use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class AuthorizationTest method testRemoveDefaultResourceWithAdminEventsEnabled.
// KEYCLOAK-6321
@Test
public void testRemoveDefaultResourceWithAdminEventsEnabled() {
RealmResource realmResource = testRealmResource();
RealmRepresentation realmRepresentation = realmResource.toRepresentation();
realmRepresentation.setAdminEventsEnabled(true);
realmResource.update(realmRepresentation);
ClientResource clientResource = getClientResource();
ClientRepresentation resourceServer = getResourceServer();
ResourceServerRepresentation settings = clientResource.authorization().getSettings();
assertEquals(PolicyEnforcerConfig.EnforcementMode.ENFORCING.name(), settings.getPolicyEnforcementMode().name());
assertEquals(resourceServer.getId(), settings.getClientId());
List<ResourceRepresentation> defaultResources = clientResource.authorization().resources().resources();
assertEquals(1, defaultResources.size());
clientResource.authorization().resources().resource(defaultResources.get(0).getId()).remove();
assertTrue(clientResource.authorization().resources().resources().isEmpty());
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class GenericPolicyManagementTest method testQueryPolicyAllFields.
@Test
public void testQueryPolicyAllFields() {
AuthorizationResource authorization = getClientResource().authorization();
authorization.resources().create(new ResourceRepresentation("Resource A"));
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
permission.setName("Permission A");
permission.addResource("Resource A");
authorization.permissions().resource().create(permission);
List<PolicyRepresentation> policies = authorization.policies().policies(null, "Permission A", null, null, null, true, null, "*", -1, -1);
assertEquals(1, policies.size());
assertEquals(1, policies.get(0).getResourcesData().size());
policies = authorization.policies().policies(null, "Permission A", null, null, null, true, null, null, -1, -1);
assertEquals(1, policies.size());
assertNull(policies.get(0).getResourcesData());
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class GenericPolicyManagementTest method testUpdate.
@Test
public void testUpdate() {
PolicyResource policyResource = createTestingPolicy();
PolicyRepresentation policy = policyResource.toRepresentation();
policy.setName("changed");
policy.setLogic(Logic.NEGATIVE);
policy.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
policy.getConfig().put("configA", "changed configuration for A");
policy.getConfig().remove("configB");
policy.getConfig().put("configC", "changed configuration for C");
policyResource.update(policy);
policy = policyResource.toRepresentation();
assertEquals("changed", policy.getName());
assertEquals(Logic.NEGATIVE, policy.getLogic());
assertEquals(DecisionStrategy.AFFIRMATIVE, policy.getDecisionStrategy());
assertEquals("changed configuration for A", policy.getConfig().get("configA"));
assertNull(policy.getConfig().get("configB"));
assertEquals("changed configuration for C", policy.getConfig().get("configC"));
Map<String, String> config = policy.getConfig();
config.put("applyPolicies", buildConfigOption(findPolicyByName("Test Associated C").getId()));
config.put("resources", buildConfigOption(findResourceByName("Test Resource B").getId()));
config.put("scopes", buildConfigOption(findScopeByName("Test Scope A").getId()));
policyResource.update(policy);
policy = policyResource.toRepresentation();
config = policy.getConfig();
assertAssociatedPolicy("Test Associated C", policy);
List<PolicyRepresentation> associatedPolicies = getClientResource().authorization().policies().policy(policy.getId()).associatedPolicies();
assertFalse(associatedPolicies.stream().filter(associated -> associated.getId().equals(findPolicyByName("Test Associated A").getId())).findFirst().isPresent());
assertFalse(associatedPolicies.stream().filter(associated -> associated.getId().equals(findPolicyByName("Test Associated B").getId())).findFirst().isPresent());
assertAssociatedResource("Test Resource B", policy);
List<ResourceRepresentation> resources = policyResource.resources();
assertFalse(resources.contains(findResourceByName("Test Resource A")));
assertFalse(resources.contains(findResourceByName("Test Resource C")));
assertAssociatedScope("Test Scope A", policy);
List<ScopeRepresentation> scopes = getClientResource().authorization().policies().policy(policy.getId()).scopes();
assertFalse(scopes.contains(findScopeByName("Test Scope B").getId()));
assertFalse(scopes.contains(findScopeByName("Test Scope C").getId()));
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class GenericPolicyManagementTest method testQueryPolicyByIdAllFields.
@Test
public void testQueryPolicyByIdAllFields() {
PolicyResource policy = createTestingPolicy();
PolicyRepresentation representation = policy.toRepresentation("*");
Set<ResourceRepresentation> resources = representation.getResourcesData();
assertEquals(3, resources.size());
representation = policy.toRepresentation();
assertNull(representation.getResourcesData());
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class UserManagedAccessTest method testUserGrantedAccessConsideredWhenRequestingAuthorizationByResourceName.
@Test
public void testUserGrantedAccessConsideredWhenRequestingAuthorizationByResourceName() throws Exception {
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
resource = addResource("Resource A", "marta", true, "ScopeA", "ScopeB");
permission.setName(resource.getName() + " Permission");
permission.addResource(resource.getId());
permission.addPolicy("Only Owner Policy");
getClient(getRealm()).authorization().permissions().resource().create(permission).close();
try {
AuthorizationResponse response = authorize("kolo", "password", resource.getId(), new String[] {});
fail("User should not have access to resource from another user");
} catch (AuthorizationDeniedException ade) {
}
PermissionResource permissionResource = getAuthzClient().protection().permission();
List<PermissionTicketRepresentation> permissionTickets = permissionResource.findByResource(resource.getId());
assertFalse(permissionTickets.isEmpty());
assertEquals(2, permissionTickets.size());
for (PermissionTicketRepresentation ticket : permissionTickets) {
assertFalse(ticket.isGranted());
ticket.setGranted(true);
permissionResource.update(ticket);
}
permissionTickets = permissionResource.findByResource(resource.getId());
assertFalse(permissionTickets.isEmpty());
assertEquals(2, permissionTickets.size());
for (PermissionTicketRepresentation ticket : permissionTickets) {
assertTrue(ticket.isGranted());
}
AuthorizationRequest request = new AuthorizationRequest();
// No resource id used in request, only name
request.addPermission("Resource A", "ScopeA", "ScopeB");
List<Permission> permissions = authorize("kolo", "password", request);
assertEquals(1, permissions.size());
Permission koloPermission = permissions.get(0);
assertEquals("Resource A", koloPermission.getResourceName());
assertTrue(koloPermission.getScopes().containsAll(Arrays.asList("ScopeA", "ScopeB")));
ResourceRepresentation resourceRep = getAuthzClient().protection().resource().findById(resource.getId());
resourceRep.setName("Resource A Changed");
getAuthzClient().protection().resource().update(resourceRep);
request = new AuthorizationRequest();
// Try to use the old name
request.addPermission("Resource A", "ScopeA", "ScopeB");
try {
authorize("kolo", "password", request);
fail("User should not have access to resource from another user");
} catch (RuntimeException ade) {
assertTrue(ade.getCause().toString().contains("invalid_resource"));
}
request = new AuthorizationRequest();
request.addPermission(resourceRep.getName(), "ScopeA", "ScopeB");
permissions = authorize("kolo", "password", request);
assertEquals(1, permissions.size());
koloPermission = permissions.get(0);
assertEquals(resourceRep.getName(), koloPermission.getResourceName());
assertTrue(koloPermission.getScopes().containsAll(Arrays.asList("ScopeA", "ScopeB")));
}
Aggregations