use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.
the class AuthzClientCredentialsTest method testPermissionWhenResourceServerIsCurrentUser.
@Test
public void testPermissionWhenResourceServerIsCurrentUser() throws Exception {
ClientsResource clients = getAdminClient().realm("authz-test-session").clients();
ClientRepresentation clientRepresentation = clients.findByClientId("resource-server-test").get(0);
List<UserSessionRepresentation> userSessions = clients.get(clientRepresentation.getId()).getUserSessions(-1, -1);
assertEquals(0, userSessions.size());
AuthzClient authzClient = getAuthzClient("default-session-keycloak.json");
org.keycloak.authorization.client.resource.AuthorizationResource authorization = authzClient.authorization(authzClient.obtainAccessToken().getToken());
AuthorizationResponse response = authorization.authorize();
AccessToken accessToken = toAccessToken(response.getToken());
assertEquals(1, accessToken.getAuthorization().getPermissions().size());
assertEquals("Default Resource", accessToken.getAuthorization().getPermissions().iterator().next().getResourceName());
}
use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.
the class ClientScopePolicyTest method testWithExpectedClientScope.
@Test
public void testWithExpectedClientScope() {
// Access Resource A with client scope foo.
AuthzClient authzClient = getAuthzClient();
PermissionRequest request = new PermissionRequest("Resource A");
String ticket = authzClient.protection().permission().create(request).getTicket();
AuthorizationResponse response = authzClient.authorization("marta", "password", "foo").authorize(new AuthorizationRequest(ticket));
assertNotNull(response.getToken());
// Access Resource A with client scope bar.
request = new PermissionRequest("Resource A");
ticket = authzClient.protection().permission().create(request).getTicket();
response = authzClient.authorization("marta", "password", "bar").authorize(new AuthorizationRequest(ticket));
assertNotNull(response.getToken());
// Access Resource B with client scope bar.
request = new PermissionRequest("Resource B");
ticket = authzClient.protection().permission().create(request).getTicket();
response = authzClient.authorization("marta", "password", "bar").authorize(new AuthorizationRequest(ticket));
assertNotNull(response.getToken());
}
use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.
the class AuthorizationTest method authorize.
private List<Permission> authorize(String userName, String password, AuthorizationRequest request) {
AuthorizationResponse response = getAuthzClient().authorization(userName, password).authorize(request);
AccessToken token = toAccessToken(response.getToken());
Authorization authorization = token.getAuthorization();
return new ArrayList<>(authorization.getPermissions());
}
use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.
the class RolePolicyTest method testUserWithExpectedRole.
@Test
public void testUserWithExpectedRole() {
AuthzClient authzClient = getAuthzClient();
PermissionRequest request = new PermissionRequest("Resource A");
String ticket = authzClient.protection().permission().create(request).getTicket();
AuthorizationResponse response = authzClient.authorization("marta", "password").authorize(new AuthorizationRequest(ticket));
assertNotNull(response.getToken());
}
use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.
the class UmaGrantTypeTest method testObtainRptOnlyAuthorizedScopes.
@Test
public void testObtainRptOnlyAuthorizedScopes() throws Exception {
ResourceRepresentation resourceA = addResource(KeycloakModelUtils.generateId(), "READ", "WRITE");
ScopePermissionRepresentation permissionA = new ScopePermissionRepresentation();
permissionA.setName(KeycloakModelUtils.generateId());
permissionA.addScope("READ");
permissionA.addPolicy("Default Policy");
AuthorizationResource authzResource = getClient(getRealm()).authorization();
authzResource.permissions().scope().create(permissionA).close();
ScopePermissionRepresentation permissionB = new ScopePermissionRepresentation();
permissionB.setName(KeycloakModelUtils.generateId());
permissionB.addScope("WRITE");
permissionB.addPolicy("Deny Policy");
authzResource.permissions().scope().create(permissionB).close();
AuthorizationResponse response = authorize("marta", "password", resourceA.getName(), new String[] { "READ" });
String rpt = response.getToken();
AccessToken.Authorization authorization = toAccessToken(rpt).getAuthorization();
Collection<Permission> permissions = authorization.getPermissions();
assertFalse(response.isUpgraded());
assertNotNull(permissions);
assertPermissions(permissions, resourceA.getName(), "READ");
assertTrue(permissions.isEmpty());
response = authorize("marta", "password", resourceA.getName(), new String[] { "READ", "WRITE" });
rpt = response.getToken();
authorization = toAccessToken(rpt).getAuthorization();
permissions = authorization.getPermissions();
assertFalse(response.isUpgraded());
assertNotNull(permissions);
assertPermissions(permissions, resourceA.getName(), "READ");
assertTrue(permissions.isEmpty());
}
Aggregations