Search in sources :

Example 6 with ResourcesResource

use of org.keycloak.admin.client.resource.ResourcesResource in project keycloak by keycloak.

the class ResourceManagementTest method doCreateResource.

protected ResourceRepresentation doCreateResource(ResourceRepresentation newResource) {
    ResourcesResource resources = getClientResource().authorization().resources();
    try (Response response = resources.create(newResource)) {
        int status = response.getStatus();
        if (status != Response.Status.CREATED.getStatusCode()) {
            throw new RuntimeException(new HttpResponseException("Error", status, "", null));
        }
        ResourceRepresentation stored = response.readEntity(ResourceRepresentation.class);
        return resources.resource(stored.getId()).toRepresentation();
    }
}
Also used : Response(javax.ws.rs.core.Response) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) ResourcesResource(org.keycloak.admin.client.resource.ResourcesResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 7 with ResourcesResource

use of org.keycloak.admin.client.resource.ResourcesResource in project keycloak by keycloak.

the class AbstractPhotozExampleAdapterTest method testInheritPermissionFromResourceParent.

@Test
public void testInheritPermissionFromResourceParent() throws Exception {
    loginToClientPage(aliceUser);
    final String RESOURCE_NAME = "My-Resource-Instance";
    clientPage.createAlbum(RESOURCE_NAME);
    clientPage.viewAlbum(RESOURCE_NAME, this::assertWasNotDenied);
    clientPage.deleteAlbum(RESOURCE_NAME, this::assertWasNotDenied);
    clientPage.createAlbum(RESOURCE_NAME);
    loginToClientPage(adminUser);
    clientPage.navigateToAdminAlbum(this::assertWasNotDenied);
    clientPage.viewAlbum(RESOURCE_NAME, this::assertWasNotDenied);
    clientPage.deleteAlbum(RESOURCE_NAME, this::assertWasNotDenied);
    loginToClientPage(aliceUser);
    clientPage.createAlbum(RESOURCE_NAME);
    ResourcesResource resourcesResource = getAuthorizationResource().resources();
    resourcesResource.resources().forEach(resource -> {
        if (resource.getName().equals(RESOURCE_NAME)) {
            try {
                PolicyRepresentation resourceInstancePermission = new PolicyRepresentation();
                resourceInstancePermission.setName(RESOURCE_NAME + "Permission");
                resourceInstancePermission.setType("resource");
                Map<String, String> config = new HashMap<>();
                config.put("resources", JsonSerialization.writeValueAsString(Arrays.asList(resource.getId())));
                config.put("applyPolicies", JsonSerialization.writeValueAsString(Arrays.asList("Only Owner Policy")));
                resourceInstancePermission.setConfig(config);
                getAuthorizationResource().policies().create(resourceInstancePermission);
            } catch (IOException e) {
                throw new RuntimeException("Error creating policy.", e);
            }
        }
    });
    loginToClientPage(adminUser);
    clientPage.viewAlbum(RESOURCE_NAME, this::assertWasDenied);
    clientPage.deleteAlbum(RESOURCE_NAME, this::assertWasDenied);
    resourcesResource.resources().forEach(resource -> {
        if (resource.getName().equals(RESOURCE_NAME)) {
            resource.setScopes(resource.getScopes().stream().filter(scope -> !scope.getName().equals("album:view")).collect(Collectors.toSet()));
            resourcesResource.resource(resource.getId()).update(resource);
        }
    });
    loginToClientPage(adminUser);
    clientPage.viewAlbum(RESOURCE_NAME, this::assertWasNotDenied);
    clientPage.deleteAlbum(RESOURCE_NAME, this::assertWasDenied);
    loginToClientPage(aliceUser);
    clientPage.deleteAlbum(RESOURCE_NAME, this::assertWasNotDenied);
    List<ResourceRepresentation> resources = resourcesResource.resources();
    assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
}
Also used : PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) Arrays(java.util.Arrays) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) RoleResource(org.keycloak.admin.client.resource.RoleResource) Matchers.not(org.hamcrest.Matchers.not) UsersResource(org.keycloak.admin.client.resource.UsersResource) HashMap(java.util.HashMap) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) ResourcesResource(org.keycloak.admin.client.resource.ResourcesResource) Map(java.util.Map) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) UserResource(org.keycloak.admin.client.resource.UserResource) ClientResource(org.keycloak.admin.client.resource.ClientResource) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) Matchers.empty(org.hamcrest.Matchers.empty) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) Assert.assertTrue(org.junit.Assert.assertTrue) IOException(java.io.IOException) Test(org.junit.Test) Collectors(java.util.stream.Collectors) PoliciesResource(org.keycloak.admin.client.resource.PoliciesResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) JsonSerialization(org.keycloak.util.JsonSerialization) List(java.util.List) Assert.assertFalse(org.junit.Assert.assertFalse) Matchers.equalTo(org.hamcrest.Matchers.equalTo) Matchers.is(org.hamcrest.Matchers.is) Matchers.anyOf(org.hamcrest.Matchers.anyOf) Matchers.containsString(org.hamcrest.Matchers.containsString) UncaughtServerErrorExpected(org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected) HashMap(java.util.HashMap) Matchers.containsString(org.hamcrest.Matchers.containsString) IOException(java.io.IOException) ResourcesResource(org.keycloak.admin.client.resource.ResourcesResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Example 8 with ResourcesResource

use of org.keycloak.admin.client.resource.ResourcesResource in project keycloak by keycloak.

the class InvalidationCrossDCTest method authzResourceInvalidationTest.

@Test
public void authzResourceInvalidationTest() throws Exception {
    ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
    enableDcOnLoadBalancer(DC.FIRST);
    enableDcOnLoadBalancer(DC.SECOND);
    ResourcesResource resourcesDc0Resource = ApiUtil.findClientByClientId(getAdminClientForStartedNodeInDc(0).realms().realm(REALM_NAME), "test-app-authz").authorization().resources();
    ResourcesResource resourcesDc1Resource = ApiUtil.findClientByClientId(getAdminClientForStartedNodeInDc(1).realms().realm(REALM_NAME), "test-app-authz").authorization().resources();
    ResourceRepresentation resDc0 = resourcesDc0Resource.findByName("Premium Resource").get(0);
    ResourceRepresentation resDc1 = resourcesDc1Resource.findByName("Premium Resource").get(0);
    // Test same resource on both DCs
    Assert.assertEquals("/protected/premium/*", resDc0.getUri());
    Assert.assertEquals("/protected/premium/*", resDc1.getUri());
    // Update resource on DC0
    resDc0.setUri("/protected/ultra/premium/*");
    resourcesDc0Resource.resource(resDc0.getId()).update(resDc0);
    // Assert updated on both DC0 and DC1 (here retry is needed. We need to wait until invalidation message arrives)
    resDc0 = resourcesDc0Resource.findByName("Premium Resource").get(0);
    Assert.assertEquals("/protected/ultra/premium/*", resDc0.getUri());
    AtomicInteger i = new AtomicInteger(0);
    Retry.execute(() -> {
        i.incrementAndGet();
        ResourceRepresentation ressDc1 = resourcesDc1Resource.findByName("Premium Resource").get(0);
        Assert.assertEquals("/protected/ultra/premium/*", ressDc1.getUri());
    }, 50, 50);
    log.infof("authzResourceInvalidationTest: Passed after '%d' iterations", i.get());
}
Also used : AtomicInteger(java.util.concurrent.atomic.AtomicInteger) ResourcesResource(org.keycloak.admin.client.resource.ResourcesResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Example 9 with ResourcesResource

use of org.keycloak.admin.client.resource.ResourcesResource in project keycloak by keycloak.

the class GenericPolicyManagementTest method createResource.

private ResourceResource createResource(String name) {
    ResourceRepresentation newResource = new ResourceRepresentation();
    newResource.setName(name);
    ResourcesResource resources = getClientResource().authorization().resources();
    try (Response response = resources.create(newResource)) {
        assertEquals(Response.Status.CREATED.getStatusCode(), response.getStatus());
        ResourceRepresentation stored = response.readEntity(ResourceRepresentation.class);
        return resources.resource(stored.getId());
    }
}
Also used : Response(javax.ws.rs.core.Response) ResourcesResource(org.keycloak.admin.client.resource.ResourcesResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 10 with ResourcesResource

use of org.keycloak.admin.client.resource.ResourcesResource in project keycloak by keycloak.

the class PolicyEnforcerTest method testSetMethodConfigs.

@Test
public void testSetMethodConfigs() {
    ClientResource clientResource = getClientResource(RESOURCE_SERVER_CLIENT_ID);
    ResourceRepresentation representation = new ResourceRepresentation();
    representation.setName(KeycloakModelUtils.generateId());
    representation.setUris(Collections.singleton("/api-method/*"));
    ResourcesResource resources = clientResource.authorization().resources();
    javax.ws.rs.core.Response response = resources.create(representation);
    representation.setId(response.readEntity(ResourceRepresentation.class).getId());
    response.close();
    try {
        KeycloakDeployment deployment = KeycloakDeploymentBuilder.build(getAdapterConfiguration("enforcer-paths-use-method-config.json"));
        PolicyEnforcer policyEnforcer = deployment.getPolicyEnforcer();
        oauth.realm(REALM_NAME);
        oauth.clientId("public-client-test");
        oauth.doLogin("marta", "password");
        String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
        OAuthClient.AccessTokenResponse tokeResponse = oauth.doAccessTokenRequest(code, null);
        String token = tokeResponse.getAccessToken();
        AuthorizationContext context = policyEnforcer.enforce(createHttpFacade("/api-method/foo", token));
        // GET is disabled in the config
        assertTrue(context.isGranted());
        PolicyEnforcerConfig.PathConfig pathConfig = policyEnforcer.getPaths().get("/api-method/*");
        assertNotNull(pathConfig);
        List<PolicyEnforcerConfig.MethodConfig> methods = pathConfig.getMethods();
        assertEquals(1, methods.size());
        assertTrue(PolicyEnforcerConfig.ScopeEnforcementMode.DISABLED.equals(methods.get(0).getScopesEnforcementMode()));
        // other verbs should be protected
        context = policyEnforcer.enforce(createHttpFacade("/api-method/foo", token, "POST"));
        assertFalse(context.isGranted());
    } finally {
        resources.resource(representation.getId()).remove();
    }
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) AuthorizationContext(org.keycloak.AuthorizationContext) ResourcesResource(org.keycloak.admin.client.resource.ResourcesResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment) ClientResource(org.keycloak.admin.client.resource.ClientResource) PolicyEnforcer(org.keycloak.adapters.authorization.PolicyEnforcer) PolicyEnforcerConfig(org.keycloak.representations.adapters.config.PolicyEnforcerConfig) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Aggregations

ResourcesResource (org.keycloak.admin.client.resource.ResourcesResource)13 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)11 Test (org.junit.Test)5 Response (javax.ws.rs.core.Response)3 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)3 ClientResource (org.keycloak.admin.client.resource.ClientResource)3 PoliciesResource (org.keycloak.admin.client.resource.PoliciesResource)3 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)3 After (org.junit.After)2 Before (org.junit.Before)2 RolePoliciesResource (org.keycloak.admin.client.resource.RolePoliciesResource)2 RolesResource (org.keycloak.admin.client.resource.RolesResource)2 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)2 IOException (java.io.IOException)1 Arrays (java.util.Arrays)1 HashMap (java.util.HashMap)1 List (java.util.List)1 Map (java.util.Map)1 AtomicInteger (java.util.concurrent.atomic.AtomicInteger)1 Collectors (java.util.stream.Collectors)1