Examples with Permission org.keycloak.representations.idm.authorization.Permission used on opensource projects

Search in sources :

Example 26 with Permission

use of org.keycloak.representations.idm.authorization.Permission in project keycloak by keycloak.

the class UmaGrantTypeTest method testObtainRptWithUpgradeWithUnauthorizedResourceFromRpt.

@Test
public void testObtainRptWithUpgradeWithUnauthorizedResourceFromRpt() throws Exception {
    ResourcePermissionRepresentation permissionA = new ResourcePermissionRepresentation();
    ResourceRepresentation resourceA = addResource(KeycloakModelUtils.generateId(), "ScopeA", "ScopeB", "ScopeC");
    permissionA.setName(resourceA.getName() + " Permission");
    permissionA.addResource(resourceA.getName());
    permissionA.addPolicy("Default Policy");
    AuthorizationResource authzResource = getClient(getRealm()).authorization();
    authzResource.permissions().resource().create(permissionA).close();
    AuthorizationResponse response = authorize("marta", "password", resourceA.getId(), new String[] { "ScopeA", "ScopeB" });
    String rpt = response.getToken();
    AccessToken.Authorization authorization = toAccessToken(rpt).getAuthorization();
    Collection<Permission> permissions = authorization.getPermissions();
    assertFalse(response.isUpgraded());
    assertNotNull(permissions);
    assertPermissions(permissions, resourceA.getName(), "ScopeA", "ScopeB");
    assertTrue(permissions.isEmpty());
    ResourceRepresentation resourceB = addResource(KeycloakModelUtils.generateId(), "ScopeA", "ScopeB", "ScopeC");
    ResourcePermissionRepresentation permissionB = new ResourcePermissionRepresentation();
    permissionB.setName(resourceB.getName() + " Permission");
    permissionB.addResource(resourceB.getName());
    permissionB.addPolicy("Default Policy");
    authzResource.permissions().resource().create(permissionB).close();
    response = authorize("marta", "password", resourceB.getId(), new String[] { "ScopeC" }, rpt);
    rpt = response.getToken();
    authorization = toAccessToken(rpt).getAuthorization();
    permissions = authorization.getPermissions();
    assertTrue(response.isUpgraded());
    assertNotNull(permissions);
    assertPermissions(permissions, resourceA.getName(), "ScopeA", "ScopeB");
    assertPermissions(permissions, resourceB.getName(), "ScopeC");
    assertTrue(permissions.isEmpty());
    permissionB = authzResource.permissions().resource().findByName(permissionB.getName());
    permissionB.removePolicy("Default Policy");
    permissionB.addPolicy("Deny Policy");
    authzResource.permissions().resource().findById(permissionB.getId()).update(permissionB);
    response = authorize("marta", "password", resourceA.getId(), new String[] { "ScopeC" }, rpt);
    rpt = response.getToken();
    authorization = toAccessToken(rpt).getAuthorization();
    permissions = authorization.getPermissions();
    assertFalse(response.isUpgraded());
    assertNotNull(permissions);
    assertPermissions(permissions, resourceA.getName(), "ScopeA", "ScopeB", "ScopeC");
    assertTrue(permissions.isEmpty());
}
Also used : AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 27 with Permission

use of org.keycloak.representations.idm.authorization.Permission in project keycloak by keycloak.

the class UmaGrantTypeTest method testObtainRptWithOwnerManagedResource.

@Test
public void testObtainRptWithOwnerManagedResource() throws Exception {
    ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
    ResourceRepresentation resourceA = addResource("Resource Marta", "marta", true, "ScopeA", "ScopeB", "ScopeC");
    permission.setName(resourceA.getName() + " Permission");
    permission.addResource(resourceA.getId());
    permission.addPolicy("Default Policy");
    getClient(getRealm()).authorization().permissions().resource().create(permission).close();
    ResourceRepresentation resourceB = addResource("Resource B", "marta", "ScopeA", "ScopeB", "ScopeC");
    permission.setName(resourceB.getName() + " Permission");
    permission.addResource(resourceB.getId());
    permission.addPolicy("Default Policy");
    getClient(getRealm()).authorization().permissions().resource().create(permission).close();
    AuthorizationResponse response = authorize("marta", "password", new PermissionRequest(resourceA.getName(), "ScopeA", "ScopeB"), new PermissionRequest(resourceB.getName(), "ScopeC"));
    String rpt = response.getToken();
    AccessToken.Authorization authorization = toAccessToken(rpt).getAuthorization();
    Collection<Permission> permissions = authorization.getPermissions();
    assertNotNull(permissions);
    assertPermissions(permissions, resourceA.getName(), "ScopeA", "ScopeB");
    assertPermissions(permissions, resourceB.getName(), "ScopeC");
    assertTrue(permissions.isEmpty());
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 28 with Permission

use of org.keycloak.representations.idm.authorization.Permission in project keycloak by keycloak.

the class UmaGrantTypeTest method testObtainRptWithClientAdditionalScopes.

@Test
public void testObtainRptWithClientAdditionalScopes() throws Exception {
    AuthorizationResponse response = authorize("marta", "password", "Resource A", new String[] { "ScopeA", "ScopeB" }, new String[] { "ScopeC" });
    AccessToken accessToken = toAccessToken(response.getToken());
    AccessToken.Authorization authorization = accessToken.getAuthorization();
    Collection<Permission> permissions = authorization.getPermissions();
    assertNotNull(permissions);
    assertPermissions(permissions, "Resource A", "ScopeA", "ScopeB", "ScopeC");
    assertTrue(permissions.isEmpty());
}
Also used : AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 29 with Permission

use of org.keycloak.representations.idm.authorization.Permission in project keycloak by keycloak.

the class UserManagedAccessTest method testOnlyOwnerCanAccessPermissionsToScope.

