Search in sources :

Example 46 with AuthorizationResource

use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.

the class UmaPermissionTicketPushedClaimsTest method testEvaluatePermissionsWithPushedClaims.

@Test
public void testEvaluatePermissionsWithPushedClaims() throws Exception {
    ResourceRepresentation resource = addResource("Bank Account", "withdraw");
    JSPolicyRepresentation policy = new JSPolicyRepresentation();
    policy.setName("Withdraw Limit Policy");
    StringBuilder code = new StringBuilder();
    code.append("var context = $evaluation.getContext();");
    code.append("var attributes = context.getAttributes();");
    code.append("var withdrawValue = attributes.getValue('my.bank.account.withdraw.value');");
    code.append("if (withdrawValue && withdrawValue.asDouble(0) <= 100) {");
    code.append("   $evaluation.grant();");
    code.append("}");
    policy.setCode(code.toString());
    AuthorizationResource authorization = getClient(getRealm()).authorization();
    authorization.policies().js().create(policy).close();
    ScopePermissionRepresentation representation = new ScopePermissionRepresentation();
    representation.setName("Withdraw Permission");
    representation.addScope("withdraw");
    representation.addPolicy(policy.getName());
    authorization.permissions().scope().create(representation).close();
    AuthzClient authzClient = getAuthzClient();
    PermissionRequest permissionRequest = new PermissionRequest(resource.getId());
    permissionRequest.addScope("withdraw");
    permissionRequest.setClaim("my.bank.account.withdraw.value", "50.5");
    PermissionResponse response = authzClient.protection("marta", "password").permission().create(permissionRequest);
    AuthorizationRequest request = new AuthorizationRequest();
    request.setTicket(response.getTicket());
    request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
    AuthorizationResponse authorizationResponse = authzClient.authorization().authorize(request);
    assertNotNull(authorizationResponse);
    assertNotNull(authorizationResponse.getToken());
    AccessToken token = toAccessToken(authorizationResponse.getToken());
    Collection<Permission> permissions = token.getAuthorization().getPermissions();
    assertEquals(1, permissions.size());
    Permission permission = permissions.iterator().next();
    Map<String, Set<String>> claims = permission.getClaims();
    assertNotNull(claims);
    assertThat(claims.get("my.bank.account.withdraw.value"), Matchers.containsInAnyOrder("50.5"));
    permissionRequest.setClaim("my.bank.account.withdraw.value", "100.5");
    response = authzClient.protection("marta", "password").permission().create(permissionRequest);
    request = new AuthorizationRequest();
    request.setTicket(response.getTicket());
    request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
    try {
        authorizationResponse = authzClient.authorization().authorize(request);
        fail("Access should be denied");
    } catch (Exception ignore) {
    }
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) Set(java.util.Set) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) PermissionResponse(org.keycloak.representations.idm.authorization.PermissionResponse) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) AuthzClient(org.keycloak.authorization.client.AuthzClient) AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) ScopePermissionRepresentation(org.keycloak.representations.idm.authorization.ScopePermissionRepresentation) Test(org.junit.Test)

Example 47 with AuthorizationResource

use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.

the class MyResourcesTest method firstShouldRefreshOnRefreshButtonClick.

@Test
public void firstShouldRefreshOnRefreshButtonClick() {
    ClientResource resourceServer = getResourceServer();
    AuthzClient authzClient = createAuthzClient(resourceServer.toRepresentation());
    AuthorizationResource authorization = resourceServer.authorization();
    createResource(authzClient, authorization, 0);
    assertEquals("Resource 1", myResourcesPage.getCellText("name", 0));
    myResourcesPage.clickRefreshButton();
    assertEquals("Resource 0", myResourcesPage.getCellText("name", 0));
}
Also used : AuthzClient(org.keycloak.authorization.client.AuthzClient) ClientResource(org.keycloak.admin.client.resource.ClientResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) Test(org.junit.Test)

Example 48 with AuthorizationResource

use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.

the class ScopePermissionManagementTest method configureTest.

@Before
public void configureTest() {
    super.configureTest();
    RolesResource realmRoles = testRealmResource().roles();
    realmRoles.create(new RoleRepresentation("Role A", "", false));
    realmRoles.create(new RoleRepresentation("Role B", "", false));
    RolePolicyRepresentation policyA = new RolePolicyRepresentation();
    policyA.setName("Policy A");
    policyA.addRole("Role A");
    AuthorizationResource authorization = testRealmResource().clients().get(newClient.getId()).authorization();
    PoliciesResource policies = authorization.policies();
    RolePoliciesResource roles = policies.role();
    roles.create(policyA);
    RolePolicyRepresentation policyB = new RolePolicyRepresentation();
    policyB.setName("Policy B");
    policyB.addRole("Role B");
    roles.create(policyB);
    UserPolicyRepresentation policyC = new UserPolicyRepresentation();
    policyC.setName("Policy C");
    policyC.addUser("test");
    policies.user().create(policyC).close();
    authorization.scopes().create(new ScopeRepresentation("Scope A"));
    authorization.scopes().create(new ScopeRepresentation("Scope B"));
    authorization.scopes().create(new ScopeRepresentation("Scope C"));
    ResourcesResource resources = authorization.resources();
    resources.create(new ResourceRepresentation("Resource A", "Scope A"));
    resources.create(new ResourceRepresentation("Resource B", "Scope B", "Scope C"));
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) RolePoliciesResource(org.keycloak.admin.client.resource.RolePoliciesResource) ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation) PoliciesResource(org.keycloak.admin.client.resource.PoliciesResource) RolePoliciesResource(org.keycloak.admin.client.resource.RolePoliciesResource) RolesResource(org.keycloak.admin.client.resource.RolesResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourcesResource(org.keycloak.admin.client.resource.ResourcesResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Before(org.junit.Before)

Example 49 with AuthorizationResource

use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.

the class DeployedScriptPolicyTest method onBefore.

@Before
public void onBefore() throws Exception {
    deployer.deploy(SCRIPT_DEPLOYMENT_NAME);
    reconnectAdminClient();
    AuthorizationResource authorization = getAuthorizationResource();
    authorization.resources().create(new ResourceRepresentation("Default Resource"));
}
Also used : AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Before(org.junit.Before)

Example 50 with AuthorizationResource

use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.

the class GroupPolicyManagementTest method testGenericConfig.

@Test
public void testGenericConfig() {
    AuthorizationResource authorization = getClient().authorization();
    GroupPolicyRepresentation representation = new GroupPolicyRepresentation();
    representation.setName("Test Generic Config Permission");
    representation.setGroupsClaim("groups");
    representation.addGroupPath("/Group A");
    GroupPoliciesResource policies = authorization.policies().group();
    try (Response response = policies.create(representation)) {
        GroupPolicyRepresentation created = response.readEntity(GroupPolicyRepresentation.class);
        PolicyResource policy = authorization.policies().policy(created.getId());
        PolicyRepresentation genericConfig = policy.toRepresentation();
        assertNotNull(genericConfig.getConfig());
        assertNotNull(genericConfig.getConfig().get("groups"));
        GroupRepresentation group = getRealm().groups().groups().stream().filter(groupRepresentation -> groupRepresentation.getName().equals("Group A")).findFirst().get();
        assertTrue(genericConfig.getConfig().get("groups").contains(group.getId()));
    }
}
Also used : Response(javax.ws.rs.core.Response) GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) PolicyResource(org.keycloak.admin.client.resource.PolicyResource) GroupPolicyResource(org.keycloak.admin.client.resource.GroupPolicyResource) GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation) GroupPoliciesResource(org.keycloak.admin.client.resource.GroupPoliciesResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) Test(org.junit.Test)

Aggregations

AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)110 Test (org.junit.Test)87 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)46 ClientResource (org.keycloak.admin.client.resource.ClientResource)43 Response (javax.ws.rs.core.Response)41 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)30 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)28 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)28 AuthzClient (org.keycloak.authorization.client.AuthzClient)27 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)25 ScopePermissionRepresentation (org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)23 Permission (org.keycloak.representations.idm.authorization.Permission)22 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)19 OAuthClient (org.keycloak.testsuite.util.OAuthClient)19 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)16 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)16 PolicyRepresentation (org.keycloak.representations.idm.authorization.PolicyRepresentation)16 ResourceServerRepresentation (org.keycloak.representations.idm.authorization.ResourceServerRepresentation)15 ArrayList (java.util.ArrayList)14 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)13