Examples with ProtectionResource org.keycloak.authorization.client.resource.ProtectionResource used on opensource projects

Search in sources :

Example 16 with ProtectionResource

use of org.keycloak.authorization.client.resource.ProtectionResource in project keycloak by keycloak.

the class UserManagedPermissionServiceTest method testGrantRequestedScopesOnly.

@Test
public void testGrantRequestedScopesOnly() {
    ResourceRepresentation resource = new ResourceRepresentation();
    resource.setName(UUID.randomUUID().toString());
    resource.setOwnerManagedAccess(true);
    resource.setOwner("marta");
    resource.addScope("view", "delete");
    ProtectionResource protection = getAuthzClient().protection("marta", "password");
    resource = protection.resource().create(resource);
    UmaPermissionRepresentation permission = new UmaPermissionRepresentation();
    permission.setName("Custom User-Managed Permission");
    permission.addScope("view");
    permission.addUser("kolo");
    permission = protection.policy(resource.getId()).create(permission);
    AuthorizationRequest request = new AuthorizationRequest();
    request.addPermission(resource.getId(), "view");
    AuthorizationResponse response = getAuthzClient().authorization("kolo", "password").authorize(request);
    AccessToken rpt = toAccessToken(response.getToken());
    Collection<Permission> permissions = rpt.getAuthorization().getPermissions();
    assertPermissions(permissions, resource.getId(), "view");
    assertTrue(permissions.isEmpty());
    request = new AuthorizationRequest();
    request.addPermission(resource.getId(), "delete");
    try {
        getAuthzClient().authorization("kolo", "password").authorize(request);
        fail("User should not have permission");
    } catch (Exception e) {
        assertTrue(AuthorizationDeniedException.class.isInstance(e));
    }
    request = new AuthorizationRequest();
    request.addPermission(resource.getId(), "delete");
    try {
        getAuthzClient().authorization("kolo", "password").authorize(request);
        fail("User should not have permission");
    } catch (Exception e) {
        assertTrue(AuthorizationDeniedException.class.isInstance(e));
    }
    request = new AuthorizationRequest();
    request.addPermission(resource.getId());
    response = getAuthzClient().authorization("kolo", "password").authorize(request);
    rpt = toAccessToken(response.getToken());
    permissions = rpt.getAuthorization().getPermissions();
    assertPermissions(permissions, resource.getId(), "view");
    assertTrue(permissions.isEmpty());
}
Also used : ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException) NotFoundException(javax.ws.rs.NotFoundException) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 17 with ProtectionResource

use of org.keycloak.authorization.client.resource.ProtectionResource in project keycloak by keycloak.

the class UserManagedPermissionServiceTest method testPermissionInAdditionToUserGrantedPermission.

@Test
public void testPermissionInAdditionToUserGrantedPermission() {
    ResourceRepresentation resource = new ResourceRepresentation();
    resource.setName("Resource A");
    resource.setOwnerManagedAccess(true);
    resource.setOwner("marta");
    resource.addScope("Scope A", "Scope B", "Scope C");
    resource = getAuthzClient().protection().resource().create(resource);
    PermissionResponse ticketResponse = getAuthzClient().protection().permission().create(new PermissionRequest(resource.getId(), "Scope A"));
    AuthorizationRequest request = new AuthorizationRequest();
    request.setTicket(ticketResponse.getTicket());
    try {
        getAuthzClient().authorization("kolo", "password").authorize(request);
        fail("User should not have permission");
    } catch (Exception e) {
        assertTrue(AuthorizationDeniedException.class.isInstance(e));
        assertTrue(e.getMessage().contains("request_submitted"));
    }
    List<PermissionTicketRepresentation> tickets = getAuthzClient().protection().permission().findByResource(resource.getId());
    assertEquals(1, tickets.size());
    PermissionTicketRepresentation ticket = tickets.get(0);
    ticket.setGranted(true);
    getAuthzClient().protection().permission().update(ticket);
    AuthorizationResponse authzResponse = getAuthzClient().authorization("kolo", "password").authorize(request);
    assertNotNull(authzResponse);
    UmaPermissionRepresentation permission = new UmaPermissionRepresentation();
    permission.setName("Custom User-Managed Permission");
    permission.addScope("Scope A");
    permission.addRole("role_a");
    ProtectionResource protection = getAuthzClient().protection("marta", "password");
    permission = protection.policy(resource.getId()).create(permission);
    getAuthzClient().authorization("kolo", "password").authorize(request);
    ticket.setGranted(false);
    getAuthzClient().protection().permission().update(ticket);
    getAuthzClient().authorization("kolo", "password").authorize(request);
    permission = getAuthzClient().protection("marta", "password").policy(resource.getId()).findById(permission.getId());
    assertNotNull(permission);
    permission.removeRole("role_a");
    permission.addRole("role_b");
    getAuthzClient().protection("marta", "password").policy(resource.getId()).update(permission);
    try {
        getAuthzClient().authorization("kolo", "password").authorize(request);
        fail("User should not have permission");
    } catch (Exception e) {
        assertTrue(AuthorizationDeniedException.class.isInstance(e));
    }
    request = new AuthorizationRequest();
    request.addPermission(resource.getId());
    try {
        getAuthzClient().authorization("kolo", "password").authorize(request);
        fail("User should not have permission");
    } catch (Exception e) {
        assertTrue(AuthorizationDeniedException.class.isInstance(e));
    }
    getAuthzClient().protection("marta", "password").policy(resource.getId()).delete(permission.getId());
    try {
        getAuthzClient().authorization("kolo", "password").authorize(request);
        fail("User should not have permission");
    } catch (Exception e) {
        assertTrue(AuthorizationDeniedException.class.isInstance(e));
    }
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) PermissionTicketRepresentation(org.keycloak.representations.idm.authorization.PermissionTicketRepresentation) PermissionResponse(org.keycloak.representations.idm.authorization.PermissionResponse) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException) NotFoundException(javax.ws.rs.NotFoundException) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 18 with ProtectionResource

use of org.keycloak.authorization.client.resource.ProtectionResource in project keycloak by keycloak.

the class UserManagedPermissionServiceTest method testUploadScriptDisabled.

@Test
@DisableFeature(value = Profile.Feature.UPLOAD_SCRIPTS, skipRestart = true)
public void testUploadScriptDisabled() {
    ResourceRepresentation resource = new ResourceRepresentation();
    resource.setName("Resource A");
    resource.setOwnerManagedAccess(true);
    resource.setOwner("marta");
    resource.addScope("Scope A", "Scope B", "Scope C");
    resource = getAuthzClient().protection().resource().create(resource);
    UmaPermissionRepresentation newPermission = new UmaPermissionRepresentation();
    newPermission.setName("Custom User-Managed Permission");
    newPermission.setDescription("Users from specific roles are allowed to access");
    newPermission.setCondition("$evaluation.grant()");
    ProtectionResource protection = getAuthzClient().protection("marta", "password");
    try {
        protection.policy(resource.getId()).create(newPermission);
        fail("Should fail because upload scripts is disabled");
    } catch (Exception ignore) {
    }
    newPermission.setCondition(null);
    UmaPermissionRepresentation representation = protection.policy(resource.getId()).create(newPermission);
    representation.setCondition("$evaluation.grant();");
    try {
        protection.policy(resource.getId()).update(newPermission);
        fail("Should fail because upload scripts is disabled");
    } catch (Exception ignore) {
    }
}
Also used : ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException) NotFoundException(javax.ws.rs.NotFoundException) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) DisableFeature(org.keycloak.testsuite.arquillian.annotation.DisableFeature) Test(org.junit.Test)

Example 19 with ProtectionResource

use of org.keycloak.authorization.client.resource.ProtectionResource in project keycloak by keycloak.

the class UserManagedPermissionServiceTest method testOwnerAccess.

@Test
public void testOwnerAccess() {
    ResourceRepresentation resource = new ResourceRepresentation();
    resource.setName(UUID.randomUUID().toString());
    resource.setOwner("marta");
    resource.addScope("Scope A", "Scope B", "Scope C");
    resource.setOwnerManagedAccess(true);
    ProtectionResource protection = getAuthzClient().protection();
    resource = protection.resource().create(resource);
    UmaPermissionRepresentation rep = null;
    try {
        rep = new UmaPermissionRepresentation();
        rep.setName("test");
        rep.addRole("role_b");
        rep = getAuthzClient().protection("marta", "password").policy(resource.getId()).create(rep);
    } catch (Exception e) {
        assertTrue(HttpResponseException.class.cast(e.getCause()).toString().contains("Only resources with owner managed accessed can have policies"));
    }
    AuthorizationResource authorization = getAuthzClient().authorization("marta", "password");
    AuthorizationRequest request = new AuthorizationRequest();
    request.addPermission(resource.getId(), "Scope A");
    AuthorizationResponse authorize = authorization.authorize(request);
    assertNotNull(authorize);
    try {
        getAuthzClient().authorization("kolo", "password").authorize(request);
        fail("User should not have permission");
    } catch (Exception e) {
        assertTrue(AuthorizationDeniedException.class.isInstance(e));
    }
    rep.addRole("role_a");
    getAuthzClient().protection("marta", "password").policy(resource.getId()).update(rep);
    authorization = getAuthzClient().authorization("kolo", "password");
    assertNotNull(authorization.authorize(request));
}
Also used : ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException) NotFoundException(javax.ws.rs.NotFoundException) AuthorizationResource(org.keycloak.authorization.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 20 with ProtectionResource

use of org.keycloak.authorization.client.resource.ProtectionResource in project keycloak by keycloak.

the class AbstractResourceServerTest method authorize.

protected AuthorizationResponse authorize(String userName, String password, String[] additionalScopes, String rpt, String accessToken, String claimToken, String tokenFormat, PermissionRequest... permissions) {
    ProtectionResource protection;
    if (userName != null) {
        protection = getAuthzClient().protection(userName, password);
    } else {
        protection = getAuthzClient().protection();
    }
    String ticket = protection.permission().create(Arrays.asList(permissions)).getTicket();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(ticket);
    if (additionalScopes != null) {
        StringBuilder builder = new StringBuilder();
        for (String scope : additionalScopes) {
            if (builder.length() > 0) {
                builder.append(" ");
            }
            builder.append(scope);
        }
        authorizationRequest.setScope(builder.toString());
    }
    authorizationRequest.setRpt(rpt);
    authorizationRequest.setClaimTokenFormat(tokenFormat);
    authorizationRequest.setClaimToken(claimToken);
    org.keycloak.authorization.client.resource.AuthorizationResource authorization;
    if (userName != null) {
        authorization = getAuthzClient().authorization(userName, password);
    } else if (accessToken != null) {
        authorization = getAuthzClient().authorization(accessToken);
    } else {
        authorization = getAuthzClient().authorization();
    }
    return authorization.authorize(authorizationRequest);
}
Also used : ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest)

Aggregations

ProtectionResource (org.keycloak.authorization.client.resource.ProtectionResource)23 Test (org.junit.Test)17 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)17 UmaPermissionRepresentation (org.keycloak.representations.idm.authorization.UmaPermissionRepresentation)15 NotFoundException (javax.ws.rs.NotFoundException)9 AuthorizationDeniedException (org.keycloak.authorization.client.AuthorizationDeniedException)9 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)9 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)7 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)7 AuthzClient (org.keycloak.authorization.client.AuthzClient)4 AccessToken (org.keycloak.representations.AccessToken)4 AuthorizationResource (org.keycloak.authorization.client.resource.AuthorizationResource)3 Permission (org.keycloak.representations.idm.authorization.Permission)3 PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)3 ArrayList (java.util.ArrayList)2 ClientsResource (org.keycloak.admin.client.resource.ClientsResource)2 PolicyResource (org.keycloak.authorization.client.resource.PolicyResource)2 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)2 List (java.util.List)1 PermissionResource (org.keycloak.authorization.client.resource.PermissionResource)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial