Search in sources :

Example 71 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class UserManagedPermissionServiceTest method testCreate.

private void testCreate() {
    ResourceRepresentation resource = new ResourceRepresentation();
    resource.setName("Resource A");
    resource.setOwnerManagedAccess(true);
    resource.setOwner("marta");
    resource.addScope("Scope A", "Scope B", "Scope C");
    resource = getAuthzClient().protection().resource().create(resource);
    UmaPermissionRepresentation newPermission = new UmaPermissionRepresentation();
    newPermission.setName("Custom User-Managed Permission");
    newPermission.setDescription("Users from specific roles are allowed to access");
    newPermission.addScope("Scope A", "Scope B", "Scope C");
    newPermission.addRole("role_a", "role_b", "role_c", "role_d");
    newPermission.addGroup("/group_a", "/group_a/group_b", "/group_c");
    newPermission.addClient("client-a", "resource-server-test");
    if (Profile.isFeatureEnabled(Profile.Feature.UPLOAD_SCRIPTS)) {
        newPermission.setCondition("$evaluation.grant()");
    }
    newPermission.addUser("kolo");
    ProtectionResource protection = getAuthzClient().protection("marta", "password");
    UmaPermissionRepresentation permission = protection.policy(resource.getId()).create(newPermission);
    assertEquals(newPermission.getName(), permission.getName());
    assertEquals(newPermission.getDescription(), permission.getDescription());
    assertNotNull(permission.getScopes());
    assertTrue(permission.getScopes().containsAll(newPermission.getScopes()));
    assertNotNull(permission.getRoles());
    assertTrue(permission.getRoles().containsAll(newPermission.getRoles()));
    assertNotNull(permission.getGroups());
    assertTrue(permission.getGroups().containsAll(newPermission.getGroups()));
    assertNotNull(permission.getClients());
    assertTrue(permission.getClients().containsAll(newPermission.getClients()));
    assertEquals(newPermission.getCondition(), permission.getCondition());
    assertNotNull(permission.getUsers());
    assertTrue(permission.getUsers().containsAll(newPermission.getUsers()));
}
Also used : ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 72 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class UserManagedPermissionServiceTest method testRemovePoliciesOnGroupDelete.

@Test
public void testRemovePoliciesOnGroupDelete() {
    ResourceRepresentation resource = new ResourceRepresentation();
    resource.setName("Resource A");
    resource.setOwnerManagedAccess(true);
    resource.setOwner("marta");
    resource.addScope("Scope A", "Scope B", "Scope C");
    resource = getAuthzClient().protection().resource().create(resource);
    UmaPermissionRepresentation newPermission = new UmaPermissionRepresentation();
    newPermission.setName("Custom User-Managed Permission");
    newPermission.addGroup("/group_remove");
    ProtectionResource protection = getAuthzClient().protection("marta", "password");
    protection.policy(resource.getId()).create(newPermission);
    getTestingClient().server().run((RunOnServer) UserManagedPermissionServiceTest::testRemovePoliciesOnGroupDelete);
}
Also used : ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Example 73 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class DefaultAuthorizationSettingsTest method assertDefaultSettings.

private void assertDefaultSettings() {
    AuthorizationSettingsForm settings = authorizationPage.settings();
    assertEquals(PolicyEnforcerConfig.EnforcementMode.ENFORCING, settings.getEnforcementMode());
    assertEquals(true, settings.isAllowRemoteResourceManagement());
    assertEquals(DecisionStrategy.UNANIMOUS, settings.getDecisionStrategy());
    assertEquals(true, settings.isAllowRemoteResourceManagement());
    Resources resources = authorizationPage.authorizationTabs().resources();
    ResourceRepresentation resource = resources.resources().findByName("Default Resource");
    assertNotNull(resource);
    assertEquals("urn:oidc-confidetial:resources:default", resource.getType());
    assertEquals("/*", resource.getUri());
    assertEquals(newClient.getClientId(), resource.getOwner().getName());
    Scopes scopes = authorizationPage.authorizationTabs().scopes();
    assertTrue(scopes.scopes().getTableRows().isEmpty());
    Permissions permissions = authorizationPage.authorizationTabs().permissions();
    PolicyRepresentation permission = permissions.permissions().findByName("Default Permission");
    assertNotNull(permission);
    assertEquals("resource", permission.getType());
    Policies policies = authorizationPage.authorizationTabs().policies();
    PolicyRepresentation policy = policies.policies().findByName("Default Policy");
    assertNotNull(policy);
    assertEquals("js", policy.getType());
}
Also used : PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) Policies(org.keycloak.testsuite.console.page.clients.authorization.policy.Policies) Scopes(org.keycloak.testsuite.console.page.clients.authorization.scope.Scopes) Permissions(org.keycloak.testsuite.console.page.clients.authorization.permission.Permissions) Resources(org.keycloak.testsuite.console.page.clients.authorization.resource.Resources) AuthorizationSettingsForm(org.keycloak.testsuite.console.page.clients.authorization.AuthorizationSettingsForm) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 74 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class ResourceManagementTest method createResource.

private ResourceRepresentation createResource() {
    ResourceRepresentation expected = new ResourceRepresentation();
    expected.setName("Test Resource");
    expected.setDisplayName("Test Display Name");
    expected.setType("Test Type");
    expected.setUri("/test/resource");
    authorizationPage.authorizationTabs().resources().create(expected);
    assertAlertSuccess();
    return expected;
}
Also used : ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 75 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class ResourceManagementTest method testDeleteFromList.

@Test
public void testDeleteFromList() {
    ResourceRepresentation expected = createResource();
    authorizationPage.navigateTo();
    authorizationPage.authorizationTabs().resources().deleteFromList(expected.getName());
    authorizationPage.navigateTo();
    assertNull(authorizationPage.authorizationTabs().resources().resources().findByName(expected.getName()));
}
Also used : ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Aggregations

ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)154 Test (org.junit.Test)96 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)49 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)45 AuthzClient (org.keycloak.authorization.client.AuthzClient)44 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)39 ClientResource (org.keycloak.admin.client.resource.ClientResource)38 Response (javax.ws.rs.core.Response)36 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)35 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)33 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)33 Permission (org.keycloak.representations.idm.authorization.Permission)28 ScopeRepresentation (org.keycloak.representations.idm.authorization.ScopeRepresentation)26 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)23 OAuthClient (org.keycloak.testsuite.util.OAuthClient)23 PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)22 AccessToken (org.keycloak.representations.AccessToken)19 ArrayList (java.util.ArrayList)18 List (java.util.List)18 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)18