use of org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation in project keycloak by keycloak.
the class PermissionClaimTest method testPermissionWithClaimsDifferentPolicies.
@Test
public void testPermissionWithClaimsDifferentPolicies() throws Exception {
ClientResource client = getClient(getRealm());
AuthorizationResource authorization = client.authorization();
ResourceRepresentation resource = new ResourceRepresentation("Resource B");
authorization.resources().create(resource).close();
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
permission.setName(resource.getName() + " Permission");
permission.addResource(resource.getName());
permission.addPolicy(claimAPolicy.getName(), claimBPolicy.getName());
authorization.permissions().resource().create(permission).close();
PermissionRequest request = new PermissionRequest();
request.setResourceId(resource.getName());
String accessToken = new OAuthClient().realm("authz-test").clientId("test-client").doGrantAccessTokenRequest("secret", "marta", "password").getAccessToken();
AuthzClient authzClient = getAuthzClient();
String ticket = authzClient.protection().permission().forResource(request).getTicket();
AuthorizationResponse response = authzClient.authorization(accessToken).authorize(new AuthorizationRequest(ticket));
assertNotNull(response.getToken());
AccessToken rpt = toAccessToken(response.getToken());
Authorization authorizationClaim = rpt.getAuthorization();
List<Permission> permissions = new ArrayList<>(authorizationClaim.getPermissions());
assertEquals(1, permissions.size());
Map<String, Set<String>> claims = permissions.get(0).getClaims();
assertTrue(claims.containsKey("claim-a"));
assertTrue(claims.containsKey("claim-b"));
}
use of org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation in project keycloak by keycloak.
the class PermissionClaimTest method testPermissionWithClaims.
@Test
public void testPermissionWithClaims() throws Exception {
ClientResource client = getClient(getRealm());
AuthorizationResource authorization = client.authorization();
ResourceRepresentation resource = new ResourceRepresentation("Resource A");
authorization.resources().create(resource).close();
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
permission.setName(resource.getName() + " Permission");
permission.addResource(resource.getName());
permission.addPolicy(claimAPolicy.getName());
authorization.permissions().resource().create(permission).close();
PermissionRequest request = new PermissionRequest();
request.setResourceId(resource.getName());
String accessToken = new OAuthClient().realm("authz-test").clientId("test-client").doGrantAccessTokenRequest("secret", "marta", "password").getAccessToken();
AuthzClient authzClient = getAuthzClient();
String ticket = authzClient.protection().permission().create(request).getTicket();
AuthorizationResponse response = authzClient.authorization(accessToken).authorize(new AuthorizationRequest(ticket));
assertNotNull(response.getToken());
AccessToken rpt = toAccessToken(response.getToken());
Authorization authorizationClaim = rpt.getAuthorization();
List<Permission> permissions = new ArrayList<>(authorizationClaim.getPermissions());
assertEquals(1, permissions.size());
assertTrue(permissions.get(0).getClaims().get("claim-a").containsAll(Arrays.asList("claim-a", "claim-a1")));
}
use of org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation in project keycloak by keycloak.
the class ResourcePermissionManagementTest method testUpdateResource.
@Test
public void testUpdateResource() throws InterruptedException {
authorizationPage.navigateTo();
ResourcePermissionRepresentation expected = new ResourcePermissionRepresentation();
expected.setName("testUpdateResource Permission");
expected.setDescription("description");
expected.addResource("Resource A");
expected.addPolicy("Policy A");
expected.addPolicy("Policy B");
expected.addPolicy("Policy C");
expected = createPermission(expected);
String previousName = expected.getName();
expected.setName(expected.getName() + " Changed");
expected.setDescription("Changed description");
expected.setDecisionStrategy(DecisionStrategy.CONSENSUS);
expected.getResources().clear();
expected.addResource("Resource B");
expected.getPolicies().clear();
expected.addPolicy("Policy A", "Policy C");
authorizationPage.navigateTo();
authorizationPage.authorizationTabs().permissions().update(previousName, expected);
assertAlertSuccess();
authorizationPage.navigateTo();
ResourcePermission actual = authorizationPage.authorizationTabs().permissions().name(expected.getName());
assertPolicy(expected, actual);
expected.getPolicies().clear();
authorizationPage.navigateTo();
authorizationPage.authorizationTabs().permissions().update(expected.getName(), expected);
assertAlertSuccess();
authorizationPage.navigateTo();
actual = authorizationPage.authorizationTabs().permissions().name(expected.getName());
assertPolicy(expected, actual);
}
use of org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation in project keycloak by keycloak.
the class ResourcePermissionManagementTest method testCreateWithChild.
@Test
public void testCreateWithChild() {
ResourcePermissionRepresentation expected = new ResourcePermissionRepresentation();
expected.setName(UUID.randomUUID().toString());
expected.setDescription("description");
expected.addResource("Resource B");
expected.addPolicy("Policy C");
ResourcePermission policy = authorizationPage.authorizationTabs().permissions().create(expected, false);
RolePolicyRepresentation childPolicy = new RolePolicyRepresentation();
childPolicy.setName(UUID.randomUUID().toString());
childPolicy.addRole("Role A");
policy.createPolicy(childPolicy);
policy.form().save();
assertAlertSuccess();
expected.addPolicy(childPolicy.getName());
authorizationPage.navigateTo();
ResourcePermission actual = authorizationPage.authorizationTabs().permissions().name(expected.getName());
assertPolicy(expected, actual);
}
use of org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation in project keycloak by keycloak.
the class ResourcePermissionManagementTest method testCreateWithoutPolicies.
@Test
public void testCreateWithoutPolicies() throws InterruptedException {
authorizationPage.navigateTo();
ResourcePermissionRepresentation expected = new ResourcePermissionRepresentation();
expected.setName("testCreateWithoutPolicies Permission");
expected.setDescription("description");
expected.addResource("Resource A");
expected = createPermission(expected);
authorizationPage.navigateTo();
ResourcePermission actual = authorizationPage.authorizationTabs().permissions().name(expected.getName());
assertPolicy(expected, actual);
}
Aggregations