use of org.keycloak.authorization.client.AuthorizationDeniedException in project keycloak by keycloak.
the class UserManagedAccessTest method testPermissiveModePermissions.
@Test
public void testPermissiveModePermissions() throws Exception {
resource = addResource("Resource A");
try {
authorize("kolo", "password", resource.getId(), null);
fail("Access should be denied, server in enforcing mode");
} catch (AuthorizationDeniedException ade) {
}
AuthorizationResource authorizationResource = getClient(getRealm()).authorization();
ResourceServerRepresentation settings = authorizationResource.getSettings();
settings.setPolicyEnforcementMode(PolicyEnforcementMode.PERMISSIVE);
authorizationResource.update(settings);
AuthorizationResponse response = authorize("marta", "password", "Resource A", null);
String rpt = response.getToken();
assertNotNull(rpt);
assertFalse(response.isUpgraded());
AccessToken accessToken = toAccessToken(rpt);
AccessToken.Authorization authorization = accessToken.getAuthorization();
assertNotNull(authorization);
Collection<Permission> permissions = authorization.getPermissions();
assertNotNull(permissions);
assertPermissions(permissions, "Resource A");
assertTrue(permissions.isEmpty());
}
use of org.keycloak.authorization.client.AuthorizationDeniedException in project keycloak by keycloak.
the class RegexPolicyTest method testWithoutExpectedUserAttribute.
@Test
public void testWithoutExpectedUserAttribute() {
// Access Resource A with taro.
AuthzClient authzClient = getAuthzClient();
PermissionRequest request = new PermissionRequest("Resource A");
String ticket = authzClient.protection().permission().create(request).getTicket();
try {
authzClient.authorization("taro", "password").authorize(new AuthorizationRequest(ticket));
fail("Should fail.");
} catch (AuthorizationDeniedException ignore) {
}
// Access Resource B with taro.
request = new PermissionRequest("Resource B");
ticket = authzClient.protection().permission().create(request).getTicket();
try {
authzClient.authorization("taro", "password").authorize(new AuthorizationRequest(ticket));
fail("Should fail.");
} catch (AuthorizationDeniedException ignore) {
}
}
Aggregations