Examples with PoliciesResource org.keycloak.admin.client.resource.PoliciesResource used on opensource projects

Search in sources :

Example 1 with PoliciesResource

use of org.keycloak.admin.client.resource.PoliciesResource in project keycloak by keycloak.

the class AbstractPhotozExampleAdapterTest method testAdminWithoutPermissionsToDeleteAlbum.

@Test
public void testAdminWithoutPermissionsToDeleteAlbum() throws Exception {
    loginToClientPage(aliceUser);
    clientPage.createAlbum(ALICE_ALBUM_NAME);
    loginToClientPage(adminUser);
    clientPage.navigateToAdminAlbum(this::assertWasNotDenied);
    clientPage.viewAlbum(ALICE_ALBUM_NAME, this::assertWasNotDenied);
    clientPage.deleteAlbum(ALICE_ALBUM_NAME, this::assertWasNotDenied);
    assertThat(getResourcesOfUser("alice"), is(empty()));
    PoliciesResource policiesResource = getAuthorizationResource().policies();
    List<PolicyRepresentation> policies = policiesResource.policies();
    for (PolicyRepresentation policy : policies) {
        if ("Delete Album Permission".equals(policy.getName())) {
            policy.getConfig().put("applyPolicies", "[\"Only Owner Policy\"]");
            policiesResource.policy(policy.getId()).update(policy);
        }
    }
    printUpdatedPolicies();
    loginToClientPage(aliceUser);
    clientPage.createAlbum(ALICE_ALBUM_NAME);
    loginToClientPage(adminUser);
    clientPage.viewAlbum(ALICE_ALBUM_NAME, this::assertWasNotDenied);
    assertThat(getResourcesOfUser("alice"), is(not(empty())));
    clientPage.deleteAlbum(ALICE_ALBUM_NAME, this::assertWasDenied);
    for (PolicyRepresentation policy : policies) {
        if ("Delete Album Permission".equals(policy.getName())) {
            policy.getConfig().put("applyPolicies", "[\"Only Owner and Administrators Policy\"]");
            policiesResource.policy(policy.getId()).update(policy);
        }
    }
    printUpdatedPolicies();
    // Clear cache
    loginToClientPage(adminUser);
    clientPage.deleteAlbum(ALICE_ALBUM_NAME, this::assertWasNotDenied);
    assertThat(getResourcesOfUser("alice"), is(empty()));
}
Also used : PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) PoliciesResource(org.keycloak.admin.client.resource.PoliciesResource) Test(org.junit.Test)

Example 2 with PoliciesResource

use of org.keycloak.admin.client.resource.PoliciesResource in project keycloak by keycloak.

the class GenericPolicyManagementTest method assertAssociatedPolicy.

private void assertAssociatedPolicy(String associatedPolicyName, PolicyRepresentation dependentPolicy) {
    PolicyRepresentation associatedPolicy = findPolicyByName(associatedPolicyName);
    PoliciesResource policies = getClientResource().authorization().policies();
    associatedPolicy = policies.policy(associatedPolicy.getId()).toRepresentation();
    assertNotNull(associatedPolicy);
    PolicyRepresentation finalAssociatedPolicy = associatedPolicy;
    PolicyResource policyResource = policies.policy(dependentPolicy.getId());
    List<PolicyRepresentation> associatedPolicies = policyResource.associatedPolicies();
    assertTrue(associatedPolicies.stream().filter(associated -> associated.getId().equals(finalAssociatedPolicy.getId())).findFirst().isPresent());
    List<PolicyRepresentation> dependentPolicies = policies.policy(associatedPolicy.getId()).dependentPolicies();
    assertEquals(1, dependentPolicies.size());
    assertEquals(dependentPolicy.getId(), dependentPolicies.get(0).getId());
}
Also used : PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Arrays(java.util.Arrays) ResourceResource(org.keycloak.admin.client.resource.ResourceResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) HashMap(java.util.HashMap) Function(java.util.function.Function) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) ArrayList(java.util.ArrayList) ResourcesResource(org.keycloak.admin.client.resource.ResourcesResource) Logic(org.keycloak.representations.idm.authorization.Logic) Map(java.util.Map) PolicyResource(org.keycloak.admin.client.resource.PolicyResource) ResourceScopeResource(org.keycloak.admin.client.resource.ResourceScopeResource) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation) ResourceScopesResource(org.keycloak.admin.client.resource.ResourceScopesResource) Assert.assertNotNull(org.junit.Assert.assertNotNull) PolicyProviderRepresentation(org.keycloak.representations.idm.authorization.PolicyProviderRepresentation) Set(java.util.Set) Assert.assertTrue(org.junit.Assert.assertTrue) Test(org.junit.Test) DecisionStrategy(org.keycloak.representations.idm.authorization.DecisionStrategy) Collectors(java.util.stream.Collectors) PoliciesResource(org.keycloak.admin.client.resource.PoliciesResource) List(java.util.List) Assert.assertNull(org.junit.Assert.assertNull) Response(javax.ws.rs.core.Response) Assert.assertFalse(org.junit.Assert.assertFalse) Assert.assertEquals(org.junit.Assert.assertEquals) PolicyResource(org.keycloak.admin.client.resource.PolicyResource) PoliciesResource(org.keycloak.admin.client.resource.PoliciesResource)

Example 3 with PoliciesResource

use of org.keycloak.admin.client.resource.PoliciesResource in project keycloak by keycloak.

the class GenericPolicyManagementTest method createPolicy.

private PolicyResource createPolicy(String name, Map<String, String> config) {
    PolicyRepresentation newPolicy = new PolicyRepresentation();
    newPolicy.setName(name);
    newPolicy.setType("scope");
    newPolicy.setConfig(config);
    PoliciesResource policies = getClientResource().authorization().policies();
    try (Response response = policies.create(newPolicy)) {
        assertEquals(Response.Status.CREATED.getStatusCode(), response.getStatus());
        PolicyRepresentation stored = response.readEntity(PolicyRepresentation.class);
        return policies.policy(stored.getId());
    }
}
Also used : PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) Response(javax.ws.rs.core.Response) PoliciesResource(org.keycloak.admin.client.resource.PoliciesResource)

Example 4 with PoliciesResource

use of org.keycloak.admin.client.resource.PoliciesResource in project keycloak by keycloak.

the class ScopePermissionManagementTest method configureTest.

@Before
public void configureTest() {
    super.configureTest();
    RolesResource realmRoles = testRealmResource().roles();
    realmRoles.create(new RoleRepresentation("Role A", "", false));
    realmRoles.create(new RoleRepresentation("Role B", "", false));
    RolePolicyRepresentation policyA = new RolePolicyRepresentation();
    policyA.setName("Policy A");
    policyA.addRole("Role A");
    AuthorizationResource authorization = testRealmResource().clients().get(newClient.getId()).authorization();
    PoliciesResource policies = authorization.policies();
    RolePoliciesResource roles = policies.role();
    roles.create(policyA);
    RolePolicyRepresentation policyB = new RolePolicyRepresentation();
    policyB.setName("Policy B");
    policyB.addRole("Role B");
    roles.create(policyB);
    UserPolicyRepresentation policyC = new UserPolicyRepresentation();
    policyC.setName("Policy C");
    policyC.addUser("test");
    policies.user().create(policyC).close();
    authorization.scopes().create(new ScopeRepresentation("Scope A"));
    authorization.scopes().create(new ScopeRepresentation("Scope B"));
    authorization.scopes().create(new ScopeRepresentation("Scope C"));
    ResourcesResource resources = authorization.resources();
    resources.create(new ResourceRepresentation("Resource A", "Scope A"));
    resources.create(new ResourceRepresentation("Resource B", "Scope B", "Scope C"));
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) RolePolicyRepresentation(org.keycloak.representations.idm.authorization.RolePolicyRepresentation) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) RolePoliciesResource(org.keycloak.admin.client.resource.RolePoliciesResource) ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation) PoliciesResource(org.keycloak.admin.client.resource.PoliciesResource) RolePoliciesResource(org.keycloak.admin.client.resource.RolePoliciesResource) RolesResource(org.keycloak.admin.client.resource.RolesResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourcesResource(org.keycloak.admin.client.resource.ResourcesResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Before(org.junit.Before)

Example 5 with PoliciesResource

use of org.keycloak.admin.client.resource.PoliciesResource in project keycloak by keycloak.

the class AbstractPhotozExampleAdapterTest method testAdminWithoutPermissionsToTypedResource.

@Test
public void testAdminWithoutPermissionsToTypedResource() throws Exception {
    loginToClientPage(aliceUser);
    clientPage.createAlbum(ALICE_ALBUM_NAME);
    loginToClientPage(adminUser);
    clientPage.navigateToAdminAlbum(this::assertWasNotDenied);
    clientPage.viewAlbum(ALICE_ALBUM_NAME, this::assertWasNotDenied);
    PoliciesResource policiesResource = getAuthorizationResource().policies();
    List<PolicyRepresentation> policies = policiesResource.policies();
    for (PolicyRepresentation policy : policies) {
        if ("Album Resource Permission".equals(policy.getName())) {
            policy.getConfig().put("applyPolicies", "[\"Any User Policy\"]");
            policiesResource.policy(policy.getId()).update(policy);
        }
        if ("Any User Policy".equals(policy.getName())) {
            ClientResource resourceServerClient = getClientResource(RESOURCE_SERVER_ID);
            RoleResource manageAlbumRole = resourceServerClient.roles().get("manage-albums");
            RoleRepresentation roleRepresentation = manageAlbumRole.toRepresentation();
            List<Map<String, Object>> roles = JsonSerialization.readValue(policy.getConfig().get("roles"), List.class);
            roles = roles.stream().filter((Map map) -> !map.get("id").equals(roleRepresentation.getId())).collect(Collectors.toList());
            policy.getConfig().put("roles", JsonSerialization.writeValueAsString(roles));
            policiesResource.policy(policy.getId()).update(policy);
        }
    }
    printUpdatedPolicies();
    // Clear cache
    loginToClientPage(adminUser);
    clientPage.navigateToAdminAlbum(this::assertWasNotDenied);
    clientPage.viewAlbum(ALICE_ALBUM_NAME, this::assertWasDenied);
    clientPage.deleteAlbum(ALICE_ALBUM_NAME, this::assertWasDenied);
    for (PolicyRepresentation policy : policies) {
        if ("Album Resource Permission".equals(policy.getName())) {
            policy.getConfig().put("applyPolicies", "[\"Any User Policy\", \"Administration Policy\"]");
            policiesResource.policy(policy.getId()).update(policy);
        }
    }
    printUpdatedPolicies();
    // Clear cache
    loginToClientPage(adminUser);
    clientPage.viewAlbum(ALICE_ALBUM_NAME, this::assertWasNotDenied);
    clientPage.deleteAlbum(ALICE_ALBUM_NAME, this::assertWasNotDenied);
    assertThat(getResourcesOfUser("alice"), is(empty()));
}
Also used : PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) RoleResource(org.keycloak.admin.client.resource.RoleResource) ClientResource(org.keycloak.admin.client.resource.ClientResource) PoliciesResource(org.keycloak.admin.client.resource.PoliciesResource) HashMap(java.util.HashMap) Map(java.util.Map) Test(org.junit.Test)

Aggregations

PoliciesResource (org.keycloak.admin.client.resource.PoliciesResource)7 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)4 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)4 PolicyRepresentation (org.keycloak.representations.idm.authorization.PolicyRepresentation)4 Before (org.junit.Before)3 Test (org.junit.Test)3 ResourcesResource (org.keycloak.admin.client.resource.ResourcesResource)3 RolePoliciesResource (org.keycloak.admin.client.resource.RolePoliciesResource)3 RolesResource (org.keycloak.admin.client.resource.RolesResource)3 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)3 RolePolicyRepresentation (org.keycloak.representations.idm.authorization.RolePolicyRepresentation)3 UserPolicyRepresentation (org.keycloak.representations.idm.authorization.UserPolicyRepresentation)3 HashMap (java.util.HashMap)2 Map (java.util.Map)2 Response (javax.ws.rs.core.Response)2 ScopeRepresentation (org.keycloak.representations.idm.authorization.ScopeRepresentation)2 ArrayList (java.util.ArrayList)1 Arrays (java.util.Arrays)1 List (java.util.List)1 Set (java.util.Set)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial