use of javax.ws.rs.NotAuthorizedException in project keycloak by keycloak.
the class ClientsManagementService method registerNode.
/**
* URL invoked by adapter to register new client cluster node. Each application cluster node will invoke this URL once it joins cluster
*
* @param authorizationHeader
* @param formData
* @return
*/
@Path("register-node")
@POST
@Produces(MediaType.APPLICATION_JSON)
public Response registerNode(@HeaderParam(HttpHeaders.AUTHORIZATION) String authorizationHeader, final MultivaluedMap<String, String> formData) {
if (!checkSsl()) {
throw new ForbiddenException("HTTPS required");
}
event.event(EventType.REGISTER_NODE);
if (!realm.isEnabled()) {
event.error(Errors.REALM_DISABLED);
throw new NotAuthorizedException("Realm not enabled");
}
ClientModel client = authorizeClient();
String nodeHost = getClientClusterHost(formData);
event.client(client).detail(Details.NODE_HOST, nodeHost);
logger.debugf("Registering cluster host '%s' for client '%s'", nodeHost, client.getClientId());
try {
client.registerNode(nodeHost, Time.currentTime());
} catch (RuntimeException e) {
event.error(e.getMessage());
throw e;
}
event.success();
return Response.noContent().build();
}
use of javax.ws.rs.NotAuthorizedException in project keycloak by keycloak.
the class AdminClientTest method adminAuthClientDisabled.
@Test
public void adminAuthClientDisabled() throws Exception {
try (Keycloak adminClient = AdminClientUtil.createAdminClient(false, "test", "test-user@localhost", "password", Constants.ADMIN_CLI_CLIENT_ID, null)) {
// Check possible to load the realm
RealmRepresentation realm = adminClient.realm("test").toRepresentation();
Assert.assertEquals("test", realm.getRealm());
// Disable client and check it should not be possible to load the realms anymore
setClientEnabled(Constants.ADMIN_CLI_CLIENT_ID, false);
// Check not possible to invoke anymore
try {
realm = adminClient.realm("test").toRepresentation();
Assert.fail("Not expected to successfully get realm");
} catch (NotAuthorizedException nae) {
// Expected
}
} finally {
setClientEnabled(Constants.ADMIN_CLI_CLIENT_ID, true);
}
}
use of javax.ws.rs.NotAuthorizedException in project keycloak by keycloak.
the class TokenRevocationTest method isAccessTokenDisabled.
private void isAccessTokenDisabled(String accessTokenString, String clientId) throws IOException {
// Test introspection endpoint not possible
String introspectionResponse = oauth.introspectAccessTokenWithClientCredential(clientId, "password", accessTokenString);
TokenMetadataRepresentation rep = JsonSerialization.readValue(introspectionResponse, TokenMetadataRepresentation.class);
assertFalse(rep.isActive());
// Test userInfo endpoint not possible
Response response = UserInfoClientUtil.executeUserInfoRequest_getMethod(userInfoClient, accessTokenString);
assertEquals(Status.UNAUTHORIZED.getStatusCode(), response.getStatus());
// Test account REST not possible
String accountUrl = OAuthClient.AUTH_SERVER_ROOT + "/realms/test/account";
SimpleHttp accountRequest = SimpleHttp.doGet(accountUrl, restHttpClient).auth(accessTokenString).acceptJson();
assertEquals(Status.UNAUTHORIZED.getStatusCode(), accountRequest.asStatus());
// Test admin REST not possible
try (Keycloak adminClient = Keycloak.getInstance(OAuthClient.AUTH_SERVER_ROOT, "test", "test-app", accessTokenString)) {
try {
adminClient.realms().realm("test").toRepresentation();
Assert.fail("Not expected to obtain realm");
} catch (NotAuthorizedException nae) {
// Expected
}
}
}
Aggregations