Examples with OIDCHttpFacade org.keycloak.adapters.OIDCHttpFacade used on opensource projects

Search in sources :

Example 11 with OIDCHttpFacade

use of org.keycloak.adapters.OIDCHttpFacade in project keycloak by keycloak.

the class ClaimInformationPointProviderTest method createHttpFacade.

private HttpFacade createHttpFacade(Map<String, List<String>> headers, InputStream requestBody) {
    return new OIDCHttpFacade() {

        private Request request;

        @Override
        public KeycloakSecurityContext getSecurityContext() {
            AccessToken token = new AccessToken();
            token.subject("sub");
            token.setPreferredUsername("username");
            token.getOtherClaims().put("custom_claim", Arrays.asList("param-other-claims-value1", "param-other-claims-value2"));
            IDToken idToken = new IDToken();
            idToken.subject("sub");
            idToken.setPreferredUsername("username");
            idToken.getOtherClaims().put("custom_claim", Arrays.asList("param-other-claims-value1", "param-other-claims-value2"));
            return new KeycloakSecurityContext("tokenString", token, "idTokenString", idToken);
        }

        @Override
        public Request getRequest() {
            if (request == null) {
                request = createHttpRequest(headers, requestBody);
            }
            return request;
        }

        @Override
        public Response getResponse() {
            return createHttpResponse();
        }

        @Override
        public X509Certificate[] getCertificateChain() {
            return new X509Certificate[0];
        }
    };
}
Also used : KeycloakSecurityContext(org.keycloak.KeycloakSecurityContext) OIDCHttpFacade(org.keycloak.adapters.OIDCHttpFacade) AccessToken(org.keycloak.representations.AccessToken) Request(org.keycloak.adapters.spi.HttpFacade.Request) IDToken(org.keycloak.representations.IDToken) X509Certificate(javax.security.cert.X509Certificate)

Example 12 with OIDCHttpFacade

use of org.keycloak.adapters.OIDCHttpFacade in project keycloak by keycloak.

the class PolicyEnforcerTest method testPublicEndpointNoBearerAbortRequest.

@Test
public void testPublicEndpointNoBearerAbortRequest() {
    KeycloakDeployment deployment = KeycloakDeploymentBuilder.build(getAdapterConfiguration("enforcer-bearer-only.json"));
    OIDCHttpFacade httpFacade = createHttpFacade("/api/public");
    AuthenticatedActionsHandler handler = new AuthenticatedActionsHandler(deployment, httpFacade);
    assertTrue(handler.handledRequest());
    oauth.realm(REALM_NAME);
    oauth.clientId("public-client-test");
    oauth.doLogin("marta", "password");
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, null);
    String token = response.getAccessToken();
    httpFacade = createHttpFacade("/api/resourcea", token);
    handler = new AuthenticatedActionsHandler(deployment, httpFacade);
    assertFalse(handler.handledRequest());
}
Also used : AuthenticatedActionsHandler(org.keycloak.adapters.AuthenticatedActionsHandler) OAuthClient(org.keycloak.testsuite.util.OAuthClient) OIDCHttpFacade(org.keycloak.adapters.OIDCHttpFacade) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 13 with OIDCHttpFacade

use of org.keycloak.adapters.OIDCHttpFacade in project keycloak by keycloak.

the class PolicyEnforcerTest method testCustomClaimProvider.

@Test
public void testCustomClaimProvider() {
    KeycloakDeployment deployment = KeycloakDeploymentBuilder.build(getAdapterConfiguration("enforcer-bearer-only-with-cip.json"));
    PolicyEnforcer policyEnforcer = deployment.getPolicyEnforcer();
    oauth.realm(REALM_NAME);
    oauth.clientId("public-client-test");
    oauth.doLogin("marta", "password");
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, null);
    String token = response.getAccessToken();
    OIDCHttpFacade httpFacade = createHttpFacade("/api/resourcea", token);
    AuthorizationContext context = policyEnforcer.enforce(httpFacade);
    Permission permission = context.getPermissions().get(0);
    Map<String, Set<String>> claims = permission.getClaims();
    assertTrue(context.isGranted());
    assertEquals("test", claims.get("resolved-claim").iterator().next());
}
Also used : Set(java.util.Set) OAuthClient(org.keycloak.testsuite.util.OAuthClient) OIDCHttpFacade(org.keycloak.adapters.OIDCHttpFacade) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment) Permission(org.keycloak.representations.idm.authorization.Permission) PolicyEnforcer(org.keycloak.adapters.authorization.PolicyEnforcer) AuthorizationContext(org.keycloak.AuthorizationContext) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 14 with OIDCHttpFacade

use of org.keycloak.adapters.OIDCHttpFacade in project keycloak by keycloak.

the class PolicyEnforcerTest method testPathConfigurationPrecendenceWhenLazyLoadingPaths.

@Test
public void testPathConfigurationPrecendenceWhenLazyLoadingPaths() {
    KeycloakDeployment deployment = KeycloakDeploymentBuilder.build(getAdapterConfiguration("enforcer-paths.json"));
    PolicyEnforcer policyEnforcer = deployment.getPolicyEnforcer();
    OIDCHttpFacade httpFacade = createHttpFacade("/api/resourcea");
    AuthorizationContext context = policyEnforcer.enforce(httpFacade);
    assertFalse(context.isGranted());
    assertEquals(403, TestResponse.class.cast(httpFacade.getResponse()).getStatus());
    oauth.realm(REALM_NAME);
    oauth.clientId("public-client-test");
    oauth.doLogin("marta", "password");
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, null);
    String token = response.getAccessToken();
    httpFacade = createHttpFacade("/api/resourcea", token);
    context = policyEnforcer.enforce(httpFacade);
    assertTrue(context.isGranted());
    httpFacade = createHttpFacade("/");
    context = policyEnforcer.enforce(httpFacade);
    assertTrue(context.isGranted());
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) OIDCHttpFacade(org.keycloak.adapters.OIDCHttpFacade) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment) PolicyEnforcer(org.keycloak.adapters.authorization.PolicyEnforcer) AuthorizationContext(org.keycloak.AuthorizationContext) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 15 with OIDCHttpFacade

use of org.keycloak.adapters.OIDCHttpFacade in project keycloak by keycloak.

the class PolicyEnforcerTest method testUsingInvalidToken.

@Test
public void testUsingInvalidToken() {
    ClientResource clientResource = getClientResource(RESOURCE_SERVER_CLIENT_ID);
    ResourceRepresentation resource = createResource(clientResource, "Resource Subject Invalid Token", "/api/check-subject-token");
    ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
    permission.setName(resource.getName() + " Permission");
    permission.addResource(resource.getName());
    permission.addPolicy("Only User Policy");
    PermissionsResource permissions = clientResource.authorization().permissions();
    permissions.resource().create(permission).close();
    KeycloakDeployment deployment = KeycloakDeploymentBuilder.build(getAdapterConfiguration("enforcer-bearer-only.json"));
    PolicyEnforcer policyEnforcer = deployment.getPolicyEnforcer();
    OIDCHttpFacade httpFacade = createHttpFacade("/api/check-subject-token");
    oauth.realm(REALM_NAME);
    oauth.clientId("public-client-test");
    oauth.doLogin("marta", "password");
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, null);
    String token = response.getAccessToken();
    httpFacade = createHttpFacade("/api/check-subject-token", token);
    AuthorizationContext context = policyEnforcer.enforce(httpFacade);
    assertTrue(context.isGranted());
    oauth.doLogout(response.getRefreshToken(), null);
    context = policyEnforcer.enforce(httpFacade);
    assertFalse(context.isGranted());
}
Also used : PermissionsResource(org.keycloak.admin.client.resource.PermissionsResource) OAuthClient(org.keycloak.testsuite.util.OAuthClient) OIDCHttpFacade(org.keycloak.adapters.OIDCHttpFacade) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment) ClientResource(org.keycloak.admin.client.resource.ClientResource) PolicyEnforcer(org.keycloak.adapters.authorization.PolicyEnforcer) AuthorizationContext(org.keycloak.AuthorizationContext) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Aggregations

OIDCHttpFacade (org.keycloak.adapters.OIDCHttpFacade)17 Test (org.junit.Test)13 KeycloakDeployment (org.keycloak.adapters.KeycloakDeployment)13 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)13 PolicyEnforcer (org.keycloak.adapters.authorization.PolicyEnforcer)11 AuthorizationContext (org.keycloak.AuthorizationContext)10 OAuthClient (org.keycloak.testsuite.util.OAuthClient)8 KeycloakSecurityContext (org.keycloak.KeycloakSecurityContext)3 ClientResource (org.keycloak.admin.client.resource.ClientResource)3 PermissionsResource (org.keycloak.admin.client.resource.PermissionsResource)3 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)3 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)3 Set (java.util.Set)2 AuthenticatedActionsHandler (org.keycloak.adapters.AuthenticatedActionsHandler)2 AuthzClient (org.keycloak.authorization.client.AuthzClient)2 Permission (org.keycloak.representations.idm.authorization.Permission)2 JsonNode (com.fasterxml.jackson.databind.JsonNode)1 HashMap (java.util.HashMap)1 List (java.util.List)1 AtomicBoolean (java.util.concurrent.atomic.AtomicBoolean)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial