Examples with KeycloakDeployment org.keycloak.adapters.KeycloakDeployment used on opensource projects

Search in sources :

Example 56 with KeycloakDeployment

use of org.keycloak.adapters.KeycloakDeployment in project shinyproxy by openanalytics.

the class KeycloakAuthenticationBackend method adapterDeploymentContext.

@Bean
@ConditionalOnProperty(name = "shiny.proxy.authentication", havingValue = "keycloak")
protected AdapterDeploymentContext adapterDeploymentContext() throws Exception {
    AdapterConfig cfg = new AdapterConfig();
    cfg.setRealm(environment.getProperty("shiny.proxy.keycloak.realm"));
    cfg.setAuthServerUrl(environment.getProperty("shiny.proxy.keycloak.auth-server-url"));
    cfg.setResource(environment.getProperty("shiny.proxy.keycloak.resource"));
    Map<String, Object> credentials = new HashMap<>();
    credentials.put("secret", environment.getProperty("shiny.proxy.keycloak.credentials-secret"));
    cfg.setCredentials(credentials);
    KeycloakDeployment dep = KeycloakDeploymentBuilder.build(cfg);
    AdapterDeploymentContextFactoryBean factoryBean = new AdapterDeploymentContextFactoryBean(new KeycloakConfigResolver() {

        @Override
        public KeycloakDeployment resolve(Request facade) {
            return dep;
        }
    });
    factoryBean.afterPropertiesSet();
    return factoryBean.getObject();
}
Also used : HashMap(java.util.HashMap) KeycloakConfigResolver(org.keycloak.adapters.KeycloakConfigResolver) AdapterConfig(org.keycloak.representations.adapters.config.AdapterConfig) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment) Request(org.keycloak.adapters.spi.HttpFacade.Request) AdapterDeploymentContextFactoryBean(org.keycloak.adapters.springsecurity.AdapterDeploymentContextFactoryBean) AdapterDeploymentContextFactoryBean(org.keycloak.adapters.springsecurity.AdapterDeploymentContextFactoryBean) Bean(org.springframework.context.annotation.Bean) ConditionalOnProperty(org.springframework.boot.autoconfigure.condition.ConditionalOnProperty)

Example 57 with KeycloakDeployment

use of org.keycloak.adapters.KeycloakDeployment in project keycloak by keycloak.

the class PolicyEnforcerClaimsTest method testEnforceEntitlementAccessWithClaimsWithoutBearerToken.

@Test
public void testEnforceEntitlementAccessWithClaimsWithoutBearerToken() {
    initAuthorizationSettings(getClientResource("resource-server-test"));
    KeycloakDeployment deployment = KeycloakDeploymentBuilder.build(getAdapterConfiguration("enforcer-entitlement-claims-test.json"));
    PolicyEnforcer policyEnforcer = deployment.getPolicyEnforcer();
    HashMap<String, List<String>> headers = new HashMap<>();
    HashMap<String, List<String>> parameters = new HashMap<>();
    AuthzClient authzClient = getAuthzClient("enforcer-entitlement-claims-test.json");
    String token = authzClient.obtainAccessToken("marta", "password").getToken();
    AuthorizationContext context = policyEnforcer.enforce(createHttpFacade("/api/bank/account/1/withdrawal", token, headers, parameters));
    assertFalse(context.isGranted());
    parameters.put("withdrawal.amount", Arrays.asList("50"));
    context = policyEnforcer.enforce(createHttpFacade("/api/bank/account/1/withdrawal", token, headers, parameters));
    assertTrue(context.isGranted());
    assertEquals(1, context.getPermissions().size());
    Permission permission = context.getPermissions().get(0);
    assertEquals(parameters.get("withdrawal.amount").get(0), permission.getClaims().get("withdrawal.amount").iterator().next());
    parameters.put("withdrawal.amount", Arrays.asList("200"));
    context = policyEnforcer.enforce(createHttpFacade("/api/bank/account/1/withdrawal", token, headers, parameters));
    assertFalse(context.isGranted());
    parameters.put("withdrawal.amount", Arrays.asList("50"));
    context = policyEnforcer.enforce(createHttpFacade("/api/bank/account/1/withdrawal", token, headers, parameters));
    assertTrue(context.isGranted());
    parameters.put("withdrawal.amount", Arrays.asList("10"));
    context = policyEnforcer.enforce(createHttpFacade("/api/bank/account/1/withdrawal", token, headers, parameters));
    assertTrue(context.isGranted());
    assertEquals(1, context.getPermissions().size());
    permission = context.getPermissions().get(0);
    assertEquals(parameters.get("withdrawal.amount").get(0), permission.getClaims().get("withdrawal.amount").iterator().next());
}
Also used : AuthzClient(org.keycloak.authorization.client.AuthzClient) HashMap(java.util.HashMap) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment) Permission(org.keycloak.representations.idm.authorization.Permission) PolicyEnforcer(org.keycloak.adapters.authorization.PolicyEnforcer) List(java.util.List) AuthorizationContext(org.keycloak.AuthorizationContext) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 58 with KeycloakDeployment

use of org.keycloak.adapters.KeycloakDeployment in project keycloak by keycloak.

the class PolicyEnforcerClaimsTest method testEnforceEntitlementAccessWithClaimsWithBearerToken.

@Test
public void testEnforceEntitlementAccessWithClaimsWithBearerToken() {
    initAuthorizationSettings(getClientResource("resource-server-test"));
    KeycloakDeployment deployment = KeycloakDeploymentBuilder.build(getAdapterConfiguration("enforcer-entitlement-claims-test.json"));
    PolicyEnforcer policyEnforcer = deployment.getPolicyEnforcer();
    HashMap<String, List<String>> headers = new HashMap<>();
    HashMap<String, List<String>> parameters = new HashMap<>();
    AuthzClient authzClient = getAuthzClient("enforcer-entitlement-claims-test.json");
    String token = authzClient.obtainAccessToken("marta", "password").getToken();
    headers.put("Authorization", Arrays.asList("Bearer " + token));
    AuthorizationContext context = policyEnforcer.enforce(createHttpFacade("/api/bank/account/1/withdrawal", token, headers, parameters));
    assertFalse(context.isGranted());
    parameters.put("withdrawal.amount", Arrays.asList("50"));
    context = policyEnforcer.enforce(createHttpFacade("/api/bank/account/1/withdrawal", token, headers, parameters));
    assertTrue(context.isGranted());
    parameters.put("withdrawal.amount", Arrays.asList("200"));
    context = policyEnforcer.enforce(createHttpFacade("/api/bank/account/1/withdrawal", token, headers, parameters));
    assertFalse(context.isGranted());
    parameters.put("withdrawal.amount", Arrays.asList("50"));
    context = policyEnforcer.enforce(createHttpFacade("/api/bank/account/1/withdrawal", token, headers, parameters));
    assertTrue(context.isGranted());
    parameters.put("withdrawal.amount", Arrays.asList("10"));
    context = policyEnforcer.enforce(createHttpFacade("/api/bank/account/1/withdrawal", token, headers, parameters));
    assertTrue(context.isGranted());
}
Also used : AuthzClient(org.keycloak.authorization.client.AuthzClient) HashMap(java.util.HashMap) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment) PolicyEnforcer(org.keycloak.adapters.authorization.PolicyEnforcer) List(java.util.List) AuthorizationContext(org.keycloak.AuthorizationContext) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 59 with KeycloakDeployment

use of org.keycloak.adapters.KeycloakDeployment in project keycloak by keycloak.

the class Controller method getAuthServerBaseUrl.

private String getAuthServerBaseUrl(HttpServletRequest req) {
    AdapterDeploymentContext deploymentContext = (AdapterDeploymentContext) req.getServletContext().getAttribute(AdapterDeploymentContext.class.getName());
    KeycloakDeployment deployment = deploymentContext.resolveDeployment(null);
    return deployment.getAuthServerBaseUrl();
}
Also used : AdapterDeploymentContext(org.keycloak.adapters.AdapterDeploymentContext) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment)

Example 60 with KeycloakDeployment

use of org.keycloak.adapters.KeycloakDeployment in project keycloak by keycloak.

the class PolicyEnforcerTest method testSetMethodConfigs.

@Test
public void testSetMethodConfigs() {
    ClientResource clientResource = getClientResource(RESOURCE_SERVER_CLIENT_ID);
    ResourceRepresentation representation = new ResourceRepresentation();
    representation.setName(KeycloakModelUtils.generateId());
    representation.setUris(Collections.singleton("/api-method/*"));
    ResourcesResource resources = clientResource.authorization().resources();
    javax.ws.rs.core.Response response = resources.create(representation);
    representation.setId(response.readEntity(ResourceRepresentation.class).getId());
    response.close();
    try {
        KeycloakDeployment deployment = KeycloakDeploymentBuilder.build(getAdapterConfiguration("enforcer-paths-use-method-config.json"));
        PolicyEnforcer policyEnforcer = deployment.getPolicyEnforcer();
        oauth.realm(REALM_NAME);
        oauth.clientId("public-client-test");
        oauth.doLogin("marta", "password");
        String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
        OAuthClient.AccessTokenResponse tokeResponse = oauth.doAccessTokenRequest(code, null);
        String token = tokeResponse.getAccessToken();
        AuthorizationContext context = policyEnforcer.enforce(createHttpFacade("/api-method/foo", token));
        // GET is disabled in the config
        assertTrue(context.isGranted());
        PolicyEnforcerConfig.PathConfig pathConfig = policyEnforcer.getPaths().get("/api-method/*");
        assertNotNull(pathConfig);
        List<PolicyEnforcerConfig.MethodConfig> methods = pathConfig.getMethods();
        assertEquals(1, methods.size());
        assertTrue(PolicyEnforcerConfig.ScopeEnforcementMode.DISABLED.equals(methods.get(0).getScopesEnforcementMode()));
        // other verbs should be protected
        context = policyEnforcer.enforce(createHttpFacade("/api-method/foo", token, "POST"));
        assertFalse(context.isGranted());
    } finally {
        resources.resource(representation.getId()).remove();
    }
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) AuthorizationContext(org.keycloak.AuthorizationContext) ResourcesResource(org.keycloak.admin.client.resource.ResourcesResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment) ClientResource(org.keycloak.admin.client.resource.ClientResource) PolicyEnforcer(org.keycloak.adapters.authorization.PolicyEnforcer) PolicyEnforcerConfig(org.keycloak.representations.adapters.config.PolicyEnforcerConfig) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Aggregations

KeycloakDeployment (org.keycloak.adapters.KeycloakDeployment)69 Test (org.junit.Test)21 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)21 PolicyEnforcer (org.keycloak.adapters.authorization.PolicyEnforcer)20 AuthorizationContext (org.keycloak.AuthorizationContext)16 OIDCHttpFacade (org.keycloak.adapters.OIDCHttpFacade)14 RefreshableKeycloakSecurityContext (org.keycloak.adapters.RefreshableKeycloakSecurityContext)12 AdapterDeploymentContext (org.keycloak.adapters.AdapterDeploymentContext)11 OAuthClient (org.keycloak.testsuite.util.OAuthClient)11 AdapterTokenStore (org.keycloak.adapters.AdapterTokenStore)10 InputStream (java.io.InputStream)9 KeycloakSecurityContext (org.keycloak.KeycloakSecurityContext)9 AuthenticatedActionsHandler (org.keycloak.adapters.AuthenticatedActionsHandler)9 FileInputStream (java.io.FileInputStream)7 FileNotFoundException (java.io.FileNotFoundException)7 HashMap (java.util.HashMap)7 KeycloakConfigResolver (org.keycloak.adapters.KeycloakConfigResolver)6 AuthChallenge (org.keycloak.adapters.spi.AuthChallenge)6 AuthOutcome (org.keycloak.adapters.spi.AuthOutcome)6 List (java.util.List)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial