use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.
the class AuthzClientCredentialsTest method testNoRefreshToken.
@Test
public void testNoRefreshToken() throws Exception {
ClientsResource clients = getAdminClient().realm("authz-test-no-rt").clients();
AuthzClient authzClient = getAuthzClient("default-session-keycloak-no-rt.json");
org.keycloak.authorization.client.resource.AuthorizationResource authorization = authzClient.authorization();
AuthorizationResponse response = authorization.authorize();
AccessToken accessToken = toAccessToken(response.getToken());
assertEquals(1, accessToken.getAuthorization().getPermissions().size());
assertEquals("Default Resource", accessToken.getAuthorization().getPermissions().iterator().next().getResourceName());
ProtectionResource protection = authzClient.protection();
assertEquals(1, protection.resource().findAll().length);
try {
// force token expiration on the client side
Time.setOffset(1000);
// should refresh tokens by doing client credentials again
assertEquals(1, protection.resource().findAll().length);
} finally {
Time.setOffset(0);
}
}
use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.
the class AuthzClientCredentialsTest method testSingleSessionPerUser.
@Test
public void testSingleSessionPerUser() throws Exception {
ClientsResource clients = getAdminClient().realm("authz-test-session").clients();
ClientRepresentation clientRepresentation = clients.findByClientId("resource-server-test").get(0);
List<UserSessionRepresentation> userSessions = clients.get(clientRepresentation.getId()).getUserSessions(-1, -1);
assertEquals(0, userSessions.size());
AuthzClient authzClient = getAuthzClient("default-session-keycloak.json");
org.keycloak.authorization.client.resource.AuthorizationResource authorization = authzClient.authorization("marta", "password");
AuthorizationResponse response = authorization.authorize();
AccessToken accessToken = toAccessToken(response.getToken());
String sessionState = accessToken.getSessionState();
assertEquals(1, accessToken.getAuthorization().getPermissions().size());
assertEquals("Default Resource", accessToken.getAuthorization().getPermissions().iterator().next().getResourceName());
userSessions = clients.get(clientRepresentation.getId()).getUserSessions(null, null);
assertEquals(1, userSessions.size());
for (int i = 0; i < 3; i++) {
response = authorization.authorize();
accessToken = toAccessToken(response.getToken());
assertEquals(sessionState, accessToken.getSessionState());
Thread.sleep(1000);
}
userSessions = clients.get(clientRepresentation.getId()).getUserSessions(null, null);
assertEquals(1, userSessions.size());
}
use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.
the class AuthzClientCredentialsTest method testSuccessfulAuthorizationRequest.
@Test
public void testSuccessfulAuthorizationRequest() throws Exception {
AuthzClient authzClient = getAuthzClient("keycloak-with-jwt-authentication.json");
ProtectionResource protection = authzClient.protection();
PermissionRequest request = new PermissionRequest("Default Resource");
PermissionResponse ticketResponse = protection.permission().create(request);
String ticket = ticketResponse.getTicket();
AuthorizationResponse authorizationResponse = authzClient.authorization("marta", "password").authorize(new AuthorizationRequest(ticket));
String rpt = authorizationResponse.getToken();
assertNotNull(rpt);
AccessToken accessToken = new JWSInput(rpt).readJsonContent(AccessToken.class);
AccessToken.Authorization authorization = accessToken.getAuthorization();
assertNotNull(authorization);
List<Permission> permissions = new ArrayList<>(authorization.getPermissions());
assertFalse(permissions.isEmpty());
assertEquals("Default Resource", permissions.get(0).getResourceName());
}
use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.
the class ClientScopePolicyTest method testWithoutExpectedClientScope.
@Test
public void testWithoutExpectedClientScope() {
// Access Resource A with client scope baz.
AuthzClient authzClient = getAuthzClient();
PermissionRequest request = new PermissionRequest("Resource A");
String ticket = authzClient.protection().permission().create(request).getTicket();
try {
authzClient.authorization("marta", "password", "baz").authorize(new AuthorizationRequest(ticket));
fail("Should fail.");
} catch (AuthorizationDeniedException ignore) {
}
// Access Resource B with client scope foo.
request = new PermissionRequest("Resource B");
ticket = authzClient.protection().permission().create(request).getTicket();
try {
authzClient.authorization("marta", "password", "foo").authorize(new AuthorizationRequest(ticket));
fail("Should fail.");
} catch (AuthorizationDeniedException ignore) {
}
}
use of org.keycloak.authorization.client.AuthzClient in project alfresco-repository by Alfresco.
the class AuthenticatorAuthzClientFactoryBean method getObject.
@Override
public AuthzClient getObject() throws Exception {
// for instance when Keycloak is configured for 'bearer only' authentication or Direct Access Grants are disabled.
if (!enabled) {
return null;
}
// Build default http client using the keycloak client builder.
int conTimeout = identityServiceConfig.getClientConnectionTimeout();
int socTimeout = identityServiceConfig.getClientSocketTimeout();
HttpClient client = new HttpClientBuilder().establishConnectionTimeout(conTimeout, TimeUnit.MILLISECONDS).socketTimeout(socTimeout, TimeUnit.MILLISECONDS).build(this.identityServiceConfig);
// Add secret to credentials if needed.
// AuthzClient configuration needs credentials with a secret even if the client in Keycloak is configured as public.
Map<String, Object> credentials = identityServiceConfig.getCredentials();
if (credentials == null || !credentials.containsKey("secret")) {
credentials = credentials == null ? new HashMap<>() : new HashMap<>(credentials);
credentials.put("secret", "");
}
// Create default AuthzClient for authenticating users against keycloak
String authServerUrl = identityServiceConfig.getAuthServerUrl();
String realm = identityServiceConfig.getRealm();
String resource = identityServiceConfig.getResource();
Configuration authzConfig = new Configuration(authServerUrl, realm, resource, credentials, client);
AuthzClient authzClient = AuthzClient.create(authzConfig);
if (logger.isDebugEnabled()) {
logger.debug(" Created Keycloak AuthzClient");
logger.debug(" Keycloak AuthzClient server URL: " + authzClient.getConfiguration().getAuthServerUrl());
logger.debug(" Keycloak AuthzClient realm: " + authzClient.getConfiguration().getRealm());
logger.debug(" Keycloak AuthzClient resource: " + authzClient.getConfiguration().getResource());
}
return authzClient;
}
Aggregations