use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.
the class ExportAuthorizationSettingsTest method testRoleBasedPolicy.
// KEYCLOAK-4340
@Test
public void testRoleBasedPolicy() {
ClientResource clientResource = getClientResource();
AuthorizationResource authorizationResource = clientResource.authorization();
ClientRepresentation account = testRealmResource().clients().findByClientId("account").get(0);
RoleRepresentation role = testRealmResource().clients().get(account.getId()).roles().get("view-profile").toRepresentation();
PolicyRepresentation policy = new PolicyRepresentation();
policy.setName("role-based-policy");
policy.setType("role");
Map<String, String> config = new HashMap<>();
config.put("roles", "[{\"id\":\"" + role.getId() + "\"}]");
policy.setConfig(config);
Response create = authorizationResource.policies().create(policy);
try {
Assert.assertEquals(Status.CREATED, create.getStatusInfo());
} finally {
create.close();
}
// this call was messing up with DB, see KEYCLOAK-4340
authorizationResource.exportSettings();
// this call failed with NPE
authorizationResource.exportSettings();
}
use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.
the class GenericPolicyManagementTest method testQueryPolicyAllFields.
@Test
public void testQueryPolicyAllFields() {
AuthorizationResource authorization = getClientResource().authorization();
authorization.resources().create(new ResourceRepresentation("Resource A"));
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
permission.setName("Permission A");
permission.addResource("Resource A");
authorization.permissions().resource().create(permission);
List<PolicyRepresentation> policies = authorization.policies().policies(null, "Permission A", null, null, null, true, null, "*", -1, -1);
assertEquals(1, policies.size());
assertEquals(1, policies.get(0).getResourcesData().size());
policies = authorization.policies().policies(null, "Permission A", null, null, null, true, null, null, -1, -1);
assertEquals(1, policies.size());
assertNull(policies.get(0).getResourcesData());
}
use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.
the class GroupPolicyManagementTest method testDelete.
@Test
public void testDelete() {
AuthorizationResource authorization = getClient().authorization();
GroupPolicyRepresentation representation = new GroupPolicyRepresentation();
representation.setName("Delete Group Policy");
representation.setGroupsClaim("groups");
representation.addGroupPath("/Group A/Group B/Group C", true);
representation.addGroupPath("Group F");
GroupPoliciesResource policies = authorization.policies().group();
try (Response response = policies.create(representation)) {
GroupPolicyRepresentation created = response.readEntity(GroupPolicyRepresentation.class);
policies.findById(created.getId()).remove();
GroupPolicyResource removed = policies.findById(created.getId());
try {
removed.toRepresentation();
fail("Permission not removed");
} catch (NotFoundException ignore) {
}
}
}
use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.
the class GroupPolicyManagementTest method testUpdate.
@Test
public void testUpdate() {
AuthorizationResource authorization = getClient().authorization();
GroupPolicyRepresentation representation = new GroupPolicyRepresentation();
representation.setName("Update Group Policy");
representation.setDescription("description");
representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
representation.setLogic(Logic.NEGATIVE);
representation.setGroupsClaim("groups");
representation.addGroupPath("/Group A/Group B/Group C", true);
representation.addGroupPath("Group F");
assertCreated(authorization, representation);
representation.setName("changed");
representation.setDescription("changed");
representation.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
representation.setLogic(Logic.POSITIVE);
representation.setGroupsClaim(null);
representation.removeGroup("/Group A/Group B");
GroupPoliciesResource policies = authorization.policies().group();
GroupPolicyResource permission = policies.findById(representation.getId());
permission.update(representation);
assertRepresentation(representation, permission);
for (GroupPolicyRepresentation.GroupDefinition roleDefinition : representation.getGroups()) {
if (roleDefinition.getPath().equals("Group F")) {
roleDefinition.setExtendChildren(true);
}
}
permission.update(representation);
assertRepresentation(representation, permission);
representation.getGroups().clear();
representation.addGroupPath("/Group A/Group B");
permission.update(representation);
assertRepresentation(representation, permission);
}
use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.
the class ResourcePermissionManagementTest method testCreateResourceType.
@Test
public void testCreateResourceType() {
AuthorizationResource authorization = getClient().authorization();
ResourcePermissionRepresentation representation = new ResourcePermissionRepresentation();
representation.setName("Resource A Type Permission");
representation.setDescription("description");
representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
representation.setLogic(Logic.NEGATIVE);
representation.setResourceType("test-resource");
representation.addPolicy("Only Marta Policy");
assertCreated(authorization, representation);
}
Aggregations