Search in sources :

Example 1 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class PolicyEnforcer method configureDefinedPaths.

private Map<String, PathConfig> configureDefinedPaths(ProtectedResource protectedResource, PolicyEnforcerConfig enforcerConfig) {
    Map<String, PathConfig> paths = Collections.synchronizedMap(new LinkedHashMap<String, PathConfig>());
    for (PathConfig pathConfig : enforcerConfig.getPaths()) {
        ResourceRepresentation resource;
        String resourceName = pathConfig.getName();
        String path = pathConfig.getPath();
        if (resourceName != null) {
            LOGGER.debugf("Trying to find resource with name [%s] for path [%s].", resourceName, path);
            resource = protectedResource.findByName(resourceName);
        } else {
            LOGGER.debugf("Trying to find resource with uri [%s] for path [%s].", path, path);
            List<ResourceRepresentation> resources = protectedResource.findByUri(path);
            if (resources.isEmpty()) {
                resources = protectedResource.findByMatchingUri(path);
            }
            if (resources.size() == 1) {
                resource = resources.get(0);
            } else if (resources.size() > 1) {
                throw new RuntimeException("Multiple resources found with the same uri");
            } else {
                resource = null;
            }
        }
        if (resource != null) {
            pathConfig.setId(resource.getId());
            // if the resource is staticly bound to a resource it means the config can not be invalidated
            if (resourceName != null) {
                pathConfig.setStatic(true);
            }
        }
        PathConfig existingPath = null;
        for (PathConfig current : paths.values()) {
            if (current.getPath().equals(pathConfig.getPath())) {
                existingPath = current;
                break;
            }
        }
        if (existingPath == null) {
            paths.put(pathConfig.getPath(), pathConfig);
        } else {
            existingPath.getMethods().addAll(pathConfig.getMethods());
            existingPath.getScopes().addAll(pathConfig.getScopes());
        }
    }
    return paths;
}
Also used : PathConfig(org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 2 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class PolicyEnforcer method configureAllPathsForResourceServer.

private Map<String, PathConfig> configureAllPathsForResourceServer(ProtectedResource protectedResource) {
    LOGGER.info("Querying the server for all resources associated with this application.");
    Map<String, PathConfig> paths = Collections.synchronizedMap(new HashMap<String, PathConfig>());
    if (!enforcerConfig.getLazyLoadPaths()) {
        for (String id : protectedResource.findAll()) {
            ResourceRepresentation resourceDescription = protectedResource.findById(id);
            if (resourceDescription.getUris() != null && !resourceDescription.getUris().isEmpty()) {
                for (PathConfig pathConfig : PathConfig.createPathConfigs(resourceDescription)) {
                    paths.put(pathConfig.getPath(), pathConfig);
                }
            }
        }
    }
    return paths;
}
Also used : PathConfig(org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 3 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class ServletAuthzCacheLifespanAdapterTest method testCreateNewResourceWaitExpiration.

@Test
public void testCreateNewResourceWaitExpiration() {
    performTests(() -> {
        login("alice", "alice");
        assertWasNotDenied();
        this.driver.navigate().to(getResourceServerUrl() + "/new-resource");
        assertWasNotDenied();
        ResourceRepresentation resource = new ResourceRepresentation();
        resource.setName("New Resource");
        resource.setUri("/new-resource");
        getAuthorizationResource().resources().create(resource);
        ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
        permission.setName(resource.getName() + " Permission");
        permission.addResource(resource.getName());
        permission.addPolicy("Deny Policy");
        getAuthorizationResource().permissions().resource().create(permission).readEntity(ResourcePermissionRepresentation.class);
        login("alice", "alice");
        assertWasNotDenied();
        this.driver.navigate().to(getResourceServerUrl() + "/new-resource");
        assertWasNotDenied();
        // Thread.sleep(5000);
        setTimeOffset(30);
        setTimeOffsetOfAdapter(30);
        login("alice", "alice");
        assertWasNotDenied();
        this.driver.navigate().to(getResourceServerUrl() + "/new-resource");
        assertWasDenied();
        resetTimeOffset();
        setTimeOffsetOfAdapter(0);
    });
}
Also used : ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) Test(org.junit.Test)

Example 4 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class AbstractServletPolicyEnforcerTest method testPathWithPatternSlashAllAndResourceInstance.

@Test
public void testPathWithPatternSlashAllAndResourceInstance() {
    performTests(() -> {
        ResourceRepresentation resource = new ResourceRepresentation("Pattern 15 Instance");
        resource.setType("pattern-15");
        resource.setUri("/keycloak-7148/1");
        resource.setOwner("alice");
        getAuthorizationResource().resources().create(resource).close();
        login("alice", "alice");
        navigateTo("/keycloak-7148/1");
        assertFalse(wasDenied());
        navigateTo("/keycloak-7148/1/sub-a/2");
        assertFalse(wasDenied());
        navigateTo("/keycloak-7148/1/sub-a");
        assertFalse(wasDenied());
        navigateTo("/keycloak-7148/1/sub-a/2/sub-b");
        assertFalse(wasDenied());
        updatePermissionPolicies("Pattern 15 Permission", "Deny Policy");
        login("alice", "alice");
        navigateTo("/keycloak-7148/1");
        assertTrue(wasDenied());
        navigateTo("/keycloak-7148/1/sub-a/2");
        assertTrue(wasDenied());
        navigateTo("/keycloak-7148/1/sub-a");
        assertTrue(wasDenied());
        navigateTo("/keycloak-7148/1/sub-a/2/sub-b");
        assertTrue(wasDenied());
        // does not exist
        navigateTo("/keycloak-7148/2");
        assertTrue(wasDenied());
    });
}
Also used : ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test) AbstractExampleAdapterTest(org.keycloak.testsuite.adapter.AbstractExampleAdapterTest)

Example 5 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class JsonParserTest method parseResourceRepresentation.

private Map<String, Object> parseResourceRepresentation(String resourceJson) throws Exception {
    ResourceRepresentation rep = JsonSerialization.readValue(resourceJson, ResourceRepresentation.class);
    String repp = JsonSerialization.writeValueAsString(rep);
    return JsonSerialization.readValue(repp, Map.class);
}
Also used : ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Aggregations

ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)154 Test (org.junit.Test)96 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)49 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)45 AuthzClient (org.keycloak.authorization.client.AuthzClient)44 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)39 ClientResource (org.keycloak.admin.client.resource.ClientResource)38 Response (javax.ws.rs.core.Response)36 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)35 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)33 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)33 Permission (org.keycloak.representations.idm.authorization.Permission)28 ScopeRepresentation (org.keycloak.representations.idm.authorization.ScopeRepresentation)26 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)23 OAuthClient (org.keycloak.testsuite.util.OAuthClient)23 PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)22 AccessToken (org.keycloak.representations.AccessToken)19 ArrayList (java.util.ArrayList)18 List (java.util.List)18 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)18