Search in sources :

Example 51 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class PermissionManagementTest method testCreatePermissionTicketWithResourceName.

@Test
public void testCreatePermissionTicketWithResourceName() throws Exception {
    ResourceRepresentation resource = addResource("Resource A", "kolo", true);
    AuthzClient authzClient = getAuthzClient();
    PermissionResponse response = authzClient.protection("marta", "password").permission().create(new PermissionRequest(resource.getId()));
    AuthorizationRequest request = new AuthorizationRequest();
    request.setTicket(response.getTicket());
    request.setClaimToken(authzClient.obtainAccessToken("marta", "password").getToken());
    try {
        authzClient.authorization().authorize(request);
    } catch (Exception e) {
    }
    assertPersistence(response, resource);
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AuthzClient(org.keycloak.authorization.client.AuthzClient) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) PermissionResponse(org.keycloak.representations.idm.authorization.PermissionResponse) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Example 52 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class AuthorizationAPITest method configureAuthorization.

private void configureAuthorization(String clientId) throws Exception {
    ClientResource client = getClient(getRealm(), clientId);
    AuthorizationResource authorization = client.authorization();
    ResourceRepresentation resource = new ResourceRepresentation("Resource A");
    Response response = authorization.resources().create(resource);
    response.close();
    JSPolicyRepresentation policy = new JSPolicyRepresentation();
    policy.setName("Default Policy");
    policy.setCode("$evaluation.grant();");
    response = authorization.policies().js().create(policy);
    response.close();
    ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
    permission.setName(resource.getName() + " Permission");
    permission.addResource(resource.getName());
    permission.addPolicy(policy.getName());
    response = authorization.permissions().resource().create(permission);
    response.close();
}
Also used : AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Response(javax.ws.rs.core.Response) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)

Example 53 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class AuthzClientCredentialsTest method testFindByName.

@Test
public void testFindByName() {
    AuthzClient authzClient = getAuthzClient("default-session-keycloak.json");
    ProtectionResource protection = authzClient.protection();
    protection.resource().create(new ResourceRepresentation("Admin Resources"));
    protection.resource().create(new ResourceRepresentation("Resource"));
    ResourceRepresentation resource = authzClient.protection().resource().findByName("Resource");
    assertEquals("Resource", resource.getName());
    ResourceRepresentation adminResource = authzClient.protection().resource().findByName("Admin Resources");
    assertEquals("Admin Resources", adminResource.getName());
    assertNotEquals(resource.getId(), adminResource.getId());
}
Also used : ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) AuthzClient(org.keycloak.authorization.client.AuthzClient) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Example 54 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class AuthzClientCredentialsTest method assertAccessProtectionAPI.

private void assertAccessProtectionAPI(ProtectionResource protection) {
    ResourceRepresentation expected = new ResourceRepresentation("Resource A", Collections.emptySet());
    String id = protection.resource().create(expected).getId();
    ResourceRepresentation actual = protection.resource().findById(id);
    assertNotNull(actual);
    assertEquals(expected.getName(), actual.getName());
    assertEquals(id, actual.getId());
}
Also used : ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 55 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class AuthorizationTest method testResourceWithSameNameDifferentOwner.

@Test
public void testResourceWithSameNameDifferentOwner() throws JWSInputException {
    ResourceRepresentation koloResource = createResource("Resource A", "kolo", "Scope A", "Scope B");
    createResourcePermission(koloResource, "Grant Policy");
    ResourceRepresentation martaResource = createResource("Resource A", "marta", "Scope A", "Scope B");
    createResourcePermission(martaResource, "Grant Policy");
    assertNotEquals(koloResource.getId(), martaResource.getId());
    AuthorizationRequest request = new AuthorizationRequest();
    request.addPermission("Resource A");
    List<Permission> permissions = authorize("kolo", "password", request);
    assertEquals(1, permissions.size());
    Permission permission = permissions.get(0);
    assertTrue(permission.getScopes().containsAll(Arrays.asList("Scope A", "Scope B")));
    assertEquals(koloResource.getId(), permission.getResourceId());
    permissions = authorize("marta", "password", request);
    assertEquals(1, permissions.size());
    permission = permissions.get(0);
    assertEquals(martaResource.getId(), permission.getResourceId());
    assertTrue(permission.getScopes().containsAll(Arrays.asList("Scope A", "Scope B")));
}
Also used : AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) Permission(org.keycloak.representations.idm.authorization.Permission) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Aggregations

ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)154 Test (org.junit.Test)96 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)49 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)45 AuthzClient (org.keycloak.authorization.client.AuthzClient)44 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)39 ClientResource (org.keycloak.admin.client.resource.ClientResource)38 Response (javax.ws.rs.core.Response)36 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)35 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)33 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)33 Permission (org.keycloak.representations.idm.authorization.Permission)28 ScopeRepresentation (org.keycloak.representations.idm.authorization.ScopeRepresentation)26 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)23 OAuthClient (org.keycloak.testsuite.util.OAuthClient)23 PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)22 AccessToken (org.keycloak.representations.AccessToken)19 ArrayList (java.util.ArrayList)18 List (java.util.List)18 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)18