Search in sources :

Example 86 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class AuthorizationTest method testRemoveDefaultResourceWithAdminEventsEnabled.

// KEYCLOAK-6321
@Test
public void testRemoveDefaultResourceWithAdminEventsEnabled() {
    RealmResource realmResource = testRealmResource();
    RealmRepresentation realmRepresentation = realmResource.toRepresentation();
    realmRepresentation.setAdminEventsEnabled(true);
    realmResource.update(realmRepresentation);
    ClientResource clientResource = getClientResource();
    ClientRepresentation resourceServer = getResourceServer();
    ResourceServerRepresentation settings = clientResource.authorization().getSettings();
    assertEquals(PolicyEnforcerConfig.EnforcementMode.ENFORCING.name(), settings.getPolicyEnforcementMode().name());
    assertEquals(resourceServer.getId(), settings.getClientId());
    List<ResourceRepresentation> defaultResources = clientResource.authorization().resources().resources();
    assertEquals(1, defaultResources.size());
    clientResource.authorization().resources().resource(defaultResources.get(0).getId()).remove();
    assertTrue(clientResource.authorization().resources().resources().isEmpty());
}
Also used : ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Example 87 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class GenericPolicyManagementTest method testQueryPolicyAllFields.

@Test
public void testQueryPolicyAllFields() {
    AuthorizationResource authorization = getClientResource().authorization();
    authorization.resources().create(new ResourceRepresentation("Resource A"));
    ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
    permission.setName("Permission A");
    permission.addResource("Resource A");
    authorization.permissions().resource().create(permission);
    List<PolicyRepresentation> policies = authorization.policies().policies(null, "Permission A", null, null, null, true, null, "*", -1, -1);
    assertEquals(1, policies.size());
    assertEquals(1, policies.get(0).getResourcesData().size());
    policies = authorization.policies().policies(null, "Permission A", null, null, null, true, null, null, -1, -1);
    assertEquals(1, policies.size());
    assertNull(policies.get(0).getResourcesData());
}
Also used : PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) Test(org.junit.Test)

Example 88 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class GenericPolicyManagementTest method testUpdate.

@Test
public void testUpdate() {
    PolicyResource policyResource = createTestingPolicy();
    PolicyRepresentation policy = policyResource.toRepresentation();
    policy.setName("changed");
    policy.setLogic(Logic.NEGATIVE);
    policy.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
    policy.getConfig().put("configA", "changed configuration for A");
    policy.getConfig().remove("configB");
    policy.getConfig().put("configC", "changed configuration for C");
    policyResource.update(policy);
    policy = policyResource.toRepresentation();
    assertEquals("changed", policy.getName());
    assertEquals(Logic.NEGATIVE, policy.getLogic());
    assertEquals(DecisionStrategy.AFFIRMATIVE, policy.getDecisionStrategy());
    assertEquals("changed configuration for A", policy.getConfig().get("configA"));
    assertNull(policy.getConfig().get("configB"));
    assertEquals("changed configuration for C", policy.getConfig().get("configC"));
    Map<String, String> config = policy.getConfig();
    config.put("applyPolicies", buildConfigOption(findPolicyByName("Test Associated C").getId()));
    config.put("resources", buildConfigOption(findResourceByName("Test Resource B").getId()));
    config.put("scopes", buildConfigOption(findScopeByName("Test Scope A").getId()));
    policyResource.update(policy);
    policy = policyResource.toRepresentation();
    config = policy.getConfig();
    assertAssociatedPolicy("Test Associated C", policy);
    List<PolicyRepresentation> associatedPolicies = getClientResource().authorization().policies().policy(policy.getId()).associatedPolicies();
    assertFalse(associatedPolicies.stream().filter(associated -> associated.getId().equals(findPolicyByName("Test Associated A").getId())).findFirst().isPresent());
    assertFalse(associatedPolicies.stream().filter(associated -> associated.getId().equals(findPolicyByName("Test Associated B").getId())).findFirst().isPresent());
    assertAssociatedResource("Test Resource B", policy);
    List<ResourceRepresentation> resources = policyResource.resources();
    assertFalse(resources.contains(findResourceByName("Test Resource A")));
    assertFalse(resources.contains(findResourceByName("Test Resource C")));
    assertAssociatedScope("Test Scope A", policy);
    List<ScopeRepresentation> scopes = getClientResource().authorization().policies().policy(policy.getId()).scopes();
    assertFalse(scopes.contains(findScopeByName("Test Scope B").getId()));
    assertFalse(scopes.contains(findScopeByName("Test Scope C").getId()));
}
Also used : PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Arrays(java.util.Arrays) ResourceResource(org.keycloak.admin.client.resource.ResourceResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) HashMap(java.util.HashMap) Function(java.util.function.Function) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) ArrayList(java.util.ArrayList) ResourcesResource(org.keycloak.admin.client.resource.ResourcesResource) Logic(org.keycloak.representations.idm.authorization.Logic) Map(java.util.Map) PolicyResource(org.keycloak.admin.client.resource.PolicyResource) ResourceScopeResource(org.keycloak.admin.client.resource.ResourceScopeResource) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation) ResourceScopesResource(org.keycloak.admin.client.resource.ResourceScopesResource) Assert.assertNotNull(org.junit.Assert.assertNotNull) PolicyProviderRepresentation(org.keycloak.representations.idm.authorization.PolicyProviderRepresentation) Set(java.util.Set) Assert.assertTrue(org.junit.Assert.assertTrue) Test(org.junit.Test) DecisionStrategy(org.keycloak.representations.idm.authorization.DecisionStrategy) Collectors(java.util.stream.Collectors) PoliciesResource(org.keycloak.admin.client.resource.PoliciesResource) List(java.util.List) Assert.assertNull(org.junit.Assert.assertNull) Response(javax.ws.rs.core.Response) Assert.assertFalse(org.junit.Assert.assertFalse) Assert.assertEquals(org.junit.Assert.assertEquals) PolicyResource(org.keycloak.admin.client.resource.PolicyResource) ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Example 89 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class GenericPolicyManagementTest method testQueryPolicyByIdAllFields.

@Test
public void testQueryPolicyByIdAllFields() {
    PolicyResource policy = createTestingPolicy();
    PolicyRepresentation representation = policy.toRepresentation("*");
    Set<ResourceRepresentation> resources = representation.getResourcesData();
    assertEquals(3, resources.size());
    representation = policy.toRepresentation();
    assertNull(representation.getResourcesData());
}
Also used : PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) PolicyResource(org.keycloak.admin.client.resource.PolicyResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Example 90 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class UserManagedAccessTest method testUserGrantedAccessConsideredWhenRequestingAuthorizationByResourceName.

@Test
public void testUserGrantedAccessConsideredWhenRequestingAuthorizationByResourceName() throws Exception {
    ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
    resource = addResource("Resource A", "marta", true, "ScopeA", "ScopeB");
    permission.setName(resource.getName() + " Permission");
    permission.addResource(resource.getId());
    permission.addPolicy("Only Owner Policy");
    getClient(getRealm()).authorization().permissions().resource().create(permission).close();
    try {
        AuthorizationResponse response = authorize("kolo", "password", resource.getId(), new String[] {});
        fail("User should not have access to resource from another user");
    } catch (AuthorizationDeniedException ade) {
    }
    PermissionResource permissionResource = getAuthzClient().protection().permission();
    List<PermissionTicketRepresentation> permissionTickets = permissionResource.findByResource(resource.getId());
    assertFalse(permissionTickets.isEmpty());
    assertEquals(2, permissionTickets.size());
    for (PermissionTicketRepresentation ticket : permissionTickets) {
        assertFalse(ticket.isGranted());
        ticket.setGranted(true);
        permissionResource.update(ticket);
    }
    permissionTickets = permissionResource.findByResource(resource.getId());
    assertFalse(permissionTickets.isEmpty());
    assertEquals(2, permissionTickets.size());
    for (PermissionTicketRepresentation ticket : permissionTickets) {
        assertTrue(ticket.isGranted());
    }
    AuthorizationRequest request = new AuthorizationRequest();
    // No resource id used in request, only name
    request.addPermission("Resource A", "ScopeA", "ScopeB");
    List<Permission> permissions = authorize("kolo", "password", request);
    assertEquals(1, permissions.size());
    Permission koloPermission = permissions.get(0);
    assertEquals("Resource A", koloPermission.getResourceName());
    assertTrue(koloPermission.getScopes().containsAll(Arrays.asList("ScopeA", "ScopeB")));
    ResourceRepresentation resourceRep = getAuthzClient().protection().resource().findById(resource.getId());
    resourceRep.setName("Resource A Changed");
    getAuthzClient().protection().resource().update(resourceRep);
    request = new AuthorizationRequest();
    // Try to use the old name
    request.addPermission("Resource A", "ScopeA", "ScopeB");
    try {
        authorize("kolo", "password", request);
        fail("User should not have access to resource from another user");
    } catch (RuntimeException ade) {
        assertTrue(ade.getCause().toString().contains("invalid_resource"));
    }
    request = new AuthorizationRequest();
    request.addPermission(resourceRep.getName(), "ScopeA", "ScopeB");
    permissions = authorize("kolo", "password", request);
    assertEquals(1, permissions.size());
    koloPermission = permissions.get(0);
    assertEquals(resourceRep.getName(), koloPermission.getResourceName());
    assertTrue(koloPermission.getScopes().containsAll(Arrays.asList("ScopeA", "ScopeB")));
}
Also used : AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) PermissionTicketRepresentation(org.keycloak.representations.idm.authorization.PermissionTicketRepresentation) Permission(org.keycloak.representations.idm.authorization.Permission) PermissionResource(org.keycloak.authorization.client.resource.PermissionResource) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Aggregations

ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)154 Test (org.junit.Test)96 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)49 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)45 AuthzClient (org.keycloak.authorization.client.AuthzClient)44 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)39 ClientResource (org.keycloak.admin.client.resource.ClientResource)38 Response (javax.ws.rs.core.Response)36 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)35 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)33 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)33 Permission (org.keycloak.representations.idm.authorization.Permission)28 ScopeRepresentation (org.keycloak.representations.idm.authorization.ScopeRepresentation)26 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)23 OAuthClient (org.keycloak.testsuite.util.OAuthClient)23 PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)22 AccessToken (org.keycloak.representations.AccessToken)19 ArrayList (java.util.ArrayList)18 List (java.util.List)18 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)18