Search in sources :

Example 61 with AuthzClient

use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.

the class PermissionClaimTest method testPermissionWithClaims.

@Test
public void testPermissionWithClaims() throws Exception {
    ClientResource client = getClient(getRealm());
    AuthorizationResource authorization = client.authorization();
    ResourceRepresentation resource = new ResourceRepresentation("Resource A");
    authorization.resources().create(resource).close();
    ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
    permission.setName(resource.getName() + " Permission");
    permission.addResource(resource.getName());
    permission.addPolicy(claimAPolicy.getName());
    authorization.permissions().resource().create(permission).close();
    PermissionRequest request = new PermissionRequest();
    request.setResourceId(resource.getName());
    String accessToken = new OAuthClient().realm("authz-test").clientId("test-client").doGrantAccessTokenRequest("secret", "marta", "password").getAccessToken();
    AuthzClient authzClient = getAuthzClient();
    String ticket = authzClient.protection().permission().create(request).getTicket();
    AuthorizationResponse response = authzClient.authorization(accessToken).authorize(new AuthorizationRequest(ticket));
    assertNotNull(response.getToken());
    AccessToken rpt = toAccessToken(response.getToken());
    Authorization authorizationClaim = rpt.getAuthorization();
    List<Permission> permissions = new ArrayList<>(authorizationClaim.getPermissions());
    assertEquals(1, permissions.size());
    assertTrue(permissions.get(0).getClaims().get("claim-a").containsAll(Arrays.asList("claim-a", "claim-a1")));
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) OAuthClient(org.keycloak.testsuite.util.OAuthClient) ArrayList(java.util.ArrayList) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Authorization(org.keycloak.representations.AccessToken.Authorization) AuthzClient(org.keycloak.authorization.client.AuthzClient) AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) ClientResource(org.keycloak.admin.client.resource.ClientResource) Test(org.junit.Test)

Example 62 with AuthzClient

use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.

the class ResourceManagementWithAuthzClientTest method testFindMatchingUri.

@Test
public void testFindMatchingUri() {
    doCreateResource(new ResourceRepresentation("/*", Collections.emptySet(), "/*", null));
    doCreateResource(new ResourceRepresentation("/resources/*", Collections.emptySet(), "/resources/*", null));
    doCreateResource(new ResourceRepresentation("/resources-a/*", Collections.emptySet(), "/resources-a/*", null));
    doCreateResource(new ResourceRepresentation("/resources-b/{pattern}", Collections.emptySet(), "/resources-b/{pattern}", null));
    doCreateResource(new ResourceRepresentation("/resources-c/{pattern}/*", Collections.emptySet(), "/resources-c/{pattern}/*", null));
    doCreateResource(new ResourceRepresentation("/resources/{pattern}/{pattern}/*", Collections.emptySet(), "/resources/{pattern}/{pattern}/*", null));
    doCreateResource(new ResourceRepresentation("/resources/{pattern}/sub-resources/{pattern}/*", Collections.emptySet(), "/resources/{pattern}/sub-resources/{pattern}/*", null));
    doCreateResource(new ResourceRepresentation("/resources/{pattern}/sub-resource", Collections.emptySet(), "/resources/{pattern}/sub-resources/{pattern}/*", null));
    doCreateResource(new ResourceRepresentation("/rest/{version}/loader/loadTwo", Collections.emptySet(), "/rest/{version}/loader/loadTwo", null));
    doCreateResource(new ResourceRepresentation("/rest/{version}/loader/load", Collections.emptySet(), "/rest/{version}/loader/load", null));
    doCreateResource(new ResourceRepresentation("/rest/{version}/carts/{cartId}/cartactions/{actionId}", Collections.emptySet(), "/rest/{version}/carts/{cartId}/cartactions/{actionId}", null));
    doCreateResource(new ResourceRepresentation("/rest/v1/carts/{cartId}/cartactions/123", Collections.emptySet(), "/rest/v1/carts/{cartId}/cartactions/123", null));
    doCreateResource(new ResourceRepresentation("Dummy Name", Collections.emptySet(), new HashSet<>(Arrays.asList("/dummy/605dc7ff310256017a2ec84f", "/dummy/605dc7ff310256017a2ec84f/*")), null));
    AuthzClient authzClient = getAuthzClient();
    List<ResourceRepresentation> resources = authzClient.protection().resource().findByMatchingUri("/test");
    assertNotNull(resources);
    assertEquals(1, resources.size());
    assertEquals("/*", resources.get(0).getUri());
    resources = authzClient.protection().resource().findByMatchingUri("/resources-a/test");
    assertNotNull(resources);
    assertEquals(1, resources.size());
    assertEquals("/resources-a/*", resources.get(0).getUri());
    resources = authzClient.protection().resource().findByMatchingUri("/resources");
    assertNotNull(resources);
    assertEquals(1, resources.size());
    assertEquals("/resources/*", resources.get(0).getUri());
    resources = authzClient.protection().resource().findByMatchingUri("/resources/");
    assertNotNull(resources);
    assertEquals(1, resources.size());
    assertEquals("/resources/*", resources.get(0).getUri());
    resources = authzClient.protection().resource().findByMatchingUri("/resources-b/a");
    assertNotNull(resources);
    assertEquals(1, resources.size());
    assertEquals("/resources-b/{pattern}", resources.get(0).getUri());
    resources = authzClient.protection().resource().findByMatchingUri("/resources-c/a/b");
    assertNotNull(resources);
    assertEquals(1, resources.size());
    assertEquals("/resources-c/{pattern}/*", resources.get(0).getUri());
    resources = authzClient.protection().resource().findByMatchingUri("/resources/a/b/c");
    assertNotNull(resources);
    assertEquals(1, resources.size());
    assertEquals("/resources/{pattern}/{pattern}/*", resources.get(0).getUri());
    resources = authzClient.protection().resource().findByMatchingUri("/resources/a/sub-resources/c/d");
    assertNotNull(resources);
    assertEquals(1, resources.size());
    assertEquals("/resources/{pattern}/sub-resources/{pattern}/*", resources.get(0).getUri());
    resources = authzClient.protection().resource().findByMatchingUri("/rest/v1/loader/load");
    assertNotNull(resources);
    assertEquals(1, resources.size());
    assertEquals("/rest/{version}/loader/load", resources.get(0).getUri());
    resources = authzClient.protection().resource().findByMatchingUri("/rest/v2/carts/123/cartactions/123");
    assertNotNull(resources);
    assertEquals(1, resources.size());
    assertEquals("/rest/{version}/carts/{cartId}/cartactions/{actionId}", resources.get(0).getUri());
    resources = authzClient.protection().resource().findByMatchingUri("/rest/v2/carts/{cartId}/cartactions/123");
    assertNotNull(resources);
    assertEquals(1, resources.size());
    assertEquals("/rest/{version}/carts/{cartId}/cartactions/{actionId}", resources.get(0).getUri());
    resources = authzClient.protection().resource().findByMatchingUri("/rest/{version}/carts/123/cartactions/123");
    assertNotNull(resources);
    assertEquals(1, resources.size());
    assertEquals("/rest/{version}/carts/{cartId}/cartactions/{actionId}", resources.get(0).getUri());
    resources = authzClient.protection().resource().findByMatchingUri("/rest/{version}/carts/{cartId}/cartactions/123");
    assertNotNull(resources);
    assertEquals(1, resources.size());
    assertEquals("/rest/{version}/carts/{cartId}/cartactions/{actionId}", resources.get(0).getUri());
    resources = authzClient.protection().resource().findByMatchingUri("/rest/v1/carts/123/cartactions/123");
    assertNotNull(resources);
    assertEquals(1, resources.size());
    assertEquals("/rest/v1/carts/{cartId}/cartactions/123", resources.get(0).getUri());
    resources = authzClient.protection().resource().findByMatchingUri("/rest/v1/carts/{cartId}/cartactions/123");
    assertNotNull(resources);
    assertEquals(1, resources.size());
    assertEquals("/rest/v1/carts/{cartId}/cartactions/123", resources.get(0).getUri());
    resources = authzClient.protection().resource().findByMatchingUri("/rest/v1/carts/345/cartactions/123");
    assertNotNull(resources);
    assertEquals(1, resources.size());
    assertEquals("/rest/v1/carts/{cartId}/cartactions/123", resources.get(0).getUri());
    resources = authzClient.protection().resource().findByMatchingUri("/rest/v2/carts/345/cartactions/123");
    assertNotNull(resources);
    assertEquals(1, resources.size());
    assertEquals("/rest/{version}/carts/{cartId}/cartactions/{actionId}", resources.get(0).getUri());
    resources = authzClient.protection().resource().findByMatchingUri("/dummy/605dc7ff310256017a2ec84f/nestedObject/605dc7fe310256017a2ec84c");
    assertNotNull(resources);
    assertEquals(1, resources.size());
    assertEquals("Dummy Name", resources.get(0).getName());
}
Also used : AuthzClient(org.keycloak.authorization.client.AuthzClient) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 63 with AuthzClient

use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.

the class ResourceManagementWithAuthzClientTest method doUpdateResource.

@Override
protected ResourceRepresentation doUpdateResource(ResourceRepresentation resource) {
    AuthzClient authzClient = getAuthzClient();
    authzClient.protection().resource().update(toResourceRepresentation(resource));
    return toResourceRepresentation(authzClient, resource.getId());
}
Also used : AuthzClient(org.keycloak.authorization.client.AuthzClient)

Example 64 with AuthzClient

use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.

the class ResourceManagementWithAuthzClientTest method doCreateResource.

@Override
protected ResourceRepresentation doCreateResource(ResourceRepresentation newResource) {
    ResourceRepresentation resource = toResourceRepresentation(newResource);
    AuthzClient authzClient = getAuthzClient();
    ResourceRepresentation response = authzClient.protection().resource().create(resource);
    return toResourceRepresentation(authzClient, response.getId());
}
Also used : AuthzClient(org.keycloak.authorization.client.AuthzClient) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 65 with AuthzClient

use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.

the class AuthorizationAPITest method testAccessTokenWithUmaAuthorization.

public void testAccessTokenWithUmaAuthorization(String authzConfigFile) {
    AuthzClient authzClient = getAuthzClient(authzConfigFile);
    PermissionRequest request = new PermissionRequest("Resource A");
    String ticket = authzClient.protection().permission().create(request).getTicket();
    AuthorizationResponse response = authzClient.authorization("marta", "password").authorize(new AuthorizationRequest(ticket));
    assertNotNull(response.getToken());
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AuthzClient(org.keycloak.authorization.client.AuthzClient) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse)

Aggregations

AuthzClient (org.keycloak.authorization.client.AuthzClient)70 Test (org.junit.Test)60 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)50 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)43 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)40 PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)31 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)29 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)27 ClientResource (org.keycloak.admin.client.resource.ClientResource)26 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)22 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)20 Permission (org.keycloak.representations.idm.authorization.Permission)20 OAuthClient (org.keycloak.testsuite.util.OAuthClient)20 Response (javax.ws.rs.core.Response)18 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)17 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)17 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)16 ScopePermissionRepresentation (org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)16 AccessToken (org.keycloak.representations.AccessToken)14 ArrayList (java.util.ArrayList)12