Examples with Metadata org.keycloak.representations.idm.authorization.AuthorizationRequest.Metadata used on opensource projects

Search in sources :

Example 6 with Metadata

use of org.keycloak.representations.idm.authorization.AuthorizationRequest.Metadata in project keycloak by keycloak.

the class EntitlementAPITest method testPermissionLimit.

public void testPermissionLimit(String configFile) {
    AuthorizationRequest request = new AuthorizationRequest();
    for (int i = 1; i <= 10; i++) {
        request.addPermission("Resource " + i);
    }
    Metadata metadata = new Metadata();
    metadata.setLimit(10);
    request.setMetadata(metadata);
    AuthorizationResponse response = getAuthzClient(configFile).authorization("marta", "password").authorize(request);
    AccessToken rpt = toAccessToken(response.getToken());
    List<Permission> permissions = new ArrayList<>(rpt.getAuthorization().getPermissions());
    assertEquals(10, permissions.size());
    for (int i = 0; i < 10; i++) {
        assertEquals("Resource " + (i + 1), permissions.get(i).getResourceName());
    }
    request = new AuthorizationRequest();
    for (int i = 11; i <= 15; i++) {
        request.addPermission("Resource " + i);
    }
    request.setMetadata(metadata);
    request.setRpt(response.getToken());
    response = getAuthzClient(configFile).authorization("marta", "password").authorize(request);
    rpt = toAccessToken(response.getToken());
    permissions = new ArrayList<>(rpt.getAuthorization().getPermissions());
    assertEquals(10, permissions.size());
    for (int i = 0; i < 10; i++) {
        if (i < 5) {
            assertEquals("Resource " + (i + 11), permissions.get(i).getResourceName());
        } else {
            assertEquals("Resource " + (i - 4), permissions.get(i).getResourceName());
        }
    }
    request = new AuthorizationRequest();
    for (int i = 16; i <= 18; i++) {
        request.addPermission("Resource " + i);
    }
    request.setMetadata(metadata);
    request.setRpt(response.getToken());
    response = getAuthzClient(configFile).authorization("marta", "password").authorize(request);
    rpt = toAccessToken(response.getToken());
    permissions = new ArrayList<>(rpt.getAuthorization().getPermissions());
    assertEquals(10, permissions.size());
    assertEquals("Resource 16", permissions.get(0).getResourceName());
    assertEquals("Resource 17", permissions.get(1).getResourceName());
    assertEquals("Resource 18", permissions.get(2).getResourceName());
    assertEquals("Resource 11", permissions.get(3).getResourceName());
    assertEquals("Resource 12", permissions.get(4).getResourceName());
    assertEquals("Resource 13", permissions.get(5).getResourceName());
    assertEquals("Resource 14", permissions.get(6).getResourceName());
    assertEquals("Resource 15", permissions.get(7).getResourceName());
    assertEquals("Resource 1", permissions.get(8).getResourceName());
    assertEquals("Resource 2", permissions.get(9).getResourceName());
    request = new AuthorizationRequest();
    metadata.setLimit(5);
    request.setMetadata(metadata);
    request.setRpt(response.getToken());
    response = getAuthzClient(configFile).authorization("marta", "password").authorize(request);
    rpt = toAccessToken(response.getToken());
    permissions = new ArrayList<>(rpt.getAuthorization().getPermissions());
    assertEquals(5, permissions.size());
    assertEquals("Resource 16", permissions.get(0).getResourceName());
    assertEquals("Resource 17", permissions.get(1).getResourceName());
    assertEquals("Resource 18", permissions.get(2).getResourceName());
    assertEquals("Resource 11", permissions.get(3).getResourceName());
    assertEquals("Resource 12", permissions.get(4).getResourceName());
}
Also used : AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) AccessToken(org.keycloak.representations.AccessToken) Metadata(org.keycloak.representations.idm.authorization.AuthorizationRequest.Metadata) Permission(org.keycloak.representations.idm.authorization.Permission) ArrayList(java.util.ArrayList) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse)

Example 7 with Metadata

use of org.keycloak.representations.idm.authorization.AuthorizationRequest.Metadata in project keycloak by keycloak.

the class EntitlementAPITest method testRptRequestWithResourceName.

private void testRptRequestWithResourceName(String configFile) {
    Metadata metadata = new Metadata();
    metadata.setIncludeResourceName(true);
    assertResponse(metadata, () -> getAuthzClient(configFile).authorization("marta", "password").authorize());
    AuthorizationRequest request = new AuthorizationRequest();
    request.setMetadata(metadata);
    request.addPermission("Resource 13");
    assertResponse(metadata, () -> getAuthzClient(configFile).authorization("marta", "password").authorize(request));
    request.setMetadata(null);
    assertResponse(metadata, () -> getAuthzClient(configFile).authorization("marta", "password").authorize(request));
}
Also used : AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) Metadata(org.keycloak.representations.idm.authorization.AuthorizationRequest.Metadata)

Example 8 with Metadata

use of org.keycloak.representations.idm.authorization.AuthorizationRequest.Metadata in project keycloak by keycloak.

the class EntitlementAPITest method testRptRequestWithoutResourceName.

public void testRptRequestWithoutResourceName(String configFile) {
    Metadata metadata = new Metadata();
    metadata.setIncludeResourceName(false);
    assertResponse(metadata, () -> {
        AuthorizationRequest request = new AuthorizationRequest();
        request.setMetadata(metadata);
        request.addPermission("Resource 1");
        return getAuthzClient(configFile).authorization("marta", "password").authorize(request);
    });
}
Also used : AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) Metadata(org.keycloak.representations.idm.authorization.AuthorizationRequest.Metadata)

Example 9 with Metadata

use of org.keycloak.representations.idm.authorization.AuthorizationRequest.Metadata in project keycloak by keycloak.

the class AuthorizationTokenService method createPermissions.

private Collection<ResourcePermission> createPermissions(PermissionTicketToken ticket, KeycloakAuthorizationRequest request, ResourceServer resourceServer, AuthorizationProvider authorization, EvaluationContext context) {
    KeycloakIdentity identity = (KeycloakIdentity) context.getIdentity();
    StoreFactory storeFactory = authorization.getStoreFactory();
    Map<String, ResourcePermission> permissionsToEvaluate = new LinkedHashMap<>();
    ResourceStore resourceStore = storeFactory.getResourceStore();
    ScopeStore scopeStore = storeFactory.getScopeStore();
    Metadata metadata = request.getMetadata();
    final AtomicInteger limit = metadata != null && metadata.getLimit() != null ? new AtomicInteger(metadata.getLimit()) : null;
    for (Permission permission : ticket.getPermissions()) {
        if (limit != null && limit.get() <= 0) {
            break;
        }
        Set<Scope> requestedScopesModel = resolveRequestedScopes(request, resourceServer, scopeStore, permission);
        String resourceId = permission.getResourceId();
        if (resourceId != null) {
            resolveResourcePermission(request, resourceServer, identity, authorization, storeFactory, permissionsToEvaluate, resourceStore, limit, permission, requestedScopesModel, resourceId);
        } else {
            resolveScopePermissions(request, resourceServer, authorization, permissionsToEvaluate, resourceStore, limit, requestedScopesModel);
        }
    }
    resolvePreviousGrantedPermissions(ticket, request, resourceServer, permissionsToEvaluate, resourceStore, scopeStore, limit);
    return permissionsToEvaluate.values();
}
Also used : Metadata(org.keycloak.representations.idm.authorization.AuthorizationRequest.Metadata) ScopeStore(org.keycloak.authorization.store.ScopeStore) ResourceStore(org.keycloak.authorization.store.ResourceStore) StoreFactory(org.keycloak.authorization.store.StoreFactory) LinkedHashMap(java.util.LinkedHashMap) Scope(org.keycloak.authorization.model.Scope) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) KeycloakIdentity(org.keycloak.authorization.common.KeycloakIdentity) ResourcePermission(org.keycloak.authorization.permission.ResourcePermission) Permission(org.keycloak.representations.idm.authorization.Permission) ResourcePermission(org.keycloak.authorization.permission.ResourcePermission)

Example 10 with Metadata

use of org.keycloak.representations.idm.authorization.AuthorizationRequest.Metadata in project keycloak by keycloak.

the class EntitlementAPITest method testInvalidRequestWithClaimsFromConfidentialClient.

@Test
public void testInvalidRequestWithClaimsFromConfidentialClient() throws IOException {
    AuthorizationRequest request = new AuthorizationRequest();
    request.addPermission("Resource 13");
    HashMap<Object, Object> obj = new HashMap<>();
    obj.put("claim-a", "claim-a");
    request.setClaimToken(Base64Url.encode(JsonSerialization.writeValueAsBytes(obj)));
    assertResponse(new Metadata(), () -> getAuthzClient(AUTHZ_CLIENT_CONFIG).authorization("marta", "password").authorize(request));
}
Also used : AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) HashMap(java.util.HashMap) Metadata(org.keycloak.representations.idm.authorization.AuthorizationRequest.Metadata) Test(org.junit.Test)

Aggregations

Metadata (org.keycloak.representations.idm.authorization.AuthorizationRequest.Metadata)11 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)6 Permission (org.keycloak.representations.idm.authorization.Permission)4 HashMap (java.util.HashMap)3 Test (org.junit.Test)3 AccessToken (org.keycloak.representations.AccessToken)3 LinkedHashMap (java.util.LinkedHashMap)2 AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)2 KeycloakIdentity (org.keycloak.authorization.common.KeycloakIdentity)2 ResourcePermission (org.keycloak.authorization.permission.ResourcePermission)2 ResourceStore (org.keycloak.authorization.store.ResourceStore)2 StoreFactory (org.keycloak.authorization.store.StoreFactory)2 ClientModel (org.keycloak.models.ClientModel)2 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)2 PermissionTicketToken (org.keycloak.representations.idm.authorization.PermissionTicketToken)2 CorsErrorResponseException (org.keycloak.services.CorsErrorResponseException)2 ArrayList (java.util.ArrayList)1 AtomicInteger (java.util.concurrent.atomic.AtomicInteger)1 AtomicLong (java.util.concurrent.atomic.AtomicLong)1 Response (javax.ws.rs.core.Response)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial