Search in sources :

Example 16 with AuthorizationDeniedException

use of org.keycloak.authorization.client.AuthorizationDeniedException in project keycloak by keycloak.

the class UserManagedAccessTest method testPermissiveModePermissions.

@Test
public void testPermissiveModePermissions() throws Exception {
    resource = addResource("Resource A");
    try {
        authorize("kolo", "password", resource.getId(), null);
        fail("Access should be denied, server in enforcing mode");
    } catch (AuthorizationDeniedException ade) {
    }
    AuthorizationResource authorizationResource = getClient(getRealm()).authorization();
    ResourceServerRepresentation settings = authorizationResource.getSettings();
    settings.setPolicyEnforcementMode(PolicyEnforcementMode.PERMISSIVE);
    authorizationResource.update(settings);
    AuthorizationResponse response = authorize("marta", "password", "Resource A", null);
    String rpt = response.getToken();
    assertNotNull(rpt);
    assertFalse(response.isUpgraded());
    AccessToken accessToken = toAccessToken(rpt);
    AccessToken.Authorization authorization = accessToken.getAuthorization();
    assertNotNull(authorization);
    Collection<Permission> permissions = authorization.getPermissions();
    assertNotNull(permissions);
    assertPermissions(permissions, "Resource A");
    assertTrue(permissions.isEmpty());
}
Also used : AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException) ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 17 with AuthorizationDeniedException

use of org.keycloak.authorization.client.AuthorizationDeniedException in project keycloak by keycloak.

the class RegexPolicyTest method testWithoutExpectedUserAttribute.

@Test
public void testWithoutExpectedUserAttribute() {
    // Access Resource A with taro.
    AuthzClient authzClient = getAuthzClient();
    PermissionRequest request = new PermissionRequest("Resource A");
    String ticket = authzClient.protection().permission().create(request).getTicket();
    try {
        authzClient.authorization("taro", "password").authorize(new AuthorizationRequest(ticket));
        fail("Should fail.");
    } catch (AuthorizationDeniedException ignore) {
    }
    // Access Resource B with taro.
    request = new PermissionRequest("Resource B");
    ticket = authzClient.protection().permission().create(request).getTicket();
    try {
        authzClient.authorization("taro", "password").authorize(new AuthorizationRequest(ticket));
        fail("Should fail.");
    } catch (AuthorizationDeniedException ignore) {
    }
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException) AuthzClient(org.keycloak.authorization.client.AuthzClient) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) Test(org.junit.Test)

Aggregations

AuthorizationDeniedException (org.keycloak.authorization.client.AuthorizationDeniedException)17 Test (org.junit.Test)16 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)13 AccessToken (org.keycloak.representations.AccessToken)9 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)9 Permission (org.keycloak.representations.idm.authorization.Permission)9 AuthzClient (org.keycloak.authorization.client.AuthzClient)7 PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)7 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)7 PermissionTicketRepresentation (org.keycloak.representations.idm.authorization.PermissionTicketRepresentation)6 PermissionResource (org.keycloak.authorization.client.resource.PermissionResource)4 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)3 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)3 RealmResource (org.keycloak.admin.client.resource.RealmResource)2 GroupRepresentation (org.keycloak.representations.idm.GroupRepresentation)2 ArrayList (java.util.ArrayList)1 KeycloakSecurityContext (org.keycloak.KeycloakSecurityContext)1 KeycloakDeployment (org.keycloak.adapters.KeycloakDeployment)1 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)1 ClientResource (org.keycloak.admin.client.resource.ClientResource)1