use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.
the class RolePolicyTest method createResource.
private void createResource(String name) {
AuthorizationResource authorization = getClient().authorization();
ResourceRepresentation resource = new ResourceRepresentation(name);
authorization.resources().create(resource).close();
}
use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.
the class ExportImportUtil method assertAuthorizationSettingsTestAppAuthz.
private static void assertAuthorizationSettingsTestAppAuthz(RealmResource realmRsc) {
AuthorizationResource authzResource = ApiUtil.findAuthorizationSettings(realmRsc, "test-app-authz");
Assert.assertNotNull(authzResource);
List<ResourceRepresentation> resources = authzResource.resources().resources();
Assert.assertEquals(4, resources.size());
ResourceServerRepresentation authzSettings = authzResource.getSettings();
List<Predicate<ResourceRepresentation>> resourcePredicates = new ArrayList<>();
resourcePredicates.add(resourceRep -> {
if ("Admin Resource".equals(resourceRep.getName())) {
Assert.assertEquals(authzSettings.getClientId(), resourceRep.getOwner().getId());
Assert.assertEquals("/protected/admin/*", resourceRep.getUri());
Assert.assertEquals("http://test-app-authz/protected/admin", resourceRep.getType());
Assert.assertEquals("http://icons.com/icon-admin", resourceRep.getIconUri());
Assert.assertEquals(1, resourceRep.getScopes().size());
return true;
}
return false;
});
resourcePredicates.add(resourceRep -> {
if ("Protected Resource".equals(resourceRep.getName())) {
Assert.assertEquals(authzSettings.getClientId(), resourceRep.getOwner().getId());
Assert.assertEquals("/*", resourceRep.getUri());
Assert.assertEquals("http://test-app-authz/protected/resource", resourceRep.getType());
Assert.assertEquals("http://icons.com/icon-resource", resourceRep.getIconUri());
Assert.assertEquals(1, resourceRep.getScopes().size());
return true;
}
return false;
});
resourcePredicates.add(resourceRep -> {
if ("Premium Resource".equals(resourceRep.getName())) {
Assert.assertEquals(authzSettings.getClientId(), resourceRep.getOwner().getId());
Assert.assertEquals("/protected/premium/*", resourceRep.getUri());
Assert.assertEquals("urn:test-app-authz:protected:resource", resourceRep.getType());
Assert.assertEquals("http://icons.com/icon-premium", resourceRep.getIconUri());
Assert.assertEquals(1, resourceRep.getScopes().size());
return true;
}
return false;
});
resourcePredicates.add(resourceRep -> {
if ("Main Page".equals(resourceRep.getName())) {
Assert.assertEquals(authzSettings.getClientId(), resourceRep.getOwner().getId());
Assert.assertNull(resourceRep.getUri());
Assert.assertEquals("urn:test-app-authz:protected:resource", resourceRep.getType());
Assert.assertEquals("http://icons.com/icon-main-page", resourceRep.getIconUri());
Assert.assertEquals(3, resourceRep.getScopes().size());
return true;
}
return false;
});
assertPredicate(resources, resourcePredicates);
List<ScopeRepresentation> scopes = authzResource.scopes().scopes();
Assert.assertEquals(6, scopes.size());
List<Predicate<ScopeRepresentation>> scopePredicates = new ArrayList<>();
scopePredicates.add(scopeRepresentation -> "admin-access".equals(scopeRepresentation.getName()));
scopePredicates.add(scopeRepresentation -> "resource-access".equals(scopeRepresentation.getName()));
scopePredicates.add(scopeRepresentation -> "premium-access".equals(scopeRepresentation.getName()));
scopePredicates.add(scopeRepresentation -> "urn:test-app-authz:page:main:actionForAdmin".equals(scopeRepresentation.getName()));
scopePredicates.add(scopeRepresentation -> "urn:test-app-authz:page:main:actionForUser".equals(scopeRepresentation.getName()));
scopePredicates.add(scopeRepresentation -> "urn:test-app-authz:page:main:actionForPremiumUser".equals(scopeRepresentation.getName()));
assertPredicate(scopes, scopePredicates);
List<PolicyRepresentation> policies = authzResource.policies().policies();
Assert.assertEquals(14, policies.size());
List<Predicate<PolicyRepresentation>> policyPredicates = new ArrayList<>();
policyPredicates.add(policyRepresentation -> "Any Admin Policy".equals(policyRepresentation.getName()));
policyPredicates.add(policyRepresentation -> "Any User Policy".equals(policyRepresentation.getName()));
policyPredicates.add(representation -> "Client and Realm Role Policy".equals(representation.getName()));
policyPredicates.add(representation -> "Client Test Policy".equals(representation.getName()));
policyPredicates.add(representation -> "Group Policy Test".equals(representation.getName()));
policyPredicates.add(policyRepresentation -> "Only Premium User Policy".equals(policyRepresentation.getName()));
policyPredicates.add(policyRepresentation -> "wburke policy".equals(policyRepresentation.getName()));
policyPredicates.add(policyRepresentation -> "All Users Policy".equals(policyRepresentation.getName()));
policyPredicates.add(policyRepresentation -> "Premium Resource Permission".equals(policyRepresentation.getName()));
policyPredicates.add(policyRepresentation -> "Administrative Resource Permission".equals(policyRepresentation.getName()));
policyPredicates.add(policyRepresentation -> "Protected Resource Permission".equals(policyRepresentation.getName()));
policyPredicates.add(policyRepresentation -> "Action 1 on Main Page Resource Permission".equals(policyRepresentation.getName()));
policyPredicates.add(policyRepresentation -> "Action 2 on Main Page Resource Permission".equals(policyRepresentation.getName()));
policyPredicates.add(policyRepresentation -> "Action 3 on Main Page Resource Permission".equals(policyRepresentation.getName()));
assertPredicate(policies, policyPredicates);
}
use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.
the class ResourcesRestServiceTest method before.
@Override
public void before() {
super.before();
ClientResource resourceServer = getResourceServer();
authzClient = createAuthzClient(resourceServer.toRepresentation());
AuthorizationResource authorization = resourceServer.authorization();
for (int i = 0; i < 30; i++) {
ResourceRepresentation resource = new ResourceRepresentation();
resource.setOwnerManagedAccess(true);
try {
resource.setOwner(JsonSerialization.readValue(new JWSInput(tokenUtil.getToken()).getContent(), AccessToken.class).getSubject());
} catch (Exception cause) {
throw new RuntimeException("Failed to parse access token", cause);
}
resource.setName("Resource " + i);
resource.setDisplayName("Display Name " + i);
resource.setIconUri("Icon Uri " + i);
resource.addScope("Scope A", "Scope B", "Scope C", "Scope D");
resource.setUri("http://resourceServer.com/resources/" + i);
try (Response response1 = authorization.resources().create(resource)) {
resource.setId(response1.readEntity(ResourceRepresentation.class).getId());
assertTrue(resource.getId() != null);
}
for (String scope : Arrays.asList("Scope A", "Scope B")) {
PermissionTicketRepresentation ticket = new PermissionTicketRepresentation();
ticket.setGranted(true);
ticket.setOwner(resource.getOwner().getId());
ticket.setRequesterName(userNames.get(i % userNames.size()));
ticket.setResource(resource.getId());
ticket.setScopeName(scope);
authzClient.protection("test-user@localhost", "password").permission().create(ticket);
}
}
}
use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.
the class DeployedScriptPolicyTest method testCreatePermission.
@Test
public void testCreatePermission() {
AuthorizationResource authorization = getAuthorizationResource();
PolicyRepresentation grantPolicy = new PolicyRepresentation();
grantPolicy.setName("Grant Policy");
grantPolicy.setType("script-policy-grant.js");
authorization.policies().create(grantPolicy).close();
PolicyRepresentation denyPolicy = new PolicyRepresentation();
denyPolicy.setName("Deny Policy");
denyPolicy.setType("script-policy-deny.js");
authorization.policies().create(denyPolicy).close();
PermissionsResource permissions = authorization.permissions();
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
permission.setName("Test Deployed JS Permission");
permission.addResource("Default Resource");
permission.addPolicy(grantPolicy.getName());
permissions.resource().create(permission).close();
PolicyEvaluationRequest request = new PolicyEvaluationRequest();
request.setUserId("marta");
request.addResource("Default Resource");
PolicyEvaluationResponse response = authorization.policies().evaluate(request);
assertEquals(DecisionEffect.PERMIT, response.getStatus());
permission = permissions.resource().findByName(permission.getName());
permission.addPolicy(denyPolicy.getName());
permissions.resource().findById(permission.getId()).update(permission);
response = authorization.policies().evaluate(request);
assertEquals(DecisionEffect.DENY, response.getStatus());
permission.addPolicy(grantPolicy.getName());
permissions.resource().findById(permission.getId()).update(permission);
response = authorization.policies().evaluate(request);
assertEquals(DecisionEffect.DENY, response.getStatus());
permission.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
permissions.resource().findById(permission.getId()).update(permission);
response = authorization.policies().evaluate(request);
assertEquals(DecisionEffect.PERMIT, response.getStatus());
}
use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.
the class PermissionsTest method clientAuthorization.
@Test
public void clientAuthorization() {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
ClientRepresentation newClient = new ClientRepresentation();
newClient.setClientId("foo-authz");
adminClient.realms().realm(REALM_NAME).clients().create(newClient);
ClientRepresentation foo = adminClient.realms().realm(REALM_NAME).clients().findByClientId("foo-authz").get(0);
invoke(new InvocationWithResponse() {
public void invoke(RealmResource realm, AtomicReference<Response> response) {
foo.setServiceAccountsEnabled(true);
foo.setAuthorizationServicesEnabled(true);
realm.clients().get(foo.getId()).update(foo);
}
}, CLIENT, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.clients().get(foo.getId()).authorization().getSettings();
}
}, AUTHORIZATION, false);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
AuthorizationResource authorization = realm.clients().get(foo.getId()).authorization();
ResourceServerRepresentation settings = authorization.getSettings();
authorization.update(settings);
}
}, AUTHORIZATION, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
AuthorizationResource authorization = realm.clients().get(foo.getId()).authorization();
authorization.resources().resources();
}
}, AUTHORIZATION, false);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
AuthorizationResource authorization = realm.clients().get(foo.getId()).authorization();
authorization.scopes().scopes();
}
}, AUTHORIZATION, false);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
AuthorizationResource authorization = realm.clients().get(foo.getId()).authorization();
authorization.policies().policies();
}
}, AUTHORIZATION, false);
invoke(new InvocationWithResponse() {
public void invoke(RealmResource realm, AtomicReference<Response> response) {
AuthorizationResource authorization = realm.clients().get(foo.getId()).authorization();
response.set(authorization.resources().create(new ResourceRepresentation("Test", Collections.emptySet())));
}
}, AUTHORIZATION, true);
invoke(new InvocationWithResponse() {
public void invoke(RealmResource realm, AtomicReference<Response> response) {
AuthorizationResource authorization = realm.clients().get(foo.getId()).authorization();
response.set(authorization.scopes().create(new ScopeRepresentation("Test")));
}
}, AUTHORIZATION, true);
invoke(new InvocationWithResponse() {
public void invoke(RealmResource realm, AtomicReference<Response> response) {
AuthorizationResource authorization = realm.clients().get(foo.getId()).authorization();
ResourcePermissionRepresentation representation = new ResourcePermissionRepresentation();
representation.setName("Test PermissionsTest");
representation.addResource("Default Resource");
response.set(authorization.permissions().resource().create(representation));
}
}, AUTHORIZATION, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
AuthorizationResource authorization = realm.clients().get(foo.getId()).authorization();
authorization.resources().resource("nosuch").update(new ResourceRepresentation());
}
}, AUTHORIZATION, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
AuthorizationResource authorization = realm.clients().get(foo.getId()).authorization();
authorization.scopes().scope("nosuch").update(new ScopeRepresentation());
}
}, AUTHORIZATION, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
AuthorizationResource authorization = realm.clients().get(foo.getId()).authorization();
authorization.policies().policy("nosuch").update(new PolicyRepresentation());
}
}, AUTHORIZATION, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
AuthorizationResource authorization = realm.clients().get(foo.getId()).authorization();
authorization.resources().resource("nosuch").remove();
}
}, AUTHORIZATION, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
AuthorizationResource authorization = realm.clients().get(foo.getId()).authorization();
authorization.scopes().scope("nosuch").remove();
}
}, AUTHORIZATION, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
AuthorizationResource authorization = realm.clients().get(foo.getId()).authorization();
authorization.policies().policy("nosuch").remove();
}
}, AUTHORIZATION, true);
}
Aggregations