Search in sources :

Example 1 with ResourceServerRepresentation

use of org.keycloak.representations.idm.authorization.ResourceServerRepresentation in project keycloak by keycloak.

the class AbstractBasePhotozExampleAdapterTest method importResourceServerSettings.

private void importResourceServerSettings() throws FileNotFoundException {
    ResourceServerRepresentation authSettings = loadJson(new FileInputStream(new File(TEST_APPS_HOME_DIR + "/photoz/photoz-restful-api-authz-service.json")), ResourceServerRepresentation.class);
    authSettings.getPolicies().stream().filter(x -> "Only Owner Policy".equals(x.getName())).forEach(x -> x.getConfig().put("mavenArtifactVersion", System.getProperty("project.version")));
    getAuthorizationResource().importSettings(authSettings);
}
Also used : AUTHORIZATION(org.keycloak.common.Profile.Feature.AUTHORIZATION) LaxRedirectStrategy(org.apache.http.impl.client.LaxRedirectStrategy) JavascriptBrowser(org.keycloak.testsuite.util.JavascriptBrowser) Arrays(java.util.Arrays) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) IOUtil.loadJson(org.keycloak.testsuite.utils.io.IOUtil.loadJson) TimeoutException(java.util.concurrent.TimeoutException) WebElement(org.openqa.selenium.WebElement) Page(org.jboss.arquillian.graphene.page.Page) JavascriptExecutor(org.openqa.selenium.JavascriptExecutor) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) Map(java.util.Map) After(org.junit.After) ClientResource(org.keycloak.admin.client.resource.ClientResource) FindBy(org.openqa.selenium.support.FindBy) JavascriptTestExecutorWithAuthorization(org.keycloak.testsuite.util.javascript.JavascriptTestExecutorWithAuthorization) ClientScopesResource(org.keycloak.admin.client.resource.ClientScopesResource) RealmResource(org.keycloak.admin.client.resource.RealmResource) Deployer(org.jboss.arquillian.container.test.api.Deployer) Collectors(java.util.stream.Collectors) AppServerTestEnricher(org.keycloak.testsuite.arquillian.AppServerTestEnricher) FileNotFoundException(java.io.FileNotFoundException) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) URLAssert.assertCurrentUrlStartsWith(org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith) List(java.util.List) ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) Response(javax.ws.rs.core.Response) HttpGet(org.apache.http.client.methods.HttpGet) Administration(org.wildfly.extras.creaper.core.online.operations.admin.Administration) Matchers.equalTo(org.hamcrest.Matchers.equalTo) Matchers.is(org.hamcrest.Matchers.is) ProtocolMapperUtils(org.keycloak.protocol.ProtocolMapperUtils) WebDriverWait(org.openqa.selenium.support.ui.WebDriverWait) OnlineManagementClient(org.wildfly.extras.creaper.core.online.OnlineManagementClient) BeforeClass(org.junit.BeforeClass) WebDriver(org.openqa.selenium.WebDriver) UPLOAD_SCRIPTS(org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS) DroneUtils(org.keycloak.testsuite.util.DroneUtils) HashMap(java.util.HashMap) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) OAuthGrant(org.keycloak.testsuite.auth.page.login.OAuthGrant) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) EnableFeature(org.keycloak.testsuite.arquillian.annotation.EnableFeature) ArquillianResource(org.jboss.arquillian.test.api.ArquillianResource) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) ProfileAssume(org.keycloak.testsuite.ProfileAssume) Before(org.junit.Before) ApiUtil(org.keycloak.testsuite.admin.ApiUtil) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) IOUtil.loadRealm(org.keycloak.testsuite.utils.io.IOUtil.loadRealm) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) IOException(java.io.IOException) FileInputStream(java.io.FileInputStream) WaitUtils.waitForPageToLoad(org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad) CliException(org.wildfly.extras.creaper.core.online.CliException) File(java.io.File) UserClientRoleMappingMapper(org.keycloak.protocol.oidc.mappers.UserClientRoleMappingMapper) PhotozClientAuthzTestApp(org.keycloak.testsuite.adapter.page.PhotozClientAuthzTestApp) HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder) Assert(org.junit.Assert) DeploymentException(org.jboss.arquillian.container.spi.client.container.DeploymentException) ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) File(java.io.File) FileInputStream(java.io.FileInputStream)

Example 2 with ResourceServerRepresentation

use of org.keycloak.representations.idm.authorization.ResourceServerRepresentation in project keycloak by keycloak.

the class AbstractAuthorizationTest method enableAuthorizationServices.

