KEYCLOAK-18113 Refactor some executor/condition provider IDs
This commit is contained in:
mposolda
Marek Posolda
parent
35601aaaba
commit
b8a7750000
38 changed files with 253 additions and 258 deletions
|
|
@ -30,7 +30,7 @@ import org.keycloak.provider.ProviderConfigProperty;
|
|||
*/
|
||||
public class AnyClientConditionFactory implements ClientPolicyConditionProviderFactory {
|
||||
|
||||
public static final String PROVIDER_ID = "anyclient-condition";
|
||||
public static final String PROVIDER_ID = "any-client";
|
||||
|
||||
@Override
|
||||
public ClientPolicyConditionProvider create(KeycloakSession session) {
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ import org.keycloak.provider.ProviderConfigProperty;
|
|||
*/
|
||||
public class ClientAccessTypeConditionFactory implements ClientPolicyConditionProviderFactory {
|
||||
|
||||
public static final String PROVIDER_ID = "client-accesstype-condition";
|
||||
public static final String PROVIDER_ID = "client-access-type";
|
||||
|
||||
public static final String TYPE = "type";
|
||||
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ import org.keycloak.provider.ProviderConfigProperty;
|
|||
*/
|
||||
public class ClientRolesConditionFactory implements ClientPolicyConditionProviderFactory {
|
||||
|
||||
public static final String PROVIDER_ID = "clientroles-condition";
|
||||
public static final String PROVIDER_ID = "client-roles";
|
||||
|
||||
public static final String ROLES = "roles";
|
||||
|
||||
|
|
@ -38,7 +38,7 @@ public class ClientRolesConditionFactory implements ClientPolicyConditionProvide
|
|||
|
||||
static {
|
||||
ProviderConfigProperty property;
|
||||
property = new ProviderConfigProperty(ROLES, PROVIDER_ID + ".label", PROVIDER_ID + ".tooltip", ProviderConfigProperty.MULTIVALUED_STRING_TYPE, null);
|
||||
property = new ProviderConfigProperty(ROLES, PROVIDER_ID + ".label", PROVIDER_ID + "-condition.tooltip", ProviderConfigProperty.MULTIVALUED_STRING_TYPE, null);
|
||||
configProperties.add(property);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ import org.keycloak.provider.ProviderConfigProperty;
|
|||
*/
|
||||
public class ClientScopesConditionFactory implements ClientPolicyConditionProviderFactory {
|
||||
|
||||
public static final String PROVIDER_ID = "clientscopes-condition";
|
||||
public static final String PROVIDER_ID = "client-scopes";
|
||||
|
||||
public static final String SCOPES = "scopes";
|
||||
public static final String TYPE = "type";
|
||||
|
|
@ -42,7 +42,7 @@ public class ClientScopesConditionFactory implements ClientPolicyConditionProvid
|
|||
private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();
|
||||
|
||||
static {
|
||||
ProviderConfigProperty property = new ProviderConfigProperty(SCOPES, PROVIDER_ID + ".label", PROVIDER_ID + ".tooltip", ProviderConfigProperty.MULTIVALUED_STRING_TYPE, OAuth2Constants.OFFLINE_ACCESS);
|
||||
ProviderConfigProperty property = new ProviderConfigProperty(SCOPES, PROVIDER_ID + "-condition.label", PROVIDER_ID + "-condition.tooltip", ProviderConfigProperty.MULTIVALUED_STRING_TYPE, OAuth2Constants.OFFLINE_ACCESS);
|
||||
configProperties.add(property);
|
||||
property = new ProviderConfigProperty(TYPE, "Scope Type",
|
||||
"If set to 'Default', condition evaluates to true if client has some default scopes of the values specified by the 'Expected Scopes' property. " +
|
||||
|
|
|
|||
|
|
@ -36,11 +36,11 @@ import com.fasterxml.jackson.annotation.JsonProperty;
|
|||
/**
|
||||
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
|
||||
*/
|
||||
public class ClientUpdateContextCondition extends AbstractClientPolicyConditionProvider<ClientUpdateContextCondition.Configuration> {
|
||||
public class ClientUpdaterContextCondition extends AbstractClientPolicyConditionProvider<ClientUpdaterContextCondition.Configuration> {
|
||||
|
||||
private static final Logger logger = Logger.getLogger(ClientUpdateContextCondition.class);
|
||||
private static final Logger logger = Logger.getLogger(ClientUpdaterContextCondition.class);
|
||||
|
||||
public ClientUpdateContextCondition(KeycloakSession session) {
|
||||
public ClientUpdaterContextCondition(KeycloakSession session) {
|
||||
super(session);
|
||||
}
|
||||
|
||||
|
|
@ -65,7 +65,7 @@ public class ClientUpdateContextCondition extends AbstractClientPolicyConditionP
|
|||
|
||||
@Override
|
||||
public String getProviderId() {
|
||||
return ClientUpdateContextConditionFactory.PROVIDER_ID;
|
||||
return ClientUpdaterContextConditionFactory.PROVIDER_ID;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -98,16 +98,16 @@ public class ClientUpdateContextCondition extends AbstractClientPolicyConditionP
|
|||
String authMethod = null;
|
||||
|
||||
if (context.getToken() == null) {
|
||||
authMethod = ClientUpdateContextConditionFactory.BY_ANONYMOUS;
|
||||
authMethod = ClientUpdaterContextConditionFactory.BY_ANONYMOUS;
|
||||
} else if (isInitialAccessToken(context.getToken())) {
|
||||
authMethod = ClientUpdateContextConditionFactory.BY_INITIAL_ACCESS_TOKEN;
|
||||
authMethod = ClientUpdaterContextConditionFactory.BY_INITIAL_ACCESS_TOKEN;
|
||||
} else if (isRegistrationAccessToken(context.getToken())) {
|
||||
authMethod = ClientUpdateContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN;
|
||||
authMethod = ClientUpdaterContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN;
|
||||
} else if (isBearerToken(context.getToken())) {
|
||||
if (context.getAuthenticatedUser() != null || context.getAuthenticatedClient() != null) {
|
||||
authMethod = ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER;
|
||||
authMethod = ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER;
|
||||
} else {
|
||||
authMethod = ClientUpdateContextConditionFactory.BY_ANONYMOUS;
|
||||
authMethod = ClientUpdaterContextConditionFactory.BY_ANONYMOUS;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -29,9 +29,9 @@ import org.keycloak.provider.ProviderConfigProperty;
|
|||
/**
|
||||
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
|
||||
*/
|
||||
public class ClientUpdateContextConditionFactory implements ClientPolicyConditionProviderFactory {
|
||||
public class ClientUpdaterContextConditionFactory implements ClientPolicyConditionProviderFactory {
|
||||
|
||||
public static final String PROVIDER_ID = "clientupdatecontext-condition";
|
||||
public static final String PROVIDER_ID = "client-updater-context";
|
||||
|
||||
public static final String UPDATE_CLIENT_SOURCE = "update-client-source";
|
||||
|
||||
|
|
@ -56,7 +56,7 @@ public class ClientUpdateContextConditionFactory implements ClientPolicyConditio
|
|||
|
||||
@Override
|
||||
public ClientPolicyConditionProvider create(KeycloakSession session) {
|
||||
return new ClientUpdateContextCondition(session);
|
||||
return new ClientUpdaterContextCondition(session);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -41,11 +41,11 @@ import org.keycloak.services.clientpolicy.context.DynamicClientUpdateContext;
|
|||
/**
|
||||
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
|
||||
*/
|
||||
public class ClientUpdateSourceGroupsCondition extends AbstractClientPolicyConditionProvider<ClientUpdateSourceGroupsCondition.Configuration> {
|
||||
public class ClientUpdaterSourceGroupsCondition extends AbstractClientPolicyConditionProvider<ClientUpdaterSourceGroupsCondition.Configuration> {
|
||||
|
||||
private static final Logger logger = Logger.getLogger(ClientUpdateSourceGroupsCondition.class);
|
||||
private static final Logger logger = Logger.getLogger(ClientUpdaterSourceGroupsCondition.class);
|
||||
|
||||
public ClientUpdateSourceGroupsCondition(KeycloakSession session) {
|
||||
public ClientUpdaterSourceGroupsCondition(KeycloakSession session) {
|
||||
super(session);
|
||||
}
|
||||
|
||||
|
|
@ -69,7 +69,7 @@ public class ClientUpdateSourceGroupsCondition extends AbstractClientPolicyCondi
|
|||
|
||||
@Override
|
||||
public String getProviderId() {
|
||||
return ClientUpdateSourceGroupsConditionFactory.PROVIDER_ID;
|
||||
return ClientUpdaterSourceGroupsConditionFactory.PROVIDER_ID;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -28,9 +28,9 @@ import org.keycloak.provider.ProviderConfigProperty;
|
|||
/**
|
||||
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
|
||||
*/
|
||||
public class ClientUpdateSourceGroupsConditionFactory implements ClientPolicyConditionProviderFactory {
|
||||
public class ClientUpdaterSourceGroupsConditionFactory implements ClientPolicyConditionProviderFactory {
|
||||
|
||||
public static final String PROVIDER_ID = "clientupdatesourcegroups-condition";
|
||||
public static final String PROVIDER_ID = "client-updater-source-groups";
|
||||
|
||||
public static final String GROUPS = "groups";
|
||||
|
||||
|
|
@ -44,7 +44,7 @@ public class ClientUpdateSourceGroupsConditionFactory implements ClientPolicyCon
|
|||
|
||||
@Override
|
||||
public ClientPolicyConditionProvider create(KeycloakSession session) {
|
||||
return new ClientUpdateSourceGroupsCondition(session);
|
||||
return new ClientUpdaterSourceGroupsCondition(session);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -35,11 +35,11 @@ import com.fasterxml.jackson.annotation.JsonProperty;
|
|||
/**
|
||||
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
|
||||
*/
|
||||
public class ClientUpdateSourceHostsCondition extends AbstractClientPolicyConditionProvider<ClientUpdateSourceHostsCondition.Configuration> {
|
||||
public class ClientUpdaterSourceHostsCondition extends AbstractClientPolicyConditionProvider<ClientUpdaterSourceHostsCondition.Configuration> {
|
||||
|
||||
private static final Logger logger = Logger.getLogger(ClientUpdateSourceHostsCondition.class);
|
||||
private static final Logger logger = Logger.getLogger(ClientUpdaterSourceHostsCondition.class);
|
||||
|
||||
public ClientUpdateSourceHostsCondition(KeycloakSession session) {
|
||||
public ClientUpdaterSourceHostsCondition(KeycloakSession session) {
|
||||
super(session);
|
||||
}
|
||||
|
||||
|
|
@ -65,7 +65,7 @@ public class ClientUpdateSourceHostsCondition extends AbstractClientPolicyCondit
|
|||
|
||||
@Override
|
||||
public String getProviderId() {
|
||||
return ClientUpdateSourceHostsConditionFactory.PROVIDER_ID;
|
||||
return ClientUpdaterSourceHostsConditionFactory.PROVIDER_ID;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -28,17 +28,18 @@ import org.keycloak.provider.ProviderConfigProperty;
|
|||
/**
|
||||
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
|
||||
*/
|
||||
public class ClientUpdateSourceHostsConditionFactory implements ClientPolicyConditionProviderFactory {
|
||||
public class ClientUpdaterSourceHostsConditionFactory implements ClientPolicyConditionProviderFactory {
|
||||
|
||||
public static final String PROVIDER_ID = "clientupdatesourcehost-condition";
|
||||
public static final String PROVIDER_ID = "client-updater-source-host";
|
||||
|
||||
public static final String TRUSTED_HOSTS = "trusted-hosts";
|
||||
|
||||
private static final ProviderConfigProperty TRUSTED_HOSTS_PROPERTY = new ProviderConfigProperty(TRUSTED_HOSTS, "clientupdate-trusted-hosts.label", "clientupdate-trusted-hosts.tooltip", ProviderConfigProperty.MULTIVALUED_STRING_TYPE, null);
|
||||
private static final ProviderConfigProperty TRUSTED_HOSTS_PROPERTY = new ProviderConfigProperty(TRUSTED_HOSTS, "client-updater-trusted-hosts.label",
|
||||
"client-updater-trusted-hosts.tooltip", ProviderConfigProperty.MULTIVALUED_STRING_TYPE, null);
|
||||
|
||||
