Examples with AuthorizationResource org.keycloak.admin.client.resource.AuthorizationResource used on opensource projects

Search in sources :

Example 41 with AuthorizationResource

use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.

the class ConflictingScopePermissionTest method testMartaCanAccessResourceAWithExecuteAndWrite.

/**
 * <p>Scope Read on Resource A has two conflicting permissions. One is granting access for Marta and the other for Kolo.
 *
 * <p>Scope Read should not be granted for Marta.
 */
@Test
public void testMartaCanAccessResourceAWithExecuteAndWrite() throws Exception {
    ClientResource client = getClient(getRealm());
    AuthorizationResource authorization = client.authorization();
    ResourceServerRepresentation settings = authorization.getSettings();
    settings.setPolicyEnforcementMode(PolicyEnforcementMode.ENFORCING);
    settings.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
    authorization.update(settings);
    Collection<Permission> permissions = getEntitlements("marta", "password");
    assertEquals(1, permissions.size());
    for (Permission permission : new ArrayList<>(permissions)) {
        String resourceSetName = permission.getResourceName();
        switch(resourceSetName) {
            case "Resource A":
                assertThat(permission.getScopes(), containsInAnyOrder("execute", "write"));
                permissions.remove(permission);
                break;
            case "Resource C":
                assertThat(permission.getScopes(), containsInAnyOrder("execute", "write", "read"));
                permissions.remove(permission);
                break;
            default:
                fail("Unexpected permission for resource [" + resourceSetName + "]");
        }
    }
    assertTrue(permissions.isEmpty());
}
Also used : ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) Permission(org.keycloak.representations.idm.authorization.Permission) ArrayList(java.util.ArrayList) ClientResource(org.keycloak.admin.client.resource.ClientResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) Test(org.junit.Test)

Example 42 with AuthorizationResource

use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.

the class UmaGrantTypeTest method testObtainRptOnlyAuthorizedScopes.

@Test
public void testObtainRptOnlyAuthorizedScopes() throws Exception {
    ResourceRepresentation resourceA = addResource(KeycloakModelUtils.generateId(), "READ", "WRITE");
    ScopePermissionRepresentation permissionA = new ScopePermissionRepresentation();
    permissionA.setName(KeycloakModelUtils.generateId());
    permissionA.addScope("READ");
    permissionA.addPolicy("Default Policy");
    AuthorizationResource authzResource = getClient(getRealm()).authorization();
    authzResource.permissions().scope().create(permissionA).close();
    ScopePermissionRepresentation permissionB = new ScopePermissionRepresentation();
    permissionB.setName(KeycloakModelUtils.generateId());
    permissionB.addScope("WRITE");
    permissionB.addPolicy("Deny Policy");
    authzResource.permissions().scope().create(permissionB).close();
    AuthorizationResponse response = authorize("marta", "password", resourceA.getName(), new String[] { "READ" });
    String rpt = response.getToken();
    AccessToken.Authorization authorization = toAccessToken(rpt).getAuthorization();
    Collection<Permission> permissions = authorization.getPermissions();
    assertFalse(response.isUpgraded());
    assertNotNull(permissions);
    assertPermissions(permissions, resourceA.getName(), "READ");
    assertTrue(permissions.isEmpty());
    response = authorize("marta", "password", resourceA.getName(), new String[] { "READ", "WRITE" });
    rpt = response.getToken();
    authorization = toAccessToken(rpt).getAuthorization();
    permissions = authorization.getPermissions();
    assertFalse(response.isUpgraded());
    assertNotNull(permissions);
    assertPermissions(permissions, resourceA.getName(), "READ");
    assertTrue(permissions.isEmpty());
}
Also used : AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) ScopePermissionRepresentation(org.keycloak.representations.idm.authorization.ScopePermissionRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 43 with AuthorizationResource

use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.

the class UmaGrantTypeTest method configureAuthorization.

@Before
public void configureAuthorization() throws Exception {
    ClientResource client = getClient(getRealm());
    AuthorizationResource authorization = client.authorization();
    JSPolicyRepresentation policy = new JSPolicyRepresentation();
    policy.setName("Default Policy");
    policy.setCode("$evaluation.grant();");
    authorization.policies().js().create(policy).close();
    ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
    resourceA = addResource("Resource A", "ScopeA", "ScopeB", "ScopeC");
    permission.setName(resourceA.getName() + " Permission");
    permission.addResource(resourceA.getName());
    permission.addPolicy(policy.getName());
    authorization.permissions().resource().create(permission).close();
    policy = new JSPolicyRepresentation();
    policy.setName("Deny Policy");
    policy.setCode("$evaluation.deny();");
    authorization.policies().js().create(policy).close();
}
Also used : JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) Before(org.junit.Before)

Example 44 with AuthorizationResource

use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.

the class UmaGrantTypeTest method testObtainRptWithUpgradeWithUnauthorizedResourceFromRpt.

@Test
public void testObtainRptWithUpgradeWithUnauthorizedResourceFromRpt() throws Exception {
    ResourcePermissionRepresentation permissionA = new ResourcePermissionRepresentation();
    ResourceRepresentation resourceA = addResource(KeycloakModelUtils.generateId(), "ScopeA", "ScopeB", "ScopeC");
    permissionA.setName(resourceA.getName() + " Permission");
    permissionA.addResource(resourceA.getName());
    permissionA.addPolicy("Default Policy");
    AuthorizationResource authzResource = getClient(getRealm()).authorization();
    authzResource.permissions().resource().create(permissionA).close();
    AuthorizationResponse response = authorize("marta", "password", resourceA.getId(), new String[] { "ScopeA", "ScopeB" });
    String rpt = response.getToken();
    AccessToken.Authorization authorization = toAccessToken(rpt).getAuthorization();
    Collection<Permission> permissions = authorization.getPermissions();
    assertFalse(response.isUpgraded());
    assertNotNull(permissions);
    assertPermissions(permissions, resourceA.getName(), "ScopeA", "ScopeB");
    assertTrue(permissions.isEmpty());
    ResourceRepresentation resourceB = addResource(KeycloakModelUtils.generateId(), "ScopeA", "ScopeB", "ScopeC");
    ResourcePermissionRepresentation permissionB = new ResourcePermissionRepresentation();
    permissionB.setName(resourceB.getName() + " Permission");
    permissionB.addResource(resourceB.getName());
    permissionB.addPolicy("Default Policy");
    authzResource.permissions().resource().create(permissionB).close();
    response = authorize("marta", "password", resourceB.getId(), new String[] { "ScopeC" }, rpt);
    rpt = response.getToken();
    authorization = toAccessToken(rpt).getAuthorization();
    permissions = authorization.getPermissions();
    assertTrue(response.isUpgraded());
    assertNotNull(permissions);
    assertPermissions(permissions, resourceA.getName(), "ScopeA", "ScopeB");
    assertPermissions(permissions, resourceB.getName(), "ScopeC");
    assertTrue(permissions.isEmpty());
    permissionB = authzResource.permissions().resource().findByName(permissionB.getName());
    permissionB.removePolicy("Default Policy");
    permissionB.addPolicy("Deny Policy");
    authzResource.permissions().resource().findById(permissionB.getId()).update(permissionB);
    response = authorize("marta", "password", resourceA.getId(), new String[] { "ScopeC" }, rpt);
    rpt = response.getToken();
    authorization = toAccessToken(rpt).getAuthorization();
    permissions = authorization.getPermissions();
    assertFalse(response.isUpgraded());
    assertNotNull(permissions);
    assertPermissions(permissions, resourceA.getName(), "ScopeA", "ScopeB", "ScopeC");
    assertTrue(permissions.isEmpty());
}
Also used : AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 45 with AuthorizationResource

use of org.keycloak.admin.client.resource.AuthorizationResource in project keycloak by keycloak.

the class RegexPolicyTest method createResource.

private void createResource(String name) {
    AuthorizationResource authorization = getClient().authorization();
    ResourceRepresentation resource = new ResourceRepresentation(name);
    authorization.resources().create(resource).close();
}
Also used : AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Aggregations

AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)110 Test (org.junit.Test)87 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)46 ClientResource (org.keycloak.admin.client.resource.ClientResource)43 Response (javax.ws.rs.core.Response)41 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)30 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)28 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)28 AuthzClient (org.keycloak.authorization.client.AuthzClient)27 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)25 ScopePermissionRepresentation (org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)23 Permission (org.keycloak.representations.idm.authorization.Permission)22 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)19 OAuthClient (org.keycloak.testsuite.util.OAuthClient)19 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)16 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)16 PolicyRepresentation (org.keycloak.representations.idm.authorization.PolicyRepresentation)16 ResourceServerRepresentation (org.keycloak.representations.idm.authorization.ResourceServerRepresentation)15 ArrayList (java.util.ArrayList)14 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)13
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial