use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class AuthorizationTest method onAfter.
@After
public void onAfter() {
ResourcesResource resources = getClient().authorization().resources();
List<ResourceRepresentation> existingResources = resources.resources();
for (ResourceRepresentation resource : existingResources) {
resources.resource(resource.getId()).remove();
}
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class UmaGrantTypeTest method testObtainRptOnlyAuthorizedScopes.
@Test
public void testObtainRptOnlyAuthorizedScopes() throws Exception {
ResourceRepresentation resourceA = addResource(KeycloakModelUtils.generateId(), "READ", "WRITE");
ScopePermissionRepresentation permissionA = new ScopePermissionRepresentation();
permissionA.setName(KeycloakModelUtils.generateId());
permissionA.addScope("READ");
permissionA.addPolicy("Default Policy");
AuthorizationResource authzResource = getClient(getRealm()).authorization();
authzResource.permissions().scope().create(permissionA).close();
ScopePermissionRepresentation permissionB = new ScopePermissionRepresentation();
permissionB.setName(KeycloakModelUtils.generateId());
permissionB.addScope("WRITE");
permissionB.addPolicy("Deny Policy");
authzResource.permissions().scope().create(permissionB).close();
AuthorizationResponse response = authorize("marta", "password", resourceA.getName(), new String[] { "READ" });
String rpt = response.getToken();
AccessToken.Authorization authorization = toAccessToken(rpt).getAuthorization();
Collection<Permission> permissions = authorization.getPermissions();
assertFalse(response.isUpgraded());
assertNotNull(permissions);
assertPermissions(permissions, resourceA.getName(), "READ");
assertTrue(permissions.isEmpty());
response = authorize("marta", "password", resourceA.getName(), new String[] { "READ", "WRITE" });
rpt = response.getToken();
authorization = toAccessToken(rpt).getAuthorization();
permissions = authorization.getPermissions();
assertFalse(response.isUpgraded());
assertNotNull(permissions);
assertPermissions(permissions, resourceA.getName(), "READ");
assertTrue(permissions.isEmpty());
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class UmaGrantTypeTest method testObtainRptWithUpgradeWithUnauthorizedResource.
@Test
public void testObtainRptWithUpgradeWithUnauthorizedResource() throws Exception {
AuthorizationResponse response = authorize("marta", "password", "Resource A", new String[] { "ScopeA", "ScopeB" });
String rpt = response.getToken();
AccessToken.Authorization authorization = toAccessToken(rpt).getAuthorization();
Collection<Permission> permissions = authorization.getPermissions();
assertFalse(response.isUpgraded());
assertNotNull(permissions);
assertPermissions(permissions, "Resource A", "ScopeA", "ScopeB");
assertTrue(permissions.isEmpty());
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
ResourceRepresentation resourceB = addResource("Resource B", "ScopeA", "ScopeB", "ScopeC");
permission.setName(resourceB.getName() + " Permission");
permission.addResource(resourceB.getName());
permission.addPolicy("Deny Policy");
getClient(getRealm()).authorization().permissions().resource().create(permission).close();
try {
authorize("marta", "password", "Resource B", new String[] { "ScopeC" }, rpt);
fail("Should be denied, resource b not granted");
} catch (AuthorizationDeniedException ignore) {
}
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class UmaGrantTypeTest method testObtainRptWithUpgradeWithUnauthorizedResourceFromRpt.
@Test
public void testObtainRptWithUpgradeWithUnauthorizedResourceFromRpt() throws Exception {
ResourcePermissionRepresentation permissionA = new ResourcePermissionRepresentation();
ResourceRepresentation resourceA = addResource(KeycloakModelUtils.generateId(), "ScopeA", "ScopeB", "ScopeC");
permissionA.setName(resourceA.getName() + " Permission");
permissionA.addResource(resourceA.getName());
permissionA.addPolicy("Default Policy");
AuthorizationResource authzResource = getClient(getRealm()).authorization();
authzResource.permissions().resource().create(permissionA).close();
AuthorizationResponse response = authorize("marta", "password", resourceA.getId(), new String[] { "ScopeA", "ScopeB" });
String rpt = response.getToken();
AccessToken.Authorization authorization = toAccessToken(rpt).getAuthorization();
Collection<Permission> permissions = authorization.getPermissions();
assertFalse(response.isUpgraded());
assertNotNull(permissions);
assertPermissions(permissions, resourceA.getName(), "ScopeA", "ScopeB");
assertTrue(permissions.isEmpty());
ResourceRepresentation resourceB = addResource(KeycloakModelUtils.generateId(), "ScopeA", "ScopeB", "ScopeC");
ResourcePermissionRepresentation permissionB = new ResourcePermissionRepresentation();
permissionB.setName(resourceB.getName() + " Permission");
permissionB.addResource(resourceB.getName());
permissionB.addPolicy("Default Policy");
authzResource.permissions().resource().create(permissionB).close();
response = authorize("marta", "password", resourceB.getId(), new String[] { "ScopeC" }, rpt);
rpt = response.getToken();
authorization = toAccessToken(rpt).getAuthorization();
permissions = authorization.getPermissions();
assertTrue(response.isUpgraded());
assertNotNull(permissions);
assertPermissions(permissions, resourceA.getName(), "ScopeA", "ScopeB");
assertPermissions(permissions, resourceB.getName(), "ScopeC");
assertTrue(permissions.isEmpty());
permissionB = authzResource.permissions().resource().findByName(permissionB.getName());
permissionB.removePolicy("Default Policy");
permissionB.addPolicy("Deny Policy");
authzResource.permissions().resource().findById(permissionB.getId()).update(permissionB);
response = authorize("marta", "password", resourceA.getId(), new String[] { "ScopeC" }, rpt);
rpt = response.getToken();
authorization = toAccessToken(rpt).getAuthorization();
permissions = authorization.getPermissions();
assertFalse(response.isUpgraded());
assertNotNull(permissions);
assertPermissions(permissions, resourceA.getName(), "ScopeA", "ScopeB", "ScopeC");
assertTrue(permissions.isEmpty());
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class UmaGrantTypeTest method testObtainRptWithOwnerManagedResource.
@Test
public void testObtainRptWithOwnerManagedResource() throws Exception {
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
ResourceRepresentation resourceA = addResource("Resource Marta", "marta", true, "ScopeA", "ScopeB", "ScopeC");
permission.setName(resourceA.getName() + " Permission");
permission.addResource(resourceA.getId());
permission.addPolicy("Default Policy");
getClient(getRealm()).authorization().permissions().resource().create(permission).close();
ResourceRepresentation resourceB = addResource("Resource B", "marta", "ScopeA", "ScopeB", "ScopeC");
permission.setName(resourceB.getName() + " Permission");
permission.addResource(resourceB.getId());
permission.addPolicy("Default Policy");
getClient(getRealm()).authorization().permissions().resource().create(permission).close();
AuthorizationResponse response = authorize("marta", "password", new PermissionRequest(resourceA.getName(), "ScopeA", "ScopeB"), new PermissionRequest(resourceB.getName(), "ScopeC"));
String rpt = response.getToken();
AccessToken.Authorization authorization = toAccessToken(rpt).getAuthorization();
Collection<Permission> permissions = authorization.getPermissions();
assertNotNull(permissions);
assertPermissions(permissions, resourceA.getName(), "ScopeA", "ScopeB");
assertPermissions(permissions, resourceB.getName(), "ScopeC");
assertTrue(permissions.isEmpty());
}
Aggregations