Search in sources :

Example 41 with AuthzClient

use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.

the class MyResourcesTest method afterAbstractKeycloakTestRealmImport.

@Override
public void afterAbstractKeycloakTestRealmImport() {
    ClientResource resourceServer = getResourceServer();
    AuthzClient authzClient = createAuthzClient(resourceServer.toRepresentation());
    AuthorizationResource authorization = resourceServer.authorization();
    ResourceRepresentation resource13 = null;
    for (int i = 1; i < 15; i++) {
        ResourceRepresentation resource = createResource(authzClient, authorization, i);
        if (i == 13) {
            resource13 = resource;
        }
        for (String scope : Arrays.asList("Scope A", "Scope B")) {
            createTicket(authzClient, i, resource, scope, userNames[i % userNames.length]);
        }
    }
    createTicket(authzClient, 13, resource13, "Scope A", "admin");
}
Also used : AuthzClient(org.keycloak.authorization.client.AuthzClient) ClientResource(org.keycloak.admin.client.resource.ClientResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 42 with AuthzClient

use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.

the class PermissionManagementTest method testPermissionForTypedScope.

@Test
public void testPermissionForTypedScope() throws Exception {
    ResourceRepresentation typedResource = addResource("Typed Resource", "ScopeC");
    typedResource.setType("typed-resource");
    getClient(getRealm()).authorization().resources().resource(typedResource.getId()).update(typedResource);
    ResourceRepresentation resourceA = addResource("Resource A", "marta", true, "ScopeA", "ScopeB");
    resourceA.setType(typedResource.getType());
    getClient(getRealm()).authorization().resources().resource(resourceA.getId()).update(resourceA);
    PermissionRequest permissionRequest = new PermissionRequest(resourceA.getId());
    permissionRequest.setScopes(new HashSet<>(Arrays.asList("ScopeA", "ScopeC")));
    AuthzClient authzClient = getAuthzClient();
    PermissionResponse response = authzClient.protection("kolo", "password").permission().create(permissionRequest);
    AuthorizationRequest request = new AuthorizationRequest();
    request.setTicket(response.getTicket());
    request.setClaimToken(authzClient.obtainAccessToken("kolo", "password").getToken());
    try {
        authzClient.authorization().authorize(request);
    } catch (Exception e) {
    }
    assertPersistence(response, resourceA, "ScopeA", "ScopeC");
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AuthzClient(org.keycloak.authorization.client.AuthzClient) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) PermissionResponse(org.keycloak.representations.idm.authorization.PermissionResponse) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Example 43 with AuthzClient

use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.

the class ConflictingScopePermissionTest method getEntitlements.

private Collection<Permission> getEntitlements(String username, String password) {
    AuthzClient authzClient = getAuthzClient();
    AuthorizationResponse response = authzClient.authorization(username, password).authorize();
    AccessToken accessToken;
    try {
        accessToken = new JWSInput(response.getToken()).readJsonContent(AccessToken.class);
    } catch (JWSInputException cause) {
        throw new RuntimeException("Failed to deserialize RPT", cause);
    }
    AccessToken.Authorization authorization = accessToken.getAuthorization();
    assertNotNull("RPT does not contain any authorization data", authorization);
    return authorization.getPermissions();
}
Also used : AuthzClient(org.keycloak.authorization.client.AuthzClient) AccessToken(org.keycloak.representations.AccessToken) JWSInputException(org.keycloak.jose.jws.JWSInputException) JWSInput(org.keycloak.jose.jws.JWSInput) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse)

Example 44 with AuthzClient

use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.

the class PermissionManagementTest method testPermissionCount.

@Test
public void testPermissionCount() throws Exception {
    String[] scopes = { "ScopeA", "ScopeB", "ScopeC", "ScopeD" };
    ResourceRepresentation resource = addResource("Resource A", "kolo", true, scopes);
    AuthzClient authzClient = getAuthzClient();
    PermissionResponse response = authzClient.protection("marta", "password").permission().create(new PermissionRequest(resource.getId(), scopes));
    AuthorizationRequest request = new AuthorizationRequest();
    request.setTicket(response.getTicket());
    request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
    try {
        authzClient.authorization().authorize(request);
    } catch (Exception ignored) {
    }
    Long ticketCount = getAuthzClient().protection().permission().count(resource.getId(), null, null, null, null, true);
    assertEquals("Returned number of permissions tickets must match the amount of permission tickets.", Long.valueOf(4), ticketCount);
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AuthzClient(org.keycloak.authorization.client.AuthzClient) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) PermissionResponse(org.keycloak.representations.idm.authorization.PermissionResponse) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Example 45 with AuthzClient

use of org.keycloak.authorization.client.AuthzClient in project keycloak by keycloak.

the class PermissionManagementTest method testDeleteScopeAndPermissionTicket.

@Test
public void testDeleteScopeAndPermissionTicket() throws Exception {
    ResourceRepresentation resource = addResource("Resource A", "kolo", true, "ScopeA", "ScopeB", "ScopeC");
    PermissionRequest permissionRequest = new PermissionRequest(resource.getId());
    permissionRequest.setScopes(new HashSet<>(Arrays.asList("ScopeA", "ScopeB", "ScopeC")));
    AuthzClient authzClient = getAuthzClient();
    PermissionResponse response = authzClient.protection("marta", "password").permission().create(permissionRequest);
    assertNotNull(response.getTicket());
    AuthorizationRequest request = new AuthorizationRequest();
    request.setTicket(response.getTicket());
    request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
    try {
        authzClient.authorization().authorize(request);
    } catch (Exception e) {
    }
    assertEquals(3, authzClient.protection().permission().findByResource(resource.getId()).size());
    AuthorizationResource authorization = getClient(getRealm()).authorization();
    ResourceScopesResource scopes = authorization.scopes();
    ScopeRepresentation scope = scopes.findByName("ScopeA");
    List permissions = authzClient.protection().permission().findByScope(scope.getId());
    assertFalse(permissions.isEmpty());
    assertEquals(1, permissions.size());
    resource.setScopes(Collections.emptySet());
    authorization.resources().resource(resource.getId()).update(resource);
    scopes.scope(scope.getId()).remove();
    assertTrue(authzClient.protection().permission().findByScope(scope.getId()).isEmpty());
    assertEquals(0, authzClient.protection().permission().findByResource(resource.getId()).size());
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AuthzClient(org.keycloak.authorization.client.AuthzClient) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) ResourceScopesResource(org.keycloak.admin.client.resource.ResourceScopesResource) ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation) ArrayList(java.util.ArrayList) List(java.util.List) PermissionResponse(org.keycloak.representations.idm.authorization.PermissionResponse) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Aggregations

AuthzClient (org.keycloak.authorization.client.AuthzClient)70 Test (org.junit.Test)60 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)50 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)43 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)40 PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)31 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)29 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)27 ClientResource (org.keycloak.admin.client.resource.ClientResource)26 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)22 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)20 Permission (org.keycloak.representations.idm.authorization.Permission)20 OAuthClient (org.keycloak.testsuite.util.OAuthClient)20 Response (javax.ws.rs.core.Response)18 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)17 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)17 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)16 ScopePermissionRepresentation (org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)16 AccessToken (org.keycloak.representations.AccessToken)14 ArrayList (java.util.ArrayList)12