use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class PermissionManagementTest method removeUserWithPermissionTicketTest.
@Test
public void removeUserWithPermissionTicketTest() throws Exception {
String userToRemoveID = createUser(REALM_NAME, "user-to-remove", "password");
ResourceRepresentation resource = addResource("Resource A", "kolo", true);
AuthzClient authzClient = getAuthzClient();
PermissionResponse response = authzClient.protection("user-to-remove", "password").permission().create(new PermissionRequest(resource.getId()));
AuthorizationRequest request = new AuthorizationRequest();
request.setTicket(response.getTicket());
request.setClaimToken(authzClient.obtainAccessToken("user-to-remove", "password").getToken());
try {
authzClient.authorization().authorize(request);
} catch (Exception e) {
}
assertPersistence(response, resource);
// Remove the user and expect the user and also hers permission tickets are successfully removed
adminClient.realm(REALM_NAME).users().delete(userToRemoveID);
assertThat(adminClient.realm(REALM_NAME).users().list().stream().map(UserRepresentation::getId).collect(Collectors.toList()), not(hasItem(userToRemoveID)));
assertThat(getAuthzClient().protection().permission().findByResource(resource.getId()), is(empty()));
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class ConflictingScopePermissionTest method createResourcesAndScopes.
private void createResourcesAndScopes() throws IOException {
AuthzClient authzClient = getAuthzClient();
Set<ScopeRepresentation> scopes = new HashSet<>();
scopes.add(new ScopeRepresentation("read"));
scopes.add(new ScopeRepresentation("write"));
scopes.add(new ScopeRepresentation("execute"));
List<ResourceRepresentation> resources = new ArrayList<>();
resources.add(new ResourceRepresentation("Resource A", scopes));
resources.add(new ResourceRepresentation("Resource B", scopes));
resources.add(new ResourceRepresentation("Resource C", scopes));
resources.forEach(resource -> authzClient.protection().resource().create(resource));
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class GroupNamePolicyTest method createResource.
private void createResource(String name) {
AuthorizationResource authorization = getClient().authorization();
ResourceRepresentation resource = new ResourceRepresentation(name);
authorization.resources().create(resource).close();
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class PermissionManagementTest method testDeleteResourceAndPermissionTicket.
@Test
public void testDeleteResourceAndPermissionTicket() throws Exception {
ResourceRepresentation resource = addResource("Resource A", "kolo", true, "ScopeA", "ScopeB", "ScopeC");
AuthzClient authzClient = getAuthzClient();
PermissionResponse response = authzClient.protection("marta", "password").permission().create(new PermissionRequest(resource.getId(), "ScopeA", "ScopeB", "ScopeC"));
AuthorizationRequest request = new AuthorizationRequest();
request.setTicket(response.getTicket());
request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
try {
authzClient.authorization().authorize(request);
} catch (Exception e) {
}
assertPersistence(response, resource, "ScopeA", "ScopeB", "ScopeC");
getAuthzClient().protection().resource().delete(resource.getId());
assertTrue(getAuthzClient().protection().permission().findByResource(resource.getId()).isEmpty());
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class PermissionManagementTest method testTicketNotCreatedWhenResourceOwner.
@Test
public void testTicketNotCreatedWhenResourceOwner() throws Exception {
ResourceRepresentation resource = addResource("Resource A", "marta", true);
AuthzClient authzClient = getAuthzClient();
PermissionResponse response = authzClient.protection("marta", "password").permission().create(new PermissionRequest(resource.getId()));
assertNotNull(response.getTicket());
AuthorizationRequest request = new AuthorizationRequest();
request.setTicket(response.getTicket());
request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
try {
authzClient.authorization().authorize(request);
} catch (Exception e) {
e.printStackTrace();
}
List permissions = authzClient.protection().permission().findByResource(resource.getId());
assertTrue(permissions.isEmpty());
response = authzClient.protection("kolo", "password").permission().create(new PermissionRequest(resource.getId()));
assertNotNull(response.getTicket());
request = new AuthorizationRequest();
request.setTicket(response.getTicket());
request.setClaimToken(authzClient.obtainAccessToken("kolo", "password").getToken());
try {
authzClient.authorization().authorize(request);
} catch (Exception e) {
}
permissions = authzClient.protection().permission().findByResource(resource.getId());
assertFalse(permissions.isEmpty());
assertEquals(1, permissions.size());
}
Aggregations