Examples with PolicyRepresentation org.keycloak.representations.idm.authorization.PolicyRepresentation used on opensource projects

Search in sources :

Example 41 with PolicyRepresentation

use of org.keycloak.representations.idm.authorization.PolicyRepresentation in project keycloak by keycloak.

the class Permissions method name.

public <P extends PolicyTypeUI> P name(String name) {
    for (WebElement row : permissions().rows()) {
        PolicyRepresentation actual = permissions().toRepresentation(row);
        if (actual.getName().equalsIgnoreCase(name)) {
            clickLink(row.findElements(tagName("a")).get(0));
            WaitUtils.waitForPageToLoad();
            String type = actual.getType();
            if ("resource".equals(type)) {
                return (P) resourcePermission;
            } else if ("scope".equals(type)) {
                return (P) scopePermission;
            }
        }
    }
    return null;
}
Also used : AbstractPolicyRepresentation(org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) WebElement(org.openqa.selenium.WebElement)

Example 42 with PolicyRepresentation

use of org.keycloak.representations.idm.authorization.PolicyRepresentation in project keycloak by keycloak.

the class AbstractPhotozExampleAdapterTest method testInheritPermissionFromResourceParent.

@Test
public void testInheritPermissionFromResourceParent() throws Exception {
    loginToClientPage(aliceUser);
    final String RESOURCE_NAME = "My-Resource-Instance";
    clientPage.createAlbum(RESOURCE_NAME);
    clientPage.viewAlbum(RESOURCE_NAME, this::assertWasNotDenied);
    clientPage.deleteAlbum(RESOURCE_NAME, this::assertWasNotDenied);
    clientPage.createAlbum(RESOURCE_NAME);
    loginToClientPage(adminUser);
    clientPage.navigateToAdminAlbum(this::assertWasNotDenied);
    clientPage.viewAlbum(RESOURCE_NAME, this::assertWasNotDenied);
    clientPage.deleteAlbum(RESOURCE_NAME, this::assertWasNotDenied);
    loginToClientPage(aliceUser);
    clientPage.createAlbum(RESOURCE_NAME);
    ResourcesResource resourcesResource = getAuthorizationResource().resources();
    resourcesResource.resources().forEach(resource -> {
        if (resource.getName().equals(RESOURCE_NAME)) {
            try {
                PolicyRepresentation resourceInstancePermission = new PolicyRepresentation();
                resourceInstancePermission.setName(RESOURCE_NAME + "Permission");
                resourceInstancePermission.setType("resource");
                Map<String, String> config = new HashMap<>();
                config.put("resources", JsonSerialization.writeValueAsString(Arrays.asList(resource.getId())));
                config.put("applyPolicies", JsonSerialization.writeValueAsString(Arrays.asList("Only Owner Policy")));
                resourceInstancePermission.setConfig(config);
                getAuthorizationResource().policies().create(resourceInstancePermission);
            } catch (IOException e) {
                throw new RuntimeException("Error creating policy.", e);
            }
        }
    });
    loginToClientPage(adminUser);
    clientPage.viewAlbum(RESOURCE_NAME, this::assertWasDenied);
    clientPage.deleteAlbum(RESOURCE_NAME, this::assertWasDenied);
    resourcesResource.resources().forEach(resource -> {
        if (resource.getName().equals(RESOURCE_NAME)) {
            resource.setScopes(resource.getScopes().stream().filter(scope -> !scope.getName().equals("album:view")).collect(Collectors.toSet()));
            resourcesResource.resource(resource.getId()).update(resource);
        }
    });
    loginToClientPage(adminUser);
    clientPage.viewAlbum(RESOURCE_NAME, this::assertWasNotDenied);
    clientPage.deleteAlbum(RESOURCE_NAME, this::assertWasDenied);
    loginToClientPage(aliceUser);
    clientPage.deleteAlbum(RESOURCE_NAME, this::assertWasNotDenied);
    List<ResourceRepresentation> resources = resourcesResource.resources();
    assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
}
Also used : PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) Arrays(java.util.Arrays) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) RoleResource(org.keycloak.admin.client.resource.RoleResource) Matchers.not(org.hamcrest.Matchers.not) UsersResource(org.keycloak.admin.client.resource.UsersResource) HashMap(java.util.HashMap) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) ResourcesResource(org.keycloak.admin.client.resource.ResourcesResource) Map(java.util.Map) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) UserResource(org.keycloak.admin.client.resource.UserResource) ClientResource(org.keycloak.admin.client.resource.ClientResource) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) Matchers.empty(org.hamcrest.Matchers.empty) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) Assert.assertTrue(org.junit.Assert.assertTrue) IOException(java.io.IOException) Test(org.junit.Test) Collectors(java.util.stream.Collectors) PoliciesResource(org.keycloak.admin.client.resource.PoliciesResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) JsonSerialization(org.keycloak.util.JsonSerialization) List(java.util.List) Assert.assertFalse(org.junit.Assert.assertFalse) Matchers.equalTo(org.hamcrest.Matchers.equalTo) Matchers.is(org.hamcrest.Matchers.is) Matchers.anyOf(org.hamcrest.Matchers.anyOf) Matchers.containsString(org.hamcrest.Matchers.containsString) UncaughtServerErrorExpected(org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected) HashMap(java.util.HashMap) Matchers.containsString(org.hamcrest.Matchers.containsString) IOException(java.io.IOException) ResourcesResource(org.keycloak.admin.client.resource.ResourcesResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Example 43 with PolicyRepresentation

use of org.keycloak.representations.idm.authorization.PolicyRepresentation in project keycloak by keycloak.

the class AbstractPhotozExampleAdapterTest method testOverridePermissionFromResourceParent.

@Test
public void testOverridePermissionFromResourceParent() throws Exception {
    loginToClientPage(aliceUser);
    String resourceName = "My-Resource-Instance";
    clientPage.createAlbum(resourceName);
    clientPage.viewAlbum(resourceName, this::assertWasNotDenied);
    clientPage.deleteAlbum(resourceName, this::assertWasNotDenied);
    clientPage.createAlbum(resourceName);
    loginToClientPage(adminUser);
    clientPage.navigateToAdminAlbum(this::assertWasNotDenied);
    clientPage.viewAlbum(resourceName, this::assertWasNotDenied);
    clientPage.deleteAlbum(resourceName, this::assertWasNotDenied);
    loginToClientPage(aliceUser);
    clientPage.createAlbum(resourceName);
    AuthorizationResource authorizationResource = getAuthorizationResource();
    authorizationResource.resources().resources().forEach(resource -> {
        if (resource.getName().equals(resourceName)) {
            try {
                PolicyRepresentation resourceInstancePermission = new PolicyRepresentation();
                resourceInstancePermission.setName(resourceName + "Permission");
                resourceInstancePermission.setType("resource");
                Map<String, String> config = new HashMap<>();
                config.put("resources", JsonSerialization.writeValueAsString(Arrays.asList(resource.getId())));
                config.put("applyPolicies", JsonSerialization.writeValueAsString(Arrays.asList("Only Owner Policy")));
                resourceInstancePermission.setConfig(config);
                authorizationResource.policies().create(resourceInstancePermission);
            } catch (IOException e) {
                throw new RuntimeException("Error creating policy.", e);
            }
        }
    });
    printUpdatedPolicies();
    loginToClientPage(adminUser);
    clientPage.navigateToAdminAlbum(this::assertWasNotDenied);
    clientPage.viewAlbum(resourceName, this::assertWasDenied);
    clientPage.deleteAlbum(resourceName, this::assertWasDenied);
    loginToClientPage(aliceUser);
    clientPage.deleteAlbum(resourceName, this::assertWasNotDenied);
    assertThat(getResourcesOfUser("alice"), is(empty()));
}
Also used : PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) HashMap(java.util.HashMap) Matchers.containsString(org.hamcrest.Matchers.containsString) IOException(java.io.IOException) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) Test(org.junit.Test)

Example 44 with PolicyRepresentation

use of org.keycloak.representations.idm.authorization.PolicyRepresentation in project keycloak by keycloak.

the class AbstractPhotozExampleAdapterTest method testAdminWithoutPermissionsToTypedResource.

@Test
public void testAdminWithoutPermissionsToTypedResource() throws Exception {
    loginToClientPage(aliceUser);
    clientPage.createAlbum(ALICE_ALBUM_NAME);
    loginToClientPage(adminUser);
    clientPage.navigateToAdminAlbum(this::assertWasNotDenied);
    clientPage.viewAlbum(ALICE_ALBUM_NAME, this::assertWasNotDenied);
    PoliciesResource policiesResource = getAuthorizationResource().policies();
    List<PolicyRepresentation> policies = policiesResource.policies();
    for (PolicyRepresentation policy : policies) {
        if ("Album Resource Permission".equals(policy.getName())) {
            policy.getConfig().put("applyPolicies", "[\"Any User Policy\"]");
            policiesResource.policy(policy.getId()).update(policy);
        }
        if ("Any User Policy".equals(policy.getName())) {
            ClientResource resourceServerClient = getClientResource(RESOURCE_SERVER_ID);
            RoleResource manageAlbumRole = resourceServerClient.roles().get("manage-albums");
            RoleRepresentation roleRepresentation = manageAlbumRole.toRepresentation();
            List<Map<String, Object>> roles = JsonSerialization.readValue(policy.getConfig().get("roles"), List.class);
            roles = roles.stream().filter((Map map) -> !map.get("id").equals(roleRepresentation.getId())).collect(Collectors.toList());
            policy.getConfig().put("roles", JsonSerialization.writeValueAsString(roles));
            policiesResource.policy(policy.getId()).update(policy);
        }
    }
    printUpdatedPolicies();
    // Clear cache
    loginToClientPage(adminUser);
    clientPage.navigateToAdminAlbum(this::assertWasNotDenied);
    clientPage.viewAlbum(ALICE_ALBUM_NAME, this::assertWasDenied);
    clientPage.deleteAlbum(ALICE_ALBUM_NAME, this::assertWasDenied);
    for (PolicyRepresentation policy : policies) {
        if ("Album Resource Permission".equals(policy.getName())) {
            policy.getConfig().put("applyPolicies", "[\"Any User Policy\", \"Administration Policy\"]");
            policiesResource.policy(policy.getId()).update(policy);
        }
    }
    printUpdatedPolicies();
    // Clear cache
    loginToClientPage(adminUser);
    clientPage.viewAlbum(ALICE_ALBUM_NAME, this::assertWasNotDenied);
    clientPage.deleteAlbum(ALICE_ALBUM_NAME, this::assertWasNotDenied);
    assertThat(getResourcesOfUser("alice"), is(empty()));
}
Also used : PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) RoleResource(org.keycloak.admin.client.resource.RoleResource) ClientResource(org.keycloak.admin.client.resource.ClientResource) PoliciesResource(org.keycloak.admin.client.resource.PoliciesResource) HashMap(java.util.HashMap) Map(java.util.Map) Test(org.junit.Test)

Example 45 with PolicyRepresentation

use of org.keycloak.representations.idm.authorization.PolicyRepresentation in project keycloak by keycloak.

the class LifespanAdapterTest method testPathConfigInvalidation.

@Test
public void testPathConfigInvalidation() throws Exception {
    loginToClientPage(aliceUser);
    assertSuccess();
    ResourceRepresentation resource = getAuthorizationResource().resources().findByName("Profile Resource").get(0);
    AuthorizationResource authorizationResource = getAuthorizationResource();
    authorizationResource.resources().resource(resource.getId()).remove();
    assertThat(getAuthorizationResource().resources().findByName("Profile Resource").isEmpty(), Matchers.is(true));
    loginToClientPage(aliceUser);
    // should throw an error because the resource was removed and cache entry did not expire yet
    assertFailure();
    setTimeOffsetOfAdapter(40);
    loginToClientPage(aliceUser);
    assertSuccess();
    setTimeOffsetOfAdapter(0);
    try (Response response = authorizationResource.resources().create(resource)) {
        resource = response.readEntity(ResourceRepresentation.class);
    }
    loginToClientPage(aliceUser);
    assertSuccess();
    RealmResource realm = this.realmsResouce().realm(REALM_NAME);
    UserRepresentation userRepresentation = realm.users().search(aliceUser.getUsername()).get(0);
    UserResource userResource = realm.users().get(userRepresentation.getId());
    userRepresentation.setEmail("alice@anotherdomain.org");
    userResource.update(userRepresentation);
    loginToClientPage(aliceUser);
    assertTicket();
    try {
        PolicyRepresentation resourceInstancePermission = new PolicyRepresentation();
        resourceInstancePermission.setName("View User Permission");
        resourceInstancePermission.setType("resource");
        Map<String, String> config = new HashMap<>();
        config.put("resources", JsonSerialization.writeValueAsString(Collections.singletonList(resource.getId())));
        config.put("applyPolicies", JsonSerialization.writeValueAsString(Collections.singletonList("Only From @keycloak.org or Admin")));
        resourceInstancePermission.setConfig(config);
        authorizationResource.policies().create(resourceInstancePermission);
    } catch (IOException e) {
        throw new RuntimeException("Error creating policy.", e);
    }
    loginToClientPage(aliceUser);
    // should throw an error because the resource was removed and cache entry did not expire yet
    assertFailure();
    userRepresentation.setEmail("alice@keycloak.org");
    userResource.update(userRepresentation);
    loginToClientPage(aliceUser);
    assertSuccess();
}
Also used : Response(javax.ws.rs.core.Response) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) HashMap(java.util.HashMap) RealmResource(org.keycloak.admin.client.resource.RealmResource) UserResource(org.keycloak.admin.client.resource.UserResource) IOException(java.io.IOException) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Test(org.junit.Test)

Aggregations

PolicyRepresentation (org.keycloak.representations.idm.authorization.PolicyRepresentation)58 Test (org.junit.Test)26 HashMap (java.util.HashMap)20 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)19 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)18 Response (javax.ws.rs.core.Response)15 List (java.util.List)12 Map (java.util.Map)12 IOException (java.io.IOException)10 ArrayList (java.util.ArrayList)10 Collectors (java.util.stream.Collectors)10 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)10 AbstractPolicyRepresentation (org.keycloak.representations.idm.authorization.AbstractPolicyRepresentation)10 ScopeRepresentation (org.keycloak.representations.idm.authorization.ScopeRepresentation)10 UserPolicyRepresentation (org.keycloak.representations.idm.authorization.UserPolicyRepresentation)10 WebElement (org.openqa.selenium.WebElement)10 Set (java.util.Set)9 Policy (org.keycloak.authorization.model.Policy)9 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)9 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial