KEYCLOAK-18113 Refactor some executor/condition provider IDs

This commit is contained in:
mposolda 2021-05-14 16:16:38 +02:00 committed by Marek Posolda
parent 35601aaaba
commit b8a7750000
38 changed files with 253 additions and 258 deletions

View file

@ -30,7 +30,7 @@ import org.keycloak.provider.ProviderConfigProperty;
*/
public class AnyClientConditionFactory implements ClientPolicyConditionProviderFactory {
public static final String PROVIDER_ID = "anyclient-condition";
public static final String PROVIDER_ID = "any-client";
@Override
public ClientPolicyConditionProvider create(KeycloakSession session) {

View file

@ -31,7 +31,7 @@ import org.keycloak.provider.ProviderConfigProperty;
*/
public class ClientAccessTypeConditionFactory implements ClientPolicyConditionProviderFactory {
public static final String PROVIDER_ID = "client-accesstype-condition";
public static final String PROVIDER_ID = "client-access-type";
public static final String TYPE = "type";

View file

@ -30,7 +30,7 @@ import org.keycloak.provider.ProviderConfigProperty;
*/
public class ClientRolesConditionFactory implements ClientPolicyConditionProviderFactory {
public static final String PROVIDER_ID = "clientroles-condition";
public static final String PROVIDER_ID = "client-roles";
public static final String ROLES = "roles";
@ -38,7 +38,7 @@ public class ClientRolesConditionFactory implements ClientPolicyConditionProvide
static {
ProviderConfigProperty property;
property = new ProviderConfigProperty(ROLES, PROVIDER_ID + ".label", PROVIDER_ID + ".tooltip", ProviderConfigProperty.MULTIVALUED_STRING_TYPE, null);
property = new ProviderConfigProperty(ROLES, PROVIDER_ID + ".label", PROVIDER_ID + "-condition.tooltip", ProviderConfigProperty.MULTIVALUED_STRING_TYPE, null);
configProperties.add(property);
}

View file

@ -32,7 +32,7 @@ import org.keycloak.provider.ProviderConfigProperty;
*/
public class ClientScopesConditionFactory implements ClientPolicyConditionProviderFactory {
public static final String PROVIDER_ID = "clientscopes-condition";
public static final String PROVIDER_ID = "client-scopes";
public static final String SCOPES = "scopes";
public static final String TYPE = "type";
@ -42,7 +42,7 @@ public class ClientScopesConditionFactory implements ClientPolicyConditionProvid
private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();
static {
ProviderConfigProperty property = new ProviderConfigProperty(SCOPES, PROVIDER_ID + ".label", PROVIDER_ID + ".tooltip", ProviderConfigProperty.MULTIVALUED_STRING_TYPE, OAuth2Constants.OFFLINE_ACCESS);
ProviderConfigProperty property = new ProviderConfigProperty(SCOPES, PROVIDER_ID + "-condition.label", PROVIDER_ID + "-condition.tooltip", ProviderConfigProperty.MULTIVALUED_STRING_TYPE, OAuth2Constants.OFFLINE_ACCESS);
configProperties.add(property);
property = new ProviderConfigProperty(TYPE, "Scope Type",
"If set to 'Default', condition evaluates to true if client has some default scopes of the values specified by the 'Expected Scopes' property. " +

View file

@ -36,11 +36,11 @@ import com.fasterxml.jackson.annotation.JsonProperty;
/**
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
*/
public class ClientUpdateContextCondition extends AbstractClientPolicyConditionProvider<ClientUpdateContextCondition.Configuration> {
public class ClientUpdaterContextCondition extends AbstractClientPolicyConditionProvider<ClientUpdaterContextCondition.Configuration> {
private static final Logger logger = Logger.getLogger(ClientUpdateContextCondition.class);
private static final Logger logger = Logger.getLogger(ClientUpdaterContextCondition.class);
public ClientUpdateContextCondition(KeycloakSession session) {
public ClientUpdaterContextCondition(KeycloakSession session) {
super(session);
}
@ -65,7 +65,7 @@ public class ClientUpdateContextCondition extends AbstractClientPolicyConditionP
@Override
public String getProviderId() {
return ClientUpdateContextConditionFactory.PROVIDER_ID;
return ClientUpdaterContextConditionFactory.PROVIDER_ID;
}
@Override
@ -98,16 +98,16 @@ public class ClientUpdateContextCondition extends AbstractClientPolicyConditionP
String authMethod = null;
if (context.getToken() == null) {
authMethod = ClientUpdateContextConditionFactory.BY_ANONYMOUS;
authMethod = ClientUpdaterContextConditionFactory.BY_ANONYMOUS;
} else if (isInitialAccessToken(context.getToken())) {
authMethod = ClientUpdateContextConditionFactory.BY_INITIAL_ACCESS_TOKEN;
authMethod = ClientUpdaterContextConditionFactory.BY_INITIAL_ACCESS_TOKEN;
} else if (isRegistrationAccessToken(context.getToken())) {
authMethod = ClientUpdateContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN;
authMethod = ClientUpdaterContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN;
} else if (isBearerToken(context.getToken())) {
if (context.getAuthenticatedUser() != null || context.getAuthenticatedClient() != null) {
authMethod = ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER;
authMethod = ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER;
} else {
authMethod = ClientUpdateContextConditionFactory.BY_ANONYMOUS;
authMethod = ClientUpdaterContextConditionFactory.BY_ANONYMOUS;
}
}

View file

@ -29,9 +29,9 @@ import org.keycloak.provider.ProviderConfigProperty;
/**
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
*/
public class ClientUpdateContextConditionFactory implements ClientPolicyConditionProviderFactory {
public class ClientUpdaterContextConditionFactory implements ClientPolicyConditionProviderFactory {
public static final String PROVIDER_ID = "clientupdatecontext-condition";
public static final String PROVIDER_ID = "client-updater-context";
public static final String UPDATE_CLIENT_SOURCE = "update-client-source";
@ -56,7 +56,7 @@ public class ClientUpdateContextConditionFactory implements ClientPolicyConditio
@Override
public ClientPolicyConditionProvider create(KeycloakSession session) {
return new ClientUpdateContextCondition(session);
return new ClientUpdaterContextCondition(session);
}
@Override

View file

@ -41,11 +41,11 @@ import org.keycloak.services.clientpolicy.context.DynamicClientUpdateContext;
/**
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
*/
public class ClientUpdateSourceGroupsCondition extends AbstractClientPolicyConditionProvider<ClientUpdateSourceGroupsCondition.Configuration> {
public class ClientUpdaterSourceGroupsCondition extends AbstractClientPolicyConditionProvider<ClientUpdaterSourceGroupsCondition.Configuration> {
private static final Logger logger = Logger.getLogger(ClientUpdateSourceGroupsCondition.class);
private static final Logger logger = Logger.getLogger(ClientUpdaterSourceGroupsCondition.class);
public ClientUpdateSourceGroupsCondition(KeycloakSession session) {
public ClientUpdaterSourceGroupsCondition(KeycloakSession session) {
super(session);
}
@ -69,7 +69,7 @@ public class ClientUpdateSourceGroupsCondition extends AbstractClientPolicyCondi
@Override
public String getProviderId() {
return ClientUpdateSourceGroupsConditionFactory.PROVIDER_ID;
return ClientUpdaterSourceGroupsConditionFactory.PROVIDER_ID;
}
@Override

View file

@ -28,9 +28,9 @@ import org.keycloak.provider.ProviderConfigProperty;
/**
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
*/
public class ClientUpdateSourceGroupsConditionFactory implements ClientPolicyConditionProviderFactory {
public class ClientUpdaterSourceGroupsConditionFactory implements ClientPolicyConditionProviderFactory {
public static final String PROVIDER_ID = "clientupdatesourcegroups-condition";
public static final String PROVIDER_ID = "client-updater-source-groups";
public static final String GROUPS = "groups";
@ -44,7 +44,7 @@ public class ClientUpdateSourceGroupsConditionFactory implements ClientPolicyCon
@Override
public ClientPolicyConditionProvider create(KeycloakSession session) {
return new ClientUpdateSourceGroupsCondition(session);
return new ClientUpdaterSourceGroupsCondition(session);
}
@Override

View file

@ -35,11 +35,11 @@ import com.fasterxml.jackson.annotation.JsonProperty;
/**
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
*/
public class ClientUpdateSourceHostsCondition extends AbstractClientPolicyConditionProvider<ClientUpdateSourceHostsCondition.Configuration> {
public class ClientUpdaterSourceHostsCondition extends AbstractClientPolicyConditionProvider<ClientUpdaterSourceHostsCondition.Configuration> {
private static final Logger logger = Logger.getLogger(ClientUpdateSourceHostsCondition.class);
private static final Logger logger = Logger.getLogger(ClientUpdaterSourceHostsCondition.class);
public ClientUpdateSourceHostsCondition(KeycloakSession session) {
public ClientUpdaterSourceHostsCondition(KeycloakSession session) {
super(session);
}
@ -65,7 +65,7 @@ public class ClientUpdateSourceHostsCondition extends AbstractClientPolicyCondit
@Override
public String getProviderId() {
return ClientUpdateSourceHostsConditionFactory.PROVIDER_ID;
return ClientUpdaterSourceHostsConditionFactory.PROVIDER_ID;
}
@Override

View file

@ -28,17 +28,18 @@ import org.keycloak.provider.ProviderConfigProperty;
/**
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
*/
public class ClientUpdateSourceHostsConditionFactory implements ClientPolicyConditionProviderFactory {
public class ClientUpdaterSourceHostsConditionFactory implements ClientPolicyConditionProviderFactory {
public static final String PROVIDER_ID = "clientupdatesourcehost-condition";
public static final String PROVIDER_ID = "client-updater-source-host";
public static final String TRUSTED_HOSTS = "trusted-hosts";
private static final ProviderConfigProperty TRUSTED_HOSTS_PROPERTY = new ProviderConfigProperty(TRUSTED_HOSTS, "clientupdate-trusted-hosts.label", "clientupdate-trusted-hosts.tooltip", ProviderConfigProperty.MULTIVALUED_STRING_TYPE, null);
private static final ProviderConfigProperty TRUSTED_HOSTS_PROPERTY = new ProviderConfigProperty(TRUSTED_HOSTS, "client-updater-trusted-hosts.label",
"client-updater-trusted-hosts.tooltip", ProviderConfigProperty.MULTIVALUED_STRING_TYPE, null);
@Override
public ClientPolicyConditionProvider create(KeycloakSession session) {
return new ClientUpdateSourceHostsCondition(session);
return new ClientUpdaterSourceHostsCondition(session);
}
@Override

View file

@ -44,11 +44,11 @@ import org.keycloak.services.clientpolicy.context.DynamicClientUpdateContext;
/**
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
*/
public class ClientUpdateSourceRolesCondition extends AbstractClientPolicyConditionProvider<ClientUpdateSourceRolesCondition.Configuration> {
public class ClientUpdaterSourceRolesCondition extends AbstractClientPolicyConditionProvider<ClientUpdaterSourceRolesCondition.Configuration> {
private static final Logger logger = Logger.getLogger(ClientUpdateSourceRolesCondition.class);
private static final Logger logger = Logger.getLogger(ClientUpdaterSourceRolesCondition.class);
public ClientUpdateSourceRolesCondition(KeycloakSession session) {
public ClientUpdaterSourceRolesCondition(KeycloakSession session) {
super(session);
}
@ -72,7 +72,7 @@ public class ClientUpdateSourceRolesCondition extends AbstractClientPolicyCondit
@Override
public String getProviderId() {
return ClientUpdateSourceRolesConditionFactory.PROVIDER_ID;
return ClientUpdaterSourceRolesConditionFactory.PROVIDER_ID;
}
@Override

View file

@ -28,9 +28,9 @@ import org.keycloak.provider.ProviderConfigProperty;
/**
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
*/
public class ClientUpdateSourceRolesConditionFactory implements ClientPolicyConditionProviderFactory {
public class ClientUpdaterSourceRolesConditionFactory implements ClientPolicyConditionProviderFactory {
public static final String PROVIDER_ID = "clientupdatesourceroles-condition";
public static final String PROVIDER_ID = "client-updater-source-roles";
public static final String ROLES = "roles";
@ -44,7 +44,7 @@ public class ClientUpdateSourceRolesConditionFactory implements ClientPolicyCond
@Override
public ClientPolicyConditionProvider create(KeycloakSession session) {
return new ClientUpdateSourceRolesCondition(session);
return new ClientUpdaterSourceRolesCondition(session);
}
@Override

View file

@ -29,7 +29,7 @@ import org.keycloak.provider.ProviderConfigProperty;
*/
public class ConfidentialClientAcceptExecutorFactory implements ClientPolicyExecutorProviderFactory {
public static final String PROVIDER_ID = "confidentialclient-accept-executor";
public static final String PROVIDER_ID = "confidential-client";
@Override
public ClientPolicyExecutorProvider create(KeycloakSession session) {

View file

@ -30,7 +30,7 @@ import org.keycloak.provider.ProviderConfigProperty;
*/
public class ConsentRequiredExecutorFactory implements ClientPolicyExecutorProviderFactory {
public static final String PROVIDER_ID = "consent-required-executor";
public static final String PROVIDER_ID = "consent-required";
@Override
public ClientPolicyExecutorProvider create(KeycloakSession session) {

View file

@ -42,12 +42,12 @@ import com.fasterxml.jackson.annotation.JsonProperty;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
public class HolderOfKeyEnforceExecutor implements ClientPolicyExecutorProvider<HolderOfKeyEnforceExecutor.Configuration> {
public class HolderOfKeyEnforcerExecutor implements ClientPolicyExecutorProvider<HolderOfKeyEnforcerExecutor.Configuration> {
private final KeycloakSession session;
private Configuration configuration;
public HolderOfKeyEnforceExecutor(KeycloakSession session) {
public HolderOfKeyEnforcerExecutor(KeycloakSession session) {
this.session = session;
}
@ -76,7 +76,7 @@ public class HolderOfKeyEnforceExecutor implements ClientPolicyExecutorProvider<
@Override
public String getProviderId() {
return HolderOfKeyEnforceExecutorFactory.PROVIDER_ID;
return HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID;
}
@Override

View file

@ -26,9 +26,9 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
public class HolderOfKeyEnforceExecutorFactory implements ClientPolicyExecutorProviderFactory {
public class HolderOfKeyEnforcerExecutorFactory implements ClientPolicyExecutorProviderFactory {
public static final String PROVIDER_ID = "holder-of-key-enforce-executor";
public static final String PROVIDER_ID = "holder-of-key-enforcer";
public static final String IS_AUGMENT = "is-augment";
@ -37,7 +37,7 @@ public class HolderOfKeyEnforceExecutorFactory implements ClientPolicyExecutorPr
@Override
public ClientPolicyExecutorProvider create(KeycloakSession session) {
return new HolderOfKeyEnforceExecutor(session);
return new HolderOfKeyEnforcerExecutor(session);
}
@Override

View file

@ -48,7 +48,7 @@ import com.fasterxml.jackson.annotation.JsonProperty;
/**
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
*/
public class PKCEEnforceExecutor implements ClientPolicyExecutorProvider<PKCEEnforceExecutor.Configuration> {
public class PKCEEnforcerExecutor implements ClientPolicyExecutorProvider<PKCEEnforcerExecutor.Configuration> {
private static final Pattern VALID_CODE_CHALLENGE_PATTERN = Pattern.compile("^[0-9a-zA-Z\\-\\.~_]+$");
private static final Pattern VALID_CODE_VERIFIER_PATTERN = Pattern.compile("^[0-9a-zA-Z\\-\\.~_]+$");
@ -56,7 +56,7 @@ public class PKCEEnforceExecutor implements ClientPolicyExecutorProvider<PKCEEnf
private final KeycloakSession session;
private Configuration configuration;
public PKCEEnforceExecutor(KeycloakSession session) {
public PKCEEnforcerExecutor(KeycloakSession session) {
this.session = session;
}
@ -85,7 +85,7 @@ public class PKCEEnforceExecutor implements ClientPolicyExecutorProvider<PKCEEnf
@Override
public String getProviderId() {
return PKCEEnforceExecutorFactory.PROVIDER_ID;
return PKCEEnforcerExecutorFactory.PROVIDER_ID;
}
@Override

View file

@ -29,9 +29,9 @@ import org.keycloak.provider.ProviderConfigProperty;
/**
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
*/
public class PKCEEnforceExecutorFactory implements ClientPolicyExecutorProviderFactory {
public class PKCEEnforcerExecutorFactory implements ClientPolicyExecutorProviderFactory {
public static final String PROVIDER_ID = "pkce-enforce-executor";
public static final String PROVIDER_ID = "pkce-enforcer";
public static final String IS_AUGMENT = "is-augment";
@ -40,7 +40,7 @@ public class PKCEEnforceExecutorFactory implements ClientPolicyExecutorProviderF
@Override
public ClientPolicyExecutorProvider create(KeycloakSession session) {
return new PKCEEnforceExecutor(session);
return new PKCEEnforcerExecutor(session);
}
@Override

View file

@ -32,17 +32,17 @@ import com.fasterxml.jackson.annotation.JsonProperty;
/**
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
*/
public class SecureClientAuthEnforceExecutor implements ClientPolicyExecutorProvider<SecureClientAuthEnforceExecutor.Configuration> {
public class SecureClientAuthenticatorExecutor implements ClientPolicyExecutorProvider<SecureClientAuthenticatorExecutor.Configuration> {
private final KeycloakSession session;
private Configuration configuration;
public SecureClientAuthEnforceExecutor(KeycloakSession session) {
public SecureClientAuthenticatorExecutor(KeycloakSession session) {
this.session = session;
}
@Override
public void setupConfiguration(SecureClientAuthEnforceExecutor.Configuration config) {
public void setupConfiguration(SecureClientAuthenticatorExecutor.Configuration config) {
this.configuration = config;
}
@ -86,7 +86,7 @@ public class SecureClientAuthEnforceExecutor implements ClientPolicyExecutorProv
@Override
public String getProviderId() {
return SecureClientAuthEnforceExecutorFactory.PROVIDER_ID;
return SecureClientAuthenticatorExecutorFactory.PROVIDER_ID;
}
@Override

View file

@ -33,9 +33,9 @@ import org.keycloak.provider.ProviderFactory;
/**
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
*/
public class SecureClientAuthEnforceExecutorFactory implements ClientPolicyExecutorProviderFactory {
public class SecureClientAuthenticatorExecutorFactory implements ClientPolicyExecutorProviderFactory {
public static final String PROVIDER_ID = "secure-client-authn-executor";
public static final String PROVIDER_ID = "secure-client-authenticator";
public static final String IS_AUGMENT = "is-augment";
public static final String CLIENT_AUTHNS = "client-authns";
@ -45,7 +45,7 @@ public class SecureClientAuthEnforceExecutorFactory implements ClientPolicyExecu
@Override
public ClientPolicyExecutorProvider create(KeycloakSession session) {
return new SecureClientAuthEnforceExecutor(session);
return new SecureClientAuthenticatorExecutor(session);
}
@Override

View file

@ -41,19 +41,19 @@ import org.keycloak.services.clientpolicy.context.DynamicClientUpdateContext;
/**
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
*/
public class SecureClientRegisteringUriEnforceExecutor implements ClientPolicyExecutorProvider<ClientPolicyExecutorConfigurationRepresentation> {
public class SecureClientUrisExecutor implements ClientPolicyExecutorProvider<ClientPolicyExecutorConfigurationRepresentation> {
private static final Logger logger = Logger.getLogger(SecureClientRegisteringUriEnforceExecutor.class);
private static final Logger logger = Logger.getLogger(SecureClientUrisExecutor.class);
private final KeycloakSession session;
public SecureClientRegisteringUriEnforceExecutor(KeycloakSession session) {
public SecureClientUrisExecutor(KeycloakSession session) {
this.session = session;
}
@Override
public String getProviderId() {
return SecureClientRegisteringUriEnforceExecutorFactory.PROVIDER_ID;
return SecureClientUrisExecutorFactory.PROVIDER_ID;
}
@Override

View file

@ -28,13 +28,13 @@ import org.keycloak.provider.ProviderConfigProperty;
/**
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
*/
public class SecureClientRegisteringUriEnforceExecutorFactory implements ClientPolicyExecutorProviderFactory {
public class SecureClientUrisExecutorFactory implements ClientPolicyExecutorProviderFactory {
public static final String PROVIDER_ID = "secure-clienturi-enforce-executor";
public static final String PROVIDER_ID = "secure-client-uris";
@Override
public ClientPolicyExecutorProvider create(KeycloakSession session) {
return new SecureClientRegisteringUriEnforceExecutor(session);
return new SecureClientUrisExecutor(session);
}
@Override

View file

@ -32,7 +32,7 @@ import org.keycloak.provider.ProviderConfigProperty;
*/
public class SecureRequestObjectExecutorFactory implements ClientPolicyExecutorProviderFactory {
public static final String PROVIDER_ID = "secure-reqobj-executor";
public static final String PROVIDER_ID = "secure-request-object";
public static final String VERIFY_NBF = "verify-nbf";

View file

@ -30,7 +30,7 @@ import org.keycloak.provider.ProviderConfigProperty;
*/
public class SecureResponseTypeExecutorFactory implements ClientPolicyExecutorProviderFactory {
public static final String PROVIDER_ID = "secure-responsetype-executor";
public static final String PROVIDER_ID = "secure-response-type";
@Override
public ClientPolicyExecutorProvider create(KeycloakSession session) {

View file

@ -30,7 +30,7 @@ import org.keycloak.provider.ProviderConfigProperty;
*/
public class SecureSessionEnforceExecutorFactory implements ClientPolicyExecutorProviderFactory {
public static final String PROVIDER_ID = "secure-session-enforce-executor";
public static final String PROVIDER_ID = "secure-session";
@Override
public ClientPolicyExecutorProvider create(KeycloakSession session) {
@ -56,7 +56,7 @@ public class SecureSessionEnforceExecutorFactory implements ClientPolicyExecutor
@Override
public String getHelpText() {
return "To prevent CSRF, it refuses the client's authorization request which lacks nonce in OIDC flow or state in OAuth2 grant.";
return "To prevent CSRF, it refuses the client's authorization request which lacks 'nonce' parameter in OIDC flow or 'state' parameter in OAuth2 grant.";
}
@Override

View file

@ -45,9 +45,9 @@ import com.fasterxml.jackson.annotation.JsonProperty;
/**
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
*/
public class SecureSigningAlgorithmEnforceExecutor implements ClientPolicyExecutorProvider<SecureSigningAlgorithmEnforceExecutor.Configuration> {
public class SecureSigningAlgorithmExecutor implements ClientPolicyExecutorProvider<SecureSigningAlgorithmExecutor.Configuration> {
private static final Logger logger = Logger.getLogger(SecureSigningAlgorithmEnforceExecutor.class);
private static final Logger logger = Logger.getLogger(SecureSigningAlgorithmExecutor.class);
private final KeycloakSession session;
private Configuration configuration;
@ -72,17 +72,17 @@ public class SecureSigningAlgorithmEnforceExecutor implements ClientPolicyExecut
Algorithm.ES512
));
public SecureSigningAlgorithmEnforceExecutor(KeycloakSession session) {
public SecureSigningAlgorithmExecutor(KeycloakSession session) {
this.session = session;
}
@Override
public String getProviderId() {
return SecureSigningAlgorithmEnforceExecutorFactory.PROVIDER_ID;
return SecureSigningAlgorithmExecutorFactory.PROVIDER_ID;
}
@Override
public void setupConfiguration(SecureSigningAlgorithmEnforceExecutor.Configuration config) {
public void setupConfiguration(SecureSigningAlgorithmExecutor.Configuration config) {
this.configuration = Optional.ofNullable(config).orElse(createDefaultConfiguration());
if (config.getDefaultAlgorithm() == null || !isSecureAlgorithm(config.getDefaultAlgorithm())) config.setDefaultAlgorithm(DEFAULT_ALGORITHM_VALUE);
}

View file

@ -31,19 +31,19 @@ import org.keycloak.provider.ProviderConfigProperty;
/**
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
*/
public class SecureSigningAlgorithmEnforceExecutorFactory implements ClientPolicyExecutorProviderFactory {
public class SecureSigningAlgorithmExecutorFactory implements ClientPolicyExecutorProviderFactory {
public static final String PROVIDER_ID = "securesignalg-enforce-executor";
public static final String PROVIDER_ID = "secure-signature-algorithm";
public static final String DEFAULT_ALGORITHM = "default-algorithm";
private static final ProviderConfigProperty DEFAULT_ALGORITHM_PROPERTY = new ProviderConfigProperty(
DEFAULT_ALGORITHM, "Default Algorithm", "Default signature algorithm, which will be set to clients during client registration/update in case that client does not specify any algorithm",
ProviderConfigProperty.LIST_TYPE, Algorithm.PS256, new LinkedList<>(SecureSigningAlgorithmEnforceExecutor.ALLOWED_ALGORITHMS).toArray(new String[] {}));
ProviderConfigProperty.LIST_TYPE, Algorithm.PS256, new LinkedList<>(SecureSigningAlgorithmExecutor.ALLOWED_ALGORITHMS).toArray(new String[] {}));
@Override
public ClientPolicyExecutorProvider create(KeycloakSession session) {
return new SecureSigningAlgorithmEnforceExecutor(session);
return new SecureSigningAlgorithmExecutor(session);
}
@Override

View file

@ -34,19 +34,19 @@ import org.keycloak.services.clientpolicy.ClientPolicyException;
import com.fasterxml.jackson.annotation.JsonProperty;
public class SecureSigningAlgorithmForSignedJwtEnforceExecutor implements ClientPolicyExecutorProvider<SecureSigningAlgorithmForSignedJwtEnforceExecutor.Configuration> {
public class SecureSigningAlgorithmForSignedJwtExecutor implements ClientPolicyExecutorProvider<SecureSigningAlgorithmForSignedJwtExecutor.Configuration> {
private static final Logger logger = Logger.getLogger(SecureSigningAlgorithmForSignedJwtEnforceExecutor.class);
private static final Logger logger = Logger.getLogger(SecureSigningAlgorithmForSignedJwtExecutor.class);
private final KeycloakSession session;
private Configuration configuration;
public SecureSigningAlgorithmForSignedJwtEnforceExecutor(KeycloakSession session) {
public SecureSigningAlgorithmForSignedJwtExecutor(KeycloakSession session) {
this.session = session;
}
@Override
public void setupConfiguration(SecureSigningAlgorithmForSignedJwtEnforceExecutor.Configuration config) {
public void setupConfiguration(SecureSigningAlgorithmForSignedJwtExecutor.Configuration config) {
this.configuration = config;
}
@ -57,7 +57,7 @@ public class SecureSigningAlgorithmForSignedJwtEnforceExecutor implements Client
@Override
public String getProviderId() {
return SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory.PROVIDER_ID;
return SecureSigningAlgorithmForSignedJwtExecutorFactory.PROVIDER_ID;
}
public static class Configuration extends ClientPolicyExecutorConfigurationRepresentation {

View file

@ -24,12 +24,11 @@ import org.keycloak.provider.ProviderConfigProperty;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
public class SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory implements ClientPolicyExecutorProviderFactory {
public class SecureSigningAlgorithmForSignedJwtExecutorFactory implements ClientPolicyExecutorProviderFactory {
public static final String PROVIDER_ID = "securesignalgjwt-enforce-executor";
public static final String PROVIDER_ID = "secure-signature-algorithm-signed-jwt";
public static final String REQUIRE_CLIENT_ASSERTION = "require-client-assertion";
@ -38,7 +37,7 @@ public class SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory implements
@Override
public ClientPolicyExecutorProvider create(KeycloakSession session) {
return new SecureSigningAlgorithmForSignedJwtEnforceExecutor(session);
return new SecureSigningAlgorithmForSignedJwtExecutor(session);
}
@Override

View file

@ -1,8 +1,8 @@
org.keycloak.services.clientpolicy.condition.ClientUpdateContextConditionFactory
org.keycloak.services.clientpolicy.condition.ClientUpdaterContextConditionFactory
org.keycloak.services.clientpolicy.condition.ClientRolesConditionFactory
org.keycloak.services.clientpolicy.condition.ClientScopesConditionFactory
org.keycloak.services.clientpolicy.condition.ClientAccessTypeConditionFactory
org.keycloak.services.clientpolicy.condition.ClientUpdateSourceHostsConditionFactory
org.keycloak.services.clientpolicy.condition.ClientUpdateSourceGroupsConditionFactory
org.keycloak.services.clientpolicy.condition.ClientUpdateSourceRolesConditionFactory
org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceHostsConditionFactory
org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceGroupsConditionFactory
org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceRolesConditionFactory
org.keycloak.services.clientpolicy.condition.AnyClientConditionFactory

View file

@ -1,11 +1,11 @@
org.keycloak.services.clientpolicy.executor.SecureResponseTypeExecutorFactory
org.keycloak.services.clientpolicy.executor.SecureRequestObjectExecutorFactory
org.keycloak.services.clientpolicy.executor.SecureClientAuthEnforceExecutorFactory
org.keycloak.services.clientpolicy.executor.PKCEEnforceExecutorFactory
org.keycloak.services.clientpolicy.executor.SecureClientAuthenticatorExecutorFactory
org.keycloak.services.clientpolicy.executor.PKCEEnforcerExecutorFactory
org.keycloak.services.clientpolicy.executor.SecureSessionEnforceExecutorFactory
org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmEnforceExecutorFactory
org.keycloak.services.clientpolicy.executor.SecureClientRegisteringUriEnforceExecutorFactory
org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory
org.keycloak.services.clientpolicy.executor.HolderOfKeyEnforceExecutorFactory
org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmExecutorFactory
org.keycloak.services.clientpolicy.executor.SecureClientUrisExecutorFactory
org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtExecutorFactory
org.keycloak.services.clientpolicy.executor.HolderOfKeyEnforcerExecutorFactory
org.keycloak.services.clientpolicy.executor.ConfidentialClientAcceptExecutorFactory
org.keycloak.services.clientpolicy.executor.ConsentRequiredExecutorFactory

View file

@ -5,7 +5,7 @@
"description": "The global default profile for enforcing basic security level to clients.",
"executors": [
{
"executor": "secure-session-enforce-executor",
"executor": "secure-session",
"configuration": {}
}
]

View file

@ -32,7 +32,7 @@ import org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvide
*/
public class TestRaiseExeptionConditionFactory implements ClientPolicyConditionProviderFactory {
public static final String PROVIDER_ID = "test-raise-exception-condition";
public static final String PROVIDER_ID = "test-raise-exception";
@Override
public ClientPolicyConditionProvider create(KeycloakSession session) {

View file

@ -29,7 +29,7 @@ import org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProviderF
public class TestRaiseExeptionExecutorFactory implements ClientPolicyExecutorProviderFactory {
public static final String PROVIDER_ID = "test-raise-exception-executor";
public static final String PROVIDER_ID = "test-raise-exception";
@Override
public ClientPolicyExecutorProvider create(KeycloakSession session) {

View file

@ -116,29 +116,29 @@ import org.keycloak.services.clientpolicy.condition.ClientRolesCondition;
import org.keycloak.services.clientpolicy.condition.ClientRolesConditionFactory;
import org.keycloak.services.clientpolicy.condition.ClientScopesCondition;
import org.keycloak.services.clientpolicy.condition.ClientScopesConditionFactory;
import org.keycloak.services.clientpolicy.condition.ClientUpdateContextCondition;
import org.keycloak.services.clientpolicy.condition.ClientUpdateContextConditionFactory;
import org.keycloak.services.clientpolicy.condition.ClientUpdateSourceGroupsCondition;
import org.keycloak.services.clientpolicy.condition.ClientUpdateSourceGroupsConditionFactory;
import org.keycloak.services.clientpolicy.condition.ClientUpdateSourceHostsCondition;
import org.keycloak.services.clientpolicy.condition.ClientUpdateSourceHostsConditionFactory;
import org.keycloak.services.clientpolicy.condition.ClientUpdateSourceRolesCondition;
import org.keycloak.services.clientpolicy.condition.ClientUpdateSourceRolesConditionFactory;
import org.keycloak.services.clientpolicy.executor.HolderOfKeyEnforceExecutor;
import org.keycloak.services.clientpolicy.executor.HolderOfKeyEnforceExecutorFactory;
import org.keycloak.services.clientpolicy.executor.PKCEEnforceExecutor;
import org.keycloak.services.clientpolicy.executor.PKCEEnforceExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureClientAuthEnforceExecutor;
import org.keycloak.services.clientpolicy.executor.SecureClientAuthEnforceExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureClientRegisteringUriEnforceExecutorFactory;
import org.keycloak.services.clientpolicy.condition.ClientUpdaterContextCondition;
import org.keycloak.services.clientpolicy.condition.ClientUpdaterContextConditionFactory;
import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceGroupsCondition;
import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceGroupsConditionFactory;
import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceHostsCondition;
import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceHostsConditionFactory;
import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceRolesCondition;
import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceRolesConditionFactory;
import org.keycloak.services.clientpolicy.executor.HolderOfKeyEnforcerExecutor;
import org.keycloak.services.clientpolicy.executor.HolderOfKeyEnforcerExecutorFactory;
import org.keycloak.services.clientpolicy.executor.PKCEEnforcerExecutor;
import org.keycloak.services.clientpolicy.executor.PKCEEnforcerExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureClientAuthenticatorExecutor;
import org.keycloak.services.clientpolicy.executor.SecureClientAuthenticatorExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureClientUrisExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureRequestObjectExecutor;
import org.keycloak.services.clientpolicy.executor.SecureRequestObjectExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureResponseTypeExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureSessionEnforceExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmEnforceExecutor;
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmEnforceExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtEnforceExecutor;
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmExecutor;
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtExecutor;
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtExecutorFactory;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents;
@ -206,7 +206,7 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
protected void setupValidProfilesAndPolicies() throws Exception {
// load profiles
ClientProfileRepresentation loadedProfileRep = (new ClientProfileBuilder()).createProfile("ordinal-test-profile", "The profile that can be loaded.")
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
createSecureClientAuthEnforceExecutorConfig(
Boolean.TRUE,
Arrays.asList(JWTClientAuthenticator.PROVIDER_ID),
@ -214,19 +214,19 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
.toRepresentation();
ClientProfileRepresentation loadedProfileRepWithoutBuiltinField = (new ClientProfileBuilder()).createProfile("lack-of-builtin-field-test-profile", "Without builtin field that is treated as builtin=false.")
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
createSecureClientAuthEnforceExecutorConfig(
Boolean.TRUE,
Arrays.asList(JWTClientAuthenticator.PROVIDER_ID),
JWTClientAuthenticator.PROVIDER_ID))
.addExecutor(HolderOfKeyEnforceExecutorFactory.PROVIDER_ID,
.addExecutor(HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID,
createHolderOfKeyEnforceExecutorConfig(Boolean.TRUE))
.addExecutor(SecureClientRegisteringUriEnforceExecutorFactory.PROVIDER_ID, null)
.addExecutor(SecureClientUrisExecutorFactory.PROVIDER_ID, null)
.addExecutor(SecureRequestObjectExecutorFactory.PROVIDER_ID, null)
.addExecutor(SecureResponseTypeExecutorFactory.PROVIDER_ID, null)
.addExecutor(SecureSessionEnforceExecutorFactory.PROVIDER_ID, null)
.addExecutor(SecureSigningAlgorithmEnforceExecutorFactory.PROVIDER_ID, null)
.addExecutor(SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory.PROVIDER_ID, null)
.addExecutor(SecureSigningAlgorithmExecutorFactory.PROVIDER_ID, null)
.addExecutor(SecureSigningAlgorithmForSignedJwtExecutorFactory.PROVIDER_ID, null)
.toRepresentation();
String json = (new ClientProfilesBuilder())
@ -259,13 +259,13 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
"lack-of-builtin-field-test-policy",
"Without builtin field that is treated as builtin=false.",
null)
.addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID,
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER)))
.addCondition(ClientUpdateSourceGroupsConditionFactory.PROVIDER_ID,
.addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID,
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER)))
.addCondition(ClientUpdaterSourceGroupsConditionFactory.PROVIDER_ID,
createClientUpdateSourceGroupsConditionConfig(Arrays.asList("topGroup")))
.addCondition(ClientUpdateSourceHostsConditionFactory.PROVIDER_ID,
.addCondition(ClientUpdaterSourceHostsConditionFactory.PROVIDER_ID,
createClientUpdateSourceHostsConditionConfig(Arrays.asList("localhost", "127.0.0.1")))
.addCondition(ClientUpdateSourceRolesConditionFactory.PROVIDER_ID,
.addCondition(ClientUpdaterSourceRolesConditionFactory.PROVIDER_ID,
createClientUpdateSourceRolesConditionConfig(Arrays.asList(AdminRoles.CREATE_CLIENT)))
.addProfile("lack-of-builtin-field-test-profile")
.toRepresentation();
@ -300,7 +300,7 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
modifiedAssertion.accept(actualProfilesRep);
// each executor
assertExpectedExecutors(Arrays.asList(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID), actualProfileRep);
assertExpectedExecutors(Arrays.asList(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID), actualProfileRep);
assertExpectedSecureClientAuthEnforceExecutor(Arrays.asList(JWTClientAuthenticator.PROVIDER_ID), true, JWTClientAuthenticator.PROVIDER_ID, actualProfileRep);
// each profile - lack-of-builtin-field-test-profile
@ -309,14 +309,14 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
// each executor
assertExpectedExecutors(Arrays.asList(
SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
HolderOfKeyEnforceExecutorFactory.PROVIDER_ID,
SecureClientRegisteringUriEnforceExecutorFactory.PROVIDER_ID,
SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID,
SecureClientUrisExecutorFactory.PROVIDER_ID,
SecureRequestObjectExecutorFactory.PROVIDER_ID,
SecureResponseTypeExecutorFactory.PROVIDER_ID,
SecureSessionEnforceExecutorFactory.PROVIDER_ID,
SecureSigningAlgorithmEnforceExecutorFactory.PROVIDER_ID,
SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory.PROVIDER_ID), actualProfileRep);
SecureSigningAlgorithmExecutorFactory.PROVIDER_ID,
SecureSigningAlgorithmForSignedJwtExecutorFactory.PROVIDER_ID), actualProfileRep);
assertExpectedSecureClientAuthEnforceExecutor(Arrays.asList(JWTClientAuthenticator.PROVIDER_ID), true, JWTClientAuthenticator.PROVIDER_ID, actualProfileRep);
assertExpectedHolderOfKeyEnforceExecutor(true, actualProfileRep);
assertExpectedSecureRedirectUriEnforceExecutor(actualProfileRep);
@ -350,8 +350,8 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
assertExpectedPolicy("lack-of-builtin-field-test-policy", "Without builtin field that is treated as builtin=false.", false, Arrays.asList("lack-of-builtin-field-test-profile"), actualPolicyRep);
// each condition
assertExpectedConditions(Arrays.asList(ClientUpdateContextConditionFactory.PROVIDER_ID, ClientUpdateSourceGroupsConditionFactory.PROVIDER_ID, ClientUpdateSourceHostsConditionFactory.PROVIDER_ID, ClientUpdateSourceRolesConditionFactory.PROVIDER_ID), actualPolicyRep);
assertExpectedClientUpdateContextCondition(Arrays.asList(ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER), actualPolicyRep);
assertExpectedConditions(Arrays.asList(ClientUpdaterContextConditionFactory.PROVIDER_ID, ClientUpdaterSourceGroupsConditionFactory.PROVIDER_ID, ClientUpdaterSourceHostsConditionFactory.PROVIDER_ID, ClientUpdaterSourceRolesConditionFactory.PROVIDER_ID), actualPolicyRep);
assertExpectedClientUpdateContextCondition(Arrays.asList(ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER), actualPolicyRep);
assertExpectedClientUpdateSourceGroupsCondition(Arrays.asList("topGroup"), actualPolicyRep);
assertExpectedClientUpdateSourceHostsCondition(Arrays.asList("localhost", "127.0.0.1"), actualPolicyRep);
