use of org.keycloak.representations.idm.authorization.ResourceServerRepresentation in project keycloak by keycloak.
the class AbstractBasePhotozExampleAdapterTest method importResourceServerSettings.
private void importResourceServerSettings() throws FileNotFoundException {
ResourceServerRepresentation authSettings = loadJson(new FileInputStream(new File(TEST_APPS_HOME_DIR + "/photoz/photoz-restful-api-authz-service.json")), ResourceServerRepresentation.class);
authSettings.getPolicies().stream().filter(x -> "Only Owner Policy".equals(x.getName())).forEach(x -> x.getConfig().put("mavenArtifactVersion", System.getProperty("project.version")));
getAuthorizationResource().importSettings(authSettings);
}
use of org.keycloak.representations.idm.authorization.ResourceServerRepresentation in project keycloak by keycloak.
the class AbstractAuthorizationTest method enableAuthorizationServices.
protected void enableAuthorizationServices(boolean enable) {
ClientRepresentation resourceServer = getResourceServer();
resourceServer.setAuthorizationServicesEnabled(enable);
resourceServer.setServiceAccountsEnabled(true);
resourceServer.setPublicClient(false);
resourceServer.setSecret("secret");
getClientResource().update(resourceServer);
if (enable) {
AuthorizationResource authorization = getClientResource().authorization();
ResourceServerRepresentation settings = authorization.exportSettings();
settings.setAllowRemoteResourceManagement(true);
authorization.update(settings);
}
}
use of org.keycloak.representations.idm.authorization.ResourceServerRepresentation in project keycloak by keycloak.
the class AuthorizationTest method testEnableAuthorizationServices.
@Test
public void testEnableAuthorizationServices() {
ClientResource clientResource = getClientResource();
ClientRepresentation resourceServer = getResourceServer();
RealmResource realm = realmsResouce().realm(getRealmId());
UserRepresentation serviceAccount = realm.users().search(ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + resourceServer.getClientId()).get(0);
Assert.assertNotNull(serviceAccount);
List<RoleRepresentation> serviceAccountRoles = realm.users().get(serviceAccount.getId()).roles().clientLevel(resourceServer.getId()).listEffective();
Assert.assertTrue(serviceAccountRoles.stream().anyMatch(roleRepresentation -> "uma_protection".equals(roleRepresentation.getName())));
enableAuthorizationServices(false);
enableAuthorizationServices(true);
serviceAccount = clientResource.getServiceAccountUser();
Assert.assertNotNull(serviceAccount);
realm = realmsResouce().realm(getRealmId());
serviceAccountRoles = realm.users().get(serviceAccount.getId()).roles().clientLevel(resourceServer.getId()).listEffective();
Assert.assertTrue(serviceAccountRoles.stream().anyMatch(roleRepresentation -> "uma_protection".equals(roleRepresentation.getName())));
JSPolicyRepresentation policy = new JSPolicyRepresentation();
policy.setName("should be removed");
policy.setCode("");
clientResource.authorization().policies().js().create(policy);
List<ResourceRepresentation> defaultResources = clientResource.authorization().resources().resources();
assertEquals(1, defaultResources.size());
List<PolicyRepresentation> defaultPolicies = clientResource.authorization().policies().policies();
assertEquals(3, defaultPolicies.size());
enableAuthorizationServices(false);
enableAuthorizationServices(true);
ResourceServerRepresentation settings = clientResource.authorization().getSettings();
assertEquals(PolicyEnforcerConfig.EnforcementMode.ENFORCING.name(), settings.getPolicyEnforcementMode().name());
assertTrue(settings.isAllowRemoteResourceManagement());
assertEquals(resourceServer.getId(), settings.getClientId());
defaultResources = clientResource.authorization().resources().resources();
assertEquals(1, defaultResources.size());
defaultPolicies = clientResource.authorization().policies().policies();
assertEquals(2, defaultPolicies.size());
serviceAccount = clientResource.getServiceAccountUser();
Assert.assertNotNull(serviceAccount);
serviceAccountRoles = realm.users().get(serviceAccount.getId()).roles().clientLevel(resourceServer.getId()).listEffective();
Assert.assertTrue(serviceAccountRoles.stream().anyMatch(roleRepresentation -> "uma_protection".equals(roleRepresentation.getName())));
}
use of org.keycloak.representations.idm.authorization.ResourceServerRepresentation in project keycloak by keycloak.
the class ExportAuthorizationSettingsTest method testRoleBasedPolicyWithMultipleRoles.
// KEYCLOAK-4983
@Test
public void testRoleBasedPolicyWithMultipleRoles() {
ClientResource clientResource = getClientResource();
AuthorizationResource authorizationResource = clientResource.authorization();
testRealmResource().clients().create(ClientBuilder.create().clientId("test-client-1").build()).close();
testRealmResource().clients().create(ClientBuilder.create().clientId("test-client-2").build()).close();
ClientRepresentation client1 = getClientByClientId("test-client-1");
ClientRepresentation client2 = getClientByClientId("test-client-2");
testRealmResource().clients().get(client1.getId()).roles().create(RoleBuilder.create().name("client-role").build());
testRealmResource().clients().get(client2.getId()).roles().create(RoleBuilder.create().name("client-role").build());
RoleRepresentation role1 = testRealmResource().clients().get(client1.getId()).roles().get("client-role").toRepresentation();
RoleRepresentation role2 = testRealmResource().clients().get(client2.getId()).roles().get("client-role").toRepresentation();
PolicyRepresentation policy = new PolicyRepresentation();
policy.setName("role-based-policy");
policy.setType("role");
Map<String, String> config = new HashMap<>();
config.put("roles", "[{\"id\":\"" + role1.getId() + "\"},{\"id\":\"" + role2.getId() + "\"}]");
policy.setConfig(config);
try (Response create = authorizationResource.policies().create(policy)) {
Assert.assertEquals(Status.CREATED, create.getStatusInfo());
}
// export authorization settings
ResourceServerRepresentation exportSettings = authorizationResource.exportSettings();
boolean found = false;
for (PolicyRepresentation p : exportSettings.getPolicies()) {
if (p.getName().equals("role-based-policy")) {
found = true;
Assert.assertTrue(p.getConfig().get("roles").contains("test-client-1/client-role") && p.getConfig().get("roles").contains("test-client-2/client-role"));
}
}
if (!found) {
Assert.fail("Policy \"role-based-policy\" was not found in exported settings.");
}
}
use of org.keycloak.representations.idm.authorization.ResourceServerRepresentation in project keycloak by keycloak.
the class ExportAuthorizationSettingsTest method testResourceBasedPermission.
// KEYCLOAK-4341
@Test
public void testResourceBasedPermission() throws Exception {
String permissionName = "resource-based-permission";
ClientResource clientResource = getClientResource();
AuthorizationResource authorizationResource = clientResource.authorization();
// get Default Resource
List<ResourceRepresentation> resources = authorizationResource.resources().findByName("Default Resource");
Assert.assertTrue(resources.size() == 1);
ResourceRepresentation resource = resources.get(0);
// get Default Policy
PolicyRepresentation policy = authorizationResource.policies().findByName("Default Policy");
// create Resource-based permission and add default policy/resource
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
permission.setName(permissionName);
permission.addPolicy(policy.getId());
permission.addResource(resource.getId());
Response create = authorizationResource.permissions().resource().create(permission);
try {
Assert.assertEquals(Status.CREATED, create.getStatusInfo());
} finally {
create.close();
}
// export authorization settings
ResourceServerRepresentation exportSettings = authorizationResource.exportSettings();
// check exported settings contains both resources/applyPolicies
boolean found = false;
for (PolicyRepresentation p : exportSettings.getPolicies()) {
if (p.getName().equals(permissionName)) {
found = true;
Assert.assertEquals("[\"Default Resource\"]", p.getConfig().get("resources"));
Assert.assertEquals("[\"Default Policy\"]", p.getConfig().get("applyPolicies"));
}
}
Assert.assertTrue("Permission \"role-based-permission\" was not found.", found);
}
Aggregations