use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class PolicyEnforcer method configureDefinedPaths.
private Map<String, PathConfig> configureDefinedPaths(ProtectedResource protectedResource, PolicyEnforcerConfig enforcerConfig) {
Map<String, PathConfig> paths = Collections.synchronizedMap(new LinkedHashMap<String, PathConfig>());
for (PathConfig pathConfig : enforcerConfig.getPaths()) {
ResourceRepresentation resource;
String resourceName = pathConfig.getName();
String path = pathConfig.getPath();
if (resourceName != null) {
LOGGER.debugf("Trying to find resource with name [%s] for path [%s].", resourceName, path);
resource = protectedResource.findByName(resourceName);
} else {
LOGGER.debugf("Trying to find resource with uri [%s] for path [%s].", path, path);
List<ResourceRepresentation> resources = protectedResource.findByUri(path);
if (resources.isEmpty()) {
resources = protectedResource.findByMatchingUri(path);
}
if (resources.size() == 1) {
resource = resources.get(0);
} else if (resources.size() > 1) {
throw new RuntimeException("Multiple resources found with the same uri");
} else {
resource = null;
}
}
if (resource != null) {
pathConfig.setId(resource.getId());
// if the resource is staticly bound to a resource it means the config can not be invalidated
if (resourceName != null) {
pathConfig.setStatic(true);
}
}
PathConfig existingPath = null;
for (PathConfig current : paths.values()) {
if (current.getPath().equals(pathConfig.getPath())) {
existingPath = current;
break;
}
}
if (existingPath == null) {
paths.put(pathConfig.getPath(), pathConfig);
} else {
existingPath.getMethods().addAll(pathConfig.getMethods());
existingPath.getScopes().addAll(pathConfig.getScopes());
}
}
return paths;
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class PolicyEnforcer method configureAllPathsForResourceServer.
private Map<String, PathConfig> configureAllPathsForResourceServer(ProtectedResource protectedResource) {
LOGGER.info("Querying the server for all resources associated with this application.");
Map<String, PathConfig> paths = Collections.synchronizedMap(new HashMap<String, PathConfig>());
if (!enforcerConfig.getLazyLoadPaths()) {
for (String id : protectedResource.findAll()) {
ResourceRepresentation resourceDescription = protectedResource.findById(id);
if (resourceDescription.getUris() != null && !resourceDescription.getUris().isEmpty()) {
for (PathConfig pathConfig : PathConfig.createPathConfigs(resourceDescription)) {
paths.put(pathConfig.getPath(), pathConfig);
}
}
}
}
return paths;
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class ServletAuthzCacheLifespanAdapterTest method testCreateNewResourceWaitExpiration.
@Test
public void testCreateNewResourceWaitExpiration() {
performTests(() -> {
login("alice", "alice");
assertWasNotDenied();
this.driver.navigate().to(getResourceServerUrl() + "/new-resource");
assertWasNotDenied();
ResourceRepresentation resource = new ResourceRepresentation();
resource.setName("New Resource");
resource.setUri("/new-resource");
getAuthorizationResource().resources().create(resource);
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
permission.setName(resource.getName() + " Permission");
permission.addResource(resource.getName());
permission.addPolicy("Deny Policy");
getAuthorizationResource().permissions().resource().create(permission).readEntity(ResourcePermissionRepresentation.class);
login("alice", "alice");
assertWasNotDenied();
this.driver.navigate().to(getResourceServerUrl() + "/new-resource");
assertWasNotDenied();
// Thread.sleep(5000);
setTimeOffset(30);
setTimeOffsetOfAdapter(30);
login("alice", "alice");
assertWasNotDenied();
this.driver.navigate().to(getResourceServerUrl() + "/new-resource");
assertWasDenied();
resetTimeOffset();
setTimeOffsetOfAdapter(0);
});
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class AbstractServletPolicyEnforcerTest method testPathWithPatternSlashAllAndResourceInstance.
@Test
public void testPathWithPatternSlashAllAndResourceInstance() {
performTests(() -> {
ResourceRepresentation resource = new ResourceRepresentation("Pattern 15 Instance");
resource.setType("pattern-15");
resource.setUri("/keycloak-7148/1");
resource.setOwner("alice");
getAuthorizationResource().resources().create(resource).close();
login("alice", "alice");
navigateTo("/keycloak-7148/1");
assertFalse(wasDenied());
navigateTo("/keycloak-7148/1/sub-a/2");
assertFalse(wasDenied());
navigateTo("/keycloak-7148/1/sub-a");
assertFalse(wasDenied());
navigateTo("/keycloak-7148/1/sub-a/2/sub-b");
assertFalse(wasDenied());
updatePermissionPolicies("Pattern 15 Permission", "Deny Policy");
login("alice", "alice");
navigateTo("/keycloak-7148/1");
assertTrue(wasDenied());
navigateTo("/keycloak-7148/1/sub-a/2");
assertTrue(wasDenied());
navigateTo("/keycloak-7148/1/sub-a");
assertTrue(wasDenied());
navigateTo("/keycloak-7148/1/sub-a/2/sub-b");
assertTrue(wasDenied());
// does not exist
navigateTo("/keycloak-7148/2");
assertTrue(wasDenied());
});
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class JsonParserTest method parseResourceRepresentation.
private Map<String, Object> parseResourceRepresentation(String resourceJson) throws Exception {
ResourceRepresentation rep = JsonSerialization.readValue(resourceJson, ResourceRepresentation.class);
String repp = JsonSerialization.writeValueAsString(rep);
return JsonSerialization.readValue(repp, Map.class);
}
Aggregations