@Test
public void testOnlyOwnerCanAccessPermissionsToScope() throws Exception {
    resource = addResource("Resource A", "marta", true, "ScopeA", "ScopeB");
    ScopePermissionRepresentation permission = new ScopePermissionRepresentation();
    permission.setName(resource.getName() + " Scope A Permission");
    permission.addScope("ScopeA");
    permission.addPolicy("Only Owner Policy");
    getClient(getRealm()).authorization().permissions().scope().create(permission).close();
    permission = new ScopePermissionRepresentation();
    permission.setName(resource.getName() + " Scope B Permission");
    permission.addScope("ScopeB");
    permission.addPolicy("Only Owner Policy");
    getClient(getRealm()).authorization().permissions().scope().create(permission).close();
    AuthorizationResponse response = authorize("marta", "password", resource.getName(), new String[] { "ScopeA", "ScopeB" });
    String rpt = response.getToken();
    assertNotNull(rpt);
    assertFalse(response.isUpgraded());
    AccessToken accessToken = toAccessToken(rpt);
    AccessToken.Authorization authorization = accessToken.getAuthorization();
    assertNotNull(authorization);
    Collection<Permission> permissions = authorization.getPermissions();
    assertNotNull(permissions);
    assertPermissions(permissions, resource.getName(), "ScopeA", "ScopeB");
    assertTrue(permissions.isEmpty());
    try {
        response = authorize("kolo", "password", resource.getId(), new String[] { "ScopeA", "ScopeB" });
        fail("User should not have access to resource from another user");
    } catch (AuthorizationDeniedException ade) {
    }
    List<PermissionTicketRepresentation> tickets = getAuthzClient().protection().permission().find(resource.getId(), null, null, null, null, null, null, null);
    for (PermissionTicketRepresentation ticket : tickets) {
        ticket.setGranted(true);
        getAuthzClient().protection().permission().update(ticket);
    }
    try {
        response = authorize("kolo", "password", resource.getId(), new String[] { "ScopeA", "ScopeB" });
    } catch (AuthorizationDeniedException ade) {
        fail("User should have access to resource from another user");
    }
    rpt = response.getToken();
    accessToken = toAccessToken(rpt);
    authorization = accessToken.getAuthorization();
    permissions = authorization.getPermissions();
    assertPermissions(permissions, resource.getName(), "ScopeA", "ScopeB");
    assertTrue(permissions.isEmpty());
    try {
        response = authorize("marta", "password", resource.getId(), new String[] { "ScopeB" });
    } catch (AuthorizationDeniedException ade) {
        fail("User should have access to his own resources");
    }
    rpt = response.getToken();
    accessToken = toAccessToken(rpt);
    authorization = accessToken.getAuthorization();
    permissions = authorization.getPermissions();
    assertPermissions(permissions, resource.getName(), "ScopeB");
    assertTrue(permissions.isEmpty());
}
Also used : AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException) AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) PermissionTicketRepresentation(org.keycloak.representations.idm.authorization.PermissionTicketRepresentation) ScopePermissionRepresentation(org.keycloak.representations.idm.authorization.ScopePermissionRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 30 with Permission

use of org.keycloak.representations.idm.authorization.Permission in project keycloak by keycloak.

the class UserManagedAccessTest method testOnlyOwnerCanAccess.

@Test
public void testOnlyOwnerCanAccess() throws Exception {
    ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
    resource = addResource("Resource A", "marta", true, "ScopeA", "ScopeB");
    permission.setName(resource.getName() + " Permission");
    permission.addResource(resource.getId());
    permission.addPolicy("Only Owner Policy");
    getClient(getRealm()).authorization().permissions().resource().create(permission).close();
    AuthorizationResponse response = authorize("marta", "password", resource.getName(), new String[] { "ScopeA", "ScopeB" });
    String rpt = response.getToken();
    assertNotNull(rpt);
    assertFalse(response.isUpgraded());
    AccessToken accessToken = toAccessToken(rpt);
    AccessToken.Authorization authorization = accessToken.getAuthorization();
    assertNotNull(authorization);
    Collection<Permission> permissions = authorization.getPermissions();
    assertNotNull(permissions);
    assertPermissions(permissions, resource.getName(), "ScopeA", "ScopeB");
    assertTrue(permissions.isEmpty());
    try {
        response = authorize("kolo", "password", resource.getId(), new String[] { "ScopeA", "ScopeB" });
        fail("User should have access to resource from another user");
    } catch (AuthorizationDeniedException ade) {
    }
}
Also used : AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException) AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Aggregations

Permission (org.keycloak.representations.idm.authorization.Permission)73 Test (org.junit.Test)50 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)44 AccessToken (org.keycloak.representations.AccessToken)36 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)29 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)27 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)23 AuthzClient (org.keycloak.authorization.client.AuthzClient)22 ClientResource (org.keycloak.admin.client.resource.ClientResource)20 ArrayList (java.util.ArrayList)19 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)19 OAuthClient (org.keycloak.testsuite.util.OAuthClient)15 ScopePermissionRepresentation (org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)14 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)13 Response (javax.ws.rs.core.Response)12 AuthorizationDeniedException (org.keycloak.authorization.client.AuthorizationDeniedException)12 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)12 PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)12 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)12 Authorization (org.keycloak.representations.AccessToken.Authorization)11
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial