Search in sources :

Example 1 with ResourcePermissionRepresentation

use of org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation in project keycloak by keycloak.

the class ResourcePolicyProviderFactory method toRepresentation.

@Override
public ResourcePermissionRepresentation toRepresentation(Policy policy, AuthorizationProvider authorization) {
    ResourcePermissionRepresentation representation = new ResourcePermissionRepresentation();
    representation.setResourceType(policy.getConfig().get("defaultResourceType"));
    return representation;
}
Also used : ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)

Example 2 with ResourcePermissionRepresentation

use of org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation in project keycloak by keycloak.

the class ServletAuthzCacheLifespanAdapterTest method testCreateNewResourceWaitExpiration.

@Test
public void testCreateNewResourceWaitExpiration() {
    performTests(() -> {
        login("alice", "alice");
        assertWasNotDenied();
        this.driver.navigate().to(getResourceServerUrl() + "/new-resource");
        assertWasNotDenied();
        ResourceRepresentation resource = new ResourceRepresentation();
        resource.setName("New Resource");
        resource.setUri("/new-resource");
        getAuthorizationResource().resources().create(resource);
        ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
        permission.setName(resource.getName() + " Permission");
        permission.addResource(resource.getName());
        permission.addPolicy("Deny Policy");
        getAuthorizationResource().permissions().resource().create(permission).readEntity(ResourcePermissionRepresentation.class);
        login("alice", "alice");
        assertWasNotDenied();
        this.driver.navigate().to(getResourceServerUrl() + "/new-resource");
        assertWasNotDenied();
        // Thread.sleep(5000);
        setTimeOffset(30);
        setTimeOffsetOfAdapter(30);
        login("alice", "alice");
        assertWasNotDenied();
        this.driver.navigate().to(getResourceServerUrl() + "/new-resource");
        assertWasDenied();
        resetTimeOffset();
        setTimeOffsetOfAdapter(0);
    });
}
Also used : ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) Test(org.junit.Test)

Example 3 with ResourcePermissionRepresentation

use of org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation in project keycloak by keycloak.

the class ExportAuthorizationSettingsTest method testResourceBasedPermission.

// KEYCLOAK-4341
@Test
public void testResourceBasedPermission() throws Exception {
    String permissionName = "resource-based-permission";
    ClientResource clientResource = getClientResource();
    AuthorizationResource authorizationResource = clientResource.authorization();
    // get Default Resource
    List<ResourceRepresentation> resources = authorizationResource.resources().findByName("Default Resource");
    Assert.assertTrue(resources.size() == 1);
    ResourceRepresentation resource = resources.get(0);
    // get Default Policy
    PolicyRepresentation policy = authorizationResource.policies().findByName("Default Policy");
    // create Resource-based permission and add default policy/resource
    ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
    permission.setName(permissionName);
    permission.addPolicy(policy.getId());
    permission.addResource(resource.getId());
    Response create = authorizationResource.permissions().resource().create(permission);
    try {
        Assert.assertEquals(Status.CREATED, create.getStatusInfo());
    } finally {
        create.close();
    }
    // export authorization settings
    ResourceServerRepresentation exportSettings = authorizationResource.exportSettings();
    // check exported settings contains both resources/applyPolicies
    boolean found = false;
    for (PolicyRepresentation p : exportSettings.getPolicies()) {
        if (p.getName().equals(permissionName)) {
            found = true;
            Assert.assertEquals("[\"Default Resource\"]", p.getConfig().get("resources"));
            Assert.assertEquals("[\"Default Policy\"]", p.getConfig().get("applyPolicies"));
        }
    }
    Assert.assertTrue("Permission \"role-based-permission\" was not found.", found);
}
Also used : PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) Response(javax.ws.rs.core.Response) ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) Test(org.junit.Test)

Example 4 with ResourcePermissionRepresentation

use of org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation in project keycloak by keycloak.

the class PolicyEnforcerTest method testUsingSubjectToken.

@Test
public void testUsingSubjectToken() {
    ClientResource clientResource = getClientResource(RESOURCE_SERVER_CLIENT_ID);
    ResourceRepresentation resource = createResource(clientResource, "Resource Subject Token", "/api/check-subject-token");
    ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
    permission.setName(resource.getName() + " Permission");
    permission.addResource(resource.getName());
    permission.addPolicy("Only User Policy");
    PermissionsResource permissions = clientResource.authorization().permissions();
    permissions.resource().create(permission).close();
    KeycloakDeployment deployment = KeycloakDeploymentBuilder.build(getAdapterConfiguration("enforcer-bearer-only.json"));
    PolicyEnforcer policyEnforcer = deployment.getPolicyEnforcer();
    OIDCHttpFacade httpFacade = createHttpFacade("/api/check-subject-token");
    AuthorizationContext context = policyEnforcer.enforce(httpFacade);
    assertFalse(context.isGranted());
    assertEquals(403, TestResponse.class.cast(httpFacade.getResponse()).getStatus());
    oauth.realm(REALM_NAME);
    oauth.clientId("public-client-test");
    oauth.doLogin("marta", "password");
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, null);
    String token = response.getAccessToken();
    httpFacade = createHttpFacade("/api/check-subject-token", token);
    context = policyEnforcer.enforce(httpFacade);
    assertTrue(context.isGranted());
}
Also used : PermissionsResource(org.keycloak.admin.client.resource.PermissionsResource) OAuthClient(org.keycloak.testsuite.util.OAuthClient) OIDCHttpFacade(org.keycloak.adapters.OIDCHttpFacade) KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment) ClientResource(org.keycloak.admin.client.resource.ClientResource) PolicyEnforcer(org.keycloak.adapters.authorization.PolicyEnforcer) AuthorizationContext(org.keycloak.AuthorizationContext) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 5 with ResourcePermissionRepresentation

use of org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation in project keycloak by keycloak.

the class ResourcePermissionManagementTest method testUpdate.

@Test
public void testUpdate() {
    AuthorizationResource authorization = getClient().authorization();
    ResourcePermissionRepresentation representation = new ResourcePermissionRepresentation();
    representation.setName("Update Test Resource Permission");
    representation.setDescription("description");
    representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
    representation.setLogic(Logic.NEGATIVE);
    representation.addResource("Resource A");
    representation.addPolicy("Only Marta Policy", "Only Kolo Policy");
    assertCreated(authorization, representation);
    representation.setName("changed");
    representation.setDescription("changed");
    representation.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
    representation.setLogic(Logic.POSITIVE);
    representation.getResources().remove("Resource A");
    representation.addResource("Resource B");
    representation.getPolicies().remove("Only Marta Policy");
    ResourcePermissionsResource permissions = authorization.permissions().resource();
    ResourcePermissionResource permission = permissions.findById(representation.getId());
    permission.update(representation);
    assertRepresentation(representation, permission);
    representation.getResources().clear();
    representation.setResourceType("changed");
    permission.update(representation);
    assertRepresentation(representation, permission);
}
Also used : ResourcePermissionResource(org.keycloak.admin.client.resource.ResourcePermissionResource) ResourcePermissionsResource(org.keycloak.admin.client.resource.ResourcePermissionsResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) Test(org.junit.Test)

Aggregations

ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)65 Test (org.junit.Test)46 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)32 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)28 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)28 ClientResource (org.keycloak.admin.client.resource.ClientResource)25 Response (javax.ws.rs.core.Response)20 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)19 Permission (org.keycloak.representations.idm.authorization.Permission)19 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)18 AuthzClient (org.keycloak.authorization.client.AuthzClient)16 OAuthClient (org.keycloak.testsuite.util.OAuthClient)16 AccessToken (org.keycloak.representations.AccessToken)14 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)12 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)12 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)12 AuthorizationDeniedException (org.keycloak.authorization.client.AuthorizationDeniedException)11 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)9 PermissionTicketRepresentation (org.keycloak.representations.idm.authorization.PermissionTicketRepresentation)7 ScopePermissionRepresentation (org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)7