protected void enableAuthorizationServices(boolean enable) {
    ClientRepresentation resourceServer = getResourceServer();
    resourceServer.setAuthorizationServicesEnabled(enable);
    resourceServer.setServiceAccountsEnabled(true);
    resourceServer.setPublicClient(false);
    resourceServer.setSecret("secret");
    getClientResource().update(resourceServer);
    if (enable) {
        AuthorizationResource authorization = getClientResource().authorization();
        ResourceServerRepresentation settings = authorization.exportSettings();
        settings.setAllowRemoteResourceManagement(true);
        authorization.update(settings);
    }
}
Also used : ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)

Example 3 with ResourceServerRepresentation

use of org.keycloak.representations.idm.authorization.ResourceServerRepresentation in project keycloak by keycloak.

the class AuthorizationTest method testEnableAuthorizationServices.

@Test
public void testEnableAuthorizationServices() {
    ClientResource clientResource = getClientResource();
    ClientRepresentation resourceServer = getResourceServer();
    RealmResource realm = realmsResouce().realm(getRealmId());
    UserRepresentation serviceAccount = realm.users().search(ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + resourceServer.getClientId()).get(0);
    Assert.assertNotNull(serviceAccount);
    List<RoleRepresentation> serviceAccountRoles = realm.users().get(serviceAccount.getId()).roles().clientLevel(resourceServer.getId()).listEffective();
    Assert.assertTrue(serviceAccountRoles.stream().anyMatch(roleRepresentation -> "uma_protection".equals(roleRepresentation.getName())));
    enableAuthorizationServices(false);
    enableAuthorizationServices(true);
    serviceAccount = clientResource.getServiceAccountUser();
    Assert.assertNotNull(serviceAccount);
    realm = realmsResouce().realm(getRealmId());
    serviceAccountRoles = realm.users().get(serviceAccount.getId()).roles().clientLevel(resourceServer.getId()).listEffective();
    Assert.assertTrue(serviceAccountRoles.stream().anyMatch(roleRepresentation -> "uma_protection".equals(roleRepresentation.getName())));
    JSPolicyRepresentation policy = new JSPolicyRepresentation();
    policy.setName("should be removed");
    policy.setCode("");
    clientResource.authorization().policies().js().create(policy);
    List<ResourceRepresentation> defaultResources = clientResource.authorization().resources().resources();
    assertEquals(1, defaultResources.size());
    List<PolicyRepresentation> defaultPolicies = clientResource.authorization().policies().policies();
    assertEquals(3, defaultPolicies.size());
    enableAuthorizationServices(false);
    enableAuthorizationServices(true);
    ResourceServerRepresentation settings = clientResource.authorization().getSettings();
    assertEquals(PolicyEnforcerConfig.EnforcementMode.ENFORCING.name(), settings.getPolicyEnforcementMode().name());
    assertTrue(settings.isAllowRemoteResourceManagement());
    assertEquals(resourceServer.getId(), settings.getClientId());
    defaultResources = clientResource.authorization().resources().resources();
    assertEquals(1, defaultResources.size());
    defaultPolicies = clientResource.authorization().policies().policies();
    assertEquals(2, defaultPolicies.size());
    serviceAccount = clientResource.getServiceAccountUser();
    Assert.assertNotNull(serviceAccount);
    serviceAccountRoles = realm.users().get(serviceAccount.getId()).roles().clientLevel(resourceServer.getId()).listEffective();
    Assert.assertTrue(serviceAccountRoles.stream().anyMatch(roleRepresentation -> "uma_protection".equals(roleRepresentation.getName())));
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) PolicyEnforcerConfig(org.keycloak.representations.adapters.config.PolicyEnforcerConfig) Assert.assertTrue(org.junit.Assert.assertTrue) Test(org.junit.Test) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) ServiceAccountConstants(org.keycloak.common.constants.ServiceAccountConstants) ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) List(java.util.List) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) Assert(org.junit.Assert) ClientResource(org.keycloak.admin.client.resource.ClientResource) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) Assert.assertEquals(org.junit.Assert.assertEquals) ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Test(org.junit.Test)

Example 4 with ResourceServerRepresentation

use of org.keycloak.representations.idm.authorization.ResourceServerRepresentation in project keycloak by keycloak.

the class ExportAuthorizationSettingsTest method testRoleBasedPolicyWithMultipleRoles.

