use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.
the class AuthzClientCredentialsTest method testFindByName.
@Test
public void testFindByName() {
AuthzClient authzClient = getAuthzClient("default-session-keycloak.json");
ProtectionResource protection = authzClient.protection();
protection.resource().create(new ResourceRepresentation("Admin Resources"));
protection.resource().create(new ResourceRepresentation("Resource"));
ResourceRepresentation resource = authzClient.protection().resource().findByName("Resource");
assertEquals("Resource", resource.getName());
ResourceRepresentation adminResource = authzClient.protection().resource().findByName("Admin Resources");
assertEquals("Admin Resources", adminResource.getName());
assertNotEquals(resource.getId(), adminResource.getId());
}
use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.
the class AuthzClientCredentialsTest method testPermissionWhenResourceServerIsCurrentUser.
@Test
public void testPermissionWhenResourceServerIsCurrentUser() throws Exception {
ClientsResource clients = getAdminClient().realm("authz-test-session").clients();
ClientRepresentation clientRepresentation = clients.findByClientId("resource-server-test").get(0);
List<UserSessionRepresentation> userSessions = clients.get(clientRepresentation.getId()).getUserSessions(-1, -1);
assertEquals(0, userSessions.size());
AuthzClient authzClient = getAuthzClient("default-session-keycloak.json");
org.keycloak.authorization.client.resource.AuthorizationResource authorization = authzClient.authorization(authzClient.obtainAccessToken().getToken());
AuthorizationResponse response = authorization.authorize();
AccessToken accessToken = toAccessToken(response.getToken());
assertEquals(1, accessToken.getAuthorization().getPermissions().size());
assertEquals("Default Resource", accessToken.getAuthorization().getPermissions().iterator().next().getResourceName());
}
use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.
the class ClientScopePolicyTest method testWithExpectedClientScope.
@Test
public void testWithExpectedClientScope() {
// Access Resource A with client scope foo.
AuthzClient authzClient = getAuthzClient();
PermissionRequest request = new PermissionRequest("Resource A");
String ticket = authzClient.protection().permission().create(request).getTicket();
AuthorizationResponse response = authzClient.authorization("marta", "password", "foo").authorize(new AuthorizationRequest(ticket));
assertNotNull(response.getToken());
// Access Resource A with client scope bar.
request = new PermissionRequest("Resource A");
ticket = authzClient.protection().permission().create(request).getTicket();
response = authzClient.authorization("marta", "password", "bar").authorize(new AuthorizationRequest(ticket));
assertNotNull(response.getToken());
// Access Resource B with client scope bar.
request = new PermissionRequest("Resource B");
ticket = authzClient.protection().permission().create(request).getTicket();
response = authzClient.authorization("marta", "password", "bar").authorize(new AuthorizationRequest(ticket));
assertNotNull(response.getToken());
}
use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.
the class RolePolicyTest method testUserWithGroupRole.
@Test
public void testUserWithGroupRole() throws InterruptedException {
AuthzClient authzClient = getAuthzClient();
PermissionRequest request = new PermissionRequest();
request.setResourceId("Resource C");
String ticket = authzClient.protection().permission().create(request).getTicket();
assertNotNull(authzClient.authorization("alice", "password").authorize(new AuthorizationRequest(ticket)));
UserRepresentation user = getRealm().users().search("alice").get(0);
GroupRepresentation groupB = getRealm().groups().groups().stream().filter(representation -> "Group B".equals(representation.getName())).findFirst().get();
getRealm().users().get(user.getId()).leaveGroup(groupB.getId());
try {
authzClient.authorization("alice", "password").authorize(new AuthorizationRequest(ticket));
fail("Should fail because user is not granted with expected role");
} catch (AuthorizationDeniedException ignore) {
}
request.setResourceId("Resource A");
ticket = authzClient.protection().permission().create(request).getTicket();
try {
authzClient.authorization("alice", "password").authorize(new AuthorizationRequest(ticket));
fail("Should fail because user is not granted with expected role");
} catch (AuthorizationDeniedException ignore) {
}
GroupRepresentation groupA = getRealm().groups().groups().stream().filter(representation -> "Group A".equals(representation.getName())).findFirst().get();
getRealm().users().get(user.getId()).joinGroup(groupA.getId());
assertNotNull(authzClient.authorization("alice", "password").authorize(new AuthorizationRequest(ticket)));
}
use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.
the class RolePolicyTest method testUserWithExpectedRole.
@Test
public void testUserWithExpectedRole() {
AuthzClient authzClient = getAuthzClient();
PermissionRequest request = new PermissionRequest("Resource A");
String ticket = authzClient.protection().permission().create(request).getTicket();
AuthorizationResponse response = authzClient.authorization("marta", "password").authorize(new AuthorizationRequest(ticket));
assertNotNull(response.getToken());
}
Aggregations