use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.
the class UserManagedPermissionServiceTest method testOwnerAccess.
@Test
public void testOwnerAccess() {
ResourceRepresentation resource = new ResourceRepresentation();
resource.setName(UUID.randomUUID().toString());
resource.setOwner("marta");
resource.addScope("Scope A", "Scope B", "Scope C");
resource.setOwnerManagedAccess(true);
ProtectionResource protection = getAuthzClient().protection();
resource = protection.resource().create(resource);
UmaPermissionRepresentation rep = null;
try {
rep = new UmaPermissionRepresentation();
rep.setName("test");
rep.addRole("role_b");
rep = getAuthzClient().protection("marta", "password").policy(resource.getId()).create(rep);
} catch (Exception e) {
assertTrue(HttpResponseException.class.cast(e.getCause()).toString().contains("Only resources with owner managed accessed can have policies"));
}
AuthorizationResource authorization = getAuthzClient().authorization("marta", "password");
AuthorizationRequest request = new AuthorizationRequest();
request.addPermission(resource.getId(), "Scope A");
AuthorizationResponse authorize = authorization.authorize(request);
assertNotNull(authorize);
try {
getAuthzClient().authorization("kolo", "password").authorize(request);
fail("User should not have permission");
} catch (Exception e) {
assertTrue(AuthorizationDeniedException.class.isInstance(e));
}
rep.addRole("role_a");
getAuthzClient().protection("marta", "password").policy(resource.getId()).update(rep);
authorization = getAuthzClient().authorization("kolo", "password");
assertNotNull(authorization.authorize(request));
}
use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.
the class UmaGrantTypeTest method testObtainRptUsingAccessToken.
@Test
public void testObtainRptUsingAccessToken() throws Exception {
AccessTokenResponse accessTokenResponse = getAuthzClient().obtainAccessToken("marta", "password");
AuthorizationResponse response = authorize(null, null, null, null, accessTokenResponse.getToken(), null, null, new PermissionRequest("Resource A", "ScopeA", "ScopeB"));
String rpt = response.getToken();
assertNotNull(rpt);
assertFalse(response.isUpgraded());
AccessToken accessToken = toAccessToken(rpt);
AccessToken.Authorization authorization = accessToken.getAuthorization();
assertNotNull(authorization);
Collection<Permission> permissions = authorization.getPermissions();
assertNotNull(permissions);
assertPermissions(permissions, "Resource A", "ScopeA", "ScopeB");
assertTrue(permissions.isEmpty());
}
use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.
the class UmaGrantTypeTest method testTokenIntrospect.
@Test
public void testTokenIntrospect() throws Exception {
AuthzClient authzClient = getAuthzClient();
AccessTokenResponse accessTokenResponse = authzClient.obtainAccessToken("marta", "password");
AuthorizationResponse response = authorize(null, null, null, null, accessTokenResponse.getToken(), null, null, new PermissionRequest("Resource A", "ScopeA", "ScopeB"));
String rpt = response.getToken();
assertNotNull(rpt);
assertFalse(response.isUpgraded());
AccessToken accessToken = toAccessToken(rpt);
AccessToken.Authorization authorization = accessToken.getAuthorization();
assertNotNull(authorization);
Collection<Permission> permissions = authorization.getPermissions();
assertNotNull(permissions);
assertPermissions(permissions, "Resource A", "ScopeA", "ScopeB");
assertTrue(permissions.isEmpty());
TokenIntrospectionResponse introspectionResponse = authzClient.protection().introspectRequestingPartyToken(rpt);
assertNotNull(introspectionResponse);
assertNotNull(introspectionResponse.getPermissions());
oauth.realm("authz-test");
String introspectHttpResponse = oauth.introspectTokenWithClientCredential("resource-server-test", "secret", "requesting_party_token", rpt);
Map jsonNode = JsonSerialization.readValue(introspectHttpResponse, Map.class);
assertEquals(true, jsonNode.get("active"));
Collection permissionClaims = (Collection) jsonNode.get("permissions");
assertNotNull(permissionClaims);
assertEquals(1, permissionClaims.size());
Map<String, Object> claim = (Map) permissionClaims.iterator().next();
assertThat(claim.keySet(), containsInAnyOrder("resource_id", "rsname", "resource_scopes", "scopes", "rsid"));
assertThat(claim.get("rsname"), equalTo("Resource A"));
ResourceRepresentation resourceRep = authzClient.protection().resource().findByName("Resource A");
assertThat(claim.get("rsid"), equalTo(resourceRep.getId()));
assertThat(claim.get("resource_id"), equalTo(resourceRep.getId()));
assertThat((Collection<String>) claim.get("resource_scopes"), containsInAnyOrder("ScopeA", "ScopeB"));
assertThat((Collection<String>) claim.get("scopes"), containsInAnyOrder("ScopeA", "ScopeB"));
}
use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.
the class UmaGrantTypeTest method testObtainRptWithClientCredentials.
@Test
public void testObtainRptWithClientCredentials() throws Exception {
AuthorizationResponse response = authorize("Resource A", new String[] { "ScopeA", "ScopeB" });
String rpt = response.getToken();
assertNotNull(rpt);
assertFalse(response.isUpgraded());
AccessToken accessToken = toAccessToken(rpt);
AccessToken.Authorization authorization = accessToken.getAuthorization();
assertNotNull(authorization);
Collection<Permission> permissions = authorization.getPermissions();
assertNotNull(permissions);
assertPermissions(permissions, "Resource A", "ScopeA", "ScopeB");
assertTrue(permissions.isEmpty());
}
use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.
the class UmaGrantTypeTest method testObtainRptWithUpgradeOnlyScopes.
@Test
public void testObtainRptWithUpgradeOnlyScopes() throws Exception {
AuthorizationResponse response = authorize("marta", "password", null, new String[] { "ScopeA", "ScopeB" });
String rpt = response.getToken();
AccessToken.Authorization authorization = toAccessToken(rpt).getAuthorization();
Collection<Permission> permissions = authorization.getPermissions();
assertFalse(response.isUpgraded());
assertNotNull(permissions);
assertPermissions(permissions, "Resource A", "ScopeA", "ScopeB");
assertTrue(permissions.isEmpty());
response = authorize("marta", "password", "Resource A", new String[] { "ScopeC" }, rpt);
authorization = toAccessToken(response.getToken()).getAuthorization();
permissions = authorization.getPermissions();
assertTrue(response.isUpgraded());
assertNotNull(permissions);
assertPermissions(permissions, "Resource A", "ScopeA", "ScopeB", "ScopeC");
assertTrue(permissions.isEmpty());
}
Aggregations