Example 71 with AuthorizationRequest
use of org.keycloak.representations.idm.authorization.AuthorizationRequest in project keycloak by keycloak.
the class AbstractResourceServerTest method authorize.
protected AuthorizationResponse authorize(String userName, String password, String[] additionalScopes, String rpt, String accessToken, String claimToken, String tokenFormat, PermissionRequest... permissions) {
ProtectionResource protection;
if (userName != null) {
protection = getAuthzClient().protection(userName, password);
} else {
protection = getAuthzClient().protection();
}
String ticket = protection.permission().create(Arrays.asList(permissions)).getTicket();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(ticket);
if (additionalScopes != null) {
StringBuilder builder = new StringBuilder();
for (String scope : additionalScopes) {
if (builder.length() > 0) {
builder.append(" ");
}
builder.append(scope);
}
authorizationRequest.setScope(builder.toString());
}
authorizationRequest.setRpt(rpt);
authorizationRequest.setClaimTokenFormat(tokenFormat);
authorizationRequest.setClaimToken(claimToken);
org.keycloak.authorization.client.resource.AuthorizationResource authorization;
if (userName != null) {
authorization = getAuthzClient().authorization(userName, password);
} else if (accessToken != null) {
authorization = getAuthzClient().authorization(accessToken);
} else {
authorization = getAuthzClient().authorization();
}
return authorization.authorize(authorizationRequest);
}
Also used :
ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource)
AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest)
Example 72 with AuthorizationRequest
use of org.keycloak.representations.idm.authorization.AuthorizationRequest in project keycloak by keycloak.
the class AuthorizationAPITest method testAccessTokenWithUmaAuthorization.
public void testAccessTokenWithUmaAuthorization(String authzConfigFile) {
AuthzClient authzClient = getAuthzClient(authzConfigFile);
PermissionRequest request = new PermissionRequest("Resource A");
String ticket = authzClient.protection().permission().create(request).getTicket();
AuthorizationResponse response = authzClient.authorization("marta", "password").authorize(new AuthorizationRequest(ticket));
assertNotNull(response.getToken());
}
Also used :
PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest)
AuthzClient(org.keycloak.authorization.client.AuthzClient)
AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest)
AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse)
Example 73 with AuthorizationRequest
use of org.keycloak.representations.idm.authorization.AuthorizationRequest in project keycloak by keycloak.
the class AuthzClientCredentialsTest method testSuccessfulAuthorizationRequest.
@Test
public void testSuccessfulAuthorizationRequest() throws Exception {
AuthzClient authzClient = getAuthzClient("keycloak-with-jwt-authentication.json");
ProtectionResource protection = authzClient.protection();
PermissionRequest request = new PermissionRequest("Default Resource");
PermissionResponse ticketResponse = protection.permission().create(request);
String ticket = ticketResponse.getTicket();
AuthorizationResponse authorizationResponse = authzClient.authorization("marta", "password").authorize(new AuthorizationRequest(ticket));
String rpt = authorizationResponse.getToken();
assertNotNull(rpt);
AccessToken accessToken = new JWSInput(rpt).readJsonContent(AccessToken.class);
AccessToken.Authorization authorization = accessToken.getAuthorization();
assertNotNull(authorization);
List<Permission> permissions = new ArrayList<>(authorization.getPermissions());
assertFalse(permissions.isEmpty());
assertEquals("Default Resource", permissions.get(0).getResourceName());
}
Also used :
PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest)
ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource)
AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest)
ArrayList(java.util.ArrayList)
PermissionResponse(org.keycloak.representations.idm.authorization.PermissionResponse)
JWSInput(org.keycloak.jose.jws.JWSInput)
AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse)
AuthzClient(org.keycloak.authorization.client.AuthzClient)
AccessToken(org.keycloak.representations.AccessToken)
Permission(org.keycloak.representations.idm.authorization.Permission)
Test(org.junit.Test)
Example 74 with AuthorizationRequest
use of org.keycloak.representations.idm.authorization.AuthorizationRequest in project keycloak by keycloak.
the class ClientScopePolicyTest method testWithoutExpectedClientScope.
@Test
public void testWithoutExpectedClientScope() {
// Access Resource A with client scope baz.
AuthzClient authzClient = getAuthzClient();
PermissionRequest request = new PermissionRequest("Resource A");
String ticket = authzClient.protection().permission().create(request).getTicket();
try {
authzClient.authorization("marta", "password", "baz").authorize(new AuthorizationRequest(ticket));
fail("Should fail.");
} catch (AuthorizationDeniedException ignore) {
}
// Access Resource B with client scope foo.
request = new PermissionRequest("Resource B");
ticket = authzClient.protection().permission().create(request).getTicket();
try {
authzClient.authorization("marta", "password", "foo").authorize(new AuthorizationRequest(ticket));
fail("Should fail.");
} catch (AuthorizationDeniedException ignore) {
}
}
Also used :
PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest)
AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException)
AuthzClient(org.keycloak.authorization.client.AuthzClient)
AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest)
Test(org.junit.Test)
Aggregations
AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)74
Test (org.junit.Test)61
AuthzClient (org.keycloak.authorization.client.AuthzClient)50
AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)46
ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)44
PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)31
PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)30
HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)28
Permission (org.keycloak.representations.idm.authorization.Permission)28
AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)25
ClientResource (org.keycloak.admin.client.resource.ClientResource)24
OAuthClient (org.keycloak.testsuite.util.OAuthClient)24
JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)20
Response (javax.ws.rs.core.Response)19
AuthorizationDeniedException (org.keycloak.authorization.client.AuthorizationDeniedException)18
AccessToken (org.keycloak.representations.AccessToken)18
ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)18
TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)16
AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)16
ArrayList (java.util.ArrayList)15
