (org.keycloak.services.clientpolicy.context.AdminClientUpdateContext)1
ClientCRUDContext (org.keycloak.services.clientpolicy.context.ClientCRUDContext)1
DynamicClientRegisterContext (org.keycloak.services.clientpolicy.context.DynamicClientRegisterContext)1
DynamicClientUpdateContext (org.keycloak.services.clientpolicy.context.DynamicClientUpdateContext)1
ClientManager (org.keycloak.services.managers.ClientManager)1
RealmManager (org.keycloak.services.managers.RealmManager)1
