Examples with PolicyRepresentation org.keycloak.representations.idm.authorization.PolicyRepresentation used on opensource projects

Search in sources :

Example 16 with PolicyRepresentation

use of org.keycloak.representations.idm.authorization.PolicyRepresentation in project keycloak by keycloak.

the class AbstractPhotozExampleAdapterTest method testPathConfigInvalidation.

@Test
public void testPathConfigInvalidation() throws Exception {
    loginToClientPage(aliceUser);
    clientPage.createAlbum(ALICE_ALBUM_NAME);
    loginToClientPage(adminUser);
    clientPage.navigateToAdminAlbum(this::assertWasNotDenied);
    log.debug("Check if alice has resources stored");
    assertThat(getResourcesOfUser("alice"), is(not(empty())));
    log.debug("Adding applyPolicies \"Only Owner Policy\" to \"Delete Album Permission\" policies.");
    for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
        if ("Delete Album Permission".equals(policy.getName())) {
            policy.getConfig().put("applyPolicies", "[\"Only Owner Policy\"]");
            getAuthorizationResource().policies().policy(policy.getId()).update(policy);
        }
    }
    printUpdatedPolicies();
    loginToClientPage(adminUser);
    clientPage.navigateToAdminAlbum(this::assertWasNotDenied);
    clientPage.deleteAlbum(ALICE_ALBUM_NAME, this::assertWasDenied);
    log.debug("Check if alice has resources stored");
    assertThat(getResourcesOfUser("alice"), is(not(empty())));
    log.debug("Adding applyPolicies \"Only Owner and Administrators Policy\" to \"Delete Album Permission\" policies.");
    for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
        if ("Delete Album Permission".equals(policy.getName())) {
            policy.getConfig().put("applyPolicies", "[\"Only Owner and Administrators Policy\"]");
            getAuthorizationResource().policies().policy(policy.getId()).update(policy);
        }
    }
    printUpdatedPolicies();
    clientPage.navigateToAdminAlbum(this::assertWasNotDenied);
    clientPage.deleteAlbum(ALICE_ALBUM_NAME, this::assertWasNotDenied);
    log.debug("Check if alice has resources deleted");
    assertThat(getResourcesOfUser("alice"), is(empty()));
}
Also used : PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) Test(org.junit.Test)

Example 17 with PolicyRepresentation

use of org.keycloak.representations.idm.authorization.PolicyRepresentation in project keycloak by keycloak.

the class AbstractPhotozExampleAdapterTest method testAdminWithoutPermissionsToDeleteAlbum.

@Test
public void testAdminWithoutPermissionsToDeleteAlbum() throws Exception {
    loginToClientPage(aliceUser);
    clientPage.createAlbum(ALICE_ALBUM_NAME);
    loginToClientPage(adminUser);
    clientPage.navigateToAdminAlbum(this::assertWasNotDenied);
    clientPage.viewAlbum(ALICE_ALBUM_NAME, this::assertWasNotDenied);
    clientPage.deleteAlbum(ALICE_ALBUM_NAME, this::assertWasNotDenied);
    assertThat(getResourcesOfUser("alice"), is(empty()));
    PoliciesResource policiesResource = getAuthorizationResource().policies();
    List<PolicyRepresentation> policies = policiesResource.policies();
    for (PolicyRepresentation policy : policies) {
        if ("Delete Album Permission".equals(policy.getName())) {
            policy.getConfig().put("applyPolicies", "[\"Only Owner Policy\"]");
            policiesResource.policy(policy.getId()).update(policy);
        }
    }
    printUpdatedPolicies();
    loginToClientPage(aliceUser);
    clientPage.createAlbum(ALICE_ALBUM_NAME);
    loginToClientPage(adminUser);
    clientPage.viewAlbum(ALICE_ALBUM_NAME, this::assertWasNotDenied);
    assertThat(getResourcesOfUser("alice"), is(not(empty())));
    clientPage.deleteAlbum(ALICE_ALBUM_NAME, this::assertWasDenied);
    for (PolicyRepresentation policy : policies) {
        if ("Delete Album Permission".equals(policy.getName())) {
            policy.getConfig().put("applyPolicies", "[\"Only Owner and Administrators Policy\"]");
            policiesResource.policy(policy.getId()).update(policy);
        }
    }
    printUpdatedPolicies();
    // Clear cache
    loginToClientPage(adminUser);
    clientPage.deleteAlbum(ALICE_ALBUM_NAME, this::assertWasNotDenied);
    assertThat(getResourcesOfUser("alice"), is(empty()));
}
Also used : PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) PoliciesResource(org.keycloak.admin.client.resource.PoliciesResource) Test(org.junit.Test)

Example 18 with PolicyRepresentation

use of org.keycloak.representations.idm.authorization.PolicyRepresentation in project keycloak by keycloak.

the class AbstractPhotozExampleAdapterTest method testAdminOnlyFromSpecificAddress.

@Test
public void testAdminOnlyFromSpecificAddress() throws Exception {
    loginToClientPage(adminUser);
    clientPage.navigateToAdminAlbum(this::assertWasNotDenied);
    log.debug("Changing codes \"127.0.0.1\" to \"127.3.3.3\" of \"Only From a Specific Client Address\" policies.");
    for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
        if ("Only From a Specific Client Address".equals(policy.getName())) {
            String code = policy.getConfig().get("code").replaceAll("127.0.0.1", "127.3.3.3").replaceAll("0:0:0:0:0:0:0:1", "0:0:0:0:0:ffff:7f03:303");
            policy.getConfig().put("code", code);
            getAuthorizationResource().policies().policy(policy.getId()).update(policy);
        }
    }
    printUpdatedPolicies();
    loginToClientPage(adminUser);
    clientPage.navigateToAdminAlbum(this::assertWasDenied);
}
Also used : PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) Matchers.containsString(org.hamcrest.Matchers.containsString) Test(org.junit.Test)

Example 19 with PolicyRepresentation

use of org.keycloak.representations.idm.authorization.PolicyRepresentation in project keycloak by keycloak.

the class AbstractPhotozExampleAdapterTest method testClientRoleNotRequired.

@Test
public void testClientRoleNotRequired() throws Exception {
    loginToClientPage(aliceUser);
    clientPage.createAlbum(ALICE_ALBUM_NAME);
    clientPage.viewAlbum(ALICE_ALBUM_NAME, this::assertWasNotDenied);
    UsersResource usersResource = realmsResouce().realm(REALM_NAME).users();
    List<UserRepresentation> users = usersResource.search("alice", null, null, null, null, null);
    assertFalse(users.isEmpty());
    UserRepresentation userRepresentation = users.get(0);
    UserResource userResource = usersResource.get(userRepresentation.getId());
    ClientResource html5ClientApp = getClientResource("photoz-html5-client");
    userResource.revokeConsent(html5ClientApp.toRepresentation().getClientId());
    ClientResource resourceServerClient = getClientResource(RESOURCE_SERVER_ID);
    RoleResource manageAlbumRole = resourceServerClient.roles().get("manage-albums");
    RoleRepresentation roleRepresentation = manageAlbumRole.toRepresentation();
    setManageAlbumScopeRequired();
    manageAlbumRole.update(roleRepresentation);
    loginToClientPage(aliceUser);
    clientPage.viewAlbum(ALICE_ALBUM_NAME, this::assertWasDenied);
    for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
        if ("Any User Policy".equals(policy.getName())) {
            List<Map<String, Object>> roles = JsonSerialization.readValue(policy.getConfig().get("roles"), List.class);
            roles.forEach(role -> {
                String roleId = (String) role.get("id");
                if (roleId.equals(manageAlbumRole.toRepresentation().getId())) {
                    role.put("required", false);
                }
            });
            policy.getConfig().put("roles", JsonSerialization.writeValueAsString(roles));
            getAuthorizationResource().policies().policy(policy.getId()).update(policy);
        }
    }
    printUpdatedPolicies();
    loginToClientPage(aliceUser);
    clientPage.viewAlbum(ALICE_ALBUM_NAME, this::assertWasNotDenied);
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) RoleResource(org.keycloak.admin.client.resource.RoleResource) UsersResource(org.keycloak.admin.client.resource.UsersResource) UserResource(org.keycloak.admin.client.resource.UserResource) ClientResource(org.keycloak.admin.client.resource.ClientResource) Matchers.containsString(org.hamcrest.Matchers.containsString) HashMap(java.util.HashMap) Map(java.util.Map) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Test(org.junit.Test)

Example 20 with PolicyRepresentation

use of org.keycloak.representations.idm.authorization.PolicyRepresentation in project keycloak by keycloak.

the class ConflictingScopePermissionTest method createUserPolicy.

private void createUserPolicy(String name, RealmResource realm, ClientResource client, String username) throws IOException {
    String userId = realm.users().search(username).stream().map(representation -> representation.getId()).findFirst().orElseThrow(() -> new RuntimeException("Expected user [userId]"));
    PolicyRepresentation representation = new PolicyRepresentation();
    representation.setName(name);
    representation.setType("user");
    Map<String, String> config = new HashMap<>();
    config.put("users", JsonSerialization.writeValueAsString(new String[] { userId }));
    representation.setConfig(config);
    client.authorization().policies().create(representation).close();
}
Also used : PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) HashMap(java.util.HashMap)

Aggregations

PolicyRepresentation (org.keycloak.representations.idm.authorization.PolicyRepresentation)58 Test (org.junit.Test)26 HashMap (java.util.HashMap)20 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)19 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)18 Response (javax.ws.rs.core.Response)15 List (java.util.List)12 Map (java.util.Map)12 IOException (java.io.IOException)10 ArrayList (java.util.ArrayList)10 Collectors (java.util.stream.Collectors)10 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)10 AbstractPolicyRepresentation (org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation)10 ScopeRepresentation (org.keycloak.representations.idm.authorization.ScopeRepresentation)10 UserPolicyRepresentation (org.keycloak.representations.idm.authorization.UserPolicyRepresentation)10 WebElement (org.openqa.selenium.WebElement)10 Set (java.util.Set)9 Policy (org.keycloak.authorization.model.Policy)9 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)9 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial