Search in sources :

Example 26 with ResourcePermissionRepresentation

use of org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation in project keycloak by keycloak.

the class UserManagedAccessTest method testUserGrantsAccessToResourceWithoutScopes.

@Test
public void testUserGrantsAccessToResourceWithoutScopes() throws Exception {
    ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
    resource = addResource("Resource A", "marta", true);
    permission.setName(resource.getName() + " Permission");
    permission.addResource(resource.getId());
    permission.addPolicy("Only Owner Policy");
    getClient(getRealm()).authorization().permissions().resource().create(permission).close();
    AuthorizationResponse response = authorize("marta", "password", "Resource A", new String[] {});
    String rpt = response.getToken();
    assertNotNull(rpt);
    assertFalse(response.isUpgraded());
    AccessToken accessToken = toAccessToken(rpt);
    AccessToken.Authorization authorization = accessToken.getAuthorization();
    assertNotNull(authorization);
    Collection<Permission> permissions = authorization.getPermissions();
    assertNotNull(permissions);
    assertPermissions(permissions, "Resource A");
    assertTrue(permissions.isEmpty());
    try {
        response = authorize("kolo", "password", resource.getId(), new String[] {});
        fail("User should have access to resource from another user");
    } catch (AuthorizationDeniedException ade) {
    }
    PermissionResource permissionResource = getAuthzClient().protection().permission();
    List<PermissionTicketRepresentation> permissionTickets = permissionResource.findByResource(resource.getId());
    assertFalse(permissionTickets.isEmpty());
    assertEquals(1, permissionTickets.size());
    for (PermissionTicketRepresentation ticket : permissionTickets) {
        assertFalse(ticket.isGranted());
        ticket.setGranted(true);
        permissionResource.update(ticket);
    }
    permissionTickets = permissionResource.findByResource(resource.getId());
    assertFalse(permissionTickets.isEmpty());
    assertEquals(1, permissionTickets.size());
    for (PermissionTicketRepresentation ticket : permissionTickets) {
        assertTrue(ticket.isGranted());
    }
    response = authorize("kolo", "password", resource.getId(), new String[] {});
    rpt = response.getToken();
    assertNotNull(rpt);
    assertFalse(response.isUpgraded());
    accessToken = toAccessToken(rpt);
    authorization = accessToken.getAuthorization();
    assertNotNull(authorization);
    permissions = authorization.getPermissions();
    assertNotNull(permissions);
    assertPermissions(permissions, resource.getName());
    assertTrue(permissions.isEmpty());
    response = authorize("kolo", "password", resource.getId(), new String[] {});
    rpt = response.getToken();
    assertNotNull(rpt);
    assertFalse(response.isUpgraded());
    accessToken = toAccessToken(rpt);
    authorization = accessToken.getAuthorization();
    assertNotNull(authorization);
    permissions = authorization.getPermissions();
    assertNotNull(permissions);
    assertPermissions(permissions, resource.getName());
    assertTrue(permissions.isEmpty());
    permissionTickets = permissionResource.findByResource(resource.getId());
    assertFalse(permissionTickets.isEmpty());
    assertEquals(1, permissionTickets.size());
    for (PermissionTicketRepresentation ticket : permissionTickets) {
        assertTrue(ticket.isGranted());
    }
    for (PermissionTicketRepresentation ticket : permissionTickets) {
        permissionResource.delete(ticket.getId());
    }
    permissionTickets = permissionResource.findByResource(resource.getId());
    assertEquals(0, permissionTickets.size());
}
Also used : AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException) AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) PermissionTicketRepresentation(org.keycloak.representations.idm.authorization.PermissionTicketRepresentation) PermissionResource(org.keycloak.authorization.client.resource.PermissionResource) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 27 with ResourcePermissionRepresentation

use of org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation in project keycloak by keycloak.

the class RegexPolicyTest method createResourcePermission.

private void createResourcePermission(String name, String resource, String... policies) {
    ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
    permission.setName(name);
    permission.addResource(resource);
    permission.addPolicy(policies);
    getClient().authorization().permissions().resource().create(permission).close();
}
Also used : ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)

Example 28 with ResourcePermissionRepresentation

use of org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation in project keycloak by keycloak.

the class ResourcePermissionManagementTest method assertPolicy.

private ResourcePermissionRepresentation assertPolicy(ResourcePermissionRepresentation expected, ResourcePermission policy) {
    ResourcePermissionRepresentation actual = policy.toRepresentation();
    assertEquals(expected.getName(), actual.getName());
    assertEquals(expected.getDescription(), actual.getDescription());
    assertEquals(expected.getDecisionStrategy(), actual.getDecisionStrategy());
    assertEquals(expected.getResourceType(), actual.getResourceType());
    if (expected.getPolicies() == null) {
        assertTrue(actual.getPolicies() == null || actual.getPolicies().isEmpty());
    } else {
        assertEquals(expected.getPolicies().size(), actual.getPolicies().size());
    }
    assertEquals(0, actual.getPolicies().stream().filter(actualPolicy -> !expected.getPolicies().stream().filter(expectedPolicy -> actualPolicy.equals(expectedPolicy)).findFirst().isPresent()).count());
    assertEquals(0, actual.getResources().stream().filter(actualResource -> !expected.getResources().stream().filter(expectedResource -> actualResource.equals(expectedResource)).findFirst().isPresent()).count());
    return actual;
}
Also used : ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)

Example 29 with ResourcePermissionRepresentation

use of org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation in project keycloak by keycloak.

the class ResourcePermissionManagementTest method testDelete.

@Test
public void testDelete() throws InterruptedException {
    authorizationPage.navigateTo();
    ResourcePermissionRepresentation expected = new ResourcePermissionRepresentation();
    expected.setName("testDelete Permission");
    expected.setDescription("description");
    expected.addResource("Resource B");
    expected.addPolicy("Policy C");
    expected = createPermission(expected);
    authorizationPage.navigateTo();
    authorizationPage.authorizationTabs().permissions().delete(expected.getName());
    assertAlertSuccess();
    authorizationPage.navigateTo();
    assertNull(authorizationPage.authorizationTabs().permissions().permissions().findByName(expected.getName()));
}
Also used : ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) Test(org.junit.Test)

Example 30 with ResourcePermissionRepresentation

use of org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation in project keycloak by keycloak.

the class ResourcePermissionManagementTest method testDeleteFromList.

@Test
public void testDeleteFromList() throws InterruptedException {
    authorizationPage.navigateTo();
    ResourcePermissionRepresentation expected = new ResourcePermissionRepresentation();
    expected.setName("testDeleteFromList Permission");
    expected.setDescription("description");
    expected.addResource("Resource B");
    expected.addPolicy("Policy C");
    expected = createPermission(expected);
    authorizationPage.navigateTo();
    authorizationPage.authorizationTabs().permissions().deleteFromList(expected.getName());
    authorizationPage.navigateTo();
    assertNull(authorizationPage.authorizationTabs().permissions().permissions().findByName(expected.getName()));
}
Also used : ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) Test(org.junit.Test)

Aggregations

ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)65 Test (org.junit.Test)46 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)32 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)28 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)28 ClientResource (org.keycloak.admin.client.resource.ClientResource)25 Response (javax.ws.rs.core.Response)20 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)19 Permission (org.keycloak.representations.idm.authorization.Permission)19 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)18 AuthzClient (org.keycloak.authorization.client.AuthzClient)16 OAuthClient (org.keycloak.testsuite.util.OAuthClient)16 AccessToken (org.keycloak.representations.AccessToken)14 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)12 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)12 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)12 AuthorizationDeniedException (org.keycloak.authorization.client.AuthorizationDeniedException)11 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)9 PermissionTicketRepresentation (org.keycloak.representations.idm.authorization.PermissionTicketRepresentation)7 ScopePermissionRepresentation (org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)7