Examples with ResourceServerRepresentation org.keycloak.representations.idm.authorization.ResourceServerRepresentation used on opensource projects

Search in sources :

Example 16 with ResourceServerRepresentation

use of org.keycloak.representations.idm.authorization.ResourceServerRepresentation in project keycloak by keycloak.

the class UserManagedAccessTest method testPermissiveModePermissions.

@Test
public void testPermissiveModePermissions() throws Exception {
    resource = addResource("Resource A");
    try {
        authorize("kolo", "password", resource.getId(), null);
        fail("Access should be denied, server in enforcing mode");
    } catch (AuthorizationDeniedException ade) {
    }
    AuthorizationResource authorizationResource = getClient(getRealm()).authorization();
    ResourceServerRepresentation settings = authorizationResource.getSettings();
    settings.setPolicyEnforcementMode(PolicyEnforcementMode.PERMISSIVE);
    authorizationResource.update(settings);
    AuthorizationResponse response = authorize("marta", "password", "Resource A", null);
    String rpt = response.getToken();
    assertNotNull(rpt);
    assertFalse(response.isUpgraded());
    AccessToken accessToken = toAccessToken(rpt);
    AccessToken.Authorization authorization = accessToken.getAuthorization();
    assertNotNull(authorization);
    Collection<Permission> permissions = authorization.getPermissions();
    assertNotNull(permissions);
    assertPermissions(permissions, "Resource A");
    assertTrue(permissions.isEmpty());
}
Also used : AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException) ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) AccessToken(org.keycloak.representations.AccessToken) Permission(org.keycloak.representations.idm.authorization.Permission) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 17 with ResourceServerRepresentation

use of org.keycloak.representations.idm.authorization.ResourceServerRepresentation in project keycloak by keycloak.

the class ResourceServer method getRepresentation.

@Override
public ResourceServerRepresentation getRepresentation() {
    ResourceServerRepresentation r = super.getRepresentation();
    r.setId(getClient().getRepresentation().getId());
    r.setClientId(getClient().getRepresentation().getClientId());
    r.setName(getClient().getRepresentation().getName());
    r.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
    return r;
}
Also used : ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation)

Example 18 with ResourceServerRepresentation

use of org.keycloak.representations.idm.authorization.ResourceServerRepresentation in project keycloak by keycloak.

the class ConflictingScopePermissionTest method testWithDisabledMode.

@Test
public void testWithDisabledMode() throws Exception {
    ClientResource client = getClient(getRealm());
    AuthorizationResource authorization = client.authorization();
    ResourceServerRepresentation settings = authorization.getSettings();
    settings.setPolicyEnforcementMode(PolicyEnforcementMode.DISABLED);
    settings.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
    authorization.update(settings);
    Collection<Permission> permissions = getEntitlements("marta", "password");
    assertEquals(3, permissions.size());
    for (Permission permission : new ArrayList<>(permissions)) {
        String resourceSetName = permission.getResourceName();
        switch(resourceSetName) {
            case "Resource A":
                assertThat(permission.getScopes(), containsInAnyOrder("execute", "write", "read"));
                permissions.remove(permission);
                break;
            case "Resource C":
                assertThat(permission.getScopes(), containsInAnyOrder("execute", "write", "read"));
                permissions.remove(permission);
                break;
            case "Resource B":
                assertThat(permission.getScopes(), containsInAnyOrder("execute", "write", "read"));
                permissions.remove(permission);
                break;
            default:
                fail("Unexpected permission for resource [" + resourceSetName + "]");
        }
    }
    assertTrue(permissions.isEmpty());
}
Also used : ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) Permission(org.keycloak.representations.idm.authorization.Permission) ArrayList(java.util.ArrayList) ClientResource(org.keycloak.admin.client.resource.ClientResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) Test(org.junit.Test)

Example 19 with ResourceServerRepresentation

use of org.keycloak.representations.idm.authorization.ResourceServerRepresentation in project keycloak by keycloak.

the class ConflictingScopePermissionTest method testWithPermissiveMode.

@Test
public void testWithPermissiveMode() throws Exception {
    ClientResource client = getClient(getRealm());
    AuthorizationResource authorization = client.authorization();
    ResourceServerRepresentation settings = authorization.getSettings();
    settings.setPolicyEnforcementMode(PolicyEnforcementMode.PERMISSIVE);
    settings.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
    authorization.update(settings);
    Collection<Permission> permissions = getEntitlements("marta", "password");
    assertEquals(3, permissions.size());
    for (Permission permission : new ArrayList<>(permissions)) {
        String resourceSetName = permission.getResourceName();
        switch(resourceSetName) {
            case "Resource A":
                assertThat(permission.getScopes(), containsInAnyOrder("execute", "write"));
                permissions.remove(permission);
                break;
            case "Resource C":
                assertThat(permission.getScopes(), containsInAnyOrder("execute", "write", "read"));
                permissions.remove(permission);
                break;
            case "Resource B":
                assertThat(permission.getScopes(), containsInAnyOrder("execute", "write", "read"));
                permissions.remove(permission);
                break;
            default:
                fail("Unexpected permission for resource [" + resourceSetName + "]");
        }
    }
    assertTrue(permissions.isEmpty());
}
Also used : ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) Permission(org.keycloak.representations.idm.authorization.Permission) ArrayList(java.util.ArrayList) ClientResource(org.keycloak.admin.client.resource.ClientResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) Test(org.junit.Test)

Example 20 with ResourceServerRepresentation

use of org.keycloak.representations.idm.authorization.ResourceServerRepresentation in project keycloak by keycloak.

the class ExportImportUtil method assertAuthorizationSettingsTestAppAuthz.

private static void assertAuthorizationSettingsTestAppAuthz(RealmResource realmRsc) {
    AuthorizationResource authzResource = ApiUtil.findAuthorizationSettings(realmRsc, "test-app-authz");
    Assert.assertNotNull(authzResource);
    List<ResourceRepresentation> resources = authzResource.resources().resources();
    Assert.assertEquals(4, resources.size());
    ResourceServerRepresentation authzSettings = authzResource.getSettings();
    List<Predicate<ResourceRepresentation>> resourcePredicates = new ArrayList<>();
    resourcePredicates.add(resourceRep -> {
        if ("Admin Resource".equals(resourceRep.getName())) {
            Assert.assertEquals(authzSettings.getClientId(), resourceRep.getOwner().getId());
            Assert.assertEquals("/protected/admin/*", resourceRep.getUri());
            Assert.assertEquals("http://test-app-authz/protected/admin", resourceRep.getType());
            Assert.assertEquals("http://icons.com/icon-admin", resourceRep.getIconUri());
            Assert.assertEquals(1, resourceRep.getScopes().size());
            return true;
        }
        return false;
    });
    resourcePredicates.add(resourceRep -> {
        if ("Protected Resource".equals(resourceRep.getName())) {
            Assert.assertEquals(authzSettings.getClientId(), resourceRep.getOwner().getId());
            Assert.assertEquals("/*", resourceRep.getUri());
            Assert.assertEquals("http://test-app-authz/protected/resource", resourceRep.getType());
            Assert.assertEquals("http://icons.com/icon-resource", resourceRep.getIconUri());
            Assert.assertEquals(1, resourceRep.getScopes().size());
            return true;
        }
        return false;
    });
    resourcePredicates.add(resourceRep -> {
        if ("Premium Resource".equals(resourceRep.getName())) {
            Assert.assertEquals(authzSettings.getClientId(), resourceRep.getOwner().getId());
            Assert.assertEquals("/protected/premium/*", resourceRep.getUri());
            Assert.assertEquals("urn:test-app-authz:protected:resource", resourceRep.getType());
            Assert.assertEquals("http://icons.com/icon-premium", resourceRep.getIconUri());
            Assert.assertEquals(1, resourceRep.getScopes().size());
            return true;
        }
        return false;
    });
    resourcePredicates.add(resourceRep -> {
        if ("Main Page".equals(resourceRep.getName())) {
            Assert.assertEquals(authzSettings.getClientId(), resourceRep.getOwner().getId());
            Assert.assertNull(resourceRep.getUri());
            Assert.assertEquals("urn:test-app-authz:protected:resource", resourceRep.getType());
            Assert.assertEquals("http://icons.com/icon-main-page", resourceRep.getIconUri());
            Assert.assertEquals(3, resourceRep.getScopes().size());
            return true;
        }
        return false;
    });
    assertPredicate(resources, resourcePredicates);
    List<ScopeRepresentation> scopes = authzResource.scopes().scopes();
    Assert.assertEquals(6, scopes.size());
    List<Predicate<ScopeRepresentation>> scopePredicates = new ArrayList<>();
    scopePredicates.add(scopeRepresentation -> "admin-access".equals(scopeRepresentation.getName()));
    scopePredicates.add(scopeRepresentation -> "resource-access".equals(scopeRepresentation.getName()));
    scopePredicates.add(scopeRepresentation -> "premium-access".equals(scopeRepresentation.getName()));
    scopePredicates.add(scopeRepresentation -> "urn:test-app-authz:page:main:actionForAdmin".equals(scopeRepresentation.getName()));
    scopePredicates.add(scopeRepresentation -> "urn:test-app-authz:page:main:actionForUser".equals(scopeRepresentation.getName()));
    scopePredicates.add(scopeRepresentation -> "urn:test-app-authz:page:main:actionForPremiumUser".equals(scopeRepresentation.getName()));
    assertPredicate(scopes, scopePredicates);
    List<PolicyRepresentation> policies = authzResource.policies().policies();
    Assert.assertEquals(14, policies.size());
    List<Predicate<PolicyRepresentation>> policyPredicates = new ArrayList<>();
    policyPredicates.add(policyRepresentation -> "Any Admin Policy".equals(policyRepresentation.getName()));
    policyPredicates.add(policyRepresentation -> "Any User Policy".equals(policyRepresentation.getName()));
    policyPredicates.add(representation -> "Client and Realm Role Policy".equals(representation.getName()));
    policyPredicates.add(representation -> "Client Test Policy".equals(representation.getName()));
    policyPredicates.add(representation -> "Group Policy Test".equals(representation.getName()));
    policyPredicates.add(policyRepresentation -> "Only Premium User Policy".equals(policyRepresentation.getName()));
    policyPredicates.add(policyRepresentation -> "wburke policy".equals(policyRepresentation.getName()));
    policyPredicates.add(policyRepresentation -> "All Users Policy".equals(policyRepresentation.getName()));
    policyPredicates.add(policyRepresentation -> "Premium Resource Permission".equals(policyRepresentation.getName()));
    policyPredicates.add(policyRepresentation -> "Administrative Resource Permission".equals(policyRepresentation.getName()));
    policyPredicates.add(policyRepresentation -> "Protected Resource Permission".equals(policyRepresentation.getName()));
    policyPredicates.add(policyRepresentation -> "Action 1 on Main Page Resource Permission".equals(policyRepresentation.getName()));
    policyPredicates.add(policyRepresentation -> "Action 2 on Main Page Resource Permission".equals(policyRepresentation.getName()));
    policyPredicates.add(policyRepresentation -> "Action 3 on Main Page Resource Permission".equals(policyRepresentation.getName()));
    assertPredicate(policies, policyPredicates);
}
Also used : ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) ArrayList(java.util.ArrayList) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Predicate(java.util.function.Predicate) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)

Aggregations

ResourceServerRepresentation (org.keycloak.representations.idm.authorization.ResourceServerRepresentation)25 Test (org.junit.Test)15 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)15 ClientResource (org.keycloak.admin.client.resource.ClientResource)13 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)12 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)8 PolicyRepresentation (org.keycloak.representations.idm.authorization.PolicyRepresentation)7 ArrayList (java.util.ArrayList)6 Response (javax.ws.rs.core.Response)5 ClientsResource (org.keycloak.admin.client.resource.ClientsResource)5 RealmResource (org.keycloak.admin.client.resource.RealmResource)5 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)5 Permission (org.keycloak.representations.idm.authorization.Permission)5 List (java.util.List)4 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)4 IOException (java.io.IOException)3 HashMap (java.util.HashMap)3 Assert (org.junit.Assert)3 Before (org.junit.Before)3 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial