Search in sources :

Example 46 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class PermissionManagementTest method removeUserWithPermissionTicketTest.

@Test
public void removeUserWithPermissionTicketTest() throws Exception {
    String userToRemoveID = createUser(REALM_NAME, "user-to-remove", "password");
    ResourceRepresentation resource = addResource("Resource A", "kolo", true);
    AuthzClient authzClient = getAuthzClient();
    PermissionResponse response = authzClient.protection("user-to-remove", "password").permission().create(new PermissionRequest(resource.getId()));
    AuthorizationRequest request = new AuthorizationRequest();
    request.setTicket(response.getTicket());
    request.setClaimToken(authzClient.obtainAccessToken("user-to-remove", "password").getToken());
    try {
        authzClient.authorization().authorize(request);
    } catch (Exception e) {
    }
    assertPersistence(response, resource);
    // Remove the user and expect the user and also hers permission tickets are successfully removed
    adminClient.realm(REALM_NAME).users().delete(userToRemoveID);
    assertThat(adminClient.realm(REALM_NAME).users().list().stream().map(UserRepresentation::getId).collect(Collectors.toList()), not(hasItem(userToRemoveID)));
    assertThat(getAuthzClient().protection().permission().findByResource(resource.getId()), is(empty()));
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AuthzClient(org.keycloak.authorization.client.AuthzClient) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) PermissionResponse(org.keycloak.representations.idm.authorization.PermissionResponse) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Test(org.junit.Test)

Example 47 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class ConflictingScopePermissionTest method createResourcesAndScopes.

private void createResourcesAndScopes() throws IOException {
    AuthzClient authzClient = getAuthzClient();
    Set<ScopeRepresentation> scopes = new HashSet<>();
    scopes.add(new ScopeRepresentation("read"));
    scopes.add(new ScopeRepresentation("write"));
    scopes.add(new ScopeRepresentation("execute"));
    List<ResourceRepresentation> resources = new ArrayList<>();
    resources.add(new ResourceRepresentation("Resource A", scopes));
    resources.add(new ResourceRepresentation("Resource B", scopes));
    resources.add(new ResourceRepresentation("Resource C", scopes));
    resources.forEach(resource -> authzClient.protection().resource().create(resource));
}
Also used : AuthzClient(org.keycloak.authorization.client.AuthzClient) ArrayList(java.util.ArrayList) ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation) HashSet(java.util.HashSet) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 48 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class GroupNamePolicyTest method createResource.

private void createResource(String name) {
    AuthorizationResource authorization = getClient().authorization();
    ResourceRepresentation resource = new ResourceRepresentation(name);
    authorization.resources().create(resource).close();
}
Also used : AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 49 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class PermissionManagementTest method testDeleteResourceAndPermissionTicket.

@Test
public void testDeleteResourceAndPermissionTicket() throws Exception {
    ResourceRepresentation resource = addResource("Resource A", "kolo", true, "ScopeA", "ScopeB", "ScopeC");
    AuthzClient authzClient = getAuthzClient();
    PermissionResponse response = authzClient.protection("marta", "password").permission().create(new PermissionRequest(resource.getId(), "ScopeA", "ScopeB", "ScopeC"));
    AuthorizationRequest request = new AuthorizationRequest();
    request.setTicket(response.getTicket());
    request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
    try {
        authzClient.authorization().authorize(request);
    } catch (Exception e) {
    }
    assertPersistence(response, resource, "ScopeA", "ScopeB", "ScopeC");
    getAuthzClient().protection().resource().delete(resource.getId());
    assertTrue(getAuthzClient().protection().permission().findByResource(resource.getId()).isEmpty());
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AuthzClient(org.keycloak.authorization.client.AuthzClient) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) PermissionResponse(org.keycloak.representations.idm.authorization.PermissionResponse) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Example 50 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class PermissionManagementTest method testTicketNotCreatedWhenResourceOwner.

@Test
public void testTicketNotCreatedWhenResourceOwner() throws Exception {
    ResourceRepresentation resource = addResource("Resource A", "marta", true);
    AuthzClient authzClient = getAuthzClient();
    PermissionResponse response = authzClient.protection("marta", "password").permission().create(new PermissionRequest(resource.getId()));
    assertNotNull(response.getTicket());
    AuthorizationRequest request = new AuthorizationRequest();
    request.setTicket(response.getTicket());
    request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
    try {
        authzClient.authorization().authorize(request);
    } catch (Exception e) {
        e.printStackTrace();
    }
    List permissions = authzClient.protection().permission().findByResource(resource.getId());
    assertTrue(permissions.isEmpty());
    response = authzClient.protection("kolo", "password").permission().create(new PermissionRequest(resource.getId()));
    assertNotNull(response.getTicket());
    request = new AuthorizationRequest();
    request.setTicket(response.getTicket());
    request.setClaimToken(authzClient.obtainAccessToken("kolo", "password").getToken());
    try {
        authzClient.authorization().authorize(request);
    } catch (Exception e) {
    }
    permissions = authzClient.protection().permission().findByResource(resource.getId());
    assertFalse(permissions.isEmpty());
    assertEquals(1, permissions.size());
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AuthzClient(org.keycloak.authorization.client.AuthzClient) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) ArrayList(java.util.ArrayList) List(java.util.List) PermissionResponse(org.keycloak.representations.idm.authorization.PermissionResponse) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Aggregations

ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)154 Test (org.junit.Test)96 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)49 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)45 AuthzClient (org.keycloak.authorization.client.AuthzClient)44 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)39 ClientResource (org.keycloak.admin.client.resource.ClientResource)38 Response (javax.ws.rs.core.Response)36 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)35 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)33 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)33 Permission (org.keycloak.representations.idm.authorization.Permission)28 ScopeRepresentation (org.keycloak.representations.idm.authorization.ScopeRepresentation)26 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)23 OAuthClient (org.keycloak.testsuite.util.OAuthClient)23 PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)22 AccessToken (org.keycloak.representations.AccessToken)19 ArrayList (java.util.ArrayList)18 List (java.util.List)18 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)18