use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.
the class UmaPermissionTicketPushedClaimsTest method testEvaluatePermissionsWithPushedClaims.
@Test
public void testEvaluatePermissionsWithPushedClaims() throws Exception {
ResourceRepresentation resource = addResource("Bank Account", "withdraw");
JSPolicyRepresentation policy = new JSPolicyRepresentation();
policy.setName("Withdraw Limit Policy");
StringBuilder code = new StringBuilder();
code.append("var context = $evaluation.getContext();");
code.append("var attributes = context.getAttributes();");
code.append("var withdrawValue = attributes.getValue('my.bank.account.withdraw.value');");
code.append("if (withdrawValue && withdrawValue.asDouble(0) <= 100) {");
code.append(" $evaluation.grant();");
code.append("}");
policy.setCode(code.toString());
AuthorizationResource authorization = getClient(getRealm()).authorization();
authorization.policies().js().create(policy).close();
ScopePermissionRepresentation representation = new ScopePermissionRepresentation();
representation.setName("Withdraw Permission");
representation.addScope("withdraw");
representation.addPolicy(policy.getName());
authorization.permissions().scope().create(representation).close();
AuthzClient authzClient = getAuthzClient();
PermissionRequest permissionRequest = new PermissionRequest(resource.getId());
permissionRequest.addScope("withdraw");
permissionRequest.setClaim("my.bank.account.withdraw.value", "50.5");
PermissionResponse response = authzClient.protection("marta", "password").permission().create(permissionRequest);
AuthorizationRequest request = new AuthorizationRequest();
request.setTicket(response.getTicket());
request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
AuthorizationResponse authorizationResponse = authzClient.authorization().authorize(request);
assertNotNull(authorizationResponse);
assertNotNull(authorizationResponse.getToken());
AccessToken token = toAccessToken(authorizationResponse.getToken());
Collection<Permission> permissions = token.getAuthorization().getPermissions();
assertEquals(1, permissions.size());
Permission permission = permissions.iterator().next();
Map<String, Set<String>> claims = permission.getClaims();
assertNotNull(claims);
assertThat(claims.get("my.bank.account.withdraw.value"), Matchers.containsInAnyOrder("50.5"));
permissionRequest.setClaim("my.bank.account.withdraw.value", "100.5");
response = authzClient.protection("marta", "password").permission().create(permissionRequest);
request = new AuthorizationRequest();
request.setTicket(response.getTicket());
request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
try {
authorizationResponse = authzClient.authorization().authorize(request);
fail("Access should be denied");
} catch (Exception ignore) {
}
}
use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.
the class MyResourcesTest method firstShouldRefreshOnRefreshButtonClick.
@Test
public void firstShouldRefreshOnRefreshButtonClick() {
ClientResource resourceServer = getResourceServer();
AuthzClient authzClient = createAuthzClient(resourceServer.toRepresentation());
AuthorizationResource authorization = resourceServer.authorization();
createResource(authzClient, authorization, 0);
assertEquals("Resource 1", myResourcesPage.getCellText("name", 0));
myResourcesPage.clickRefreshButton();
assertEquals("Resource 0", myResourcesPage.getCellText("name", 0));
}
use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.
the class ScopePermissionManagementTest method configureTest.
@Before
public void configureTest() {
super.configureTest();
RolesResource realmRoles = testRealmResource().roles();
realmRoles.create(new RoleRepresentation("Role A", "", false));
realmRoles.create(new RoleRepresentation("Role B", "", false));
RolePolicyRepresentation policyA = new RolePolicyRepresentation();
policyA.setName("Policy A");
policyA.addRole("Role A");
AuthorizationResource authorization = testRealmResource().clients().get(newClient.getId()).authorization();
PoliciesResource policies = authorization.policies();
RolePoliciesResource roles = policies.role();
roles.create(policyA);
RolePolicyRepresentation policyB = new RolePolicyRepresentation();
policyB.setName("Policy B");
policyB.addRole("Role B");
roles.create(policyB);
UserPolicyRepresentation policyC = new UserPolicyRepresentation();
policyC.setName("Policy C");
policyC.addUser("test");
policies.user().create(policyC).close();
authorization.scopes().create(new ScopeRepresentation("Scope A"));
authorization.scopes().create(new ScopeRepresentation("Scope B"));
authorization.scopes().create(new ScopeRepresentation("Scope C"));
ResourcesResource resources = authorization.resources();
resources.create(new ResourceRepresentation("Resource A", "Scope A"));
resources.create(new ResourceRepresentation("Resource B", "Scope B", "Scope C"));
}
use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.
the class DeployedScriptPolicyTest method onBefore.
@Before
public void onBefore() throws Exception {
deployer.deploy(SCRIPT_DEPLOYMENT_NAME);
reconnectAdminClient();
AuthorizationResource authorization = getAuthorizationResource();
authorization.resources().create(new ResourceRepresentation("Default Resource"));
}
use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.
the class GroupPolicyManagementTest method testGenericConfig.
@Test
public void testGenericConfig() {
AuthorizationResource authorization = getClient().authorization();
GroupPolicyRepresentation representation = new GroupPolicyRepresentation();
representation.setName("Test Generic Config Permission");
representation.setGroupsClaim("groups");
representation.addGroupPath("/Group A");
GroupPoliciesResource policies = authorization.policies().group();
try (Response response = policies.create(representation)) {
GroupPolicyRepresentation created = response.readEntity(GroupPolicyRepresentation.class);
PolicyResource policy = authorization.policies().policy(created.getId());
PolicyRepresentation genericConfig = policy.toRepresentation();
assertNotNull(genericConfig.getConfig());
assertNotNull(genericConfig.getConfig().get("groups"));
GroupRepresentation group = getRealm().groups().groups().stream().filter(groupRepresentation -> groupRepresentation.getName().equals("Group A")).findFirst().get();
assertTrue(genericConfig.getConfig().get("groups").contains(group.getId()));
}
}
Aggregations