use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.
the class MyResourcesTest method afterAbstractKeycloakTestRealmImport.
@Override
public void afterAbstractKeycloakTestRealmImport() {
ClientResource resourceServer = getResourceServer();
AuthzClient authzClient = createAuthzClient(resourceServer.toRepresentation());
AuthorizationResource authorization = resourceServer.authorization();
ResourceRepresentation resource13 = null;
for (int i = 1; i < 15; i++) {
ResourceRepresentation resource = createResource(authzClient, authorization, i);
if (i == 13) {
resource13 = resource;
}
for (String scope : Arrays.asList("Scope A", "Scope B")) {
createTicket(authzClient, i, resource, scope, userNames[i % userNames.length]);
}
}
createTicket(authzClient, 13, resource13, "Scope A", "admin");
}
use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.
the class PermissionManagementTest method testPermissionForTypedScope.
@Test
public void testPermissionForTypedScope() throws Exception {
ResourceRepresentation typedResource = addResource("Typed Resource", "ScopeC");
typedResource.setType("typed-resource");
getClient(getRealm()).authorization().resources().resource(typedResource.getId()).update(typedResource);
ResourceRepresentation resourceA = addResource("Resource A", "marta", true, "ScopeA", "ScopeB");
resourceA.setType(typedResource.getType());
getClient(getRealm()).authorization().resources().resource(resourceA.getId()).update(resourceA);
PermissionRequest permissionRequest = new PermissionRequest(resourceA.getId());
permissionRequest.setScopes(new HashSet<>(Arrays.asList("ScopeA", "ScopeC")));
AuthzClient authzClient = getAuthzClient();
PermissionResponse response = authzClient.protection("kolo", "password").permission().create(permissionRequest);
AuthorizationRequest request = new AuthorizationRequest();
request.setTicket(response.getTicket());
request.setClaimToken(authzClient.obtainAccessToken("kolo", "password").getToken());
try {
authzClient.authorization().authorize(request);
} catch (Exception e) {
}
assertPersistence(response, resourceA, "ScopeA", "ScopeC");
}
use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.
the class ConflictingScopePermissionTest method getEntitlements.
private Collection<Permission> getEntitlements(String username, String password) {
AuthzClient authzClient = getAuthzClient();
AuthorizationResponse response = authzClient.authorization(username, password).authorize();
AccessToken accessToken;
try {
accessToken = new JWSInput(response.getToken()).readJsonContent(AccessToken.class);
} catch (JWSInputException cause) {
throw new RuntimeException("Failed to deserialize RPT", cause);
}
AccessToken.Authorization authorization = accessToken.getAuthorization();
assertNotNull("RPT does not contain any authorization data", authorization);
return authorization.getPermissions();
}
use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.
the class PermissionManagementTest method testPermissionCount.
@Test
public void testPermissionCount() throws Exception {
String[] scopes = { "ScopeA", "ScopeB", "ScopeC", "ScopeD" };
ResourceRepresentation resource = addResource("Resource A", "kolo", true, scopes);
AuthzClient authzClient = getAuthzClient();
PermissionResponse response = authzClient.protection("marta", "password").permission().create(new PermissionRequest(resource.getId(), scopes));
AuthorizationRequest request = new AuthorizationRequest();
request.setTicket(response.getTicket());
request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
try {
authzClient.authorization().authorize(request);
} catch (Exception ignored) {
}
Long ticketCount = getAuthzClient().protection().permission().count(resource.getId(), null, null, null, null, true);
assertEquals("Returned number of permissions tickets must match the amount of permission tickets.", Long.valueOf(4), ticketCount);
}
use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.
the class PermissionManagementTest method testDeleteScopeAndPermissionTicket.
@Test
public void testDeleteScopeAndPermissionTicket() throws Exception {
ResourceRepresentation resource = addResource("Resource A", "kolo", true, "ScopeA", "ScopeB", "ScopeC");
PermissionRequest permissionRequest = new PermissionRequest(resource.getId());
permissionRequest.setScopes(new HashSet<>(Arrays.asList("ScopeA", "ScopeB", "ScopeC")));
AuthzClient authzClient = getAuthzClient();
PermissionResponse response = authzClient.protection("marta", "password").permission().create(permissionRequest);
assertNotNull(response.getTicket());
AuthorizationRequest request = new AuthorizationRequest();
request.setTicket(response.getTicket());
request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
try {
authzClient.authorization().authorize(request);
} catch (Exception e) {
}
assertEquals(3, authzClient.protection().permission().findByResource(resource.getId()).size());
AuthorizationResource authorization = getClient(getRealm()).authorization();
ResourceScopesResource scopes = authorization.scopes();
ScopeRepresentation scope = scopes.findByName("ScopeA");
List permissions = authzClient.protection().permission().findByScope(scope.getId());
assertFalse(permissions.isEmpty());
assertEquals(1, permissions.size());
resource.setScopes(Collections.emptySet());
authorization.resources().resource(resource.getId()).update(resource);
scopes.scope(scope.getId()).remove();
assertTrue(authzClient.protection().permission().findByScope(scope.getId()).isEmpty());
assertEquals(0, authzClient.protection().permission().findByResource(resource.getId()).size());
}
Aggregations