use of org.keycloak.admin.client.resource.ResourceScopesResource in project keycloak by keycloak.
the class PermissionManagementTest method testRemoveScopeFromResource.
@Test
public void testRemoveScopeFromResource() throws Exception {
ResourceRepresentation resource = addResource("Resource A", "kolo", true, "ScopeA", "ScopeB");
PermissionRequest permissionRequest = new PermissionRequest(resource.getId(), "ScopeA", "ScopeB");
AuthzClient authzClient = getAuthzClient();
PermissionResponse response = authzClient.protection("marta", "password").permission().create(permissionRequest);
assertNotNull(response.getTicket());
AuthorizationRequest request = new AuthorizationRequest();
request.setTicket(response.getTicket());
request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
try {
authzClient.authorization().authorize(request);
} catch (Exception e) {
}
AuthorizationResource authorization = getClient(getRealm()).authorization();
ResourceScopesResource scopes = authorization.scopes();
ScopeRepresentation removedScope = scopes.findByName("ScopeA");
List permissions = authzClient.protection().permission().findByScope(removedScope.getId());
assertFalse(permissions.isEmpty());
resource.setScopes(new HashSet<>());
resource.addScope("ScopeB");
authorization.resources().resource(resource.getId()).update(resource);
permissions = authzClient.protection().permission().findByScope(removedScope.getId());
assertTrue(permissions.isEmpty());
ScopeRepresentation scopeB = scopes.findByName("ScopeB");
permissions = authzClient.protection().permission().findByScope(scopeB.getId());
assertFalse(permissions.isEmpty());
}
use of org.keycloak.admin.client.resource.ResourceScopesResource in project keycloak by keycloak.
the class GenericPolicyManagementTest method createScope.
private ResourceScopeResource createScope(String name) {
ScopeRepresentation newScope = new ScopeRepresentation();
newScope.setName(name);
ResourceScopesResource scopes = getClientResource().authorization().scopes();
try (Response response = scopes.create(newScope)) {
assertEquals(Response.Status.CREATED.getStatusCode(), response.getStatus());
ScopeRepresentation stored = response.readEntity(ScopeRepresentation.class);
return scopes.scope(stored.getId());
}
}
use of org.keycloak.admin.client.resource.ResourceScopesResource in project keycloak by keycloak.
the class AbstractAuthorizationTest method createScope.
protected ResourceScopeResource createScope(String name, String iconUri) {
ScopeRepresentation newScope = new ScopeRepresentation();
newScope.setName(name);
newScope.setIconUri(iconUri);
ResourceScopesResource resources = getClientResource().authorization().scopes();
try (Response response = resources.create(newScope)) {
assertEquals(Response.Status.CREATED.getStatusCode(), response.getStatus());
ScopeRepresentation stored = response.readEntity(ScopeRepresentation.class);
return resources.scope(stored.getId());
}
}
use of org.keycloak.admin.client.resource.ResourceScopesResource in project keycloak by keycloak.
the class PermissionManagementTest method testDeleteScopeAndPermissionTicket.
@Test
public void testDeleteScopeAndPermissionTicket() throws Exception {
ResourceRepresentation resource = addResource("Resource A", "kolo", true, "ScopeA", "ScopeB", "ScopeC");
PermissionRequest permissionRequest = new PermissionRequest(resource.getId());
permissionRequest.setScopes(new HashSet<>(Arrays.asList("ScopeA", "ScopeB", "ScopeC")));
AuthzClient authzClient = getAuthzClient();
PermissionResponse response = authzClient.protection("marta", "password").permission().create(permissionRequest);
assertNotNull(response.getTicket());
AuthorizationRequest request = new AuthorizationRequest();
request.setTicket(response.getTicket());
request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
try {
authzClient.authorization().authorize(request);
} catch (Exception e) {
}
assertEquals(3, authzClient.protection().permission().findByResource(resource.getId()).size());
AuthorizationResource authorization = getClient(getRealm()).authorization();
ResourceScopesResource scopes = authorization.scopes();
ScopeRepresentation scope = scopes.findByName("ScopeA");
List permissions = authzClient.protection().permission().findByScope(scope.getId());
assertFalse(permissions.isEmpty());
assertEquals(1, permissions.size());
resource.setScopes(Collections.emptySet());
authorization.resources().resource(resource.getId()).update(resource);
scopes.scope(scope.getId()).remove();
assertTrue(authzClient.protection().permission().findByScope(scope.getId()).isEmpty());
assertEquals(0, authzClient.protection().permission().findByResource(resource.getId()).size());
}
Aggregations