Search in sources :

Example 71 with AuthorizationResource

use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.

the class AggregatePolicyManagementTest method testUpdate.

@Test
public void testUpdate() {
    AuthorizationResource authorization = getClient().authorization();
    AggregatePolicyRepresentation representation = new AggregatePolicyRepresentation();
    representation.setName("Update Aggregate Policy");
    representation.setDescription("description");
    representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
    representation.setLogic(Logic.NEGATIVE);
    representation.addPolicy("Only Marta Policy", "Only Kolo Policy");
    assertCreated(authorization, representation);
    representation.setName("changed");
    representation.setDescription("changed");
    representation.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
    representation.setLogic(Logic.POSITIVE);
    representation.getPolicies().clear();
    representation.addPolicy("Only Kolo Policy");
    AggregatePoliciesResource policies = authorization.policies().aggregate();
    AggregatePolicyResource policy = policies.findById(representation.getId());
    policy.update(representation);
    assertRepresentation(representation, policy);
}
Also used : AggregatePoliciesResource(org.keycloak.admin.client.resource.AggregatePoliciesResource) AggregatePolicyResource(org.keycloak.admin.client.resource.AggregatePolicyResource) AggregatePolicyRepresentation(org.keycloak.representations.idm.authorization.AggregatePolicyRepresentation) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) Test(org.junit.Test)

Example 72 with AuthorizationResource

use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.

the class AggregatePolicyManagementTest method testDelete.

@Test
public void testDelete() {
    AuthorizationResource authorization = getClient().authorization();
    AggregatePolicyRepresentation representation = new AggregatePolicyRepresentation();
    representation.setName("Test Delete Policy");
    representation.addPolicy("Only Marta Policy");
    AggregatePoliciesResource policies = authorization.policies().aggregate();
    try (Response response = policies.create(representation)) {
        AggregatePolicyRepresentation created = response.readEntity(AggregatePolicyRepresentation.class);
        policies.findById(created.getId()).remove();
        AggregatePolicyResource removed = policies.findById(created.getId());
        try {
            removed.toRepresentation();
            fail("Policy not removed");
        } catch (NotFoundException ignore) {
        }
    }
}
Also used : Response(javax.ws.rs.core.Response) AggregatePoliciesResource(org.keycloak.admin.client.resource.AggregatePoliciesResource) AggregatePolicyResource(org.keycloak.admin.client.resource.AggregatePolicyResource) NotFoundException(javax.ws.rs.NotFoundException) AggregatePolicyRepresentation(org.keycloak.representations.idm.authorization.AggregatePolicyRepresentation) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) Test(org.junit.Test)

Example 73 with AuthorizationResource

use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.

the class UserManagedAccessTest method configureAuthorization.

@Before
public void configureAuthorization() throws Exception {
    ClientResource client = getClient(getRealm());
    AuthorizationResource authorization = client.authorization();
    JSPolicyRepresentation policy = new JSPolicyRepresentation();
    policy.setName("Only Owner Policy");
    policy.setCode("if ($evaluation.getContext().getIdentity().getId() == $evaluation.getPermission().getResource().getOwner()) {$evaluation.grant();}");
    authorization.policies().js().create(policy).close();
}
Also used : JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) Before(org.junit.Before)

Example 74 with AuthorizationResource

use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.

the class UserManagedAccessTest method testPermissiveModePermissions.

@Test
public void testPermissiveModePermissions() throws Exception {
    resource = addResource("Resource A");
    try {
        authorize("kolo", "password", resource.getId(), null);
        fail("Access should be denied, server in enforcing mode");
    } catch (AuthorizationDeniedException ade) {
    }
    AuthorizationResource authorizationResource = getClient(getRealm()).authorization();
    ResourceServerRepresentation settings = authorizationResource.getSettings();
    settings.setPolicyEnforcementMode(PolicyEnforcementMode.PERMISSIVE);
    authorizationResource.update(settings);
    AuthorizationResponse response = authorize("marta", "password", "Resource A", null);
    String rpt = response.getToken();
    assertNotNull(rpt);
    assertFalse(response.isUpgraded());
    AccessToken accessToken = toAccessToken(rpt);
    AccessToken.Authorization authorization = accessToken.getAuthorization();
    assertNotNull(authorization);
    Collection<Permission> permissions = authorization.getPermissions();
    assertNotNull(permissions);
    assertPermissions(permissions, "Resource A");
    assertTrue(permissions.isEmpty());
}
Also used : AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException) ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 75 with AuthorizationResource

use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.

the class MyResourcesTest method afterAbstractKeycloakTestRealmImport.

@Override
public void afterAbstractKeycloakTestRealmImport() {
    ClientResource resourceServer = getResourceServer();
    AuthzClient authzClient = createAuthzClient(resourceServer.toRepresentation());
    AuthorizationResource authorization = resourceServer.authorization();
    ResourceRepresentation resource13 = null;
    for (int i = 1; i < 15; i++) {
        ResourceRepresentation resource = createResource(authzClient, authorization, i);
        if (i == 13) {
            resource13 = resource;
        }
        for (String scope : Arrays.asList("Scope A", "Scope B")) {
            createTicket(authzClient, i, resource, scope, userNames[i % userNames.length]);
        }
    }
    createTicket(authzClient, 13, resource13, "Scope A", "admin");
}
Also used : AuthzClient(org.keycloak.authorization.client.AuthzClient) ClientResource(org.keycloak.admin.client.resource.ClientResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Aggregations

AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)110 Test (org.junit.Test)87 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)46 ClientResource (org.keycloak.admin.client.resource.ClientResource)43 Response (javax.ws.rs.core.Response)41 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)30 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)28 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)28 AuthzClient (org.keycloak.authorization.client.AuthzClient)27 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)25 ScopePermissionRepresentation (org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)23 Permission (org.keycloak.representations.idm.authorization.Permission)22 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)19 OAuthClient (org.keycloak.testsuite.util.OAuthClient)19 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)16 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)16 PolicyRepresentation (org.keycloak.representations.idm.authorization.PolicyRepresentation)16 ResourceServerRepresentation (org.keycloak.representations.idm.authorization.ResourceServerRepresentation)15 ArrayList (java.util.ArrayList)14 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)13