Search in sources :

Example 56 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class AuthorizationTest method onAfter.

@After
public void onAfter() {
    ResourcesResource resources = getClient().authorization().resources();
    List<ResourceRepresentation> existingResources = resources.resources();
    for (ResourceRepresentation resource : existingResources) {
        resources.resource(resource.getId()).remove();
    }
}
Also used : ResourcesResource(org.keycloak.admin.client.resource.ResourcesResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) After(org.junit.After)

Example 57 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class UmaGrantTypeTest method testObtainRptOnlyAuthorizedScopes.

@Test
public void testObtainRptOnlyAuthorizedScopes() throws Exception {
    ResourceRepresentation resourceA = addResource(KeycloakModelUtils.generateId(), "READ", "WRITE");
    ScopePermissionRepresentation permissionA = new ScopePermissionRepresentation();
    permissionA.setName(KeycloakModelUtils.generateId());
    permissionA.addScope("READ");
    permissionA.addPolicy("Default Policy");
    AuthorizationResource authzResource = getClient(getRealm()).authorization();
    authzResource.permissions().scope().create(permissionA).close();
    ScopePermissionRepresentation permissionB = new ScopePermissionRepresentation();
    permissionB.setName(KeycloakModelUtils.generateId());
    permissionB.addScope("WRITE");
    permissionB.addPolicy("Deny Policy");
    authzResource.permissions().scope().create(permissionB).close();
    AuthorizationResponse response = authorize("marta", "password", resourceA.getName(), new String[] { "READ" });
    String rpt = response.getToken();
    AccessToken.Authorization authorization = toAccessToken(rpt).getAuthorization();
    Collection<Permission> permissions = authorization.getPermissions();
    assertFalse(response.isUpgraded());
    assertNotNull(permissions);
    assertPermissions(permissions, resourceA.getName(), "READ");
    assertTrue(permissions.isEmpty());
    response = authorize("marta", "password", resourceA.getName(), new String[] { "READ", "WRITE" });
    rpt = response.getToken();
    authorization = toAccessToken(rpt).getAuthorization();
    permissions = authorization.getPermissions();
    assertFalse(response.isUpgraded());
    assertNotNull(permissions);
    assertPermissions(permissions, resourceA.getName(), "READ");
    assertTrue(permissions.isEmpty());
}
Also used : AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) ScopePermissionRepresentation(org.keycloak.representations.idm.authorization.ScopePermissionRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 58 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class UmaGrantTypeTest method testObtainRptWithUpgradeWithUnauthorizedResource.

@Test
public void testObtainRptWithUpgradeWithUnauthorizedResource() throws Exception {
    AuthorizationResponse response = authorize("marta", "password", "Resource A", new String[] { "ScopeA", "ScopeB" });
    String rpt = response.getToken();
    AccessToken.Authorization authorization = toAccessToken(rpt).getAuthorization();
    Collection<Permission> permissions = authorization.getPermissions();
    assertFalse(response.isUpgraded());
    assertNotNull(permissions);
    assertPermissions(permissions, "Resource A", "ScopeA", "ScopeB");
    assertTrue(permissions.isEmpty());
    ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
    ResourceRepresentation resourceB = addResource("Resource B", "ScopeA", "ScopeB", "ScopeC");
    permission.setName(resourceB.getName() + " Permission");
    permission.addResource(resourceB.getName());
    permission.addPolicy("Deny Policy");
    getClient(getRealm()).authorization().permissions().resource().create(permission).close();
    try {
        authorize("marta", "password", "Resource B", new String[] { "ScopeC" }, rpt);
        fail("Should be denied, resource b not granted");
    } catch (AuthorizationDeniedException ignore) {
    }
}
Also used : AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException) AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Example 59 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class UmaGrantTypeTest method testObtainRptWithUpgradeWithUnauthorizedResourceFromRpt.

@Test
public void testObtainRptWithUpgradeWithUnauthorizedResourceFromRpt() throws Exception {
    ResourcePermissionRepresentation permissionA = new ResourcePermissionRepresentation();
    ResourceRepresentation resourceA = addResource(KeycloakModelUtils.generateId(), "ScopeA", "ScopeB", "ScopeC");
    permissionA.setName(resourceA.getName() + " Permission");
    permissionA.addResource(resourceA.getName());
    permissionA.addPolicy("Default Policy");
    AuthorizationResource authzResource = getClient(getRealm()).authorization();
    authzResource.permissions().resource().create(permissionA).close();
    AuthorizationResponse response = authorize("marta", "password", resourceA.getId(), new String[] { "ScopeA", "ScopeB" });
    String rpt = response.getToken();
    AccessToken.Authorization authorization = toAccessToken(rpt).getAuthorization();
    Collection<Permission> permissions = authorization.getPermissions();
    assertFalse(response.isUpgraded());
    assertNotNull(permissions);
    assertPermissions(permissions, resourceA.getName(), "ScopeA", "ScopeB");
    assertTrue(permissions.isEmpty());
    ResourceRepresentation resourceB = addResource(KeycloakModelUtils.generateId(), "ScopeA", "ScopeB", "ScopeC");
    ResourcePermissionRepresentation permissionB = new ResourcePermissionRepresentation();
    permissionB.setName(resourceB.getName() + " Permission");
    permissionB.addResource(resourceB.getName());
    permissionB.addPolicy("Default Policy");
    authzResource.permissions().resource().create(permissionB).close();
    response = authorize("marta", "password", resourceB.getId(), new String[] { "ScopeC" }, rpt);
    rpt = response.getToken();
    authorization = toAccessToken(rpt).getAuthorization();
    permissions = authorization.getPermissions();
    assertTrue(response.isUpgraded());
    assertNotNull(permissions);
    assertPermissions(permissions, resourceA.getName(), "ScopeA", "ScopeB");
    assertPermissions(permissions, resourceB.getName(), "ScopeC");
    assertTrue(permissions.isEmpty());
    permissionB = authzResource.permissions().resource().findByName(permissionB.getName());
    permissionB.removePolicy("Default Policy");
    permissionB.addPolicy("Deny Policy");
    authzResource.permissions().resource().findById(permissionB.getId()).update(permissionB);
    response = authorize("marta", "password", resourceA.getId(), new String[] { "ScopeC" }, rpt);
    rpt = response.getToken();
    authorization = toAccessToken(rpt).getAuthorization();
    permissions = authorization.getPermissions();
    assertFalse(response.isUpgraded());
    assertNotNull(permissions);
    assertPermissions(permissions, resourceA.getName(), "ScopeA", "ScopeB", "ScopeC");
    assertTrue(permissions.isEmpty());
}
Also used : AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 60 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class UmaGrantTypeTest method testObtainRptWithOwnerManagedResource.

@Test
public void testObtainRptWithOwnerManagedResource() throws Exception {
    ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
    ResourceRepresentation resourceA = addResource("Resource Marta", "marta", true, "ScopeA", "ScopeB", "ScopeC");
    permission.setName(resourceA.getName() + " Permission");
    permission.addResource(resourceA.getId());
    permission.addPolicy("Default Policy");
    getClient(getRealm()).authorization().permissions().resource().create(permission).close();
    ResourceRepresentation resourceB = addResource("Resource B", "marta", "ScopeA", "ScopeB", "ScopeC");
    permission.setName(resourceB.getName() + " Permission");
    permission.addResource(resourceB.getId());
    permission.addPolicy("Default Policy");
    getClient(getRealm()).authorization().permissions().resource().create(permission).close();
    AuthorizationResponse response = authorize("marta", "password", new PermissionRequest(resourceA.getName(), "ScopeA", "ScopeB"), new PermissionRequest(resourceB.getName(), "ScopeC"));
    String rpt = response.getToken();
    AccessToken.Authorization authorization = toAccessToken(rpt).getAuthorization();
    Collection<Permission> permissions = authorization.getPermissions();
    assertNotNull(permissions);
    assertPermissions(permissions, resourceA.getName(), "ScopeA", "ScopeB");
    assertPermissions(permissions, resourceB.getName(), "ScopeC");
    assertTrue(permissions.isEmpty());
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Aggregations

ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)154 Test (org.junit.Test)96 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)49 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)45 AuthzClient (org.keycloak.authorization.client.AuthzClient)44 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)39 ClientResource (org.keycloak.admin.client.resource.ClientResource)38 Response (javax.ws.rs.core.Response)36 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)35 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)33 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)33 Permission (org.keycloak.representations.idm.authorization.Permission)28 ScopeRepresentation (org.keycloak.representations.idm.authorization.ScopeRepresentation)26 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)23 OAuthClient (org.keycloak.testsuite.util.OAuthClient)23 PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)22 AccessToken (org.keycloak.representations.AccessToken)19 ArrayList (java.util.ArrayList)18 List (java.util.List)18 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)18