Search in sources :

Example 26 with AuthzClient

use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.

the class PermissionManagementTest method testDeleteResourceAndPermissionTicket.

@Test
public void testDeleteResourceAndPermissionTicket() throws Exception {
    ResourceRepresentation resource = addResource("Resource A", "kolo", true, "ScopeA", "ScopeB", "ScopeC");
    AuthzClient authzClient = getAuthzClient();
    PermissionResponse response = authzClient.protection("marta", "password").permission().create(new PermissionRequest(resource.getId(), "ScopeA", "ScopeB", "ScopeC"));
    AuthorizationRequest request = new AuthorizationRequest();
    request.setTicket(response.getTicket());
    request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
    try {
        authzClient.authorization().authorize(request);
    } catch (Exception e) {
    }
    assertPersistence(response, resource, "ScopeA", "ScopeB", "ScopeC");
    getAuthzClient().protection().resource().delete(resource.getId());
    assertTrue(getAuthzClient().protection().permission().findByResource(resource.getId()).isEmpty());
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AuthzClient(org.keycloak.authorization.client.AuthzClient) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) PermissionResponse(org.keycloak.representations.idm.authorization.PermissionResponse) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Example 27 with AuthzClient

use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.

the class PermissionManagementTest method testTicketNotCreatedWhenResourceOwner.

@Test
public void testTicketNotCreatedWhenResourceOwner() throws Exception {
    ResourceRepresentation resource = addResource("Resource A", "marta", true);
    AuthzClient authzClient = getAuthzClient();
    PermissionResponse response = authzClient.protection("marta", "password").permission().create(new PermissionRequest(resource.getId()));
    assertNotNull(response.getTicket());
    AuthorizationRequest request = new AuthorizationRequest();
    request.setTicket(response.getTicket());
    request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
    try {
        authzClient.authorization().authorize(request);
    } catch (Exception e) {
        e.printStackTrace();
    }
    List permissions = authzClient.protection().permission().findByResource(resource.getId());
    assertTrue(permissions.isEmpty());
    response = authzClient.protection("kolo", "password").permission().create(new PermissionRequest(resource.getId()));
    assertNotNull(response.getTicket());
    request = new AuthorizationRequest();
    request.setTicket(response.getTicket());
    request.setClaimToken(authzClient.obtainAccessToken("kolo", "password").getToken());
    try {
        authzClient.authorization().authorize(request);
    } catch (Exception e) {
    }
    permissions = authzClient.protection().permission().findByResource(resource.getId());
    assertFalse(permissions.isEmpty());
    assertEquals(1, permissions.size());
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AuthzClient(org.keycloak.authorization.client.AuthzClient) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) ArrayList(java.util.ArrayList) List(java.util.List) PermissionResponse(org.keycloak.representations.idm.authorization.PermissionResponse) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Example 28 with AuthzClient

use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.

the class PermissionManagementTest method testCreatePermissionTicketWithResourceName.

@Test
public void testCreatePermissionTicketWithResourceName() throws Exception {
    ResourceRepresentation resource = addResource("Resource A", "kolo", true);
    AuthzClient authzClient = getAuthzClient();
    PermissionResponse response = authzClient.protection("marta", "password").permission().create(new PermissionRequest(resource.getId()));
    AuthorizationRequest request = new AuthorizationRequest();
    request.setTicket(response.getTicket());
    request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
    try {
        authzClient.authorization().authorize(request);
    } catch (Exception e) {
    }
    assertPersistence(response, resource);
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AuthzClient(org.keycloak.authorization.client.AuthzClient) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) PermissionResponse(org.keycloak.representations.idm.authorization.PermissionResponse) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Example 29 with AuthzClient

use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.

the class AuthorizationAPITest method testResourceServerAsAudience.

public void testResourceServerAsAudience(String clientId, String resourceServerClientId, String authzConfigFile) throws Exception {
    AuthzClient authzClient = getAuthzClient(authzConfigFile);
    PermissionRequest request = new PermissionRequest();
    request.setResourceId("Resource A");
    String accessToken = new OAuthClient().realm("authz-test").clientId(clientId).doGrantAccessTokenRequest("secret", "marta", "password").getAccessToken();
    String ticket = authzClient.protection().permission().create(request).getTicket();
    // Ticket is opaque to client or resourceServer. The audience should be just an authorization server itself
    JsonWebToken ticketDecoded = JsonSerialization.readValue(new JWSInput(ticket).getContent(), JsonWebToken.class);
    Assert.assertFalse(ticketDecoded.hasAudience(clientId));
    Assert.assertFalse(ticketDecoded.hasAudience(resourceServerClientId));
    AuthorizationResponse response = authzClient.authorization(accessToken).authorize(new AuthorizationRequest(ticket));
    assertNotNull(response.getToken());
    AccessToken rpt = toAccessToken(response.getToken());
    assertEquals(resourceServerClientId, rpt.getAudience()[0]);
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AuthzClient(org.keycloak.authorization.client.AuthzClient) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) OAuthClient(org.keycloak.testsuite.util.OAuthClient) AccessToken(org.keycloak.representations.AccessToken) JWSInput(org.keycloak.jose.jws.JWSInput) JsonWebToken(org.keycloak.representations.JsonWebToken) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse)

Example 30 with AuthzClient

use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.

the class AuthzClientCredentialsTest method testReusingAccessAndRefreshTokens.

private void testReusingAccessAndRefreshTokens(int expectedUserSessionsCount) throws Exception {
    ClientsResource clients = getAdminClient().realm("authz-test-session").clients();
    ClientRepresentation clientRepresentation = clients.findByClientId("resource-server-test").get(0);
    List<UserSessionRepresentation> userSessions = clients.get(clientRepresentation.getId()).getUserSessions(-1, -1);
    assertEquals(0, userSessions.size());
    AuthzClient authzClient = getAuthzClient("default-session-keycloak.json");
    ProtectionResource protection = authzClient.protection();
    protection.resource().findByName("Default Resource");
    userSessions = clients.get(clientRepresentation.getId()).getUserSessions(null, null);
    assertEquals(expectedUserSessionsCount, userSessions.size());
    Thread.sleep(2000);
    protection = authzClient.protection();
    protection.resource().findByName("Default Resource");
    userSessions = clients.get(clientRepresentation.getId()).getUserSessions(null, null);
    assertEquals(expectedUserSessionsCount, userSessions.size());
}
Also used : UserSessionRepresentation(org.keycloak.representations.idm.UserSessionRepresentation) ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) AuthzClient(org.keycloak.authorization.client.AuthzClient) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)

Aggregations

AuthzClient (org.keycloak.authorization.client.AuthzClient)70 Test (org.junit.Test)60 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)50 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)43 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)40 PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)31 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)29 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)27 ClientResource (org.keycloak.admin.client.resource.ClientResource)26 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)22 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)20 Permission (org.keycloak.representations.idm.authorization.Permission)20 OAuthClient (org.keycloak.testsuite.util.OAuthClient)20 Response (javax.ws.rs.core.Response)18 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)17 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)17 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)16 ScopePermissionRepresentation (org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)16 AccessToken (org.keycloak.representations.AccessToken)14 ArrayList (java.util.ArrayList)12