Search in sources :

Example 96 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class AbstractServletPolicyEnforcerTest method testPattern11UsingResourceInstancePermission.

@Test
public void testPattern11UsingResourceInstancePermission() {
    performTests(() -> {
        login("alice", "alice");
        navigateTo("/api/v1/resource-a");
        assertFalse(wasDenied());
        navigateTo("/api/v1/resource-b");
        assertFalse(wasDenied());
        ResourceRepresentation resource = new ResourceRepresentation("/api/v1/resource-c");
        resource.setUri(resource.getName());
        getAuthorizationResource().resources().create(resource);
        createResourcePermission(resource.getName() + " permission", resource.getName(), "Default Policy");
        login("alice", "alice");
        navigateTo(resource.getUri());
        assertFalse(wasDenied());
        updatePermissionPolicies(resource.getName() + " permission", "Deny Policy");
        login("alice", "alice");
        navigateTo(resource.getUri());
        assertTrue(wasDenied());
        updatePermissionPolicies(resource.getName() + " permission", "Default Policy");
        login("alice", "alice");
        navigateTo(resource.getUri());
        assertFalse(wasDenied());
        navigateTo("/api/v1");
        assertTrue(wasDenied());
        navigateTo("/api/v1/");
        assertTrue(wasDenied());
        navigateTo("/api");
        assertTrue(wasDenied());
        navigateTo("/api/");
        assertTrue(wasDenied());
    });
}
Also used : ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test) AbstractExampleAdapterTest(org.keycloak.testsuite.adapter.AbstractExampleAdapterTest)

Example 97 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class LifespanAdapterTest method testPathConfigInvalidation.

@Test
public void testPathConfigInvalidation() throws Exception {
    loginToClientPage(aliceUser);
    assertSuccess();
    ResourceRepresentation resource = getAuthorizationResource().resources().findByName("Profile Resource").get(0);
    AuthorizationResource authorizationResource = getAuthorizationResource();
    authorizationResource.resources().resource(resource.getId()).remove();
    assertThat(getAuthorizationResource().resources().findByName("Profile Resource").isEmpty(), Matchers.is(true));
    loginToClientPage(aliceUser);
    // should throw an error because the resource was removed and cache entry did not expire yet
    assertFailure();
    setTimeOffsetOfAdapter(40);
    loginToClientPage(aliceUser);
    assertSuccess();
    setTimeOffsetOfAdapter(0);
    try (Response response = authorizationResource.resources().create(resource)) {
        resource = response.readEntity(ResourceRepresentation.class);
    }
    loginToClientPage(aliceUser);
    assertSuccess();
    RealmResource realm = this.realmsResouce().realm(REALM_NAME);
    UserRepresentation userRepresentation = realm.users().search(aliceUser.getUsername()).get(0);
    UserResource userResource = realm.users().get(userRepresentation.getId());
    userRepresentation.setEmail("alice@anotherdomain.org");
    userResource.update(userRepresentation);
    loginToClientPage(aliceUser);
    assertTicket();
    try {
        PolicyRepresentation resourceInstancePermission = new PolicyRepresentation();
        resourceInstancePermission.setName("View User Permission");
        resourceInstancePermission.setType("resource");
        Map<String, String> config = new HashMap<>();
        config.put("resources", JsonSerialization.writeValueAsString(Collections.singletonList(resource.getId())));
        config.put("applyPolicies", JsonSerialization.writeValueAsString(Collections.singletonList("Only From @keycloak.org or Admin")));
        resourceInstancePermission.setConfig(config);
        authorizationResource.policies().create(resourceInstancePermission);
    } catch (IOException e) {
        throw new RuntimeException("Error creating policy.", e);
    }
    loginToClientPage(aliceUser);
    // should throw an error because the resource was removed and cache entry did not expire yet
    assertFailure();
    userRepresentation.setEmail("alice@keycloak.org");
    userResource.update(userRepresentation);
    loginToClientPage(aliceUser);
    assertSuccess();
}
Also used : Response(javax.ws.rs.core.Response) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) HashMap(java.util.HashMap) RealmResource(org.keycloak.admin.client.resource.RealmResource) UserResource(org.keycloak.admin.client.resource.UserResource) IOException(java.io.IOException) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Test(org.junit.Test)

Example 98 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class ResourceForm method toRepresentation.

public ResourceRepresentation toRepresentation() {
    ResourceRepresentation representation = new ResourceRepresentation();
    representation.setName(UIUtils.getTextInputValue(name));
    representation.setDisplayName(UIUtils.getTextInputValue(displayName));
    representation.setType(UIUtils.getTextInputValue(type));
    Set<String> uris = new HashSet<>();
    for (WebElement uriInput : driver.findElements(By.xpath("//input[@ng-model='resource.uris[i]']"))) {
        uris.add(UIUtils.getTextInputValue(uriInput));
    }
    representation.setUris(uris);
    representation.setIconUri(UIUtils.getTextInputValue(iconUri));
    representation.setScopes(scopesInput.getSelected());
    return representation;
}
Also used : WebElement(org.openqa.selenium.WebElement) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) HashSet(java.util.HashSet)

Example 99 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class ResourcesTable method toRepresentation.

public ResourceRepresentation toRepresentation(WebElement row) {
    ResourceRepresentation representation = null;
    List<WebElement> tds = row.findElements(tagName("td"));
    try {
        if (!(tds.isEmpty() || getTextFromElement(tds.get(1)).isEmpty())) {
            representation = new ResourceRepresentation();
            representation.setName(getTextFromElement(tds.get(1)));
            representation.setType(getTextFromElement(tds.get(2)));
            representation.setUri(getTextFromElement(tds.get(3)));
            ResourceOwnerRepresentation owner = new ResourceOwnerRepresentation();
            owner.setName(getTextFromElement(tds.get(4)));
            representation.setOwner(owner);
        }
    } catch (IndexOutOfBoundsException cause) {
    // is empty
    }
    return representation;
}
Also used : ResourceOwnerRepresentation(org.keycloak.representations.idm.authorization.ResourceOwnerRepresentation) WebElement(org.openqa.selenium.WebElement) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 100 with ResourceRepresentation

use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.

the class Resources method deleteFromList.

public void deleteFromList(String name) {
    for (WebElement row : resources().rows()) {
        ResourceRepresentation actual = resources().toRepresentation(row);
        if (actual.getName().equalsIgnoreCase(name)) {
            WebElement td = row.findElements(tagName("td")).get(5);
            td.findElement(By.className("dropdown-toggle")).click();
            WebElement actions = td.findElement(By.className("dropdown-menu"));
            actions.findElement(By.linkText("Delete")).click();
            modalDialog.confirmDeletion();
            return;
        }
    }
}
Also used : WebElement(org.openqa.selenium.WebElement) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Aggregations

ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)154 Test (org.junit.Test)96 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)49 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)45 AuthzClient (org.keycloak.authorization.client.AuthzClient)44 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)39 ClientResource (org.keycloak.admin.client.resource.ClientResource)38 Response (javax.ws.rs.core.Response)36 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)35 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)33 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)33 Permission (org.keycloak.representations.idm.authorization.Permission)28 ScopeRepresentation (org.keycloak.representations.idm.authorization.ScopeRepresentation)26 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)23 OAuthClient (org.keycloak.testsuite.util.OAuthClient)23 PermissionRequest (org.keycloak.representations.idm.authorization.PermissionRequest)22 AccessToken (org.keycloak.representations.AccessToken)19 ArrayList (java.util.ArrayList)18 List (java.util.List)18 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)18