use of org.keycloak.representations.idm.authorization.PermissionResponse in project keycloak by keycloak.
the class PermissionManagementTest method testPermissionCount.
@Test
public void testPermissionCount() throws Exception {
String[] scopes = { "ScopeA", "ScopeB", "ScopeC", "ScopeD" };
ResourceRepresentation resource = addResource("Resource A", "kolo", true, scopes);
AuthzClient authzClient = getAuthzClient();
PermissionResponse response = authzClient.protection("marta", "password").permission().create(new PermissionRequest(resource.getId(), scopes));
AuthorizationRequest request = new AuthorizationRequest();
request.setTicket(response.getTicket());
request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
try {
authzClient.authorization().authorize(request);
} catch (Exception ignored) {
}
Long ticketCount = getAuthzClient().protection().permission().count(resource.getId(), null, null, null, null, true);
assertEquals("Returned number of permissions tickets must match the amount of permission tickets.", Long.valueOf(4), ticketCount);
}
use of org.keycloak.representations.idm.authorization.PermissionResponse in project keycloak by keycloak.
the class PermissionManagementTest method testDeleteScopeAndPermissionTicket.
@Test
public void testDeleteScopeAndPermissionTicket() throws Exception {
ResourceRepresentation resource = addResource("Resource A", "kolo", true, "ScopeA", "ScopeB", "ScopeC");
PermissionRequest permissionRequest = new PermissionRequest(resource.getId());
permissionRequest.setScopes(new HashSet<>(Arrays.asList("ScopeA", "ScopeB", "ScopeC")));
AuthzClient authzClient = getAuthzClient();
PermissionResponse response = authzClient.protection("marta", "password").permission().create(permissionRequest);
assertNotNull(response.getTicket());
AuthorizationRequest request = new AuthorizationRequest();
request.setTicket(response.getTicket());
request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
try {
authzClient.authorization().authorize(request);
} catch (Exception e) {
}
assertEquals(3, authzClient.protection().permission().findByResource(resource.getId()).size());
AuthorizationResource authorization = getClient(getRealm()).authorization();
ResourceScopesResource scopes = authorization.scopes();
ScopeRepresentation scope = scopes.findByName("ScopeA");
List permissions = authzClient.protection().permission().findByScope(scope.getId());
assertFalse(permissions.isEmpty());
assertEquals(1, permissions.size());
resource.setScopes(Collections.emptySet());
authorization.resources().resource(resource.getId()).update(resource);
scopes.scope(scope.getId()).remove();
assertTrue(authzClient.protection().permission().findByScope(scope.getId()).isEmpty());
assertEquals(0, authzClient.protection().permission().findByResource(resource.getId()).size());
}
use of org.keycloak.representations.idm.authorization.PermissionResponse in project keycloak by keycloak.
the class UserManagedPermissionServiceTest method testPermissionInAdditionToUserGrantedPermission.
@Test
public void testPermissionInAdditionToUserGrantedPermission() {
ResourceRepresentation resource = new ResourceRepresentation();
resource.setName("Resource A");
resource.setOwnerManagedAccess(true);
resource.setOwner("marta");
resource.addScope("Scope A", "Scope B", "Scope C");
resource = getAuthzClient().protection().resource().create(resource);
PermissionResponse ticketResponse = getAuthzClient().protection().permission().create(new PermissionRequest(resource.getId(), "Scope A"));
AuthorizationRequest request = new AuthorizationRequest();
request.setTicket(ticketResponse.getTicket());
try {
getAuthzClient().authorization("kolo", "password").authorize(request);
fail("User should not have permission");
} catch (Exception e) {
assertTrue(AuthorizationDeniedException.class.isInstance(e));
assertTrue(e.getMessage().contains("request_submitted"));
}
List<PermissionTicketRepresentation> tickets = getAuthzClient().protection().permission().findByResource(resource.getId());
assertEquals(1, tickets.size());
PermissionTicketRepresentation ticket = tickets.get(0);
ticket.setGranted(true);
getAuthzClient().protection().permission().update(ticket);
AuthorizationResponse authzResponse = getAuthzClient().authorization("kolo", "password").authorize(request);
assertNotNull(authzResponse);
UmaPermissionRepresentation permission = new UmaPermissionRepresentation();
permission.setName("Custom User-Managed Permission");
permission.addScope("Scope A");
permission.addRole("role_a");
ProtectionResource protection = getAuthzClient().protection("marta", "password");
permission = protection.policy(resource.getId()).create(permission);
getAuthzClient().authorization("kolo", "password").authorize(request);
ticket.setGranted(false);
getAuthzClient().protection().permission().update(ticket);
getAuthzClient().authorization("kolo", "password").authorize(request);
permission = getAuthzClient().protection("marta", "password").policy(resource.getId()).findById(permission.getId());
assertNotNull(permission);
permission.removeRole("role_a");
permission.addRole("role_b");
getAuthzClient().protection("marta", "password").policy(resource.getId()).update(permission);
try {
getAuthzClient().authorization("kolo", "password").authorize(request);
fail("User should not have permission");
} catch (Exception e) {
assertTrue(AuthorizationDeniedException.class.isInstance(e));
}
request = new AuthorizationRequest();
request.addPermission(resource.getId());
try {
getAuthzClient().authorization("kolo", "password").authorize(request);
fail("User should not have permission");
} catch (Exception e) {
assertTrue(AuthorizationDeniedException.class.isInstance(e));
}
getAuthzClient().protection("marta", "password").policy(resource.getId()).delete(permission.getId());
try {
getAuthzClient().authorization("kolo", "password").authorize(request);
fail("User should not have permission");
} catch (Exception e) {
assertTrue(AuthorizationDeniedException.class.isInstance(e));
}
}
use of org.keycloak.representations.idm.authorization.PermissionResponse in project keycloak by keycloak.
the class AuthzClientCredentialsTest method testSuccessfulAuthorizationRequest.
@Test
public void testSuccessfulAuthorizationRequest() throws Exception {
AuthzClient authzClient = getAuthzClient("keycloak-with-jwt-authentication.json");
ProtectionResource protection = authzClient.protection();
PermissionRequest request = new PermissionRequest("Default Resource");
PermissionResponse ticketResponse = protection.permission().create(request);
String ticket = ticketResponse.getTicket();
AuthorizationResponse authorizationResponse = authzClient.authorization("marta", "password").authorize(new AuthorizationRequest(ticket));
String rpt = authorizationResponse.getToken();
assertNotNull(rpt);
AccessToken accessToken = new JWSInput(rpt).readJsonContent(AccessToken.class);
AccessToken.Authorization authorization = accessToken.getAuthorization();
assertNotNull(authorization);
List<Permission> permissions = new ArrayList<>(authorization.getPermissions());
assertFalse(permissions.isEmpty());
assertEquals("Default Resource", permissions.get(0).getResourceName());
}
Aggregations