use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class AbstractServletPolicyEnforcerTest method testPattern11UsingResourceInstancePermission.
@Test
public void testPattern11UsingResourceInstancePermission() {
performTests(() -> {
login("alice", "alice");
navigateTo("/api/v1/resource-a");
assertFalse(wasDenied());
navigateTo("/api/v1/resource-b");
assertFalse(wasDenied());
ResourceRepresentation resource = new ResourceRepresentation("/api/v1/resource-c");
resource.setUri(resource.getName());
getAuthorizationResource().resources().create(resource);
createResourcePermission(resource.getName() + " permission", resource.getName(), "Default Policy");
login("alice", "alice");
navigateTo(resource.getUri());
assertFalse(wasDenied());
updatePermissionPolicies(resource.getName() + " permission", "Deny Policy");
login("alice", "alice");
navigateTo(resource.getUri());
assertTrue(wasDenied());
updatePermissionPolicies(resource.getName() + " permission", "Default Policy");
login("alice", "alice");
navigateTo(resource.getUri());
assertFalse(wasDenied());
navigateTo("/api/v1");
assertTrue(wasDenied());
navigateTo("/api/v1/");
assertTrue(wasDenied());
navigateTo("/api");
assertTrue(wasDenied());
navigateTo("/api/");
assertTrue(wasDenied());
});
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class LifespanAdapterTest method testPathConfigInvalidation.
@Test
public void testPathConfigInvalidation() throws Exception {
loginToClientPage(aliceUser);
assertSuccess();
ResourceRepresentation resource = getAuthorizationResource().resources().findByName("Profile Resource").get(0);
AuthorizationResource authorizationResource = getAuthorizationResource();
authorizationResource.resources().resource(resource.getId()).remove();
assertThat(getAuthorizationResource().resources().findByName("Profile Resource").isEmpty(), Matchers.is(true));
loginToClientPage(aliceUser);
// should throw an error because the resource was removed and cache entry did not expire yet
assertFailure();
setTimeOffsetOfAdapter(40);
loginToClientPage(aliceUser);
assertSuccess();
setTimeOffsetOfAdapter(0);
try (Response response = authorizationResource.resources().create(resource)) {
resource = response.readEntity(ResourceRepresentation.class);
}
loginToClientPage(aliceUser);
assertSuccess();
RealmResource realm = this.realmsResouce().realm(REALM_NAME);
UserRepresentation userRepresentation = realm.users().search(aliceUser.getUsername()).get(0);
UserResource userResource = realm.users().get(userRepresentation.getId());
userRepresentation.setEmail("alice@anotherdomain.org");
userResource.update(userRepresentation);
loginToClientPage(aliceUser);
assertTicket();
try {
PolicyRepresentation resourceInstancePermission = new PolicyRepresentation();
resourceInstancePermission.setName("View User Permission");
resourceInstancePermission.setType("resource");
Map<String, String> config = new HashMap<>();
config.put("resources", JsonSerialization.writeValueAsString(Collections.singletonList(resource.getId())));
config.put("applyPolicies", JsonSerialization.writeValueAsString(Collections.singletonList("Only From @keycloak.org or Admin")));
resourceInstancePermission.setConfig(config);
authorizationResource.policies().create(resourceInstancePermission);
} catch (IOException e) {
throw new RuntimeException("Error creating policy.", e);
}
loginToClientPage(aliceUser);
// should throw an error because the resource was removed and cache entry did not expire yet
assertFailure();
userRepresentation.setEmail("alice@keycloak.org");
userResource.update(userRepresentation);
loginToClientPage(aliceUser);
assertSuccess();
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class ResourceForm method toRepresentation.
public ResourceRepresentation toRepresentation() {
ResourceRepresentation representation = new ResourceRepresentation();
representation.setName(UIUtils.getTextInputValue(name));
representation.setDisplayName(UIUtils.getTextInputValue(displayName));
representation.setType(UIUtils.getTextInputValue(type));
Set<String> uris = new HashSet<>();
for (WebElement uriInput : driver.findElements(By.xpath("//input[@ng-model='resource.uris[i]']"))) {
uris.add(UIUtils.getTextInputValue(uriInput));
}
representation.setUris(uris);
representation.setIconUri(UIUtils.getTextInputValue(iconUri));
representation.setScopes(scopesInput.getSelected());
return representation;
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class ResourcesTable method toRepresentation.
public ResourceRepresentation toRepresentation(WebElement row) {
ResourceRepresentation representation = null;
List<WebElement> tds = row.findElements(tagName("td"));
try {
if (!(tds.isEmpty() || getTextFromElement(tds.get(1)).isEmpty())) {
representation = new ResourceRepresentation();
representation.setName(getTextFromElement(tds.get(1)));
representation.setType(getTextFromElement(tds.get(2)));
representation.setUri(getTextFromElement(tds.get(3)));
ResourceOwnerRepresentation owner = new ResourceOwnerRepresentation();
owner.setName(getTextFromElement(tds.get(4)));
representation.setOwner(owner);
}
} catch (IndexOutOfBoundsException cause) {
// is empty
}
return representation;
}
use of org.keycloak.representations.idm.authorization.ResourceRepresentation in project keycloak by keycloak.
the class Resources method deleteFromList.
public void deleteFromList(String name) {
for (WebElement row : resources().rows()) {
ResourceRepresentation actual = resources().toRepresentation(row);
if (actual.getName().equalsIgnoreCase(name)) {
WebElement td = row.findElements(tagName("td")).get(5);
td.findElement(By.className("dropdown-toggle")).click();
WebElement actions = td.findElement(By.className("dropdown-menu"));
actions.findElement(By.linkText("Delete")).click();
modalDialog.confirmDeletion();
return;
}
}
}
Aggregations