use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.
the class AggregatePolicyManagementTest method testUpdate.
@Test
public void testUpdate() {
AuthorizationResource authorization = getClient().authorization();
AggregatePolicyRepresentation representation = new AggregatePolicyRepresentation();
representation.setName("Update Aggregate Policy");
representation.setDescription("description");
representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
representation.setLogic(Logic.NEGATIVE);
representation.addPolicy("Only Marta Policy", "Only Kolo Policy");
assertCreated(authorization, representation);
representation.setName("changed");
representation.setDescription("changed");
representation.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
representation.setLogic(Logic.POSITIVE);
representation.getPolicies().clear();
representation.addPolicy("Only Kolo Policy");
AggregatePoliciesResource policies = authorization.policies().aggregate();
AggregatePolicyResource policy = policies.findById(representation.getId());
policy.update(representation);
assertRepresentation(representation, policy);
}
use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.
the class AggregatePolicyManagementTest method testDelete.
@Test
public void testDelete() {
AuthorizationResource authorization = getClient().authorization();
AggregatePolicyRepresentation representation = new AggregatePolicyRepresentation();
representation.setName("Test Delete Policy");
representation.addPolicy("Only Marta Policy");
AggregatePoliciesResource policies = authorization.policies().aggregate();
try (Response response = policies.create(representation)) {
AggregatePolicyRepresentation created = response.readEntity(AggregatePolicyRepresentation.class);
policies.findById(created.getId()).remove();
AggregatePolicyResource removed = policies.findById(created.getId());
try {
removed.toRepresentation();
fail("Policy not removed");
} catch (NotFoundException ignore) {
}
}
}
use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.
the class UserManagedAccessTest method configureAuthorization.
@Before
public void configureAuthorization() throws Exception {
ClientResource client = getClient(getRealm());
AuthorizationResource authorization = client.authorization();
JSPolicyRepresentation policy = new JSPolicyRepresentation();
policy.setName("Only Owner Policy");
policy.setCode("if ($evaluation.getContext().getIdentity().getId() == $evaluation.getPermission().getResource().getOwner()) {$evaluation.grant();}");
authorization.policies().js().create(policy).close();
}
use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.
the class UserManagedAccessTest method testPermissiveModePermissions.
@Test
public void testPermissiveModePermissions() throws Exception {
resource = addResource("Resource A");
try {
authorize("kolo", "password", resource.getId(), null);
fail("Access should be denied, server in enforcing mode");
} catch (AuthorizationDeniedException ade) {
}
AuthorizationResource authorizationResource = getClient(getRealm()).authorization();
ResourceServerRepresentation settings = authorizationResource.getSettings();
settings.setPolicyEnforcementMode(PolicyEnforcementMode.PERMISSIVE);
authorizationResource.update(settings);
AuthorizationResponse response = authorize("marta", "password", "Resource A", null);
String rpt = response.getToken();
assertNotNull(rpt);
assertFalse(response.isUpgraded());
AccessToken accessToken = toAccessToken(rpt);
AccessToken.Authorization authorization = accessToken.getAuthorization();
assertNotNull(authorization);
Collection<Permission> permissions = authorization.getPermissions();
assertNotNull(permissions);
assertPermissions(permissions, "Resource A");
assertTrue(permissions.isEmpty());
}
use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.
the class MyResourcesTest method afterAbstractKeycloakTestRealmImport.
@Override
public void afterAbstractKeycloakTestRealmImport() {
ClientResource resourceServer = getResourceServer();
AuthzClient authzClient = createAuthzClient(resourceServer.toRepresentation());
AuthorizationResource authorization = resourceServer.authorization();
ResourceRepresentation resource13 = null;
for (int i = 1; i < 15; i++) {
ResourceRepresentation resource = createResource(authzClient, authorization, i);
if (i == 13) {
resource13 = resource;
}
for (String scope : Arrays.asList("Scope A", "Scope B")) {
createTicket(authzClient, i, resource, scope, userNames[i % userNames.length]);
}
}
createTicket(authzClient, 13, resource13, "Scope A", "admin");
}
Aggregations