Search in sources :

Example 56 with AuthorizationResource

use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.

the class ExportAuthorizationSettingsTest method testRoleBasedPolicy.

// KEYCLOAK-4340
@Test
public void testRoleBasedPolicy() {
    ClientResource clientResource = getClientResource();
    AuthorizationResource authorizationResource = clientResource.authorization();
    ClientRepresentation account = testRealmResource().clients().findByClientId("account").get(0);
    RoleRepresentation role = testRealmResource().clients().get(account.getId()).roles().get("view-profile").toRepresentation();
    PolicyRepresentation policy = new PolicyRepresentation();
    policy.setName("role-based-policy");
    policy.setType("role");
    Map<String, String> config = new HashMap<>();
    config.put("roles", "[{\"id\":\"" + role.getId() + "\"}]");
    policy.setConfig(config);
    Response create = authorizationResource.policies().create(policy);
    try {
        Assert.assertEquals(Status.CREATED, create.getStatusInfo());
    } finally {
        create.close();
    }
    // this call was messing up with DB, see KEYCLOAK-4340
    authorizationResource.exportSettings();
    // this call failed with NPE
    authorizationResource.exportSettings();
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) Response(javax.ws.rs.core.Response) HashMap(java.util.HashMap) ClientResource(org.keycloak.admin.client.resource.ClientResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test)

Example 57 with AuthorizationResource

use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.

the class GenericPolicyManagementTest method testQueryPolicyAllFields.

@Test
public void testQueryPolicyAllFields() {
    AuthorizationResource authorization = getClientResource().authorization();
    authorization.resources().create(new ResourceRepresentation("Resource A"));
    ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
    permission.setName("Permission A");
    permission.addResource("Resource A");
    authorization.permissions().resource().create(permission);
    List<PolicyRepresentation> policies = authorization.policies().policies(null, "Permission A", null, null, null, true, null, "*", -1, -1);
    assertEquals(1, policies.size());
    assertEquals(1, policies.get(0).getResourcesData().size());
    policies = authorization.policies().policies(null, "Permission A", null, null, null, true, null, null, -1, -1);
    assertEquals(1, policies.size());
    assertNull(policies.get(0).getResourcesData());
}
Also used : PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) Test(org.junit.Test)

Example 58 with AuthorizationResource

use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.

the class GroupPolicyManagementTest method testDelete.

@Test
public void testDelete() {
    AuthorizationResource authorization = getClient().authorization();
    GroupPolicyRepresentation representation = new GroupPolicyRepresentation();
    representation.setName("Delete Group Policy");
    representation.setGroupsClaim("groups");
    representation.addGroupPath("/Group A/Group B/Group C", true);
    representation.addGroupPath("Group F");
    GroupPoliciesResource policies = authorization.policies().group();
    try (Response response = policies.create(representation)) {
        GroupPolicyRepresentation created = response.readEntity(GroupPolicyRepresentation.class);
        policies.findById(created.getId()).remove();
        GroupPolicyResource removed = policies.findById(created.getId());
        try {
            removed.toRepresentation();
            fail("Permission not removed");
        } catch (NotFoundException ignore) {
        }
    }
}
Also used : Response(javax.ws.rs.core.Response) GroupPolicyResource(org.keycloak.admin.client.resource.GroupPolicyResource) NotFoundException(javax.ws.rs.NotFoundException) GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation) GroupPoliciesResource(org.keycloak.admin.client.resource.GroupPoliciesResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) Test(org.junit.Test)

Example 59 with AuthorizationResource

use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.

the class GroupPolicyManagementTest method testUpdate.

@Test
public void testUpdate() {
    AuthorizationResource authorization = getClient().authorization();
    GroupPolicyRepresentation representation = new GroupPolicyRepresentation();
    representation.setName("Update Group Policy");
    representation.setDescription("description");
    representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
    representation.setLogic(Logic.NEGATIVE);
    representation.setGroupsClaim("groups");
    representation.addGroupPath("/Group A/Group B/Group C", true);
    representation.addGroupPath("Group F");
    assertCreated(authorization, representation);
    representation.setName("changed");
    representation.setDescription("changed");
    representation.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
    representation.setLogic(Logic.POSITIVE);
    representation.setGroupsClaim(null);
    representation.removeGroup("/Group A/Group B");
    GroupPoliciesResource policies = authorization.policies().group();
    GroupPolicyResource permission = policies.findById(representation.getId());
    permission.update(representation);
    assertRepresentation(representation, permission);
    for (GroupPolicyRepresentation.GroupDefinition roleDefinition : representation.getGroups()) {
        if (roleDefinition.getPath().equals("Group F")) {
            roleDefinition.setExtendChildren(true);
        }
    }
    permission.update(representation);
    assertRepresentation(representation, permission);
    representation.getGroups().clear();
    representation.addGroupPath("/Group A/Group B");
    permission.update(representation);
    assertRepresentation(representation, permission);
}
Also used : GroupPolicyResource(org.keycloak.admin.client.resource.GroupPolicyResource) GroupPolicyRepresentation(org.keycloak.representations.idm.authorization.GroupPolicyRepresentation) GroupPoliciesResource(org.keycloak.admin.client.resource.GroupPoliciesResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) Test(org.junit.Test)

Example 60 with AuthorizationResource

use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.

the class ResourcePermissionManagementTest method testCreateResourceType.

@Test
public void testCreateResourceType() {
    AuthorizationResource authorization = getClient().authorization();
    ResourcePermissionRepresentation representation = new ResourcePermissionRepresentation();
    representation.setName("Resource A Type Permission");
    representation.setDescription("description");
    representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
    representation.setLogic(Logic.NEGATIVE);
    representation.setResourceType("test-resource");
    representation.addPolicy("Only Marta Policy");
    assertCreated(authorization, representation);
}
Also used : AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) Test(org.junit.Test)

Aggregations

AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)110 Test (org.junit.Test)87 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)46 ClientResource (org.keycloak.admin.client.resource.ClientResource)43 Response (javax.ws.rs.core.Response)41 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)30 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)28 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)28 AuthzClient (org.keycloak.authorization.client.AuthzClient)27 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)25 ScopePermissionRepresentation (org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)23 Permission (org.keycloak.representations.idm.authorization.Permission)22 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)19 OAuthClient (org.keycloak.testsuite.util.OAuthClient)19 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)16 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)16 PolicyRepresentation (org.keycloak.representations.idm.authorization.PolicyRepresentation)16 ResourceServerRepresentation (org.keycloak.representations.idm.authorization.ResourceServerRepresentation)15 ArrayList (java.util.ArrayList)14 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)13