// KEYCLOAK-4983
@Test
public void testRoleBasedPolicyWithMultipleRoles() {
    ClientResource clientResource = getClientResource();
    AuthorizationResource authorizationResource = clientResource.authorization();
    testRealmResource().clients().create(ClientBuilder.create().clientId("test-client-1").build()).close();
    testRealmResource().clients().create(ClientBuilder.create().clientId("test-client-2").build()).close();
    ClientRepresentation client1 = getClientByClientId("test-client-1");
    ClientRepresentation client2 = getClientByClientId("test-client-2");
    testRealmResource().clients().get(client1.getId()).roles().create(RoleBuilder.create().name("client-role").build());
    testRealmResource().clients().get(client2.getId()).roles().create(RoleBuilder.create().name("client-role").build());
    RoleRepresentation role1 = testRealmResource().clients().get(client1.getId()).roles().get("client-role").toRepresentation();
    RoleRepresentation role2 = testRealmResource().clients().get(client2.getId()).roles().get("client-role").toRepresentation();
    PolicyRepresentation policy = new PolicyRepresentation();
    policy.setName("role-based-policy");
    policy.setType("role");
    Map<String, String> config = new HashMap<>();
    config.put("roles", "[{\"id\":\"" + role1.getId() + "\"},{\"id\":\"" + role2.getId() + "\"}]");
    policy.setConfig(config);
    try (Response create = authorizationResource.policies().create(policy)) {
        Assert.assertEquals(Status.CREATED, create.getStatusInfo());
    }
    // export authorization settings
    ResourceServerRepresentation exportSettings = authorizationResource.exportSettings();
    boolean found = false;
    for (PolicyRepresentation p : exportSettings.getPolicies()) {
        if (p.getName().equals("role-based-policy")) {
            found = true;
            Assert.assertTrue(p.getConfig().get("roles").contains("test-client-1/client-role") && p.getConfig().get("roles").contains("test-client-2/client-role"));
        }
    }
    if (!found) {
        Assert.fail("Policy \"role-based-policy\" was not found in exported settings.");
    }
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) Response(javax.ws.rs.core.Response) HashMap(java.util.HashMap) ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test)

Example 5 with ResourceServerRepresentation

use of org.keycloak.representations.idm.authorization.ResourceServerRepresentation in project keycloak by keycloak.

the class ExportAuthorizationSettingsTest method testResourceBasedPermission.

// KEYCLOAK-4341
@Test
public void testResourceBasedPermission() throws Exception {
    String permissionName = "resource-based-permission";
    ClientResource clientResource = getClientResource();
    AuthorizationResource authorizationResource = clientResource.authorization();
    // get Default Resource
    List<ResourceRepresentation> resources = authorizationResource.resources().findByName("Default Resource");
    Assert.assertTrue(resources.size() == 1);
    ResourceRepresentation resource = resources.get(0);
    // get Default Policy
    PolicyRepresentation policy = authorizationResource.policies().findByName("Default Policy");
    // create Resource-based permission and add default policy/resource
    ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
    permission.setName(permissionName);
    permission.addPolicy(policy.getId());
    permission.addResource(resource.getId());
    Response create = authorizationResource.permissions().resource().create(permission);
    try {
        Assert.assertEquals(Status.CREATED, create.getStatusInfo());
    } finally {
        create.close();
    }
    // export authorization settings
    ResourceServerRepresentation exportSettings = authorizationResource.exportSettings();
    // check exported settings contains both resources/applyPolicies
    boolean found = false;
    for (PolicyRepresentation p : exportSettings.getPolicies()) {
        if (p.getName().equals(permissionName)) {
            found = true;
            Assert.assertEquals("[\"Default Resource\"]", p.getConfig().get("resources"));
            Assert.assertEquals("[\"Default Policy\"]", p.getConfig().get("applyPolicies"));
        }
    }
    Assert.assertTrue("Permission \"role-based-permission\" was not found.", found);
}
Also used : PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) Response(javax.ws.rs.core.Response) ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation) Test(org.junit.Test)

Aggregations

ResourceServerRepresentation (org.keycloak.representations.idm.authorization.ResourceServerRepresentation)25 Test (org.junit.Test)15 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)15 ClientResource (org.keycloak.admin.client.resource.ClientResource)13 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)12 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)8 PolicyRepresentation (org.keycloak.representations.idm.authorization.PolicyRepresentation)7 ArrayList (java.util.ArrayList)6 Response (javax.ws.rs.core.Response)5 ClientsResource (org.keycloak.admin.client.resource.ClientsResource)5 RealmResource (org.keycloak.admin.client.resource.RealmResource)5 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)5 Permission (org.keycloak.representations.idm.authorization.Permission)5 List (java.util.List)4 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)4 IOException (java.io.IOException)3 HashMap (java.util.HashMap)3 Assert (org.junit.Assert)3 Before (org.junit.Before)3 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)3