Search in sources :

Example 16 with AuthorizationResponse

use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.

the class AuthzClientCredentialsTest method testPermissionWhenResourceServerIsCurrentUser.

@Test
public void testPermissionWhenResourceServerIsCurrentUser() throws Exception {
    ClientsResource clients = getAdminClient().realm("authz-test-session").clients();
    ClientRepresentation clientRepresentation = clients.findByClientId("resource-server-test").get(0);
    List<UserSessionRepresentation> userSessions = clients.get(clientRepresentation.getId()).getUserSessions(-1, -1);
    assertEquals(0, userSessions.size());
    AuthzClient authzClient = getAuthzClient("default-session-keycloak.json");
    org.keycloak.authorization.client.resource.AuthorizationResource authorization = authzClient.authorization(authzClient.obtainAccessToken().getToken());
    AuthorizationResponse response = authorization.authorize();
    AccessToken accessToken = toAccessToken(response.getToken());
    assertEquals(1, accessToken.getAuthorization().getPermissions().size());
    assertEquals("Default Resource", accessToken.getAuthorization().getPermissions().iterator().next().getResourceName());
}
Also used : UserSessionRepresentation(org.keycloak.representations.idm.UserSessionRepresentation) AuthzClient(org.keycloak.authorization.client.AuthzClient) AccessToken(org.keycloak.representations.AccessToken) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 17 with AuthorizationResponse

use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.

the class ClientScopePolicyTest method testWithExpectedClientScope.

@Test
public void testWithExpectedClientScope() {
    // Access Resource A with client scope foo.
    AuthzClient authzClient = getAuthzClient();
    PermissionRequest request = new PermissionRequest("Resource A");
    String ticket = authzClient.protection().permission().create(request).getTicket();
    AuthorizationResponse response = authzClient.authorization("marta", "password", "foo").authorize(new AuthorizationRequest(ticket));
    assertNotNull(response.getToken());
    // Access Resource A with client scope bar.
    request = new PermissionRequest("Resource A");
    ticket = authzClient.protection().permission().create(request).getTicket();
    response = authzClient.authorization("marta", "password", "bar").authorize(new AuthorizationRequest(ticket));
    assertNotNull(response.getToken());
    // Access Resource B with client scope bar.
    request = new PermissionRequest("Resource B");
    ticket = authzClient.protection().permission().create(request).getTicket();
    response = authzClient.authorization("marta", "password", "bar").authorize(new AuthorizationRequest(ticket));
    assertNotNull(response.getToken());
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AuthzClient(org.keycloak.authorization.client.AuthzClient) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 18 with AuthorizationResponse

use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.

the class AuthorizationTest method authorize.

private List<Permission> authorize(String userName, String password, AuthorizationRequest request) {
    AuthorizationResponse response = getAuthzClient().authorization(userName, password).authorize(request);
    AccessToken token = toAccessToken(response.getToken());
    Authorization authorization = token.getAuthorization();
    return new ArrayList<>(authorization.getPermissions());
}
Also used : Authorization(org.keycloak.representations.AccessToken.Authorization) AccessToken(org.keycloak.representations.AccessToken) ArrayList(java.util.ArrayList) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse)

Example 19 with AuthorizationResponse

use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.

the class RolePolicyTest method testUserWithExpectedRole.

@Test
public void testUserWithExpectedRole() {
    AuthzClient authzClient = getAuthzClient();
    PermissionRequest request = new PermissionRequest("Resource A");
    String ticket = authzClient.protection().permission().create(request).getTicket();
    AuthorizationResponse response = authzClient.authorization("marta", "password").authorize(new AuthorizationRequest(ticket));
    assertNotNull(response.getToken());
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AuthzClient(org.keycloak.authorization.client.AuthzClient) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 20 with AuthorizationResponse

use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.

the class UmaGrantTypeTest method testObtainRptOnlyAuthorizedScopes.

@Test
public void testObtainRptOnlyAuthorizedScopes() throws Exception {
    ResourceRepresentation resourceA = addResource(KeycloakModelUtils.generateId(), "READ", "WRITE");
    ScopePermissionRepresentation permissionA = new ScopePermissionRepresentation();
    permissionA.setName(KeycloakModelUtils.generateId());
    permissionA.addScope("READ");
    permissionA.addPolicy("Default Policy");
    AuthorizationResource authzResource = getClient(getRealm()).authorization();
    authzResource.permissions().scope().create(permissionA).close();
    ScopePermissionRepresentation permissionB = new ScopePermissionRepresentation();
    permissionB.setName(KeycloakModelUtils.generateId());
    permissionB.addScope("WRITE");
    permissionB.addPolicy("Deny Policy");
    authzResource.permissions().scope().create(permissionB).close();
    AuthorizationResponse response = authorize("marta", "password", resourceA.getName(), new String[] { "READ" });
    String rpt = response.getToken();
    AccessToken.Authorization authorization = toAccessToken(rpt).getAuthorization();
    Collection<Permission> permissions = authorization.getPermissions();
    assertFalse(response.isUpgraded());
    assertNotNull(permissions);
    assertPermissions(permissions, resourceA.getName(), "READ");
    assertTrue(permissions.isEmpty());
    response = authorize("marta", "password", resourceA.getName(), new String[] { "READ", "WRITE" });
    rpt = response.getToken();
    authorization = toAccessToken(rpt).getAuthorization();
    permissions = authorization.getPermissions();
    assertFalse(response.isUpgraded());
    assertNotNull(permissions);
    assertPermissions(permissions, resourceA.getName(), "READ");
    assertTrue(permissions.isEmpty());
}
Also used : AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) ScopePermissionRepresentation(org.keycloak.representations.idm.authorization.ScopePermissionRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Aggregations

AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)69 Test (org.junit.Test)58 AccessToken (org.keycloak.representations.AccessToken)43 Permission (org.keycloak.representations.idm.authorization.Permission)43 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)41 AuthzClient (org.keycloak.authorization.client.AuthzClient)35 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)30 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)22 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)20 ClientResource (org.keycloak.admin.client.resource.ClientResource)20 PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)20 AuthorizationDeniedException (org.keycloak.authorization.client.AuthorizationDeniedException)19 OAuthClient (org.keycloak.testsuite.util.OAuthClient)17 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)15 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)14 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)14 ScopePermissionRepresentation (org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)14 Response (javax.ws.rs.core.Response)13 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)12 ArrayList (java.util.ArrayList)11