Search in sources :

Example 6 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class AbstractPolicyManagementTest method createResourcesAndScopes.

private void createResourcesAndScopes() throws IOException {
    Set<ScopeRepresentation> scopes = new HashSet<>();
    scopes.add(new ScopeRepresentation("read"));
    scopes.add(new ScopeRepresentation("write"));
    scopes.add(new ScopeRepresentation("execute"));
    List<ResourceRepresentation> resources = new ArrayList<>();
    resources.add(new ResourceRepresentation("Resource A", scopes));
    resources.add(new ResourceRepresentation("Resource B", scopes));
    resources.add(new ResourceRepresentation("Resource C", scopes));
    resources.forEach(resource -> {
        Response response = getClient().authorization().resources().create(resource);
        response.close();
    });
}
Also used : Response(javax.ws.rs.core.Response) ArrayList(java.util.ArrayList) ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation) HashSet(java.util.HashSet) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 7 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class ExportImportUtil method assertAuthorizationSettingsOtherApp.

private static void assertAuthorizationSettingsOtherApp(RealmResource realmRsc) {
    AuthorizationResource authzResource = ApiUtil.findAuthorizationSettings(realmRsc, "OtherApp");
    Assert.assertNotNull(authzResource);
    List<ResourceRepresentation> resources = authzResource.resources().resources();
    Assert.assertThat(resources.stream().map(ResourceRepresentation::getName).collect(Collectors.toList()), Matchers.containsInAnyOrder("Default Resource", "test"));
    List<PolicyRepresentation> policies = authzResource.policies().policies();
    Assert.assertThat(policies.stream().map(PolicyRepresentation::getName).collect(Collectors.toList()), Matchers.containsInAnyOrder("User Policy", "Default Permission", "test-permission"));
}
Also used : PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 8 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class AuthorizationTest method testEnableAuthorizationServices.

@Test
public void testEnableAuthorizationServices() {
    ClientResource clientResource = getClientResource();
    ClientRepresentation resourceServer = getResourceServer();
    RealmResource realm = realmsResouce().realm(getRealmId());
    UserRepresentation serviceAccount = realm.users().search(ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + resourceServer.getClientId()).get(0);
    Assert.assertNotNull(serviceAccount);
    List<RoleRepresentation> serviceAccountRoles = realm.users().get(serviceAccount.getId()).roles().clientLevel(resourceServer.getId()).listEffective();
    Assert.assertTrue(serviceAccountRoles.stream().anyMatch(roleRepresentation -> "uma_protection".equals(roleRepresentation.getName())));
    enableAuthorizationServices(false);
    enableAuthorizationServices(true);
    serviceAccount = clientResource.getServiceAccountUser();
    Assert.assertNotNull(serviceAccount);
    realm = realmsResouce().realm(getRealmId());
    serviceAccountRoles = realm.users().get(serviceAccount.getId()).roles().clientLevel(resourceServer.getId()).listEffective();
    Assert.assertTrue(serviceAccountRoles.stream().anyMatch(roleRepresentation -> "uma_protection".equals(roleRepresentation.getName())));
    JSPolicyRepresentation policy = new JSPolicyRepresentation();
    policy.setName("should be removed");
    policy.setCode("");
    clientResource.authorization().policies().js().create(policy);
    List<ResourceRepresentation> defaultResources = clientResource.authorization().resources().resources();
    assertEquals(1, defaultResources.size());
    List<PolicyRepresentation> defaultPolicies = clientResource.authorization().policies().policies();
    assertEquals(3, defaultPolicies.size());
    enableAuthorizationServices(false);
    enableAuthorizationServices(true);
    ResourceServerRepresentation settings = clientResource.authorization().getSettings();
    assertEquals(PolicyEnforcerConfig.EnforcementMode.ENFORCING.name(), settings.getPolicyEnforcementMode().name());
    assertTrue(settings.isAllowRemoteResourceManagement());
    assertEquals(resourceServer.getId(), settings.getClientId());
    defaultResources = clientResource.authorization().resources().resources();
    assertEquals(1, defaultResources.size());
    defaultPolicies = clientResource.authorization().policies().policies();
    assertEquals(2, defaultPolicies.size());
    serviceAccount = clientResource.getServiceAccountUser();
    Assert.assertNotNull(serviceAccount);
    serviceAccountRoles = realm.users().get(serviceAccount.getId()).roles().clientLevel(resourceServer.getId()).listEffective();
    Assert.assertTrue(serviceAccountRoles.stream().anyMatch(roleRepresentation -> "uma_protection".equals(roleRepresentation.getName())));
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) PolicyEnforcerConfig(org.keycloak.representations.adapters.config.PolicyEnforcerConfig) Assert.assertTrue(org.junit.Assert.assertTrue) Test(org.junit.Test) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) ServiceAccountConstants(org.keycloak.common.constants.ServiceAccountConstants) ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) List(java.util.List) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) Assert(org.junit.Assert) ClientResource(org.keycloak.admin.client.resource.ClientResource) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) Assert.assertEquals(org.junit.Assert.assertEquals) ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Test(org.junit.Test)

Example 9 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class ExportAuthorizationSettingsTest method testResourceBasedPermission.

// KEYCLOAK-4341
@Test
public void testResourceBasedPermission() throws Exception {
    String permissionName = "resource-based-permission";
    ClientResource clientResource = getClientResource();
    AuthorizationResource authorizationResource = clientResource.authorization();
    // get Default Resource
    List<ResourceRepresentation> resources = authorizationResource.resources().findByName("Default Resource");
    Assert.assertTrue(resources.size() == 1);
    ResourceRepresentation resource = resources.get(0);
    // get Default Policy
    PolicyRepresentation policy = authorizationResource.policies().findByName("Default Policy");
    // create Resource-based permission and add default policy/resource
    ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
    permission.setName(permissionName);
    permission.addPolicy(policy.getId());
    permission.addResource(resource.getId());
    Response create = authorizationResource.permissions().resource().create(permission);
    try {
        Assert.assertEquals(Status.CREATED, create.getStatusInfo());
    } finally {
        create.close();
    }
    // export authorization settings
    ResourceServerRepresentation exportSettings = authorizationResource.exportSettings();
    // check exported settings contains both resources/applyPolicies
    boolean found = false;
    for (PolicyRepresentation p : exportSettings.getPolicies()) {
        if (p.getName().equals(permissionName)) {
            found = true;
            Assert.assertEquals("[\"Default Resource\"]", p.getConfig().get("resources"));
            Assert.assertEquals("[\"Default Policy\"]", p.getConfig().get("applyPolicies"));
        }
    }
    Assert.assertTrue("Permission \"role-based-permission\" was not found.", found);
}
Also used : PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) Response(javax.ws.rs.core.Response) ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) Test(org.junit.Test)

Example 10 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class GenericPolicyManagementTest method assertAssociatedResource.

private void assertAssociatedResource(String resourceName, PolicyRepresentation policy) {
    ResourceRepresentation resource = findResourceByName(resourceName);
    assertNotNull(resource);
    List<ResourceRepresentation> resources = getClientResource().authorization().policies().policy(policy.getId()).resources();
    assertTrue(resources.contains(resource));
    List<PolicyRepresentation> policies = getClientResource().authorization().resources().resource(resource.getId()).permissions();
    assertEquals(1, policies.size());
    assertTrue(policies.stream().map(PolicyRepresentation::getId).collect(Collectors.toList()).contains(policy.getId()));
}
Also used : PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Aggregations

ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)154 Test (org.junit.Test)96 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)49 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)45 AuthzClient (org.keycloak.authorization.client.AuthzClient)44 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)39 ClientResource (org.keycloak.admin.client.resource.ClientResource)38 Response (javax.ws.rs.core.Response)36 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)35 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)33 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)33 Permission (org.keycloak.representations.idm.authorization.Permission)28 ScopeRepresentation (org.keycloak.representations.idm.authorization.ScopeRepresentation)26 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)23 OAuthClient (org.keycloak.testsuite.util.OAuthClient)23 PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)22 AccessToken (org.keycloak.representations.AccessToken)19 ArrayList (java.util.ArrayList)18 List (java.util.List)18 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)18