Examples with RegistrationAuth org.keycloak.services.clientregistration.policy.RegistrationAuth used on opensource projects

Search in sources :

Example 1 with RegistrationAuth

use of org.keycloak.services.clientregistration.policy.RegistrationAuth in project keycloak by keycloak.

the class ClientRegistrationAuth method requireUpdate.

public RegistrationAuth requireUpdate(ClientRegistrationContext context, ClientModel client) {
    RegistrationAuth regAuth = requireUpdateAuth(client);
    try {
        session.clientPolicy().triggerOnEvent(new DynamicClientUpdateContext(context, client, jwt, realm));
        ClientRegistrationPolicyManager.triggerBeforeUpdate(context, regAuth, client);
    } catch (ClientRegistrationPolicyException | ClientPolicyException crpe) {
        throw forbidden(crpe.getMessage());
    }
    return regAuth;
}
Also used : RegistrationAuth(org.keycloak.services.clientregistration.policy.RegistrationAuth) DynamicClientUpdateContext(org.keycloak.services.clientpolicy.context.DynamicClientUpdateContext) ClientRegistrationPolicyException(org.keycloak.services.clientregistration.policy.ClientRegistrationPolicyException) ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException)

Example 2 with RegistrationAuth

use of org.keycloak.services.clientregistration.policy.RegistrationAuth in project keycloak by keycloak.

the class AbstractClientRegistrationProvider method create.

public ClientRepresentation create(ClientRegistrationContext context) {
    ClientRepresentation client = context.getClient();
    event.event(EventType.CLIENT_REGISTER);
    RegistrationAuth registrationAuth = auth.requireCreate(context);
    try {
        RealmModel realm = session.getContext().getRealm();
        ClientModel clientModel = ClientManager.createClient(session, realm, client);
        if (client.getDefaultRoles() != null) {
            for (String name : client.getDefaultRoles()) {
                clientModel.addDefaultRole(name);
            }
        }
        if (clientModel.isServiceAccountsEnabled()) {
            new ClientManager(new RealmManager(session)).enableServiceAccount(clientModel);
        }
        if (Boolean.TRUE.equals(client.getAuthorizationServicesEnabled())) {
            RepresentationToModel.createResourceServer(clientModel, session, true);
        }
        session.clientPolicy().triggerOnEvent(new DynamicClientRegisteredContext(context, clientModel, auth.getJwt(), realm));
        ClientRegistrationPolicyManager.triggerAfterRegister(context, registrationAuth, clientModel);
        client = ModelToRepresentation.toRepresentation(clientModel, session);
        client.setSecret(clientModel.getSecret());
        String registrationAccessToken = ClientRegistrationTokenUtils.updateRegistrationAccessToken(session, clientModel, registrationAuth);
        client.setRegistrationAccessToken(registrationAccessToken);
        if (auth.isInitialAccessToken()) {
            ClientInitialAccessModel initialAccessModel = auth.getInitialAccessModel();
            session.realms().decreaseRemainingCount(realm, initialAccessModel);
        }
        client.setDirectAccessGrantsEnabled(false);
        Stream<String> defaultRolesNames = clientModel.getDefaultRolesStream();
        if (defaultRolesNames != null) {
            client.setDefaultRoles(defaultRolesNames.toArray(String[]::new));
        }
        event.client(client.getClientId()).success();
        return client;
    } catch (ModelDuplicateException e) {
        throw new ErrorResponseException(ErrorCodes.INVALID_CLIENT_METADATA, "Client Identifier in use", Response.Status.BAD_REQUEST);
    } catch (ClientPolicyException cpe) {
        throw new ErrorResponseException(cpe.getError(), cpe.getErrorDetail(), Response.Status.BAD_REQUEST);
    }
}
Also used : ClientInitialAccessModel(org.keycloak.models.ClientInitialAccessModel) RegistrationAuth(org.keycloak.services.clientregistration.policy.RegistrationAuth) DynamicClientRegisteredContext(org.keycloak.services.clientpolicy.context.DynamicClientRegisteredContext) RealmManager(org.keycloak.services.managers.RealmManager) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException) RealmModel(org.keycloak.models.RealmModel) ClientModel(org.keycloak.models.ClientModel) ClientManager(org.keycloak.services.managers.ClientManager) ModelDuplicateException(org.keycloak.models.ModelDuplicateException) ErrorResponseException(org.keycloak.services.ErrorResponseException)

Example 3 with RegistrationAuth

use of org.keycloak.services.clientregistration.policy.RegistrationAuth in project keycloak by keycloak.

the class ClientRegistrationAuth method requireDelete.

public void requireDelete(ClientModel client) {
    RegistrationAuth chainType = requireUpdateAuth(client);
    try {
        session.clientPolicy().triggerOnEvent(new DynamicClientUnregisterContext(session, client, jwt, realm));
        ClientRegistrationPolicyManager.triggerBeforeRemove(session, provider, chainType, client);
    } catch (ClientRegistrationPolicyException | ClientPolicyException crpe) {
        throw forbidden(crpe.getMessage());
    }
}
Also used : RegistrationAuth(org.keycloak.services.clientregistration.policy.RegistrationAuth) DynamicClientUnregisterContext(org.keycloak.services.clientpolicy.context.DynamicClientUnregisterContext) ClientRegistrationPolicyException(org.keycloak.services.clientregistration.policy.ClientRegistrationPolicyException) ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException)

Example 4 with RegistrationAuth

use of org.keycloak.services.clientregistration.policy.RegistrationAuth in project keycloak by keycloak.

the class ClientRegistrationAuth method requireView.

public void requireView(ClientModel client, boolean allowPublicClient) {
    RegistrationAuth authType = null;
    boolean authenticated = false;
    init();
    if (isBearerToken()) {
        checkClientProtocol();
        if (hasRole(AdminRoles.MANAGE_CLIENTS, AdminRoles.VIEW_CLIENTS)) {
            if (client == null) {
                throw notFound();
            }
            authenticated = true;
            authType = RegistrationAuth.AUTHENTICATED;
        } else {
            throw forbidden();
        }
    } else if (isRegistrationAccessToken()) {
        if (client != null && client.getRegistrationToken() != null && client.getRegistrationToken().equals(jwt.getId())) {
            checkClientProtocol(client);
            authenticated = true;
            authType = getRegistrationAuth();
        }
    } else if (isInitialAccessToken()) {
        throw unauthorized("Not initial access token allowed");
    } else if (allowPublicClient && authenticatePublicClient(client)) {
        authenticated = true;
        authType = RegistrationAuth.AUTHENTICATED;
    }
    if (authenticated) {
        try {
            session.clientPolicy().triggerOnEvent(new DynamicClientViewContext(session, client, jwt, realm));
            ClientRegistrationPolicyManager.triggerBeforeView(session, provider, authType, client);
        } catch (ClientRegistrationPolicyException | ClientPolicyException crpe) {
            throw forbidden(crpe.getMessage());
        }
    } else {
        throw unauthorized("Not authorized to view client. Not valid token or client credentials provided.");
    }
}
Also used : RegistrationAuth(org.keycloak.services.clientregistration.policy.RegistrationAuth) DynamicClientViewContext(org.keycloak.services.clientpolicy.context.DynamicClientViewContext) ClientRegistrationPolicyException(org.keycloak.services.clientregistration.policy.ClientRegistrationPolicyException) ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException)

Example 5 with RegistrationAuth

use of org.keycloak.services.clientregistration.policy.RegistrationAuth in project keycloak by keycloak.

the class AbstractClientRegistrationProvider method update.

public ClientRepresentation update(String clientId, ClientRegistrationContext context) {
    ClientRepresentation rep = context.getClient();
    event.event(EventType.CLIENT_UPDATE).client(clientId);
    ClientModel client = session.getContext().getRealm().getClientByClientId(clientId);
    RegistrationAuth registrationAuth = auth.requireUpdate(context, client);
    if (!client.getClientId().equals(rep.getClientId())) {
        throw new ErrorResponseException(ErrorCodes.INVALID_CLIENT_METADATA, "Client Identifier modified", Response.Status.BAD_REQUEST);
    }
    RepresentationToModel.updateClient(rep, client);
    RepresentationToModel.updateClientProtocolMappers(rep, client);
    if (rep.getDefaultRoles() != null) {
        client.updateDefaultRoles(rep.getDefaultRoles());
    }
    rep = ModelToRepresentation.toRepresentation(client, session);
    Stream<String> defaultRolesNames = client.getDefaultRolesStream();
    if (defaultRolesNames != null) {
        rep.setDefaultRoles(defaultRolesNames.toArray(String[]::new));
    }
    if (auth.isRegistrationAccessToken()) {
        String registrationAccessToken = ClientRegistrationTokenUtils.updateRegistrationAccessToken(session, client, auth.getRegistrationAuth());
        rep.setRegistrationAccessToken(registrationAccessToken);
    }
    try {
        session.clientPolicy().triggerOnEvent(new DynamicClientUpdatedContext(session, client, auth.getJwt(), client.getRealm()));
    } catch (ClientPolicyException cpe) {
        throw new ErrorResponseException(cpe.getError(), cpe.getErrorDetail(), Response.Status.BAD_REQUEST);
    }
    ClientRegistrationPolicyManager.triggerAfterUpdate(context, registrationAuth, client);
    event.client(client.getClientId()).success();
    return rep;
}
Also used : ClientModel(org.keycloak.models.ClientModel) RegistrationAuth(org.keycloak.services.clientregistration.policy.RegistrationAuth) DynamicClientUpdatedContext(org.keycloak.services.clientpolicy.context.DynamicClientUpdatedContext) ErrorResponseException(org.keycloak.services.ErrorResponseException) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException)

Aggregations

ClientPolicyException (org.keycloak.services.clientpolicy.ClientPolicyException)6 RegistrationAuth (org.keycloak.services.clientregistration.policy.RegistrationAuth)6 ClientRegistrationPolicyException (org.keycloak.services.clientregistration.policy.ClientRegistrationPolicyException)4 ClientModel (org.keycloak.models.ClientModel)2 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)2 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)2 ErrorResponseException (org.keycloak.services.ErrorResponseException)2 ClientInitialAccessModel (org.keycloak.models.ClientInitialAccessModel)1 ModelDuplicateException (org.keycloak.models.ModelDuplicateException)1 RealmModel (org.keycloak.models.RealmModel)1 DynamicClientRegisterContext (org.keycloak.services.clientpolicy.context.DynamicClientRegisterContext)1 DynamicClientRegisteredContext (org.keycloak.services.clientpolicy.context.DynamicClientRegisteredContext)1 DynamicClientUnregisterContext (org.keycloak.services.clientpolicy.context.DynamicClientUnregisterContext)1 DynamicClientUpdateContext (org.keycloak.services.clientpolicy.context.DynamicClientUpdateContext)1 DynamicClientUpdatedContext (org.keycloak.services.clientpolicy.context.DynamicClientUpdatedContext)1 DynamicClientViewContext (org.keycloak.services.clientpolicy.context.DynamicClientViewContext)1 ClientManager (org.keycloak.services.managers.ClientManager)1 RealmManager (org.keycloak.services.managers.RealmManager)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial