Example 6 with PermissionTicketToken
use of org.keycloak.representations.idm.authorization.PermissionTicketToken in project keycloak by keycloak.
the class PermissionManagementTest method assertPersistence.
private void assertPersistence(PermissionResponse response, ResourceRepresentation resource, String... scopeNames) throws Exception {
String ticket = response.getTicket();
assertNotNull(ticket);
int expectedPermissions = scopeNames.length > 0 ? scopeNames.length : 1;
List<PermissionTicketRepresentation> tickets = getAuthzClient().protection().permission().findByResource(resource.getId());
assertEquals(expectedPermissions, tickets.size());
PermissionTicketToken token = new JWSInput(ticket).readJsonContent(PermissionTicketToken.class);
List<Permission> tokenPermissions = token.getPermissions();
assertNotNull(tokenPermissions);
assertEquals(expectedPermissions, scopeNames.length > 0 ? scopeNames.length : tokenPermissions.size());
Iterator<Permission> permissionIterator = tokenPermissions.iterator();
while (permissionIterator.hasNext()) {
Permission resourcePermission = permissionIterator.next();
long count = tickets.stream().filter(representation -> representation.getResource().equals(resourcePermission.getResourceId())).count();
if (count == (scopeNames.length > 0 ? scopeNames.length : 1)) {
permissionIterator.remove();
}
}
assertTrue(tokenPermissions.isEmpty());
ArrayList<PermissionTicketRepresentation> expectedTickets = new ArrayList<>(tickets);
Iterator<PermissionTicketRepresentation> ticketIterator = expectedTickets.iterator();
while (ticketIterator.hasNext()) {
PermissionTicketRepresentation ticketRep = ticketIterator.next();
assertFalse(ticketRep.isGranted());
if (ticketRep.getScope() != null) {
ScopeRepresentation scope = getClient(getRealm()).authorization().scopes().scope(ticketRep.getScope()).toRepresentation();
if (Arrays.asList(scopeNames).contains(scope.getName())) {
ticketIterator.remove();
}
} else if (ticketRep.getResource().equals(resource.getId())) {
ticketIterator.remove();
}
}
assertTrue(expectedTickets.isEmpty());
}
Also used :
Arrays(java.util.Arrays)
ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)
AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)
Permission(org.keycloak.representations.idm.authorization.Permission)
Matchers.not(org.hamcrest.Matchers.not)
AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource)
HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException)
AuthzClient(org.keycloak.authorization.client.AuthzClient)
ArrayList(java.util.ArrayList)
Assert.assertThat(org.junit.Assert.assertThat)
HashSet(java.util.HashSet)
Assert.fail(org.junit.Assert.fail)
PermissionTicketToken(org.keycloak.representations.idm.authorization.PermissionTicketToken)
ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation)
AuthServer(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer)
ResourceScopesResource(org.keycloak.admin.client.resource.ResourceScopesResource)
JWSInput(org.keycloak.jose.jws.JWSInput)
Matchers.empty(org.hamcrest.Matchers.empty)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
Iterator(java.util.Iterator)
Assert.assertNotNull(org.junit.Assert.assertNotNull)
Collection(java.util.Collection)
AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest)
Assert.assertTrue(org.junit.Assert.assertTrue)
Test(org.junit.Test)
Collectors(java.util.stream.Collectors)
PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest)
PermissionTicketRepresentation(org.keycloak.representations.idm.authorization.PermissionTicketRepresentation)
List(java.util.List)
Matchers.hasItem(org.hamcrest.Matchers.hasItem)
Assert.assertFalse(org.junit.Assert.assertFalse)
Matchers.is(org.hamcrest.Matchers.is)
Collections(java.util.Collections)
Assert.assertEquals(org.junit.Assert.assertEquals)
PermissionResponse(org.keycloak.representations.idm.authorization.PermissionResponse)
PermissionTicketToken(org.keycloak.representations.idm.authorization.PermissionTicketToken)
ArrayList(java.util.ArrayList)
JWSInput(org.keycloak.jose.jws.JWSInput)
PermissionTicketRepresentation(org.keycloak.representations.idm.authorization.PermissionTicketRepresentation)
Permission(org.keycloak.representations.idm.authorization.Permission)
ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation)
Aggregations
PermissionTicketToken (org.keycloak.representations.idm.authorization.PermissionTicketToken)6
Permission (org.keycloak.representations.idm.authorization.Permission)4
ArrayList (java.util.ArrayList)2
HashMap (java.util.HashMap)2
List (java.util.List)2
Metadata (org.keycloak.representations.idm.authorization.AuthorizationRequest.Metadata)2
PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)2
CorsErrorResponseException (org.keycloak.services.CorsErrorResponseException)2
Arrays (java.util.Arrays)1
Collection (java.util.Collection)1
Collections (java.util.Collections)1
HashSet (java.util.HashSet)1
Iterator (java.util.Iterator)1
LinkedHashMap (java.util.LinkedHashMap)1
Collectors (java.util.stream.Collectors)1
Matchers.empty (org.hamcrest.Matchers.empty)1
Matchers.hasItem (org.hamcrest.Matchers.hasItem)1
Matchers.is (org.hamcrest.Matchers.is)1
Matchers.not (org.hamcrest.Matchers.not)1
Assert.assertEquals (org.junit.Assert.assertEquals)1
