use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.
the class PermissionClaimTest method testPermissionWithClaims.
@Test
public void testPermissionWithClaims() throws Exception {
ClientResource client = getClient(getRealm());
AuthorizationResource authorization = client.authorization();
ResourceRepresentation resource = new ResourceRepresentation("Resource A");
authorization.resources().create(resource).close();
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
permission.setName(resource.getName() + " Permission");
permission.addResource(resource.getName());
permission.addPolicy(claimAPolicy.getName());
authorization.permissions().resource().create(permission).close();
PermissionRequest request = new PermissionRequest();
request.setResourceId(resource.getName());
String accessToken = new OAuthClient().realm("authz-test").clientId("test-client").doGrantAccessTokenRequest("secret", "marta", "password").getAccessToken();
AuthzClient authzClient = getAuthzClient();
String ticket = authzClient.protection().permission().create(request).getTicket();
AuthorizationResponse response = authzClient.authorization(accessToken).authorize(new AuthorizationRequest(ticket));
assertNotNull(response.getToken());
AccessToken rpt = toAccessToken(response.getToken());
Authorization authorizationClaim = rpt.getAuthorization();
List<Permission> permissions = new ArrayList<>(authorizationClaim.getPermissions());
assertEquals(1, permissions.size());
assertTrue(permissions.get(0).getClaims().get("claim-a").containsAll(Arrays.asList("claim-a", "claim-a1")));
}
use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.
the class ResourceManagementWithAuthzClientTest method testFindMatchingUri.
@Test
public void testFindMatchingUri() {
doCreateResource(new ResourceRepresentation("/*", Collections.emptySet(), "/*", null));
doCreateResource(new ResourceRepresentation("/resources/*", Collections.emptySet(), "/resources/*", null));
doCreateResource(new ResourceRepresentation("/resources-a/*", Collections.emptySet(), "/resources-a/*", null));
doCreateResource(new ResourceRepresentation("/resources-b/{pattern}", Collections.emptySet(), "/resources-b/{pattern}", null));
doCreateResource(new ResourceRepresentation("/resources-c/{pattern}/*", Collections.emptySet(), "/resources-c/{pattern}/*", null));
doCreateResource(new ResourceRepresentation("/resources/{pattern}/{pattern}/*", Collections.emptySet(), "/resources/{pattern}/{pattern}/*", null));
doCreateResource(new ResourceRepresentation("/resources/{pattern}/sub-resources/{pattern}/*", Collections.emptySet(), "/resources/{pattern}/sub-resources/{pattern}/*", null));
doCreateResource(new ResourceRepresentation("/resources/{pattern}/sub-resource", Collections.emptySet(), "/resources/{pattern}/sub-resources/{pattern}/*", null));
doCreateResource(new ResourceRepresentation("/rest/{version}/loader/loadTwo", Collections.emptySet(), "/rest/{version}/loader/loadTwo", null));
doCreateResource(new ResourceRepresentation("/rest/{version}/loader/load", Collections.emptySet(), "/rest/{version}/loader/load", null));
doCreateResource(new ResourceRepresentation("/rest/{version}/carts/{cartId}/cartactions/{actionId}", Collections.emptySet(), "/rest/{version}/carts/{cartId}/cartactions/{actionId}", null));
doCreateResource(new ResourceRepresentation("/rest/v1/carts/{cartId}/cartactions/123", Collections.emptySet(), "/rest/v1/carts/{cartId}/cartactions/123", null));
doCreateResource(new ResourceRepresentation("Dummy Name", Collections.emptySet(), new HashSet<>(Arrays.asList("/dummy/605dc7ff310256017a2ec84f", "/dummy/605dc7ff310256017a2ec84f/*")), null));
AuthzClient authzClient = getAuthzClient();
List<ResourceRepresentation> resources = authzClient.protection().resource().findByMatchingUri("/test");
assertNotNull(resources);
assertEquals(1, resources.size());
assertEquals("/*", resources.get(0).getUri());
resources = authzClient.protection().resource().findByMatchingUri("/resources-a/test");
assertNotNull(resources);
assertEquals(1, resources.size());
assertEquals("/resources-a/*", resources.get(0).getUri());
resources = authzClient.protection().resource().findByMatchingUri("/resources");
assertNotNull(resources);
assertEquals(1, resources.size());
assertEquals("/resources/*", resources.get(0).getUri());
resources = authzClient.protection().resource().findByMatchingUri("/resources/");
assertNotNull(resources);
assertEquals(1, resources.size());
assertEquals("/resources/*", resources.get(0).getUri());
resources = authzClient.protection().resource().findByMatchingUri("/resources-b/a");
assertNotNull(resources);
assertEquals(1, resources.size());
assertEquals("/resources-b/{pattern}", resources.get(0).getUri());
resources = authzClient.protection().resource().findByMatchingUri("/resources-c/a/b");
assertNotNull(resources);
assertEquals(1, resources.size());
assertEquals("/resources-c/{pattern}/*", resources.get(0).getUri());
resources = authzClient.protection().resource().findByMatchingUri("/resources/a/b/c");
assertNotNull(resources);
assertEquals(1, resources.size());
assertEquals("/resources/{pattern}/{pattern}/*", resources.get(0).getUri());
resources = authzClient.protection().resource().findByMatchingUri("/resources/a/sub-resources/c/d");
assertNotNull(resources);
assertEquals(1, resources.size());
assertEquals("/resources/{pattern}/sub-resources/{pattern}/*", resources.get(0).getUri());
resources = authzClient.protection().resource().findByMatchingUri("/rest/v1/loader/load");
assertNotNull(resources);
assertEquals(1, resources.size());
assertEquals("/rest/{version}/loader/load", resources.get(0).getUri());
resources = authzClient.protection().resource().findByMatchingUri("/rest/v2/carts/123/cartactions/123");
assertNotNull(resources);
assertEquals(1, resources.size());
assertEquals("/rest/{version}/carts/{cartId}/cartactions/{actionId}", resources.get(0).getUri());
resources = authzClient.protection().resource().findByMatchingUri("/rest/v2/carts/{cartId}/cartactions/123");
assertNotNull(resources);
assertEquals(1, resources.size());
assertEquals("/rest/{version}/carts/{cartId}/cartactions/{actionId}", resources.get(0).getUri());
resources = authzClient.protection().resource().findByMatchingUri("/rest/{version}/carts/123/cartactions/123");
assertNotNull(resources);
assertEquals(1, resources.size());
assertEquals("/rest/{version}/carts/{cartId}/cartactions/{actionId}", resources.get(0).getUri());
resources = authzClient.protection().resource().findByMatchingUri("/rest/{version}/carts/{cartId}/cartactions/123");
assertNotNull(resources);
assertEquals(1, resources.size());
assertEquals("/rest/{version}/carts/{cartId}/cartactions/{actionId}", resources.get(0).getUri());
resources = authzClient.protection().resource().findByMatchingUri("/rest/v1/carts/123/cartactions/123");
assertNotNull(resources);
assertEquals(1, resources.size());
assertEquals("/rest/v1/carts/{cartId}/cartactions/123", resources.get(0).getUri());
resources = authzClient.protection().resource().findByMatchingUri("/rest/v1/carts/{cartId}/cartactions/123");
assertNotNull(resources);
assertEquals(1, resources.size());
assertEquals("/rest/v1/carts/{cartId}/cartactions/123", resources.get(0).getUri());
resources = authzClient.protection().resource().findByMatchingUri("/rest/v1/carts/345/cartactions/123");
assertNotNull(resources);
assertEquals(1, resources.size());
assertEquals("/rest/v1/carts/{cartId}/cartactions/123", resources.get(0).getUri());
resources = authzClient.protection().resource().findByMatchingUri("/rest/v2/carts/345/cartactions/123");
assertNotNull(resources);
assertEquals(1, resources.size());
assertEquals("/rest/{version}/carts/{cartId}/cartactions/{actionId}", resources.get(0).getUri());
resources = authzClient.protection().resource().findByMatchingUri("/dummy/605dc7ff310256017a2ec84f/nestedObject/605dc7fe310256017a2ec84c");
assertNotNull(resources);
assertEquals(1, resources.size());
assertEquals("Dummy Name", resources.get(0).getName());
}
use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.
the class ResourceManagementWithAuthzClientTest method doUpdateResource.
@Override
protected ResourceRepresentation doUpdateResource(ResourceRepresentation resource) {
AuthzClient authzClient = getAuthzClient();
authzClient.protection().resource().update(toResourceRepresentation(resource));
return toResourceRepresentation(authzClient, resource.getId());
}
use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.
the class ResourceManagementWithAuthzClientTest method doCreateResource.
@Override
protected ResourceRepresentation doCreateResource(ResourceRepresentation newResource) {
ResourceRepresentation resource = toResourceRepresentation(newResource);
AuthzClient authzClient = getAuthzClient();
ResourceRepresentation response = authzClient.protection().resource().create(resource);
return toResourceRepresentation(authzClient, response.getId());
}
use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.
the class AuthorizationAPITest method testAccessTokenWithUmaAuthorization.
public void testAccessTokenWithUmaAuthorization(String authzConfigFile) {
AuthzClient authzClient = getAuthzClient(authzConfigFile);
PermissionRequest request = new PermissionRequest("Resource A");
String ticket = authzClient.protection().permission().create(request).getTicket();
AuthorizationResponse response = authzClient.authorization("marta", "password").authorize(new AuthorizationRequest(ticket));
assertNotNull(response.getToken());
}
Aggregations