Search in sources :

Example 1 with AuthorizationResource

use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.

the class UsersTest method setupTestEnvironmentWithPermissions.

private RealmResource setupTestEnvironmentWithPermissions(boolean grp1ViewPermissions) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
    String testUserId = createUser(realmId, "test-user", "password", "", "", "");
    // assign 'query-users' role to test user
    ClientRepresentation clientRepresentation = realm.clients().findByClientId("realm-management").get(0);
    String realmManagementId = clientRepresentation.getId();
    RoleRepresentation roleRepresentation = realm.clients().get(realmManagementId).roles().get("query-users").toRepresentation();
    realm.users().get(testUserId).roles().clientLevel(realmManagementId).add(Collections.singletonList(roleRepresentation));
    // create test users and groups
    List<GroupRepresentation> groups = setupUsersInGroupsWithPermissions();
    if (grp1ViewPermissions) {
        AuthorizationResource authorizationResource = realm.clients().get(realmManagementId).authorization();
        // create a user policy for the test user
        UserPolicyRepresentation policy = new UserPolicyRepresentation();
        String policyName = "test-policy";
        policy.setName(policyName);
        policy.setUsers(Collections.singleton(testUserId));
        authorizationResource.policies().user().create(policy).close();
        PolicyRepresentation policyRepresentation = authorizationResource.policies().findByName(policyName);
        // add the policy to grp1
        Optional<GroupRepresentation> optional = groups.stream().filter(g -> g.getName().equals("grp1")).findFirst();
        assertThat(optional.isPresent(), is(true));
        GroupRepresentation grp1 = optional.get();
        ScopePermissionRepresentation scopePermissionRepresentation = authorizationResource.permissions().scope().findByName("view.members.permission.group." + grp1.getId());
        scopePermissionRepresentation.setPolicies(Collections.singleton(policyRepresentation.getId()));
        scopePermissionRepresentation.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
        authorizationResource.permissions().scope().findById(scopePermissionRepresentation.getId()).update(scopePermissionRepresentation);
    }
    Keycloak testUserClient = AdminClientUtil.createAdminClient(true, realm.toRepresentation().getRealm(), "test-user", "password", "admin-cli", "");
    return testUserClient.realm(realm.toRepresentation().getRealm());
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) CoreMatchers.is(org.hamcrest.CoreMatchers.is) Profile(org.keycloak.common.Profile) Matchers.not(org.hamcrest.Matchers.not) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) KeyStoreException(java.security.KeyStoreException) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) ArrayList(java.util.ArrayList) ManagementPermissionRepresentation(org.keycloak.representations.idm.ManagementPermissionRepresentation) AdminClientUtil(org.keycloak.testsuite.util.AdminClientUtil) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) ProfileAssume(org.keycloak.testsuite.ProfileAssume) Before(org.junit.Before) Matchers.empty(org.hamcrest.Matchers.empty) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) ScopePermissionRepresentation(org.keycloak.representations.idm.authorization.ScopePermissionRepresentation) Test(org.junit.Test) IOException(java.io.IOException) DecisionStrategy(org.keycloak.representations.idm.authorization.DecisionStrategy) KeyManagementException(java.security.KeyManagementException) CertificateException(java.security.cert.CertificateException) Keycloak(org.keycloak.admin.client.Keycloak) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) List(java.util.List) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) Optional(java.util.Optional) Collections(java.util.Collections) GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) Keycloak(org.keycloak.admin.client.Keycloak) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) ScopePermissionRepresentation(org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)

Example 2 with AuthorizationResource

use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.

the class AbstractAuthorizationTest method enableAuthorizationServices.

protected void enableAuthorizationServices(boolean enable) {
    ClientRepresentation resourceServer = getResourceServer();
    resourceServer.setAuthorizationServicesEnabled(enable);
    resourceServer.setServiceAccountsEnabled(true);
    resourceServer.setPublicClient(false);
    resourceServer.setSecret("secret");
    getClientResource().update(resourceServer);
    if (enable) {
        AuthorizationResource authorization = getClientResource().authorization();
        ResourceServerRepresentation settings = authorization.exportSettings();
        settings.setAllowRemoteResourceManagement(true);
        authorization.update(settings);
    }
}
Also used : ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)

Example 3 with AuthorizationResource

use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.

the class ExportImportUtil method assertAuthorizationSettingsOtherApp.

private static void assertAuthorizationSettingsOtherApp(RealmResource realmRsc) {
    AuthorizationResource authzResource = ApiUtil.findAuthorizationSettings(realmRsc, "OtherApp");
    Assert.assertNotNull(authzResource);
    List<ResourceRepresentation> resources = authzResource.resources().resources();
    Assert.assertThat(resources.stream().map(ResourceRepresentation::getName).collect(Collectors.toList()), Matchers.containsInAnyOrder("Default Resource", "test"));
    List<PolicyRepresentation> policies = authzResource.policies().policies();
    Assert.assertThat(policies.stream().map(PolicyRepresentation::getName).collect(Collectors.toList()), Matchers.containsInAnyOrder("User Policy", "Default Permission", "test-permission"));
}
Also used : PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 4 with AuthorizationResource

use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.

the class ClientPolicyManagementTest method testGenericConfig.

@Test
public void testGenericConfig() {
    AuthorizationResource authorization = getClient().authorization();
    ClientPolicyRepresentation representation = new ClientPolicyRepresentation();
    representation.setName("Test Generic Config Permission");
    representation.addClient("Client A");
    ClientPoliciesResource policies = authorization.policies().client();
    try (Response response = policies.create(representation)) {
        ClientPolicyRepresentation created = response.readEntity(ClientPolicyRepresentation.class);
        PolicyResource policy = authorization.policies().policy(created.getId());
        PolicyRepresentation genericConfig = policy.toRepresentation();
        assertNotNull(genericConfig.getConfig());
        assertNotNull(genericConfig.getConfig().get("clients"));
        ClientRepresentation user = getRealm().clients().findByClientId("Client A").get(0);
        assertTrue(genericConfig.getConfig().get("clients").contains(user.getId()));
    }
}
Also used : Response(javax.ws.rs.core.Response) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) ClientPolicyResource(org.keycloak.admin.client.resource.ClientPolicyResource) PolicyResource(org.keycloak.admin.client.resource.PolicyResource) ClientPoliciesResource(org.keycloak.admin.client.resource.ClientPoliciesResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test)

Example 5 with AuthorizationResource

use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.

the class ClientPolicyManagementTest method testCreate.

@Test
public void testCreate() {
    AuthorizationResource authorization = getClient().authorization();
    ClientPolicyRepresentation representation = new ClientPolicyRepresentation();
    representation.setName("Realm Client Policy");
    representation.setDescription("description");
    representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
    representation.setLogic(Logic.NEGATIVE);
    representation.addClient("Client A");
    representation.addClient("Client B");
    assertCreated(authorization, representation);
}
Also used : ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) Test(org.junit.Test)

Aggregations

AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)110 Test (org.junit.Test)87 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)46 ClientResource (org.keycloak.admin.client.resource.ClientResource)43 Response (javax.ws.rs.core.Response)41 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)30 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)28 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)28 AuthzClient (org.keycloak.authorization.client.AuthzClient)27 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)25 ScopePermissionRepresentation (org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)23 Permission (org.keycloak.representations.idm.authorization.Permission)22 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)19 OAuthClient (org.keycloak.testsuite.util.OAuthClient)19 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)16 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)16 PolicyRepresentation (org.keycloak.representations.idm.authorization.PolicyRepresentation)16 ResourceServerRepresentation (org.keycloak.representations.idm.authorization.ResourceServerRepresentation)15 ArrayList (java.util.ArrayList)14 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)13