assertExpectedClientUpdateSourceRolesCondition(Arrays.asList(AdminRoles.CREATE_CLIENT), actualPolicyRep);
@ -835,20 +835,20 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
// Client Profiles - Executor CRUD Operations
protected HolderOfKeyEnforceExecutor.Configuration createHolderOfKeyEnforceExecutorConfig(Boolean isAugment) {
HolderOfKeyEnforceExecutor.Configuration config = new HolderOfKeyEnforceExecutor.Configuration();
protected HolderOfKeyEnforcerExecutor.Configuration createHolderOfKeyEnforceExecutorConfig(Boolean isAugment) {
HolderOfKeyEnforcerExecutor.Configuration config = new HolderOfKeyEnforcerExecutor.Configuration();
config.setAugment(isAugment);
return config;
}
protected PKCEEnforceExecutor.Configuration createPKCEEnforceExecutorConfig(Boolean isAugment) {
PKCEEnforceExecutor.Configuration config = new PKCEEnforceExecutor.Configuration();
protected PKCEEnforcerExecutor.Configuration createPKCEEnforceExecutorConfig(Boolean isAugment) {
PKCEEnforcerExecutor.Configuration config = new PKCEEnforcerExecutor.Configuration();
config.setAugment(isAugment);
return config;
}
protected SecureClientAuthEnforceExecutor.Configuration createSecureClientAuthEnforceExecutorConfig(Boolean isAugment, List<String> clientAuthns, String clientAuthnsAugment) {
SecureClientAuthEnforceExecutor.Configuration config = new SecureClientAuthEnforceExecutor.Configuration();
protected SecureClientAuthenticatorExecutor.Configuration createSecureClientAuthEnforceExecutorConfig(Boolean isAugment, List<String> clientAuthns, String clientAuthnsAugment) {
SecureClientAuthenticatorExecutor.Configuration config = new SecureClientAuthenticatorExecutor.Configuration();
config.setAugment(isAugment);
config.setClientAuthns(clientAuthns);
config.setClientAuthnsAugment(clientAuthnsAugment);
@ -862,14 +862,14 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
return config;
}
protected SecureSigningAlgorithmForSignedJwtEnforceExecutor.Configuration createSecureSigningAlgorithmForSignedJwtEnforceExecutorConfig(Boolean requireClientAssertion) {
SecureSigningAlgorithmForSignedJwtEnforceExecutor.Configuration config = new SecureSigningAlgorithmForSignedJwtEnforceExecutor.Configuration();
protected SecureSigningAlgorithmForSignedJwtExecutor.Configuration createSecureSigningAlgorithmForSignedJwtEnforceExecutorConfig(Boolean requireClientAssertion) {
SecureSigningAlgorithmForSignedJwtExecutor.Configuration config = new SecureSigningAlgorithmForSignedJwtExecutor.Configuration();
config.setRequireClientAssertion(requireClientAssertion);
return config;
}
protected SecureSigningAlgorithmEnforceExecutor.Configuration createSecureSigningAlgorithmEnforceExecutorConfig(String defaultAlgorithm) {
SecureSigningAlgorithmEnforceExecutor.Configuration config = new SecureSigningAlgorithmEnforceExecutor.Configuration();
protected SecureSigningAlgorithmExecutor.Configuration createSecureSigningAlgorithmEnforceExecutorConfig(String defaultAlgorithm) {
SecureSigningAlgorithmExecutor.Configuration config = new SecureSigningAlgorithmExecutor.Configuration();
config.setDefaultAlgorithm(defaultAlgorithm);
return config;
}
@ -990,26 +990,26 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
return config;
}
protected ClientUpdateContextCondition.Configuration createClientUpdateContextConditionConfig(List<String> updateClientSource) {
ClientUpdateContextCondition.Configuration config = new ClientUpdateContextCondition.Configuration();
protected ClientUpdaterContextCondition.Configuration createClientUpdateContextConditionConfig(List<String> updateClientSource) {
ClientUpdaterContextCondition.Configuration config = new ClientUpdaterContextCondition.Configuration();
config.setUpdateClientSource(updateClientSource);
return config;
}
protected ClientUpdateSourceGroupsCondition.Configuration createClientUpdateSourceGroupsConditionConfig(List<String> groups) {
ClientUpdateSourceGroupsCondition.Configuration config = new ClientUpdateSourceGroupsCondition.Configuration();
protected ClientUpdaterSourceGroupsCondition.Configuration createClientUpdateSourceGroupsConditionConfig(List<String> groups) {
ClientUpdaterSourceGroupsCondition.Configuration config = new ClientUpdaterSourceGroupsCondition.Configuration();
config.setGroups(groups);
return config;
}
protected ClientUpdateSourceHostsCondition.Configuration createClientUpdateSourceHostsConditionConfig(List<String> trustedHosts) {
ClientUpdateSourceHostsCondition.Configuration config = new ClientUpdateSourceHostsCondition.Configuration();
protected ClientUpdaterSourceHostsCondition.Configuration createClientUpdateSourceHostsConditionConfig(List<String> trustedHosts) {
ClientUpdaterSourceHostsCondition.Configuration config = new ClientUpdaterSourceHostsCondition.Configuration();
config.setTrustedHosts(trustedHosts);
return config;
}
protected ClientUpdateSourceRolesCondition.Configuration createClientUpdateSourceRolesConditionConfig(List<String> roles) {
ClientUpdateSourceRolesCondition.Configuration config = new ClientUpdateSourceRolesCondition.Configuration();
protected ClientUpdaterSourceRolesCondition.Configuration createClientUpdateSourceRolesConditionConfig(List<String> roles) {
ClientUpdaterSourceRolesCondition.Configuration config = new ClientUpdaterSourceRolesCondition.Configuration();
config.setRoles(roles);
return config;
}
@ -1271,17 +1271,17 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
}
protected void assertExpectedHolderOfKeyEnforceExecutor(boolean isAugment, ClientProfileRepresentation profileRep) {
assertExpectedAugmenedExecutor(isAugment, HolderOfKeyEnforceExecutorFactory.PROVIDER_ID, profileRep);
assertExpectedAugmenedExecutor(isAugment, HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID, profileRep);
}
protected void assertExpectedPKCEEnforceExecutor(boolean isAugment, ClientProfileRepresentation profileRep) {
assertExpectedAugmenedExecutor(isAugment, PKCEEnforceExecutorFactory.PROVIDER_ID, profileRep);
assertExpectedAugmenedExecutor(isAugment, PKCEEnforcerExecutorFactory.PROVIDER_ID, profileRep);
}
protected void assertExpectedSecureClientAuthEnforceExecutor(List<String> clientAuthns, boolean isAugment, String clientAuthnsAugment, ClientProfileRepresentation profileRep) {
assertExpectedAugmenedExecutor(isAugment, SecureClientAuthEnforceExecutorFactory.PROVIDER_ID, profileRep);
assertExpectedAugmenedExecutor(isAugment, SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, profileRep);
assertNotNull(profileRep);
Map<String, Object> actualExecutorConfig = getConfigOfExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID, profileRep);
Map<String, Object> actualExecutorConfig = getConfigOfExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, profileRep);
assertNotNull(actualExecutorConfig);
Set<String> actualClientAuthns = new HashSet<>((Collection<String>) actualExecutorConfig.get("client-authns"));
@ -1292,7 +1292,7 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
}
protected void assertExpectedSecureRedirectUriEnforceExecutor(ClientProfileRepresentation profileRep) {
assertExpectedEmptyConfig(SecureClientRegisteringUriEnforceExecutorFactory.PROVIDER_ID, profileRep);
assertExpectedEmptyConfig(SecureClientUrisExecutorFactory.PROVIDER_ID, profileRep);
}
protected void assertExpectedSecureRequestObjectExecutor(ClientProfileRepresentation profileRep) {
@ -1308,11 +1308,11 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
}
protected void assertExpectedSecureSigningAlgorithmEnforceExecutor(ClientProfileRepresentation profileRep) {
assertExpectedEmptyConfig(SecureSigningAlgorithmEnforceExecutorFactory.PROVIDER_ID, profileRep);
assertExpectedEmptyConfig(SecureSigningAlgorithmExecutorFactory.PROVIDER_ID, profileRep);
}
protected void assertExpectedSecureSigningAlgorithmForSignedJwtEnforceExecutor(ClientProfileRepresentation profileRep) {
assertExpectedEmptyConfig(SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory.PROVIDER_ID, profileRep);
assertExpectedEmptyConfig(SecureSigningAlgorithmForSignedJwtExecutorFactory.PROVIDER_ID, profileRep);
}
protected void assertExpectedAugmenedExecutor(boolean isAugment, String providerId, ClientProfileRepresentation profileRep) {
@ -1393,22 +1393,22 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
}
protected void assertExpectedClientUpdateContextCondition(List<String> updateClientSources, ClientPolicyRepresentation policyRep) {
ClientUpdateContextCondition.Configuration cfg = getConfigAsExpectedType(policyRep, ClientUpdateContextConditionFactory.PROVIDER_ID, ClientUpdateContextCondition.Configuration.class);
ClientUpdaterContextCondition.Configuration cfg = getConfigAsExpectedType(policyRep, ClientUpdaterContextConditionFactory.PROVIDER_ID, ClientUpdaterContextCondition.Configuration.class);
Assert.assertEquals(cfg.getUpdateClientSource(), updateClientSources);
}
protected void assertExpectedClientUpdateSourceGroupsCondition(List<String> groups, ClientPolicyRepresentation policyRep) {
ClientUpdateSourceGroupsCondition.Configuration cfg = getConfigAsExpectedType(policyRep, ClientUpdateSourceGroupsConditionFactory.PROVIDER_ID, ClientUpdateSourceGroupsCondition.Configuration.class);
ClientUpdaterSourceGroupsCondition.Configuration cfg = getConfigAsExpectedType(policyRep, ClientUpdaterSourceGroupsConditionFactory.PROVIDER_ID, ClientUpdaterSourceGroupsCondition.Configuration.class);
Assert.assertEquals(cfg.getGroups(), groups);
}
protected void assertExpectedClientUpdateSourceHostsCondition(List<String> trustedHosts, ClientPolicyRepresentation policyRep) {
ClientUpdateSourceHostsCondition.Configuration cfg = getConfigAsExpectedType(policyRep, ClientUpdateSourceHostsConditionFactory.PROVIDER_ID, ClientUpdateSourceHostsCondition.Configuration.class);
ClientUpdaterSourceHostsCondition.Configuration cfg = getConfigAsExpectedType(policyRep, ClientUpdaterSourceHostsConditionFactory.PROVIDER_ID, ClientUpdaterSourceHostsCondition.Configuration.class);
Assert.assertEquals(cfg.getTrustedHosts(), trustedHosts);
}
protected void assertExpectedClientUpdateSourceRolesCondition(List<String> roles, ClientPolicyRepresentation policyRep) {
ClientUpdateSourceRolesCondition.Configuration cfg = getConfigAsExpectedType(policyRep, ClientUpdateSourceRolesConditionFactory.PROVIDER_ID, ClientUpdateSourceRolesCondition.Configuration.class);
ClientUpdaterSourceRolesCondition.Configuration cfg = getConfigAsExpectedType(policyRep, ClientUpdaterSourceRolesConditionFactory.PROVIDER_ID, ClientUpdaterSourceRolesCondition.Configuration.class);
Assert.assertEquals(cfg.getRoles(), roles);
}

View file

@ -44,8 +44,8 @@ import org.keycloak.services.clientpolicy.ClientPolicyException;
import org.keycloak.services.clientpolicy.ClientPoliciesUtil;
import org.keycloak.services.clientpolicy.condition.ClientAccessTypeConditionFactory;
import org.keycloak.services.clientpolicy.condition.ClientRolesConditionFactory;
import org.keycloak.services.clientpolicy.executor.PKCEEnforceExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureClientAuthEnforceExecutorFactory;
import org.keycloak.services.clientpolicy.executor.PKCEEnforcerExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureClientAuthenticatorExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureSessionEnforceExecutorFactory;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
@ -160,19 +160,19 @@ public class ClientPoliciesLoadUpdateTest extends AbstractClientPoliciesTest {
// load profiles
ClientProfileRepresentation duplicatedProfileRep = (new ClientProfileBuilder()).createProfile("builtin-basic-security", "Enforce basic security level")
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
createSecureClientAuthEnforceExecutorConfig(
Boolean.FALSE,
Arrays.asList(ClientIdAndSecretAuthenticator.PROVIDER_ID, JWTClientAuthenticator.PROVIDER_ID),
null))
.addExecutor(PKCEEnforceExecutorFactory.PROVIDER_ID,
.addExecutor(PKCEEnforcerExecutorFactory.PROVIDER_ID,
createPKCEEnforceExecutorConfig(Boolean.FALSE))
.addExecutor("no-such-executor",
createPKCEEnforceExecutorConfig(Boolean.TRUE))
.toRepresentation();
ClientProfileRepresentation loadedProfileRep = (new ClientProfileBuilder()).createProfile("ordinal-test-profile", "The profile that can be loaded.")
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
createSecureClientAuthEnforceExecutorConfig(
Boolean.TRUE,
Arrays.asList(JWTClientAuthenticator.PROVIDER_ID),
@ -199,7 +199,7 @@ public class ClientPoliciesLoadUpdateTest extends AbstractClientPoliciesTest {
// register profiles
String json = (new ClientProfilesBuilder()).addProfile(
(new ClientProfileBuilder()).createProfile("global-default-profile", "Pershyy Profil")
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
createSecureClientAuthEnforceExecutorConfig(Boolean.TRUE,
Arrays.asList(JWTClientAuthenticator.PROVIDER_ID, JWTClientSecretAuthenticator.PROVIDER_ID, X509ClientAuthenticator.PROVIDER_ID),
X509ClientAuthenticator.PROVIDER_ID))
@ -241,7 +241,7 @@ public class ClientPoliciesLoadUpdateTest extends AbstractClientPoliciesTest {
+ " \"builtin\" : false,\n"
+ " \"executors\": [\n"
+ " {\n"
+ " \"new-secure-client-authn-executor\": {\n"
+ " \"new-secure-client-authnenticator\": {\n"
+ " \"client-authns\": [ \"private-key-jwt\" ],\n"
+ " \"client-authns-augment\" : \"private-key-jwt\",\n"
+ " \"is-augment\" : true\n"
@ -273,7 +273,7 @@ public class ClientPoliciesLoadUpdateTest extends AbstractClientPoliciesTest {
+ " \"description\" : \"Not builtin profile that should be skipped.\",\n"
+ " \"builtin\" : \"no\",\n"
+ " \"executors\": {\n"
+ " \"new-secure-client-authn-executor\": {\n"
+ " \"new-secure-client-authnenticator\": {\n"
+ " \"client-authns\": [ \"private-key-jwt\" ],\n"
+ " \"client-authns-augment\" : \"private-key-jwt\",\n"
+ " \"is-augment\" : true\n"
@ -364,7 +364,7 @@ public class ClientPoliciesLoadUpdateTest extends AbstractClientPoliciesTest {
+ " \"enable\": true,\n"
+ " \"conditions\": [\n"
+ " {\n"
+ " \"new-clientupdatesourcehost-condition\": {\n"
+ " \"new-client-updater-source-host\": {\n"
+ " \"trusted-hosts\": [\"myuniversity\"],\n"
+ " \"host-sending-request-must-match\" : [true]\n"
+ " }\n"

View file

@ -51,8 +51,6 @@ import org.keycloak.authentication.authenticators.client.ClientIdAndSecretAuthen
import org.keycloak.authentication.authenticators.client.JWTClientAuthenticator;
import org.keycloak.authentication.authenticators.client.JWTClientSecretAuthenticator;
import org.keycloak.authentication.authenticators.client.X509ClientAuthenticator;
import org.keycloak.client.registration.Auth;
import org.keycloak.client.registration.ClientRegistration;
import org.keycloak.client.registration.ClientRegistrationException;
import org.keycloak.common.Profile;
import org.keycloak.events.Details;
@ -68,8 +66,6 @@ import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.utils.OIDCResponseType;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.RefreshToken;
import org.keycloak.representations.idm.ClientInitialAccessCreatePresentation;
import org.keycloak.representations.idm.ClientInitialAccessPresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.EventRepresentation;
@ -83,22 +79,21 @@ import org.keycloak.services.clientpolicy.condition.AnyClientConditionFactory;
import org.keycloak.services.clientpolicy.condition.ClientAccessTypeConditionFactory;
import org.keycloak.services.clientpolicy.condition.ClientRolesConditionFactory;
import org.keycloak.services.clientpolicy.condition.ClientScopesConditionFactory;
import org.keycloak.services.clientpolicy.condition.ClientUpdateContextConditionFactory;
import org.keycloak.services.clientpolicy.condition.ClientUpdateSourceGroupsConditionFactory;
import org.keycloak.services.clientpolicy.condition.ClientUpdateSourceHostsConditionFactory;
import org.keycloak.services.clientpolicy.condition.ClientUpdateSourceRolesConditionFactory;
import org.keycloak.services.clientpolicy.condition.ClientUpdaterContextConditionFactory;
import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceGroupsConditionFactory;
import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceHostsConditionFactory;
import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceRolesConditionFactory;
import org.keycloak.services.clientpolicy.executor.ConfidentialClientAcceptExecutorFactory;
import org.keycloak.services.clientpolicy.executor.ConsentRequiredExecutorFactory;
import org.keycloak.services.clientpolicy.executor.HolderOfKeyEnforceExecutorFactory;
import org.keycloak.services.clientpolicy.executor.PKCEEnforceExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureClientAuthEnforceExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureClientRegisteringUriEnforceExecutorFactory;
import org.keycloak.services.clientpolicy.executor.HolderOfKeyEnforcerExecutorFactory;
import org.keycloak.services.clientpolicy.executor.PKCEEnforcerExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureClientAuthenticatorExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureClientUrisExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureRequestObjectExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureResponseTypeExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureSessionEnforceExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmEnforceExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtEnforceExecutor;
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureRequestObjectExecutor;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
@ -250,7 +245,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
// register profiles
String json = (new ClientProfilesBuilder()).addProfile(
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Pershyy Profil")
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
createSecureClientAuthEnforceExecutorConfig(Boolean.TRUE,
Arrays.asList(JWTClientAuthenticator.PROVIDER_ID, JWTClientSecretAuthenticator.PROVIDER_ID, X509ClientAuthenticator.PROVIDER_ID),
X509ClientAuthenticator.PROVIDER_ID))
@ -261,8 +256,8 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
// register policies
json = (new ClientPoliciesBuilder()).addPolicy(
(new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Persha Polityka", Boolean.TRUE)
.addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID,
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER)))
.addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID,
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER)))
.addProfile(PROFILE_NAME)
.toRepresentation()
).toString();
@ -277,7 +272,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
// update profiles
json = (new ClientProfilesBuilder()).addProfile(
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Pershyy Profil")
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
createSecureClientAuthEnforceExecutorConfig(Boolean.TRUE,
Arrays.asList(JWTClientAuthenticator.PROVIDER_ID, JWTClientSecretAuthenticator.PROVIDER_ID, X509ClientAuthenticator.PROVIDER_ID),
JWTClientAuthenticator.PROVIDER_ID))
@ -333,7 +328,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
// register profiles
String json = (new ClientProfilesBuilder()).addProfile(
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Den Eichte profil")
.addExecutor(PKCEEnforceExecutorFactory.PROVIDER_ID,
.addExecutor(PKCEEnforcerExecutorFactory.PROVIDER_ID,
createPKCEEnforceExecutorConfig(Boolean.TRUE))
.toRepresentation()
).toString();
@ -382,7 +377,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
// register profiles
String json = (new ClientProfilesBuilder()).addProfile(
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Purofairu Sono Ichi")
.addExecutor(PKCEEnforceExecutorFactory.PROVIDER_ID,
.addExecutor(PKCEEnforcerExecutorFactory.PROVIDER_ID,
createPKCEEnforceExecutorConfig(Boolean.FALSE))
.toRepresentation()
).toString();
@ -393,8 +388,8 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
(new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Porishii Sono Ichi", Boolean.TRUE)
.addCondition(ClientRolesConditionFactory.PROVIDER_ID,
createClientRolesConditionConfig(Arrays.asList(SAMPLE_CLIENT_ROLE)))
.addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID,
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER)))
.addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID,
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER)))
.toRepresentation()
).toString();
updatePolicies(json);
@ -412,8 +407,8 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
updatePolicy((new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Koushinsareta Porishii Sono Ichi", Boolean.TRUE)
.addCondition(ClientRolesConditionFactory.PROVIDER_ID,
createClientRolesConditionConfig(Arrays.asList(SAMPLE_CLIENT_ROLE)))
.addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID,
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER)))
.addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID,
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER)))
.addProfile(PROFILE_NAME)
.toRepresentation());
@ -422,7 +417,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
// update profiles
updateProfile(
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Koushinsareta Purofairu Sono Ichi")
.addExecutor(PKCEEnforceExecutorFactory.PROVIDER_ID,
.addExecutor(PKCEEnforcerExecutorFactory.PROVIDER_ID,
createPKCEEnforceExecutorConfig(Boolean.TRUE))
.toRepresentation());
@ -474,11 +469,11 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
String profileBetaName = "MyProfile-beta";
String json = (new ClientProfilesBuilder()).addProfile(
(new ClientProfileBuilder()).createProfile(profileAlphaName, "Pierwszy Profil")
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
createSecureClientAuthEnforceExecutorConfig(Boolean.TRUE, Arrays.asList(ClientIdAndSecretAuthenticator.PROVIDER_ID), ClientIdAndSecretAuthenticator.PROVIDER_ID))
.toRepresentation()).addProfile(
(new ClientProfileBuilder()).createProfile(profileBetaName, "Drugi Profil")
.addExecutor(PKCEEnforceExecutorFactory.PROVIDER_ID,
.addExecutor(PKCEEnforcerExecutorFactory.PROVIDER_ID,
createPKCEEnforceExecutorConfig(Boolean.TRUE))
.toRepresentation()
).toString();
@ -491,8 +486,8 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
(new ClientPolicyBuilder()).createPolicy(policyAlphaName, "Pierwsza Zasada", Boolean.TRUE)
.addCondition(ClientRolesConditionFactory.PROVIDER_ID,
createClientRolesConditionConfig(Arrays.asList(roleAlphaName, roleZetaName)))
.addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID,
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER)))
.addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID,
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER)))
.addProfile(profileAlphaName)
.toRepresentation()).addPolicy(
(new ClientPolicyBuilder()).createPolicy(policyBetaName, "Drugi Zasada", Boolean.TRUE)
@ -591,7 +586,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
// register profiles
String json = (new ClientProfilesBuilder()).addProfile(
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Die Erste Politik")
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID, null)
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, null)
.toRepresentation()
).toString();
updateProfiles(json);
@ -604,17 +599,17 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
.toRepresentation()
).addPolicy(
(new ClientPolicyBuilder()).createPolicy("MyPolicy-ClientUpdateSourceGroupsCondition", "Die Zweite Politik", Boolean.TRUE)
.addCondition(ClientUpdateSourceGroupsConditionFactory.PROVIDER_ID, null)
.addCondition(ClientUpdaterSourceGroupsConditionFactory.PROVIDER_ID, null)
.addProfile(PROFILE_NAME)
.toRepresentation()
).addPolicy(
(new ClientPolicyBuilder()).createPolicy("MyPolicy-ClientUpdateSourceRolesCondition", "Die Dritte Politik", Boolean.TRUE)
.addCondition(ClientUpdateSourceRolesConditionFactory.PROVIDER_ID, null)
.addCondition(ClientUpdaterSourceRolesConditionFactory.PROVIDER_ID, null)
.addProfile(PROFILE_NAME)
.toRepresentation()
).addPolicy(
(new ClientPolicyBuilder()).createPolicy("MyPolicy-ClientUpdateContextCondition", "Die Vierte Politik", Boolean.TRUE)
.addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID, null)
.addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID, null)
.addProfile(PROFILE_NAME)
.toRepresentation()
).toString();
@ -638,7 +633,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
// register profiles
String json = (new ClientProfilesBuilder()).addProfile(
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Prvni Profil")
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
createSecureClientAuthEnforceExecutorConfig(
Boolean.FALSE,
Arrays.asList(JWTClientAuthenticator.PROVIDER_ID, JWTClientSecretAuthenticator.PROVIDER_ID, X509ClientAuthenticator.PROVIDER_ID),
@ -651,7 +646,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
// register policies
json = (new ClientPoliciesBuilder()).addPolicy(
(new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Prvni Politika", Boolean.TRUE)
.addCondition(ClientUpdateSourceHostsConditionFactory.PROVIDER_ID,
.addCondition(ClientUpdaterSourceHostsConditionFactory.PROVIDER_ID,
createClientUpdateSourceHostsConditionConfig(Arrays.asList("localhost", "127.0.0.1")))
.addProfile(PROFILE_NAME)
.toRepresentation()
@ -672,7 +667,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
// update policies
json = (new ClientPoliciesBuilder()).addPolicy(
(new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Aktualizovana Prvni Politika", Boolean.TRUE)
.addCondition(ClientUpdateSourceHostsConditionFactory.PROVIDER_ID,
.addCondition(ClientUpdaterSourceHostsConditionFactory.PROVIDER_ID,
createClientUpdateSourceHostsConditionConfig(Arrays.asList("example.com")))
.addProfile(PROFILE_NAME)
.toRepresentation()
@ -693,7 +688,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
// register profiles
String json = (new ClientProfilesBuilder()).addProfile(
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Den Forste Profil")
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
createSecureClientAuthEnforceExecutorConfig(
Boolean.FALSE,
Arrays.asList(JWTClientAuthenticator.PROVIDER_ID),
@ -706,7 +701,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
// register policies
json = (new ClientPoliciesBuilder()).addPolicy(
(new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Den Forste Politik", Boolean.TRUE)
.addCondition(ClientUpdateSourceGroupsConditionFactory.PROVIDER_ID,
.addCondition(ClientUpdaterSourceGroupsConditionFactory.PROVIDER_ID,
createClientUpdateSourceGroupsConditionConfig(Arrays.asList("topGroup")))
.addProfile(PROFILE_NAME)
.toRepresentation()
@ -733,7 +728,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
// register profiles
String json = (new ClientProfilesBuilder()).addProfile(
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Il Primo Profilo")
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
createSecureClientAuthEnforceExecutorConfig(
Boolean.FALSE,
Arrays.asList(JWTClientSecretAuthenticator.PROVIDER_ID),
@ -746,7 +741,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
// register policies
json = (new ClientPoliciesBuilder()).addPolicy(
(new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "La Prima Politica", Boolean.TRUE)
.addCondition(ClientUpdateSourceRolesConditionFactory.PROVIDER_ID,
.addCondition(ClientUpdaterSourceRolesConditionFactory.PROVIDER_ID,
createClientUpdateSourceRolesConditionConfig(Arrays.asList(Constants.REALM_MANAGEMENT_CLIENT_ID + "." + AdminRoles.CREATE_CLIENT)))
.addProfile(PROFILE_NAME)
.toRepresentation()
@ -773,7 +768,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
// register profiles
String json = (new ClientProfilesBuilder()).addProfile(
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Het Eerste Profiel")
.addExecutor(PKCEEnforceExecutorFactory.PROVIDER_ID,
.addExecutor(PKCEEnforcerExecutorFactory.PROVIDER_ID,
createPKCEEnforceExecutorConfig(Boolean.TRUE))
.toRepresentation()
).toString();
@ -1165,7 +1160,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
// register profiles
String json = (new ClientProfilesBuilder()).addProfile(
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Den Forsta Profilen")
.addExecutor(SecureSigningAlgorithmEnforceExecutorFactory.PROVIDER_ID, null)
.addExecutor(SecureSigningAlgorithmExecutorFactory.PROVIDER_ID, null)
.toRepresentation()
).toString();
updateProfiles(json);
@ -1173,11 +1168,11 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
// register policies
json = (new ClientPoliciesBuilder()).addPolicy(
(new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Den Forsta Policyn", Boolean.TRUE)
.addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID,
.addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID,
createClientUpdateContextConditionConfig(Arrays.asList(
ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER,
ClientUpdateContextConditionFactory.BY_INITIAL_ACCESS_TOKEN,
ClientUpdateContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN)))
ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER,
ClientUpdaterContextConditionFactory.BY_INITIAL_ACCESS_TOKEN,
ClientUpdaterContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN)))
.addProfile(PROFILE_NAME)
.toRepresentation()
).toString();
@ -1238,7 +1233,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
// update profiles, ES256 enforced
json = (new ClientProfilesBuilder()).addProfile(
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Den Forsta Profilen")
.addExecutor(SecureSigningAlgorithmEnforceExecutorFactory.PROVIDER_ID,
.addExecutor(SecureSigningAlgorithmExecutorFactory.PROVIDER_ID,
createSecureSigningAlgorithmEnforceExecutorConfig(org.keycloak.crypto.Algorithm.ES256))
.toRepresentation()
).toString();
@ -1262,7 +1257,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
// update profiles, fall back to PS256
json = (new ClientProfilesBuilder()).addProfile(
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Den Forsta Profilen")
.addExecutor(SecureSigningAlgorithmEnforceExecutorFactory.PROVIDER_ID,
.addExecutor(SecureSigningAlgorithmExecutorFactory.PROVIDER_ID,
createSecureSigningAlgorithmEnforceExecutorConfig(org.keycloak.crypto.Algorithm.RS512))
.toRepresentation()
).toString();
@ -1319,7 +1314,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
// update profiles, enforce ES256
json = (new ClientProfilesBuilder()).addProfile(
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Den Forsta Profilen")
.addExecutor(SecureSigningAlgorithmEnforceExecutorFactory.PROVIDER_ID,
.addExecutor(SecureSigningAlgorithmExecutorFactory.PROVIDER_ID,
createSecureSigningAlgorithmEnforceExecutorConfig(org.keycloak.crypto.Algorithm.ES256))
.toRepresentation()
).toString();
@ -1344,7 +1339,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
// register profiles
String json = (new ClientProfilesBuilder()).addProfile(
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Ensimmainen Profiili")
.addExecutor(SecureClientRegisteringUriEnforceExecutorFactory.PROVIDER_ID, null)
.addExecutor(SecureClientUrisExecutorFactory.PROVIDER_ID, null)
.toRepresentation()
).toString();
updateProfiles(json);
@ -1352,11 +1347,11 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
// register policies
json = (new ClientPoliciesBuilder()).addPolicy(
(new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Ensimmainen Politiikka", Boolean.TRUE)
.addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID,
.addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID,
createClientUpdateContextConditionConfig(Arrays.asList(
ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER,
ClientUpdateContextConditionFactory.BY_INITIAL_ACCESS_TOKEN,
ClientUpdateContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN)))
ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER,
ClientUpdaterContextConditionFactory.BY_INITIAL_ACCESS_TOKEN,
ClientUpdaterContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN)))
.addProfile(PROFILE_NAME)
.toRepresentation()
).toString();
@ -1391,10 +1386,10 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
// update policies
json = (new ClientPoliciesBuilder()).addPolicy(
(new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Paivitetyn Ensimmaisen Politiikka", Boolean.TRUE)
.addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID,
.addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID,
createClientUpdateContextConditionConfig(Arrays.asList(
ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER,
ClientUpdateContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN)))
ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER,
ClientUpdaterContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN)))
.addProfile(PROFILE_NAME)
.toRepresentation()
).toString();
@ -1544,7 +1539,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
// register profiles
String json = (new ClientProfilesBuilder()).addProfile(
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Ensimmainen Profiili")
.addExecutor(SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory.PROVIDER_ID, createSecureSigningAlgorithmForSignedJwtEnforceExecutorConfig(Boolean.TRUE)
.addExecutor(SecureSigningAlgorithmForSignedJwtExecutorFactory.PROVIDER_ID, createSecureSigningAlgorithmForSignedJwtEnforceExecutorConfig(Boolean.TRUE)
).toRepresentation()
)
.toString();
@ -1636,7 +1631,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
// register profiles
String json = (new ClientProfilesBuilder()).addProfile(
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Ensimmainen Profiili")
.addExecutor(SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory.PROVIDER_ID, createSecureSigningAlgorithmForSignedJwtEnforceExecutorConfig(Boolean.FALSE))
.addExecutor(SecureSigningAlgorithmForSignedJwtExecutorFactory.PROVIDER_ID, createSecureSigningAlgorithmForSignedJwtEnforceExecutorConfig(Boolean.FALSE))
.toRepresentation()
).toString();
updateProfiles(json);
@ -1697,9 +1692,9 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
// register profiles
String json = (new ClientProfilesBuilder()).addProfile(
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Az Elso Profil")
.addExecutor(HolderOfKeyEnforceExecutorFactory.PROVIDER_ID,
.addExecutor(HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID,
createHolderOfKeyEnforceExecutorConfig(Boolean.TRUE))
.addExecutor(SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory.PROVIDER_ID,
.addExecutor(SecureSigningAlgorithmForSignedJwtExecutorFactory.PROVIDER_ID,
createSecureSigningAlgorithmForSignedJwtEnforceExecutorConfig(Boolean.FALSE))
.toRepresentation()
).toString();
@ -2061,7 +2056,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
String profileName = "MyProfile";
String json = (new ClientProfilesBuilder()).addProfile(
(new ClientProfileBuilder()).createProfile(profileName, "Primum Profile")
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
createSecureClientAuthEnforceExecutorConfig(Boolean.FALSE,
Arrays.asList(JWTClientAuthenticator.PROVIDER_ID, JWTClientSecretAuthenticator.PROVIDER_ID, X509ClientAuthenticator.PROVIDER_ID),
null))
@ -2072,8 +2067,8 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
// register policies
json = (new ClientPoliciesBuilder()).addPolicy(
(new ClientPolicyBuilder()).createPolicy(policyName, "Primum Consilium", Boolean.TRUE)
.addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID,
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER)))
.addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID,
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER)))
.addProfile(profileName)
.toRepresentation()
).toString();
@ -2085,11 +2080,11 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
String profileName = "MyProfile";
String json = (new ClientProfilesBuilder()).addProfile(
(new ClientProfileBuilder()).createProfile(profileName, "Primul Profil")
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
createSecureClientAuthEnforceExecutorConfig(Boolean.TRUE,
Arrays.asList(ClientIdAndSecretAuthenticator.PROVIDER_ID, JWTClientAuthenticator.PROVIDER_ID),
ClientIdAndSecretAuthenticator.PROVIDER_ID))
.addExecutor(PKCEEnforceExecutorFactory.PROVIDER_ID,
.addExecutor(PKCEEnforcerExecutorFactory.PROVIDER_ID,
createPKCEEnforceExecutorConfig(Boolean.TRUE))
.toRepresentation()
).toString();
@ -2100,8 +2095,8 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
(new ClientPolicyBuilder()).createPolicy(policyName, "Prima Politica", Boolean.TRUE)
.addCondition(ClientRolesConditionFactory.PROVIDER_ID,
createClientRolesConditionConfig(Arrays.asList(SAMPLE_CLIENT_ROLE)))
.addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID,
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdateContextConditionFactory.BY_INITIAL_ACCESS_TOKEN)))
.addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID,
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdaterContextConditionFactory.BY_INITIAL_ACCESS_TOKEN)))
.addProfile(profileName)
.toRepresentation()
).toString();

