use of org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder in project keycloak by keycloak.
the class FAPI1Test method setupPolicyFAPIBaselineForAdminRESTAndDynamicClientRegistrationRequests.
private void setupPolicyFAPIBaselineForAdminRESTAndDynamicClientRegistrationRequests() throws Exception {
String json = (new ClientPoliciesBuilder()).addPolicy((new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "MyClientUpdaterContextPolicy", Boolean.TRUE).addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID, createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER, ClientUpdaterContextConditionFactory.BY_INITIAL_ACCESS_TOKEN, ClientUpdaterContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN))).addProfile(FAPI1_BASELINE_PROFILE_NAME).toRepresentation()).toString();
updatePolicies(json);
}
use of org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder in project keycloak by keycloak.
the class ClientPoliciesTest method testPoliciesJsonView.
@Test
public void testPoliciesJsonView() throws Exception {
clientPoliciesJsonPage.navigateTo();
assertEquals(new ClientPoliciesRepresentation(), clientPoliciesJsonPage.form().getPolicies());
ClientPoliciesRepresentation policies = new ClientPoliciesBuilder().addPolicy(new ClientPolicyBuilder().createPolicy("prof", "desc", false).addCondition(ClientAccessTypeConditionFactory.PROVIDER_ID, createClientAccessTypeConditionConfig(Arrays.asList(ClientAccessTypeConditionFactory.TYPE_CONFIDENTIAL, ClientAccessTypeConditionFactory.TYPE_BEARERONLY, ClientAccessTypeConditionFactory.TYPE_PUBLIC))).toRepresentation()).toRepresentation();
testRealmResource().clientPoliciesPoliciesResource().updatePolicies(policies);
refreshPageAndWaitForLoad();
assertEquals(policies, clientPoliciesJsonPage.form().getPolicies());
policies.getPolicies().add(new ClientPolicyBuilder().createPolicy("prof2", "desc2", true).toRepresentation());
clientPoliciesJsonPage.form().setPolicies(policies);
clientPoliciesJsonPage.form().save();
assertAlertSuccess();
assertClientPolicy(policies);
clientPoliciesJsonPage.form().setPoliciesAsString("aaa");
clientPoliciesJsonPage.form().save();
assertAlertDanger();
}
use of org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder in project keycloak by keycloak.
the class ClientPoliciesTest method testPoliciesFormView.
@Test
public void testPoliciesFormView() throws Exception {
final String profileName = "mega-profile";
final String policyName = "mega-policy";
final String policyName2 = "mega-policy^2";
final String policyDesc = "mega-desc";
clientPoliciesPage.navigateTo();
clientPoliciesPage.assertCurrent();
clientPoliciesPage.policiesTable().clickCreatePolicy();
createClientPolicyPage.assertCurrent();
// create policy
createClientPolicyPage.form().setPolicyName(policyName);
createClientPolicyPage.form().setDescription(policyDesc);
assertTrue(createClientPolicyPage.form().isEnabled());
createClientPolicyPage.form().save();
assertAlertSuccess();
clientPolicyPage.setPolicyName(policyName);
clientPolicyPage.assertCurrent();
assertEquals(policyName, clientPolicyPage.form().getPolicyName());
clientPolicyPage.conditionsTable().clickCreateCondition();
// create condition
createConditionPage.setPolicyName(policyName);
createConditionPage.assertCurrent();
createConditionPage.form().setConditionType(ClientAccessTypeConditionFactory.PROVIDER_ID);
assertEquals(Stream.of(ClientAccessTypeConditionFactory.TYPE_CONFIDENTIAL).collect(Collectors.toSet()), conditionPage.form().getSelect2SelectedItems());
createConditionPage.form().selectSelect2Item(ClientAccessTypeConditionFactory.TYPE_BEARERONLY);
createConditionPage.form().save();
assertAlertSuccess();
// edit condition
clientPolicyPage.assertCurrent();
clientPolicyPage.conditionsTable().clickEditCondition(ClientAccessTypeConditionFactory.PROVIDER_ID);
conditionPage.setUriParameters(policyName, 0);
conditionPage.assertCurrent();
assertEquals(Stream.of(ClientAccessTypeConditionFactory.TYPE_CONFIDENTIAL, ClientAccessTypeConditionFactory.TYPE_BEARERONLY).collect(Collectors.toSet()), conditionPage.form().getSelect2SelectedItems());
createConditionPage.form().selectSelect2Item(ClientAccessTypeConditionFactory.TYPE_PUBLIC);
createConditionPage.form().save();
// create profile via REST
ClientProfilesRepresentation profiles = new ClientProfilesBuilder().addProfile(new ClientProfileBuilder().createProfile(profileName, "desc").addExecutor(HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID, createHolderOfKeyEnforceExecutorConfig(true)).toRepresentation()).toRepresentation();
testRealmResource().clientPoliciesProfilesResource().updateProfiles(profiles);
refreshPageAndWaitForLoad();
// add profile to policy
clientPolicyPage.profilesTable().addProfile(GLOBAL_PROFILE);
clientPolicyPage.profilesTable().addProfile(profileName);
assertEquals(Arrays.asList(GLOBAL_PROFILE, profileName), clientPolicyPage.profilesTable().getProfiles());
// remove profile
clientPolicyPage.profilesTable().clickDeleteProfile(GLOBAL_PROFILE);
assertAlertSuccess();
// assert JSON
ClientPoliciesRepresentation expected = new ClientPoliciesBuilder().addPolicy(new ClientPolicyBuilder().createPolicy(policyName, policyDesc, true).addCondition(ClientAccessTypeConditionFactory.PROVIDER_ID, createClientAccessTypeConditionConfig(Arrays.asList(ClientAccessTypeConditionFactory.TYPE_CONFIDENTIAL, ClientAccessTypeConditionFactory.TYPE_BEARERONLY, ClientAccessTypeConditionFactory.TYPE_PUBLIC))).addProfile(profileName).toRepresentation()).toRepresentation();
assertClientPolicy(expected);
// remove condition
clientPolicyPage.navigateTo();
clientPolicyPage.conditionsTable().clickDeleteCondition(ClientAccessTypeConditionFactory.PROVIDER_ID);
modalDialog.confirmDeletion();
assertAlertSuccess();
expected.getPolicies().get(0).getConditions().remove(0);
assertClientPolicy(expected);
assertFalse(clientPolicyPage.conditionsTable().isRowPresent(ClientAccessTypeConditionFactory.PROVIDER_ID));
// edit policy
clientPolicyPage.form().setPolicyName(policyName2);
clientPolicyPage.form().setEnabled(false);
clientPolicyPage.form().save();
assertAlertSuccess();
clientPoliciesPage.navigateTo();
assertEquals(policyDesc, clientPoliciesPage.policiesTable().getDescription(policyName2));
assertFalse(clientPoliciesPage.policiesTable().isEnabled(policyName2));
// remove policy
clientPoliciesPage.policiesTable().clickDeletePolicy(policyName2);
modalDialog.confirmDeletion();
assertAlertSuccess();
assertClientPolicy(new ClientPoliciesRepresentation());
assertFalse(clientPoliciesPage.policiesTable().isRowPresent(policyName2));
}
use of org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder in project keycloak by keycloak.
the class FAPICIBATest method setupPolicyFAPICIBAForAllClient.
private void setupPolicyFAPICIBAForAllClient() throws Exception {
String json = (new ClientPoliciesBuilder()).addPolicy((new ClientPolicyBuilder()).createPolicy("MyPolicy", "Policy for enable FAPI CIBA for all clients", Boolean.TRUE).addCondition(AnyClientConditionFactory.PROVIDER_ID, createAnyClientConditionConfig()).addProfile(FAPI_CIBA_PROFILE_NAME).addProfile(FAPI1_ADVANCED_PROFILE_NAME).toRepresentation()).toString();
updatePolicies(json);
}
use of org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder in project keycloak by keycloak.
the class ParTest method testExtendedClientPolicyIntefacesForPar.
@Test
public void testExtendedClientPolicyIntefacesForPar() throws Exception {
// create client dynamically
String clientId = createClientDynamically(generateSuffixedName(CLIENT_NAME), (OIDCClientRepresentation clientRep) -> {
clientRep.setRequirePushedAuthorizationRequests(Boolean.TRUE);
clientRep.setRedirectUris(new ArrayList<String>(Arrays.asList(CLIENT_REDIRECT_URI)));
});
OIDCClientRepresentation oidcCRep = getClientDynamically(clientId);
String clientSecret = oidcCRep.getClientSecret();
assertEquals(Boolean.TRUE, oidcCRep.getRequirePushedAuthorizationRequests());
assertTrue(oidcCRep.getRedirectUris().contains(CLIENT_REDIRECT_URI));
assertEquals(OIDCLoginProtocol.CLIENT_SECRET_BASIC, oidcCRep.getTokenEndpointAuthMethod());
// register profiles
String json = (new ClientProfilesBuilder()).addProfile((new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Den Forste Profilen").addExecutor(TestRaiseExeptionExecutorFactory.PROVIDER_ID, null).toRepresentation()).toString();
updateProfiles(json);
// register role policy
String roleName = "sample-client-role-alpha";
json = (new ClientPoliciesBuilder()).addPolicy((new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Den Forste Politikken", Boolean.TRUE).addCondition(ClientRolesConditionFactory.PROVIDER_ID, createClientRolesConditionConfig(Arrays.asList(roleName))).addProfile(PROFILE_NAME).toRepresentation()).toString();
updatePolicies(json);
// Add role to the client
ClientResource clientResource = ApiUtil.findClientByClientId(adminClient.realm(REALM_NAME), clientId);
clientResource.roles().create(RoleBuilder.create().name(roleName).build());
// Pushed Authorization Request
oauth.clientId(clientId);
oauth.redirectUri(CLIENT_REDIRECT_URI);
ParResponse response = oauth.doPushedAuthorizationRequest(clientId, clientSecret);
assertEquals(400, response.getStatusCode());
assertEquals(ClientPolicyEvent.PUSHED_AUTHORIZATION_REQUEST.toString(), response.getError());
assertEquals("Exception thrown intentionally", response.getErrorDescription());
}
Aggregations