use of org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation in project keycloak by keycloak.
the class ResourcePolicyProviderFactory method toRepresentation.
@Override
public ResourcePermissionRepresentation toRepresentation(Policy policy, AuthorizationProvider authorization) {
ResourcePermissionRepresentation representation = new ResourcePermissionRepresentation();
representation.setResourceType(policy.getConfig().get("defaultResourceType"));
return representation;
}
use of org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation in project keycloak by keycloak.
the class ServletAuthzCacheLifespanAdapterTest method testCreateNewResourceWaitExpiration.
@Test
public void testCreateNewResourceWaitExpiration() {
performTests(() -> {
login("alice", "alice");
assertWasNotDenied();
this.driver.navigate().to(getResourceServerUrl() + "/new-resource");
assertWasNotDenied();
ResourceRepresentation resource = new ResourceRepresentation();
resource.setName("New Resource");
resource.setUri("/new-resource");
getAuthorizationResource().resources().create(resource);
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
permission.setName(resource.getName() + " Permission");
permission.addResource(resource.getName());
permission.addPolicy("Deny Policy");
getAuthorizationResource().permissions().resource().create(permission).readEntity(ResourcePermissionRepresentation.class);
login("alice", "alice");
assertWasNotDenied();
this.driver.navigate().to(getResourceServerUrl() + "/new-resource");
assertWasNotDenied();
// Thread.sleep(5000);
setTimeOffset(30);
setTimeOffsetOfAdapter(30);
login("alice", "alice");
assertWasNotDenied();
this.driver.navigate().to(getResourceServerUrl() + "/new-resource");
assertWasDenied();
resetTimeOffset();
setTimeOffsetOfAdapter(0);
});
}
use of org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation in project keycloak by keycloak.
the class ExportAuthorizationSettingsTest method testResourceBasedPermission.
// KEYCLOAK-4341
@Test
public void testResourceBasedPermission() throws Exception {
String permissionName = "resource-based-permission";
ClientResource clientResource = getClientResource();
AuthorizationResource authorizationResource = clientResource.authorization();
// get Default Resource
List<ResourceRepresentation> resources = authorizationResource.resources().findByName("Default Resource");
Assert.assertTrue(resources.size() == 1);
ResourceRepresentation resource = resources.get(0);
// get Default Policy
PolicyRepresentation policy = authorizationResource.policies().findByName("Default Policy");
// create Resource-based permission and add default policy/resource
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
permission.setName(permissionName);
permission.addPolicy(policy.getId());
permission.addResource(resource.getId());
Response create = authorizationResource.permissions().resource().create(permission);
try {
Assert.assertEquals(Status.CREATED, create.getStatusInfo());
} finally {
create.close();
}
// export authorization settings
ResourceServerRepresentation exportSettings = authorizationResource.exportSettings();
// check exported settings contains both resources/applyPolicies
boolean found = false;
for (PolicyRepresentation p : exportSettings.getPolicies()) {
if (p.getName().equals(permissionName)) {
found = true;
Assert.assertEquals("[\"Default Resource\"]", p.getConfig().get("resources"));
Assert.assertEquals("[\"Default Policy\"]", p.getConfig().get("applyPolicies"));
}
}
Assert.assertTrue("Permission \"role-based-permission\" was not found.", found);
}
use of org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation in project keycloak by keycloak.
the class PolicyEnforcerTest method testUsingSubjectToken.
@Test
public void testUsingSubjectToken() {
ClientResource clientResource = getClientResource(RESOURCE_SERVER_CLIENT_ID);
ResourceRepresentation resource = createResource(clientResource, "Resource Subject Token", "/api/check-subject-token");
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
permission.setName(resource.getName() + " Permission");
permission.addResource(resource.getName());
permission.addPolicy("Only User Policy");
PermissionsResource permissions = clientResource.authorization().permissions();
permissions.resource().create(permission).close();
KeycloakDeployment deployment = KeycloakDeploymentBuilder.build(getAdapterConfiguration("enforcer-bearer-only.json"));
PolicyEnforcer policyEnforcer = deployment.getPolicyEnforcer();
OIDCHttpFacade httpFacade = createHttpFacade("/api/check-subject-token");
AuthorizationContext context = policyEnforcer.enforce(httpFacade);
assertFalse(context.isGranted());
assertEquals(403, TestResponse.class.cast(httpFacade.getResponse()).getStatus());
oauth.realm(REALM_NAME);
oauth.clientId("public-client-test");
oauth.doLogin("marta", "password");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, null);
String token = response.getAccessToken();
httpFacade = createHttpFacade("/api/check-subject-token", token);
context = policyEnforcer.enforce(httpFacade);
assertTrue(context.isGranted());
}
use of org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation in project keycloak by keycloak.
the class ResourcePermissionManagementTest method testUpdate.
@Test
public void testUpdate() {
AuthorizationResource authorization = getClient().authorization();
ResourcePermissionRepresentation representation = new ResourcePermissionRepresentation();
representation.setName("Update Test Resource Permission");
representation.setDescription("description");
representation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
representation.setLogic(Logic.NEGATIVE);
representation.addResource("Resource A");
representation.addPolicy("Only Marta Policy", "Only Kolo Policy");
assertCreated(authorization, representation);
representation.setName("changed");
representation.setDescription("changed");
representation.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
representation.setLogic(Logic.POSITIVE);
representation.getResources().remove("Resource A");
representation.addResource("Resource B");
representation.getPolicies().remove("Only Marta Policy");
ResourcePermissionsResource permissions = authorization.permissions().resource();
ResourcePermissionResource permission = permissions.findById(representation.getId());
permission.update(representation);
assertRepresentation(representation, permission);
representation.getResources().clear();
representation.setResourceType("changed");
permission.update(representation);
assertRepresentation(representation, permission);
}
Aggregations