Search in sources :

Example 26 with NotAuthorizedException

use of javax.ws.rs.NotAuthorizedException in project keycloak by keycloak.

the class ClientsManagementService method registerNode.

/**
 * URL invoked by adapter to register new client cluster node. Each application cluster node will invoke this URL once it joins cluster
 *
 * @param authorizationHeader
 * @param formData
 * @return
 */
@Path("register-node")
@POST
@Produces(MediaType.APPLICATION_JSON)
public Response registerNode(@HeaderParam(HttpHeaders.AUTHORIZATION) String authorizationHeader, final MultivaluedMap<String, String> formData) {
    if (!checkSsl()) {
        throw new ForbiddenException("HTTPS required");
    }
    event.event(EventType.REGISTER_NODE);
    if (!realm.isEnabled()) {
        event.error(Errors.REALM_DISABLED);
        throw new NotAuthorizedException("Realm not enabled");
    }
    ClientModel client = authorizeClient();
    String nodeHost = getClientClusterHost(formData);
    event.client(client).detail(Details.NODE_HOST, nodeHost);
    logger.debugf("Registering cluster host '%s' for client '%s'", nodeHost, client.getClientId());
    try {
        client.registerNode(nodeHost, Time.currentTime());
    } catch (RuntimeException e) {
        event.error(e.getMessage());
        throw e;
    }
    event.success();
    return Response.noContent().build();
}
Also used : ClientModel(org.keycloak.models.ClientModel) ForbiddenException(org.keycloak.services.ForbiddenException) NotAuthorizedException(javax.ws.rs.NotAuthorizedException) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Produces(javax.ws.rs.Produces)

Example 27 with NotAuthorizedException

use of javax.ws.rs.NotAuthorizedException in project keycloak by keycloak.

the class AdminClientTest method adminAuthClientDisabled.

@Test
public void adminAuthClientDisabled() throws Exception {
    try (Keycloak adminClient = AdminClientUtil.createAdminClient(false, "test", "test-user@localhost", "password", Constants.ADMIN_CLI_CLIENT_ID, null)) {
        // Check possible to load the realm
        RealmRepresentation realm = adminClient.realm("test").toRepresentation();
        Assert.assertEquals("test", realm.getRealm());
        // Disable client and check it should not be possible to load the realms anymore
        setClientEnabled(Constants.ADMIN_CLI_CLIENT_ID, false);
        // Check not possible to invoke anymore
        try {
            realm = adminClient.realm("test").toRepresentation();
            Assert.fail("Not expected to successfully get realm");
        } catch (NotAuthorizedException nae) {
        // Expected
        }
    } finally {
        setClientEnabled(Constants.ADMIN_CLI_CLIENT_ID, true);
    }
}
Also used : RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) NotAuthorizedException(javax.ws.rs.NotAuthorizedException) Keycloak(org.keycloak.admin.client.Keycloak) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)

Example 28 with NotAuthorizedException

use of javax.ws.rs.NotAuthorizedException in project keycloak by keycloak.

the class TokenRevocationTest method isAccessTokenDisabled.

private void isAccessTokenDisabled(String accessTokenString, String clientId) throws IOException {
    // Test introspection endpoint not possible
    String introspectionResponse = oauth.introspectAccessTokenWithClientCredential(clientId, "password", accessTokenString);
    TokenMetadataRepresentation rep = JsonSerialization.readValue(introspectionResponse, TokenMetadataRepresentation.class);
    assertFalse(rep.isActive());
    // Test userInfo endpoint not possible
    Response response = UserInfoClientUtil.executeUserInfoRequest_getMethod(userInfoClient, accessTokenString);
    assertEquals(Status.UNAUTHORIZED.getStatusCode(), response.getStatus());
    // Test account REST not possible
    String accountUrl = OAuthClient.AUTH_SERVER_ROOT + "/realms/test/account";
    SimpleHttp accountRequest = SimpleHttp.doGet(accountUrl, restHttpClient).auth(accessTokenString).acceptJson();
    assertEquals(Status.UNAUTHORIZED.getStatusCode(), accountRequest.asStatus());
    // Test admin REST not possible
    try (Keycloak adminClient = Keycloak.getInstance(OAuthClient.AUTH_SERVER_ROOT, "test", "test-app", accessTokenString)) {
        try {
            adminClient.realms().realm("test").toRepresentation();
            Assert.fail("Not expected to obtain realm");
        } catch (NotAuthorizedException nae) {
        // Expected
        }
    }
}
Also used : AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse) Response(javax.ws.rs.core.Response) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) TokenMetadataRepresentation(org.keycloak.representations.oidc.TokenMetadataRepresentation) SimpleHttp(org.keycloak.broker.provider.util.SimpleHttp) NotAuthorizedException(javax.ws.rs.NotAuthorizedException) Keycloak(org.keycloak.admin.client.Keycloak)

Aggregations

NotAuthorizedException (javax.ws.rs.NotAuthorizedException)28 ForbiddenException (javax.ws.rs.ForbiddenException)5 InternalServerErrorException (javax.ws.rs.InternalServerErrorException)5 POST (javax.ws.rs.POST)5 Response (javax.ws.rs.core.Response)5 NotFoundException (javax.ws.rs.NotFoundException)4 SecurityContext (javax.ws.rs.core.SecurityContext)4 ApiOperation (io.swagger.annotations.ApiOperation)3 BadRequestException (javax.ws.rs.BadRequestException)3 Produces (javax.ws.rs.Produces)3 ServiceUnavailableException (javax.ws.rs.ServiceUnavailableException)3 Session (org.apache.shiro.session.Session)3 Subject (org.apache.shiro.subject.Subject)3 AuthenticationException (io.dropwizard.auth.AuthenticationException)2 IOException (java.io.IOException)2 URI (java.net.URI)2 NotAcceptableException (javax.ws.rs.NotAcceptableException)2 NotAllowedException (javax.ws.rs.NotAllowedException)2 NotSupportedException (javax.ws.rs.NotSupportedException)2 WebApplicationException (javax.ws.rs.WebApplicationException)2