Examples with PermissionTicketRepresentation org.keycloak.representations.idm.authorization.PermissionTicketRepresentation used on opensource projects

Search in sources :

Example 11 with PermissionTicketRepresentation

use of org.keycloak.representations.idm.authorization.PermissionTicketRepresentation in project keycloak by keycloak.

the class UserManagedPermissionServiceTest method testPermissionInAdditionToUserGrantedPermission.

@Test
public void testPermissionInAdditionToUserGrantedPermission() {
    ResourceRepresentation resource = new ResourceRepresentation();
    resource.setName("Resource A");
    resource.setOwnerManagedAccess(true);
    resource.setOwner("marta");
    resource.addScope("Scope A", "Scope B", "Scope C");
    resource = getAuthzClient().protection().resource().create(resource);
    PermissionResponse ticketResponse = getAuthzClient().protection().permission().create(new PermissionRequest(resource.getId(), "Scope A"));
    AuthorizationRequest request = new AuthorizationRequest();
    request.setTicket(ticketResponse.getTicket());
    try {
        getAuthzClient().authorization("kolo", "password").authorize(request);
        fail("User should not have permission");
    } catch (Exception e) {
        assertTrue(AuthorizationDeniedException.class.isInstance(e));
        assertTrue(e.getMessage().contains("request_submitted"));
    }
    List<PermissionTicketRepresentation> tickets = getAuthzClient().protection().permission().findByResource(resource.getId());
    assertEquals(1, tickets.size());
    PermissionTicketRepresentation ticket = tickets.get(0);
    ticket.setGranted(true);
    getAuthzClient().protection().permission().update(ticket);
    AuthorizationResponse authzResponse = getAuthzClient().authorization("kolo", "password").authorize(request);
    assertNotNull(authzResponse);
    UmaPermissionRepresentation permission = new UmaPermissionRepresentation();
    permission.setName("Custom User-Managed Permission");
    permission.addScope("Scope A");
    permission.addRole("role_a");
    ProtectionResource protection = getAuthzClient().protection("marta", "password");
    permission = protection.policy(resource.getId()).create(permission);
    getAuthzClient().authorization("kolo", "password").authorize(request);
    ticket.setGranted(false);
    getAuthzClient().protection().permission().update(ticket);
    getAuthzClient().authorization("kolo", "password").authorize(request);
    permission = getAuthzClient().protection("marta", "password").policy(resource.getId()).findById(permission.getId());
    assertNotNull(permission);
    permission.removeRole("role_a");
    permission.addRole("role_b");
    getAuthzClient().protection("marta", "password").policy(resource.getId()).update(permission);
    try {
        getAuthzClient().authorization("kolo", "password").authorize(request);
        fail("User should not have permission");
    } catch (Exception e) {
        assertTrue(AuthorizationDeniedException.class.isInstance(e));
    }
    request = new AuthorizationRequest();
    request.addPermission(resource.getId());
    try {
        getAuthzClient().authorization("kolo", "password").authorize(request);
        fail("User should not have permission");
    } catch (Exception e) {
        assertTrue(AuthorizationDeniedException.class.isInstance(e));
    }
    getAuthzClient().protection("marta", "password").policy(resource.getId()).delete(permission.getId());
    try {
        getAuthzClient().authorization("kolo", "password").authorize(request);
        fail("User should not have permission");
    } catch (Exception e) {
        assertTrue(AuthorizationDeniedException.class.isInstance(e));
    }
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) PermissionTicketRepresentation(org.keycloak.representations.idm.authorization.PermissionTicketRepresentation) PermissionResponse(org.keycloak.representations.idm.authorization.PermissionResponse) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException) NotFoundException(javax.ws.rs.NotFoundException) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 12 with PermissionTicketRepresentation

use of org.keycloak.representations.idm.authorization.PermissionTicketRepresentation in project keycloak by keycloak.

the class ResourcesRestServiceTest method testGetPermissionRequests.

@Test
public void testGetPermissionRequests() {
    Resource resource = getMyResources().get(0);
    List<Permission> requests = doGet("/" + resource.getId() + "/permissions/requests", new TypeReference<List<Permission>>() {
    });
    assertTrue(requests.isEmpty());
    for (String userName : userNames) {
        List<String> scopes = new ArrayList<>();
        if ("bob".equals(userName)) {
            scopes.add("Scope D");
        } else if ("alice".equals(userName)) {
            scopes.add("Scope C");
        } else if ("jdoe".equals(userName)) {
            scopes.add("Scope C");
            scopes.add("Scope D");
        }
        for (String scope : scopes) {
            PermissionTicketRepresentation ticket = new PermissionTicketRepresentation();
            ticket.setGranted(false);
            ticket.setOwner("test-user@localhost");
            ticket.setRequesterName(userName);
            ticket.setResource(resource.getId());
            ticket.setScopeName(scope);
            authzClient.protection("test-user@localhost", "password").permission().create(ticket);
        }
    }
    requests = doGet("/" + resource.getId() + "/permissions/requests", new TypeReference<List<Permission>>() {
    });
    assertEquals(3, requests.size());
    Iterator<Permission> iterator = requests.iterator();
    while (iterator.hasNext()) {
        Permission permission = iterator.next();
        String username = permission.getUsername();
        List<String> scopes = permission.getScopes();
        if ("bob".equals(username)) {
            assertEquals(1, scopes.size());
            assertTrue(scopes.contains("Scope D"));
            iterator.remove();
        } else if ("alice".equals(username)) {
            assertEquals(1, scopes.size());
            assertTrue(scopes.contains("Scope C"));
            iterator.remove();
        } else if ("jdoe".equals(username)) {
            assertEquals(2, scopes.size());
            assertTrue(scopes.contains("Scope C"));
            assertTrue(scopes.contains("Scope D"));
            iterator.remove();
        }
    }
    assertTrue(requests.isEmpty());
}
Also used : Resource(org.keycloak.services.resources.account.resources.AbstractResourceService.Resource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) ClientResource(org.keycloak.admin.client.resource.ClientResource) Permission(org.keycloak.services.resources.account.resources.AbstractResourceService.Permission) ArrayList(java.util.ArrayList) PermissionTicketRepresentation(org.keycloak.representations.idm.authorization.PermissionTicketRepresentation) ArrayList(java.util.ArrayList) LinkedList(java.util.LinkedList) List(java.util.List) TypeReference(com.fasterxml.jackson.core.type.TypeReference) Test(org.junit.Test)

Example 13 with PermissionTicketRepresentation

use of org.keycloak.representations.idm.authorization.PermissionTicketRepresentation in project keycloak by keycloak.

the class ResourcesRestServiceTest method before.

@Override
public void before() {
    super.before();
    ClientResource resourceServer = getResourceServer();
    authzClient = createAuthzClient(resourceServer.toRepresentation());
    AuthorizationResource authorization = resourceServer.authorization();
    for (int i = 0; i < 30; i++) {
        ResourceRepresentation resource = new ResourceRepresentation();
        resource.setOwnerManagedAccess(true);
        try {
            resource.setOwner(JsonSerialization.readValue(new JWSInput(tokenUtil.getToken()).getContent(), AccessToken.class).getSubject());
        } catch (Exception cause) {
            throw new RuntimeException("Failed to parse access token", cause);
        }
        resource.setName("Resource " + i);
        resource.setDisplayName("Display Name " + i);
        resource.setIconUri("Icon Uri " + i);
        resource.addScope("Scope A", "Scope B", "Scope C", "Scope D");
        resource.setUri("http://resourceServer.com/resources/" + i);
        try (Response response1 = authorization.resources().create(resource)) {
            resource.setId(response1.readEntity(ResourceRepresentation.class).getId());
            assertTrue(resource.getId() != null);
        }
        for (String scope : Arrays.asList("Scope A", "Scope B")) {
            PermissionTicketRepresentation ticket = new PermissionTicketRepresentation();
            ticket.setGranted(true);
            ticket.setOwner(resource.getOwner().getId());
            ticket.setRequesterName(userNames.get(i % userNames.size()));
            ticket.setResource(resource.getId());
            ticket.setScopeName(scope);
            authzClient.protection("test-user@localhost", "password").permission().create(ticket);
        }
    }
}
Also used : Response(javax.ws.rs.core.Response) PermissionTicketRepresentation(org.keycloak.representations.idm.authorization.PermissionTicketRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) JWSInput(org.keycloak.jose.jws.JWSInput) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) IOException(java.io.IOException) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 14 with PermissionTicketRepresentation

use of org.keycloak.representations.idm.authorization.PermissionTicketRepresentation in project keycloak by keycloak.

the class ResourcesRestServiceTest method testApprovePermissionRequest.

@Test
public void testApprovePermissionRequest() throws IOException {
    Resource resource = getMyResources().get(0);
    List<Permission> requests = doGet("/" + resource.getId() + "/permissions/requests", new TypeReference<List<Permission>>() {
    });
    assertTrue(requests.isEmpty());
    for (String userName : userNames) {
        List<String> scopes = new ArrayList<>();
        if ("bob".equals(userName)) {
            scopes.add("Scope D");
        } else if ("alice".equals(userName)) {
            scopes.add("Scope C");
        } else if ("jdoe".equals(userName)) {
            scopes.add("Scope C");
            scopes.add("Scope D");
        }
        for (String scope : scopes) {
            PermissionTicketRepresentation ticket = new PermissionTicketRepresentation();
            ticket.setGranted(false);
            ticket.setOwner("test-user@localhost");
            ticket.setRequesterName(userName);
            ticket.setResource(resource.getId());
            ticket.setScopeName(scope);
            authzClient.protection("test-user@localhost", "password").permission().create(ticket);
        }
    }
    requests = doGet("/" + resource.getId() + "/permissions/requests", new TypeReference<List<Permission>>() {
    });
    assertEquals(3, requests.size());
    Iterator<Permission> iterator = requests.iterator();
    while (iterator.hasNext()) {
        Permission permission = iterator.next();
        String username = permission.getUsername();
        List<String> scopes = permission.getScopes();
        if ("bob".equals(username)) {
            scopes.clear();
        } else if ("jdoe".equals(username)) {
            scopes.remove("Scope C");
        }
    }
    SimpleHttp.doPut(getAccountUrl("resources/" + resource.getId() + "/permissions"), httpClient).auth(tokenUtil.getToken()).json(requests).asResponse();
    requests = doGet("/" + resource.getId() + "/permissions/requests", new TypeReference<List<Permission>>() {
    });
    assertTrue(requests.isEmpty());
    for (String user : Arrays.asList("alice", "jdoe")) {
        AbstractResourceService.ResourcePermission sharedResource = getSharedWithMe(user).stream().filter(resource1 -> resource1.getId().equals(resource.getId())).findAny().orElse(null);
        assertNotNull(sharedResource);
        Set<ScopeRepresentation> scopes = sharedResource.getScopes();
        if ("alice".equals(user)) {
            assertEquals(1, scopes.size());
            assertTrue(scopes.stream().anyMatch(scope -> "Scope C".equals(scope.getName())));
        } else if ("jdoe".equals(user)) {
            assertEquals(1, scopes.size());
            assertTrue(scopes.stream().anyMatch(scope -> "Scope D".equals(scope.getName())));
        }
    }
}
Also used : ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Arrays(java.util.Arrays) BeforeClass(org.junit.BeforeClass) Profile(org.keycloak.common.Profile) Resource(org.keycloak.services.resources.account.resources.AbstractResourceService.Resource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) HashMap(java.util.HashMap) AuthzClient(org.keycloak.authorization.client.AuthzClient) ArrayList(java.util.ArrayList) Assert.assertThat(org.junit.Assert.assertThat) Configuration(org.keycloak.authorization.client.Configuration) SimpleHttp(org.keycloak.broker.provider.util.SimpleHttp) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) AccessToken(org.keycloak.representations.AccessToken) UserBuilder(org.keycloak.testsuite.util.UserBuilder) Map(java.util.Map) Assert.fail(org.junit.Assert.fail) ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation) TypeReference(com.fasterxml.jackson.core.type.TypeReference) LinkedList(java.util.LinkedList) ClientResource(org.keycloak.admin.client.resource.ClientResource) ProfileAssume(org.keycloak.testsuite.ProfileAssume) AbstractResourceService(org.keycloak.services.resources.account.resources.AbstractResourceService) TokenUtil(org.keycloak.testsuite.util.TokenUtil) OAuth2ErrorRepresentation(org.keycloak.representations.idm.OAuth2ErrorRepresentation) JWSInput(org.keycloak.jose.jws.JWSInput) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Iterator(java.util.Iterator) Assert.assertNotNull(org.junit.Assert.assertNotNull) KeycloakUriBuilder(org.keycloak.common.util.KeycloakUriBuilder) Set(java.util.Set) Assert.assertTrue(org.junit.Assert.assertTrue) Test(org.junit.Test) IOException(java.io.IOException) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) PermissionTicketRepresentation(org.keycloak.representations.idm.authorization.PermissionTicketRepresentation) JsonSerialization(org.keycloak.util.JsonSerialization) Consumer(java.util.function.Consumer) List(java.util.List) AccountRoles(org.keycloak.models.AccountRoles) Assert.assertNull(org.junit.Assert.assertNull) Response(javax.ws.rs.core.Response) Permission(org.keycloak.services.resources.account.resources.AbstractResourceService.Permission) ClientBuilder(org.keycloak.testsuite.util.ClientBuilder) Collections(java.util.Collections) Assert.assertEquals(org.junit.Assert.assertEquals) Resource(org.keycloak.services.resources.account.resources.AbstractResourceService.Resource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) ClientResource(org.keycloak.admin.client.resource.ClientResource) ArrayList(java.util.ArrayList) AbstractResourceService(org.keycloak.services.resources.account.resources.AbstractResourceService) Permission(org.keycloak.services.resources.account.resources.AbstractResourceService.Permission) PermissionTicketRepresentation(org.keycloak.representations.idm.authorization.PermissionTicketRepresentation) ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation) ArrayList(java.util.ArrayList) LinkedList(java.util.LinkedList) List(java.util.List) TypeReference(com.fasterxml.jackson.core.type.TypeReference) Test(org.junit.Test)

Aggregations

PermissionTicketRepresentation (org.keycloak.representations.idm.authorization.PermissionTicketRepresentation)14 Test (org.junit.Test)12 AuthorizationDeniedException (org.keycloak.authorization.client.AuthorizationDeniedException)8 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)8 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)8 Permission (org.keycloak.representations.idm.authorization.Permission)7 AccessToken (org.keycloak.representations.AccessToken)6 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)6 ArrayList (java.util.ArrayList)5 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)5 ClientResource (org.keycloak.admin.client.resource.ClientResource)5 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)5 AuthzClient (org.keycloak.authorization.client.AuthzClient)4 PermissionResource (org.keycloak.authorization.client.resource.PermissionResource)4 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)4 PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)4 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)4 IOException (java.io.IOException)3 List (java.util.List)3 Response (javax.ws.rs.core.Response)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial