Examples with AuthzClient org.keycloak.authorization.client.AuthzClient used on opensource projects

Search in sources :

Example 16 with AuthzClient

use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.

the class PermissionClaimTest method testClaimsFromDifferentResourcePermissions.

@Test
public void testClaimsFromDifferentResourcePermissions() throws Exception {
    ClientResource client = getClient(getRealm());
    AuthorizationResource authorization = client.authorization();
    ResourceRepresentation resourceA = new ResourceRepresentation(KeycloakModelUtils.generateId());
    resourceA.setType("typed-resource");
    authorization.resources().create(resourceA).close();
    ResourcePermissionRepresentation allScopesPermission = new ResourcePermissionRepresentation();
    allScopesPermission.setName(KeycloakModelUtils.generateId());
    allScopesPermission.addResource(resourceA.getName());
    allScopesPermission.addPolicy(claimAPolicy.getName(), claimBPolicy.getName());
    authorization.permissions().resource().create(allScopesPermission).close();
    ResourcePermissionRepresentation updatePermission = new ResourcePermissionRepresentation();
    updatePermission.setName(KeycloakModelUtils.generateId());
    updatePermission.addResource(resourceA.getName());
    updatePermission.addPolicy(claimCPolicy.getName());
    try (Response response = authorization.permissions().resource().create(updatePermission)) {
        updatePermission = response.readEntity(ResourcePermissionRepresentation.class);
    }
    AuthzClient authzClient = getAuthzClient();
    AuthorizationResponse response = authzClient.authorization("marta", "password").authorize();
    assertNotNull(response.getToken());
    AccessToken rpt = toAccessToken(response.getToken());
    Authorization authorizationClaim = rpt.getAuthorization();
    List<Permission> permissions = new ArrayList<>(authorizationClaim.getPermissions());
    assertEquals(1, permissions.size());
    for (Permission permission : permissions) {
        Map<String, Set<String>> claims = permission.getClaims();
        assertNotNull(claims);
        assertThat(claims.get("claim-a"), Matchers.containsInAnyOrder("claim-a", "claim-a1"));
        assertThat(claims.get("claim-b"), Matchers.containsInAnyOrder("claim-b"));
        assertThat(claims.get("claim-c"), Matchers.containsInAnyOrder("claim-c"));
    }
    updatePermission.addPolicy(denyPolicy.getName());
    authorization.permissions().resource().findById(updatePermission.getId()).update(updatePermission);
    try {
        authzClient.authorization("marta", "password").authorize();
        fail("can not access resource");
    } catch (RuntimeException expected) {
        assertEquals(403, HttpResponseException.class.cast(expected.getCause()).getStatusCode());
        assertTrue(HttpResponseException.class.cast(expected.getCause()).toString().contains("access_denied"));
    }
    ResourceRepresentation resourceInstance = new ResourceRepresentation(KeycloakModelUtils.generateId(), "create", "update");
    resourceInstance.setType(resourceA.getType());
    resourceInstance.setOwner("marta");
    try (Response response1 = authorization.resources().create(resourceInstance)) {
        resourceInstance = response1.readEntity(ResourceRepresentation.class);
    }
    AuthorizationRequest request = new AuthorizationRequest();
    request.addPermission(null, "create", "update");
    try {
        authzClient.authorization("marta", "password").authorize(request);
        fail("can not access resource");
    } catch (RuntimeException expected) {
        assertEquals(403, HttpResponseException.class.cast(expected.getCause()).getStatusCode());
        assertTrue(HttpResponseException.class.cast(expected.getCause()).toString().contains("access_denied"));
    }
    ResourcePermissionRepresentation resourceInstancePermission = new ResourcePermissionRepresentation();
    resourceInstancePermission.setName(KeycloakModelUtils.generateId());
    resourceInstancePermission.addResource(resourceInstance.getId());
    resourceInstancePermission.addPolicy(claimCPolicy.getName());
    try (Response response1 = authorization.permissions().resource().create(resourceInstancePermission)) {
        resourceInstancePermission = response1.readEntity(ResourcePermissionRepresentation.class);
    }
    response = authzClient.authorization("marta", "password").authorize(request);
    assertNotNull(response.getToken());
    rpt = toAccessToken(response.getToken());
    authorizationClaim = rpt.getAuthorization();
    permissions = new ArrayList<>(authorizationClaim.getPermissions());
    assertEquals(1, permissions.size());
    for (Permission permission : permissions) {
        Map<String, Set<String>> claims = permission.getClaims();
        assertNotNull(claims);
        assertThat(claims.get("claim-a"), Matchers.containsInAnyOrder("claim-a", "claim-a1"));
        assertThat(claims.get("claim-b"), Matchers.containsInAnyOrder("claim-b"));
        assertThat(claims.get("claim-c"), Matchers.containsInAnyOrder("claim-c"));
        assertThat(claims.get("deny-policy"), Matchers.containsInAnyOrder("deny-policy"));
    }
    response = authzClient.authorization("marta", "password").authorize();
    assertNotNull(response.getToken());
    rpt = toAccessToken(response.getToken());
    authorizationClaim = rpt.getAuthorization();
    permissions = new ArrayList<>(authorizationClaim.getPermissions());
    assertEquals(1, permissions.size());
    for (Permission permission : permissions) {
        Map<String, Set<String>> claims = permission.getClaims();
        assertNotNull(claims);
        assertThat(claims.get("claim-a"), Matchers.containsInAnyOrder("claim-a", "claim-a1"));
        assertThat(claims.get("claim-b"), Matchers.containsInAnyOrder("claim-b"));
        assertThat(claims.get("claim-c"), Matchers.containsInAnyOrder("claim-c"));
        assertThat(claims.get("deny-policy"), Matchers.containsInAnyOrder("deny-policy"));
        assertThat(permission.getScopes(), Matchers.containsInAnyOrder("create", "update"));
    }
    updatePermission.setPolicies(new HashSet<>());
    updatePermission.addPolicy(claimCPolicy.getName());
    authorization.permissions().resource().findById(updatePermission.getId()).update(updatePermission);
    response = authzClient.authorization("marta", "password").authorize();
    assertNotNull(response.getToken());
    rpt = toAccessToken(response.getToken());
    authorizationClaim = rpt.getAuthorization();
    permissions = new ArrayList<>(authorizationClaim.getPermissions());
    assertEquals(2, permissions.size());
    for (Permission permission : permissions) {
        Map<String, Set<String>> claims = permission.getClaims();
        assertNotNull(claims);
        assertThat(claims.get("claim-a"), Matchers.containsInAnyOrder("claim-a", "claim-a1"));
        assertThat(claims.get("claim-b"), Matchers.containsInAnyOrder("claim-b"));
        assertThat(claims.get("claim-c"), Matchers.containsInAnyOrder("claim-c"));
    }
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) ArrayList(java.util.ArrayList) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Response(javax.ws.rs.core.Response) Authorization(org.keycloak.representations.AccessToken.Authorization) AuthzClient(org.keycloak.authorization.client.AuthzClient) AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) ClientResource(org.keycloak.admin.client.resource.ClientResource) Test(org.junit.Test)

Example 17 with AuthzClient

use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.

the class PermissionManagementTest method testCreatePermissionTicketWithResourceId.

@Test
public void testCreatePermissionTicketWithResourceId() throws Exception {
    ResourceRepresentation resource = addResource("Resource A", "kolo", true);
    AuthzClient authzClient = getAuthzClient();
    PermissionResponse response = authzClient.protection("marta", "password").permission().create(new PermissionRequest(resource.getId()));
    AuthorizationRequest request = new AuthorizationRequest();
    request.setTicket(response.getTicket());
    request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
    try {
        authzClient.authorization().authorize(request);
    } catch (Exception e) {
    }
    assertNotNull(response.getTicket());
    assertFalse(authzClient.protection().permission().findByResource(resource.getId()).isEmpty());
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AuthzClient(org.keycloak.authorization.client.AuthzClient) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) PermissionResponse(org.keycloak.representations.idm.authorization.PermissionResponse) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Example 18 with AuthzClient

use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.

the class PermissionManagementTest method testGetPermissionTicketWithPagination.

@Test
public void testGetPermissionTicketWithPagination() throws Exception {
    String[] scopes = { "ScopeA", "ScopeB", "ScopeC", "ScopeD" };
    ResourceRepresentation resource = addResource("Resource A", "kolo", true, scopes);
    AuthzClient authzClient = getAuthzClient();
    PermissionResponse response = authzClient.protection("marta", "password").permission().create(new PermissionRequest(resource.getId(), scopes));
    AuthorizationRequest request = new AuthorizationRequest();
    request.setTicket(response.getTicket());
    request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
    try {
        authzClient.authorization().authorize(request);
    } catch (Exception e) {
    }
    // start with fetching the second half of all permission tickets
    Collection<String> expectedScopes = new ArrayList(Arrays.asList(scopes));
    List<PermissionTicketRepresentation> tickets = getAuthzClient().protection().permission().find(resource.getId(), null, null, null, null, true, 2, 2);
    assertEquals("Returned number of permissions tickets must match the specified page size (i.e., 'maxResult').", 2, tickets.size());
    boolean foundScope = expectedScopes.remove(tickets.get(0).getScopeName());
    assertTrue("Returned set of permission tickets must be only a sub-set as per pagination offset and specified page size.", foundScope);
    foundScope = expectedScopes.remove(tickets.get(1).getScopeName());
    assertTrue("Returned set of permission tickets must be only a sub-set as per pagination offset and specified page size.", foundScope);
    // fetch the first half of all permission tickets
    tickets = getAuthzClient().protection().permission().find(resource.getId(), null, null, null, null, true, 0, 2);
    assertEquals("Returned number of permissions tickets must match the specified page size (i.e., 'maxResult').", 2, tickets.size());
    foundScope = expectedScopes.remove(tickets.get(0).getScopeName());
    assertTrue("Returned set of permission tickets must be only a sub-set as per pagination offset and specified page size.", foundScope);
    foundScope = expectedScopes.remove(tickets.get(1).getScopeName());
    assertTrue("Returned set of permission tickets must be only a sub-set as per pagination offset and specified page size.", foundScope);
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) ArrayList(java.util.ArrayList) PermissionResponse(org.keycloak.representations.idm.authorization.PermissionResponse) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) AuthzClient(org.keycloak.authorization.client.AuthzClient) PermissionTicketRepresentation(org.keycloak.representations.idm.authorization.PermissionTicketRepresentation) Test(org.junit.Test)

Example 19 with AuthzClient

use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.

the class PermissionManagementTest method testCreatePermissionTicketWithScopes.

@Test
public void testCreatePermissionTicketWithScopes() throws Exception {
    ResourceRepresentation resource = addResource("Resource A", "kolo", true, "ScopeA", "ScopeB", "ScopeC");
    AuthzClient authzClient = getAuthzClient();
    PermissionResponse response = authzClient.protection("marta", "password").permission().create(new PermissionRequest(resource.getId(), "ScopeA", "ScopeB", "ScopeC"));
    AuthorizationRequest request = new AuthorizationRequest();
    request.setTicket(response.getTicket());
    request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
    try {
        authzClient.authorization().authorize(request);
    } catch (Exception e) {
    }
    assertPersistence(response, resource, "ScopeA", "ScopeB", "ScopeC");
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AuthzClient(org.keycloak.authorization.client.AuthzClient) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) PermissionResponse(org.keycloak.representations.idm.authorization.PermissionResponse) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Example 20 with AuthzClient

use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.

the class PermissionManagementTest method testRemoveScopeFromResource.

@Test
public void testRemoveScopeFromResource() throws Exception {
    ResourceRepresentation resource = addResource("Resource A", "kolo", true, "ScopeA", "ScopeB");
    PermissionRequest permissionRequest = new PermissionRequest(resource.getId(), "ScopeA", "ScopeB");
    AuthzClient authzClient = getAuthzClient();
    PermissionResponse response = authzClient.protection("marta", "password").permission().create(permissionRequest);
    assertNotNull(response.getTicket());
    AuthorizationRequest request = new AuthorizationRequest();
    request.setTicket(response.getTicket());
    request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
    try {
        authzClient.authorization().authorize(request);
    } catch (Exception e) {
    }
    AuthorizationResource authorization = getClient(getRealm()).authorization();
    ResourceScopesResource scopes = authorization.scopes();
    ScopeRepresentation removedScope = scopes.findByName("ScopeA");
    List permissions = authzClient.protection().permission().findByScope(removedScope.getId());
    assertFalse(permissions.isEmpty());
    resource.setScopes(new HashSet<>());
    resource.addScope("ScopeB");
    authorization.resources().resource(resource.getId()).update(resource);
    permissions = authzClient.protection().permission().findByScope(removedScope.getId());
    assertTrue(permissions.isEmpty());
    ScopeRepresentation scopeB = scopes.findByName("ScopeB");
    permissions = authzClient.protection().permission().findByScope(scopeB.getId());
    assertFalse(permissions.isEmpty());
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AuthzClient(org.keycloak.authorization.client.AuthzClient) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) ResourceScopesResource(org.keycloak.admin.client.resource.ResourceScopesResource) ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation) ArrayList(java.util.ArrayList) List(java.util.List) PermissionResponse(org.keycloak.representations.idm.authorization.PermissionResponse) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Aggregations

AuthzClient (org.keycloak.authorization.client.AuthzClient)70 Test (org.junit.Test)60 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)50 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)43 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)40 PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)31 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)29 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)27 ClientResource (org.keycloak.admin.client.resource.ClientResource)26 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)22 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)20 Permission (org.keycloak.representations.idm.authorization.Permission)20 OAuthClient (org.keycloak.testsuite.util.OAuthClient)20 Response (javax.ws.rs.core.Response)18 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)17 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)17 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)16 ScopePermissionRepresentation (org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)16 AccessToken (org.keycloak.representations.AccessToken)14 ArrayList (java.util.ArrayList)12
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial