Examples with Permission org.keycloak.representations.idm.authorization.Permission used on opensource projects

Search in sources :

Example 51 with Permission

use of org.keycloak.representations.idm.authorization.Permission in project keycloak by keycloak.

the class AuthorizationTest method testResourceServerWithSameNameDifferentOwner.

@Test
public void testResourceServerWithSameNameDifferentOwner() {
    ResourceRepresentation koloResource = createResource("Resource A", "kolo", "Scope A", "Scope B");
    createResourcePermission(koloResource, "Grant Policy");
    ResourceRepresentation serverResource = createResource("Resource A", null, "Scope A", "Scope B");
    createResourcePermission(serverResource, "Grant Policy");
    AuthorizationRequest request = new AuthorizationRequest();
    request.addPermission("Resource A");
    List<Permission> permissions = authorize("kolo", "password", request);
    assertEquals(2, permissions.size());
    for (Permission permission : permissions) {
        assertTrue(permission.getResourceId().equals(koloResource.getId()) || permission.getResourceId().equals(serverResource.getId()));
        assertEquals("Resource A", permission.getResourceName());
    }
}
Also used : AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) Permission(org.keycloak.representations.idm.authorization.Permission) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Example 52 with Permission

use of org.keycloak.representations.idm.authorization.Permission in project keycloak by keycloak.

the class ConflictingScopePermissionTest method testWithPermissiveMode.

@Test
public void testWithPermissiveMode() throws Exception {
    ClientResource client = getClient(getRealm());
    AuthorizationResource authorization = client.authorization();
    ResourceServerRepresentation settings = authorization.getSettings();
    settings.setPolicyEnforcementMode(PolicyEnforcementMode.PERMISSIVE);
    settings.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
    authorization.update(settings);
    Collection<Permission> permissions = getEntitlements("marta", "password");
    assertEquals(3, permissions.size());
    for (Permission permission : new ArrayList<>(permissions)) {
        String resourceSetName = permission.getResourceName();
        switch(resourceSetName) {
            case "Resource A":
                assertThat(permission.getScopes(), containsInAnyOrder("execute", "write"));
                permissions.remove(permission);
                break;
            case "Resource C":
                assertThat(permission.getScopes(), containsInAnyOrder("execute", "write", "read"));
                permissions.remove(permission);
                break;
            case "Resource B":
                assertThat(permission.getScopes(), containsInAnyOrder("execute", "write", "read"));
                permissions.remove(permission);
                break;
            default:
                fail("Unexpected permission for resource [" + resourceSetName + "]");
        }
    }
    assertTrue(permissions.isEmpty());
}
Also used : ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) Permission(org.keycloak.representations.idm.authorization.Permission) ArrayList(java.util.ArrayList) ClientResource(org.keycloak.admin.client.resource.ClientResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) Test(org.junit.Test)

Example 53 with Permission

use of org.keycloak.representations.idm.authorization.Permission in project keycloak by keycloak.

the class UserManagedPermissionServiceTest method testGrantRequestedScopesOnly.

@Test
public void testGrantRequestedScopesOnly() {
    ResourceRepresentation resource = new ResourceRepresentation();
    resource.setName(UUID.randomUUID().toString());
    resource.setOwnerManagedAccess(true);
    resource.setOwner("marta");
    resource.addScope("view", "delete");
    ProtectionResource protection = getAuthzClient().protection("marta", "password");
    resource = protection.resource().create(resource);
    UmaPermissionRepresentation permission = new UmaPermissionRepresentation();
    permission.setName("Custom User-Managed Permission");
    permission.addScope("view");
    permission.addUser("kolo");
    permission = protection.policy(resource.getId()).create(permission);
    AuthorizationRequest request = new AuthorizationRequest();
    request.addPermission(resource.getId(), "view");
    AuthorizationResponse response = getAuthzClient().authorization("kolo", "password").authorize(request);
    AccessToken rpt = toAccessToken(response.getToken());
    Collection<Permission> permissions = rpt.getAuthorization().getPermissions();
    assertPermissions(permissions, resource.getId(), "view");
    assertTrue(permissions.isEmpty());
    request = new AuthorizationRequest();
    request.addPermission(resource.getId(), "delete");
    try {
        getAuthzClient().authorization("kolo", "password").authorize(request);
        fail("User should not have permission");
    } catch (Exception e) {
        assertTrue(AuthorizationDeniedException.class.isInstance(e));
    }
    request = new AuthorizationRequest();
    request.addPermission(resource.getId(), "delete");
    try {
        getAuthzClient().authorization("kolo", "password").authorize(request);
        fail("User should not have permission");
    } catch (Exception e) {
        assertTrue(AuthorizationDeniedException.class.isInstance(e));
    }
    request = new AuthorizationRequest();
    request.addPermission(resource.getId());
    response = getAuthzClient().authorization("kolo", "password").authorize(request);
    rpt = toAccessToken(response.getToken());
    permissions = rpt.getAuthorization().getPermissions();
    assertPermissions(permissions, resource.getId(), "view");
    assertTrue(permissions.isEmpty());
}
Also used : ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException) NotFoundException(javax.ws.rs.NotFoundException) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 54 with Permission

use of org.keycloak.representations.idm.authorization.Permission in project keycloak by keycloak.

the class UmaGrantTypeTest method testObtainRptUsingAccessToken.

@Test
public void testObtainRptUsingAccessToken() throws Exception {
    AccessTokenResponse accessTokenResponse = getAuthzClient().obtainAccessToken("marta", "password");
    AuthorizationResponse response = authorize(null, null, null, null, accessTokenResponse.getToken(), null, null, new PermissionRequest("Resource A", "ScopeA", "ScopeB"));
    String rpt = response.getToken();
    assertNotNull(rpt);
    assertFalse(response.isUpgraded());
    AccessToken accessToken = toAccessToken(rpt);
    AccessToken.Authorization authorization = accessToken.getAuthorization();
    assertNotNull(authorization);
    Collection<Permission> permissions = authorization.getPermissions();
    assertNotNull(permissions);
    assertPermissions(permissions, "Resource A", "ScopeA", "ScopeB");
    assertTrue(permissions.isEmpty());
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) AccessTokenResponse(org.keycloak.representations.AccessTokenResponse) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 55 with Permission

use of org.keycloak.representations.idm.authorization.Permission in project keycloak by keycloak.

the class UmaGrantTypeTest method testTokenIntrospect.

@Test
public void testTokenIntrospect() throws Exception {
    AuthzClient authzClient = getAuthzClient();
    AccessTokenResponse accessTokenResponse = authzClient.obtainAccessToken("marta", "password");
    AuthorizationResponse response = authorize(null, null, null, null, accessTokenResponse.getToken(), null, null, new PermissionRequest("Resource A", "ScopeA", "ScopeB"));
    String rpt = response.getToken();
    assertNotNull(rpt);
    assertFalse(response.isUpgraded());
    AccessToken accessToken = toAccessToken(rpt);
    AccessToken.Authorization authorization = accessToken.getAuthorization();
    assertNotNull(authorization);
    Collection<Permission> permissions = authorization.getPermissions();
    assertNotNull(permissions);
    assertPermissions(permissions, "Resource A", "ScopeA", "ScopeB");
    assertTrue(permissions.isEmpty());
    TokenIntrospectionResponse introspectionResponse = authzClient.protection().introspectRequestingPartyToken(rpt);
    assertNotNull(introspectionResponse);
    assertNotNull(introspectionResponse.getPermissions());
    oauth.realm("authz-test");
    String introspectHttpResponse = oauth.introspectTokenWithClientCredential("resource-server-test", "secret", "requesting_party_token", rpt);
    Map jsonNode = JsonSerialization.readValue(introspectHttpResponse, Map.class);
    assertEquals(true, jsonNode.get("active"));
    Collection permissionClaims = (Collection) jsonNode.get("permissions");
    assertNotNull(permissionClaims);
    assertEquals(1, permissionClaims.size());
    Map<String, Object> claim = (Map) permissionClaims.iterator().next();
    assertThat(claim.keySet(), containsInAnyOrder("resource_id", "rsname", "resource_scopes", "scopes", "rsid"));
    assertThat(claim.get("rsname"), equalTo("Resource A"));
    ResourceRepresentation resourceRep = authzClient.protection().resource().findByName("Resource A");
    assertThat(claim.get("rsid"), equalTo(resourceRep.getId()));
    assertThat(claim.get("resource_id"), equalTo(resourceRep.getId()));
    assertThat((Collection<String>) claim.get("resource_scopes"), containsInAnyOrder("ScopeA", "ScopeB"));
    assertThat((Collection<String>) claim.get("scopes"), containsInAnyOrder("ScopeA", "ScopeB"));
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) AuthzClient(org.keycloak.authorization.client.AuthzClient) AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) Collection(java.util.Collection) TokenIntrospectionResponse(org.keycloak.authorization.client.representation.TokenIntrospectionResponse) AccessTokenResponse(org.keycloak.representations.AccessTokenResponse) Map(java.util.Map) Test(org.junit.Test)

Aggregations

Permission (org.keycloak.representations.idm.authorization.Permission)73 Test (org.junit.Test)50 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)44 AccessToken (org.keycloak.representations.AccessToken)36 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)29 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)27 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)23 AuthzClient (org.keycloak.authorization.client.AuthzClient)22 ClientResource (org.keycloak.admin.client.resource.ClientResource)20 ArrayList (java.util.ArrayList)19 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)19 OAuthClient (org.keycloak.testsuite.util.OAuthClient)15 ScopePermissionRepresentation (org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)14 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)13 Response (javax.ws.rs.core.Response)12 AuthorizationDeniedException (org.keycloak.authorization.client.AuthorizationDeniedException)12 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)12 PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)12 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)12 Authorization (org.keycloak.representations.AccessToken.Authorization)11
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial