use of org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation in project keycloak by keycloak.
the class UserManagedAccessTest method testUserGrantsAccessToResourceWithoutScopes.
@Test
public void testUserGrantsAccessToResourceWithoutScopes() throws Exception {
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
resource = addResource("Resource A", "marta", true);
permission.setName(resource.getName() + " Permission");
permission.addResource(resource.getId());
permission.addPolicy("Only Owner Policy");
getClient(getRealm()).authorization().permissions().resource().create(permission).close();
AuthorizationResponse response = authorize("marta", "password", "Resource A", new String[] {});
String rpt = response.getToken();
assertNotNull(rpt);
assertFalse(response.isUpgraded());
AccessToken accessToken = toAccessToken(rpt);
AccessToken.Authorization authorization = accessToken.getAuthorization();
assertNotNull(authorization);
Collection<Permission> permissions = authorization.getPermissions();
assertNotNull(permissions);
assertPermissions(permissions, "Resource A");
assertTrue(permissions.isEmpty());
try {
response = authorize("kolo", "password", resource.getId(), new String[] {});
fail("User should have access to resource from another user");
} catch (AuthorizationDeniedException ade) {
}
PermissionResource permissionResource = getAuthzClient().protection().permission();
List<PermissionTicketRepresentation> permissionTickets = permissionResource.findByResource(resource.getId());
assertFalse(permissionTickets.isEmpty());
assertEquals(1, permissionTickets.size());
for (PermissionTicketRepresentation ticket : permissionTickets) {
assertFalse(ticket.isGranted());
ticket.setGranted(true);
permissionResource.update(ticket);
}
permissionTickets = permissionResource.findByResource(resource.getId());
assertFalse(permissionTickets.isEmpty());
assertEquals(1, permissionTickets.size());
for (PermissionTicketRepresentation ticket : permissionTickets) {
assertTrue(ticket.isGranted());
}
response = authorize("kolo", "password", resource.getId(), new String[] {});
rpt = response.getToken();
assertNotNull(rpt);
assertFalse(response.isUpgraded());
accessToken = toAccessToken(rpt);
authorization = accessToken.getAuthorization();
assertNotNull(authorization);
permissions = authorization.getPermissions();
assertNotNull(permissions);
assertPermissions(permissions, resource.getName());
assertTrue(permissions.isEmpty());
response = authorize("kolo", "password", resource.getId(), new String[] {});
rpt = response.getToken();
assertNotNull(rpt);
assertFalse(response.isUpgraded());
accessToken = toAccessToken(rpt);
authorization = accessToken.getAuthorization();
assertNotNull(authorization);
permissions = authorization.getPermissions();
assertNotNull(permissions);
assertPermissions(permissions, resource.getName());
assertTrue(permissions.isEmpty());
permissionTickets = permissionResource.findByResource(resource.getId());
assertFalse(permissionTickets.isEmpty());
assertEquals(1, permissionTickets.size());
for (PermissionTicketRepresentation ticket : permissionTickets) {
assertTrue(ticket.isGranted());
}
for (PermissionTicketRepresentation ticket : permissionTickets) {
permissionResource.delete(ticket.getId());
}
permissionTickets = permissionResource.findByResource(resource.getId());
assertEquals(0, permissionTickets.size());
}
use of org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation in project keycloak by keycloak.
the class RegexPolicyTest method createResourcePermission.
private void createResourcePermission(String name, String resource, String... policies) {
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
permission.setName(name);
permission.addResource(resource);
permission.addPolicy(policies);
getClient().authorization().permissions().resource().create(permission).close();
}
use of org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation in project keycloak by keycloak.
the class ResourcePermissionManagementTest method assertPolicy.
private ResourcePermissionRepresentation assertPolicy(ResourcePermissionRepresentation expected, ResourcePermission policy) {
ResourcePermissionRepresentation actual = policy.toRepresentation();
assertEquals(expected.getName(), actual.getName());
assertEquals(expected.getDescription(), actual.getDescription());
assertEquals(expected.getDecisionStrategy(), actual.getDecisionStrategy());
assertEquals(expected.getResourceType(), actual.getResourceType());
if (expected.getPolicies() == null) {
assertTrue(actual.getPolicies() == null || actual.getPolicies().isEmpty());
} else {
assertEquals(expected.getPolicies().size(), actual.getPolicies().size());
}
assertEquals(0, actual.getPolicies().stream().filter(actualPolicy -> !expected.getPolicies().stream().filter(expectedPolicy -> actualPolicy.equals(expectedPolicy)).findFirst().isPresent()).count());
assertEquals(0, actual.getResources().stream().filter(actualResource -> !expected.getResources().stream().filter(expectedResource -> actualResource.equals(expectedResource)).findFirst().isPresent()).count());
return actual;
}
use of org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation in project keycloak by keycloak.
the class ResourcePermissionManagementTest method testDelete.
@Test
public void testDelete() throws InterruptedException {
authorizationPage.navigateTo();
ResourcePermissionRepresentation expected = new ResourcePermissionRepresentation();
expected.setName("testDelete Permission");
expected.setDescription("description");
expected.addResource("Resource B");
expected.addPolicy("Policy C");
expected = createPermission(expected);
authorizationPage.navigateTo();
authorizationPage.authorizationTabs().permissions().delete(expected.getName());
assertAlertSuccess();
authorizationPage.navigateTo();
assertNull(authorizationPage.authorizationTabs().permissions().permissions().findByName(expected.getName()));
}
use of org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation in project keycloak by keycloak.
the class ResourcePermissionManagementTest method testDeleteFromList.
@Test
public void testDeleteFromList() throws InterruptedException {
authorizationPage.navigateTo();
ResourcePermissionRepresentation expected = new ResourcePermissionRepresentation();
expected.setName("testDeleteFromList Permission");
expected.setDescription("description");
expected.addResource("Resource B");
expected.addPolicy("Policy C");
expected = createPermission(expected);
authorizationPage.navigateTo();
authorizationPage.authorizationTabs().permissions().deleteFromList(expected.getName());
authorizationPage.navigateTo();
assertNull(authorizationPage.authorizationTabs().permissions().permissions().findByName(expected.getName()));
}
Aggregations