use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class AbstractPolicyManagementTest method createResourcesAndScopes.
private void createResourcesAndScopes() throws IOException {
Set<ScopeRepresentation> scopes = new HashSet<>();
scopes.add(new ScopeRepresentation("read"));
scopes.add(new ScopeRepresentation("write"));
scopes.add(new ScopeRepresentation("execute"));
List<ResourceRepresentation> resources = new ArrayList<>();
resources.add(new ResourceRepresentation("Resource A", scopes));
resources.add(new ResourceRepresentation("Resource B", scopes));
resources.add(new ResourceRepresentation("Resource C", scopes));
resources.forEach(resource -> {
Response response = getClient().authorization().resources().create(resource);
response.close();
});
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class ExportImportUtil method assertAuthorizationSettingsOtherApp.
private static void assertAuthorizationSettingsOtherApp(RealmResource realmRsc) {
AuthorizationResource authzResource = ApiUtil.findAuthorizationSettings(realmRsc, "OtherApp");
Assert.assertNotNull(authzResource);
List<ResourceRepresentation> resources = authzResource.resources().resources();
Assert.assertThat(resources.stream().map(ResourceRepresentation::getName).collect(Collectors.toList()), Matchers.containsInAnyOrder("Default Resource", "test"));
List<PolicyRepresentation> policies = authzResource.policies().policies();
Assert.assertThat(policies.stream().map(PolicyRepresentation::getName).collect(Collectors.toList()), Matchers.containsInAnyOrder("User Policy", "Default Permission", "test-permission"));
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class AuthorizationTest method testEnableAuthorizationServices.
@Test
public void testEnableAuthorizationServices() {
ClientResource clientResource = getClientResource();
ClientRepresentation resourceServer = getResourceServer();
RealmResource realm = realmsResouce().realm(getRealmId());
UserRepresentation serviceAccount = realm.users().search(ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + resourceServer.getClientId()).get(0);
Assert.assertNotNull(serviceAccount);
List<RoleRepresentation> serviceAccountRoles = realm.users().get(serviceAccount.getId()).roles().clientLevel(resourceServer.getId()).listEffective();
Assert.assertTrue(serviceAccountRoles.stream().anyMatch(roleRepresentation -> "uma_protection".equals(roleRepresentation.getName())));
enableAuthorizationServices(false);
enableAuthorizationServices(true);
serviceAccount = clientResource.getServiceAccountUser();
Assert.assertNotNull(serviceAccount);
realm = realmsResouce().realm(getRealmId());
serviceAccountRoles = realm.users().get(serviceAccount.getId()).roles().clientLevel(resourceServer.getId()).listEffective();
Assert.assertTrue(serviceAccountRoles.stream().anyMatch(roleRepresentation -> "uma_protection".equals(roleRepresentation.getName())));
JSPolicyRepresentation policy = new JSPolicyRepresentation();
policy.setName("should be removed");
policy.setCode("");
clientResource.authorization().policies().js().create(policy);
List<ResourceRepresentation> defaultResources = clientResource.authorization().resources().resources();
assertEquals(1, defaultResources.size());
List<PolicyRepresentation> defaultPolicies = clientResource.authorization().policies().policies();
assertEquals(3, defaultPolicies.size());
enableAuthorizationServices(false);
enableAuthorizationServices(true);
ResourceServerRepresentation settings = clientResource.authorization().getSettings();
assertEquals(PolicyEnforcerConfig.EnforcementMode.ENFORCING.name(), settings.getPolicyEnforcementMode().name());
assertTrue(settings.isAllowRemoteResourceManagement());
assertEquals(resourceServer.getId(), settings.getClientId());
defaultResources = clientResource.authorization().resources().resources();
assertEquals(1, defaultResources.size());
defaultPolicies = clientResource.authorization().policies().policies();
assertEquals(2, defaultPolicies.size());
serviceAccount = clientResource.getServiceAccountUser();
Assert.assertNotNull(serviceAccount);
serviceAccountRoles = realm.users().get(serviceAccount.getId()).roles().clientLevel(resourceServer.getId()).listEffective();
Assert.assertTrue(serviceAccountRoles.stream().anyMatch(roleRepresentation -> "uma_protection".equals(roleRepresentation.getName())));
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class ExportAuthorizationSettingsTest method testResourceBasedPermission.
// KEYCLOAK-4341
@Test
public void testResourceBasedPermission() throws Exception {
String permissionName = "resource-based-permission";
ClientResource clientResource = getClientResource();
AuthorizationResource authorizationResource = clientResource.authorization();
// get Default Resource
List<ResourceRepresentation> resources = authorizationResource.resources().findByName("Default Resource");
Assert.assertTrue(resources.size() == 1);
ResourceRepresentation resource = resources.get(0);
// get Default Policy
PolicyRepresentation policy = authorizationResource.policies().findByName("Default Policy");
// create Resource-based permission and add default policy/resource
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
permission.setName(permissionName);
permission.addPolicy(policy.getId());
permission.addResource(resource.getId());
Response create = authorizationResource.permissions().resource().create(permission);
try {
Assert.assertEquals(Status.CREATED, create.getStatusInfo());
} finally {
create.close();
}
// export authorization settings
ResourceServerRepresentation exportSettings = authorizationResource.exportSettings();
// check exported settings contains both resources/applyPolicies
boolean found = false;
for (PolicyRepresentation p : exportSettings.getPolicies()) {
if (p.getName().equals(permissionName)) {
found = true;
Assert.assertEquals("[\"Default Resource\"]", p.getConfig().get("resources"));
Assert.assertEquals("[\"Default Policy\"]", p.getConfig().get("applyPolicies"));
}
}
Assert.assertTrue("Permission \"role-based-permission\" was not found.", found);
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class GenericPolicyManagementTest method assertAssociatedResource.
private void assertAssociatedResource(String resourceName, PolicyRepresentation policy) {
ResourceRepresentation resource = findResourceByName(resourceName);
assertNotNull(resource);
List<ResourceRepresentation> resources = getClientResource().authorization().policies().policy(policy.getId()).resources();
assertTrue(resources.contains(resource));
List<PolicyRepresentation> policies = getClientResource().authorization().resources().resource(resource.getId()).permissions();
assertEquals(1, policies.size());
assertTrue(policies.stream().map(PolicyRepresentation::getId).collect(Collectors.toList()).contains(policy.getId()));
}
Aggregations