diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/condition/AnyClientConditionFactory.java b/services/src/main/java/org/keycloak/services/clientpolicy/condition/AnyClientConditionFactory.java index c7d5b819a2..2f54c81854 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/condition/AnyClientConditionFactory.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/condition/AnyClientConditionFactory.java @@ -30,7 +30,7 @@ import org.keycloak.provider.ProviderConfigProperty; */ public class AnyClientConditionFactory implements ClientPolicyConditionProviderFactory { - public static final String PROVIDER_ID = "anyclient-condition"; + public static final String PROVIDER_ID = "any-client"; @Override public ClientPolicyConditionProvider create(KeycloakSession session) { diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientAccessTypeConditionFactory.java b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientAccessTypeConditionFactory.java index 6efb6e5940..3792c95c8b 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientAccessTypeConditionFactory.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientAccessTypeConditionFactory.java @@ -31,7 +31,7 @@ import org.keycloak.provider.ProviderConfigProperty; */ public class ClientAccessTypeConditionFactory implements ClientPolicyConditionProviderFactory { - public static final String PROVIDER_ID = "client-accesstype-condition"; + public static final String PROVIDER_ID = "client-access-type"; public static final String TYPE = "type"; diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientRolesConditionFactory.java b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientRolesConditionFactory.java index 774fcd64de..c5ca78db3a 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientRolesConditionFactory.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientRolesConditionFactory.java @@ -30,7 +30,7 @@ import org.keycloak.provider.ProviderConfigProperty; */ public class ClientRolesConditionFactory implements ClientPolicyConditionProviderFactory { - public static final String PROVIDER_ID = "clientroles-condition"; + public static final String PROVIDER_ID = "client-roles"; public static final String ROLES = "roles"; @@ -38,7 +38,7 @@ public class ClientRolesConditionFactory implements ClientPolicyConditionProvide static { ProviderConfigProperty property; - property = new ProviderConfigProperty(ROLES, PROVIDER_ID + ".label", PROVIDER_ID + ".tooltip", ProviderConfigProperty.MULTIVALUED_STRING_TYPE, null); + property = new ProviderConfigProperty(ROLES, PROVIDER_ID + ".label", PROVIDER_ID + "-condition.tooltip", ProviderConfigProperty.MULTIVALUED_STRING_TYPE, null); configProperties.add(property); } diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientScopesConditionFactory.java b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientScopesConditionFactory.java index 74699af78a..8036314f01 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientScopesConditionFactory.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientScopesConditionFactory.java @@ -32,7 +32,7 @@ import org.keycloak.provider.ProviderConfigProperty; */ public class ClientScopesConditionFactory implements ClientPolicyConditionProviderFactory { - public static final String PROVIDER_ID = "clientscopes-condition"; + public static final String PROVIDER_ID = "client-scopes"; public static final String SCOPES = "scopes"; public static final String TYPE = "type"; @@ -42,7 +42,7 @@ public class ClientScopesConditionFactory implements ClientPolicyConditionProvid private static final List configProperties = new ArrayList(); static { - ProviderConfigProperty property = new ProviderConfigProperty(SCOPES, PROVIDER_ID + ".label", PROVIDER_ID + ".tooltip", ProviderConfigProperty.MULTIVALUED_STRING_TYPE, OAuth2Constants.OFFLINE_ACCESS); + ProviderConfigProperty property = new ProviderConfigProperty(SCOPES, PROVIDER_ID + "-condition.label", PROVIDER_ID + "-condition.tooltip", ProviderConfigProperty.MULTIVALUED_STRING_TYPE, OAuth2Constants.OFFLINE_ACCESS); configProperties.add(property); property = new ProviderConfigProperty(TYPE, "Scope Type", "If set to 'Default', condition evaluates to true if client has some default scopes of the values specified by the 'Expected Scopes' property. " + diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdateContextCondition.java b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterContextCondition.java similarity index 85% rename from services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdateContextCondition.java rename to services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterContextCondition.java index 4195bf8771..fd0aec5b23 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdateContextCondition.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterContextCondition.java @@ -36,11 +36,11 @@ import com.fasterxml.jackson.annotation.JsonProperty; /** * @author Takashi Norimatsu */ -public class ClientUpdateContextCondition extends AbstractClientPolicyConditionProvider { +public class ClientUpdaterContextCondition extends AbstractClientPolicyConditionProvider { - private static final Logger logger = Logger.getLogger(ClientUpdateContextCondition.class); + private static final Logger logger = Logger.getLogger(ClientUpdaterContextCondition.class); - public ClientUpdateContextCondition(KeycloakSession session) { + public ClientUpdaterContextCondition(KeycloakSession session) { super(session); } @@ -65,7 +65,7 @@ public class ClientUpdateContextCondition extends AbstractClientPolicyConditionP @Override public String getProviderId() { - return ClientUpdateContextConditionFactory.PROVIDER_ID; + return ClientUpdaterContextConditionFactory.PROVIDER_ID; } @Override @@ -98,16 +98,16 @@ public class ClientUpdateContextCondition extends AbstractClientPolicyConditionP String authMethod = null; if (context.getToken() == null) { - authMethod = ClientUpdateContextConditionFactory.BY_ANONYMOUS; + authMethod = ClientUpdaterContextConditionFactory.BY_ANONYMOUS; } else if (isInitialAccessToken(context.getToken())) { - authMethod = ClientUpdateContextConditionFactory.BY_INITIAL_ACCESS_TOKEN; + authMethod = ClientUpdaterContextConditionFactory.BY_INITIAL_ACCESS_TOKEN; } else if (isRegistrationAccessToken(context.getToken())) { - authMethod = ClientUpdateContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN; + authMethod = ClientUpdaterContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN; } else if (isBearerToken(context.getToken())) { if (context.getAuthenticatedUser() != null || context.getAuthenticatedClient() != null) { - authMethod = ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER; + authMethod = ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER; } else { - authMethod = ClientUpdateContextConditionFactory.BY_ANONYMOUS; + authMethod = ClientUpdaterContextConditionFactory.BY_ANONYMOUS; } } diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdateContextConditionFactory.java b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterContextConditionFactory.java similarity index 93% rename from services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdateContextConditionFactory.java rename to services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterContextConditionFactory.java index 92d60093a9..fa7ef99423 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdateContextConditionFactory.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterContextConditionFactory.java @@ -29,9 +29,9 @@ import org.keycloak.provider.ProviderConfigProperty; /** * @author Takashi Norimatsu */ -public class ClientUpdateContextConditionFactory implements ClientPolicyConditionProviderFactory { +public class ClientUpdaterContextConditionFactory implements ClientPolicyConditionProviderFactory { - public static final String PROVIDER_ID = "clientupdatecontext-condition"; + public static final String PROVIDER_ID = "client-updater-context"; public static final String UPDATE_CLIENT_SOURCE = "update-client-source"; @@ -56,7 +56,7 @@ public class ClientUpdateContextConditionFactory implements ClientPolicyConditio @Override public ClientPolicyConditionProvider create(KeycloakSession session) { - return new ClientUpdateContextCondition(session); + return new ClientUpdaterContextCondition(session); } @Override diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdateSourceGroupsCondition.java b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceGroupsCondition.java similarity index 94% rename from services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdateSourceGroupsCondition.java rename to services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceGroupsCondition.java index 883867cb20..ee39f8baee 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdateSourceGroupsCondition.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceGroupsCondition.java @@ -41,11 +41,11 @@ import org.keycloak.services.clientpolicy.context.DynamicClientUpdateContext; /** * @author Takashi Norimatsu */ -public class ClientUpdateSourceGroupsCondition extends AbstractClientPolicyConditionProvider { +public class ClientUpdaterSourceGroupsCondition extends AbstractClientPolicyConditionProvider { - private static final Logger logger = Logger.getLogger(ClientUpdateSourceGroupsCondition.class); + private static final Logger logger = Logger.getLogger(ClientUpdaterSourceGroupsCondition.class); - public ClientUpdateSourceGroupsCondition(KeycloakSession session) { + public ClientUpdaterSourceGroupsCondition(KeycloakSession session) { super(session); } @@ -69,7 +69,7 @@ public class ClientUpdateSourceGroupsCondition extends AbstractClientPolicyCondi @Override public String getProviderId() { - return ClientUpdateSourceGroupsConditionFactory.PROVIDER_ID; + return ClientUpdaterSourceGroupsConditionFactory.PROVIDER_ID; } @Override diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdateSourceGroupsConditionFactory.java b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceGroupsConditionFactory.java similarity index 89% rename from services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdateSourceGroupsConditionFactory.java rename to services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceGroupsConditionFactory.java index 7ed3875020..507be22560 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdateSourceGroupsConditionFactory.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceGroupsConditionFactory.java @@ -28,9 +28,9 @@ import org.keycloak.provider.ProviderConfigProperty; /** * @author Takashi Norimatsu */ -public class ClientUpdateSourceGroupsConditionFactory implements ClientPolicyConditionProviderFactory { +public class ClientUpdaterSourceGroupsConditionFactory implements ClientPolicyConditionProviderFactory { - public static final String PROVIDER_ID = "clientupdatesourcegroups-condition"; + public static final String PROVIDER_ID = "client-updater-source-groups"; public static final String GROUPS = "groups"; @@ -44,7 +44,7 @@ public class ClientUpdateSourceGroupsConditionFactory implements ClientPolicyCon @Override public ClientPolicyConditionProvider create(KeycloakSession session) { - return new ClientUpdateSourceGroupsCondition(session); + return new ClientUpdaterSourceGroupsCondition(session); } @Override diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdateSourceHostsCondition.java b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceHostsCondition.java similarity index 94% rename from services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdateSourceHostsCondition.java rename to services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceHostsCondition.java index ebe448d85e..de25eb004a 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdateSourceHostsCondition.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceHostsCondition.java @@ -35,11 +35,11 @@ import com.fasterxml.jackson.annotation.JsonProperty; /** * @author Takashi Norimatsu */ -public class ClientUpdateSourceHostsCondition extends AbstractClientPolicyConditionProvider { +public class ClientUpdaterSourceHostsCondition extends AbstractClientPolicyConditionProvider { - private static final Logger logger = Logger.getLogger(ClientUpdateSourceHostsCondition.class); + private static final Logger logger = Logger.getLogger(ClientUpdaterSourceHostsCondition.class); - public ClientUpdateSourceHostsCondition(KeycloakSession session) { + public ClientUpdaterSourceHostsCondition(KeycloakSession session) { super(session); } @@ -65,7 +65,7 @@ public class ClientUpdateSourceHostsCondition extends AbstractClientPolicyCondit @Override public String getProviderId() { - return ClientUpdateSourceHostsConditionFactory.PROVIDER_ID; + return ClientUpdaterSourceHostsConditionFactory.PROVIDER_ID; } @Override diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdateSourceHostsConditionFactory.java b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceHostsConditionFactory.java similarity index 81% rename from services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdateSourceHostsConditionFactory.java rename to services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceHostsConditionFactory.java index 3342befffc..2bde676ec7 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdateSourceHostsConditionFactory.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceHostsConditionFactory.java @@ -28,17 +28,18 @@ import org.keycloak.provider.ProviderConfigProperty; /** * @author Takashi Norimatsu */ -public class ClientUpdateSourceHostsConditionFactory implements ClientPolicyConditionProviderFactory { +public class ClientUpdaterSourceHostsConditionFactory implements ClientPolicyConditionProviderFactory { - public static final String PROVIDER_ID = "clientupdatesourcehost-condition"; + public static final String PROVIDER_ID = "client-updater-source-host"; public static final String TRUSTED_HOSTS = "trusted-hosts"; - private static final ProviderConfigProperty TRUSTED_HOSTS_PROPERTY = new ProviderConfigProperty(TRUSTED_HOSTS, "clientupdate-trusted-hosts.label", "clientupdate-trusted-hosts.tooltip", ProviderConfigProperty.MULTIVALUED_STRING_TYPE, null); + private static final ProviderConfigProperty TRUSTED_HOSTS_PROPERTY = new ProviderConfigProperty(TRUSTED_HOSTS, "client-updater-trusted-hosts.label", + "client-updater-trusted-hosts.tooltip", ProviderConfigProperty.MULTIVALUED_STRING_TYPE, null); @Override public ClientPolicyConditionProvider create(KeycloakSession session) { - return new ClientUpdateSourceHostsCondition(session); + return new ClientUpdaterSourceHostsCondition(session); } @Override diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdateSourceRolesCondition.java b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceRolesCondition.java similarity index 94% rename from services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdateSourceRolesCondition.java rename to services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceRolesCondition.java index 9840c62ccd..899cdf7cce 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdateSourceRolesCondition.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceRolesCondition.java @@ -44,11 +44,11 @@ import org.keycloak.services.clientpolicy.context.DynamicClientUpdateContext; /** * @author Takashi Norimatsu */ -public class ClientUpdateSourceRolesCondition extends AbstractClientPolicyConditionProvider { +public class ClientUpdaterSourceRolesCondition extends AbstractClientPolicyConditionProvider { - private static final Logger logger = Logger.getLogger(ClientUpdateSourceRolesCondition.class); + private static final Logger logger = Logger.getLogger(ClientUpdaterSourceRolesCondition.class); - public ClientUpdateSourceRolesCondition(KeycloakSession session) { + public ClientUpdaterSourceRolesCondition(KeycloakSession session) { super(session); } @@ -72,7 +72,7 @@ public class ClientUpdateSourceRolesCondition extends AbstractClientPolicyCondit @Override public String getProviderId() { - return ClientUpdateSourceRolesConditionFactory.PROVIDER_ID; + return ClientUpdaterSourceRolesConditionFactory.PROVIDER_ID; } @Override diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdateSourceRolesConditionFactory.java b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceRolesConditionFactory.java similarity index 89% rename from services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdateSourceRolesConditionFactory.java rename to services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceRolesConditionFactory.java index 4141dfb427..1aac10b1d1 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdateSourceRolesConditionFactory.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceRolesConditionFactory.java @@ -28,9 +28,9 @@ import org.keycloak.provider.ProviderConfigProperty; /** * @author Takashi Norimatsu */ -public class ClientUpdateSourceRolesConditionFactory implements ClientPolicyConditionProviderFactory { +public class ClientUpdaterSourceRolesConditionFactory implements ClientPolicyConditionProviderFactory { - public static final String PROVIDER_ID = "clientupdatesourceroles-condition"; + public static final String PROVIDER_ID = "client-updater-source-roles"; public static final String ROLES = "roles"; @@ -44,7 +44,7 @@ public class ClientUpdateSourceRolesConditionFactory implements ClientPolicyCond @Override public ClientPolicyConditionProvider create(KeycloakSession session) { - return new ClientUpdateSourceRolesCondition(session); + return new ClientUpdaterSourceRolesCondition(session); } @Override diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/executor/ConfidentialClientAcceptExecutorFactory.java b/services/src/main/java/org/keycloak/services/clientpolicy/executor/ConfidentialClientAcceptExecutorFactory.java index 3c1fa3af4f..bc0fbf1657 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/executor/ConfidentialClientAcceptExecutorFactory.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/executor/ConfidentialClientAcceptExecutorFactory.java @@ -29,7 +29,7 @@ import org.keycloak.provider.ProviderConfigProperty; */ public class ConfidentialClientAcceptExecutorFactory implements ClientPolicyExecutorProviderFactory { - public static final String PROVIDER_ID = "confidentialclient-accept-executor"; + public static final String PROVIDER_ID = "confidential-client"; @Override public ClientPolicyExecutorProvider create(KeycloakSession session) { diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/executor/ConsentRequiredExecutorFactory.java b/services/src/main/java/org/keycloak/services/clientpolicy/executor/ConsentRequiredExecutorFactory.java index ec144c9cc7..dd620cc6ee 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/executor/ConsentRequiredExecutorFactory.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/executor/ConsentRequiredExecutorFactory.java @@ -30,7 +30,7 @@ import org.keycloak.provider.ProviderConfigProperty; */ public class ConsentRequiredExecutorFactory implements ClientPolicyExecutorProviderFactory { - public static final String PROVIDER_ID = "consent-required-executor"; + public static final String PROVIDER_ID = "consent-required"; @Override public ClientPolicyExecutorProvider create(KeycloakSession session) { diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/executor/HolderOfKeyEnforceExecutor.java b/services/src/main/java/org/keycloak/services/clientpolicy/executor/HolderOfKeyEnforcerExecutor.java similarity index 96% rename from services/src/main/java/org/keycloak/services/clientpolicy/executor/HolderOfKeyEnforceExecutor.java rename to services/src/main/java/org/keycloak/services/clientpolicy/executor/HolderOfKeyEnforcerExecutor.java index 213f108ef3..60e34e906a 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/executor/HolderOfKeyEnforceExecutor.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/executor/HolderOfKeyEnforcerExecutor.java @@ -42,12 +42,12 @@ import com.fasterxml.jackson.annotation.JsonProperty; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; -public class HolderOfKeyEnforceExecutor implements ClientPolicyExecutorProvider { +public class HolderOfKeyEnforcerExecutor implements ClientPolicyExecutorProvider { private final KeycloakSession session; private Configuration configuration; - public HolderOfKeyEnforceExecutor(KeycloakSession session) { + public HolderOfKeyEnforcerExecutor(KeycloakSession session) { this.session = session; } @@ -76,7 +76,7 @@ public class HolderOfKeyEnforceExecutor implements ClientPolicyExecutorProvider< @Override public String getProviderId() { - return HolderOfKeyEnforceExecutorFactory.PROVIDER_ID; + return HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID; } @Override diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/executor/HolderOfKeyEnforceExecutorFactory.java b/services/src/main/java/org/keycloak/services/clientpolicy/executor/HolderOfKeyEnforcerExecutorFactory.java similarity index 92% rename from services/src/main/java/org/keycloak/services/clientpolicy/executor/HolderOfKeyEnforceExecutorFactory.java rename to services/src/main/java/org/keycloak/services/clientpolicy/executor/HolderOfKeyEnforcerExecutorFactory.java index 43f116ba9d..edc32c8fef 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/executor/HolderOfKeyEnforceExecutorFactory.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/executor/HolderOfKeyEnforcerExecutorFactory.java @@ -26,9 +26,9 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.List; -public class HolderOfKeyEnforceExecutorFactory implements ClientPolicyExecutorProviderFactory { +public class HolderOfKeyEnforcerExecutorFactory implements ClientPolicyExecutorProviderFactory { - public static final String PROVIDER_ID = "holder-of-key-enforce-executor"; + public static final String PROVIDER_ID = "holder-of-key-enforcer"; public static final String IS_AUGMENT = "is-augment"; @@ -37,7 +37,7 @@ public class HolderOfKeyEnforceExecutorFactory implements ClientPolicyExecutorPr @Override public ClientPolicyExecutorProvider create(KeycloakSession session) { - return new HolderOfKeyEnforceExecutor(session); + return new HolderOfKeyEnforcerExecutor(session); } @Override diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/executor/PKCEEnforceExecutor.java b/services/src/main/java/org/keycloak/services/clientpolicy/executor/PKCEEnforcerExecutor.java similarity index 97% rename from services/src/main/java/org/keycloak/services/clientpolicy/executor/PKCEEnforceExecutor.java rename to services/src/main/java/org/keycloak/services/clientpolicy/executor/PKCEEnforcerExecutor.java index 76024737a0..da468f67fa 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/executor/PKCEEnforceExecutor.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/executor/PKCEEnforcerExecutor.java @@ -48,7 +48,7 @@ import com.fasterxml.jackson.annotation.JsonProperty; /** * @author Takashi Norimatsu */ -public class PKCEEnforceExecutor implements ClientPolicyExecutorProvider { +public class PKCEEnforcerExecutor implements ClientPolicyExecutorProvider { private static final Pattern VALID_CODE_CHALLENGE_PATTERN = Pattern.compile("^[0-9a-zA-Z\\-\\.~_]+$"); private static final Pattern VALID_CODE_VERIFIER_PATTERN = Pattern.compile("^[0-9a-zA-Z\\-\\.~_]+$"); @@ -56,7 +56,7 @@ public class PKCEEnforceExecutor implements ClientPolicyExecutorProviderTakashi Norimatsu */ -public class PKCEEnforceExecutorFactory implements ClientPolicyExecutorProviderFactory { +public class PKCEEnforcerExecutorFactory implements ClientPolicyExecutorProviderFactory { - public static final String PROVIDER_ID = "pkce-enforce-executor"; + public static final String PROVIDER_ID = "pkce-enforcer"; public static final String IS_AUGMENT = "is-augment"; @@ -40,7 +40,7 @@ public class PKCEEnforceExecutorFactory implements ClientPolicyExecutorProviderF @Override public ClientPolicyExecutorProvider create(KeycloakSession session) { - return new PKCEEnforceExecutor(session); + return new PKCEEnforcerExecutor(session); } @Override diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureClientAuthEnforceExecutor.java b/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureClientAuthenticatorExecutor.java similarity index 91% rename from services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureClientAuthEnforceExecutor.java rename to services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureClientAuthenticatorExecutor.java index 59313b3572..ff012764fb 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureClientAuthEnforceExecutor.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureClientAuthenticatorExecutor.java @@ -32,17 +32,17 @@ import com.fasterxml.jackson.annotation.JsonProperty; /** * @author Takashi Norimatsu */ -public class SecureClientAuthEnforceExecutor implements ClientPolicyExecutorProvider { +public class SecureClientAuthenticatorExecutor implements ClientPolicyExecutorProvider { private final KeycloakSession session; private Configuration configuration; - public SecureClientAuthEnforceExecutor(KeycloakSession session) { + public SecureClientAuthenticatorExecutor(KeycloakSession session) { this.session = session; } @Override - public void setupConfiguration(SecureClientAuthEnforceExecutor.Configuration config) { + public void setupConfiguration(SecureClientAuthenticatorExecutor.Configuration config) { this.configuration = config; } @@ -86,7 +86,7 @@ public class SecureClientAuthEnforceExecutor implements ClientPolicyExecutorProv @Override public String getProviderId() { - return SecureClientAuthEnforceExecutorFactory.PROVIDER_ID; + return SecureClientAuthenticatorExecutorFactory.PROVIDER_ID; } @Override diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureClientAuthEnforceExecutorFactory.java b/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureClientAuthenticatorExecutorFactory.java similarity index 95% rename from services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureClientAuthEnforceExecutorFactory.java rename to services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureClientAuthenticatorExecutorFactory.java index 52147643a1..56f12175f6 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureClientAuthEnforceExecutorFactory.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureClientAuthenticatorExecutorFactory.java @@ -33,9 +33,9 @@ import org.keycloak.provider.ProviderFactory; /** * @author Takashi Norimatsu */ -public class SecureClientAuthEnforceExecutorFactory implements ClientPolicyExecutorProviderFactory { +public class SecureClientAuthenticatorExecutorFactory implements ClientPolicyExecutorProviderFactory { - public static final String PROVIDER_ID = "secure-client-authn-executor"; + public static final String PROVIDER_ID = "secure-client-authenticator"; public static final String IS_AUGMENT = "is-augment"; public static final String CLIENT_AUTHNS = "client-authns"; @@ -45,7 +45,7 @@ public class SecureClientAuthEnforceExecutorFactory implements ClientPolicyExecu @Override public ClientPolicyExecutorProvider create(KeycloakSession session) { - return new SecureClientAuthEnforceExecutor(session); + return new SecureClientAuthenticatorExecutor(session); } @Override diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureClientRegisteringUriEnforceExecutor.java b/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureClientUrisExecutor.java similarity index 94% rename from services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureClientRegisteringUriEnforceExecutor.java rename to services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureClientUrisExecutor.java index cb72bf7faf..bd20596489 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureClientRegisteringUriEnforceExecutor.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureClientUrisExecutor.java @@ -41,19 +41,19 @@ import org.keycloak.services.clientpolicy.context.DynamicClientUpdateContext; /** * @author Takashi Norimatsu */ -public class SecureClientRegisteringUriEnforceExecutor implements ClientPolicyExecutorProvider { +public class SecureClientUrisExecutor implements ClientPolicyExecutorProvider { - private static final Logger logger = Logger.getLogger(SecureClientRegisteringUriEnforceExecutor.class); + private static final Logger logger = Logger.getLogger(SecureClientUrisExecutor.class); private final KeycloakSession session; - public SecureClientRegisteringUriEnforceExecutor(KeycloakSession session) { + public SecureClientUrisExecutor(KeycloakSession session) { this.session = session; } @Override public String getProviderId() { - return SecureClientRegisteringUriEnforceExecutorFactory.PROVIDER_ID; + return SecureClientUrisExecutorFactory.PROVIDER_ID; } @Override diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureClientRegisteringUriEnforceExecutorFactory.java b/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureClientUrisExecutorFactory.java similarity index 86% rename from services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureClientRegisteringUriEnforceExecutorFactory.java rename to services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureClientUrisExecutorFactory.java index 429e70ecd2..4e9cc49e64 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureClientRegisteringUriEnforceExecutorFactory.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureClientUrisExecutorFactory.java @@ -28,13 +28,13 @@ import org.keycloak.provider.ProviderConfigProperty; /** * @author Takashi Norimatsu */ -public class SecureClientRegisteringUriEnforceExecutorFactory implements ClientPolicyExecutorProviderFactory { +public class SecureClientUrisExecutorFactory implements ClientPolicyExecutorProviderFactory { - public static final String PROVIDER_ID = "secure-clienturi-enforce-executor"; + public static final String PROVIDER_ID = "secure-client-uris"; @Override public ClientPolicyExecutorProvider create(KeycloakSession session) { - return new SecureClientRegisteringUriEnforceExecutor(session); + return new SecureClientUrisExecutor(session); } @Override diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureRequestObjectExecutorFactory.java b/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureRequestObjectExecutorFactory.java index 2e4d697894..cb0aca26c4 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureRequestObjectExecutorFactory.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureRequestObjectExecutorFactory.java @@ -32,7 +32,7 @@ import org.keycloak.provider.ProviderConfigProperty; */ public class SecureRequestObjectExecutorFactory implements ClientPolicyExecutorProviderFactory { - public static final String PROVIDER_ID = "secure-reqobj-executor"; + public static final String PROVIDER_ID = "secure-request-object"; public static final String VERIFY_NBF = "verify-nbf"; diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureResponseTypeExecutorFactory.java b/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureResponseTypeExecutorFactory.java index 967f9f667e..7d05e07ca9 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureResponseTypeExecutorFactory.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureResponseTypeExecutorFactory.java @@ -30,7 +30,7 @@ import org.keycloak.provider.ProviderConfigProperty; */ public class SecureResponseTypeExecutorFactory implements ClientPolicyExecutorProviderFactory { - public static final String PROVIDER_ID = "secure-responsetype-executor"; + public static final String PROVIDER_ID = "secure-response-type"; @Override public ClientPolicyExecutorProvider create(KeycloakSession session) { diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSessionEnforceExecutorFactory.java b/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSessionEnforceExecutorFactory.java index d3c2c5e02c..8df6f5971e 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSessionEnforceExecutorFactory.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSessionEnforceExecutorFactory.java @@ -30,7 +30,7 @@ import org.keycloak.provider.ProviderConfigProperty; */ public class SecureSessionEnforceExecutorFactory implements ClientPolicyExecutorProviderFactory { - public static final String PROVIDER_ID = "secure-session-enforce-executor"; + public static final String PROVIDER_ID = "secure-session"; @Override public ClientPolicyExecutorProvider create(KeycloakSession session) { @@ -56,7 +56,7 @@ public class SecureSessionEnforceExecutorFactory implements ClientPolicyExecutor @Override public String getHelpText() { - return "To prevent CSRF, it refuses the client's authorization request which lacks nonce in OIDC flow or state in OAuth2 grant."; + return "To prevent CSRF, it refuses the client's authorization request which lacks 'nonce' parameter in OIDC flow or 'state' parameter in OAuth2 grant."; } @Override diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSigningAlgorithmEnforceExecutor.java b/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSigningAlgorithmExecutor.java similarity index 94% rename from services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSigningAlgorithmEnforceExecutor.java rename to services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSigningAlgorithmExecutor.java index 5071d70b40..7dfbce549e 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSigningAlgorithmEnforceExecutor.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSigningAlgorithmExecutor.java @@ -45,9 +45,9 @@ import com.fasterxml.jackson.annotation.JsonProperty; /** * @author Takashi Norimatsu */ -public class SecureSigningAlgorithmEnforceExecutor implements ClientPolicyExecutorProvider { +public class SecureSigningAlgorithmExecutor implements ClientPolicyExecutorProvider { - private static final Logger logger = Logger.getLogger(SecureSigningAlgorithmEnforceExecutor.class); + private static final Logger logger = Logger.getLogger(SecureSigningAlgorithmExecutor.class); private final KeycloakSession session; private Configuration configuration; @@ -72,17 +72,17 @@ public class SecureSigningAlgorithmEnforceExecutor implements ClientPolicyExecut Algorithm.ES512 )); - public SecureSigningAlgorithmEnforceExecutor(KeycloakSession session) { + public SecureSigningAlgorithmExecutor(KeycloakSession session) { this.session = session; } @Override public String getProviderId() { - return SecureSigningAlgorithmEnforceExecutorFactory.PROVIDER_ID; + return SecureSigningAlgorithmExecutorFactory.PROVIDER_ID; } @Override - public void setupConfiguration(SecureSigningAlgorithmEnforceExecutor.Configuration config) { + public void setupConfiguration(SecureSigningAlgorithmExecutor.Configuration config) { this.configuration = Optional.ofNullable(config).orElse(createDefaultConfiguration()); if (config.getDefaultAlgorithm() == null || !isSecureAlgorithm(config.getDefaultAlgorithm())) config.setDefaultAlgorithm(DEFAULT_ALGORITHM_VALUE); } diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSigningAlgorithmEnforceExecutorFactory.java b/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSigningAlgorithmExecutorFactory.java similarity index 87% rename from services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSigningAlgorithmEnforceExecutorFactory.java rename to services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSigningAlgorithmExecutorFactory.java index df2a96a460..c38c8c8502 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSigningAlgorithmEnforceExecutorFactory.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSigningAlgorithmExecutorFactory.java @@ -31,19 +31,19 @@ import org.keycloak.provider.ProviderConfigProperty; /** * @author Takashi Norimatsu */ -public class SecureSigningAlgorithmEnforceExecutorFactory implements ClientPolicyExecutorProviderFactory { +public class SecureSigningAlgorithmExecutorFactory implements ClientPolicyExecutorProviderFactory { - public static final String PROVIDER_ID = "securesignalg-enforce-executor"; + public static final String PROVIDER_ID = "secure-signature-algorithm"; public static final String DEFAULT_ALGORITHM = "default-algorithm"; private static final ProviderConfigProperty DEFAULT_ALGORITHM_PROPERTY = new ProviderConfigProperty( DEFAULT_ALGORITHM, "Default Algorithm", "Default signature algorithm, which will be set to clients during client registration/update in case that client does not specify any algorithm", - ProviderConfigProperty.LIST_TYPE, Algorithm.PS256, new LinkedList<>(SecureSigningAlgorithmEnforceExecutor.ALLOWED_ALGORITHMS).toArray(new String[] {})); + ProviderConfigProperty.LIST_TYPE, Algorithm.PS256, new LinkedList<>(SecureSigningAlgorithmExecutor.ALLOWED_ALGORITHMS).toArray(new String[] {})); @Override public ClientPolicyExecutorProvider create(KeycloakSession session) { - return new SecureSigningAlgorithmEnforceExecutor(session); + return new SecureSigningAlgorithmExecutor(session); } @Override diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSigningAlgorithmForSignedJwtEnforceExecutor.java b/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSigningAlgorithmForSignedJwtExecutor.java similarity index 90% rename from services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSigningAlgorithmForSignedJwtEnforceExecutor.java rename to services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSigningAlgorithmForSignedJwtExecutor.java index 32df091fd2..56557b2c29 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSigningAlgorithmForSignedJwtEnforceExecutor.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSigningAlgorithmForSignedJwtExecutor.java @@ -34,19 +34,19 @@ import org.keycloak.services.clientpolicy.ClientPolicyException; import com.fasterxml.jackson.annotation.JsonProperty; -public class SecureSigningAlgorithmForSignedJwtEnforceExecutor implements ClientPolicyExecutorProvider { +public class SecureSigningAlgorithmForSignedJwtExecutor implements ClientPolicyExecutorProvider { - private static final Logger logger = Logger.getLogger(SecureSigningAlgorithmForSignedJwtEnforceExecutor.class); + private static final Logger logger = Logger.getLogger(SecureSigningAlgorithmForSignedJwtExecutor.class); private final KeycloakSession session; private Configuration configuration; - public SecureSigningAlgorithmForSignedJwtEnforceExecutor(KeycloakSession session) { + public SecureSigningAlgorithmForSignedJwtExecutor(KeycloakSession session) { this.session = session; } @Override - public void setupConfiguration(SecureSigningAlgorithmForSignedJwtEnforceExecutor.Configuration config) { + public void setupConfiguration(SecureSigningAlgorithmForSignedJwtExecutor.Configuration config) { this.configuration = config; } @@ -57,7 +57,7 @@ public class SecureSigningAlgorithmForSignedJwtEnforceExecutor implements Client @Override public String getProviderId() { - return SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory.PROVIDER_ID; + return SecureSigningAlgorithmForSignedJwtExecutorFactory.PROVIDER_ID; } public static class Configuration extends ClientPolicyExecutorConfigurationRepresentation { diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory.java b/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSigningAlgorithmForSignedJwtExecutorFactory.java similarity index 88% rename from services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory.java rename to services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSigningAlgorithmForSignedJwtExecutorFactory.java index 6a0f02520c..c46afe08e2 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/executor/SecureSigningAlgorithmForSignedJwtExecutorFactory.java @@ -24,12 +24,11 @@ import org.keycloak.provider.ProviderConfigProperty; import java.util.ArrayList; import java.util.Arrays; -import java.util.Collections; import java.util.List; -public class SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory implements ClientPolicyExecutorProviderFactory { +public class SecureSigningAlgorithmForSignedJwtExecutorFactory implements ClientPolicyExecutorProviderFactory { - public static final String PROVIDER_ID = "securesignalgjwt-enforce-executor"; + public static final String PROVIDER_ID = "secure-signature-algorithm-signed-jwt"; public static final String REQUIRE_CLIENT_ASSERTION = "require-client-assertion"; @@ -38,7 +37,7 @@ public class SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory implements @Override public ClientPolicyExecutorProvider create(KeycloakSession session) { - return new SecureSigningAlgorithmForSignedJwtEnforceExecutor(session); + return new SecureSigningAlgorithmForSignedJwtExecutor(session); } @Override diff --git a/services/src/main/resources/META-INF/services/org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProviderFactory b/services/src/main/resources/META-INF/services/org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProviderFactory index 6608ee186f..0b5e3cffde 100644 --- a/services/src/main/resources/META-INF/services/org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProviderFactory +++ b/services/src/main/resources/META-INF/services/org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProviderFactory @@ -1,8 +1,8 @@ -org.keycloak.services.clientpolicy.condition.ClientUpdateContextConditionFactory +org.keycloak.services.clientpolicy.condition.ClientUpdaterContextConditionFactory org.keycloak.services.clientpolicy.condition.ClientRolesConditionFactory org.keycloak.services.clientpolicy.condition.ClientScopesConditionFactory org.keycloak.services.clientpolicy.condition.ClientAccessTypeConditionFactory -org.keycloak.services.clientpolicy.condition.ClientUpdateSourceHostsConditionFactory -org.keycloak.services.clientpolicy.condition.ClientUpdateSourceGroupsConditionFactory -org.keycloak.services.clientpolicy.condition.ClientUpdateSourceRolesConditionFactory +org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceHostsConditionFactory +org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceGroupsConditionFactory +org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceRolesConditionFactory org.keycloak.services.clientpolicy.condition.AnyClientConditionFactory \ No newline at end of file diff --git a/services/src/main/resources/META-INF/services/org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProviderFactory b/services/src/main/resources/META-INF/services/org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProviderFactory index 6165719fc8..149142f137 100644 --- a/services/src/main/resources/META-INF/services/org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProviderFactory +++ b/services/src/main/resources/META-INF/services/org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProviderFactory @@ -1,11 +1,11 @@ org.keycloak.services.clientpolicy.executor.SecureResponseTypeExecutorFactory org.keycloak.services.clientpolicy.executor.SecureRequestObjectExecutorFactory -org.keycloak.services.clientpolicy.executor.SecureClientAuthEnforceExecutorFactory -org.keycloak.services.clientpolicy.executor.PKCEEnforceExecutorFactory +org.keycloak.services.clientpolicy.executor.SecureClientAuthenticatorExecutorFactory +org.keycloak.services.clientpolicy.executor.PKCEEnforcerExecutorFactory org.keycloak.services.clientpolicy.executor.SecureSessionEnforceExecutorFactory -org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmEnforceExecutorFactory -org.keycloak.services.clientpolicy.executor.SecureClientRegisteringUriEnforceExecutorFactory -org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory -org.keycloak.services.clientpolicy.executor.HolderOfKeyEnforceExecutorFactory +org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmExecutorFactory +org.keycloak.services.clientpolicy.executor.SecureClientUrisExecutorFactory +org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtExecutorFactory +org.keycloak.services.clientpolicy.executor.HolderOfKeyEnforcerExecutorFactory org.keycloak.services.clientpolicy.executor.ConfidentialClientAcceptExecutorFactory org.keycloak.services.clientpolicy.executor.ConsentRequiredExecutorFactory \ No newline at end of file diff --git a/services/src/main/resources/keycloak-default-client-profiles.json b/services/src/main/resources/keycloak-default-client-profiles.json index 154fd2de26..51a3de323e 100644 --- a/services/src/main/resources/keycloak-default-client-profiles.json +++ b/services/src/main/resources/keycloak-default-client-profiles.json @@ -5,7 +5,7 @@ "description": "The global default profile for enforcing basic security level to clients.", "executors": [ { - "executor": "secure-session-enforce-executor", + "executor": "secure-session", "configuration": {} } ] diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/services/clientpolicy/condition/TestRaiseExeptionConditionFactory.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/services/clientpolicy/condition/TestRaiseExeptionConditionFactory.java index afaab01f35..b084ef7791 100644 --- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/services/clientpolicy/condition/TestRaiseExeptionConditionFactory.java +++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/services/clientpolicy/condition/TestRaiseExeptionConditionFactory.java @@ -32,7 +32,7 @@ import org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvide */ public class TestRaiseExeptionConditionFactory implements ClientPolicyConditionProviderFactory { - public static final String PROVIDER_ID = "test-raise-exception-condition"; + public static final String PROVIDER_ID = "test-raise-exception"; @Override public ClientPolicyConditionProvider create(KeycloakSession session) { diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/services/clientpolicy/executor/TestRaiseExeptionExecutorFactory.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/services/clientpolicy/executor/TestRaiseExeptionExecutorFactory.java index dffd57248e..3d3fdc7026 100644 --- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/services/clientpolicy/executor/TestRaiseExeptionExecutorFactory.java +++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/services/clientpolicy/executor/TestRaiseExeptionExecutorFactory.java @@ -29,7 +29,7 @@ import org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProviderF public class TestRaiseExeptionExecutorFactory implements ClientPolicyExecutorProviderFactory { - public static final String PROVIDER_ID = "test-raise-exception-executor"; + public static final String PROVIDER_ID = "test-raise-exception"; @Override public ClientPolicyExecutorProvider create(KeycloakSession session) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractClientPoliciesTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractClientPoliciesTest.java index b7aaa60b83..be4abefe49 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractClientPoliciesTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractClientPoliciesTest.java @@ -116,29 +116,29 @@ import org.keycloak.services.clientpolicy.condition.ClientRolesCondition; import org.keycloak.services.clientpolicy.condition.ClientRolesConditionFactory; import org.keycloak.services.clientpolicy.condition.ClientScopesCondition; import org.keycloak.services.clientpolicy.condition.ClientScopesConditionFactory; -import org.keycloak.services.clientpolicy.condition.ClientUpdateContextCondition; -import org.keycloak.services.clientpolicy.condition.ClientUpdateContextConditionFactory; -import org.keycloak.services.clientpolicy.condition.ClientUpdateSourceGroupsCondition; -import org.keycloak.services.clientpolicy.condition.ClientUpdateSourceGroupsConditionFactory; -import org.keycloak.services.clientpolicy.condition.ClientUpdateSourceHostsCondition; -import org.keycloak.services.clientpolicy.condition.ClientUpdateSourceHostsConditionFactory; -import org.keycloak.services.clientpolicy.condition.ClientUpdateSourceRolesCondition; -import org.keycloak.services.clientpolicy.condition.ClientUpdateSourceRolesConditionFactory; -import org.keycloak.services.clientpolicy.executor.HolderOfKeyEnforceExecutor; -import org.keycloak.services.clientpolicy.executor.HolderOfKeyEnforceExecutorFactory; -import org.keycloak.services.clientpolicy.executor.PKCEEnforceExecutor; -import org.keycloak.services.clientpolicy.executor.PKCEEnforceExecutorFactory; -import org.keycloak.services.clientpolicy.executor.SecureClientAuthEnforceExecutor; -import org.keycloak.services.clientpolicy.executor.SecureClientAuthEnforceExecutorFactory; -import org.keycloak.services.clientpolicy.executor.SecureClientRegisteringUriEnforceExecutorFactory; +import org.keycloak.services.clientpolicy.condition.ClientUpdaterContextCondition; +import org.keycloak.services.clientpolicy.condition.ClientUpdaterContextConditionFactory; +import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceGroupsCondition; +import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceGroupsConditionFactory; +import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceHostsCondition; +import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceHostsConditionFactory; +import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceRolesCondition; +import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceRolesConditionFactory; +import org.keycloak.services.clientpolicy.executor.HolderOfKeyEnforcerExecutor; +import org.keycloak.services.clientpolicy.executor.HolderOfKeyEnforcerExecutorFactory; +import org.keycloak.services.clientpolicy.executor.PKCEEnforcerExecutor; +import org.keycloak.services.clientpolicy.executor.PKCEEnforcerExecutorFactory; +import org.keycloak.services.clientpolicy.executor.SecureClientAuthenticatorExecutor; +import org.keycloak.services.clientpolicy.executor.SecureClientAuthenticatorExecutorFactory; +import org.keycloak.services.clientpolicy.executor.SecureClientUrisExecutorFactory; import org.keycloak.services.clientpolicy.executor.SecureRequestObjectExecutor; import org.keycloak.services.clientpolicy.executor.SecureRequestObjectExecutorFactory; import org.keycloak.services.clientpolicy.executor.SecureResponseTypeExecutorFactory; import org.keycloak.services.clientpolicy.executor.SecureSessionEnforceExecutorFactory; -import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmEnforceExecutor; -import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmEnforceExecutorFactory; -import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtEnforceExecutor; -import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory; +import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmExecutor; +import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmExecutorFactory; +import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtExecutor; +import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtExecutorFactory; import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.AssertEvents; @@ -206,7 +206,7 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest { protected void setupValidProfilesAndPolicies() throws Exception { // load profiles ClientProfileRepresentation loadedProfileRep = (new ClientProfileBuilder()).createProfile("ordinal-test-profile", "The profile that can be loaded.") - .addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID, + .addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, createSecureClientAuthEnforceExecutorConfig( Boolean.TRUE, Arrays.asList(JWTClientAuthenticator.PROVIDER_ID), @@ -214,19 +214,19 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest { .toRepresentation(); ClientProfileRepresentation loadedProfileRepWithoutBuiltinField = (new ClientProfileBuilder()).createProfile("lack-of-builtin-field-test-profile", "Without builtin field that is treated as builtin=false.") - .addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID, + .addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, createSecureClientAuthEnforceExecutorConfig( Boolean.TRUE, Arrays.asList(JWTClientAuthenticator.PROVIDER_ID), JWTClientAuthenticator.PROVIDER_ID)) - .addExecutor(HolderOfKeyEnforceExecutorFactory.PROVIDER_ID, + .addExecutor(HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID, createHolderOfKeyEnforceExecutorConfig(Boolean.TRUE)) - .addExecutor(SecureClientRegisteringUriEnforceExecutorFactory.PROVIDER_ID, null) + .addExecutor(SecureClientUrisExecutorFactory.PROVIDER_ID, null) .addExecutor(SecureRequestObjectExecutorFactory.PROVIDER_ID, null) .addExecutor(SecureResponseTypeExecutorFactory.PROVIDER_ID, null) .addExecutor(SecureSessionEnforceExecutorFactory.PROVIDER_ID, null) - .addExecutor(SecureSigningAlgorithmEnforceExecutorFactory.PROVIDER_ID, null) - .addExecutor(SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory.PROVIDER_ID, null) + .addExecutor(SecureSigningAlgorithmExecutorFactory.PROVIDER_ID, null) + .addExecutor(SecureSigningAlgorithmForSignedJwtExecutorFactory.PROVIDER_ID, null) .toRepresentation(); String json = (new ClientProfilesBuilder()) @@ -259,13 +259,13 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest { "lack-of-builtin-field-test-policy", "Without builtin field that is treated as builtin=false.", null) - .addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID, - createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER))) - .addCondition(ClientUpdateSourceGroupsConditionFactory.PROVIDER_ID, + .addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID, + createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER))) + .addCondition(ClientUpdaterSourceGroupsConditionFactory.PROVIDER_ID, createClientUpdateSourceGroupsConditionConfig(Arrays.asList("topGroup"))) - .addCondition(ClientUpdateSourceHostsConditionFactory.PROVIDER_ID, + .addCondition(ClientUpdaterSourceHostsConditionFactory.PROVIDER_ID, createClientUpdateSourceHostsConditionConfig(Arrays.asList("localhost", "127.0.0.1"))) - .addCondition(ClientUpdateSourceRolesConditionFactory.PROVIDER_ID, + .addCondition(ClientUpdaterSourceRolesConditionFactory.PROVIDER_ID, createClientUpdateSourceRolesConditionConfig(Arrays.asList(AdminRoles.CREATE_CLIENT))) .addProfile("lack-of-builtin-field-test-profile") .toRepresentation(); @@ -300,7 +300,7 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest { modifiedAssertion.accept(actualProfilesRep); // each executor - assertExpectedExecutors(Arrays.asList(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID), actualProfileRep); + assertExpectedExecutors(Arrays.asList(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID), actualProfileRep); assertExpectedSecureClientAuthEnforceExecutor(Arrays.asList(JWTClientAuthenticator.PROVIDER_ID), true, JWTClientAuthenticator.PROVIDER_ID, actualProfileRep); // each profile - lack-of-builtin-field-test-profile @@ -309,14 +309,14 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest { // each executor assertExpectedExecutors(Arrays.asList( - SecureClientAuthEnforceExecutorFactory.PROVIDER_ID, - HolderOfKeyEnforceExecutorFactory.PROVIDER_ID, - SecureClientRegisteringUriEnforceExecutorFactory.PROVIDER_ID, + SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, + HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID, + SecureClientUrisExecutorFactory.PROVIDER_ID, SecureRequestObjectExecutorFactory.PROVIDER_ID, SecureResponseTypeExecutorFactory.PROVIDER_ID, SecureSessionEnforceExecutorFactory.PROVIDER_ID, - SecureSigningAlgorithmEnforceExecutorFactory.PROVIDER_ID, - SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory.PROVIDER_ID), actualProfileRep); + SecureSigningAlgorithmExecutorFactory.PROVIDER_ID, + SecureSigningAlgorithmForSignedJwtExecutorFactory.PROVIDER_ID), actualProfileRep); assertExpectedSecureClientAuthEnforceExecutor(Arrays.asList(JWTClientAuthenticator.PROVIDER_ID), true, JWTClientAuthenticator.PROVIDER_ID, actualProfileRep); assertExpectedHolderOfKeyEnforceExecutor(true, actualProfileRep); assertExpectedSecureRedirectUriEnforceExecutor(actualProfileRep); @@ -350,8 +350,8 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest { assertExpectedPolicy("lack-of-builtin-field-test-policy", "Without builtin field that is treated as builtin=false.", false, Arrays.asList("lack-of-builtin-field-test-profile"), actualPolicyRep); // each condition - assertExpectedConditions(Arrays.asList(ClientUpdateContextConditionFactory.PROVIDER_ID, ClientUpdateSourceGroupsConditionFactory.PROVIDER_ID, ClientUpdateSourceHostsConditionFactory.PROVIDER_ID, ClientUpdateSourceRolesConditionFactory.PROVIDER_ID), actualPolicyRep); - assertExpectedClientUpdateContextCondition(Arrays.asList(ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER), actualPolicyRep); + assertExpectedConditions(Arrays.asList(ClientUpdaterContextConditionFactory.PROVIDER_ID, ClientUpdaterSourceGroupsConditionFactory.PROVIDER_ID, ClientUpdaterSourceHostsConditionFactory.PROVIDER_ID, ClientUpdaterSourceRolesConditionFactory.PROVIDER_ID), actualPolicyRep); + assertExpectedClientUpdateContextCondition(Arrays.asList(ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER), actualPolicyRep); assertExpectedClientUpdateSourceGroupsCondition(Arrays.asList("topGroup"), actualPolicyRep); assertExpectedClientUpdateSourceHostsCondition(Arrays.asList("localhost", "127.0.0.1"), actualPolicyRep); assertExpectedClientUpdateSourceRolesCondition(Arrays.asList(AdminRoles.CREATE_CLIENT), actualPolicyRep); @@ -835,20 +835,20 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest { // Client Profiles - Executor CRUD Operations - protected HolderOfKeyEnforceExecutor.Configuration createHolderOfKeyEnforceExecutorConfig(Boolean isAugment) { - HolderOfKeyEnforceExecutor.Configuration config = new HolderOfKeyEnforceExecutor.Configuration(); + protected HolderOfKeyEnforcerExecutor.Configuration createHolderOfKeyEnforceExecutorConfig(Boolean isAugment) { + HolderOfKeyEnforcerExecutor.Configuration config = new HolderOfKeyEnforcerExecutor.Configuration(); config.setAugment(isAugment); return config; } - protected PKCEEnforceExecutor.Configuration createPKCEEnforceExecutorConfig(Boolean isAugment) { - PKCEEnforceExecutor.Configuration config = new PKCEEnforceExecutor.Configuration(); + protected PKCEEnforcerExecutor.Configuration createPKCEEnforceExecutorConfig(Boolean isAugment) { + PKCEEnforcerExecutor.Configuration config = new PKCEEnforcerExecutor.Configuration(); config.setAugment(isAugment); return config; } - protected SecureClientAuthEnforceExecutor.Configuration createSecureClientAuthEnforceExecutorConfig(Boolean isAugment, List clientAuthns, String clientAuthnsAugment) { - SecureClientAuthEnforceExecutor.Configuration config = new SecureClientAuthEnforceExecutor.Configuration(); + protected SecureClientAuthenticatorExecutor.Configuration createSecureClientAuthEnforceExecutorConfig(Boolean isAugment, List clientAuthns, String clientAuthnsAugment) { + SecureClientAuthenticatorExecutor.Configuration config = new SecureClientAuthenticatorExecutor.Configuration(); config.setAugment(isAugment); config.setClientAuthns(clientAuthns); config.setClientAuthnsAugment(clientAuthnsAugment); @@ -862,14 +862,14 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest { return config; } - protected SecureSigningAlgorithmForSignedJwtEnforceExecutor.Configuration createSecureSigningAlgorithmForSignedJwtEnforceExecutorConfig(Boolean requireClientAssertion) { - SecureSigningAlgorithmForSignedJwtEnforceExecutor.Configuration config = new SecureSigningAlgorithmForSignedJwtEnforceExecutor.Configuration(); + protected SecureSigningAlgorithmForSignedJwtExecutor.Configuration createSecureSigningAlgorithmForSignedJwtEnforceExecutorConfig(Boolean requireClientAssertion) { + SecureSigningAlgorithmForSignedJwtExecutor.Configuration config = new SecureSigningAlgorithmForSignedJwtExecutor.Configuration(); config.setRequireClientAssertion(requireClientAssertion); return config; } - protected SecureSigningAlgorithmEnforceExecutor.Configuration createSecureSigningAlgorithmEnforceExecutorConfig(String defaultAlgorithm) { - SecureSigningAlgorithmEnforceExecutor.Configuration config = new SecureSigningAlgorithmEnforceExecutor.Configuration(); + protected SecureSigningAlgorithmExecutor.Configuration createSecureSigningAlgorithmEnforceExecutorConfig(String defaultAlgorithm) { + SecureSigningAlgorithmExecutor.Configuration config = new SecureSigningAlgorithmExecutor.Configuration(); config.setDefaultAlgorithm(defaultAlgorithm); return config; } @@ -990,26 +990,26 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest { return config; } - protected ClientUpdateContextCondition.Configuration createClientUpdateContextConditionConfig(List updateClientSource) { - ClientUpdateContextCondition.Configuration config = new ClientUpdateContextCondition.Configuration(); + protected ClientUpdaterContextCondition.Configuration createClientUpdateContextConditionConfig(List updateClientSource) { + ClientUpdaterContextCondition.Configuration config = new ClientUpdaterContextCondition.Configuration(); config.setUpdateClientSource(updateClientSource); return config; } - protected ClientUpdateSourceGroupsCondition.Configuration createClientUpdateSourceGroupsConditionConfig(List groups) { - ClientUpdateSourceGroupsCondition.Configuration config = new ClientUpdateSourceGroupsCondition.Configuration(); + protected ClientUpdaterSourceGroupsCondition.Configuration createClientUpdateSourceGroupsConditionConfig(List groups) { + ClientUpdaterSourceGroupsCondition.Configuration config = new ClientUpdaterSourceGroupsCondition.Configuration(); config.setGroups(groups); return config; } - protected ClientUpdateSourceHostsCondition.Configuration createClientUpdateSourceHostsConditionConfig(List trustedHosts) { - ClientUpdateSourceHostsCondition.Configuration config = new ClientUpdateSourceHostsCondition.Configuration(); + protected ClientUpdaterSourceHostsCondition.Configuration createClientUpdateSourceHostsConditionConfig(List trustedHosts) { + ClientUpdaterSourceHostsCondition.Configuration config = new ClientUpdaterSourceHostsCondition.Configuration(); config.setTrustedHosts(trustedHosts); return config; } - protected ClientUpdateSourceRolesCondition.Configuration createClientUpdateSourceRolesConditionConfig(List roles) { - ClientUpdateSourceRolesCondition.Configuration config = new ClientUpdateSourceRolesCondition.Configuration(); + protected ClientUpdaterSourceRolesCondition.Configuration createClientUpdateSourceRolesConditionConfig(List roles) { + ClientUpdaterSourceRolesCondition.Configuration config = new ClientUpdaterSourceRolesCondition.Configuration(); config.setRoles(roles); return config; } @@ -1271,17 +1271,17 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest { } protected void assertExpectedHolderOfKeyEnforceExecutor(boolean isAugment, ClientProfileRepresentation profileRep) { - assertExpectedAugmenedExecutor(isAugment, HolderOfKeyEnforceExecutorFactory.PROVIDER_ID, profileRep); + assertExpectedAugmenedExecutor(isAugment, HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID, profileRep); } protected void assertExpectedPKCEEnforceExecutor(boolean isAugment, ClientProfileRepresentation profileRep) { - assertExpectedAugmenedExecutor(isAugment, PKCEEnforceExecutorFactory.PROVIDER_ID, profileRep); + assertExpectedAugmenedExecutor(isAugment, PKCEEnforcerExecutorFactory.PROVIDER_ID, profileRep); } protected void assertExpectedSecureClientAuthEnforceExecutor(List clientAuthns, boolean isAugment, String clientAuthnsAugment, ClientProfileRepresentation profileRep) { - assertExpectedAugmenedExecutor(isAugment, SecureClientAuthEnforceExecutorFactory.PROVIDER_ID, profileRep); + assertExpectedAugmenedExecutor(isAugment, SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, profileRep); assertNotNull(profileRep); - Map actualExecutorConfig = getConfigOfExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID, profileRep); + Map actualExecutorConfig = getConfigOfExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, profileRep); assertNotNull(actualExecutorConfig); Set actualClientAuthns = new HashSet<>((Collection) actualExecutorConfig.get("client-authns")); @@ -1292,7 +1292,7 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest { } protected void assertExpectedSecureRedirectUriEnforceExecutor(ClientProfileRepresentation profileRep) { - assertExpectedEmptyConfig(SecureClientRegisteringUriEnforceExecutorFactory.PROVIDER_ID, profileRep); + assertExpectedEmptyConfig(SecureClientUrisExecutorFactory.PROVIDER_ID, profileRep); } protected void assertExpectedSecureRequestObjectExecutor(ClientProfileRepresentation profileRep) { @@ -1308,11 +1308,11 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest { } protected void assertExpectedSecureSigningAlgorithmEnforceExecutor(ClientProfileRepresentation profileRep) { - assertExpectedEmptyConfig(SecureSigningAlgorithmEnforceExecutorFactory.PROVIDER_ID, profileRep); + assertExpectedEmptyConfig(SecureSigningAlgorithmExecutorFactory.PROVIDER_ID, profileRep); } protected void assertExpectedSecureSigningAlgorithmForSignedJwtEnforceExecutor(ClientProfileRepresentation profileRep) { - assertExpectedEmptyConfig(SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory.PROVIDER_ID, profileRep); + assertExpectedEmptyConfig(SecureSigningAlgorithmForSignedJwtExecutorFactory.PROVIDER_ID, profileRep); } protected void assertExpectedAugmenedExecutor(boolean isAugment, String providerId, ClientProfileRepresentation profileRep) { @@ -1393,22 +1393,22 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest { } protected void assertExpectedClientUpdateContextCondition(List updateClientSources, ClientPolicyRepresentation policyRep) { - ClientUpdateContextCondition.Configuration cfg = getConfigAsExpectedType(policyRep, ClientUpdateContextConditionFactory.PROVIDER_ID, ClientUpdateContextCondition.Configuration.class); + ClientUpdaterContextCondition.Configuration cfg = getConfigAsExpectedType(policyRep, ClientUpdaterContextConditionFactory.PROVIDER_ID, ClientUpdaterContextCondition.Configuration.class); Assert.assertEquals(cfg.getUpdateClientSource(), updateClientSources); } protected void assertExpectedClientUpdateSourceGroupsCondition(List groups, ClientPolicyRepresentation policyRep) { - ClientUpdateSourceGroupsCondition.Configuration cfg = getConfigAsExpectedType(policyRep, ClientUpdateSourceGroupsConditionFactory.PROVIDER_ID, ClientUpdateSourceGroupsCondition.Configuration.class); + ClientUpdaterSourceGroupsCondition.Configuration cfg = getConfigAsExpectedType(policyRep, ClientUpdaterSourceGroupsConditionFactory.PROVIDER_ID, ClientUpdaterSourceGroupsCondition.Configuration.class); Assert.assertEquals(cfg.getGroups(), groups); } protected void assertExpectedClientUpdateSourceHostsCondition(List trustedHosts, ClientPolicyRepresentation policyRep) { - ClientUpdateSourceHostsCondition.Configuration cfg = getConfigAsExpectedType(policyRep, ClientUpdateSourceHostsConditionFactory.PROVIDER_ID, ClientUpdateSourceHostsCondition.Configuration.class); + ClientUpdaterSourceHostsCondition.Configuration cfg = getConfigAsExpectedType(policyRep, ClientUpdaterSourceHostsConditionFactory.PROVIDER_ID, ClientUpdaterSourceHostsCondition.Configuration.class); Assert.assertEquals(cfg.getTrustedHosts(), trustedHosts); } protected void assertExpectedClientUpdateSourceRolesCondition(List roles, ClientPolicyRepresentation policyRep) { - ClientUpdateSourceRolesCondition.Configuration cfg = getConfigAsExpectedType(policyRep, ClientUpdateSourceRolesConditionFactory.PROVIDER_ID, ClientUpdateSourceRolesCondition.Configuration.class); + ClientUpdaterSourceRolesCondition.Configuration cfg = getConfigAsExpectedType(policyRep, ClientUpdaterSourceRolesConditionFactory.PROVIDER_ID, ClientUpdaterSourceRolesCondition.Configuration.class); Assert.assertEquals(cfg.getRoles(), roles); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientPoliciesLoadUpdateTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientPoliciesLoadUpdateTest.java index ab1fb54cd3..47b0bef132 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientPoliciesLoadUpdateTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientPoliciesLoadUpdateTest.java @@ -44,8 +44,8 @@ import org.keycloak.services.clientpolicy.ClientPolicyException; import org.keycloak.services.clientpolicy.ClientPoliciesUtil; import org.keycloak.services.clientpolicy.condition.ClientAccessTypeConditionFactory; import org.keycloak.services.clientpolicy.condition.ClientRolesConditionFactory; -import org.keycloak.services.clientpolicy.executor.PKCEEnforceExecutorFactory; -import org.keycloak.services.clientpolicy.executor.SecureClientAuthEnforceExecutorFactory; +import org.keycloak.services.clientpolicy.executor.PKCEEnforcerExecutorFactory; +import org.keycloak.services.clientpolicy.executor.SecureClientAuthenticatorExecutorFactory; import org.keycloak.services.clientpolicy.executor.SecureSessionEnforceExecutorFactory; import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; @@ -160,19 +160,19 @@ public class ClientPoliciesLoadUpdateTest extends AbstractClientPoliciesTest { // load profiles ClientProfileRepresentation duplicatedProfileRep = (new ClientProfileBuilder()).createProfile("builtin-basic-security", "Enforce basic security level") - .addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID, + .addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, createSecureClientAuthEnforceExecutorConfig( Boolean.FALSE, Arrays.asList(ClientIdAndSecretAuthenticator.PROVIDER_ID, JWTClientAuthenticator.PROVIDER_ID), null)) - .addExecutor(PKCEEnforceExecutorFactory.PROVIDER_ID, + .addExecutor(PKCEEnforcerExecutorFactory.PROVIDER_ID, createPKCEEnforceExecutorConfig(Boolean.FALSE)) .addExecutor("no-such-executor", createPKCEEnforceExecutorConfig(Boolean.TRUE)) .toRepresentation(); ClientProfileRepresentation loadedProfileRep = (new ClientProfileBuilder()).createProfile("ordinal-test-profile", "The profile that can be loaded.") - .addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID, + .addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, createSecureClientAuthEnforceExecutorConfig( Boolean.TRUE, Arrays.asList(JWTClientAuthenticator.PROVIDER_ID), @@ -199,7 +199,7 @@ public class ClientPoliciesLoadUpdateTest extends AbstractClientPoliciesTest { // register profiles String json = (new ClientProfilesBuilder()).addProfile( (new ClientProfileBuilder()).createProfile("global-default-profile", "Pershyy Profil") - .addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID, + .addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, createSecureClientAuthEnforceExecutorConfig(Boolean.TRUE, Arrays.asList(JWTClientAuthenticator.PROVIDER_ID, JWTClientSecretAuthenticator.PROVIDER_ID, X509ClientAuthenticator.PROVIDER_ID), X509ClientAuthenticator.PROVIDER_ID)) @@ -241,7 +241,7 @@ public class ClientPoliciesLoadUpdateTest extends AbstractClientPoliciesTest { + " \"builtin\" : false,\n" + " \"executors\": [\n" + " {\n" - + " \"new-secure-client-authn-executor\": {\n" + + " \"new-secure-client-authnenticator\": {\n" + " \"client-authns\": [ \"private-key-jwt\" ],\n" + " \"client-authns-augment\" : \"private-key-jwt\",\n" + " \"is-augment\" : true\n" @@ -273,7 +273,7 @@ public class ClientPoliciesLoadUpdateTest extends AbstractClientPoliciesTest { + " \"description\" : \"Not builtin profile that should be skipped.\",\n" + " \"builtin\" : \"no\",\n" + " \"executors\": {\n" - + " \"new-secure-client-authn-executor\": {\n" + + " \"new-secure-client-authnenticator\": {\n" + " \"client-authns\": [ \"private-key-jwt\" ],\n" + " \"client-authns-augment\" : \"private-key-jwt\",\n" + " \"is-augment\" : true\n" @@ -364,7 +364,7 @@ public class ClientPoliciesLoadUpdateTest extends AbstractClientPoliciesTest { + " \"enable\": true,\n" + " \"conditions\": [\n" + " {\n" - + " \"new-clientupdatesourcehost-condition\": {\n" + + " \"new-client-updater-source-host\": {\n" + " \"trusted-hosts\": [\"myuniversity\"],\n" + " \"host-sending-request-must-match\" : [true]\n" + " }\n" diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientPoliciesTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientPoliciesTest.java index 7098f10867..e16b69e1ff 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientPoliciesTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientPoliciesTest.java @@ -51,8 +51,6 @@ import org.keycloak.authentication.authenticators.client.ClientIdAndSecretAuthen import org.keycloak.authentication.authenticators.client.JWTClientAuthenticator; import org.keycloak.authentication.authenticators.client.JWTClientSecretAuthenticator; import org.keycloak.authentication.authenticators.client.X509ClientAuthenticator; -import org.keycloak.client.registration.Auth; -import org.keycloak.client.registration.ClientRegistration; import org.keycloak.client.registration.ClientRegistrationException; import org.keycloak.common.Profile; import org.keycloak.events.Details; @@ -68,8 +66,6 @@ import org.keycloak.protocol.oidc.OIDCLoginProtocol; import org.keycloak.protocol.oidc.utils.OIDCResponseType; import org.keycloak.representations.AccessToken; import org.keycloak.representations.RefreshToken; -import org.keycloak.representations.idm.ClientInitialAccessCreatePresentation; -import org.keycloak.representations.idm.ClientInitialAccessPresentation; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.CredentialRepresentation; import org.keycloak.representations.idm.EventRepresentation; @@ -83,22 +79,21 @@ import org.keycloak.services.clientpolicy.condition.AnyClientConditionFactory; import org.keycloak.services.clientpolicy.condition.ClientAccessTypeConditionFactory; import org.keycloak.services.clientpolicy.condition.ClientRolesConditionFactory; import org.keycloak.services.clientpolicy.condition.ClientScopesConditionFactory; -import org.keycloak.services.clientpolicy.condition.ClientUpdateContextConditionFactory; -import org.keycloak.services.clientpolicy.condition.ClientUpdateSourceGroupsConditionFactory; -import org.keycloak.services.clientpolicy.condition.ClientUpdateSourceHostsConditionFactory; -import org.keycloak.services.clientpolicy.condition.ClientUpdateSourceRolesConditionFactory; +import org.keycloak.services.clientpolicy.condition.ClientUpdaterContextConditionFactory; +import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceGroupsConditionFactory; +import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceHostsConditionFactory; +import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceRolesConditionFactory; import org.keycloak.services.clientpolicy.executor.ConfidentialClientAcceptExecutorFactory; import org.keycloak.services.clientpolicy.executor.ConsentRequiredExecutorFactory; -import org.keycloak.services.clientpolicy.executor.HolderOfKeyEnforceExecutorFactory; -import org.keycloak.services.clientpolicy.executor.PKCEEnforceExecutorFactory; -import org.keycloak.services.clientpolicy.executor.SecureClientAuthEnforceExecutorFactory; -import org.keycloak.services.clientpolicy.executor.SecureClientRegisteringUriEnforceExecutorFactory; +import org.keycloak.services.clientpolicy.executor.HolderOfKeyEnforcerExecutorFactory; +import org.keycloak.services.clientpolicy.executor.PKCEEnforcerExecutorFactory; +import org.keycloak.services.clientpolicy.executor.SecureClientAuthenticatorExecutorFactory; +import org.keycloak.services.clientpolicy.executor.SecureClientUrisExecutorFactory; import org.keycloak.services.clientpolicy.executor.SecureRequestObjectExecutorFactory; import org.keycloak.services.clientpolicy.executor.SecureResponseTypeExecutorFactory; import org.keycloak.services.clientpolicy.executor.SecureSessionEnforceExecutorFactory; -import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmEnforceExecutorFactory; -import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtEnforceExecutor; -import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory; +import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmExecutorFactory; +import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtExecutorFactory; import org.keycloak.services.clientpolicy.executor.SecureRequestObjectExecutor; import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; @@ -250,7 +245,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { // register profiles String json = (new ClientProfilesBuilder()).addProfile( (new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Pershyy Profil") - .addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID, + .addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, createSecureClientAuthEnforceExecutorConfig(Boolean.TRUE, Arrays.asList(JWTClientAuthenticator.PROVIDER_ID, JWTClientSecretAuthenticator.PROVIDER_ID, X509ClientAuthenticator.PROVIDER_ID), X509ClientAuthenticator.PROVIDER_ID)) @@ -261,8 +256,8 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { // register policies json = (new ClientPoliciesBuilder()).addPolicy( (new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Persha Polityka", Boolean.TRUE) - .addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID, - createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER))) + .addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID, + createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER))) .addProfile(PROFILE_NAME) .toRepresentation() ).toString(); @@ -277,7 +272,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { // update profiles json = (new ClientProfilesBuilder()).addProfile( (new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Pershyy Profil") - .addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID, + .addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, createSecureClientAuthEnforceExecutorConfig(Boolean.TRUE, Arrays.asList(JWTClientAuthenticator.PROVIDER_ID, JWTClientSecretAuthenticator.PROVIDER_ID, X509ClientAuthenticator.PROVIDER_ID), JWTClientAuthenticator.PROVIDER_ID)) @@ -333,7 +328,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { // register profiles String json = (new ClientProfilesBuilder()).addProfile( (new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Den Eichte profil") - .addExecutor(PKCEEnforceExecutorFactory.PROVIDER_ID, + .addExecutor(PKCEEnforcerExecutorFactory.PROVIDER_ID, createPKCEEnforceExecutorConfig(Boolean.TRUE)) .toRepresentation() ).toString(); @@ -382,7 +377,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { // register profiles String json = (new ClientProfilesBuilder()).addProfile( (new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Purofairu Sono Ichi") - .addExecutor(PKCEEnforceExecutorFactory.PROVIDER_ID, + .addExecutor(PKCEEnforcerExecutorFactory.PROVIDER_ID, createPKCEEnforceExecutorConfig(Boolean.FALSE)) .toRepresentation() ).toString(); @@ -393,8 +388,8 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { (new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Porishii Sono Ichi", Boolean.TRUE) .addCondition(ClientRolesConditionFactory.PROVIDER_ID, createClientRolesConditionConfig(Arrays.asList(SAMPLE_CLIENT_ROLE))) - .addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID, - createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER))) + .addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID, + createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER))) .toRepresentation() ).toString(); updatePolicies(json); @@ -412,8 +407,8 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { updatePolicy((new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Koushinsareta Porishii Sono Ichi", Boolean.TRUE) .addCondition(ClientRolesConditionFactory.PROVIDER_ID, createClientRolesConditionConfig(Arrays.asList(SAMPLE_CLIENT_ROLE))) - .addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID, - createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER))) + .addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID, + createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER))) .addProfile(PROFILE_NAME) .toRepresentation()); @@ -422,7 +417,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { // update profiles updateProfile( (new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Koushinsareta Purofairu Sono Ichi") - .addExecutor(PKCEEnforceExecutorFactory.PROVIDER_ID, + .addExecutor(PKCEEnforcerExecutorFactory.PROVIDER_ID, createPKCEEnforceExecutorConfig(Boolean.TRUE)) .toRepresentation()); @@ -474,11 +469,11 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { String profileBetaName = "MyProfile-beta"; String json = (new ClientProfilesBuilder()).addProfile( (new ClientProfileBuilder()).createProfile(profileAlphaName, "Pierwszy Profil") - .addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID, + .addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, createSecureClientAuthEnforceExecutorConfig(Boolean.TRUE, Arrays.asList(ClientIdAndSecretAuthenticator.PROVIDER_ID), ClientIdAndSecretAuthenticator.PROVIDER_ID)) .toRepresentation()).addProfile( (new ClientProfileBuilder()).createProfile(profileBetaName, "Drugi Profil") - .addExecutor(PKCEEnforceExecutorFactory.PROVIDER_ID, + .addExecutor(PKCEEnforcerExecutorFactory.PROVIDER_ID, createPKCEEnforceExecutorConfig(Boolean.TRUE)) .toRepresentation() ).toString(); @@ -491,8 +486,8 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { (new ClientPolicyBuilder()).createPolicy(policyAlphaName, "Pierwsza Zasada", Boolean.TRUE) .addCondition(ClientRolesConditionFactory.PROVIDER_ID, createClientRolesConditionConfig(Arrays.asList(roleAlphaName, roleZetaName))) - .addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID, - createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER))) + .addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID, + createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER))) .addProfile(profileAlphaName) .toRepresentation()).addPolicy( (new ClientPolicyBuilder()).createPolicy(policyBetaName, "Drugi Zasada", Boolean.TRUE) @@ -591,7 +586,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { // register profiles String json = (new ClientProfilesBuilder()).addProfile( (new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Die Erste Politik") - .addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID, null) + .addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, null) .toRepresentation() ).toString(); updateProfiles(json); @@ -604,17 +599,17 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { .toRepresentation() ).addPolicy( (new ClientPolicyBuilder()).createPolicy("MyPolicy-ClientUpdateSourceGroupsCondition", "Die Zweite Politik", Boolean.TRUE) - .addCondition(ClientUpdateSourceGroupsConditionFactory.PROVIDER_ID, null) + .addCondition(ClientUpdaterSourceGroupsConditionFactory.PROVIDER_ID, null) .addProfile(PROFILE_NAME) .toRepresentation() ).addPolicy( (new ClientPolicyBuilder()).createPolicy("MyPolicy-ClientUpdateSourceRolesCondition", "Die Dritte Politik", Boolean.TRUE) - .addCondition(ClientUpdateSourceRolesConditionFactory.PROVIDER_ID, null) + .addCondition(ClientUpdaterSourceRolesConditionFactory.PROVIDER_ID, null) .addProfile(PROFILE_NAME) .toRepresentation() ).addPolicy( (new ClientPolicyBuilder()).createPolicy("MyPolicy-ClientUpdateContextCondition", "Die Vierte Politik", Boolean.TRUE) - .addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID, null) + .addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID, null) .addProfile(PROFILE_NAME) .toRepresentation() ).toString(); @@ -638,7 +633,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { // register profiles String json = (new ClientProfilesBuilder()).addProfile( (new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Prvni Profil") - .addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID, + .addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, createSecureClientAuthEnforceExecutorConfig( Boolean.FALSE, Arrays.asList(JWTClientAuthenticator.PROVIDER_ID, JWTClientSecretAuthenticator.PROVIDER_ID, X509ClientAuthenticator.PROVIDER_ID), @@ -651,7 +646,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { // register policies json = (new ClientPoliciesBuilder()).addPolicy( (new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Prvni Politika", Boolean.TRUE) - .addCondition(ClientUpdateSourceHostsConditionFactory.PROVIDER_ID, + .addCondition(ClientUpdaterSourceHostsConditionFactory.PROVIDER_ID, createClientUpdateSourceHostsConditionConfig(Arrays.asList("localhost", "127.0.0.1"))) .addProfile(PROFILE_NAME) .toRepresentation() @@ -672,7 +667,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { // update policies json = (new ClientPoliciesBuilder()).addPolicy( (new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Aktualizovana Prvni Politika", Boolean.TRUE) - .addCondition(ClientUpdateSourceHostsConditionFactory.PROVIDER_ID, + .addCondition(ClientUpdaterSourceHostsConditionFactory.PROVIDER_ID, createClientUpdateSourceHostsConditionConfig(Arrays.asList("example.com"))) .addProfile(PROFILE_NAME) .toRepresentation() @@ -693,7 +688,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { // register profiles String json = (new ClientProfilesBuilder()).addProfile( (new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Den Forste Profil") - .addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID, + .addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, createSecureClientAuthEnforceExecutorConfig( Boolean.FALSE, Arrays.asList(JWTClientAuthenticator.PROVIDER_ID), @@ -706,7 +701,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { // register policies json = (new ClientPoliciesBuilder()).addPolicy( (new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Den Forste Politik", Boolean.TRUE) - .addCondition(ClientUpdateSourceGroupsConditionFactory.PROVIDER_ID, + .addCondition(ClientUpdaterSourceGroupsConditionFactory.PROVIDER_ID, createClientUpdateSourceGroupsConditionConfig(Arrays.asList("topGroup"))) .addProfile(PROFILE_NAME) .toRepresentation() @@ -733,7 +728,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { // register profiles String json = (new ClientProfilesBuilder()).addProfile( (new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Il Primo Profilo") - .addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID, + .addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, createSecureClientAuthEnforceExecutorConfig( Boolean.FALSE, Arrays.asList(JWTClientSecretAuthenticator.PROVIDER_ID), @@ -746,7 +741,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { // register policies json = (new ClientPoliciesBuilder()).addPolicy( (new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "La Prima Politica", Boolean.TRUE) - .addCondition(ClientUpdateSourceRolesConditionFactory.PROVIDER_ID, + .addCondition(ClientUpdaterSourceRolesConditionFactory.PROVIDER_ID, createClientUpdateSourceRolesConditionConfig(Arrays.asList(Constants.REALM_MANAGEMENT_CLIENT_ID + "." + AdminRoles.CREATE_CLIENT))) .addProfile(PROFILE_NAME) .toRepresentation() @@ -773,7 +768,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { // register profiles String json = (new ClientProfilesBuilder()).addProfile( (new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Het Eerste Profiel") - .addExecutor(PKCEEnforceExecutorFactory.PROVIDER_ID, + .addExecutor(PKCEEnforcerExecutorFactory.PROVIDER_ID, createPKCEEnforceExecutorConfig(Boolean.TRUE)) .toRepresentation() ).toString(); @@ -1165,7 +1160,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { // register profiles String json = (new ClientProfilesBuilder()).addProfile( (new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Den Forsta Profilen") - .addExecutor(SecureSigningAlgorithmEnforceExecutorFactory.PROVIDER_ID, null) + .addExecutor(SecureSigningAlgorithmExecutorFactory.PROVIDER_ID, null) .toRepresentation() ).toString(); updateProfiles(json); @@ -1173,11 +1168,11 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { // register policies json = (new ClientPoliciesBuilder()).addPolicy( (new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Den Forsta Policyn", Boolean.TRUE) - .addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID, + .addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID, createClientUpdateContextConditionConfig(Arrays.asList( - ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER, - ClientUpdateContextConditionFactory.BY_INITIAL_ACCESS_TOKEN, - ClientUpdateContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN))) + ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER, + ClientUpdaterContextConditionFactory.BY_INITIAL_ACCESS_TOKEN, + ClientUpdaterContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN))) .addProfile(PROFILE_NAME) .toRepresentation() ).toString(); @@ -1238,7 +1233,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { // update profiles, ES256 enforced json = (new ClientProfilesBuilder()).addProfile( (new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Den Forsta Profilen") - .addExecutor(SecureSigningAlgorithmEnforceExecutorFactory.PROVIDER_ID, + .addExecutor(SecureSigningAlgorithmExecutorFactory.PROVIDER_ID, createSecureSigningAlgorithmEnforceExecutorConfig(org.keycloak.crypto.Algorithm.ES256)) .toRepresentation() ).toString(); @@ -1262,7 +1257,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { // update profiles, fall back to PS256 json = (new ClientProfilesBuilder()).addProfile( (new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Den Forsta Profilen") - .addExecutor(SecureSigningAlgorithmEnforceExecutorFactory.PROVIDER_ID, + .addExecutor(SecureSigningAlgorithmExecutorFactory.PROVIDER_ID, createSecureSigningAlgorithmEnforceExecutorConfig(org.keycloak.crypto.Algorithm.RS512)) .toRepresentation() ).toString(); @@ -1319,7 +1314,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { // update profiles, enforce ES256 json = (new ClientProfilesBuilder()).addProfile( (new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Den Forsta Profilen") - .addExecutor(SecureSigningAlgorithmEnforceExecutorFactory.PROVIDER_ID, + .addExecutor(SecureSigningAlgorithmExecutorFactory.PROVIDER_ID, createSecureSigningAlgorithmEnforceExecutorConfig(org.keycloak.crypto.Algorithm.ES256)) .toRepresentation() ).toString(); @@ -1344,7 +1339,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { // register profiles String json = (new ClientProfilesBuilder()).addProfile( (new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Ensimmainen Profiili") - .addExecutor(SecureClientRegisteringUriEnforceExecutorFactory.PROVIDER_ID, null) + .addExecutor(SecureClientUrisExecutorFactory.PROVIDER_ID, null) .toRepresentation() ).toString(); updateProfiles(json); @@ -1352,11 +1347,11 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { // register policies json = (new ClientPoliciesBuilder()).addPolicy( (new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Ensimmainen Politiikka", Boolean.TRUE) - .addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID, + .addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID, createClientUpdateContextConditionConfig(Arrays.asList( - ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER, - ClientUpdateContextConditionFactory.BY_INITIAL_ACCESS_TOKEN, - ClientUpdateContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN))) + ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER, + ClientUpdaterContextConditionFactory.BY_INITIAL_ACCESS_TOKEN, + ClientUpdaterContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN))) .addProfile(PROFILE_NAME) .toRepresentation() ).toString(); @@ -1391,10 +1386,10 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { // update policies json = (new ClientPoliciesBuilder()).addPolicy( (new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Paivitetyn Ensimmaisen Politiikka", Boolean.TRUE) - .addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID, + .addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID, createClientUpdateContextConditionConfig(Arrays.asList( - ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER, - ClientUpdateContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN))) + ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER, + ClientUpdaterContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN))) .addProfile(PROFILE_NAME) .toRepresentation() ).toString(); @@ -1544,7 +1539,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { // register profiles String json = (new ClientProfilesBuilder()).addProfile( (new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Ensimmainen Profiili") - .addExecutor(SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory.PROVIDER_ID, createSecureSigningAlgorithmForSignedJwtEnforceExecutorConfig(Boolean.TRUE) + .addExecutor(SecureSigningAlgorithmForSignedJwtExecutorFactory.PROVIDER_ID, createSecureSigningAlgorithmForSignedJwtEnforceExecutorConfig(Boolean.TRUE) ).toRepresentation() ) .toString(); @@ -1636,7 +1631,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { // register profiles String json = (new ClientProfilesBuilder()).addProfile( (new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Ensimmainen Profiili") - .addExecutor(SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory.PROVIDER_ID, createSecureSigningAlgorithmForSignedJwtEnforceExecutorConfig(Boolean.FALSE)) + .addExecutor(SecureSigningAlgorithmForSignedJwtExecutorFactory.PROVIDER_ID, createSecureSigningAlgorithmForSignedJwtEnforceExecutorConfig(Boolean.FALSE)) .toRepresentation() ).toString(); updateProfiles(json); @@ -1697,9 +1692,9 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { // register profiles String json = (new ClientProfilesBuilder()).addProfile( (new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Az Elso Profil") - .addExecutor(HolderOfKeyEnforceExecutorFactory.PROVIDER_ID, + .addExecutor(HolderOfKeyEnforcerExecutorFactory.PROVIDER_ID, createHolderOfKeyEnforceExecutorConfig(Boolean.TRUE)) - .addExecutor(SecureSigningAlgorithmForSignedJwtEnforceExecutorFactory.PROVIDER_ID, + .addExecutor(SecureSigningAlgorithmForSignedJwtExecutorFactory.PROVIDER_ID, createSecureSigningAlgorithmForSignedJwtEnforceExecutorConfig(Boolean.FALSE)) .toRepresentation() ).toString(); @@ -2061,7 +2056,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { String profileName = "MyProfile"; String json = (new ClientProfilesBuilder()).addProfile( (new ClientProfileBuilder()).createProfile(profileName, "Primum Profile") - .addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID, + .addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, createSecureClientAuthEnforceExecutorConfig(Boolean.FALSE, Arrays.asList(JWTClientAuthenticator.PROVIDER_ID, JWTClientSecretAuthenticator.PROVIDER_ID, X509ClientAuthenticator.PROVIDER_ID), null)) @@ -2072,8 +2067,8 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { // register policies json = (new ClientPoliciesBuilder()).addPolicy( (new ClientPolicyBuilder()).createPolicy(policyName, "Primum Consilium", Boolean.TRUE) - .addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID, - createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdateContextConditionFactory.BY_AUTHENTICATED_USER))) + .addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID, + createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER))) .addProfile(profileName) .toRepresentation() ).toString(); @@ -2085,11 +2080,11 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { String profileName = "MyProfile"; String json = (new ClientProfilesBuilder()).addProfile( (new ClientProfileBuilder()).createProfile(profileName, "Primul Profil") - .addExecutor(SecureClientAuthEnforceExecutorFactory.PROVIDER_ID, + .addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, createSecureClientAuthEnforceExecutorConfig(Boolean.TRUE, Arrays.asList(ClientIdAndSecretAuthenticator.PROVIDER_ID, JWTClientAuthenticator.PROVIDER_ID), ClientIdAndSecretAuthenticator.PROVIDER_ID)) - .addExecutor(PKCEEnforceExecutorFactory.PROVIDER_ID, + .addExecutor(PKCEEnforcerExecutorFactory.PROVIDER_ID, createPKCEEnforceExecutorConfig(Boolean.TRUE)) .toRepresentation() ).toString(); @@ -2100,8 +2095,8 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest { (new ClientPolicyBuilder()).createPolicy(policyName, "Prima Politica", Boolean.TRUE) .addCondition(ClientRolesConditionFactory.PROVIDER_ID, createClientRolesConditionConfig(Arrays.asList(SAMPLE_CLIENT_ROLE))) - .addCondition(ClientUpdateContextConditionFactory.PROVIDER_ID, - createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdateContextConditionFactory.BY_INITIAL_ACCESS_TOKEN))) + .addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID, + createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdaterContextConditionFactory.BY_INITIAL_ACCESS_TOKEN))) .addProfile(profileName) .toRepresentation() ).toString(); diff --git a/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties b/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties index 2799140c9a..e1415c6a5e 100644 --- a/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties +++ b/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties @@ -872,18 +872,18 @@ client-profiles.tooltip=Client Profiles applied on this policy add-profile.placeholder=Add client profile ... no-client-profiles-configured=No client profiles configured -clientscopes-condition.label=Expected Scopes -clientscopes-condition.tooltip=The list of expected client scopes. Condition evaluates to true if specified client request matches some of the client scopes. It depends also whether it should be default or optional client scope based on the 'Scope Type' configured. +client-scopes-condition.label=Expected Scopes +client-scopes-condition.tooltip=The list of expected client scopes. Condition evaluates to true if specified client request matches some of the client scopes. It depends also whether it should be default or optional client scope based on the 'Scope Type' configured. client-accesstype.label=Client Access Type client-accesstype.tooltip=Access Type of the client, for which the condition will be applied. -clientroles-condition.label=Client Roles -clientroles-condition.tooltip=Client roles, which will be checked during this condition evaluation. Condition evaluates to true if client has at least one client role with the name as the client roles specified in the configuration. -clientupdatesourcegroups-condition.label=Groups -clientupdatesourcegroups-condition.tooltip=Name of groups to check. Condition evaluates to true if the entity, who creates/updates client is member of some of the specified groups. Configured groups are specified by their simple name, which must match to the name of the Keycloak group. No support for group hierarchy is used here. -clientupdate-trusted-hosts.label=Trusted hosts -clientupdate-trusted-hosts.tooltip=List of Hosts, which are trusted. In case that client registration/update request comes from the host/domain specified in this configuration, condition evaluates to true. You can use hostnames or IP addresses. If you use star at the beginning (for example '*.example.com' ) then whole domain example.com will be trusted. -clientupdatesourceroles-condition.label=Updating entity role -clientupdatesourceroles-condition.tooltip=The condition is checked during client registration/update requests and it evaluates to true if the entity (usually user), who is creating/updating client is member of the specified role. For reference the realm role, you can use the realm role name like 'my_realm_role' . For reference client role, you can use the client_id.role_name for example 'my_client.my_client_role' will refer to client role 'my_client_role' of client 'my_client'. +client-roles.label=Client Roles +client-roles-condition.tooltip=Client roles, which will be checked during this condition evaluation. Condition evaluates to true if client has at least one client role with the name as the client roles specified in the configuration. +client-updater-source-groups.label=Groups +client-updater-source-groups.tooltip=Name of groups to check. Condition evaluates to true if the entity, who creates/updates client is member of some of the specified groups. Configured groups are specified by their simple name, which must match to the name of the Keycloak group. No support for group hierarchy is used here. +client-updater-trusted-hosts.label=Trusted hosts +client-updater-trusted-hosts.tooltip=List of Hosts, which are trusted. In case that client registration/update request comes from the host/domain specified in this configuration, condition evaluates to true. You can use hostnames or IP addresses. If you use star at the beginning (for example '*.example.com' ) then whole domain example.com will be trusted. +client-updater-source-roles.label=Updating entity role +client-updater-source-roles.tooltip=The condition is checked during client registration/update requests and it evaluates to true if the entity (usually user), who is creating/updating client is member of the specified role. For reference the realm role, you can use the realm role name like 'my_realm_role' . For reference client role, you can use the client_id.role_name for example 'my_client.my_client_role' will refer to client role 'my_client_role' of client 'my_client'. groups=Groups