Examples with PolicyRepresentation org.keycloak.representations.idm.authorization.PolicyRepresentation used on opensource projects

Search in sources :

Example 6 with PolicyRepresentation

use of org.keycloak.representations.idm.authorization.PolicyRepresentation in project keycloak by keycloak.

the class ExportImportUtil method assertAuthorizationSettingsOtherApp.

private static void assertAuthorizationSettingsOtherApp(RealmResource realmRsc) {
    AuthorizationResource authzResource = ApiUtil.findAuthorizationSettings(realmRsc, "OtherApp");
    Assert.assertNotNull(authzResource);
    List<ResourceRepresentation> resources = authzResource.resources().resources();
    Assert.assertThat(resources.stream().map(ResourceRepresentation::getName).collect(Collectors.toList()), Matchers.containsInAnyOrder("Default Resource", "test"));
    List<PolicyRepresentation> policies = authzResource.policies().policies();
    Assert.assertThat(policies.stream().map(PolicyRepresentation::getName).collect(Collectors.toList()), Matchers.containsInAnyOrder("User Policy", "Default Permission", "test-permission"));
}
Also used : PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 7 with PolicyRepresentation

use of org.keycloak.representations.idm.authorization.PolicyRepresentation in project keycloak by keycloak.

the class AuthorizationTest method testEnableAuthorizationServices.

@Test
public void testEnableAuthorizationServices() {
    ClientResource clientResource = getClientResource();
    ClientRepresentation resourceServer = getResourceServer();
    RealmResource realm = realmsResouce().realm(getRealmId());
    UserRepresentation serviceAccount = realm.users().search(ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + resourceServer.getClientId()).get(0);
    Assert.assertNotNull(serviceAccount);
    List<RoleRepresentation> serviceAccountRoles = realm.users().get(serviceAccount.getId()).roles().clientLevel(resourceServer.getId()).listEffective();
    Assert.assertTrue(serviceAccountRoles.stream().anyMatch(roleRepresentation -> "uma_protection".equals(roleRepresentation.getName())));
    enableAuthorizationServices(false);
    enableAuthorizationServices(true);
    serviceAccount = clientResource.getServiceAccountUser();
    Assert.assertNotNull(serviceAccount);
    realm = realmsResouce().realm(getRealmId());
    serviceAccountRoles = realm.users().get(serviceAccount.getId()).roles().clientLevel(resourceServer.getId()).listEffective();
    Assert.assertTrue(serviceAccountRoles.stream().anyMatch(roleRepresentation -> "uma_protection".equals(roleRepresentation.getName())));
    JSPolicyRepresentation policy = new JSPolicyRepresentation();
    policy.setName("should be removed");
    policy.setCode("");
    clientResource.authorization().policies().js().create(policy);
    List<ResourceRepresentation> defaultResources = clientResource.authorization().resources().resources();
    assertEquals(1, defaultResources.size());
    List<PolicyRepresentation> defaultPolicies = clientResource.authorization().policies().policies();
    assertEquals(3, defaultPolicies.size());
    enableAuthorizationServices(false);
    enableAuthorizationServices(true);
    ResourceServerRepresentation settings = clientResource.authorization().getSettings();
    assertEquals(PolicyEnforcerConfig.EnforcementMode.ENFORCING.name(), settings.getPolicyEnforcementMode().name());
    assertTrue(settings.isAllowRemoteResourceManagement());
    assertEquals(resourceServer.getId(), settings.getClientId());
    defaultResources = clientResource.authorization().resources().resources();
    assertEquals(1, defaultResources.size());
    defaultPolicies = clientResource.authorization().policies().policies();
    assertEquals(2, defaultPolicies.size());
    serviceAccount = clientResource.getServiceAccountUser();
    Assert.assertNotNull(serviceAccount);
    serviceAccountRoles = realm.users().get(serviceAccount.getId()).roles().clientLevel(resourceServer.getId()).listEffective();
    Assert.assertTrue(serviceAccountRoles.stream().anyMatch(roleRepresentation -> "uma_protection".equals(roleRepresentation.getName())));
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) PolicyEnforcerConfig(org.keycloak.representations.adapters.config.PolicyEnforcerConfig) Assert.assertTrue(org.junit.Assert.assertTrue) Test(org.junit.Test) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) ServiceAccountConstants(org.keycloak.common.constants.ServiceAccountConstants) ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) List(java.util.List) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) Assert(org.junit.Assert) ClientResource(org.keycloak.admin.client.resource.ClientResource) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) Assert.assertEquals(org.junit.Assert.assertEquals) ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Test(org.junit.Test)

Example 8 with PolicyRepresentation

use of org.keycloak.representations.idm.authorization.PolicyRepresentation in project keycloak by keycloak.

the class ClientPolicyManagementTest method testGenericConfig.

@Test
public void testGenericConfig() {
    AuthorizationResource authorization = getClient().authorization();
    ClientPolicyRepresentation representation = new ClientPolicyRepresentation();
    representation.setName("Test Generic Config Permission");
    representation.addClient("Client A");
    ClientPoliciesResource policies = authorization.policies().client();
    try (Response response = policies.create(representation)) {
        ClientPolicyRepresentation created = response.readEntity(ClientPolicyRepresentation.class);
        PolicyResource policy = authorization.policies().policy(created.getId());
        PolicyRepresentation genericConfig = policy.toRepresentation();
        assertNotNull(genericConfig.getConfig());
        assertNotNull(genericConfig.getConfig().get("clients"));
        ClientRepresentation user = getRealm().clients().findByClientId("Client A").get(0);
        assertTrue(genericConfig.getConfig().get("clients").contains(user.getId()));
    }
}
Also used : Response(javax.ws.rs.core.Response) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) ClientPolicyRepresentation(org.keycloak.representations.idm.authorization.ClientPolicyRepresentation) ClientPolicyResource(org.keycloak.admin.client.resource.ClientPolicyResource) PolicyResource(org.keycloak.admin.client.resource.PolicyResource) ClientPoliciesResource(org.keycloak.admin.client.resource.ClientPoliciesResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test)

Example 9 with PolicyRepresentation

use of org.keycloak.representations.idm.authorization.PolicyRepresentation in project keycloak by keycloak.

the class ExportAuthorizationSettingsTest method testRoleBasedPolicyWithMultipleRoles.

// KEYCLOAK-4983
@Test
public void testRoleBasedPolicyWithMultipleRoles() {
    ClientResource clientResource = getClientResource();
    AuthorizationResource authorizationResource = clientResource.authorization();
    testRealmResource().clients().create(ClientBuilder.create().clientId("test-client-1").build()).close();
    testRealmResource().clients().create(ClientBuilder.create().clientId("test-client-2").build()).close();
    ClientRepresentation client1 = getClientByClientId("test-client-1");
    ClientRepresentation client2 = getClientByClientId("test-client-2");
    testRealmResource().clients().get(client1.getId()).roles().create(RoleBuilder.create().name("client-role").build());
    testRealmResource().clients().get(client2.getId()).roles().create(RoleBuilder.create().name("client-role").build());
    RoleRepresentation role1 = testRealmResource().clients().get(client1.getId()).roles().get("client-role").toRepresentation();
    RoleRepresentation role2 = testRealmResource().clients().get(client2.getId()).roles().get("client-role").toRepresentation();
    PolicyRepresentation policy = new PolicyRepresentation();
    policy.setName("role-based-policy");
    policy.setType("role");
    Map<String, String> config = new HashMap<>();
    config.put("roles", "[{\"id\":\"" + role1.getId() + "\"},{\"id\":\"" + role2.getId() + "\"}]");
    policy.setConfig(config);
    try (Response create = authorizationResource.policies().create(policy)) {
        Assert.assertEquals(Status.CREATED, create.getStatusInfo());
    }
    // export authorization settings
    ResourceServerRepresentation exportSettings = authorizationResource.exportSettings();
    boolean found = false;
    for (PolicyRepresentation p : exportSettings.getPolicies()) {
        if (p.getName().equals("role-based-policy")) {
            found = true;
            Assert.assertTrue(p.getConfig().get("roles").contains("test-client-1/client-role") && p.getConfig().get("roles").contains("test-client-2/client-role"));
        }
    }
    if (!found) {
        Assert.fail("Policy \"role-based-policy\" was not found in exported settings.");
    }
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) Response(javax.ws.rs.core.Response) HashMap(java.util.HashMap) ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test)

Example 10 with PolicyRepresentation

use of org.keycloak.representations.idm.authorization.PolicyRepresentation in project keycloak by keycloak.

the class ExportAuthorizationSettingsTest method testResourceBasedPermission.

// KEYCLOAK-4341
@Test
public void testResourceBasedPermission() throws Exception {
    String permissionName = "resource-based-permission";
    ClientResource clientResource = getClientResource();
    AuthorizationResource authorizationResource = clientResource.authorization();
    // get Default Resource
    List<ResourceRepresentation> resources = authorizationResource.resources().findByName("Default Resource");
    Assert.assertTrue(resources.size() == 1);
    ResourceRepresentation resource = resources.get(0);
    // get Default Policy
    PolicyRepresentation policy = authorizationResource.policies().findByName("Default Policy");
    // create Resource-based permission and add default policy/resource
    ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
    permission.setName(permissionName);
    permission.addPolicy(policy.getId());
    permission.addResource(resource.getId());
    Response create = authorizationResource.permissions().resource().create(permission);
    try {
        Assert.assertEquals(Status.CREATED, create.getStatusInfo());
    } finally {
        create.close();
    }
    // export authorization settings
    ResourceServerRepresentation exportSettings = authorizationResource.exportSettings();
    // check exported settings contains both resources/applyPolicies
    boolean found = false;
    for (PolicyRepresentation p : exportSettings.getPolicies()) {
        if (p.getName().equals(permissionName)) {
            found = true;
            Assert.assertEquals("[\"Default Resource\"]", p.getConfig().get("resources"));
            Assert.assertEquals("[\"Default Policy\"]", p.getConfig().get("applyPolicies"));
        }
    }
    Assert.assertTrue("Permission \"role-based-permission\" was not found.", found);
}
Also used : PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) Response(javax.ws.rs.core.Response) ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) Test(org.junit.Test)

Aggregations

PolicyRepresentation (org.keycloak.representations.idm.authorization.PolicyRepresentation)58 Test (org.junit.Test)26 HashMap (java.util.HashMap)20 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)19 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)18 Response (javax.ws.rs.core.Response)15 List (java.util.List)12 Map (java.util.Map)12 IOException (java.io.IOException)10 ArrayList (java.util.ArrayList)10 Collectors (java.util.stream.Collectors)10 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)10 AbstractPolicyRepresentation (org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation)10 ScopeRepresentation (org.keycloak.representations.idm.authorization.ScopeRepresentation)10 UserPolicyRepresentation (org.keycloak.representations.idm.authorization.UserPolicyRepresentation)10 WebElement (org.openqa.selenium.WebElement)10 Set (java.util.Set)9 Policy (org.keycloak.authorization.model.Policy)9 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)9 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial