use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class AbstractMigrationTest method testResourceWithMultipleUris.
private void testResourceWithMultipleUris() {
ClientsResource clients = migrationRealm.clients();
ClientRepresentation clientRepresentation = clients.findByClientId("authz-servlet").get(0);
ResourceRepresentation resource = clients.get(clientRepresentation.getId()).authorization().resources().findByName("Protected Resource").get(0);
assertThat(resource.getUris(), containsInAnyOrder("/*"));
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class MyResourcesTest method createResource.
private ResourceRepresentation createResource(AuthzClient authzClient, AuthorizationResource authorization, int i) {
ResourceRepresentation resource = new ResourceRepresentation();
resource.setOwnerManagedAccess(true);
try {
final byte[] content = new JWSInput(authzClient.obtainAccessToken("jdoe", PASSWORD).getToken()).getContent();
final AccessToken accessToken = JsonSerialization.readValue(content, AccessToken.class);
resource.setOwner(accessToken.getSubject());
} catch (Exception e) {
throw new RuntimeException(e);
}
resource.setName("Resource " + i);
resource.setDisplayName("Display Name " + i);
resource.setIconUri("Icon Uri " + i);
resource.addScope("Scope A", "Scope B", "Scope C", "Scope D");
resource.setUri("http://resourceServer.com/resources/" + i);
try (Response response1 = authorization.resources().create(resource)) {
resource.setId(response1.readEntity(ResourceRepresentation.class).getId());
}
return resource;
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class MyResourcesTest method afterAbstractKeycloakTestRealmImport.
@Override
public void afterAbstractKeycloakTestRealmImport() {
ClientResource resourceServer = getResourceServer();
AuthzClient authzClient = createAuthzClient(resourceServer.toRepresentation());
AuthorizationResource authorization = resourceServer.authorization();
ResourceRepresentation resource13 = null;
for (int i = 1; i < 15; i++) {
ResourceRepresentation resource = createResource(authzClient, authorization, i);
if (i == 13) {
resource13 = resource;
}
for (String scope : Arrays.asList("Scope A", "Scope B")) {
createTicket(authzClient, i, resource, scope, userNames[i % userNames.length]);
}
}
createTicket(authzClient, 13, resource13, "Scope A", "admin");
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class AbstractPhotozExampleAdapterTest method testInheritPermissionFromResourceParent.
@Test
public void testInheritPermissionFromResourceParent() throws Exception {
loginToClientPage(aliceUser);
final String RESOURCE_NAME = "My-Resource-Instance";
clientPage.createAlbum(RESOURCE_NAME);
clientPage.viewAlbum(RESOURCE_NAME, this::assertWasNotDenied);
clientPage.deleteAlbum(RESOURCE_NAME, this::assertWasNotDenied);
clientPage.createAlbum(RESOURCE_NAME);
loginToClientPage(adminUser);
clientPage.navigateToAdminAlbum(this::assertWasNotDenied);
clientPage.viewAlbum(RESOURCE_NAME, this::assertWasNotDenied);
clientPage.deleteAlbum(RESOURCE_NAME, this::assertWasNotDenied);
loginToClientPage(aliceUser);
clientPage.createAlbum(RESOURCE_NAME);
ResourcesResource resourcesResource = getAuthorizationResource().resources();
resourcesResource.resources().forEach(resource -> {
if (resource.getName().equals(RESOURCE_NAME)) {
try {
PolicyRepresentation resourceInstancePermission = new PolicyRepresentation();
resourceInstancePermission.setName(RESOURCE_NAME + "Permission");
resourceInstancePermission.setType("resource");
Map<String, String> config = new HashMap<>();
config.put("resources", JsonSerialization.writeValueAsString(Arrays.asList(resource.getId())));
config.put("applyPolicies", JsonSerialization.writeValueAsString(Arrays.asList("Only Owner Policy")));
resourceInstancePermission.setConfig(config);
getAuthorizationResource().policies().create(resourceInstancePermission);
} catch (IOException e) {
throw new RuntimeException("Error creating policy.", e);
}
}
});
loginToClientPage(adminUser);
clientPage.viewAlbum(RESOURCE_NAME, this::assertWasDenied);
clientPage.deleteAlbum(RESOURCE_NAME, this::assertWasDenied);
resourcesResource.resources().forEach(resource -> {
if (resource.getName().equals(RESOURCE_NAME)) {
resource.setScopes(resource.getScopes().stream().filter(scope -> !scope.getName().equals("album:view")).collect(Collectors.toSet()));
resourcesResource.resource(resource.getId()).update(resource);
}
});
loginToClientPage(adminUser);
clientPage.viewAlbum(RESOURCE_NAME, this::assertWasNotDenied);
clientPage.deleteAlbum(RESOURCE_NAME, this::assertWasDenied);
loginToClientPage(aliceUser);
clientPage.deleteAlbum(RESOURCE_NAME, this::assertWasNotDenied);
List<ResourceRepresentation> resources = resourcesResource.resources();
assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class ServletAuthzCacheDisabledAdapterTest method testCreateNewResource.
@Test
public void testCreateNewResource() {
performTests(() -> {
login("alice", "alice");
assertWasNotDenied();
this.driver.navigate().to(getResourceServerUrl() + "/new-resource");
assertWasNotDenied();
ResourceRepresentation resource = new ResourceRepresentation();
resource.setName("New Resource");
resource.setUri("/new-resource");
getAuthorizationResource().resources().create(resource);
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
permission.setName(resource.getName() + " Permission");
permission.addResource(resource.getName());
permission.addPolicy("Deny Policy");
permission = getAuthorizationResource().permissions().resource().create(permission).readEntity(ResourcePermissionRepresentation.class);
login("alice", "alice");
assertWasNotDenied();
this.driver.navigate().to(getResourceServerUrl() + "/new-resource");
assertWasDenied();
permission = getAuthorizationResource().permissions().resource().findById(permission.getId()).toRepresentation();
permission.removePolicy("Deny Policy");
permission.addPolicy("Any User Policy");
getAuthorizationResource().permissions().resource().findById(permission.getId()).update(permission);
login("alice", "alice");
assertWasNotDenied();
this.driver.navigate().to(getResourceServerUrl() + "/new-resource");
assertWasNotDenied();
});
}
Aggregations