Examples with ProtectionResource org.keycloak.authorization.client.resource.ProtectionResource used on opensource projects

Search in sources :

Example 11 with ProtectionResource

use of org.keycloak.authorization.client.resource.ProtectionResource in project keycloak by keycloak.

the class UserManagedPermissionServiceTest method testCreate.

private void testCreate() {
    ResourceRepresentation resource = new ResourceRepresentation();
    resource.setName("Resource A");
    resource.setOwnerManagedAccess(true);
    resource.setOwner("marta");
    resource.addScope("Scope A", "Scope B", "Scope C");
    resource = getAuthzClient().protection().resource().create(resource);
    UmaPermissionRepresentation newPermission = new UmaPermissionRepresentation();
    newPermission.setName("Custom User-Managed Permission");
    newPermission.setDescription("Users from specific roles are allowed to access");
    newPermission.addScope("Scope A", "Scope B", "Scope C");
    newPermission.addRole("role_a", "role_b", "role_c", "role_d");
    newPermission.addGroup("/group_a", "/group_a/group_b", "/group_c");
    newPermission.addClient("client-a", "resource-server-test");
    if (Profile.isFeatureEnabled(Profile.Feature.UPLOAD_SCRIPTS)) {
        newPermission.setCondition("$evaluation.grant()");
    }
    newPermission.addUser("kolo");
    ProtectionResource protection = getAuthzClient().protection("marta", "password");
    UmaPermissionRepresentation permission = protection.policy(resource.getId()).create(newPermission);
    assertEquals(newPermission.getName(), permission.getName());
    assertEquals(newPermission.getDescription(), permission.getDescription());
    assertNotNull(permission.getScopes());
    assertTrue(permission.getScopes().containsAll(newPermission.getScopes()));
    assertNotNull(permission.getRoles());
    assertTrue(permission.getRoles().containsAll(newPermission.getRoles()));
    assertNotNull(permission.getGroups());
    assertTrue(permission.getGroups().containsAll(newPermission.getGroups()));
    assertNotNull(permission.getClients());
    assertTrue(permission.getClients().containsAll(newPermission.getClients()));
    assertEquals(newPermission.getCondition(), permission.getCondition());
    assertNotNull(permission.getUsers());
    assertTrue(permission.getUsers().containsAll(newPermission.getUsers()));
}
Also used : ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 12 with ProtectionResource

use of org.keycloak.authorization.client.resource.ProtectionResource in project keycloak by keycloak.

the class UserManagedPermissionServiceTest method testRemovePoliciesOnGroupDelete.

@Test
public void testRemovePoliciesOnGroupDelete() {
    ResourceRepresentation resource = new ResourceRepresentation();
    resource.setName("Resource A");
    resource.setOwnerManagedAccess(true);
    resource.setOwner("marta");
    resource.addScope("Scope A", "Scope B", "Scope C");
    resource = getAuthzClient().protection().resource().create(resource);
    UmaPermissionRepresentation newPermission = new UmaPermissionRepresentation();
    newPermission.setName("Custom User-Managed Permission");
    newPermission.addGroup("/group_remove");
    ProtectionResource protection = getAuthzClient().protection("marta", "password");
    protection.policy(resource.getId()).create(newPermission);
    getTestingClient().server().run((RunOnServer) UserManagedPermissionServiceTest::testRemovePoliciesOnGroupDelete);
}
Also used : ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Example 13 with ProtectionResource

use of org.keycloak.authorization.client.resource.ProtectionResource in project keycloak by keycloak.

the class AlbumService method deleteProtectedResource.

private void deleteProtectedResource(Album album) {
    String uri = "/album/" + album.getName();
    try {
        ProtectionResource protection = getAuthzClient().protection();
        List<ResourceRepresentation> search = protection.resource().findByUri(uri);
        if (search.isEmpty()) {
            throw new RuntimeException("Could not find protected resource with URI [" + uri + "]");
        }
        protection.resource().delete(search.get(0).getId());
    } catch (RuntimeException e) {
        throw new RuntimeException("Could not search protected resource.", e);
    }
}
Also used : ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 14 with ProtectionResource

use of org.keycloak.authorization.client.resource.ProtectionResource in project keycloak by keycloak.

the class UserManagedPermissionServiceTest method testUserManagedPermission.

@Test
public void testUserManagedPermission() {
    ResourceRepresentation resource = new ResourceRepresentation();
    resource.setName("Resource A");
    resource.setOwnerManagedAccess(true);
    resource.setOwner("marta");
    resource.addScope("Scope A", "Scope B", "Scope C");
    resource = getAuthzClient().protection().resource().create(resource);
    UmaPermissionRepresentation permission = new UmaPermissionRepresentation();
    permission.setName("Custom User-Managed Permission");
    permission.setDescription("Users from specific roles are allowed to access");
    permission.addScope("Scope A");
    permission.addRole("role_a");
    ProtectionResource protection = getAuthzClient().protection("marta", "password");
    permission = protection.policy(resource.getId()).create(permission);
    AuthorizationResource authorization = getAuthzClient().authorization("kolo", "password");
    AuthorizationRequest request = new AuthorizationRequest();
    request.addPermission(resource.getId(), "Scope A");
    AuthorizationResponse authzResponse = authorization.authorize(request);
    assertNotNull(authzResponse);
    permission.removeRole("role_a");
    permission.addRole("role_b");
    protection.policy(resource.getId()).update(permission);
    try {
        authorization.authorize(request);
        fail("User should not have permission");
    } catch (Exception e) {
        assertTrue(AuthorizationDeniedException.class.isInstance(e));
    }
    try {
        getAuthzClient().authorization("alice", "password").authorize(request);
        fail("User should not have permission");
    } catch (Exception e) {
        assertTrue(AuthorizationDeniedException.class.isInstance(e));
    }
    permission.addRole("role_a");
    protection.policy(resource.getId()).update(permission);
    authzResponse = authorization.authorize(request);
    assertNotNull(authzResponse);
    protection.policy(resource.getId()).delete(permission.getId());
    try {
        authorization.authorize(request);
        fail("User should not have permission");
    } catch (Exception e) {
        assertTrue(AuthorizationDeniedException.class.isInstance(e));
    }
    try {
        getAuthzClient().protection("marta", "password").policy(resource.getId()).findById(permission.getId());
        fail("Permission must not exist");
    } catch (Exception e) {
        assertEquals(404, HttpResponseException.class.cast(e.getCause()).getStatusCode());
    }
    // create a user based permission, where only selected users are allowed access to the resource.
    permission = new UmaPermissionRepresentation();
    permission.setName("Custom User-Managed Permission");
    permission.setDescription("Specific users are allowed access to the resource");
    permission.addScope("Scope A");
    permission.addUser("alice");
    protection.policy(resource.getId()).create(permission);
    // alice should be able to access the resource with the updated permission.
    authzResponse = getAuthzClient().authorization("alice", "password").authorize(request);
    assertNotNull(authzResponse);
    // kolo shouldn't be able to access the resource with the updated permission.
    try {
        authorization.authorize(request);
        fail("User should not have permission to access the protected resource");
    } catch (Exception e) {
        assertTrue(AuthorizationDeniedException.class.isInstance(e));
    }
}
Also used : ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) AuthorizationResource(org.keycloak.authorization.client.resource.AuthorizationResource) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException) NotFoundException(javax.ws.rs.NotFoundException) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 15 with ProtectionResource

use of org.keycloak.authorization.client.resource.ProtectionResource in project keycloak by keycloak.

the class UserManagedPermissionServiceTest method testOnlyResourcesWithOwnerManagedAccess.

@Test
public void testOnlyResourcesWithOwnerManagedAccess() {
    ResourceRepresentation resource = new ResourceRepresentation();
    resource.setName(UUID.randomUUID().toString());
    resource.setOwner("marta");
    resource.addScope("Scope A", "Scope B", "Scope C");
    ProtectionResource protection = getAuthzClient().protection();
    resource = protection.resource().create(resource);
    try {
        getAuthzClient().protection("marta", "password").policy(resource.getId()).create(new UmaPermissionRepresentation());
        fail("Error expected");
    } catch (Exception e) {
        assertTrue(HttpResponseException.class.cast(e.getCause()).toString().contains("Only resources with owner managed accessed can have policies"));
    }
}
Also used : ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException) NotFoundException(javax.ws.rs.NotFoundException) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Aggregations

ProtectionResource (org.keycloak.authorization.client.resource.ProtectionResource)23 Test (org.junit.Test)17 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)17 UmaPermissionRepresentation (org.keycloak.representations.idm.authorization.UmaPermissionRepresentation)15 NotFoundException (javax.ws.rs.NotFoundException)9 AuthorizationDeniedException (org.keycloak.authorization.client.AuthorizationDeniedException)9 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)9 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)7 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)7 AuthzClient (org.keycloak.authorization.client.AuthzClient)4 AccessToken (org.keycloak.representations.AccessToken)4 AuthorizationResource (org.keycloak.authorization.client.resource.AuthorizationResource)3 Permission (org.keycloak.representations.idm.authorization.Permission)3 PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)3 ArrayList (java.util.ArrayList)2 ClientsResource (org.keycloak.admin.client.resource.ClientsResource)2 PolicyResource (org.keycloak.authorization.client.resource.PolicyResource)2 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)2 List (java.util.List)1 PermissionResource (org.keycloak.authorization.client.resource.PermissionResource)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial