Examples with AuthorizationProvider org.keycloak.authorization.AuthorizationProvider used on opensource projects

Search in sources :

Example 56 with AuthorizationProvider

use of org.keycloak.authorization.AuthorizationProvider in project keycloak by keycloak.

the class UserManagedPermissionServiceTest method testRemovePoliciesOnGroupDelete.

private static void testRemovePoliciesOnGroupDelete(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName("authz-test");
    ClientModel client = realm.getClientByClientId("resource-server-test");
    AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
    UserModel user = session.users().getUserByUsername(realm, "marta");
    Map<Policy.FilterOption, String[]> filters = new HashMap<>();
    filters.put(Policy.FilterOption.TYPE, new String[] { "uma" });
    filters.put(OWNER, new String[] { user.getId() });
    List<Policy> policies = provider.getStoreFactory().getPolicyStore().findByResourceServer(filters, client.getId(), -1, -1);
    assertEquals(1, policies.size());
    Policy policy = policies.get(0);
    assertFalse(policy.getResources().isEmpty());
    Resource resource = policy.getResources().iterator().next();
    assertEquals("Resource A", resource.getName());
    realm.removeGroup(realm.searchForGroupByNameStream("group_remove", -1, -1).findAny().get());
    filters = new HashMap<>();
    filters.put(OWNER, new String[] { user.getId() });
    policies = provider.getStoreFactory().getPolicyStore().findByResourceServer(filters, client.getId(), -1, -1);
    assertTrue(policies.isEmpty());
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) Policy(org.keycloak.authorization.model.Policy) ClientModel(org.keycloak.models.ClientModel) HashMap(java.util.HashMap) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) AuthorizationResource(org.keycloak.authorization.client.resource.AuthorizationResource) ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) PolicyResource(org.keycloak.authorization.client.resource.PolicyResource) Resource(org.keycloak.authorization.model.Resource)

Example 57 with AuthorizationProvider

use of org.keycloak.authorization.AuthorizationProvider in project keycloak by keycloak.

the class FineGrainAdminUnitTest method testUserPagination.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testUserPagination() {
    testingClient.server().run(session -> {
        RealmModel realm = session.realms().getRealmByName("test");
        session.getContext().setRealm(realm);
        GroupModel customerAGroup = session.groups().createGroup(realm, "Customer A");
        UserModel customerAManager = session.users().addUser(realm, "customer-a-manager");
        session.userCredentialManager().updateCredential(realm, customerAManager, UserCredentialModel.password("password"));
        ClientModel realmAdminClient = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
        customerAManager.grantRole(realmAdminClient.getRole(AdminRoles.QUERY_USERS));
        customerAManager.setEnabled(true);
        UserModel regularAdminUser = session.users().addUser(realm, "regular-admin-user");
        session.userCredentialManager().updateCredential(realm, regularAdminUser, UserCredentialModel.password("password"));
        regularAdminUser.grantRole(realmAdminClient.getRole(AdminRoles.VIEW_USERS));
        regularAdminUser.setEnabled(true);
        AdminPermissionManagement management = AdminPermissions.management(session, realm);
        GroupPermissionManagement groupPermission = management.groups();
        groupPermission.setPermissionsEnabled(customerAGroup, true);
        UserPolicyRepresentation userPolicyRepresentation = new UserPolicyRepresentation();
        userPolicyRepresentation.setName("Only " + customerAManager.getUsername());
        userPolicyRepresentation.addUser(customerAManager.getId());
        Policy policy = groupPermission.viewMembersPermission(customerAGroup);
        AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
        Policy userPolicy = provider.getStoreFactory().getPolicyStore().create(userPolicyRepresentation, management.realmResourceServer());
        policy.addAssociatedPolicy(RepresentationToModel.toModel(userPolicyRepresentation, provider, userPolicy));
        for (int i = 0; i < 20; i++) {
            UserModel userModel = session.users().addUser(realm, "a" + i);
            userModel.setFirstName("test");
        }
        for (int i = 20; i < 40; i++) {
            UserModel userModel = session.users().addUser(realm, "b" + i);
            userModel.setFirstName("test");
            userModel.joinGroup(customerAGroup);
        }
    });
    try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", "test", "customer-a-manager", "password", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
        List<UserRepresentation> result = client.realm("test").users().search(null, "test", null, null, -1, 20);
        Assert.assertEquals(20, result.size());
        Assert.assertThat(result, Matchers.everyItem(Matchers.hasProperty("username", Matchers.startsWith("b"))));
        result = client.realm("test").users().search(null, "test", null, null, 20, 40);
        Assert.assertEquals(0, result.size());
    }
    try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", "test", "regular-admin-user", "password", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
        List<UserRepresentation> result = client.realm("test").users().search(null, "test", null, null, -1, 20);
        Assert.assertEquals(20, result.size());
        Assert.assertThat(result, Matchers.everyItem(Matchers.hasProperty("username", Matchers.startsWith("a"))));
        client.realm("test").users().search(null, null, null, null, -1, -1);
        Assert.assertEquals(20, result.size());
        Assert.assertThat(result, Matchers.everyItem(Matchers.hasProperty("username", Matchers.startsWith("a"))));
    }
    try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", "test", "customer-a-manager", "password", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
        List<UserRepresentation> result = client.realm("test").users().search(null, null, null, null, -1, 20);
        Assert.assertEquals(20, result.size());
        Assert.assertThat(result, Matchers.everyItem(Matchers.hasProperty("username", Matchers.startsWith("b"))));
        result = client.realm("test").users().search("test", -1, 20, false);
        Assert.assertEquals(20, result.size());
        Assert.assertThat(result, Matchers.everyItem(Matchers.hasProperty("username", Matchers.startsWith("b"))));
        result = client.realm("test").users().search("a", -1, 20, false);
        Assert.assertEquals(0, result.size());
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) GroupModel(org.keycloak.models.GroupModel) RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) ClientModel(org.keycloak.models.ClientModel) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) Keycloak(org.keycloak.admin.client.Keycloak) GroupPermissionManagement(org.keycloak.services.resources.admin.permissions.GroupPermissionManagement) AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 58 with AuthorizationProvider

use of org.keycloak.authorization.AuthorizationProvider in project keycloak by keycloak.

the class FineGrainAdminUnitTest method testClientsSearch.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testClientsSearch() {
    testingClient.server().run(session -> {
        RealmModel realm = session.realms().getRealmByName("test");
        session.getContext().setRealm(realm);
        ClientModel realmAdminClient = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
        UserModel regularAdminUser = session.users().addUser(realm, "regular-admin-user");
        session.userCredentialManager().updateCredential(realm, regularAdminUser, UserCredentialModel.password("password"));
        regularAdminUser.grantRole(realmAdminClient.getRole(AdminRoles.QUERY_CLIENTS));
        regularAdminUser.setEnabled(true);
        UserPolicyRepresentation userPolicyRepresentation = new UserPolicyRepresentation();
        userPolicyRepresentation.setName("Only " + regularAdminUser.getUsername());
        userPolicyRepresentation.addUser(regularAdminUser.getId());
        for (int i = 0; i < 30; i++) {
            realm.addClient("client-search-" + (i < 10 ? "0" + i : i));
        }
        AdminPermissionManagement management = AdminPermissions.management(session, realm);
        ClientPermissionManagement clientPermission = management.clients();
        ClientModel clientModel = realm.getClientByClientId("client-search-09");
        clientPermission.setPermissionsEnabled(clientModel, true);
        Policy policy = clientPermission.viewPermission(clientModel);
        AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
        Policy userPolicy = provider.getStoreFactory().getPolicyStore().create(userPolicyRepresentation, management.realmResourceServer());
        policy.addAssociatedPolicy(RepresentationToModel.toModel(userPolicyRepresentation, provider, userPolicy));
    });
    try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", "test", "regular-admin-user", "password", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
        List<ClientRepresentation> result = client.realm("test").clients().findAll("client-search-", true, true, 0, 5);
        Assert.assertEquals(1, result.size());
        Assert.assertEquals("client-search-09", result.get(0).getClientId());
    }
    testingClient.server().run(session -> {
        RealmModel realm = session.realms().getRealmByName("test");
        session.getContext().setRealm(realm);
        AdminPermissionManagement management = AdminPermissions.management(session, realm);
        ClientPermissionManagement clientPermission = management.clients();
        ClientModel clientModel = realm.getClientByClientId("client-search-10");
        clientPermission.setPermissionsEnabled(clientModel, true);
        Policy policy = clientPermission.viewPermission(clientModel);
        AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
        ClientModel realmAdminClient = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
        policy.addAssociatedPolicy(provider.getStoreFactory().getPolicyStore().findByName("Only regular-admin-user", realmAdminClient.getId()));
    });
    try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", "test", "regular-admin-user", "password", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
        List<ClientRepresentation> result = client.realm("test").clients().findAll("client-search-", true, true, -1, -1);
        Assert.assertEquals(2, result.size());
    }
    try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", "test", "regular-admin-user", "password", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
        List<ClientRepresentation> result = client.realm("test").clients().findAll(null, true, false, 0, 5);
        Assert.assertEquals(2, result.size());
    }
    try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", "test", "regular-admin-user", "password", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
        List<ClientRepresentation> result = client.realm("test").clients().findAll(null, true, false, 0, 1);
        Assert.assertEquals(1, result.size());
        Assert.assertThat(result, Matchers.hasItem(Matchers.hasProperty("clientId", Matchers.is("client-search-09"))));
        result = client.realm("test").clients().findAll(null, true, false, 1, 1);
        Assert.assertThat(result, Matchers.hasItem(Matchers.hasProperty("clientId", Matchers.is("client-search-10"))));
        Assert.assertEquals(1, result.size());
        result = client.realm("test").clients().findAll(null, true, false, 2, 1);
        Assert.assertTrue(result.isEmpty());
    }
    try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", "test", "regular-admin-user", "password", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
        List<ClientRepresentation> result = client.realm("test").clients().findAll(null, true, false, -1, -1);
        Assert.assertEquals(2, result.size());
    }
    testingClient.server().run(session -> {
        RealmModel realm = session.realms().getRealmByName("test");
        session.getContext().setRealm(realm);
        AdminPermissionManagement management = AdminPermissions.management(session, realm);
        ClientPermissionManagement clientPermission = management.clients();
        for (int i = 11; i < 30; i++) {
            ClientModel clientModel = realm.getClientByClientId("client-search-" + i);
            clientPermission.setPermissionsEnabled(clientModel, true);
            Policy policy = clientPermission.viewPermission(clientModel);
            AuthorizationProvider provider = session.getProvider(AuthorizationProvider.class);
            ClientModel realmAdminClient = realm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID);
            policy.addAssociatedPolicy(provider.getStoreFactory().getPolicyStore().findByName("Only regular-admin-user", realmAdminClient.getId()));
        }
    });
    try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", "test", "regular-admin-user", "password", Constants.ADMIN_CLI_CLIENT_ID, TLSUtils.initializeTLS())) {
        List<ClientRepresentation> clients = new ArrayList<>();
        List<ClientRepresentation> result = client.realm("test").clients().findAll("client-search-", true, true, 0, 10);
        clients.addAll(result);
        Assert.assertEquals(10, result.size());
        Assert.assertThat(result.stream().map(rep -> rep.getClientId()).collect(Collectors.toList()), Matchers.is(Arrays.asList("client-search-09", "client-search-10", "client-search-11", "client-search-12", "client-search-13", "client-search-14", "client-search-15", "client-search-16", "client-search-17", "client-search-18")));
        result = client.realm("test").clients().findAll("client-search-", true, true, 10, 10);
        clients.addAll(result);
        Assert.assertEquals(10, result.size());
        Assert.assertThat(result.stream().map(rep -> rep.getClientId()).collect(Collectors.toList()), Matchers.is(Arrays.asList("client-search-19", "client-search-20", "client-search-21", "client-search-22", "client-search-23", "client-search-24", "client-search-25", "client-search-26", "client-search-27", "client-search-28")));
        result = client.realm("test").clients().findAll("client-search-", true, true, 20, 10);
        clients.addAll(result);
        Assert.assertEquals(1, result.size());
        Assert.assertThat(result, Matchers.hasItems(Matchers.hasProperty("clientId", Matchers.isOneOf("client-search-29"))));
    }
}
Also used : Policy(org.keycloak.authorization.model.Policy) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) ArrayList(java.util.ArrayList) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) ClientModel(org.keycloak.models.ClientModel) ClientPermissionManagement(org.keycloak.services.resources.admin.permissions.ClientPermissionManagement) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) Keycloak(org.keycloak.admin.client.Keycloak) AdminPermissionManagement(org.keycloak.services.resources.admin.permissions.AdminPermissionManagement) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 59 with AuthorizationProvider

use of org.keycloak.authorization.AuthorizationProvider in project keycloak by keycloak.

the class RepresentationToModel method importAuthorizationSettings.

public static void importAuthorizationSettings(ClientRepresentation clientRepresentation, ClientModel client, KeycloakSession session) {
    if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION) && Boolean.TRUE.equals(clientRepresentation.getAuthorizationServicesEnabled())) {
        AuthorizationProviderFactory authorizationFactory = (AuthorizationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class);
        AuthorizationProvider authorization = authorizationFactory.create(session, client.getRealm());
        client.setServiceAccountsEnabled(true);
        client.setBearerOnly(false);
        client.setPublicClient(false);
        ResourceServerRepresentation rep = clientRepresentation.getAuthorizationSettings();
        if (rep == null) {
            rep = new ResourceServerRepresentation();
        }
        rep.setClientId(client.getId());
        toModel(rep, authorization, client);
    }
}
Also used : ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) AuthorizationProviderFactory(org.keycloak.authorization.AuthorizationProviderFactory)

Example 60 with AuthorizationProvider

use of org.keycloak.authorization.AuthorizationProvider in project keycloak by keycloak.

the class ModelToRepresentation method toRepresentation.

public static ClientRepresentation toRepresentation(ClientModel clientModel, KeycloakSession session) {
    ClientRepresentation rep = new ClientRepresentation();
    rep.setId(clientModel.getId());
    String providerId = StorageId.resolveProviderId(clientModel);
    rep.setOrigin(providerId);
    rep.setClientId(clientModel.getClientId());
    rep.setName(clientModel.getName());
    rep.setDescription(clientModel.getDescription());
    rep.setEnabled(clientModel.isEnabled());
    rep.setAlwaysDisplayInConsole(clientModel.isAlwaysDisplayInConsole());
    rep.setAdminUrl(clientModel.getManagementUrl());
    rep.setPublicClient(clientModel.isPublicClient());
    rep.setFrontchannelLogout(clientModel.isFrontchannelLogout());
    rep.setProtocol(clientModel.getProtocol());
    rep.setAttributes(clientModel.getAttributes());
    rep.setAuthenticationFlowBindingOverrides(clientModel.getAuthenticationFlowBindingOverrides());
    rep.setFullScopeAllowed(clientModel.isFullScopeAllowed());
    rep.setBearerOnly(clientModel.isBearerOnly());
    rep.setConsentRequired(clientModel.isConsentRequired());
    rep.setStandardFlowEnabled(clientModel.isStandardFlowEnabled());
    rep.setImplicitFlowEnabled(clientModel.isImplicitFlowEnabled());
    rep.setDirectAccessGrantsEnabled(clientModel.isDirectAccessGrantsEnabled());
    rep.setServiceAccountsEnabled(clientModel.isServiceAccountsEnabled());
    rep.setSurrogateAuthRequired(clientModel.isSurrogateAuthRequired());
    rep.setRootUrl(clientModel.getRootUrl());
    rep.setBaseUrl(clientModel.getBaseUrl());
    rep.setNotBefore(clientModel.getNotBefore());
    rep.setNodeReRegistrationTimeout(clientModel.getNodeReRegistrationTimeout());
    rep.setClientAuthenticatorType(clientModel.getClientAuthenticatorType());
    rep.setDefaultClientScopes(new LinkedList<>(clientModel.getClientScopes(true).keySet()));
    rep.setOptionalClientScopes(new LinkedList<>(clientModel.getClientScopes(false).keySet()));
    Set<String> redirectUris = clientModel.getRedirectUris();
    if (redirectUris != null) {
        rep.setRedirectUris(new LinkedList<>(redirectUris));
    }
    Set<String> webOrigins = clientModel.getWebOrigins();
    if (webOrigins != null) {
        rep.setWebOrigins(new LinkedList<>(webOrigins));
    }
    if (!clientModel.getRegisteredNodes().isEmpty()) {
        rep.setRegisteredNodes(new HashMap<>(clientModel.getRegisteredNodes()));
    }
    List<ProtocolMapperRepresentation> mappings = clientModel.getProtocolMappersStream().map(ModelToRepresentation::toRepresentation).collect(Collectors.toList());
    if (!mappings.isEmpty())
        rep.setProtocolMappers(mappings);
    if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
        AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
        ResourceServer resourceServer = authorization.getStoreFactory().getResourceServerStore().findByClient(clientModel);
        if (resourceServer != null) {
            rep.setAuthorizationServicesEnabled(true);
        }
    }
    return rep;
}
Also used : AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider) ResourceServer(org.keycloak.authorization.model.ResourceServer)

Aggregations

AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)60 Policy (org.keycloak.authorization.model.Policy)35 ClientModel (org.keycloak.models.ClientModel)35 ResourceServer (org.keycloak.authorization.model.ResourceServer)30 StoreFactory (org.keycloak.authorization.store.StoreFactory)24 RealmModel (org.keycloak.models.RealmModel)23 HashMap (java.util.HashMap)18 UserModel (org.keycloak.models.UserModel)18 Resource (org.keycloak.authorization.model.Resource)16 PolicyProvider (org.keycloak.authorization.policy.provider.PolicyProvider)15 ArrayList (java.util.ArrayList)14 Map (java.util.Map)14 Scope (org.keycloak.authorization.model.Scope)13 List (java.util.List)12 DefaultEvaluation (org.keycloak.authorization.policy.evaluation.DefaultEvaluation)12 KeycloakSession (org.keycloak.models.KeycloakSession)12 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)11 Set (java.util.Set)10 Collectors (java.util.stream.Collectors)10 HashSet (java.util.HashSet)9
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial