Example 71 with PolicyRepresentation
use of org.keycloak.representations.idm.authorization.PolicyRepresentation in project quarkus by quarkusio.
the class KeycloakTestResource method configureClaimBasedPermission.
private static void configureClaimBasedPermission(ResourceServerRepresentation settings) {
PolicyRepresentation policy = createJSPolicy("Claim-Based Policy", "var context = $evaluation.getContext();\n" + "var attributes = context.getAttributes();\n" + "\n" + "if (attributes.containsValue('grant', 'true')) {\n" + " $evaluation.grant();\n" + "}", settings);
createPermission(settings, createResource(settings, "Claim Protected Resource", "/api/permission/claim-protected"), policy);
}
Also used :
PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation)
Example 72 with PolicyRepresentation
use of org.keycloak.representations.idm.authorization.PolicyRepresentation in project quarkus by quarkusio.
the class KeycloakTestResource method configurePermissionResourcePermission.
private static void configurePermissionResourcePermission(ResourceServerRepresentation settings) {
PolicyRepresentation policyConfidential = createJSPolicy("Confidential Policy", "var identity = $evaluation.context.identity;\n" + "\n" + "if (identity.hasRealmRole(\"confidential\")) {\n" + "$evaluation.grant();\n" + "}", settings);
createPermission(settings, createResource(settings, "Permission Resource", "/api/permission"), policyConfidential);
PolicyRepresentation policyAdmin = createJSPolicy("Admin Policy", "var identity = $evaluation.context.identity;\n" + "\n" + "if (identity.hasRealmRole(\"admin\")) {\n" + "$evaluation.grant();\n" + "}", settings);
createPermission(settings, createResource(settings, "Permission Resource Tenant", "/api-permission-tenant"), policyAdmin);
PolicyRepresentation policyUser = createJSPolicy("Superuser Policy", "var identity = $evaluation.context.identity;\n" + "\n" + "if (identity.hasRealmRole(\"superuser\")) {\n" + "$evaluation.grant();\n" + "}", settings);
createPermission(settings, createResource(settings, "Permission Resource WebApp", "/api-permission-webapp"), policyUser);
}
Also used :
PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation)
Example 73 with PolicyRepresentation
use of org.keycloak.representations.idm.authorization.PolicyRepresentation in project quarkus by quarkusio.
the class KeycloakTestResource method configureBodyClaimBasedPermission.
private static void configureBodyClaimBasedPermission(ResourceServerRepresentation settings) {
PolicyRepresentation policy = createJSPolicy("Body Claim-Based Policy", "var context = $evaluation.getContext();\n" + "print(context.getAttributes().toMap());" + "var attributes = context.getAttributes();\n" + "\n" + "if (attributes.containsValue('from-body', 'grant')) {\n" + " $evaluation.grant();\n" + "}", settings);
createPermission(settings, createResource(settings, "Body Claim Protected Resource", "/api/permission/body-claim"), policy);
}
Also used :
PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation)
Example 74 with PolicyRepresentation
use of org.keycloak.representations.idm.authorization.PolicyRepresentation in project quarkus by quarkusio.
the class KeycloakTestResource method createScopePermission.
private static void createScopePermission(ResourceServerRepresentation settings, ResourceRepresentation resource, PolicyRepresentation policy, String scope) {
PolicyRepresentation permission = new PolicyRepresentation();
permission.setName(resource.getName() + " Permission");
permission.setType("scope");
permission.setResources(new HashSet<>());
permission.getResources().add(resource.getName());
permission.setScopes(new HashSet<>());
permission.getScopes().add(scope);
permission.setPolicies(new HashSet<>());
permission.getPolicies().add(policy.getName());
settings.getPolicies().add(permission);
}
Also used :
PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation)
Example 75 with PolicyRepresentation
use of org.keycloak.representations.idm.authorization.PolicyRepresentation in project quarkus by quarkusio.
the class KeycloakTestResource method configureScopePermission.
private static void configureScopePermission(ResourceServerRepresentation settings) {
PolicyRepresentation policy = createJSPolicy("Grant Policy", "$evaluation.grant();", settings);
createScopePermission(settings, createResource(settings, "Scope Permission Resource", "/api/permission/scope", "read", "write"), policy, "read");
}
Also used :
PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation)
Aggregations
PolicyRepresentation (org.keycloak.representations.idm.authorization.PolicyRepresentation)76
Test (org.junit.Test)28
ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)20
HashMap (java.util.HashMap)19
AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)19
Response (javax.ws.rs.core.Response)14
ArrayList (java.util.ArrayList)11
List (java.util.List)11
Map (java.util.Map)11
IOException (java.io.IOException)10
RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)10
AbstractPolicyRepresentation (org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation)10
UserPolicyRepresentation (org.keycloak.representations.idm.authorization.UserPolicyRepresentation)10
WebElement (org.openqa.selenium.WebElement)10
Collectors (java.util.stream.Collectors)9
Policy (org.keycloak.authorization.model.Policy)9
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)9
ScopeRepresentation (org.keycloak.representations.idm.authorization.ScopeRepresentation)9
HashSet (java.util.HashSet)8
Set (java.util.Set)8
