Java Code Examples for org.keycloak.representations.idm.ClientRepresentation#setAuthorizationServicesEnabled()

The following examples show how to use org.keycloak.representations.idm.ClientRepresentation#setAuthorizationServicesEnabled() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: KeycloakTestResource.java    From quarkus with Apache License 2.0 6 votes vote down vote up
private static ClientRepresentation createClient(String clientId) {
    ClientRepresentation client = new ClientRepresentation();

    client.setClientId(clientId);
    client.setPublicClient(false);
    client.setSecret("secret");
    client.setDirectAccessGrantsEnabled(true);
    client.setEnabled(true);

    client.setAuthorizationServicesEnabled(true);

    ResourceServerRepresentation authorizationSettings = new ResourceServerRepresentation();

    authorizationSettings.setResources(new ArrayList<>());
    authorizationSettings.setPolicies(new ArrayList<>());

    configurePermissionResourcePermission(authorizationSettings);
    configureClaimBasedPermission(authorizationSettings);
    configureHttpResponseClaimBasedPermission(authorizationSettings);
    configureBodyClaimBasedPermission(authorizationSettings);
    configurePaths(authorizationSettings);

    client.setAuthorizationSettings(authorizationSettings);

    return client;
}
 
Example 2
Source File: AbstractAuthorizationTest.java    From keycloak with Apache License 2.0 6 votes vote down vote up
protected void enableAuthorizationServices(boolean enable) {
    ClientRepresentation resourceServer = getResourceServer();

    resourceServer.setAuthorizationServicesEnabled(enable);
    resourceServer.setServiceAccountsEnabled(true);
    resourceServer.setPublicClient(false);
    resourceServer.setSecret("secret");

    getClientResource().update(resourceServer);

    if (enable) {
        AuthorizationResource authorization = getClientResource().authorization();
        ResourceServerRepresentation settings = authorization.exportSettings();
        settings.setAllowRemoteResourceManagement(true);
        authorization.update(settings);
    }
}
 
Example 3
Source File: KeycloakTestResource.java    From quarkus with Apache License 2.0 5 votes vote down vote up
private static ClientRepresentation createClient(String clientId) {
    ClientRepresentation client = new ClientRepresentation();

    client.setClientId(clientId);
    client.setPublicClient(false);
    client.setSecret("secret");
    client.setDirectAccessGrantsEnabled(true);
    client.setEnabled(true);

    client.setAuthorizationServicesEnabled(true);

    ResourceServerRepresentation authorizationSettings = new ResourceServerRepresentation();

    authorizationSettings.setResources(new ArrayList<>());
    authorizationSettings.setPolicies(new ArrayList<>());

    configurePermissionResourcePermission(authorizationSettings);
    configureClaimBasedPermission(authorizationSettings);
    configureHttpResponseClaimBasedPermission(authorizationSettings);
    configureBodyClaimBasedPermission(authorizationSettings);
    configurePaths(authorizationSettings);
    configureScopePermission(authorizationSettings);

    client.setAuthorizationSettings(authorizationSettings);

    return client;
}
 
Example 4
Source File: AbstractClientTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
protected String createOidcConfidentialClientWithAuthz(String name) {
    ClientRepresentation clientRep = createOidcClientRep(name);
    clientRep.setBearerOnly(Boolean.FALSE);
    clientRep.setPublicClient(Boolean.FALSE);
    clientRep.setAuthorizationServicesEnabled(Boolean.TRUE);
    clientRep.setServiceAccountsEnabled(Boolean.TRUE);
    String id = createClient(clientRep);
    assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientResourcePath(id), ResourceType.AUTHORIZATION_RESOURCE_SERVER);
    return id;
}
 
Example 5
Source File: PartialImportTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
private void addClients(boolean withServiceAccounts) throws IOException {
    List<ClientRepresentation> clients = new ArrayList<>();
    List<UserRepresentation> serviceAccounts = new ArrayList<>();

    for (int i = 0; i < NUM_ENTITIES; i++) {
        ClientRepresentation client = new ClientRepresentation();
        client.setClientId(CLIENT_PREFIX + i);
        client.setName(CLIENT_PREFIX + i);
        clients.add(client);
        if (withServiceAccounts) {
            client.setServiceAccountsEnabled(true);
            client.setBearerOnly(false);
            client.setPublicClient(false);
            client.setAuthorizationSettings(resourceServerSampleSettings);
            client.setAuthorizationServicesEnabled(true);
            // create the user service account
            UserRepresentation serviceAccount = new UserRepresentation();
            serviceAccount.setUsername(ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + client.getClientId());
            serviceAccount.setEnabled(true);
            serviceAccount.setEmail(serviceAccount.getUsername() + "@placeholder.org");
            serviceAccount.setServiceAccountClientId(client.getClientId());
            serviceAccounts.add(serviceAccount);
        }
    }

    if (withServiceAccounts) {
        if (piRep.getUsers() == null) {
            piRep.setUsers(new ArrayList<>());
        }
        piRep.getUsers().addAll(serviceAccounts);
    }
    piRep.setClients(clients);
}
 
Example 6
Source File: DefaultAuthzConfigAdapterTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
private void configureAuthorizationServices() {
    ClientsResource clients = realmsResouce().realm(REALM_NAME).clients();
    ClientRepresentation client = clients.findByClientId(RESOURCE_SERVER_ID).get(0);

    client.setAuthorizationServicesEnabled(false);

    // disables authorization services and remove authorization configuration from the client app
    clients.get(client.getId()).update(client);

    client.setAuthorizationServicesEnabled(true);

    // enable authorization services in order to generate the default config and continue with tests
    clients.get(client.getId()).update(client);
}
 
Example 7
Source File: ResourcesRestServiceTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Override
public void after() {
    super.after();
    ClientResource resourceServer = getResourceServer();
    ClientRepresentation representation = resourceServer.toRepresentation();
    representation.setAuthorizationServicesEnabled(false);
    resourceServer.update(representation);
    representation.setAuthorizationServicesEnabled(true);
    resourceServer.update(representation);
}
 
Example 8
Source File: AbstractAuthorizationSettingsTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
private ClientRepresentation createResourceServer() {
    ClientRepresentation newClient = createClientRep("oidc-confidetial", OIDC);

    createClient(newClient);

    newClient.setRedirectUris(TEST_REDIRECT_URIs);
    newClient.setAuthorizationServicesEnabled(true);

    clientSettingsPage.form().setAccessType(ClientSettingsForm.OidcAccessType.CONFIDENTIAL);
    clientSettingsPage.form().setRedirectUris(TEST_REDIRECT_URIs);
    clientSettingsPage.form().setAuthorizationSettingsEnabled(true);
    clientSettingsPage.form().save();
    assertAlertSuccess();

    ClientRepresentation found = findClientByClientId(newClient.getClientId());
    assertNotNull("Client " + newClient.getClientId() + " was not found.", found);

    newClient.setPublicClient(false);
    newClient.setServiceAccountsEnabled(true);

    assertClientSettingsEqual(newClient, found);
    assertTrue(clientSettingsPage.tabs().getTabs().findElement(By.linkText("Authorization")).isDisplayed());

    clientSettingsPage.setId(found.getId());
    clientSettingsPage.navigateTo();
    authorizationPage.setId(found.getId());

    clientSettingsPage.tabs().authorization();
    assertTrue(authorizationPage.isCurrent());

    newClient.setId(found.getId());

    return newClient;
}
 
Example 9
Source File: ClientResource.java    From keycloak with Apache License 2.0 5 votes vote down vote up
private void updateClientFromRep(ClientRepresentation rep, ClientModel client, KeycloakSession session) throws ModelDuplicateException {
    UserModel serviceAccount = this.session.users().getServiceAccount(client);
    if (TRUE.equals(rep.isServiceAccountsEnabled())) {
        if (serviceAccount == null) {
            new ClientManager(new RealmManager(session)).enableServiceAccount(client);
        }
    }
    else {
        if (serviceAccount != null) {
            new UserManager(session).removeUser(realm, serviceAccount);
        }
    }

    if (rep.getClientId() != null && !rep.getClientId().equals(client.getClientId())) {
        new ClientManager(new RealmManager(session)).clientIdChanged(client, rep.getClientId());
    }

    if (rep.isFullScopeAllowed() != null && rep.isFullScopeAllowed() != client.isFullScopeAllowed()) {
        auth.clients().requireManage(client);
    }

    if ((rep.isBearerOnly() != null && rep.isBearerOnly()) || (rep.isPublicClient() != null && rep.isPublicClient())) {
        rep.setAuthorizationServicesEnabled(false);
    }

    RepresentationToModel.updateClient(rep, client);
    RepresentationToModel.updateClientProtocolMappers(rep, client);
    updateAuthorizationSettings(rep);
}
 
Example 10
Source File: OIDCClientRegistrationProvider.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Response createOIDC(OIDCClientRepresentation clientOIDC) {
    if (clientOIDC.getClientId() != null) {
        throw new ErrorResponseException(ErrorCodes.INVALID_CLIENT_METADATA, "Client Identifier included", Response.Status.BAD_REQUEST);
    }

    try {
        ClientRepresentation client = DescriptionConverter.toInternal(session, clientOIDC);
        List<String> grantTypes = clientOIDC.getGrantTypes();

        if (grantTypes != null && grantTypes.contains(OAuth2Constants.UMA_GRANT_TYPE)) {
            client.setAuthorizationServicesEnabled(true);
        }

        OIDCClientRegistrationContext oidcContext = new OIDCClientRegistrationContext(session, client, this, clientOIDC);
        client = create(oidcContext);

        ClientModel clientModel = session.getContext().getRealm().getClientByClientId(client.getClientId());
        updatePairwiseSubMappers(clientModel, SubjectType.parse(clientOIDC.getSubjectType()), clientOIDC.getSectorIdentifierUri());
        updateClientRepWithProtocolMappers(clientModel, client);

        URI uri = session.getContext().getUri().getAbsolutePathBuilder().path(client.getClientId()).build();
        clientOIDC = DescriptionConverter.toExternalResponse(session, client, uri);
        clientOIDC.setClientIdIssuedAt(Time.currentTime());
        return Response.created(uri).entity(clientOIDC).build();
    } catch (ClientRegistrationException cre) {
        ServicesLogger.LOGGER.clientRegistrationException(cre.getMessage());
        throw new ErrorResponseException(ErrorCodes.INVALID_CLIENT_METADATA, "Client metadata invalid", Response.Status.BAD_REQUEST);
    }
}
 
Example 11
Source File: PermissionClaimTest.java    From keycloak with Apache License 2.0 4 votes vote down vote up
@After
public void removeAuthorization() throws Exception {
    ClientResource client = getClient(getRealm());
    ClientRepresentation representation = client.toRepresentation();

    representation.setAuthorizationServicesEnabled(false);

    client.update(representation);

    representation.setAuthorizationServicesEnabled(true);

    client.update(representation);

    ResourcesResource resources = client.authorization().resources();
    List<ResourceRepresentation> defaultResource = resources.findByName("Default Resource");

    resources.resource(defaultResource.get(0).getId()).remove();
}
 
Example 12
Source File: EntitlementAPITest.java    From keycloak with Apache License 2.0 3 votes vote down vote up
private void removeAuthorization(String clientId) throws Exception {
    ClientResource client = getClient(getRealm(), clientId);
    ClientRepresentation representation = client.toRepresentation();

    representation.setAuthorizationServicesEnabled(false);

    client.update(representation);

    representation.setAuthorizationServicesEnabled(true);

    client.update(representation);
}