Search in sources :

Example 91 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class AbstractMigrationTest method testResourceWithMultipleUris.

private void testResourceWithMultipleUris() {
    ClientsResource clients = migrationRealm.clients();
    ClientRepresentation clientRepresentation = clients.findByClientId("authz-servlet").get(0);
    ResourceRepresentation resource = clients.get(clientRepresentation.getId()).authorization().resources().findByName("Protected Resource").get(0);
    assertThat(resource.getUris(), containsInAnyOrder("/*"));
}
Also used : ClientsResource(org.keycloak.admin.client.resource.ClientsResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 92 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class MyResourcesTest method createResource.

private ResourceRepresentation createResource(AuthzClient authzClient, AuthorizationResource authorization, int i) {
    ResourceRepresentation resource = new ResourceRepresentation();
    resource.setOwnerManagedAccess(true);
    try {
        final byte[] content = new JWSInput(authzClient.obtainAccessToken("jdoe", PASSWORD).getToken()).getContent();
        final AccessToken accessToken = JsonSerialization.readValue(content, AccessToken.class);
        resource.setOwner(accessToken.getSubject());
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
    resource.setName("Resource " + i);
    resource.setDisplayName("Display Name " + i);
    resource.setIconUri("Icon Uri " + i);
    resource.addScope("Scope A", "Scope B", "Scope C", "Scope D");
    resource.setUri("http://resourceServer.com/resources/" + i);
    try (Response response1 = authorization.resources().create(resource)) {
        resource.setId(response1.readEntity(ResourceRepresentation.class).getId());
    }
    return resource;
}
Also used : Response(javax.ws.rs.core.Response) AccessToken(org.keycloak.representations.AccessToken) JWSInput(org.keycloak.jose.jws.JWSInput) IOException(java.io.IOException) NoSuchElementException(org.openqa.selenium.NoSuchElementException) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 93 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class MyResourcesTest method afterAbstractKeycloakTestRealmImport.

@Override
public void afterAbstractKeycloakTestRealmImport() {
    ClientResource resourceServer = getResourceServer();
    AuthzClient authzClient = createAuthzClient(resourceServer.toRepresentation());
    AuthorizationResource authorization = resourceServer.authorization();
    ResourceRepresentation resource13 = null;
    for (int i = 1; i < 15; i++) {
        ResourceRepresentation resource = createResource(authzClient, authorization, i);
        if (i == 13) {
            resource13 = resource;
        }
        for (String scope : Arrays.asList("Scope A", "Scope B")) {
            createTicket(authzClient, i, resource, scope, userNames[i % userNames.length]);
        }
    }
    createTicket(authzClient, 13, resource13, "Scope A", "admin");
}
Also used : AuthzClient(org.keycloak.authorization.client.AuthzClient) ClientResource(org.keycloak.admin.client.resource.ClientResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 94 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class AbstractPhotozExampleAdapterTest method testInheritPermissionFromResourceParent.

@Test
public void testInheritPermissionFromResourceParent() throws Exception {
    loginToClientPage(aliceUser);
    final String RESOURCE_NAME = "My-Resource-Instance";
    clientPage.createAlbum(RESOURCE_NAME);
    clientPage.viewAlbum(RESOURCE_NAME, this::assertWasNotDenied);
    clientPage.deleteAlbum(RESOURCE_NAME, this::assertWasNotDenied);
    clientPage.createAlbum(RESOURCE_NAME);
    loginToClientPage(adminUser);
    clientPage.navigateToAdminAlbum(this::assertWasNotDenied);
    clientPage.viewAlbum(RESOURCE_NAME, this::assertWasNotDenied);
    clientPage.deleteAlbum(RESOURCE_NAME, this::assertWasNotDenied);
    loginToClientPage(aliceUser);
    clientPage.createAlbum(RESOURCE_NAME);
    ResourcesResource resourcesResource = getAuthorizationResource().resources();
    resourcesResource.resources().forEach(resource -> {
        if (resource.getName().equals(RESOURCE_NAME)) {
            try {
                PolicyRepresentation resourceInstancePermission = new PolicyRepresentation();
                resourceInstancePermission.setName(RESOURCE_NAME + "Permission");
                resourceInstancePermission.setType("resource");
                Map<String, String> config = new HashMap<>();
                config.put("resources", JsonSerialization.writeValueAsString(Arrays.asList(resource.getId())));
                config.put("applyPolicies", JsonSerialization.writeValueAsString(Arrays.asList("Only Owner Policy")));
                resourceInstancePermission.setConfig(config);
                getAuthorizationResource().policies().create(resourceInstancePermission);
            } catch (IOException e) {
                throw new RuntimeException("Error creating policy.", e);
            }
        }
    });
    loginToClientPage(adminUser);
    clientPage.viewAlbum(RESOURCE_NAME, this::assertWasDenied);
    clientPage.deleteAlbum(RESOURCE_NAME, this::assertWasDenied);
    resourcesResource.resources().forEach(resource -> {
        if (resource.getName().equals(RESOURCE_NAME)) {
            resource.setScopes(resource.getScopes().stream().filter(scope -> !scope.getName().equals("album:view")).collect(Collectors.toSet()));
            resourcesResource.resource(resource.getId()).update(resource);
        }
    });
    loginToClientPage(adminUser);
    clientPage.viewAlbum(RESOURCE_NAME, this::assertWasNotDenied);
    clientPage.deleteAlbum(RESOURCE_NAME, this::assertWasDenied);
    loginToClientPage(aliceUser);
    clientPage.deleteAlbum(RESOURCE_NAME, this::assertWasNotDenied);
    List<ResourceRepresentation> resources = resourcesResource.resources();
    assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
}
Also used : PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) Arrays(java.util.Arrays) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) RoleResource(org.keycloak.admin.client.resource.RoleResource) Matchers.not(org.hamcrest.Matchers.not) UsersResource(org.keycloak.admin.client.resource.UsersResource) HashMap(java.util.HashMap) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) ResourcesResource(org.keycloak.admin.client.resource.ResourcesResource) Map(java.util.Map) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) UserResource(org.keycloak.admin.client.resource.UserResource) ClientResource(org.keycloak.admin.client.resource.ClientResource) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) Matchers.empty(org.hamcrest.Matchers.empty) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) Assert.assertTrue(org.junit.Assert.assertTrue) IOException(java.io.IOException) Test(org.junit.Test) Collectors(java.util.stream.Collectors) PoliciesResource(org.keycloak.admin.client.resource.PoliciesResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) JsonSerialization(org.keycloak.util.JsonSerialization) List(java.util.List) Assert.assertFalse(org.junit.Assert.assertFalse) Matchers.equalTo(org.hamcrest.Matchers.equalTo) Matchers.is(org.hamcrest.Matchers.is) Matchers.anyOf(org.hamcrest.Matchers.anyOf) Matchers.containsString(org.hamcrest.Matchers.containsString) UncaughtServerErrorExpected(org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected) HashMap(java.util.HashMap) Matchers.containsString(org.hamcrest.Matchers.containsString) IOException(java.io.IOException) ResourcesResource(org.keycloak.admin.client.resource.ResourcesResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Example 95 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class ServletAuthzCacheDisabledAdapterTest method testCreateNewResource.

@Test
public void testCreateNewResource() {
    performTests(() -> {
        login("alice", "alice");
        assertWasNotDenied();
        this.driver.navigate().to(getResourceServerUrl() + "/new-resource");
        assertWasNotDenied();
        ResourceRepresentation resource = new ResourceRepresentation();
        resource.setName("New Resource");
        resource.setUri("/new-resource");
        getAuthorizationResource().resources().create(resource);
        ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
        permission.setName(resource.getName() + " Permission");
        permission.addResource(resource.getName());
        permission.addPolicy("Deny Policy");
        permission = getAuthorizationResource().permissions().resource().create(permission).readEntity(ResourcePermissionRepresentation.class);
        login("alice", "alice");
        assertWasNotDenied();
        this.driver.navigate().to(getResourceServerUrl() + "/new-resource");
        assertWasDenied();
        permission = getAuthorizationResource().permissions().resource().findById(permission.getId()).toRepresentation();
        permission.removePolicy("Deny Policy");
        permission.addPolicy("Any User Policy");
        getAuthorizationResource().permissions().resource().findById(permission.getId()).update(permission);
        login("alice", "alice");
        assertWasNotDenied();
        this.driver.navigate().to(getResourceServerUrl() + "/new-resource");
        assertWasNotDenied();
    });
}
Also used : ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) Test(org.junit.Test)

Aggregations

ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)154 Test (org.junit.Test)96 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)49 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)45 AuthzClient (org.keycloak.authorization.client.AuthzClient)44 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)39 ClientResource (org.keycloak.admin.client.resource.ClientResource)38 Response (javax.ws.rs.core.Response)36 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)35 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)33 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)33 Permission (org.keycloak.representations.idm.authorization.Permission)28 ScopeRepresentation (org.keycloak.representations.idm.authorization.ScopeRepresentation)26 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)23 OAuthClient (org.keycloak.testsuite.util.OAuthClient)23 PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)22 AccessToken (org.keycloak.representations.AccessToken)19 ArrayList (java.util.ArrayList)18 List (java.util.List)18 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)18