From ef134390c2f6258d8857abb7244b19b70966c9a9 Mon Sep 17 00:00:00 2001 From: Takashi Norimatsu Date: Mon, 10 Jan 2022 18:19:11 +0900 Subject: [PATCH] Client Policies : Condition's negative logic configuration is not shown in Admin Console's form view Closes #9447 --- ...tClientPolicyConditionProviderFactory.java | 52 +++++++++++++++++++ .../condition/AnyClientConditionFactory.java | 28 ++++------ .../ClientAccessTypeConditionFactory.java | 19 ++----- .../ClientRolesConditionFactory.java | 19 ++----- .../ClientScopesConditionFactory.java | 19 ++----- .../ClientUpdaterContextConditionFactory.java | 19 ++----- ...ntUpdaterSourceGroupsConditionFactory.java | 19 ++----- ...entUpdaterSourceHostsConditionFactory.java | 33 +++++------- ...entUpdaterSourceRolesConditionFactory.java | 20 ++----- 9 files changed, 93 insertions(+), 135 deletions(-) create mode 100644 server-spi-private/src/main/java/org/keycloak/services/clientpolicy/condition/AbstractClientPolicyConditionProviderFactory.java diff --git a/server-spi-private/src/main/java/org/keycloak/services/clientpolicy/condition/AbstractClientPolicyConditionProviderFactory.java b/server-spi-private/src/main/java/org/keycloak/services/clientpolicy/condition/AbstractClientPolicyConditionProviderFactory.java new file mode 100644 index 0000000000..79ee51e770 --- /dev/null +++ b/server-spi-private/src/main/java/org/keycloak/services/clientpolicy/condition/AbstractClientPolicyConditionProviderFactory.java @@ -0,0 +1,52 @@ +/* + * Copyright 2022 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.services.clientpolicy.condition; + +import java.util.ArrayList; +import java.util.List; + +import org.keycloak.Config.Scope; +import org.keycloak.models.KeycloakSessionFactory; +import org.keycloak.provider.ProviderConfigProperty; + +/** + * @author Takashi Norimatsu + */ +public abstract class AbstractClientPolicyConditionProviderFactory implements ClientPolicyConditionProviderFactory { + + public static final String IS_NEGATIVE_LOGIC = "is-negative-logic"; + + static protected void addCommonConfigProperties(List configProperties) { + ProviderConfigProperty property = new ProviderConfigProperty(IS_NEGATIVE_LOGIC, "Negative Logic", + "If On, the result of condition's evaluation is reverted from true to false and vice versa.", + ProviderConfigProperty.BOOLEAN_TYPE, false); + configProperties.add(property); + } + + @Override + public void init(Scope config) { + } + + @Override + public void postInit(KeycloakSessionFactory factory) { + } + + @Override + public void close() { + } +} diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/condition/AnyClientConditionFactory.java b/services/src/main/java/org/keycloak/services/clientpolicy/condition/AnyClientConditionFactory.java index 2f54c81854..f25543c9dc 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/condition/AnyClientConditionFactory.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/condition/AnyClientConditionFactory.java @@ -17,38 +17,30 @@ package org.keycloak.services.clientpolicy.condition; -import java.util.Collections; +import java.util.ArrayList; import java.util.List; -import org.keycloak.Config.Scope; import org.keycloak.models.KeycloakSession; -import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.provider.ProviderConfigProperty; /** * @author Takashi Norimatsu */ -public class AnyClientConditionFactory implements ClientPolicyConditionProviderFactory { +public class AnyClientConditionFactory extends AbstractClientPolicyConditionProviderFactory { public static final String PROVIDER_ID = "any-client"; + private static final List configProperties = new ArrayList(); + + static { + addCommonConfigProperties(configProperties); + } + @Override public ClientPolicyConditionProvider create(KeycloakSession session) { return new AnyClientCondition(session); } - @Override - public void init(Scope config) { - } - - @Override - public void postInit(KeycloakSessionFactory factory) { - } - - @Override - public void close() { - } - @Override public String getId() { return PROVIDER_ID; @@ -59,9 +51,9 @@ public class AnyClientConditionFactory implements ClientPolicyConditionProviderF return "The condition is satisfied by any client on any event."; } + @Override public List getConfigProperties() { - return Collections.emptyList(); + return configProperties; } - } diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientAccessTypeConditionFactory.java b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientAccessTypeConditionFactory.java index 3792c95c8b..013a4c58ae 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientAccessTypeConditionFactory.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientAccessTypeConditionFactory.java @@ -21,15 +21,13 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.List; -import org.keycloak.Config.Scope; import org.keycloak.models.KeycloakSession; -import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.provider.ProviderConfigProperty; /** * @author Takashi Norimatsu */ -public class ClientAccessTypeConditionFactory implements ClientPolicyConditionProviderFactory { +public class ClientAccessTypeConditionFactory extends AbstractClientPolicyConditionProviderFactory { public static final String PROVIDER_ID = "client-access-type"; @@ -42,6 +40,8 @@ public class ClientAccessTypeConditionFactory implements ClientPolicyConditionPr private static final List configProperties = new ArrayList(); static { + addCommonConfigProperties(configProperties); + ProviderConfigProperty property; property = new ProviderConfigProperty(TYPE, "client-accesstype.label", "client-accesstype.tooltip", ProviderConfigProperty.MULTIVALUED_LIST_TYPE, TYPE_CONFIDENTIAL); List updateProfileValues = Arrays.asList(TYPE_CONFIDENTIAL, TYPE_PUBLIC, TYPE_BEARERONLY); @@ -54,18 +54,6 @@ public class ClientAccessTypeConditionFactory implements ClientPolicyConditionPr return new ClientAccessTypeCondition(session); } - @Override - public void init(Scope config) { - } - - @Override - public void postInit(KeycloakSessionFactory factory) { - } - - @Override - public void close() { - } - @Override public String getId() { return PROVIDER_ID; @@ -80,5 +68,4 @@ public class ClientAccessTypeConditionFactory implements ClientPolicyConditionPr public List getConfigProperties() { return configProperties; } - } diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientRolesConditionFactory.java b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientRolesConditionFactory.java index c5ca78db3a..b5bd2eb484 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientRolesConditionFactory.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientRolesConditionFactory.java @@ -20,15 +20,13 @@ package org.keycloak.services.clientpolicy.condition; import java.util.ArrayList; import java.util.List; -import org.keycloak.Config.Scope; import org.keycloak.models.KeycloakSession; -import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.provider.ProviderConfigProperty; /** * @author Takashi Norimatsu */ -public class ClientRolesConditionFactory implements ClientPolicyConditionProviderFactory { +public class ClientRolesConditionFactory extends AbstractClientPolicyConditionProviderFactory { public static final String PROVIDER_ID = "client-roles"; @@ -37,6 +35,8 @@ public class ClientRolesConditionFactory implements ClientPolicyConditionProvide private static final List configProperties = new ArrayList(); static { + addCommonConfigProperties(configProperties); + ProviderConfigProperty property; property = new ProviderConfigProperty(ROLES, PROVIDER_ID + ".label", PROVIDER_ID + "-condition.tooltip", ProviderConfigProperty.MULTIVALUED_STRING_TYPE, null); configProperties.add(property); @@ -47,18 +47,6 @@ public class ClientRolesConditionFactory implements ClientPolicyConditionProvide return new ClientRolesCondition(session); } - @Override - public void init(Scope config) { - } - - @Override - public void postInit(KeycloakSessionFactory factory) { - } - - @Override - public void close() { - } - @Override public String getId() { return PROVIDER_ID; @@ -73,5 +61,4 @@ public class ClientRolesConditionFactory implements ClientPolicyConditionProvide public List getConfigProperties() { return configProperties; } - } diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientScopesConditionFactory.java b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientScopesConditionFactory.java index 8036314f01..e16b5e74e0 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientScopesConditionFactory.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientScopesConditionFactory.java @@ -21,16 +21,14 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.List; -import org.keycloak.Config.Scope; import org.keycloak.OAuth2Constants; import org.keycloak.models.KeycloakSession; -import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.provider.ProviderConfigProperty; /** * @author Takashi Norimatsu */ -public class ClientScopesConditionFactory implements ClientPolicyConditionProviderFactory { +public class ClientScopesConditionFactory extends AbstractClientPolicyConditionProviderFactory { public static final String PROVIDER_ID = "client-scopes"; @@ -42,6 +40,8 @@ public class ClientScopesConditionFactory implements ClientPolicyConditionProvid private static final List configProperties = new ArrayList(); static { + addCommonConfigProperties(configProperties); + ProviderConfigProperty property = new ProviderConfigProperty(SCOPES, PROVIDER_ID + "-condition.label", PROVIDER_ID + "-condition.tooltip", ProviderConfigProperty.MULTIVALUED_STRING_TYPE, OAuth2Constants.OFFLINE_ACCESS); configProperties.add(property); property = new ProviderConfigProperty(TYPE, "Scope Type", @@ -57,18 +57,6 @@ public class ClientScopesConditionFactory implements ClientPolicyConditionProvid return new ClientScopesCondition(session); } - @Override - public void init(Scope config) { - } - - @Override - public void postInit(KeycloakSessionFactory factory) { - } - - @Override - public void close() { - } - @Override public String getId() { return PROVIDER_ID; @@ -83,5 +71,4 @@ public class ClientScopesConditionFactory implements ClientPolicyConditionProvid public List getConfigProperties() { return configProperties; } - } \ No newline at end of file diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterContextConditionFactory.java b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterContextConditionFactory.java index fa7ef99423..b3f872b3dd 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterContextConditionFactory.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterContextConditionFactory.java @@ -21,15 +21,13 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.List; -import org.keycloak.Config.Scope; import org.keycloak.models.KeycloakSession; -import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.provider.ProviderConfigProperty; /** * @author Takashi Norimatsu */ -public class ClientUpdaterContextConditionFactory implements ClientPolicyConditionProviderFactory { +public class ClientUpdaterContextConditionFactory extends AbstractClientPolicyConditionProviderFactory { public static final String PROVIDER_ID = "client-updater-context"; @@ -43,6 +41,8 @@ public class ClientUpdaterContextConditionFactory implements ClientPolicyConditi private static final List configProperties = new ArrayList(); static { + addCommonConfigProperties(configProperties); + ProviderConfigProperty property; property = new ProviderConfigProperty(UPDATE_CLIENT_SOURCE, "Update Client Context", "Specifies the context how is client created or updated. " + "ByInitialAccessToken is usually OpenID Connect client registration with the initial access token. " + @@ -59,18 +59,6 @@ public class ClientUpdaterContextConditionFactory implements ClientPolicyConditi return new ClientUpdaterContextCondition(session); } - @Override - public void init(Scope config) { - } - - @Override - public void postInit(KeycloakSessionFactory factory) { - } - - @Override - public void close() { - } - @Override public String getId() { return PROVIDER_ID; @@ -85,5 +73,4 @@ public class ClientUpdaterContextConditionFactory implements ClientPolicyConditi public List getConfigProperties() { return configProperties; } - } diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceGroupsConditionFactory.java b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceGroupsConditionFactory.java index 507be22560..22536302e2 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceGroupsConditionFactory.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceGroupsConditionFactory.java @@ -20,15 +20,13 @@ package org.keycloak.services.clientpolicy.condition; import java.util.ArrayList; import java.util.List; -import org.keycloak.Config.Scope; import org.keycloak.models.KeycloakSession; -import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.provider.ProviderConfigProperty; /** * @author Takashi Norimatsu */ -public class ClientUpdaterSourceGroupsConditionFactory implements ClientPolicyConditionProviderFactory { +public class ClientUpdaterSourceGroupsConditionFactory extends AbstractClientPolicyConditionProviderFactory { public static final String PROVIDER_ID = "client-updater-source-groups"; @@ -37,6 +35,8 @@ public class ClientUpdaterSourceGroupsConditionFactory implements ClientPolicyCo private static final List configProperties = new ArrayList(); static { + addCommonConfigProperties(configProperties); + ProviderConfigProperty property; property = new ProviderConfigProperty(GROUPS, PROVIDER_ID + ".label", PROVIDER_ID + ".tooltip", ProviderConfigProperty.MULTIVALUED_STRING_TYPE, "topGroup"); configProperties.add(property); @@ -47,18 +47,6 @@ public class ClientUpdaterSourceGroupsConditionFactory implements ClientPolicyCo return new ClientUpdaterSourceGroupsCondition(session); } - @Override - public void init(Scope config) { - } - - @Override - public void postInit(KeycloakSessionFactory factory) { - } - - @Override - public void close() { - } - @Override public String getId() { return PROVIDER_ID; @@ -73,5 +61,4 @@ public class ClientUpdaterSourceGroupsConditionFactory implements ClientPolicyCo public List getConfigProperties() { return configProperties; } - } diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceHostsConditionFactory.java b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceHostsConditionFactory.java index 2bde676ec7..8702eac591 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceHostsConditionFactory.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceHostsConditionFactory.java @@ -17,43 +17,37 @@ package org.keycloak.services.clientpolicy.condition; -import java.util.Arrays; +import java.util.ArrayList; import java.util.List; -import org.keycloak.Config.Scope; import org.keycloak.models.KeycloakSession; -import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.provider.ProviderConfigProperty; /** * @author Takashi Norimatsu */ -public class ClientUpdaterSourceHostsConditionFactory implements ClientPolicyConditionProviderFactory { +public class ClientUpdaterSourceHostsConditionFactory extends AbstractClientPolicyConditionProviderFactory { public static final String PROVIDER_ID = "client-updater-source-host"; public static final String TRUSTED_HOSTS = "trusted-hosts"; - private static final ProviderConfigProperty TRUSTED_HOSTS_PROPERTY = new ProviderConfigProperty(TRUSTED_HOSTS, "client-updater-trusted-hosts.label", - "client-updater-trusted-hosts.tooltip", ProviderConfigProperty.MULTIVALUED_STRING_TYPE, null); + private static final List configProperties = new ArrayList(); + + static { + addCommonConfigProperties(configProperties); + + ProviderConfigProperty property; + property = new ProviderConfigProperty(TRUSTED_HOSTS, "client-updater-trusted-hosts.label", + "client-updater-trusted-hosts.tooltip", ProviderConfigProperty.MULTIVALUED_STRING_TYPE, null); + configProperties.add(property); + } @Override public ClientPolicyConditionProvider create(KeycloakSession session) { return new ClientUpdaterSourceHostsCondition(session); } - @Override - public void init(Scope config) { - } - - @Override - public void postInit(KeycloakSessionFactory factory) { - } - - @Override - public void close() { - } - @Override public String getId() { return PROVIDER_ID; @@ -66,7 +60,6 @@ public class ClientUpdaterSourceHostsConditionFactory implements ClientPolicyCon @Override public List getConfigProperties() { - return Arrays.asList(TRUSTED_HOSTS_PROPERTY); + return configProperties; } - } diff --git a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceRolesConditionFactory.java b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceRolesConditionFactory.java index 1aac10b1d1..bb32cce666 100644 --- a/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceRolesConditionFactory.java +++ b/services/src/main/java/org/keycloak/services/clientpolicy/condition/ClientUpdaterSourceRolesConditionFactory.java @@ -20,15 +20,13 @@ package org.keycloak.services.clientpolicy.condition; import java.util.ArrayList; import java.util.List; -import org.keycloak.Config.Scope; import org.keycloak.models.KeycloakSession; -import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.provider.ProviderConfigProperty; /** * @author Takashi Norimatsu */ -public class ClientUpdaterSourceRolesConditionFactory implements ClientPolicyConditionProviderFactory { +public class ClientUpdaterSourceRolesConditionFactory extends AbstractClientPolicyConditionProviderFactory { public static final String PROVIDER_ID = "client-updater-source-roles"; @@ -37,6 +35,8 @@ public class ClientUpdaterSourceRolesConditionFactory implements ClientPolicyCon private static final List configProperties = new ArrayList(); static { + addCommonConfigProperties(configProperties); + ProviderConfigProperty property; property = new ProviderConfigProperty(ROLES, PROVIDER_ID + ".label", PROVIDER_ID + ".tooltip", ProviderConfigProperty.MULTIVALUED_STRING_TYPE, "admin"); configProperties.add(property); @@ -47,18 +47,6 @@ public class ClientUpdaterSourceRolesConditionFactory implements ClientPolicyCon return new ClientUpdaterSourceRolesCondition(session); } - @Override - public void init(Scope config) { - } - - @Override - public void postInit(KeycloakSessionFactory factory) { - } - - @Override - public void close() { - } - @Override public String getId() { return PROVIDER_ID; @@ -67,12 +55,10 @@ public class ClientUpdaterSourceRolesConditionFactory implements ClientPolicyCon @Override public String getHelpText() { return "The condition checks the role of the entity who tries to create/update the client to determine whether the policy is applied."; - } @Override public List getConfigProperties() { return configProperties; } - }