use of org.keycloak.admin.client.resource.ResourcesResource in project keycloak by keycloak.
the class ResourceManagementTest method doCreateResource.
protected ResourceRepresentation doCreateResource(ResourceRepresentation newResource) {
ResourcesResource resources = getClientResource().authorization().resources();
try (Response response = resources.create(newResource)) {
int status = response.getStatus();
if (status != Response.Status.CREATED.getStatusCode()) {
throw new RuntimeException(new HttpResponseException("Error", status, "", null));
}
ResourceRepresentation stored = response.readEntity(ResourceRepresentation.class);
return resources.resource(stored.getId()).toRepresentation();
}
}
use of org.keycloak.admin.client.resource.ResourcesResource in project keycloak by keycloak.
the class AbstractPhotozExampleAdapterTest method testInheritPermissionFromResourceParent.
@Test
public void testInheritPermissionFromResourceParent() throws Exception {
loginToClientPage(aliceUser);
final String RESOURCE_NAME = "My-Resource-Instance";
clientPage.createAlbum(RESOURCE_NAME);
clientPage.viewAlbum(RESOURCE_NAME, this::assertWasNotDenied);
clientPage.deleteAlbum(RESOURCE_NAME, this::assertWasNotDenied);
clientPage.createAlbum(RESOURCE_NAME);
loginToClientPage(adminUser);
clientPage.navigateToAdminAlbum(this::assertWasNotDenied);
clientPage.viewAlbum(RESOURCE_NAME, this::assertWasNotDenied);
clientPage.deleteAlbum(RESOURCE_NAME, this::assertWasNotDenied);
loginToClientPage(aliceUser);
clientPage.createAlbum(RESOURCE_NAME);
ResourcesResource resourcesResource = getAuthorizationResource().resources();
resourcesResource.resources().forEach(resource -> {
if (resource.getName().equals(RESOURCE_NAME)) {
try {
PolicyRepresentation resourceInstancePermission = new PolicyRepresentation();
resourceInstancePermission.setName(RESOURCE_NAME + "Permission");
resourceInstancePermission.setType("resource");
Map<String, String> config = new HashMap<>();
config.put("resources", JsonSerialization.writeValueAsString(Arrays.asList(resource.getId())));
config.put("applyPolicies", JsonSerialization.writeValueAsString(Arrays.asList("Only Owner Policy")));
resourceInstancePermission.setConfig(config);
getAuthorizationResource().policies().create(resourceInstancePermission);
} catch (IOException e) {
throw new RuntimeException("Error creating policy.", e);
}
}
});
loginToClientPage(adminUser);
clientPage.viewAlbum(RESOURCE_NAME, this::assertWasDenied);
clientPage.deleteAlbum(RESOURCE_NAME, this::assertWasDenied);
resourcesResource.resources().forEach(resource -> {
if (resource.getName().equals(RESOURCE_NAME)) {
resource.setScopes(resource.getScopes().stream().filter(scope -> !scope.getName().equals("album:view")).collect(Collectors.toSet()));
resourcesResource.resource(resource.getId()).update(resource);
}
});
loginToClientPage(adminUser);
clientPage.viewAlbum(RESOURCE_NAME, this::assertWasNotDenied);
clientPage.deleteAlbum(RESOURCE_NAME, this::assertWasDenied);
loginToClientPage(aliceUser);
clientPage.deleteAlbum(RESOURCE_NAME, this::assertWasNotDenied);
List<ResourceRepresentation> resources = resourcesResource.resources();
assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
}
use of org.keycloak.admin.client.resource.ResourcesResource in project keycloak by keycloak.
the class InvalidationCrossDCTest method authzResourceInvalidationTest.
@Test
public void authzResourceInvalidationTest() throws Exception {
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
enableDcOnLoadBalancer(DC.FIRST);
enableDcOnLoadBalancer(DC.SECOND);
ResourcesResource resourcesDc0Resource = ApiUtil.findClientByClientId(getAdminClientForStartedNodeInDc(0).realms().realm(REALM_NAME), "test-app-authz").authorization().resources();
ResourcesResource resourcesDc1Resource = ApiUtil.findClientByClientId(getAdminClientForStartedNodeInDc(1).realms().realm(REALM_NAME), "test-app-authz").authorization().resources();
ResourceRepresentation resDc0 = resourcesDc0Resource.findByName("Premium Resource").get(0);
ResourceRepresentation resDc1 = resourcesDc1Resource.findByName("Premium Resource").get(0);
// Test same resource on both DCs
Assert.assertEquals("/protected/premium/*", resDc0.getUri());
Assert.assertEquals("/protected/premium/*", resDc1.getUri());
// Update resource on DC0
resDc0.setUri("/protected/ultra/premium/*");
resourcesDc0Resource.resource(resDc0.getId()).update(resDc0);
// Assert updated on both DC0 and DC1 (here retry is needed. We need to wait until invalidation message arrives)
resDc0 = resourcesDc0Resource.findByName("Premium Resource").get(0);
Assert.assertEquals("/protected/ultra/premium/*", resDc0.getUri());
AtomicInteger i = new AtomicInteger(0);
Retry.execute(() -> {
i.incrementAndGet();
ResourceRepresentation ressDc1 = resourcesDc1Resource.findByName("Premium Resource").get(0);
Assert.assertEquals("/protected/ultra/premium/*", ressDc1.getUri());
}, 50, 50);
log.infof("authzResourceInvalidationTest: Passed after '%d' iterations", i.get());
}
use of org.keycloak.admin.client.resource.ResourcesResource in project keycloak by keycloak.
the class GenericPolicyManagementTest method createResource.
private ResourceResource createResource(String name) {
ResourceRepresentation newResource = new ResourceRepresentation();
newResource.setName(name);
ResourcesResource resources = getClientResource().authorization().resources();
try (Response response = resources.create(newResource)) {
assertEquals(Response.Status.CREATED.getStatusCode(), response.getStatus());
ResourceRepresentation stored = response.readEntity(ResourceRepresentation.class);
return resources.resource(stored.getId());
}
}
use of org.keycloak.admin.client.resource.ResourcesResource in project keycloak by keycloak.
the class PolicyEnforcerTest method testSetMethodConfigs.
@Test
public void testSetMethodConfigs() {
ClientResource clientResource = getClientResource(RESOURCE_SERVER_CLIENT_ID);
ResourceRepresentation representation = new ResourceRepresentation();
representation.setName(KeycloakModelUtils.generateId());
representation.setUris(Collections.singleton("/api-method/*"));
ResourcesResource resources = clientResource.authorization().resources();
javax.ws.rs.core.Response response = resources.create(representation);
representation.setId(response.readEntity(ResourceRepresentation.class).getId());
response.close();
try {
KeycloakDeployment deployment = KeycloakDeploymentBuilder.build(getAdapterConfiguration("enforcer-paths-use-method-config.json"));
PolicyEnforcer policyEnforcer = deployment.getPolicyEnforcer();
oauth.realm(REALM_NAME);
oauth.clientId("public-client-test");
oauth.doLogin("marta", "password");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
OAuthClient.AccessTokenResponse tokeResponse = oauth.doAccessTokenRequest(code, null);
String token = tokeResponse.getAccessToken();
AuthorizationContext context = policyEnforcer.enforce(createHttpFacade("/api-method/foo", token));
// GET is disabled in the config
assertTrue(context.isGranted());
PolicyEnforcerConfig.PathConfig pathConfig = policyEnforcer.getPaths().get("/api-method/*");
assertNotNull(pathConfig);
List<PolicyEnforcerConfig.MethodConfig> methods = pathConfig.getMethods();
assertEquals(1, methods.size());
assertTrue(PolicyEnforcerConfig.ScopeEnforcementMode.DISABLED.equals(methods.get(0).getScopesEnforcementMode()));
// other verbs should be protected
context = policyEnforcer.enforce(createHttpFacade("/api-method/foo", token, "POST"));
assertFalse(context.isGranted());
} finally {
resources.resource(representation.getId()).remove();
}
}
Aggregations