Search in sources :

Example 46 with AuthorizationResponse

use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.

the class UserManagedPermissionServiceTest method testOwnerAccess.

@Test
public void testOwnerAccess() {
    ResourceRepresentation resource = new ResourceRepresentation();
    resource.setName(UUID.randomUUID().toString());
    resource.setOwner("marta");
    resource.addScope("Scope A", "Scope B", "Scope C");
    resource.setOwnerManagedAccess(true);
    ProtectionResource protection = getAuthzClient().protection();
    resource = protection.resource().create(resource);
    UmaPermissionRepresentation rep = null;
    try {
        rep = new UmaPermissionRepresentation();
        rep.setName("test");
        rep.addRole("role_b");
        rep = getAuthzClient().protection("marta", "password").policy(resource.getId()).create(rep);
    } catch (Exception e) {
        assertTrue(HttpResponseException.class.cast(e.getCause()).toString().contains("Only resources with owner managed accessed can have policies"));
    }
    AuthorizationResource authorization = getAuthzClient().authorization("marta", "password");
    AuthorizationRequest request = new AuthorizationRequest();
    request.addPermission(resource.getId(), "Scope A");
    AuthorizationResponse authorize = authorization.authorize(request);
    assertNotNull(authorize);
    try {
        getAuthzClient().authorization("kolo", "password").authorize(request);
        fail("User should not have permission");
    } catch (Exception e) {
        assertTrue(AuthorizationDeniedException.class.isInstance(e));
    }
    rep.addRole("role_a");
    getAuthzClient().protection("marta", "password").policy(resource.getId()).update(rep);
    authorization = getAuthzClient().authorization("kolo", "password");
    assertNotNull(authorization.authorize(request));
}
Also used : ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException) NotFoundException(javax.ws.rs.NotFoundException) AuthorizationResource(org.keycloak.authorization.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 47 with AuthorizationResponse

use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.

the class UmaGrantTypeTest method testObtainRptUsingAccessToken.

@Test
public void testObtainRptUsingAccessToken() throws Exception {
    AccessTokenResponse accessTokenResponse = getAuthzClient().obtainAccessToken("marta", "password");
    AuthorizationResponse response = authorize(null, null, null, null, accessTokenResponse.getToken(), null, null, new PermissionRequest("Resource A", "ScopeA", "ScopeB"));
    String rpt = response.getToken();
    assertNotNull(rpt);
    assertFalse(response.isUpgraded());
    AccessToken accessToken = toAccessToken(rpt);
    AccessToken.Authorization authorization = accessToken.getAuthorization();
    assertNotNull(authorization);
    Collection<Permission> permissions = authorization.getPermissions();
    assertNotNull(permissions);
    assertPermissions(permissions, "Resource A", "ScopeA", "ScopeB");
    assertTrue(permissions.isEmpty());
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) AccessTokenResponse(org.keycloak.representations.AccessTokenResponse) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 48 with AuthorizationResponse

use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.

the class UmaGrantTypeTest method testTokenIntrospect.

@Test
public void testTokenIntrospect() throws Exception {
    AuthzClient authzClient = getAuthzClient();
    AccessTokenResponse accessTokenResponse = authzClient.obtainAccessToken("marta", "password");
    AuthorizationResponse response = authorize(null, null, null, null, accessTokenResponse.getToken(), null, null, new PermissionRequest("Resource A", "ScopeA", "ScopeB"));
    String rpt = response.getToken();
    assertNotNull(rpt);
    assertFalse(response.isUpgraded());
    AccessToken accessToken = toAccessToken(rpt);
    AccessToken.Authorization authorization = accessToken.getAuthorization();
    assertNotNull(authorization);
    Collection<Permission> permissions = authorization.getPermissions();
    assertNotNull(permissions);
    assertPermissions(permissions, "Resource A", "ScopeA", "ScopeB");
    assertTrue(permissions.isEmpty());
    TokenIntrospectionResponse introspectionResponse = authzClient.protection().introspectRequestingPartyToken(rpt);
    assertNotNull(introspectionResponse);
    assertNotNull(introspectionResponse.getPermissions());
    oauth.realm("authz-test");
    String introspectHttpResponse = oauth.introspectTokenWithClientCredential("resource-server-test", "secret", "requesting_party_token", rpt);
    Map jsonNode = JsonSerialization.readValue(introspectHttpResponse, Map.class);
    assertEquals(true, jsonNode.get("active"));
    Collection permissionClaims = (Collection) jsonNode.get("permissions");
    assertNotNull(permissionClaims);
    assertEquals(1, permissionClaims.size());
    Map<String, Object> claim = (Map) permissionClaims.iterator().next();
    assertThat(claim.keySet(), containsInAnyOrder("resource_id", "rsname", "resource_scopes", "scopes", "rsid"));
    assertThat(claim.get("rsname"), equalTo("Resource A"));
    ResourceRepresentation resourceRep = authzClient.protection().resource().findByName("Resource A");
    assertThat(claim.get("rsid"), equalTo(resourceRep.getId()));
    assertThat(claim.get("resource_id"), equalTo(resourceRep.getId()));
    assertThat((Collection<String>) claim.get("resource_scopes"), containsInAnyOrder("ScopeA", "ScopeB"));
    assertThat((Collection<String>) claim.get("scopes"), containsInAnyOrder("ScopeA", "ScopeB"));
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) AuthzClient(org.keycloak.authorization.client.AuthzClient) AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) Collection(java.util.Collection) TokenIntrospectionResponse(org.keycloak.authorization.client.representation.TokenIntrospectionResponse) AccessTokenResponse(org.keycloak.representations.AccessTokenResponse) Map(java.util.Map) Test(org.junit.Test)

Example 49 with AuthorizationResponse

use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.

the class UmaGrantTypeTest method testObtainRptWithClientCredentials.

@Test
public void testObtainRptWithClientCredentials() throws Exception {
    AuthorizationResponse response = authorize("Resource A", new String[] { "ScopeA", "ScopeB" });
    String rpt = response.getToken();
    assertNotNull(rpt);
    assertFalse(response.isUpgraded());
    AccessToken accessToken = toAccessToken(rpt);
    AccessToken.Authorization authorization = accessToken.getAuthorization();
    assertNotNull(authorization);
    Collection<Permission> permissions = authorization.getPermissions();
    assertNotNull(permissions);
    assertPermissions(permissions, "Resource A", "ScopeA", "ScopeB");
    assertTrue(permissions.isEmpty());
}
Also used : AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 50 with AuthorizationResponse

use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.

the class UmaGrantTypeTest method testObtainRptWithUpgradeOnlyScopes.

@Test
public void testObtainRptWithUpgradeOnlyScopes() throws Exception {
    AuthorizationResponse response = authorize("marta", "password", null, new String[] { "ScopeA", "ScopeB" });
    String rpt = response.getToken();
    AccessToken.Authorization authorization = toAccessToken(rpt).getAuthorization();
    Collection<Permission> permissions = authorization.getPermissions();
    assertFalse(response.isUpgraded());
    assertNotNull(permissions);
    assertPermissions(permissions, "Resource A", "ScopeA", "ScopeB");
    assertTrue(permissions.isEmpty());
    response = authorize("marta", "password", "Resource A", new String[] { "ScopeC" }, rpt);
    authorization = toAccessToken(response.getToken()).getAuthorization();
    permissions = authorization.getPermissions();
    assertTrue(response.isUpgraded());
    assertNotNull(permissions);
    assertPermissions(permissions, "Resource A", "ScopeA", "ScopeB", "ScopeC");
    assertTrue(permissions.isEmpty());
}
Also used : AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Aggregations

AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)69 Test (org.junit.Test)58 AccessToken (org.keycloak.representations.AccessToken)43 Permission (org.keycloak.representations.idm.authorization.Permission)43 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)41 AuthzClient (org.keycloak.authorization.client.AuthzClient)35 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)30 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)22 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)20 ClientResource (org.keycloak.admin.client.resource.ClientResource)20 PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)20 AuthorizationDeniedException (org.keycloak.authorization.client.AuthorizationDeniedException)19 OAuthClient (org.keycloak.testsuite.util.OAuthClient)17 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)15 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)14 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)14 ScopePermissionRepresentation (org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)14 Response (javax.ws.rs.core.Response)13 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)12 ArrayList (java.util.ArrayList)11