Example 21 with AuthorizationResponse
use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.
the class UmaGrantTypeTest method testObtainRptWithIDToken.
@Test
public void testObtainRptWithIDToken() throws Exception {
String idToken = getIdToken("marta", "password");
AuthorizationResponse response = authorize("Resource A", new String[] { "ScopeA", "ScopeB" }, idToken, "http://openid.net/specs/openid-connect-core-1_0.html#IDToken");
String rpt = response.getToken();
assertNotNull(rpt);
assertFalse(response.isUpgraded());
AccessToken accessToken = toAccessToken(rpt);
AccessToken.Authorization authorization = accessToken.getAuthorization();
assertNotNull(authorization);
Collection<Permission> permissions = authorization.getPermissions();
assertNotNull(permissions);
assertPermissions(permissions, "Resource A", "ScopeA", "ScopeB");
assertTrue(permissions.isEmpty());
}
Also used :
AccessToken(org.keycloak.representations.AccessToken)
Permission(org.keycloak.representations.idm.authorization.Permission)
AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse)
Test(org.junit.Test)
Example 22 with AuthorizationResponse
use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.
the class UmaGrantTypeTest method testObtainRptWithUpgradeWithUnauthorizedResource.
@Test
public void testObtainRptWithUpgradeWithUnauthorizedResource() throws Exception {
AuthorizationResponse response = authorize("marta", "password", "Resource A", new String[] { "ScopeA", "ScopeB" });
String rpt = response.getToken();
AccessToken.Authorization authorization = toAccessToken(rpt).getAuthorization();
Collection<Permission> permissions = authorization.getPermissions();
assertFalse(response.isUpgraded());
assertNotNull(permissions);
assertPermissions(permissions, "Resource A", "ScopeA", "ScopeB");
assertTrue(permissions.isEmpty());
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
ResourceRepresentation resourceB = addResource("Resource B", "ScopeA", "ScopeB", "ScopeC");
permission.setName(resourceB.getName() + " Permission");
permission.addResource(resourceB.getName());
permission.addPolicy("Deny Policy");
getClient(getRealm()).authorization().permissions().resource().create(permission).close();
try {
authorize("marta", "password", "Resource B", new String[] { "ScopeC" }, rpt);
fail("Should be denied, resource b not granted");
} catch (AuthorizationDeniedException ignore) {
}
}
Also used :
AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException)
AccessToken(org.keycloak.representations.AccessToken)
Permission(org.keycloak.representations.idm.authorization.Permission)
AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse)
ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)
ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)
Test(org.junit.Test)
Example 23 with AuthorizationResponse
use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.
the class UmaGrantTypeTest method testRefreshRpt.
@Test
public void testRefreshRpt() {
AccessTokenResponse accessTokenResponse = getAuthzClient().obtainAccessToken("marta", "password");
AuthorizationResponse response = authorize(null, null, null, null, accessTokenResponse.getToken(), null, null, new PermissionRequest("Resource A", "ScopeA", "ScopeB"));
String rpt = response.getToken();
assertNotNull(rpt);
AccessToken accessToken = toAccessToken(rpt);
AccessToken.Authorization authorization = accessToken.getAuthorization();
assertNotNull(authorization);
Collection<Permission> permissions = authorization.getPermissions();
assertNotNull(permissions);
assertPermissions(permissions, "Resource A", "ScopeA", "ScopeB");
assertTrue(permissions.isEmpty());
String refreshToken = response.getRefreshToken();
assertNotNull(refreshToken);
AccessToken refreshTokenToken = toAccessToken(refreshToken);
assertNotNull(refreshTokenToken.getAuthorization());
Client client = AdminClientUtil.createResteasyClient();
UriBuilder builder = UriBuilder.fromUri(AUTH_SERVER_ROOT);
URI uri = OIDCLoginProtocolService.tokenUrl(builder).build(REALM_NAME);
WebTarget target = client.target(uri);
Form parameters = new Form();
parameters.param("grant_type", OAuth2Constants.REFRESH_TOKEN);
parameters.param(OAuth2Constants.REFRESH_TOKEN, refreshToken);
AccessTokenResponse refreshTokenResponse = target.request().header(HttpHeaders.AUTHORIZATION, BasicAuthHelper.createHeader("resource-server-test", "secret")).post(Entity.form(parameters)).readEntity(AccessTokenResponse.class);
assertNotNull(refreshTokenResponse.getToken());
refreshToken = refreshTokenResponse.getRefreshToken();
refreshTokenToken = toAccessToken(refreshToken);
assertNotNull(refreshTokenToken.getAuthorization());
AccessToken refreshedToken = toAccessToken(rpt);
authorization = refreshedToken.getAuthorization();
assertNotNull(authorization);
permissions = authorization.getPermissions();
assertNotNull(permissions);
assertPermissions(permissions, "Resource A", "ScopeA", "ScopeB");
assertTrue(permissions.isEmpty());
refreshTokenResponse = target.request().header(HttpHeaders.AUTHORIZATION, BasicAuthHelper.createHeader("resource-server-test", "secret")).post(Entity.form(parameters)).readEntity(AccessTokenResponse.class);
assertNotNull(refreshTokenResponse.getToken());
refreshToken = refreshTokenResponse.getRefreshToken();
refreshTokenToken = toAccessToken(refreshToken);
assertNotNull(refreshTokenToken.getAuthorization());
refreshedToken = toAccessToken(rpt);
authorization = refreshedToken.getAuthorization();
assertNotNull(authorization);
permissions = authorization.getPermissions();
assertNotNull(permissions);
assertPermissions(permissions, "Resource A", "ScopeA", "ScopeB");
assertTrue(permissions.isEmpty());
}
Also used :
PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest)
Form(javax.ws.rs.core.Form)
URI(java.net.URI)
AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse)
AccessToken(org.keycloak.representations.AccessToken)
Permission(org.keycloak.representations.idm.authorization.Permission)
WebTarget(javax.ws.rs.client.WebTarget)
AuthzClient(org.keycloak.authorization.client.AuthzClient)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
Client(javax.ws.rs.client.Client)
UriBuilder(javax.ws.rs.core.UriBuilder)
AccessTokenResponse(org.keycloak.representations.AccessTokenResponse)
Test(org.junit.Test)
Example 24 with AuthorizationResponse
use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.
the class UmaGrantTypeTest method testObtainRptWithUpgradeWithUnauthorizedResourceFromRpt.
@Test
public void testObtainRptWithUpgradeWithUnauthorizedResourceFromRpt() throws Exception {
ResourcePermissionRepresentation permissionA = new ResourcePermissionRepresentation();
ResourceRepresentation resourceA = addResource(KeycloakModelUtils.generateId(), "ScopeA", "ScopeB", "ScopeC");
permissionA.setName(resourceA.getName() + " Permission");
permissionA.addResource(resourceA.getName());
permissionA.addPolicy("Default Policy");
AuthorizationResource authzResource = getClient(getRealm()).authorization();
authzResource.permissions().resource().create(permissionA).close();
AuthorizationResponse response = authorize("marta", "password", resourceA.getId(), new String[] { "ScopeA", "ScopeB" });
String rpt = response.getToken();
AccessToken.Authorization authorization = toAccessToken(rpt).getAuthorization();
Collection<Permission> permissions = authorization.getPermissions();
assertFalse(response.isUpgraded());
assertNotNull(permissions);
assertPermissions(permissions, resourceA.getName(), "ScopeA", "ScopeB");
assertTrue(permissions.isEmpty());
ResourceRepresentation resourceB = addResource(KeycloakModelUtils.generateId(), "ScopeA", "ScopeB", "ScopeC");
ResourcePermissionRepresentation permissionB = new ResourcePermissionRepresentation();
permissionB.setName(resourceB.getName() + " Permission");
permissionB.addResource(resourceB.getName());
permissionB.addPolicy("Default Policy");
authzResource.permissions().resource().create(permissionB).close();
response = authorize("marta", "password", resourceB.getId(), new String[] { "ScopeC" }, rpt);
rpt = response.getToken();
authorization = toAccessToken(rpt).getAuthorization();
permissions = authorization.getPermissions();
assertTrue(response.isUpgraded());
assertNotNull(permissions);
assertPermissions(permissions, resourceA.getName(), "ScopeA", "ScopeB");
assertPermissions(permissions, resourceB.getName(), "ScopeC");
assertTrue(permissions.isEmpty());
permissionB = authzResource.permissions().resource().findByName(permissionB.getName());
permissionB.removePolicy("Default Policy");
permissionB.addPolicy("Deny Policy");
authzResource.permissions().resource().findById(permissionB.getId()).update(permissionB);
response = authorize("marta", "password", resourceA.getId(), new String[] { "ScopeC" }, rpt);
rpt = response.getToken();
authorization = toAccessToken(rpt).getAuthorization();
permissions = authorization.getPermissions();
assertFalse(response.isUpgraded());
assertNotNull(permissions);
assertPermissions(permissions, resourceA.getName(), "ScopeA", "ScopeB", "ScopeC");
assertTrue(permissions.isEmpty());
}
Also used :
AccessToken(org.keycloak.representations.AccessToken)
Permission(org.keycloak.representations.idm.authorization.Permission)
AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource)
ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)
ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)
AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse)
Test(org.junit.Test)
Example 25 with AuthorizationResponse
use of org.keycloak.representations.idm.authorization.AuthorizationResponse in project keycloak by keycloak.
the class UmaGrantTypeTest method testObtainRptWithOwnerManagedResource.
@Test
public void testObtainRptWithOwnerManagedResource() throws Exception {
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
ResourceRepresentation resourceA = addResource("Resource Marta", "marta", true, "ScopeA", "ScopeB", "ScopeC");
permission.setName(resourceA.getName() + " Permission");
permission.addResource(resourceA.getId());
permission.addPolicy("Default Policy");
getClient(getRealm()).authorization().permissions().resource().create(permission).close();
ResourceRepresentation resourceB = addResource("Resource B", "marta", "ScopeA", "ScopeB", "ScopeC");
permission.setName(resourceB.getName() + " Permission");
permission.addResource(resourceB.getId());
permission.addPolicy("Default Policy");
getClient(getRealm()).authorization().permissions().resource().create(permission).close();
AuthorizationResponse response = authorize("marta", "password", new PermissionRequest(resourceA.getName(), "ScopeA", "ScopeB"), new PermissionRequest(resourceB.getName(), "ScopeC"));
String rpt = response.getToken();
AccessToken.Authorization authorization = toAccessToken(rpt).getAuthorization();
Collection<Permission> permissions = authorization.getPermissions();
assertNotNull(permissions);
assertPermissions(permissions, resourceA.getName(), "ScopeA", "ScopeB");
assertPermissions(permissions, resourceB.getName(), "ScopeC");
assertTrue(permissions.isEmpty());
}
Also used :
PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest)
AccessToken(org.keycloak.representations.AccessToken)
Permission(org.keycloak.representations.idm.authorization.Permission)
ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)
ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)
AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse)
Test(org.junit.Test)
Aggregations
AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)69
Test (org.junit.Test)58
AccessToken (org.keycloak.representations.AccessToken)43
Permission (org.keycloak.representations.idm.authorization.Permission)43
AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)41
AuthzClient (org.keycloak.authorization.client.AuthzClient)35
ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)30
ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)22
AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)20
ClientResource (org.keycloak.admin.client.resource.ClientResource)20
PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)20
AuthorizationDeniedException (org.keycloak.authorization.client.AuthorizationDeniedException)19
OAuthClient (org.keycloak.testsuite.util.OAuthClient)17
AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)15
JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)14
PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)14
ScopePermissionRepresentation (org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)14
Response (javax.ws.rs.core.Response)13
TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)12
ArrayList (java.util.ArrayList)11