View file

@ -872,18 +872,18 @@ client-profiles.tooltip=Client Profiles applied on this policy
add-profile.placeholder=Add client profile ...
no-client-profiles-configured=No client profiles configured
clientscopes-condition.label=Expected Scopes
clientscopes-condition.tooltip=The list of expected client scopes. Condition evaluates to true if specified client request matches some of the client scopes. It depends also whether it should be default or optional client scope based on the 'Scope Type' configured.
client-scopes-condition.label=Expected Scopes
client-scopes-condition.tooltip=The list of expected client scopes. Condition evaluates to true if specified client request matches some of the client scopes. It depends also whether it should be default or optional client scope based on the 'Scope Type' configured.
client-accesstype.label=Client Access Type
client-accesstype.tooltip=Access Type of the client, for which the condition will be applied.
clientroles-condition.label=Client Roles
clientroles-condition.tooltip=Client roles, which will be checked during this condition evaluation. Condition evaluates to true if client has at least one client role with the name as the client roles specified in the configuration.
clientupdatesourcegroups-condition.label=Groups
clientupdatesourcegroups-condition.tooltip=Name of groups to check. Condition evaluates to true if the entity, who creates/updates client is member of some of the specified groups. Configured groups are specified by their simple name, which must match to the name of the Keycloak group. No support for group hierarchy is used here.
clientupdate-trusted-hosts.label=Trusted hosts
clientupdate-trusted-hosts.tooltip=List of Hosts, which are trusted. In case that client registration/update request comes from the host/domain specified in this configuration, condition evaluates to true. You can use hostnames or IP addresses. If you use star at the beginning (for example '*.example.com' ) then whole domain example.com will be trusted.
clientupdatesourceroles-condition.label=Updating entity role
clientupdatesourceroles-condition.tooltip=The condition is checked during client registration/update requests and it evaluates to true if the entity (usually user), who is creating/updating client is member of the specified role. For reference the realm role, you can use the realm role name like 'my_realm_role' . For reference client role, you can use the client_id.role_name for example 'my_client.my_client_role' will refer to client role 'my_client_role' of client 'my_client'.
client-roles.label=Client Roles
client-roles-condition.tooltip=Client roles, which will be checked during this condition evaluation. Condition evaluates to true if client has at least one client role with the name as the client roles specified in the configuration.
client-updater-source-groups.label=Groups
client-updater-source-groups.tooltip=Name of groups to check. Condition evaluates to true if the entity, who creates/updates client is member of some of the specified groups. Configured groups are specified by their simple name, which must match to the name of the Keycloak group. No support for group hierarchy is used here.
client-updater-trusted-hosts.label=Trusted hosts
client-updater-trusted-hosts.tooltip=List of Hosts, which are trusted. In case that client registration/update request comes from the host/domain specified in this configuration, condition evaluates to true. You can use hostnames or IP addresses. If you use star at the beginning (for example '*.example.com' ) then whole domain example.com will be trusted.
client-updater-source-roles.label=Updating entity role
client-updater-source-roles.tooltip=The condition is checked during client registration/update requests and it evaluates to true if the entity (usually user), who is creating/updating client is member of the specified role. For reference the realm role, you can use the realm role name like 'my_realm_role' . For reference client role, you can use the client_id.role_name for example 'my_client.my_client_role' will refer to client role 'my_client_role' of client 'my_client'.
groups=Groups