Search in sources :

Example 31 with AuthzClient

use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.

the class AuthzClientCredentialsTest method testFindByName.

@Test
public void testFindByName() {
    AuthzClient authzClient = getAuthzClient("default-session-keycloak.json");
    ProtectionResource protection = authzClient.protection();
    protection.resource().create(new ResourceRepresentation("Admin Resources"));
    protection.resource().create(new ResourceRepresentation("Resource"));
    ResourceRepresentation resource = authzClient.protection().resource().findByName("Resource");
    assertEquals("Resource", resource.getName());
    ResourceRepresentation adminResource = authzClient.protection().resource().findByName("Admin Resources");
    assertEquals("Admin Resources", adminResource.getName());
    assertNotEquals(resource.getId(), adminResource.getId());
}
Also used : ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) AuthzClient(org.keycloak.authorization.client.AuthzClient) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Example 32 with AuthzClient

use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.

the class AuthzClientCredentialsTest method testPermissionWhenResourceServerIsCurrentUser.

@Test
public void testPermissionWhenResourceServerIsCurrentUser() throws Exception {
    ClientsResource clients = getAdminClient().realm("authz-test-session").clients();
    ClientRepresentation clientRepresentation = clients.findByClientId("resource-server-test").get(0);
    List<UserSessionRepresentation> userSessions = clients.get(clientRepresentation.getId()).getUserSessions(-1, -1);
    assertEquals(0, userSessions.size());
    AuthzClient authzClient = getAuthzClient("default-session-keycloak.json");
    org.keycloak.authorization.client.resource.AuthorizationResource authorization = authzClient.authorization(authzClient.obtainAccessToken().getToken());
    AuthorizationResponse response = authorization.authorize();
    AccessToken accessToken = toAccessToken(response.getToken());
    assertEquals(1, accessToken.getAuthorization().getPermissions().size());
    assertEquals("Default Resource", accessToken.getAuthorization().getPermissions().iterator().next().getResourceName());
}
Also used : UserSessionRepresentation(org.keycloak.representations.idm.UserSessionRepresentation) AuthzClient(org.keycloak.authorization.client.AuthzClient) AccessToken(org.keycloak.representations.AccessToken) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 33 with AuthzClient

use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.

the class ClientScopePolicyTest method testWithExpectedClientScope.

@Test
public void testWithExpectedClientScope() {
    // Access Resource A with client scope foo.
    AuthzClient authzClient = getAuthzClient();
    PermissionRequest request = new PermissionRequest("Resource A");
    String ticket = authzClient.protection().permission().create(request).getTicket();
    AuthorizationResponse response = authzClient.authorization("marta", "password", "foo").authorize(new AuthorizationRequest(ticket));
    assertNotNull(response.getToken());
    // Access Resource A with client scope bar.
    request = new PermissionRequest("Resource A");
    ticket = authzClient.protection().permission().create(request).getTicket();
    response = authzClient.authorization("marta", "password", "bar").authorize(new AuthorizationRequest(ticket));
    assertNotNull(response.getToken());
    // Access Resource B with client scope bar.
    request = new PermissionRequest("Resource B");
    ticket = authzClient.protection().permission().create(request).getTicket();
    response = authzClient.authorization("marta", "password", "bar").authorize(new AuthorizationRequest(ticket));
    assertNotNull(response.getToken());
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AuthzClient(org.keycloak.authorization.client.AuthzClient) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 34 with AuthzClient

use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.

the class RolePolicyTest method testUserWithGroupRole.

@Test
public void testUserWithGroupRole() throws InterruptedException {
    AuthzClient authzClient = getAuthzClient();
    PermissionRequest request = new PermissionRequest();
    request.setResourceId("Resource C");
    String ticket = authzClient.protection().permission().create(request).getTicket();
    assertNotNull(authzClient.authorization("alice", "password").authorize(new AuthorizationRequest(ticket)));
    UserRepresentation user = getRealm().users().search("alice").get(0);
    GroupRepresentation groupB = getRealm().groups().groups().stream().filter(representation -> "Group B".equals(representation.getName())).findFirst().get();
    getRealm().users().get(user.getId()).leaveGroup(groupB.getId());
    try {
        authzClient.authorization("alice", "password").authorize(new AuthorizationRequest(ticket));
        fail("Should fail because user is not granted with expected role");
    } catch (AuthorizationDeniedException ignore) {
    }
    request.setResourceId("Resource A");
    ticket = authzClient.protection().permission().create(request).getTicket();
    try {
        authzClient.authorization("alice", "password").authorize(new AuthorizationRequest(ticket));
        fail("Should fail because user is not granted with expected role");
    } catch (AuthorizationDeniedException ignore) {
    }
    GroupRepresentation groupA = getRealm().groups().groups().stream().filter(representation -> "Group A".equals(representation.getName())).findFirst().get();
    getRealm().users().get(user.getId()).joinGroup(groupA.getId());
    assertNotNull(authzClient.authorization("alice", "password").authorize(new AuthorizationRequest(ticket)));
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException) AuthzClient(org.keycloak.authorization.client.AuthzClient) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Test(org.junit.Test)

Example 35 with AuthzClient

use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.

the class RolePolicyTest method testUserWithExpectedRole.

@Test
public void testUserWithExpectedRole() {
    AuthzClient authzClient = getAuthzClient();
    PermissionRequest request = new PermissionRequest("Resource A");
    String ticket = authzClient.protection().permission().create(request).getTicket();
    AuthorizationResponse response = authzClient.authorization("marta", "password").authorize(new AuthorizationRequest(ticket));
    assertNotNull(response.getToken());
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AuthzClient(org.keycloak.authorization.client.AuthzClient) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Aggregations

AuthzClient (org.keycloak.authorization.client.AuthzClient)70 Test (org.junit.Test)60 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)50 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)43 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)40 PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)31 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)29 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)27 ClientResource (org.keycloak.admin.client.resource.ClientResource)26 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)22 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)20 Permission (org.keycloak.representations.idm.authorization.Permission)20 OAuthClient (org.keycloak.testsuite.util.OAuthClient)20 Response (javax.ws.rs.core.Response)18 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)17 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)17 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)16 ScopePermissionRepresentation (org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)16 AccessToken (org.keycloak.representations.AccessToken)14 ArrayList (java.util.ArrayList)12