Search in sources :

Example 51 with ClientPoliciesBuilder

use of org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder in project keycloak by keycloak.

the class FAPI1Test method setupPolicyFAPIBaselineForAdminRESTAndDynamicClientRegistrationRequests.

private void setupPolicyFAPIBaselineForAdminRESTAndDynamicClientRegistrationRequests() throws Exception {
    String json = (new ClientPoliciesBuilder()).addPolicy((new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "MyClientUpdaterContextPolicy", Boolean.TRUE).addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID, createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER, ClientUpdaterContextConditionFactory.BY_INITIAL_ACCESS_TOKEN, ClientUpdaterContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN))).addProfile(FAPI1_BASELINE_PROFILE_NAME).toRepresentation()).toString();
    updatePolicies(json);
}
Also used : ClientPoliciesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder) ClientPolicyBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder)

Example 52 with ClientPoliciesBuilder

use of org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder in project keycloak by keycloak.

the class ClientPoliciesTest method testPoliciesJsonView.

@Test
public void testPoliciesJsonView() throws Exception {
    clientPoliciesJsonPage.navigateTo();
    assertEquals(new ClientPoliciesRepresentation(), clientPoliciesJsonPage.form().getPolicies());
    ClientPoliciesRepresentation policies = new ClientPoliciesBuilder().addPolicy(new ClientPolicyBuilder().createPolicy("prof", "desc", false).addCondition(ClientAccessTypeConditionFactory.PROVIDER_ID, createClientAccessTypeConditionConfig(Arrays.asList(ClientAccessTypeConditionFactory.TYPE_CONFIDENTIAL, ClientAccessTypeConditionFactory.TYPE_BEARERONLY, ClientAccessTypeConditionFactory.TYPE_PUBLIC))).toRepresentation()).toRepresentation();
    testRealmResource().clientPoliciesPoliciesResource().updatePolicies(policies);
    refreshPageAndWaitForLoad();
    assertEquals(policies, clientPoliciesJsonPage.form().getPolicies());
    policies.getPolicies().add(new ClientPolicyBuilder().createPolicy("prof2", "desc2", true).toRepresentation());
    clientPoliciesJsonPage.form().setPolicies(policies);
    clientPoliciesJsonPage.form().save();
    assertAlertSuccess();
    assertClientPolicy(policies);
    clientPoliciesJsonPage.form().setPoliciesAsString("aaa");
    clientPoliciesJsonPage.form().save();
    assertAlertDanger();
}
Also used : ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation) ClientPoliciesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder) ClientPolicyBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder) Test(org.junit.Test)

Example 53 with ClientPoliciesBuilder

use of org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder in project keycloak by keycloak.

the class ClientPoliciesTest method testPoliciesFormView.

@Test
public void testPoliciesFormView() throws Exception {
    final String profileName = "mega-profile";
    final String policyName = "mega-policy";
    final String policyName2 = "mega-policy^2";
    final String policyDesc = "mega-desc";
    clientPoliciesPage.navigateTo();
    clientPoliciesPage.assertCurrent();
    clientPoliciesPage.policiesTable().clickCreatePolicy();
    createClientPolicyPage.assertCurrent();
    // create policy
    createClientPolicyPage.form().setPolicyName(policyName);
    createClientPolicyPage.form().setDescription(policyDesc);
    assertTrue(createClientPolicyPage.form().isEnabled());
    createClientPolicyPage.form().save();
    assertAlertSuccess();
    clientPolicyPage.setPolicyName(policyName);
    clientPolicyPage.assertCurrent();
    assertEquals(policyName, clientPolicyPage.form().getPolicyName());
    clientPolicyPage.conditionsTable().clickCreateCondition();
    // create condition
    createConditionPage.setPolicyName(policyName);
    createConditionPage.assertCurrent();
    createConditionPage.form().setConditionType(ClientAccessTypeConditionFactory.PROVIDER_ID);
    assertEquals(Stream.of(ClientAccessTypeConditionFactory.TYPE_CONFIDENTIAL).collect(Collectors.toSet()), conditionPage.form().getSelect2SelectedItems());
    createConditionPage.form().selectSelect2Item(ClientAccessTypeConditionFactory.TYPE_BEARERONLY);
    createConditionPage.form().save();
    assertAlertSuccess();
    // edit condition
    clientPolicyPage.assertCurrent();
    clientPolicyPage.conditionsTable().clickEditCondition(ClientAccessTypeConditionFactory.PROVIDER_ID);
    conditionPage.setUriParameters(policyName, 0);
    conditionPage.assertCurrent();
    assertEquals(Stream.of(ClientAccessTypeConditionFactory.TYPE_CONFIDENTIAL, ClientAccessTypeConditionFactory.TYPE_BEARERONLY).collect(Collectors.toSet()), conditionPage.form().getSelect2SelectedItems());
    createConditionPage.form().selectSelect2Item(ClientAccessTypeConditionFactory.TYPE_PUBLIC);
    createConditionPage.form().save();
    // create profile via REST
    ClientProfilesRepresentation profiles = new ClientProfilesBuilder().addProfile(new ClientProfileBuilder().createProfile(profileName, "desc").addExecutor(HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID, createHolderOfKeyEnforceExecutorConfig(true)).toRepresentation()).toRepresentation();
    testRealmResource().clientPoliciesProfilesResource().updateProfiles(profiles);
    refreshPageAndWaitForLoad();
    // add profile to policy
    clientPolicyPage.profilesTable().addProfile(GLOBAL_PROFILE);
    clientPolicyPage.profilesTable().addProfile(profileName);
    assertEquals(Arrays.asList(GLOBAL_PROFILE, profileName), clientPolicyPage.profilesTable().getProfiles());
    // remove profile
    clientPolicyPage.profilesTable().clickDeleteProfile(GLOBAL_PROFILE);
    assertAlertSuccess();
    // assert JSON
    ClientPoliciesRepresentation expected = new ClientPoliciesBuilder().addPolicy(new ClientPolicyBuilder().createPolicy(policyName, policyDesc, true).addCondition(ClientAccessTypeConditionFactory.PROVIDER_ID, createClientAccessTypeConditionConfig(Arrays.asList(ClientAccessTypeConditionFactory.TYPE_CONFIDENTIAL, ClientAccessTypeConditionFactory.TYPE_BEARERONLY, ClientAccessTypeConditionFactory.TYPE_PUBLIC))).addProfile(profileName).toRepresentation()).toRepresentation();
    assertClientPolicy(expected);
    // remove condition
    clientPolicyPage.navigateTo();
    clientPolicyPage.conditionsTable().clickDeleteCondition(ClientAccessTypeConditionFactory.PROVIDER_ID);
    modalDialog.confirmDeletion();
    assertAlertSuccess();
    expected.getPolicies().get(0).getConditions().remove(0);
    assertClientPolicy(expected);
    assertFalse(clientPolicyPage.conditionsTable().isRowPresent(ClientAccessTypeConditionFactory.PROVIDER_ID));
    // edit policy
    clientPolicyPage.form().setPolicyName(policyName2);
    clientPolicyPage.form().setEnabled(false);
    clientPolicyPage.form().save();
    assertAlertSuccess();
    clientPoliciesPage.navigateTo();
    assertEquals(policyDesc, clientPoliciesPage.policiesTable().getDescription(policyName2));
    assertFalse(clientPoliciesPage.policiesTable().isEnabled(policyName2));
    // remove policy
    clientPoliciesPage.policiesTable().clickDeletePolicy(policyName2);
    modalDialog.confirmDeletion();
    assertAlertSuccess();
    assertClientPolicy(new ClientPoliciesRepresentation());
    assertFalse(clientPoliciesPage.policiesTable().isRowPresent(policyName2));
}
Also used : ClientProfileBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder) ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation) ClientProfilesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder) ClientPoliciesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder) ClientPolicyBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder) ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation) Test(org.junit.Test)

Example 54 with ClientPoliciesBuilder

use of org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder in project keycloak by keycloak.

the class FAPICIBATest method setupPolicyFAPICIBAForAllClient.

private void setupPolicyFAPICIBAForAllClient() throws Exception {
    String json = (new ClientPoliciesBuilder()).addPolicy((new ClientPolicyBuilder()).createPolicy("MyPolicy", "Policy for enable FAPI CIBA for all clients", Boolean.TRUE).addCondition(AnyClientConditionFactory.PROVIDER_ID, createAnyClientConditionConfig()).addProfile(FAPI_CIBA_PROFILE_NAME).addProfile(FAPI1_ADVANCED_PROFILE_NAME).toRepresentation()).toString();
    updatePolicies(json);
}
Also used : ClientPoliciesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder) ClientPolicyBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder) Matchers.containsString(org.hamcrest.Matchers.containsString)

Example 55 with ClientPoliciesBuilder

use of org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder in project keycloak by keycloak.

the class ParTest method testExtendedClientPolicyIntefacesForPar.

@Test
public void testExtendedClientPolicyIntefacesForPar() throws Exception {
    // create client dynamically
    String clientId = createClientDynamically(generateSuffixedName(CLIENT_NAME), (OIDCClientRepresentation clientRep) -> {
        clientRep.setRequirePushedAuthorizationRequests(Boolean.TRUE);
        clientRep.setRedirectUris(new ArrayList<String>(Arrays.asList(CLIENT_REDIRECT_URI)));
    });
    OIDCClientRepresentation oidcCRep = getClientDynamically(clientId);
    String clientSecret = oidcCRep.getClientSecret();
    assertEquals(Boolean.TRUE, oidcCRep.getRequirePushedAuthorizationRequests());
    assertTrue(oidcCRep.getRedirectUris().contains(CLIENT_REDIRECT_URI));
    assertEquals(OIDCLoginProtocol.CLIENT_SECRET_BASIC, oidcCRep.getTokenEndpointAuthMethod());
    // register profiles
    String json = (new ClientProfilesBuilder()).addProfile((new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Den Forste Profilen").addExecutor(TestRaiseExeptionExecutorFactory.PROVIDER_ID, null).toRepresentation()).toString();
    updateProfiles(json);
    // register role policy
    String roleName = "sample-client-role-alpha";
    json = (new ClientPoliciesBuilder()).addPolicy((new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Den Forste Politikken", Boolean.TRUE).addCondition(ClientRolesConditionFactory.PROVIDER_ID, createClientRolesConditionConfig(Arrays.asList(roleName))).addProfile(PROFILE_NAME).toRepresentation()).toString();
    updatePolicies(json);
    // Add role to the client
    ClientResource clientResource = ApiUtil.findClientByClientId(adminClient.realm(REALM_NAME), clientId);
    clientResource.roles().create(RoleBuilder.create().name(roleName).build());
    // Pushed Authorization Request
    oauth.clientId(clientId);
    oauth.redirectUri(CLIENT_REDIRECT_URI);
    ParResponse response = oauth.doPushedAuthorizationRequest(clientId, clientSecret);
    assertEquals(400, response.getStatusCode());
    assertEquals(ClientPolicyEvent.PUSHED_AUTHORIZATION_REQUEST.toString(), response.getError());
    assertEquals("Exception thrown intentionally", response.getErrorDescription());
}
Also used : ClientProfileBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder) ParResponse(org.keycloak.testsuite.util.OAuthClient.ParResponse) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientProfilesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder) ClientPoliciesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder) ClientPolicyBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder) ClientResource(org.keycloak.admin.client.resource.ClientResource) AbstractClientPoliciesTest(org.keycloak.testsuite.client.AbstractClientPoliciesTest) Test(org.junit.Test)

Aggregations

ClientPoliciesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder)55 ClientPolicyBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder)54 Test (org.junit.Test)47 ClientProfilesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder)47 ClientProfileBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder)46 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)41 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)37 ClientPolicyException (org.keycloak.services.clientpolicy.ClientPolicyException)19 OAuthClient (org.keycloak.testsuite.util.OAuthClient)14 Matchers.containsString (org.hamcrest.Matchers.containsString)10 ClientResource (org.keycloak.admin.client.resource.ClientResource)10 ClientRegistrationException (org.keycloak.client.registration.ClientRegistrationException)9 IOException (java.io.IOException)8 BadRequestException (javax.ws.rs.BadRequestException)8 AuthenticationRequestAcknowledgement (org.keycloak.testsuite.util.OAuthClient.AuthenticationRequestAcknowledgement)8 OAuthErrorException (org.keycloak.OAuthErrorException)7 HashMap (java.util.HashMap)5 EventRepresentation (org.keycloak.representations.idm.EventRepresentation)4 TestAuthenticationChannelRequest (org.keycloak.testsuite.rest.representation.TestAuthenticationChannelRequest)4 AuthorizationEndpointRequestObject (org.keycloak.testsuite.rest.resource.TestingOIDCEndpointsApplicationResource.AuthorizationEndpointRequestObject)4