@Override
|
||||
public ClientPolicyConditionProvider create(KeycloakSession session) {
|
||||
return new ClientUpdateSourceHostsCondition(session);
|
||||
return new ClientUpdaterSourceHostsCondition(session);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -44,11 +44,11 @@ import org.keycloak.services.clientpolicy.context.DynamicClientUpdateContext;
|
|||
/**
|
||||
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
|
||||
*/
|
||||
public class ClientUpdateSourceRolesCondition extends AbstractClientPolicyConditionProvider<ClientUpdateSourceRolesCondition.Configuration> {
|
||||
public class ClientUpdaterSourceRolesCondition extends AbstractClientPolicyConditionProvider<ClientUpdaterSourceRolesCondition.Configuration> {
|
||||
|
||||
private static final Logger logger = Logger.getLogger(ClientUpdateSourceRolesCondition.class);
|
||||
private static final Logger logger = Logger.getLogger(ClientUpdaterSourceRolesCondition.class);
|
||||
|
||||
public ClientUpdateSourceRolesCondition(KeycloakSession session) {
|
||||
public ClientUpdaterSourceRolesCondition(KeycloakSession session) {
|
||||
super(session);
|
||||
}
|
||||
|
||||
|
|
@ -72,7 +72,7 @@ public class ClientUpdateSourceRolesCondition extends AbstractClientPolicyCondit
|
|||
|
||||
@Override
|
||||
public String getProviderId() {
|
||||
return ClientUpdateSourceRolesConditionFactory.PROVIDER_ID;
|
||||
return ClientUpdaterSourceRolesConditionFactory.PROVIDER_ID;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -28,9 +28,9 @@ import org.keycloak.provider.ProviderConfigProperty;
|
|||
/**
|
||||
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
|
||||
*/
|
||||
public class ClientUpdateSourceRolesConditionFactory implements ClientPolicyConditionProviderFactory {
|
||||
public class ClientUpdaterSourceRolesConditionFactory implements ClientPolicyConditionProviderFactory {
|
||||
|
||||
public static final String PROVIDER_ID = "clientupdatesourceroles-condition";
|
||||
public static final String PROVIDER_ID = "client-updater-source-roles";
|
||||
|
||||
public static final String ROLES = "roles";
|
||||
|
||||
|
|
@ -44,7 +44,7 @@ public class ClientUpdateSourceRolesConditionFactory implements ClientPolicyCond
|
|||
|
||||
@Override
|
||||
public ClientPolicyConditionProvider create(KeycloakSession session) {
|
||||
return new ClientUpdateSourceRolesCondition(session);
|
||||
return new ClientUpdaterSourceRolesCondition(session);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -29,7 +29,7 @@ import org.keycloak.provider.ProviderConfigProperty;
|
|||
*/
|
||||
public class ConfidentialClientAcceptExecutorFactory implements ClientPolicyExecutorProviderFactory {
|
||||
|
||||
public static final String PROVIDER_ID = "confidentialclient-accept-executor";
|
||||
public static final String PROVIDER_ID = "confidential-client";
|
||||
|
||||
@Override
|
||||
public ClientPolicyExecutorProvider create(KeycloakSession session) {
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ import org.keycloak.provider.ProviderConfigProperty;
|
|||
*/
|
||||
public class ConsentRequiredExecutorFactory implements ClientPolicyExecutorProviderFactory {
|
||||
|
||||
public static final String PROVIDER_ID = "consent-required-executor";
|
||||
public static final String PROVIDER_ID = "consent-required";
|
||||
|
||||
@Override
|
||||
public ClientPolicyExecutorProvider create(KeycloakSession session) {
|
||||
|
|
|
|||
|
|
@ -42,12 +42,12 @@ import com.fasterxml.jackson.annotation.JsonProperty;
|
|||
import javax.ws.rs.core.MultivaluedMap;
|
||||
import javax.ws.rs.core.Response;
|
||||
|
||||
public class HolderOfKeyEnforceExecutor implements ClientPolicyExecutorProvider<HolderOfKeyEnforceExecutor.Configuration> {
|
||||
public class HolderOfKeyEnforcerExecutor implements ClientPolicyExecutorProvider<HolderOfKeyEnforcerExecutor.Configuration> {
|
||||
|
||||
private final KeycloakSession session;
|
||||
private Configuration configuration;
|
||||
|
||||
public HolderOfKeyEnforceExecutor(KeycloakSession session) {
|
||||
public HolderOfKeyEnforcerExecutor(KeycloakSession session) {
|
||||
this.session = session;
|
||||
}
|
||||
|
||||
|
|
@ -76,7 +76,7 @@ public class HolderOfKeyEnforceExecutor implements ClientPolicyExecutorProvider<
|
|||
|
||||
@Override
|
||||
public String getProviderId() {
|
||||
return HolderOfKeyEnforceExecutorFactory.PROVIDER_ID;
|
||||
return HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -26,9 +26,9 @@ import java.util.ArrayList;
|
|||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
public class HolderOfKeyEnforceExecutorFactory implements ClientPolicyExecutorProviderFactory {
|
||||
public class HolderOfKeyEnforcerExecutorFactory implements ClientPolicyExecutorProviderFactory {
|
||||
|
||||
public static final String PROVIDER_ID = "holder-of-key-enforce-executor";
|
||||
public static final String PROVIDER_ID = "holder-of-key-enforcer";
|
||||
|
||||
public static final String IS_AUGMENT = "is-augment";
|
||||
|
||||
|
|
@ -37,7 +37,7 @@ public class HolderOfKeyEnforceExecutorFactory implements ClientPolicyExecutorPr
|
|||
|
||||
@Override
|
||||
public ClientPolicyExecutorProvider create(KeycloakSession session) {
|
||||
return new HolderOfKeyEnforceExecutor(session);
|
||||
return new HolderOfKeyEnforcerExecutor(session);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -48,7 +48,7 @@ import com.fasterxml.jackson.annotation.JsonProperty;
|
|||
/**
|
||||
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
|
||||
*/
|
||||
public class PKCEEnforceExecutor implements ClientPolicyExecutorProvider<PKCEEnforceExecutor.Configuration> {
|
||||
public class PKCEEnforcerExecutor implements ClientPolicyExecutorProvider<PKCEEnforcerExecutor.Configuration> {
|
||||
|
||||
private static final Pattern VALID_CODE_CHALLENGE_PATTERN = Pattern.compile("^[0-9a-zA-Z\\-\\.~_]+$");
|
||||
private static final Pattern VALID_CODE_VERIFIER_PATTERN = Pattern.compile("^[0-9a-zA-Z\\-\\.~_]+$");
|
||||
|
|
@ -56,7 +56,7 @@ public class PKCEEnforceExecutor implements ClientPolicyExecutorProvider<PKCEEnf
|
|||
private final KeycloakSession session;
|
||||
private Configuration configuration;
|
||||
|
||||
public PKCEEnforceExecutor(KeycloakSession session) {
|
||||
public PKCEEnforcerExecutor(KeycloakSession session) {
|
||||
this.session = session;
|
||||
}
|
||||
|
||||
|
|
@ -85,7 +85,7 @@ public class PKCEEnforceExecutor implements ClientPolicyExecutorProvider<PKCEEnf
|
|||
|
||||
@Override
|
||||
public String getProviderId() {
|
||||
return PKCEEnforceExecutorFactory.PROVIDER_ID;
|
||||
return PKCEEnforcerExecutorFactory.PROVIDER_ID;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -29,9 +29,9 @@ import org.keycloak.provider.ProviderConfigProperty;
|
|||
/**
|
||||
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
|
||||
*/
|
||||
public class PKCEEnforceExecutorFactory implements ClientPolicyExecutorProviderFactory {
|
||||
public class PKCEEnforcerExecutorFactory implements ClientPolicyExecutorProviderFactory {
|
||||
|
||||
public static final String PROVIDER_ID = "pkce-enforce-executor";
|
||||
public static final String PROVIDER_ID = "pkce-enforcer";
|
||||
|
||||
public static final String IS_AUGMENT = "is-augment";
|
||||
|
||||
|
|
@ -40,7 +40,7 @@ public class PKCEEnforceExecutorFactory implements ClientPolicyExecutorProviderF
|
|||
|
||||
@Override
|
||||
public ClientPolicyExecutorProvider create(KeycloakSession session) {
|
||||
return new PKCEEnforceExecutor(session);
|
||||
return new PKCEEnforcerExecutor(session);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -32,17 +32,17 @@ import com.fasterxml.jackson.annotation.JsonProperty;
|
|||
/**
|
||||
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
|
||||
*/
|
||||
public class SecureClientAuthEnforceExecutor implements ClientPolicyExecutorProvider<SecureClientAuthEnforceExecutor.Configuration> {
|
||||
public class SecureClientAuthenticatorExecutor implements ClientPolicyExecutorProvider<SecureClientAuthenticatorExecutor.Configuration> {
|
||||
|
||||
private final KeycloakSession session;
|
||||
private Configuration configuration;
|
||||
|
||||
public SecureClientAuthEnforceExecutor(KeycloakSession session) {
|
||||
public SecureClientAuthenticatorExecutor(KeycloakSession session) {
|
||||
this.session = session;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setupConfiguration(SecureClientAuthEnforceExecutor.Configuration config) {
|
||||
public void setupConfiguration(SecureClientAuthenticatorExecutor.Configuration config) {
|
||||
this.configuration = config;
|
||||
}
|
||||
|
||||
|
|
@ -86,7 +86,7 @@ public class SecureClientAuthEnforceExecutor implements ClientPolicyExecutorProv
|
|||
|
||||
@Override
|
||||
public String getProviderId() {
|
||||
return SecureClientAuthEnforceExecutorFactory.PROVIDER_ID;
|
||||
return SecureClientAuthenticatorExecutorFactory.PROVIDER_ID;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -33,9 +33,9 @@ import org.keycloak.provider.ProviderFactory;
|
|||
/**
|
||||
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
|
||||
*/
|
||||
public class SecureClientAuthEnforceExecutorFactory implements ClientPolicyExecutorProviderFactory {
|
||||
public class SecureClientAuthenticatorExecutorFactory implements ClientPolicyExecutorProviderFactory {
|
||||
|
||||
public static final String PROVIDER_ID = "secure-client-authn-executor";
|
||||
public static final String PROVIDER_ID = "secure-client-authenticator";
|
||||
|
||||
public static final String IS_AUGMENT = "is-augment";
|
||||
public static final String CLIENT_AUTHNS = "client-authns";
|
||||
|
|
@ -45,7 +45,7 @@ public class SecureClientAuthEnforceExecutorFactory implements ClientPolicyExecu
|
|||
|
||||
@Override
|
||||
public ClientPolicyExecutorProvider create(KeycloakSession session) {
|
||||
return new SecureClientAuthEnforceExecutor(session);
|
||||
return new SecureClientAuthenticatorExecutor(session);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -41,19 +41,19 @@ import org.keycloak.services.clientpolicy.context.DynamicClientUpdateContext;
|
|||
/**
|
||||
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
|
||||
*/
|
||||
public class SecureClientRegisteringUriEnforceExecutor implements ClientPolicyExecutorProvider<ClientPolicyExecutorConfigurationRepresentation> {
|
||||
public class SecureClientUrisExecutor implements ClientPolicyExecutorProvider<ClientPolicyExecutorConfigurationRepresentation> {
|
||||
|
||||
private static final Logger logger = Logger.getLogger(SecureClientRegisteringUriEnforceExecutor.class);
|
||||
private static final Logger logger = Logger.getLogger(SecureClientUrisExecutor.class);
|
||||
|
||||
private final KeycloakSession session;
|
||||
|
||||
public SecureClientRegisteringUriEnforceExecutor(KeycloakSession session) {
|
||||
public SecureClientUrisExecutor(KeycloakSession session) {
|
||||
this.session = session;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getProviderId() {
|
||||
return SecureClientRegisteringUriEnforceExecutorFactory.PROVIDER_ID;
|
||||
return SecureClientUrisExecutorFactory.PROVIDER_ID;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -28,13 +28,13 @@ import org.keycloak.provider.ProviderConfigProperty;
|
|||
/**
|
||||
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
|
||||
*/
|
||||
public class SecureClientRegisteringUriEnforceExecutorFactory implements ClientPolicyExecutorProviderFactory {
|
||||
public class SecureClientUrisExecutorFactory implements ClientPolicyExecutorProviderFactory {
|
||||
|
||||
public static final String PROVIDER_ID = "secure-clienturi-enforce-executor";
|
||||
public static final String PROVIDER_ID = "secure-client-uris";
|
||||
|
||||
@Override
|
||||
public ClientPolicyExecutorProvider create(KeycloakSession session) {
|
||||
return new SecureClientRegisteringUriEnforceExecutor(session);
|
||||
return new SecureClientUrisExecutor(session);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -32,7 +32,7 @@ import org.keycloak.provider.ProviderConfigProperty;
|
|||
*/
|
||||
public class SecureRequestObjectExecutorFactory implements ClientPolicyExecutorProviderFactory {
|
||||
|
||||
public static final String PROVIDER_ID = "secure-reqobj-executor";
|
||||
public static final String PROVIDER_ID = "secure-request-object";
|
||||
|
||||
public static final String VERIFY_NBF = "verify-nbf";
|
||||
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ import org.keycloak.provider.ProviderConfigProperty;
|
|||
*/
|
||||
public class SecureResponseTypeExecutorFactory implements ClientPolicyExecutorProviderFactory {
|
||||
|
||||
public static final String PROVIDER_ID = "secure-responsetype-executor";
|
||||
public static final String PROVIDER_ID = "secure-response-type";
|
||||
|
||||
@Override
|
||||
public ClientPolicyExecutorProvider create(KeycloakSession session) {
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ import org.keycloak.provider.ProviderConfigProperty;
|
|||
*/
|
||||
public class SecureSessionEnforceExecutorFactory implements ClientPolicyExecutorProviderFactory {
|
||||
|
||||
public static final String PROVIDER_ID = "secure-session-enforce-executor";
|
||||
public static final String PROVIDER_ID = "secure-session";
|
||||
|
||||
@Override
|
||||
public ClientPolicyExecutorProvider create(KeycloakSession session) {
|
||||
|
|
@ -56,7 +56,7 @@ public class SecureSessionEnforceExecutorFactory implements ClientPolicyExecutor
|
|||
|
||||
@Override
|
||||
public String getHelpText() {
|
||||
return "To prevent CSRF, it refuses the client's authorization request which lacks nonce in OIDC flow or state in OAuth2 grant.";
|
||||
return "To prevent CSRF, it refuses the client's authorization request which lacks 'nonce' parameter in OIDC flow or 'state' parameter in OAuth2 grant.";
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -45,9 +45,9 @@ import com.fasterxml.jackson.annotation.JsonProperty;
|
|||
/**
|
||||
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
|
||||
*/
|
||||
public class SecureSigningAlgorithmEnforceExecutor implements ClientPolicyExecutorProvider<SecureSigningAlgorithmEnforceExecutor.Configuration> {
|
||||
public class SecureSigningAlgorithmExecutor implements ClientPolicyExecutorProvider<SecureSigningAlgorithmExecutor.Configuration> {
|
||||
|
||||
private static final Logger logger = Logger.getLogger(SecureSigningAlgorithmEnforceExecutor.class);
|
||||
private static final Logger logger = Logger.getLogger(SecureSigningAlgorithmExecutor.class);
|
||||
|
||||
private final KeycloakSession session;
|
||||
private Configuration configuration;
|
||||
|
|
@ -72,17 +72,17 @@ public class SecureSigningAlgorithmEnforceExecutor implements ClientPolicyExecut
|
|||
Algorithm.ES512
|
||||
));
|
||||
|
||||
public SecureSigningAlgorithmEnforceExecutor(KeycloakSession session) {
|
||||
public SecureSigningAlgorithmExecutor(KeycloakSession session) {
|
||||
this.session = session;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getProviderId() {
|
||||
return SecureSigningAlgorithmEnforceExecutorFactory.PROVIDER_ID;
|
||||
return SecureSigningAlgorithmExecutorFactory.PROVIDER_ID;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setupConfiguration(SecureSigningAlgorithmEnforceExecutor.Configuration config) {
|
||||
public void setupConfiguration(SecureSigningAlgorithmExecutor.Configuration config) {
|
||||
this.configuration = Optional.ofNullable(config).orElse(createDefaultConfiguration());
|
||||
if (config.getDefaultAlgorithm() == null || !isSecureAlgorithm(config.getDefaultAlgorithm())) config.setDefaultAlgorithm(DEFAULT_ALGORITHM_VALUE);
|
||||
}
|
||||
|
|
@ -31,19 +31,19 @@ import org.keycloak.provider.ProviderConfigProperty;
|
|||
/**
|
||||
* @author <a href="mailto:takashi.norimatsu.ws@hitachi.com">Takashi Norimatsu</a>
|
||||
*/
|
||||
public class SecureSigningAlgorithmEnforceExecutorFactory implements ClientPolicyExecutorProviderFactory {
|
||||
public class SecureSigningAlgorithmExecutorFactory implements ClientPolicyExecutorProviderFactory {
|
||||
|
||||
public static final String PROVIDER_ID = "securesignalg-enforce-executor";
|
||||
public static final String PROVIDER_ID = "secure-signature-algorithm";
|
||||
|
||||
public static final String DEFAULT_ALGORITHM = "default-algorithm";
|
||||
|
||||
private static final ProviderConfigProperty DEFAULT_ALGORITHM_PROPERTY = new ProviderConfigProperty(
|
||||
DEFAULT_ALGORITHM, "Default Algorithm", "Default signature algorithm, which will be set to clients during client registration/update in case that client does not specify any algorithm",
|
||||
ProviderConfigProperty.LIST_TYPE, Algorithm.PS256, new LinkedList<>(SecureSigningAlgorithmEnforceExecutor.ALLOWED_ALGORITHMS).toArray(new String[] {}));
|
||||
ProviderConfigProperty.LIST_TYPE, Algorithm.PS256, new LinkedList<>(SecureSigningAlgorithmExecutor.ALLOWED_ALGORITHMS).toArray(new String[] {}));
|
||||
|
||||
@Override
|
||||
public ClientPolicyExecutorProvider create(KeycloakSession session) {
|
||||
return new SecureSigningAlgorithmEnforceExecutor(session);
|
||||
return new SecureSigningAlgorithmExecutor(session);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -34,19 +34,19 @@ import org.keycloak.services.clientpolicy.ClientPolicyException;
|
|||
|
||||
import com.fasterxml.jackson.annotation.JsonProperty;
|
||||
|
||||
public class SecureSigningAlgorithmForSignedJwtEnforceExecutor implements ClientPolicyExecutorProvider<SecureSigningAlgorithmForSignedJwtEnforceExecutor.Configuration> {
|
||||
public class SecureSigningAlgorithmForSignedJwtExecutor implements ClientPolicyExecutorProvider<SecureSigningAlgorithmForSignedJwtExecutor.Configuration> {
|
||||
|
||||
private static final Logger logger = Logger.getLogger(SecureSigningAlgorithmForSignedJwtEnforceExecutor.class);
|
||||
private static final Logger logger = Logger.getLogger(SecureSigningAlgorithmForSignedJwtExecutor.class);
|
||||
|
||||
private final KeycloakSession session;
|
||||
private Configuration configuration;
|
||||
|
||||
public SecureSigningAlgorithmForSignedJwtEnforceExecutor(KeycloakSession session) {
|
||||
public SecureSigningAlgorithmForSignedJwtExecutor(KeycloakSession session) {
|
||||
this.session = session;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setupConfiguration(SecureSigningAlgorithmForSignedJwtEnforceExecutor.Configuration config) {
|
||||
public void setupConfiguration(SecureSigningAlgorithmForSignedJwtExecutor.Configuration config) {
|
||||
this.configuration = config;
|
||||
}
|
||||
|
||||
|
|
@ -57,7 +57,7 @@ public class SecureSigningAlgorithmForSignedJwtEnforceExecutor implements Client
|
|||
|
||||
@Override
|
||||
public String getProviderId() {
|
||||
return SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory.PROVIDER_ID;
|
||||
return SecureSigningAlgorithmForSignedJwtExecutorFactory.PROVIDER_ID;
|
||||
}
|
||||
|
||||
public static class Configuration extends ClientPolicyExecutorConfigurationRepresentation {
|
||||
|
|
@ -24,12 +24,11 @@ import org.keycloak.provider.ProviderConfigProperty;
|
|||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
|
||||
public class SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory implements ClientPolicyExecutorProviderFactory {
|
||||
public class SecureSigningAlgorithmForSignedJwtExecutorFactory implements ClientPolicyExecutorProviderFactory {
|
||||
|
||||
public static final String PROVIDER_ID = "securesignalgjwt-enforce-executor";
|
||||
public static final String PROVIDER_ID = "secure-signature-algorithm-signed-jwt";
|
||||
|
||||
public static final String REQUIRE_CLIENT_ASSERTION = "require-client-assertion";
|
||||
|
||||
|
|
@ -38,7 +37,7 @@ public class SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory implements
|
|||
|
||||
@Override
|
||||
public ClientPolicyExecutorProvider create(KeycloakSession session) {
|
||||
return new SecureSigningAlgorithmForSignedJwtEnforceExecutor(session);
|
||||
return new SecureSigningAlgorithmForSignedJwtExecutor(session);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -1,8 +1,8 @@
|
|||
org.keycloak.services.clientpolicy.condition.ClientUpdateContextConditionFactory
|
||||
org.keycloak.services.clientpolicy.condition.ClientUpdaterContextConditionFactory
|
||||
org.keycloak.services.clientpolicy.condition.ClientRolesConditionFactory
|
||||
org.keycloak.services.clientpolicy.condition.ClientScopesConditionFactory
|
||||
org.keycloak.services.clientpolicy.condition.ClientAccessTypeConditionFactory
|
||||
org.keycloak.services.clientpolicy.condition.ClientUpdateSourceHostsConditionFactory
|
||||
org.keycloak.services.clientpolicy.condition.ClientUpdateSourceGroupsConditionFactory
|
||||
org.keycloak.services.clientpolicy.condition.ClientUpdateSourceRolesConditionFactory
|
||||
org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceHostsConditionFactory
|
||||
org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceGroupsConditionFactory
|
||||
org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceRolesConditionFactory
|
||||
org.keycloak.services.clientpolicy.condition.AnyClientConditionFactory
|
||||
|
|
@ -1,11 +1,11 @@
|
|||
org.keycloak.services.clientpolicy.executor.SecureResponseTypeExecutorFactory
|
||||
org.keycloak.services.clientpolicy.executor.SecureRequestObjectExecutorFactory
|
||||
org.keycloak.services.clientpolicy.executor.SecureClientAuthEnforceExecutorFactory
|
||||
org.keycloak.services.clientpolicy.executor.PKCEEnforceExecutorFactory
|
||||
org.keycloak.services.clientpolicy.executor.SecureClientAuthenticatorExecutorFactory
|
||||
org.keycloak.services.clientpolicy.executor.PKCEEnforcerExecutorFactory
|
||||
org.keycloak.services.clientpolicy.executor.SecureSessionEnforceExecutorFactory
|
||||
org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmEnforceExecutorFactory
|
||||
org.keycloak.services.clientpolicy.executor.SecureClientRegisteringUriEnforceExecutorFactory
|
||||
org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory
|
||||
org.keycloak.services.clientpolicy.executor.HolderOfKeyEnforceExecutorFactory
|
||||
org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmExecutorFactory
|
||||
org.keycloak.services.clientpolicy.executor.SecureClientUrisExecutorFactory
|
||||
org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtExecutorFactory
|
||||
org.keycloak.services.clientpolicy.executor.HolderOfKeyEnforcerExecutorFactory
|
||||
org.keycloak.services.clientpolicy.executor.ConfidentialClientAcceptExecutorFactory
|
||||
org.keycloak.services.clientpolicy.executor.ConsentRequiredExecutorFactory
|
||||
|
|
@ -5,7 +5,7 @@
|
|||
"description": "The global default profile for enforcing basic security level to clients.",
|
||||
"executors": [
|
||||
{
|
||||
"executor": "secure-session-enforce-executor",
|
||||
"executor": "secure-session",
|
||||
"configuration": {}
|
||||
}
|
||||
]
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ import org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvide
|
|||
*/
|
||||
public class TestRaiseExeptionConditionFactory implements ClientPolicyConditionProviderFactory {
|
||||
|
||||
public static final String PROVIDER_ID = "test-raise-exception-condition";
|
||||
public static final String PROVIDER_ID = "test-raise-exception";
|
||||
|
||||
@Override
|
||||
public ClientPolicyConditionProvider create(KeycloakSession session) {
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ import org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProviderF
|
|||
|
||||
public class TestRaiseExeptionExecutorFactory implements ClientPolicyExecutorProviderFactory {
|
||||
|
||||
public static final String PROVIDER_ID = "test-raise-exception-executor";
|
||||
public static final String PROVIDER_ID = "test-raise-exception";
|
||||
|
||||
@Override
|
||||
public ClientPolicyExecutorProvider create(KeycloakSession session) {
|
||||
|
|
|
|||
|
|
@ -116,29 +116,29 @@ import org.keycloak.services.clientpolicy.condition.ClientRolesCondition;
|
|||
import org.keycloak.services.clientpolicy.condition.ClientRolesConditionFactory;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientScopesCondition;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientScopesConditionFactory;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientUpdateContextCondition;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientUpdateContextConditionFactory;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientUpdateSourceGroupsCondition;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientUpdateSourceGroupsConditionFactory;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientUpdateSourceHostsCondition;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientUpdateSourceHostsConditionFactory;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientUpdateSourceRolesCondition;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientUpdateSourceRolesConditionFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.HolderOfKeyEnforceExecutor;
|
||||
import org.keycloak.services.clientpolicy.executor.HolderOfKeyEnforceExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.PKCEEnforceExecutor;
|
||||
import org.keycloak.services.clientpolicy.executor.PKCEEnforceExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureClientAuthEnforceExecutor;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureClientAuthEnforceExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureClientRegisteringUriEnforceExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientUpdaterContextCondition;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientUpdaterContextConditionFactory;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceGroupsCondition;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceGroupsConditionFactory;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceHostsCondition;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceHostsConditionFactory;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceRolesCondition;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceRolesConditionFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.HolderOfKeyEnforcerExecutor;
|
||||
import org.keycloak.services.clientpolicy.executor.HolderOfKeyEnforcerExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.PKCEEnforcerExecutor;
|
||||
import org.keycloak.services.clientpolicy.executor.PKCEEnforcerExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureClientAuthenticatorExecutor;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureClientAuthenticatorExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureClientUrisExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureRequestObjectExecutor;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureRequestObjectExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureResponseTypeExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureSessionEnforceExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmEnforceExecutor;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmEnforceExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtEnforceExecutor;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmExecutor;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtExecutor;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtExecutorFactory;
|
||||
import org.keycloak.testsuite.AbstractKeycloakTest;
|
||||
import org.keycloak.testsuite.Assert;
|
||||
import org.keycloak.testsuite.AssertEvents;
|
||||
|
|
@ -206,7 +206,7 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
|
|||
protected void setupValidProfilesAndPolicies() throws Exception {
|
||||
// load profiles
|
||||
ClientProfileRepresentation loadedProfileRep = (new ClientProfileBuilder()).createProfile("ordinal-test-profile", "The profile that can be loaded.")
|
||||
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
|
||||
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
|
||||
createSecureClientAuthEnforceExecutorConfig(
|
||||
Boolean.TRUE,
|
||||
Arrays.asList(JWTClientAuthenticator.PROVIDER_ID),
|
||||
|
|
@ -214,19 +214,19 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
|
|||
.toRepresentation();
|
||||
|
||||
ClientProfileRepresentation loadedProfileRepWithoutBuiltinField = (new ClientProfileBuilder()).createProfile("lack-of-builtin-field-test-profile", "Without builtin field that is treated as builtin=false.")
|
||||
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
|
||||
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
|
||||
createSecureClientAuthEnforceExecutorConfig(
|
||||
Boolean.TRUE,
|
||||
Arrays.asList(JWTClientAuthenticator.PROVIDER_ID),
|
||||
JWTClientAuthenticator.PROVIDER_ID))
|
||||
.addExecutor(HolderOfKeyEnforceExecutorFactory.PROVIDER_ID,
|
||||
.addExecutor(HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID,
|
||||
createHolderOfKeyEnforceExecutorConfig(Boolean.TRUE))
|
||||
.addExecutor(SecureClientRegisteringUriEnforceExecutorFactory.PROVIDER_ID, null)
|
||||
.addExecutor(SecureClientUrisExecutorFactory.PROVIDER_ID, null)
|
||||
.addExecutor(SecureRequestObjectExecutorFactory.PROVIDER_ID, null)
|
||||
.addExecutor(SecureResponseTypeExecutorFactory.PROVIDER_ID, null)
|
||||
.addExecutor(SecureSessionEnforceExecutorFactory.PROVIDER_ID, null)
|
||||
.addExecutor(SecureSigningAlgorithmEnforceExecutorFactory.PROVIDER_ID, null)
|
||||
.addExecutor(SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory.PROVIDER_ID, null)
|
||||
.addExecutor(SecureSigningAlgorithmExecutorFactory.PROVIDER_ID, null)
|
||||
.addExecutor(SecureSigningAlgorithmForSignedJwtExecutorFactory.PROVIDER_ID, null)
|
||||
.toRepresentation();
|
||||
|
||||
String json = (new ClientProfilesBuilder())
|
||||
|
|
@ -259,13 +259,13 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
|
|||
"lack-of-builtin-field-test-policy",
|
||||
"Without builtin field that is treated as builtin=false.",
|
||||
null)
|
||||
.addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID,
|
||||
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER)))
|
||||
.addCondition(ClientUpdateSourceGroupsConditionFactory.PROVIDER_ID,
|
||||
.addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID,
|
||||
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER)))
|
||||
.addCondition(ClientUpdaterSourceGroupsConditionFactory.PROVIDER_ID,
|
||||
createClientUpdateSourceGroupsConditionConfig(Arrays.asList("topGroup")))
|
||||
.addCondition(ClientUpdateSourceHostsConditionFactory.PROVIDER_ID,
|
||||
.addCondition(ClientUpdaterSourceHostsConditionFactory.PROVIDER_ID,
|
||||
createClientUpdateSourceHostsConditionConfig(Arrays.asList("localhost", "127.0.0.1")))
|
||||
.addCondition(ClientUpdateSourceRolesConditionFactory.PROVIDER_ID,
|
||||
.addCondition(ClientUpdaterSourceRolesConditionFactory.PROVIDER_ID,
|
||||
createClientUpdateSourceRolesConditionConfig(Arrays.asList(AdminRoles.CREATE_CLIENT)))
|
||||
.addProfile("lack-of-builtin-field-test-profile")
|
||||
.toRepresentation();
|
||||
|
|
@ -300,7 +300,7 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
|
|||
modifiedAssertion.accept(actualProfilesRep);
|
||||
|
||||
// each executor
|
||||
assertExpectedExecutors(Arrays.asList(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID), actualProfileRep);
|
||||
assertExpectedExecutors(Arrays.asList(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID), actualProfileRep);
|
||||
assertExpectedSecureClientAuthEnforceExecutor(Arrays.asList(JWTClientAuthenticator.PROVIDER_ID), true, JWTClientAuthenticator.PROVIDER_ID, actualProfileRep);
|
||||
|
||||
// each profile - lack-of-builtin-field-test-profile
|
||||
|
|
@ -309,14 +309,14 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
|
|||
|
||||
// each executor
|
||||
assertExpectedExecutors(Arrays.asList(
|
||||
SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
|
||||
HolderOfKeyEnforceExecutorFactory.PROVIDER_ID,
|
||||
SecureClientRegisteringUriEnforceExecutorFactory.PROVIDER_ID,
|
||||
SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
|
||||
HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID,
|
||||
SecureClientUrisExecutorFactory.PROVIDER_ID,
|
||||
SecureRequestObjectExecutorFactory.PROVIDER_ID,
|
||||
SecureResponseTypeExecutorFactory.PROVIDER_ID,
|
||||
SecureSessionEnforceExecutorFactory.PROVIDER_ID,
|
||||
SecureSigningAlgorithmEnforceExecutorFactory.PROVIDER_ID,
|
||||
SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory.PROVIDER_ID), actualProfileRep);
|
||||
SecureSigningAlgorithmExecutorFactory.PROVIDER_ID,
|
||||
SecureSigningAlgorithmForSignedJwtExecutorFactory.PROVIDER_ID), actualProfileRep);
|
||||
assertExpectedSecureClientAuthEnforceExecutor(Arrays.asList(JWTClientAuthenticator.PROVIDER_ID), true, JWTClientAuthenticator.PROVIDER_ID, actualProfileRep);
|
||||
assertExpectedHolderOfKeyEnforceExecutor(true, actualProfileRep);
|
||||
assertExpectedSecureRedirectUriEnforceExecutor(actualProfileRep);
|
||||
|
|
@ -350,8 +350,8 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
|
|||
assertExpectedPolicy("lack-of-builtin-field-test-policy", "Without builtin field that is treated as builtin=false.", false, Arrays.asList("lack-of-builtin-field-test-profile"), actualPolicyRep);
|
||||
|
||||
// each condition
|
||||
assertExpectedConditions(Arrays.asList(ClientUpdateContextConditionFactory.PROVIDER_ID, ClientUpdateSourceGroupsConditionFactory.PROVIDER_ID, ClientUpdateSourceHostsConditionFactory.PROVIDER_ID, ClientUpdateSourceRolesConditionFactory.PROVIDER_ID), actualPolicyRep);
|
||||
assertExpectedClientUpdateContextCondition(Arrays.asList(ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER), actualPolicyRep);
|
||||
assertExpectedConditions(Arrays.asList(ClientUpdaterContextConditionFactory.PROVIDER_ID, ClientUpdaterSourceGroupsConditionFactory.PROVIDER_ID, ClientUpdaterSourceHostsConditionFactory.PROVIDER_ID, ClientUpdaterSourceRolesConditionFactory.PROVIDER_ID), actualPolicyRep);
|
||||
assertExpectedClientUpdateContextCondition(Arrays.asList(ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER), actualPolicyRep);
|
||||
assertExpectedClientUpdateSourceGroupsCondition(Arrays.asList("topGroup"), actualPolicyRep);
|
||||
assertExpectedClientUpdateSourceHostsCondition(Arrays.asList("localhost", "127.0.0.1"), actualPolicyRep);
|
||||
assertExpectedClientUpdateSourceRolesCondition(Arrays.asList(AdminRoles.CREATE_CLIENT), actualPolicyRep);
|
||||
|
|
@ -835,20 +835,20 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
|
|||
|
||||
// Client Profiles - Executor CRUD Operations
|
||||
|
||||
protected HolderOfKeyEnforceExecutor.Configuration createHolderOfKeyEnforceExecutorConfig(Boolean isAugment) {
|
||||
HolderOfKeyEnforceExecutor.Configuration config = new HolderOfKeyEnforceExecutor.Configuration();
|
||||
protected HolderOfKeyEnforcerExecutor.Configuration createHolderOfKeyEnforceExecutorConfig(Boolean isAugment) {
|
||||
HolderOfKeyEnforcerExecutor.Configuration config = new HolderOfKeyEnforcerExecutor.Configuration();
|
||||
config.setAugment(isAugment);
|
||||
return config;
|
||||
}
|
||||
|
||||
protected PKCEEnforceExecutor.Configuration createPKCEEnforceExecutorConfig(Boolean isAugment) {
|
||||
PKCEEnforceExecutor.Configuration config = new PKCEEnforceExecutor.Configuration();
|
||||
protected PKCEEnforcerExecutor.Configuration createPKCEEnforceExecutorConfig(Boolean isAugment) {
|
||||
PKCEEnforcerExecutor.Configuration config = new PKCEEnforcerExecutor.Configuration();
|
||||
config.setAugment(isAugment);
|
||||
return config;
|
||||
}
|
||||
|
||||
protected SecureClientAuthEnforceExecutor.Configuration createSecureClientAuthEnforceExecutorConfig(Boolean isAugment, List<String> clientAuthns, String clientAuthnsAugment) {
|
||||
SecureClientAuthEnforceExecutor.Configuration config = new SecureClientAuthEnforceExecutor.Configuration();
|
||||
protected SecureClientAuthenticatorExecutor.Configuration createSecureClientAuthEnforceExecutorConfig(Boolean isAugment, List<String> clientAuthns, String clientAuthnsAugment) {
|
||||
SecureClientAuthenticatorExecutor.Configuration config = new SecureClientAuthenticatorExecutor.Configuration();
|
||||
config.setAugment(isAugment);
|
||||
config.setClientAuthns(clientAuthns);
|
||||
config.setClientAuthnsAugment(clientAuthnsAugment);
|
||||
|
|
@ -862,14 +862,14 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
|
|||
return config;
|
||||
}
|
||||
|
||||
protected SecureSigningAlgorithmForSignedJwtEnforceExecutor.Configuration createSecureSigningAlgorithmForSignedJwtEnforceExecutorConfig(Boolean requireClientAssertion) {
|
||||
SecureSigningAlgorithmForSignedJwtEnforceExecutor.Configuration config = new SecureSigningAlgorithmForSignedJwtEnforceExecutor.Configuration();
|
||||
protected SecureSigningAlgorithmForSignedJwtExecutor.Configuration createSecureSigningAlgorithmForSignedJwtEnforceExecutorConfig(Boolean requireClientAssertion) {
|
||||
SecureSigningAlgorithmForSignedJwtExecutor.Configuration config = new SecureSigningAlgorithmForSignedJwtExecutor.Configuration();
|
||||
config.setRequireClientAssertion(requireClientAssertion);
|
||||
return config;
|
||||
}
|
||||
|
||||
protected SecureSigningAlgorithmEnforceExecutor.Configuration createSecureSigningAlgorithmEnforceExecutorConfig(String defaultAlgorithm) {
|
||||
SecureSigningAlgorithmEnforceExecutor.Configuration config = new SecureSigningAlgorithmEnforceExecutor.Configuration();
|
||||
protected SecureSigningAlgorithmExecutor.Configuration createSecureSigningAlgorithmEnforceExecutorConfig(String defaultAlgorithm) {
|
||||
SecureSigningAlgorithmExecutor.Configuration config = new SecureSigningAlgorithmExecutor.Configuration();
|
||||
config.setDefaultAlgorithm(defaultAlgorithm);
|
||||
return config;
|
||||
}
|
||||
|
|
@ -990,26 +990,26 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
|
|||
return config;
|
||||
}
|
||||
|
||||
protected ClientUpdateContextCondition.Configuration createClientUpdateContextConditionConfig(List<String> updateClientSource) {
|
||||
ClientUpdateContextCondition.Configuration config = new ClientUpdateContextCondition.Configuration();
|
||||
protected ClientUpdaterContextCondition.Configuration createClientUpdateContextConditionConfig(List<String> updateClientSource) {
|
||||
ClientUpdaterContextCondition.Configuration config = new ClientUpdaterContextCondition.Configuration();
|
||||
config.setUpdateClientSource(updateClientSource);
|
||||
return config;
|
||||
}
|
||||
|
||||
protected ClientUpdateSourceGroupsCondition.Configuration createClientUpdateSourceGroupsConditionConfig(List<String> groups) {
|
||||
ClientUpdateSourceGroupsCondition.Configuration config = new ClientUpdateSourceGroupsCondition.Configuration();
|
||||
protected ClientUpdaterSourceGroupsCondition.Configuration createClientUpdateSourceGroupsConditionConfig(List<String> groups) {
|
||||
ClientUpdaterSourceGroupsCondition.Configuration config = new ClientUpdaterSourceGroupsCondition.Configuration();
|
||||
config.setGroups(groups);
|
||||
return config;
|
||||
}
|
||||
|
||||
protected ClientUpdateSourceHostsCondition.Configuration createClientUpdateSourceHostsConditionConfig(List<String> trustedHosts) {
|
||||
ClientUpdateSourceHostsCondition.Configuration config = new ClientUpdateSourceHostsCondition.Configuration();
|
||||
protected ClientUpdaterSourceHostsCondition.Configuration createClientUpdateSourceHostsConditionConfig(List<String> trustedHosts) {
|
||||
ClientUpdaterSourceHostsCondition.Configuration config = new ClientUpdaterSourceHostsCondition.Configuration();
|
||||
config.setTrustedHosts(trustedHosts);
|
||||
return config;
|
||||
}
|
||||
|
||||
protected ClientUpdateSourceRolesCondition.Configuration createClientUpdateSourceRolesConditionConfig(List<String> roles) {
|
||||
ClientUpdateSourceRolesCondition.Configuration config = new ClientUpdateSourceRolesCondition.Configuration();
|
||||
protected ClientUpdaterSourceRolesCondition.Configuration createClientUpdateSourceRolesConditionConfig(List<String> roles) {
|
||||
ClientUpdaterSourceRolesCondition.Configuration config = new ClientUpdaterSourceRolesCondition.Configuration();
|
||||
config.setRoles(roles);
|
||||
return config;
|
||||
}
|
||||
|
|
@ -1271,17 +1271,17 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
|
|||
}
|
||||
|
||||
protected void assertExpectedHolderOfKeyEnforceExecutor(boolean isAugment, ClientProfileRepresentation profileRep) {
|
||||
assertExpectedAugmenedExecutor(isAugment, HolderOfKeyEnforceExecutorFactory.PROVIDER_ID, profileRep);
|
||||
assertExpectedAugmenedExecutor(isAugment, HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID, profileRep);
|
||||
}
|
||||
|
||||
protected void assertExpectedPKCEEnforceExecutor(boolean isAugment, ClientProfileRepresentation profileRep) {
|
||||
assertExpectedAugmenedExecutor(isAugment, PKCEEnforceExecutorFactory.PROVIDER_ID, profileRep);
|
||||
assertExpectedAugmenedExecutor(isAugment, PKCEEnforcerExecutorFactory.PROVIDER_ID, profileRep);
|
||||
}
|
||||
|
||||
protected void assertExpectedSecureClientAuthEnforceExecutor(List<String> clientAuthns, boolean isAugment, String clientAuthnsAugment, ClientProfileRepresentation profileRep) {
|
||||
assertExpectedAugmenedExecutor(isAugment, SecureClientAuthEnforceExecutorFactory.PROVIDER_ID, profileRep);
|
||||
assertExpectedAugmenedExecutor(isAugment, SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, profileRep);
|
||||
assertNotNull(profileRep);
|
||||
Map<String, Object> actualExecutorConfig = getConfigOfExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID, profileRep);
|
||||
Map<String, Object> actualExecutorConfig = getConfigOfExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, profileRep);
|
||||
assertNotNull(actualExecutorConfig);
|
||||
|
||||
Set<String> actualClientAuthns = new HashSet<>((Collection<String>) actualExecutorConfig.get("client-authns"));
|
||||
|
|
@ -1292,7 +1292,7 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
|
|||
}
|
||||
|
||||
protected void assertExpectedSecureRedirectUriEnforceExecutor(ClientProfileRepresentation profileRep) {
|
||||
assertExpectedEmptyConfig(SecureClientRegisteringUriEnforceExecutorFactory.PROVIDER_ID, profileRep);
|
||||
assertExpectedEmptyConfig(SecureClientUrisExecutorFactory.PROVIDER_ID, profileRep);
|
||||
}
|
||||
|
||||
protected void assertExpectedSecureRequestObjectExecutor(ClientProfileRepresentation profileRep) {
|
||||
|
|
@ -1308,11 +1308,11 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
|
|||
}
|
||||
|
||||
protected void assertExpectedSecureSigningAlgorithmEnforceExecutor(ClientProfileRepresentation profileRep) {
|
||||
assertExpectedEmptyConfig(SecureSigningAlgorithmEnforceExecutorFactory.PROVIDER_ID, profileRep);
|
||||
assertExpectedEmptyConfig(SecureSigningAlgorithmExecutorFactory.PROVIDER_ID, profileRep);
|
||||
}
|
||||
|
||||
protected void assertExpectedSecureSigningAlgorithmForSignedJwtEnforceExecutor(ClientProfileRepresentation profileRep) {
|
||||
assertExpectedEmptyConfig(SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory.PROVIDER_ID, profileRep);
|
||||
assertExpectedEmptyConfig(SecureSigningAlgorithmForSignedJwtExecutorFactory.PROVIDER_ID, profileRep);
|
||||
}
|
||||
|
||||
protected void assertExpectedAugmenedExecutor(boolean isAugment, String providerId, ClientProfileRepresentation profileRep) {
|
||||
|
|
@ -1393,22 +1393,22 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
|
|||
}
|
||||
|
||||
protected void assertExpectedClientUpdateContextCondition(List<String> updateClientSources, ClientPolicyRepresentation policyRep) {
|
||||
ClientUpdateContextCondition.Configuration cfg = getConfigAsExpectedType(policyRep, ClientUpdateContextConditionFactory.PROVIDER_ID, ClientUpdateContextCondition.Configuration.class);
|
||||
ClientUpdaterContextCondition.Configuration cfg = getConfigAsExpectedType(policyRep, ClientUpdaterContextConditionFactory.PROVIDER_ID, ClientUpdaterContextCondition.Configuration.class);
|
||||
Assert.assertEquals(cfg.getUpdateClientSource(), updateClientSources);
|
||||
}
|
||||
|
||||
protected void assertExpectedClientUpdateSourceGroupsCondition(List<String> groups, ClientPolicyRepresentation policyRep) {
|
||||
ClientUpdateSourceGroupsCondition.Configuration cfg = getConfigAsExpectedType(policyRep, ClientUpdateSourceGroupsConditionFactory.PROVIDER_ID, ClientUpdateSourceGroupsCondition.Configuration.class);
|
||||
ClientUpdaterSourceGroupsCondition.Configuration cfg = getConfigAsExpectedType(policyRep, ClientUpdaterSourceGroupsConditionFactory.PROVIDER_ID, ClientUpdaterSourceGroupsCondition.Configuration.class);
|
||||
Assert.assertEquals(cfg.getGroups(), groups);
|
||||
}
|
||||
|
||||
protected void assertExpectedClientUpdateSourceHostsCondition(List<String> trustedHosts, ClientPolicyRepresentation policyRep) {
|
||||
ClientUpdateSourceHostsCondition.Configuration cfg = getConfigAsExpectedType(policyRep, ClientUpdateSourceHostsConditionFactory.PROVIDER_ID, ClientUpdateSourceHostsCondition.Configuration.class);
|
||||
ClientUpdaterSourceHostsCondition.Configuration cfg = getConfigAsExpectedType(policyRep, ClientUpdaterSourceHostsConditionFactory.PROVIDER_ID, ClientUpdaterSourceHostsCondition.Configuration.class);
|
||||
Assert.assertEquals(cfg.getTrustedHosts(), trustedHosts);
|
||||
}
|
||||
|
||||
protected void assertExpectedClientUpdateSourceRolesCondition(List<String> roles, ClientPolicyRepresentation policyRep) {
|
||||
ClientUpdateSourceRolesCondition.Configuration cfg = getConfigAsExpectedType(policyRep, ClientUpdateSourceRolesConditionFactory.PROVIDER_ID, ClientUpdateSourceRolesCondition.Configuration.class);
|
||||
ClientUpdaterSourceRolesCondition.Configuration cfg = getConfigAsExpectedType(policyRep, ClientUpdaterSourceRolesConditionFactory.PROVIDER_ID, ClientUpdaterSourceRolesCondition.Configuration.class);
|
||||
Assert.assertEquals(cfg.getRoles(), roles);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -44,8 +44,8 @@ import org.keycloak.services.clientpolicy.ClientPolicyException;
|
|||
import org.keycloak.services.clientpolicy.ClientPoliciesUtil;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientAccessTypeConditionFactory;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientRolesConditionFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.PKCEEnforceExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureClientAuthEnforceExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.PKCEEnforcerExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureClientAuthenticatorExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureSessionEnforceExecutorFactory;
|
||||
import org.keycloak.testsuite.Assert;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
|
||||
|
|
@ -160,19 +160,19 @@ public class ClientPoliciesLoadUpdateTest extends AbstractClientPoliciesTest {
|
|||
|
||||
// load profiles
|
||||
ClientProfileRepresentation duplicatedProfileRep = (new ClientProfileBuilder()).createProfile("builtin-basic-security", "Enforce basic security level")
|
||||
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
|
||||
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
|
||||
createSecureClientAuthEnforceExecutorConfig(
|
||||
Boolean.FALSE,
|
||||
Arrays.asList(ClientIdAndSecretAuthenticator.PROVIDER_ID, JWTClientAuthenticator.PROVIDER_ID),
|
||||
null))
|
||||
.addExecutor(PKCEEnforceExecutorFactory.PROVIDER_ID,
|
||||
.addExecutor(PKCEEnforcerExecutorFactory.PROVIDER_ID,
|
||||
createPKCEEnforceExecutorConfig(Boolean.FALSE))
|
||||
.addExecutor("no-such-executor",
|
||||
createPKCEEnforceExecutorConfig(Boolean.TRUE))
|
||||
.toRepresentation();
|
||||
|
||||
ClientProfileRepresentation loadedProfileRep = (new ClientProfileBuilder()).createProfile("ordinal-test-profile", "The profile that can be loaded.")
|
||||
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
|
||||
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
|
||||
createSecureClientAuthEnforceExecutorConfig(
|
||||
Boolean.TRUE,
|
||||
Arrays.asList(JWTClientAuthenticator.PROVIDER_ID),
|
||||
|
|
@ -199,7 +199,7 @@ public class ClientPoliciesLoadUpdateTest extends AbstractClientPoliciesTest {
|
|||
// register profiles
|
||||
String json = (new ClientProfilesBuilder()).addProfile(
|
||||
(new ClientProfileBuilder()).createProfile("global-default-profile", "Pershyy Profil")
|
||||
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
|
||||
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
|
||||
createSecureClientAuthEnforceExecutorConfig(Boolean.TRUE,
|
||||
Arrays.asList(JWTClientAuthenticator.PROVIDER_ID, JWTClientSecretAuthenticator.PROVIDER_ID, X509ClientAuthenticator.PROVIDER_ID),
|
||||
X509ClientAuthenticator.PROVIDER_ID))
|
||||
|
|
@ -241,7 +241,7 @@ public class ClientPoliciesLoadUpdateTest extends AbstractClientPoliciesTest {
|
|||
+ " \"builtin\" : false,\n"
|
||||
+ " \"executors\": [\n"
|
||||
+ " {\n"
|
||||
+ " \"new-secure-client-authn-executor\": {\n"
|
||||
+ " \"new-secure-client-authnenticator\": {\n"
|
||||
+ " \"client-authns\": [ \"private-key-jwt\" ],\n"
|
||||
+ " \"client-authns-augment\" : \"private-key-jwt\",\n"
|
||||
+ " \"is-augment\" : true\n"
|
||||
|
|
@ -273,7 +273,7 @@ public class ClientPoliciesLoadUpdateTest extends AbstractClientPoliciesTest {
|
|||
+ " \"description\" : \"Not builtin profile that should be skipped.\",\n"
|
||||
+ " \"builtin\" : \"no\",\n"
|
||||
+ " \"executors\": {\n"
|
||||
+ " \"new-secure-client-authn-executor\": {\n"
|
||||
+ " \"new-secure-client-authnenticator\": {\n"
|
||||
+ " \"client-authns\": [ \"private-key-jwt\" ],\n"
|
||||
+ " \"client-authns-augment\" : \"private-key-jwt\",\n"
|
||||
+ " \"is-augment\" : true\n"
|
||||
|
|
@ -364,7 +364,7 @@ public class ClientPoliciesLoadUpdateTest extends AbstractClientPoliciesTest {
|
|||
+ " \"enable\": true,\n"
|
||||
+ " \"conditions\": [\n"
|
||||
+ " {\n"
|
||||
+ " \"new-clientupdatesourcehost-condition\": {\n"
|
||||
+ " \"new-client-updater-source-host\": {\n"
|
||||
+ " \"trusted-hosts\": [\"myuniversity\"],\n"
|
||||
+ " \"host-sending-request-must-match\" : [true]\n"
|
||||
+ " }\n"
|
||||
|
|
|
|||
|
|
@ -51,8 +51,6 @@ import org.keycloak.authentication.authenticators.client.ClientIdAndSecretAuthen
|
|||
import org.keycloak.authentication.authenticators.client.JWTClientAuthenticator;
|
||||
import org.keycloak.authentication.authenticators.client.JWTClientSecretAuthenticator;
|
||||
import org.keycloak.authentication.authenticators.client.X509ClientAuthenticator;
|
||||
import org.keycloak.client.registration.Auth;
|
||||
import org.keycloak.client.registration.ClientRegistration;
|
||||
import org.keycloak.client.registration.ClientRegistrationException;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.events.Details;
|
||||
|
|
@ -68,8 +66,6 @@ import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
|||
import org.keycloak.protocol.oidc.utils.OIDCResponseType;
|
||||
import org.keycloak.representations.AccessToken;
|
||||
import org.keycloak.representations.RefreshToken;
|
||||
import org.keycloak.representations.idm.ClientInitialAccessCreatePresentation;
|
||||
import org.keycloak.representations.idm.ClientInitialAccessPresentation;
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||
import org.keycloak.representations.idm.EventRepresentation;
|
||||
|
|
@ -83,22 +79,21 @@ import org.keycloak.services.clientpolicy.condition.AnyClientConditionFactory;
|
|||
import org.keycloak.services.clientpolicy.condition.ClientAccessTypeConditionFactory;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientRolesConditionFactory;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientScopesConditionFactory;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientUpdateContextConditionFactory;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientUpdateSourceGroupsConditionFactory;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientUpdateSourceHostsConditionFactory;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientUpdateSourceRolesConditionFactory;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientUpdaterContextConditionFactory;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceGroupsConditionFactory;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceHostsConditionFactory;
|
||||
import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceRolesConditionFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.ConfidentialClientAcceptExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.ConsentRequiredExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.HolderOfKeyEnforceExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.PKCEEnforceExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureClientAuthEnforceExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureClientRegisteringUriEnforceExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.HolderOfKeyEnforcerExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.PKCEEnforcerExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureClientAuthenticatorExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureClientUrisExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureRequestObjectExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureResponseTypeExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureSessionEnforceExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmEnforceExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtEnforceExecutor;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtExecutorFactory;
|
||||
import org.keycloak.services.clientpolicy.executor.SecureRequestObjectExecutor;
|
||||
import org.keycloak.testsuite.admin.ApiUtil;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
|
||||
|
|
@ -250,7 +245,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
// register profiles
|
||||
String json = (new ClientProfilesBuilder()).addProfile(
|
||||
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Pershyy Profil")
|
||||
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
|
||||
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
|
||||
createSecureClientAuthEnforceExecutorConfig(Boolean.TRUE,
|
||||
Arrays.asList(JWTClientAuthenticator.PROVIDER_ID, JWTClientSecretAuthenticator.PROVIDER_ID, X509ClientAuthenticator.PROVIDER_ID),
|
||||
X509ClientAuthenticator.PROVIDER_ID))
|
||||
|
|
@ -261,8 +256,8 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
// register policies
|
||||
json = (new ClientPoliciesBuilder()).addPolicy(
|
||||
(new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Persha Polityka", Boolean.TRUE)
|
||||
.addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID,
|
||||
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER)))
|
||||
.addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID,
|
||||
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER)))
|
||||
.addProfile(PROFILE_NAME)
|
||||
.toRepresentation()
|
||||
).toString();
|
||||
|
|
@ -277,7 +272,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
// update profiles
|
||||
json = (new ClientProfilesBuilder()).addProfile(
|
||||
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Pershyy Profil")
|
||||
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
|
||||
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
|
||||
createSecureClientAuthEnforceExecutorConfig(Boolean.TRUE,
|
||||
Arrays.asList(JWTClientAuthenticator.PROVIDER_ID, JWTClientSecretAuthenticator.PROVIDER_ID, X509ClientAuthenticator.PROVIDER_ID),
|
||||
JWTClientAuthenticator.PROVIDER_ID))
|
||||
|
|
@ -333,7 +328,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
// register profiles
|
||||
String json = (new ClientProfilesBuilder()).addProfile(
|
||||
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Den Eichte profil")
|
||||
.addExecutor(PKCEEnforceExecutorFactory.PROVIDER_ID,
|
||||
.addExecutor(PKCEEnforcerExecutorFactory.PROVIDER_ID,
|
||||
createPKCEEnforceExecutorConfig(Boolean.TRUE))
|
||||
.toRepresentation()
|
||||
).toString();
|
||||
|
|
@ -382,7 +377,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
// register profiles
|
||||
String json = (new ClientProfilesBuilder()).addProfile(
|
||||
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Purofairu Sono Ichi")
|
||||
.addExecutor(PKCEEnforceExecutorFactory.PROVIDER_ID,
|
||||
.addExecutor(PKCEEnforcerExecutorFactory.PROVIDER_ID,
|
||||
createPKCEEnforceExecutorConfig(Boolean.FALSE))
|
||||
.toRepresentation()
|
||||
).toString();
|
||||
|
|
@ -393,8 +388,8 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
(new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Porishii Sono Ichi", Boolean.TRUE)
|
||||
.addCondition(ClientRolesConditionFactory.PROVIDER_ID,
|
||||
createClientRolesConditionConfig(Arrays.asList(SAMPLE_CLIENT_ROLE)))
|
||||
.addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID,
|
||||
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER)))
|
||||
.addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID,
|
||||
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER)))
|
||||
.toRepresentation()
|
||||
).toString();
|
||||
updatePolicies(json);
|
||||
|
|
@ -412,8 +407,8 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
updatePolicy((new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Koushinsareta Porishii Sono Ichi", Boolean.TRUE)
|
||||
.addCondition(ClientRolesConditionFactory.PROVIDER_ID,
|
||||
createClientRolesConditionConfig(Arrays.asList(SAMPLE_CLIENT_ROLE)))
|
||||
.addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID,
|
||||
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER)))
|
||||
.addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID,
|
||||
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER)))
|
||||
.addProfile(PROFILE_NAME)
|
||||
.toRepresentation());
|
||||
|
||||
|
|
@ -422,7 +417,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
// update profiles
|
||||
updateProfile(
|
||||
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Koushinsareta Purofairu Sono Ichi")
|
||||
.addExecutor(PKCEEnforceExecutorFactory.PROVIDER_ID,
|
||||
.addExecutor(PKCEEnforcerExecutorFactory.PROVIDER_ID,
|
||||
createPKCEEnforceExecutorConfig(Boolean.TRUE))
|
||||
.toRepresentation());
|
||||
|
||||
|
|
@ -474,11 +469,11 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
String profileBetaName = "MyProfile-beta";
|
||||
String json = (new ClientProfilesBuilder()).addProfile(
|
||||
(new ClientProfileBuilder()).createProfile(profileAlphaName, "Pierwszy Profil")
|
||||
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
|
||||
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
|
||||
createSecureClientAuthEnforceExecutorConfig(Boolean.TRUE, Arrays.asList(ClientIdAndSecretAuthenticator.PROVIDER_ID), ClientIdAndSecretAuthenticator.PROVIDER_ID))
|
||||
.toRepresentation()).addProfile(
|
||||
(new ClientProfileBuilder()).createProfile(profileBetaName, "Drugi Profil")
|
||||
.addExecutor(PKCEEnforceExecutorFactory.PROVIDER_ID,
|
||||
.addExecutor(PKCEEnforcerExecutorFactory.PROVIDER_ID,
|
||||
createPKCEEnforceExecutorConfig(Boolean.TRUE))
|
||||
.toRepresentation()
|
||||
).toString();
|
||||
|
|
@ -491,8 +486,8 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
(new ClientPolicyBuilder()).createPolicy(policyAlphaName, "Pierwsza Zasada", Boolean.TRUE)
|
||||
.addCondition(ClientRolesConditionFactory.PROVIDER_ID,
|
||||
createClientRolesConditionConfig(Arrays.asList(roleAlphaName, roleZetaName)))
|
||||
.addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID,
|
||||
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER)))
|
||||
.addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID,
|
||||
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER)))
|
||||
.addProfile(profileAlphaName)
|
||||
.toRepresentation()).addPolicy(
|
||||
(new ClientPolicyBuilder()).createPolicy(policyBetaName, "Drugi Zasada", Boolean.TRUE)
|
||||
|
|
@ -591,7 +586,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
// register profiles
|
||||
String json = (new ClientProfilesBuilder()).addProfile(
|
||||
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Die Erste Politik")
|
||||
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID, null)
|
||||
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, null)
|
||||
.toRepresentation()
|
||||
).toString();
|
||||
updateProfiles(json);
|
||||
|
|
@ -604,17 +599,17 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
.toRepresentation()
|
||||
).addPolicy(
|
||||
(new ClientPolicyBuilder()).createPolicy("MyPolicy-ClientUpdateSourceGroupsCondition", "Die Zweite Politik", Boolean.TRUE)
|
||||
.addCondition(ClientUpdateSourceGroupsConditionFactory.PROVIDER_ID, null)
|
||||
.addCondition(ClientUpdaterSourceGroupsConditionFactory.PROVIDER_ID, null)
|
||||
.addProfile(PROFILE_NAME)
|
||||
.toRepresentation()
|
||||
).addPolicy(
|
||||
(new ClientPolicyBuilder()).createPolicy("MyPolicy-ClientUpdateSourceRolesCondition", "Die Dritte Politik", Boolean.TRUE)
|
||||
.addCondition(ClientUpdateSourceRolesConditionFactory.PROVIDER_ID, null)
|
||||
.addCondition(ClientUpdaterSourceRolesConditionFactory.PROVIDER_ID, null)
|
||||
.addProfile(PROFILE_NAME)
|
||||
.toRepresentation()
|
||||
).addPolicy(
|
||||
(new ClientPolicyBuilder()).createPolicy("MyPolicy-ClientUpdateContextCondition", "Die Vierte Politik", Boolean.TRUE)
|
||||
.addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID, null)
|
||||
.addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID, null)
|
||||
.addProfile(PROFILE_NAME)
|
||||
.toRepresentation()
|
||||
).toString();
|
||||
|
|
@ -638,7 +633,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
// register profiles
|
||||
String json = (new ClientProfilesBuilder()).addProfile(
|
||||
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Prvni Profil")
|
||||
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
|
||||
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
|
||||
createSecureClientAuthEnforceExecutorConfig(
|
||||
Boolean.FALSE,
|
||||
Arrays.asList(JWTClientAuthenticator.PROVIDER_ID, JWTClientSecretAuthenticator.PROVIDER_ID, X509ClientAuthenticator.PROVIDER_ID),
|
||||
|
|
@ -651,7 +646,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
// register policies
|
||||
json = (new ClientPoliciesBuilder()).addPolicy(
|
||||
(new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Prvni Politika", Boolean.TRUE)
|
||||
.addCondition(ClientUpdateSourceHostsConditionFactory.PROVIDER_ID,
|
||||
.addCondition(ClientUpdaterSourceHostsConditionFactory.PROVIDER_ID,
|
||||
createClientUpdateSourceHostsConditionConfig(Arrays.asList("localhost", "127.0.0.1")))
|
||||
.addProfile(PROFILE_NAME)
|
||||
.toRepresentation()
|
||||
|
|
@ -672,7 +667,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
// update policies
|
||||
json = (new ClientPoliciesBuilder()).addPolicy(
|
||||
(new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Aktualizovana Prvni Politika", Boolean.TRUE)
|
||||
.addCondition(ClientUpdateSourceHostsConditionFactory.PROVIDER_ID,
|
||||
.addCondition(ClientUpdaterSourceHostsConditionFactory.PROVIDER_ID,
|
||||
createClientUpdateSourceHostsConditionConfig(Arrays.asList("example.com")))
|
||||
.addProfile(PROFILE_NAME)
|
||||
.toRepresentation()
|
||||
|
|
@ -693,7 +688,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
// register profiles
|
||||
String json = (new ClientProfilesBuilder()).addProfile(
|
||||
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Den Forste Profil")
|
||||
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
|
||||
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
|
||||
createSecureClientAuthEnforceExecutorConfig(
|
||||
Boolean.FALSE,
|
||||
Arrays.asList(JWTClientAuthenticator.PROVIDER_ID),
|
||||
|
|
@ -706,7 +701,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
// register policies
|
||||
json = (new ClientPoliciesBuilder()).addPolicy(
|
||||
(new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Den Forste Politik", Boolean.TRUE)
|
||||
.addCondition(ClientUpdateSourceGroupsConditionFactory.PROVIDER_ID,
|
||||
.addCondition(ClientUpdaterSourceGroupsConditionFactory.PROVIDER_ID,
|
||||
createClientUpdateSourceGroupsConditionConfig(Arrays.asList("topGroup")))
|
||||
.addProfile(PROFILE_NAME)
|
||||
.toRepresentation()
|
||||
|
|
@ -733,7 +728,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
// register profiles
|
||||
String json = (new ClientProfilesBuilder()).addProfile(
|
||||
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Il Primo Profilo")
|
||||
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
|
||||
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
|
||||
createSecureClientAuthEnforceExecutorConfig(
|
||||
Boolean.FALSE,
|
||||
Arrays.asList(JWTClientSecretAuthenticator.PROVIDER_ID),
|
||||
|
|
@ -746,7 +741,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
// register policies
|
||||
json = (new ClientPoliciesBuilder()).addPolicy(
|
||||
(new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "La Prima Politica", Boolean.TRUE)
|
||||
.addCondition(ClientUpdateSourceRolesConditionFactory.PROVIDER_ID,
|
||||
.addCondition(ClientUpdaterSourceRolesConditionFactory.PROVIDER_ID,
|
||||
createClientUpdateSourceRolesConditionConfig(Arrays.asList(Constants.REALM_MANAGEMENT_CLIENT_ID + "." + AdminRoles.CREATE_CLIENT)))
|
||||
.addProfile(PROFILE_NAME)
|
||||
.toRepresentation()
|
||||
|
|
@ -773,7 +768,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
// register profiles
|
||||
String json = (new ClientProfilesBuilder()).addProfile(
|
||||
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Het Eerste Profiel")
|
||||
.addExecutor(PKCEEnforceExecutorFactory.PROVIDER_ID,
|
||||
.addExecutor(PKCEEnforcerExecutorFactory.PROVIDER_ID,
|
||||
createPKCEEnforceExecutorConfig(Boolean.TRUE))
|
||||
.toRepresentation()
|
||||
).toString();
|
||||
|
|
@ -1165,7 +1160,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
// register profiles
|
||||
String json = (new ClientProfilesBuilder()).addProfile(
|
||||
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Den Forsta Profilen")
|
||||
.addExecutor(SecureSigningAlgorithmEnforceExecutorFactory.PROVIDER_ID, null)
|
||||
.addExecutor(SecureSigningAlgorithmExecutorFactory.PROVIDER_ID, null)
|
||||
.toRepresentation()
|
||||
).toString();
|
||||
updateProfiles(json);
|
||||
|
|
@ -1173,11 +1168,11 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
// register policies
|
||||
json = (new ClientPoliciesBuilder()).addPolicy(
|
||||
(new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Den Forsta Policyn", Boolean.TRUE)
|
||||
.addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID,
|
||||
.addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID,
|
||||
createClientUpdateContextConditionConfig(Arrays.asList(
|
||||
ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER,
|
||||
ClientUpdateContextConditionFactory.BY_INITIAL_ACCESS_TOKEN,
|
||||
ClientUpdateContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN)))
|
||||
ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER,
|
||||
ClientUpdaterContextConditionFactory.BY_INITIAL_ACCESS_TOKEN,
|
||||
ClientUpdaterContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN)))
|
||||
.addProfile(PROFILE_NAME)
|
||||
.toRepresentation()
|
||||
).toString();
|
||||
|
|
@ -1238,7 +1233,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
// update profiles, ES256 enforced
|
||||
json = (new ClientProfilesBuilder()).addProfile(
|
||||
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Den Forsta Profilen")
|
||||
.addExecutor(SecureSigningAlgorithmEnforceExecutorFactory.PROVIDER_ID,
|
||||
.addExecutor(SecureSigningAlgorithmExecutorFactory.PROVIDER_ID,
|
||||
createSecureSigningAlgorithmEnforceExecutorConfig(org.keycloak.crypto.Algorithm.ES256))
|
||||
.toRepresentation()
|
||||
).toString();
|
||||
|
|
@ -1262,7 +1257,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
// update profiles, fall back to PS256
|
||||
json = (new ClientProfilesBuilder()).addProfile(
|
||||
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Den Forsta Profilen")
|
||||
.addExecutor(SecureSigningAlgorithmEnforceExecutorFactory.PROVIDER_ID,
|
||||
.addExecutor(SecureSigningAlgorithmExecutorFactory.PROVIDER_ID,
|
||||
createSecureSigningAlgorithmEnforceExecutorConfig(org.keycloak.crypto.Algorithm.RS512))
|
||||
.toRepresentation()
|
||||
).toString();
|
||||
|
|
@ -1319,7 +1314,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
// update profiles, enforce ES256
|
||||
json = (new ClientProfilesBuilder()).addProfile(
|
||||
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Den Forsta Profilen")
|
||||
.addExecutor(SecureSigningAlgorithmEnforceExecutorFactory.PROVIDER_ID,
|
||||
.addExecutor(SecureSigningAlgorithmExecutorFactory.PROVIDER_ID,
|
||||
createSecureSigningAlgorithmEnforceExecutorConfig(org.keycloak.crypto.Algorithm.ES256))
|
||||
.toRepresentation()
|
||||
).toString();
|
||||
|
|
@ -1344,7 +1339,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
// register profiles
|
||||
String json = (new ClientProfilesBuilder()).addProfile(
|
||||
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Ensimmainen Profiili")
|
||||
.addExecutor(SecureClientRegisteringUriEnforceExecutorFactory.PROVIDER_ID, null)
|
||||
.addExecutor(SecureClientUrisExecutorFactory.PROVIDER_ID, null)
|
||||
.toRepresentation()
|
||||
).toString();
|
||||
updateProfiles(json);
|
||||
|
|
@ -1352,11 +1347,11 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
// register policies
|
||||
json = (new ClientPoliciesBuilder()).addPolicy(
|
||||
(new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Ensimmainen Politiikka", Boolean.TRUE)
|
||||
.addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID,
|
||||
.addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID,
|
||||
createClientUpdateContextConditionConfig(Arrays.asList(
|
||||
ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER,
|
||||
ClientUpdateContextConditionFactory.BY_INITIAL_ACCESS_TOKEN,
|
||||
ClientUpdateContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN)))
|
||||
ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER,
|
||||
ClientUpdaterContextConditionFactory.BY_INITIAL_ACCESS_TOKEN,
|
||||
ClientUpdaterContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN)))
|
||||
.addProfile(PROFILE_NAME)
|
||||
.toRepresentation()
|
||||
).toString();
|
||||
|
|
@ -1391,10 +1386,10 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
// update policies
|
||||
json = (new ClientPoliciesBuilder()).addPolicy(
|
||||
(new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Paivitetyn Ensimmaisen Politiikka", Boolean.TRUE)
|
||||
.addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID,
|
||||
.addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID,
|
||||
createClientUpdateContextConditionConfig(Arrays.asList(
|
||||
ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER,
|
||||
ClientUpdateContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN)))
|
||||
ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER,
|
||||
ClientUpdaterContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN)))
|
||||
.addProfile(PROFILE_NAME)
|
||||
.toRepresentation()
|
||||
).toString();
|
||||
|
|
@ -1544,7 +1539,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
// register profiles
|
||||
String json = (new ClientProfilesBuilder()).addProfile(
|
||||
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Ensimmainen Profiili")
|
||||
.addExecutor(SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory.PROVIDER_ID, createSecureSigningAlgorithmForSignedJwtEnforceExecutorConfig(Boolean.TRUE)
|
||||
.addExecutor(SecureSigningAlgorithmForSignedJwtExecutorFactory.PROVIDER_ID, createSecureSigningAlgorithmForSignedJwtEnforceExecutorConfig(Boolean.TRUE)
|
||||
).toRepresentation()
|
||||
)
|
||||
.toString();
|
||||
|
|
@ -1636,7 +1631,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
// register profiles
|
||||
String json = (new ClientProfilesBuilder()).addProfile(
|
||||
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Ensimmainen Profiili")
|
||||
.addExecutor(SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory.PROVIDER_ID, createSecureSigningAlgorithmForSignedJwtEnforceExecutorConfig(Boolean.FALSE))
|
||||
.addExecutor(SecureSigningAlgorithmForSignedJwtExecutorFactory.PROVIDER_ID, createSecureSigningAlgorithmForSignedJwtEnforceExecutorConfig(Boolean.FALSE))
|
||||
.toRepresentation()
|
||||
).toString();
|
||||
updateProfiles(json);
|
||||
|
|
@ -1697,9 +1692,9 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
// register profiles
|
||||
String json = (new ClientProfilesBuilder()).addProfile(
|
||||
(new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Az Elso Profil")
|
||||
.addExecutor(HolderOfKeyEnforceExecutorFactory.PROVIDER_ID,
|
||||
.addExecutor(HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID,
|
||||
createHolderOfKeyEnforceExecutorConfig(Boolean.TRUE))
|
||||
.addExecutor(SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory.PROVIDER_ID,
|
||||
.addExecutor(SecureSigningAlgorithmForSignedJwtExecutorFactory.PROVIDER_ID,
|
||||
createSecureSigningAlgorithmForSignedJwtEnforceExecutorConfig(Boolean.FALSE))
|
||||
.toRepresentation()
|
||||
).toString();
|
||||
|
|
@ -2061,7 +2056,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
String profileName = "MyProfile";
|
||||
String json = (new ClientProfilesBuilder()).addProfile(
|
||||
(new ClientProfileBuilder()).createProfile(profileName, "Primum Profile")
|
||||
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
|
||||
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
|
||||
createSecureClientAuthEnforceExecutorConfig(Boolean.FALSE,
|
||||
Arrays.asList(JWTClientAuthenticator.PROVIDER_ID, JWTClientSecretAuthenticator.PROVIDER_ID, X509ClientAuthenticator.PROVIDER_ID),
|
||||
null))
|
||||
|
|
@ -2072,8 +2067,8 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
// register policies
|
||||
json = (new ClientPoliciesBuilder()).addPolicy(
|
||||
(new ClientPolicyBuilder()).createPolicy(policyName, "Primum Consilium", Boolean.TRUE)
|
||||
.addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID,
|
||||
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER)))
|
||||
.addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID,
|
||||
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER)))
|
||||
.addProfile(profileName)
|
||||
.toRepresentation()
|
||||
).toString();
|
||||
|
|
@ -2085,11 +2080,11 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
String profileName = "MyProfile";
|
||||
String json = (new ClientProfilesBuilder()).addProfile(
|
||||
(new ClientProfileBuilder()).createProfile(profileName, "Primul Profil")
|
||||
.addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID,
|
||||
.addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID,
|
||||
createSecureClientAuthEnforceExecutorConfig(Boolean.TRUE,
|
||||
Arrays.asList(ClientIdAndSecretAuthenticator.PROVIDER_ID, JWTClientAuthenticator.PROVIDER_ID),
|
||||
ClientIdAndSecretAuthenticator.PROVIDER_ID))
|
||||
.addExecutor(PKCEEnforceExecutorFactory.PROVIDER_ID,
|
||||
.addExecutor(PKCEEnforcerExecutorFactory.PROVIDER_ID,
|
||||
createPKCEEnforceExecutorConfig(Boolean.TRUE))
|
||||
.toRepresentation()
|
||||
).toString();
|
||||
|
|
@ -2100,8 +2095,8 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
|
|||
(new ClientPolicyBuilder()).createPolicy(policyName, "Prima Politica", Boolean.TRUE)
|
||||
.addCondition(ClientRolesConditionFactory.PROVIDER_ID,
|
||||
createClientRolesConditionConfig(Arrays.asList(SAMPLE_CLIENT_ROLE)))
|
||||
.addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID,
|
||||
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdateContextConditionFactory.BY_INITIAL_ACCESS_TOKEN)))
|
||||
.addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID,
|
||||
createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdaterContextConditionFactory.BY_INITIAL_ACCESS_TOKEN)))
|
||||
.addProfile(profileName)
|
||||
.toRepresentation()
|
||||
).toString();
|
||||
|
|
|
|||
|
|
@ -872,18 +872,18 @@ client-profiles.tooltip=Client Profiles applied on this policy
|
|||
add-profile.placeholder=Add client profile ...
|
||||
no-client-profiles-configured=No client profiles configured
|
||||
|
||||
clientscopes-condition.label=Expected Scopes
|
||||
clientscopes-condition.tooltip=The list of expected client scopes. Condition evaluates to true if specified client request matches some of the client scopes. It depends also whether it should be default or optional client scope based on the 'Scope Type' configured.
|
||||
client-scopes-condition.label=Expected Scopes
|
||||
client-scopes-condition.tooltip=The list of expected client scopes. Condition evaluates to true if specified client request matches some of the client scopes. It depends also whether it should be default or optional client scope based on the 'Scope Type' configured.
|
||||
client-accesstype.label=Client Access Type
|
||||
client-accesstype.tooltip=Access Type of the client, for which the condition will be applied.
|
||||
clientroles-condition.label=Client Roles
|
||||
clientroles-condition.tooltip=Client roles, which will be checked during this condition evaluation. Condition evaluates to true if client has at least one client role with the name as the client roles specified in the configuration.
|
||||
clientupdatesourcegroups-condition.label=Groups
|
||||
clientupdatesourcegroups-condition.tooltip=Name of groups to check. Condition evaluates to true if the entity, who creates/updates client is member of some of the specified groups. Configured groups are specified by their simple name, which must match to the name of the Keycloak group. No support for group hierarchy is used here.
|
||||
clientupdate-trusted-hosts.label=Trusted hosts
|
||||
clientupdate-trusted-hosts.tooltip=List of Hosts, which are trusted. In case that client registration/update request comes from the host/domain specified in this configuration, condition evaluates to true. You can use hostnames or IP addresses. If you use star at the beginning (for example '*.example.com' ) then whole domain example.com will be trusted.
|
||||
clientupdatesourceroles-condition.label=Updating entity role
|
||||
clientupdatesourceroles-condition.tooltip=The condition is checked during client registration/update requests and it evaluates to true if the entity (usually user), who is creating/updating client is member of the specified role. For reference the realm role, you can use the realm role name like 'my_realm_role' . For reference client role, you can use the client_id.role_name for example 'my_client.my_client_role' will refer to client role 'my_client_role' of client 'my_client'.
|
||||
client-roles.label=Client Roles
|
||||
client-roles-condition.tooltip=Client roles, which will be checked during this condition evaluation. Condition evaluates to true if client has at least one client role with the name as the client roles specified in the configuration.
|
||||
client-updater-source-groups.label=Groups
|
||||
client-updater-source-groups.tooltip=Name of groups to check. Condition evaluates to true if the entity, who creates/updates client is member of some of the specified groups. Configured groups are specified by their simple name, which must match to the name of the Keycloak group. No support for group hierarchy is used here.
|
||||
client-updater-trusted-hosts.label=Trusted hosts
|
||||
client-updater-trusted-hosts.tooltip=List of Hosts, which are trusted. In case that client registration/update request comes from the host/domain specified in this configuration, condition evaluates to true. You can use hostnames or IP addresses. If you use star at the beginning (for example '*.example.com' ) then whole domain example.com will be trusted.
|
||||
client-updater-source-roles.label=Updating entity role
|
||||
client-updater-source-roles.tooltip=The condition is checked during client registration/update requests and it evaluates to true if the entity (usually user), who is creating/updating client is member of the specified role. For reference the realm role, you can use the realm role name like 'my_realm_role' . For reference client role, you can use the client_id.role_name for example 'my_client.my_client_role' will refer to client role 'my_client_role' of client 'my_client'.
|
||||
|
||||
groups=Groups
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue