use of org.keycloak.representations.idm.authorization.JSPolicyRepresentation in project keycloak by keycloak.
the class PolicyEvaluationTest method testCheckUserInRole.
public static void testCheckUserInRole(KeycloakSession session) {
session.getContext().setRealm(session.realms().getRealmByName("authz-test"));
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
policyRepresentation.setName("testCheckUserInRole");
StringBuilder builder = new StringBuilder();
builder.append("var realm = $evaluation.getRealm();");
builder.append("if (realm.isUserInRealmRole('marta', 'role-a')) { $evaluation.grant(); }");
policyRepresentation.setCode(builder.toString());
Policy policy = storeFactory.getPolicyStore().create(policyRepresentation, resourceServer);
PolicyProvider provider = authorization.getProvider(policy.getType());
DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
provider.evaluate(evaluation);
Assert.assertEquals(Effect.PERMIT, evaluation.getEffect());
builder = new StringBuilder();
builder.append("var realm = $evaluation.getRealm();");
builder.append("if (realm.isUserInRealmRole('marta', 'role-b')) { $evaluation.grant(); }");
policyRepresentation.setCode(builder.toString());
policyRepresentation.setId(policy.getId());
policy = RepresentationToModel.toModel(policyRepresentation, authorization, policy);
evaluation = createEvaluation(session, authorization, resourceServer, policy);
provider.evaluate(evaluation);
Assert.assertNull(evaluation.getEffect());
}
use of org.keycloak.representations.idm.authorization.JSPolicyRepresentation in project keycloak by keycloak.
the class PolicyEvaluationTest method testCheckUserRealmRoles.
public static void testCheckUserRealmRoles(KeycloakSession session) {
session.getContext().setRealm(session.realms().getRealmByName("authz-test"));
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ClientModel clientModel = session.clients().getClientByClientId(session.getContext().getRealm(), "resource-server-test");
StoreFactory storeFactory = authorization.getStoreFactory();
ResourceServer resourceServer = storeFactory.getResourceServerStore().findByClient(clientModel);
JSPolicyRepresentation policyRepresentation = new JSPolicyRepresentation();
policyRepresentation.setName("testCheckUserRealmRoles");
StringBuilder builder = new StringBuilder();
builder.append("var realm = $evaluation.getRealm();");
builder.append("var roles = realm.getUserRealmRoles('marta');");
builder.append("if (roles.size() == 2 && roles.contains('uma_authorization') && roles.contains('role-a')) { $evaluation.grant(); }");
policyRepresentation.setCode(builder.toString());
Policy policy = storeFactory.getPolicyStore().create(policyRepresentation, resourceServer);
PolicyProvider provider = authorization.getProvider(policy.getType());
DefaultEvaluation evaluation = createEvaluation(session, authorization, resourceServer, policy);
provider.evaluate(evaluation);
Assert.assertEquals(Effect.PERMIT, evaluation.getEffect());
}
use of org.keycloak.representations.idm.authorization.JSPolicyRepresentation in project keycloak by keycloak.
the class PermissionClaimTest method configureAuthorization.
@Before
public void configureAuthorization() throws Exception {
ClientResource client = getClient(getRealm());
AuthorizationResource authorization = client.authorization();
claimAPolicy = new JSPolicyRepresentation();
claimAPolicy.setName("Claim A Policy");
claimAPolicy.setCode("$evaluation.getPermission().addClaim('claim-a', 'claim-a');$evaluation.getPermission().addClaim('claim-a', 'claim-a1');$evaluation.grant();");
authorization.policies().js().create(claimAPolicy).close();
claimBPolicy = new JSPolicyRepresentation();
claimBPolicy.setName("Policy Claim B");
claimBPolicy.setCode("$evaluation.getPermission().addClaim('claim-b', 'claim-b');$evaluation.grant();");
authorization.policies().js().create(claimBPolicy).close();
claimCPolicy = new JSPolicyRepresentation();
claimCPolicy.setName("Policy Claim C");
claimCPolicy.setCode("$evaluation.getPermission().addClaim('claim-c', 'claim-c');$evaluation.grant();");
authorization.policies().js().create(claimCPolicy).close();
denyPolicy = new JSPolicyRepresentation();
denyPolicy.setName("Deny Policy");
denyPolicy.setCode("$evaluation.getPermission().addClaim('deny-policy', 'deny-policy');$evaluation.deny();");
authorization.policies().js().create(denyPolicy).close();
}
use of org.keycloak.representations.idm.authorization.JSPolicyRepresentation in project keycloak by keycloak.
the class AuthorizationAPITest method configureAuthorization.
private void configureAuthorization(String clientId) throws Exception {
ClientResource client = getClient(getRealm(), clientId);
AuthorizationResource authorization = client.authorization();
ResourceRepresentation resource = new ResourceRepresentation("Resource A");
Response response = authorization.resources().create(resource);
response.close();
JSPolicyRepresentation policy = new JSPolicyRepresentation();
policy.setName("Default Policy");
policy.setCode("$evaluation.grant();");
response = authorization.policies().js().create(policy);
response.close();
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
permission.setName(resource.getName() + " Permission");
permission.addResource(resource.getName());
permission.addPolicy(policy.getName());
response = authorization.permissions().resource().create(permission);
response.close();
}
use of org.keycloak.representations.idm.authorization.JSPolicyRepresentation in project keycloak by keycloak.
the class AuthorizationTest method configureAuthorization.
@Before
public void configureAuthorization() throws Exception {
ClientResource client = getClient();
AuthorizationResource authorization = client.authorization();
JSPolicyRepresentation policy = new JSPolicyRepresentation();
policy.setName("Grant Policy");
policy.setCode("$evaluation.grant();");
authorization.policies().js().create(policy).close();
policy = new JSPolicyRepresentation();
policy.setName("Deny Policy");
policy.setCode("$evaluation.deny();");
}
Aggregations