use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.
the class PermissionManagementTest method testDeleteResourceAndPermissionTicket.
@Test
public void testDeleteResourceAndPermissionTicket() throws Exception {
ResourceRepresentation resource = addResource("Resource A", "kolo", true, "ScopeA", "ScopeB", "ScopeC");
AuthzClient authzClient = getAuthzClient();
PermissionResponse response = authzClient.protection("marta", "password").permission().create(new PermissionRequest(resource.getId(), "ScopeA", "ScopeB", "ScopeC"));
AuthorizationRequest request = new AuthorizationRequest();
request.setTicket(response.getTicket());
request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
try {
authzClient.authorization().authorize(request);
} catch (Exception e) {
}
assertPersistence(response, resource, "ScopeA", "ScopeB", "ScopeC");
getAuthzClient().protection().resource().delete(resource.getId());
assertTrue(getAuthzClient().protection().permission().findByResource(resource.getId()).isEmpty());
}
use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.
the class PermissionManagementTest method testTicketNotCreatedWhenResourceOwner.
@Test
public void testTicketNotCreatedWhenResourceOwner() throws Exception {
ResourceRepresentation resource = addResource("Resource A", "marta", true);
AuthzClient authzClient = getAuthzClient();
PermissionResponse response = authzClient.protection("marta", "password").permission().create(new PermissionRequest(resource.getId()));
assertNotNull(response.getTicket());
AuthorizationRequest request = new AuthorizationRequest();
request.setTicket(response.getTicket());
request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
try {
authzClient.authorization().authorize(request);
} catch (Exception e) {
e.printStackTrace();
}
List permissions = authzClient.protection().permission().findByResource(resource.getId());
assertTrue(permissions.isEmpty());
response = authzClient.protection("kolo", "password").permission().create(new PermissionRequest(resource.getId()));
assertNotNull(response.getTicket());
request = new AuthorizationRequest();
request.setTicket(response.getTicket());
request.setClaimToken(authzClient.obtainAccessToken("kolo", "password").getToken());
try {
authzClient.authorization().authorize(request);
} catch (Exception e) {
}
permissions = authzClient.protection().permission().findByResource(resource.getId());
assertFalse(permissions.isEmpty());
assertEquals(1, permissions.size());
}
use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.
the class PermissionManagementTest method testCreatePermissionTicketWithResourceName.
@Test
public void testCreatePermissionTicketWithResourceName() throws Exception {
ResourceRepresentation resource = addResource("Resource A", "kolo", true);
AuthzClient authzClient = getAuthzClient();
PermissionResponse response = authzClient.protection("marta", "password").permission().create(new PermissionRequest(resource.getId()));
AuthorizationRequest request = new AuthorizationRequest();
request.setTicket(response.getTicket());
request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
try {
authzClient.authorization().authorize(request);
} catch (Exception e) {
}
assertPersistence(response, resource);
}
use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.
the class AuthorizationAPITest method testResourceServerAsAudience.
public void testResourceServerAsAudience(String clientId, String resourceServerClientId, String authzConfigFile) throws Exception {
AuthzClient authzClient = getAuthzClient(authzConfigFile);
PermissionRequest request = new PermissionRequest();
request.setResourceId("Resource A");
String accessToken = new OAuthClient().realm("authz-test").clientId(clientId).doGrantAccessTokenRequest("secret", "marta", "password").getAccessToken();
String ticket = authzClient.protection().permission().create(request).getTicket();
// Ticket is opaque to client or resourceServer. The audience should be just an authorization server itself
JsonWebToken ticketDecoded = JsonSerialization.readValue(new JWSInput(ticket).getContent(), JsonWebToken.class);
Assert.assertFalse(ticketDecoded.hasAudience(clientId));
Assert.assertFalse(ticketDecoded.hasAudience(resourceServerClientId));
AuthorizationResponse response = authzClient.authorization(accessToken).authorize(new AuthorizationRequest(ticket));
assertNotNull(response.getToken());
AccessToken rpt = toAccessToken(response.getToken());
assertEquals(resourceServerClientId, rpt.getAudience()[0]);
}
use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.
the class AuthzClientCredentialsTest method testReusingAccessAndRefreshTokens.
private void testReusingAccessAndRefreshTokens(int expectedUserSessionsCount) throws Exception {
ClientsResource clients = getAdminClient().realm("authz-test-session").clients();
ClientRepresentation clientRepresentation = clients.findByClientId("resource-server-test").get(0);
List<UserSessionRepresentation> userSessions = clients.get(clientRepresentation.getId()).getUserSessions(-1, -1);
assertEquals(0, userSessions.size());
AuthzClient authzClient = getAuthzClient("default-session-keycloak.json");
ProtectionResource protection = authzClient.protection();
protection.resource().findByName("Default Resource");
userSessions = clients.get(clientRepresentation.getId()).getUserSessions(null, null);
assertEquals(expectedUserSessionsCount, userSessions.size());
Thread.sleep(2000);
protection = authzClient.protection();
protection.resource().findByName("Default Resource");
userSessions = clients.get(clientRepresentation.getId()).getUserSessions(null, null);
assertEquals(expectedUserSessionsCount, userSessions.size());
}
Aggregations