use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.
the class UsersTest method setupTestEnvironmentWithPermissions.
private RealmResource setupTestEnvironmentWithPermissions(boolean grp1ViewPermissions) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
String testUserId = createUser(realmId, "test-user", "password", "", "", "");
// assign 'query-users' role to test user
ClientRepresentation clientRepresentation = realm.clients().findByClientId("realm-management").get(0);
String realmManagementId = clientRepresentation.getId();
RoleRepresentation roleRepresentation = realm.clients().get(realmManagementId).roles().get("query-users").toRepresentation();
realm.users().get(testUserId).roles().clientLevel(realmManagementId).add(Collections.singletonList(roleRepresentation));
// create test users and groups
List<GroupRepresentation> groups = setupUsersInGroupsWithPermissions();
if (grp1ViewPermissions) {
AuthorizationResource authorizationResource = realm.clients().get(realmManagementId).authorization();
// create a user policy for the test user
UserPolicyRepresentation policy = new UserPolicyRepresentation();
String policyName = "test-policy";
policy.setName(policyName);
policy.setUsers(Collections.singleton(testUserId));
authorizationResource.policies().user().create(policy).close();
PolicyRepresentation policyRepresentation = authorizationResource.policies().findByName(policyName);
// add the policy to grp1
Optional<GroupRepresentation> optional = groups.stream().filter(g -> g.getName().equals("grp1")).findFirst();
assertThat(optional.isPresent(), is(true));
GroupRepresentation grp1 = optional.get();
ScopePermissionRepresentation scopePermissionRepresentation = authorizationResource.permissions().scope().findByName("view.members.permission.group." + grp1.getId());
scopePermissionRepresentation.setPolicies(Collections.singleton(policyRepresentation.getId()));
scopePermissionRepresentation.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
authorizationResource.permissions().scope().findById(scopePermissionRepresentation.getId()).update(scopePermissionRepresentation);
}
Keycloak testUserClient = AdminClientUtil.createAdminClient(true, realm.toRepresentation().getRealm(), "test-user", "password", "admin-cli", "");
return testUserClient.realm(realm.toRepresentation().getRealm());
}
use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.
the class AbstractAuthorizationTest method enableAuthorizationServices.
protected void enableAuthorizationServices(boolean enable) {
ClientRepresentation resourceServer = getResourceServer();
resourceServer.setAuthorizationServicesEnabled(enable);
resourceServer.setServiceAccountsEnabled(true);
resourceServer.setPublicClient(false);
resourceServer.setSecret("secret");
getClientResource().update(resourceServer);
if (enable) {
AuthorizationResource authorization = getClientResource().authorization();
ResourceServerRepresentation settings = authorization.exportSettings();
settings.setAllowRemoteResourceManagement(true);
authorization.update(settings);
}
}
use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.
the class ExportImportUtil method assertAuthorizationSettingsOtherApp.
private static void assertAuthorizationSettingsOtherApp(RealmResource realmRsc) {
AuthorizationResource authzResource = ApiUtil.findAuthorizationSettings(realmRsc, "OtherApp");
Assert.assertNotNull(authzResource);
List<ResourceRepresentation> resources = authzResource.resources().resources();
Assert.assertThat(resources.stream().map(ResourceRepresentation::getName).collect(Collectors.toList()), Matchers.containsInAnyOrder("Default Resource", "test"));
List<PolicyRepresentation> policies = authzResource.policies().policies();
Assert.assertThat(policies.stream().map(PolicyRepresentation::getName).collect(Collectors.toList()), Matchers.containsInAnyOrder("User Policy", "Default Permission", "test-permission"));
}
use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.
the class ClientPolicyManagementTest method testGenericConfig.
@Test
public void testGenericConfig() {
AuthorizationResource authorization = getClient().authorization();
ClientPolicyRepresentation representation = new ClientPolicyRepresentation();
representation.setName("Test Generic Config Permission");
representation.addClient("Client A");
ClientPoliciesResource policies = authorization.policies().client();
try (Response response = policies.create(representation)) {
ClientPolicyRepresentation created = response.readEntity(ClientPolicyRepresentation.class);
PolicyResource policy = authorization.policies().policy(created.getId());
PolicyRepresentation genericConfig = policy.toRepresentation();
assertNotNull(genericConfig.getConfig());
assertNotNull(genericConfig.getConfig().get("clients"));
ClientRepresentation user = getRealm().clients().findByClientId("Client A").get(0);
assertTrue(genericConfig.getConfig().get("clients").contains(user.getId()));
}
}
use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.
the class ClientPolicyManagementTest method testCreate.
@Test
public void testCreate() {
AuthorizationResource authorization = getClient().authorization();
ClientPolicyRepresentation representation = new ClientPolicyRepresentation();
representation.setName("Realm Client Policy");
representation.setDescription("description");
representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
representation.setLogic(Logic.NEGATIVE);
representation.addClient("Client A");
representation.addClient("Client B");
assertCreated(authorization, representation);
}
Aggregations