Search in sources :

Example 1 with ScopePermissionRepresentation

use of org.keycloak.representations.idm.authorization.ScopePermissionRepresentation in project keycloak by keycloak.

the class UsersTest method setupTestEnvironmentWithPermissions.

private RealmResource setupTestEnvironmentWithPermissions(boolean grp1ViewPermissions) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
    String testUserId = createUser(realmId, "test-user", "password", "", "", "");
    // assign 'query-users' role to test user
    ClientRepresentation clientRepresentation = realm.clients().findByClientId("realm-management").get(0);
    String realmManagementId = clientRepresentation.getId();
    RoleRepresentation roleRepresentation = realm.clients().get(realmManagementId).roles().get("query-users").toRepresentation();
    realm.users().get(testUserId).roles().clientLevel(realmManagementId).add(Collections.singletonList(roleRepresentation));
    // create test users and groups
    List<GroupRepresentation> groups = setupUsersInGroupsWithPermissions();
    if (grp1ViewPermissions) {
        AuthorizationResource authorizationResource = realm.clients().get(realmManagementId).authorization();
        // create a user policy for the test user
        UserPolicyRepresentation policy = new UserPolicyRepresentation();
        String policyName = "test-policy";
        policy.setName(policyName);
        policy.setUsers(Collections.singleton(testUserId));
        authorizationResource.policies().user().create(policy).close();
        PolicyRepresentation policyRepresentation = authorizationResource.policies().findByName(policyName);
        // add the policy to grp1
        Optional<GroupRepresentation> optional = groups.stream().filter(g -> g.getName().equals("grp1")).findFirst();
        assertThat(optional.isPresent(), is(true));
        GroupRepresentation grp1 = optional.get();
        ScopePermissionRepresentation scopePermissionRepresentation = authorizationResource.permissions().scope().findByName("view.members.permission.group." + grp1.getId());
        scopePermissionRepresentation.setPolicies(Collections.singleton(policyRepresentation.getId()));
        scopePermissionRepresentation.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
        authorizationResource.permissions().scope().findById(scopePermissionRepresentation.getId()).update(scopePermissionRepresentation);
    }
    Keycloak testUserClient = AdminClientUtil.createAdminClient(true, realm.toRepresentation().getRealm(), "test-user", "password", "admin-cli", "");
    return testUserClient.realm(realm.toRepresentation().getRealm());
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) CoreMatchers.is(org.hamcrest.CoreMatchers.is) Profile(org.keycloak.common.Profile) Matchers.not(org.hamcrest.Matchers.not) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) KeyStoreException(java.security.KeyStoreException) PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation) ArrayList(java.util.ArrayList) ManagementPermissionRepresentation(org.keycloak.representations.idm.ManagementPermissionRepresentation) AdminClientUtil(org.keycloak.testsuite.util.AdminClientUtil) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) ProfileAssume(org.keycloak.testsuite.ProfileAssume) Before(org.junit.Before) Matchers.empty(org.hamcrest.Matchers.empty) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) ScopePermissionRepresentation(org.keycloak.representations.idm.authorization.ScopePermissionRepresentation) Test(org.junit.Test) IOException(java.io.IOException) DecisionStrategy(org.keycloak.representations.idm.authorization.DecisionStrategy) KeyManagementException(java.security.KeyManagementException) CertificateException(java.security.cert.CertificateException) Keycloak(org.keycloak.admin.client.Keycloak) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) List(java.util.List) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) Optional(java.util.Optional) Collections(java.util.Collections) GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) UserPolicyRepresentation(org.keycloak.representations.idm.authorization.UserPolicyRepresentation) Keycloak(org.keycloak.admin.client.Keycloak) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) ScopePermissionRepresentation(org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)

Example 2 with ScopePermissionRepresentation

use of org.keycloak.representations.idm.authorization.ScopePermissionRepresentation in project keycloak by keycloak.

the class ScopeManagementTest method testDeleteAndPolicyUpdate.

@Test(expected = NotFoundException.class)
public void testDeleteAndPolicyUpdate() {
    ResourceScopeResource scopeResource = createDefaultScope();
    ScopeRepresentation scopeRepresentation = scopeResource.toRepresentation();
    ScopePermissionRepresentation representation = new ScopePermissionRepresentation();
    representation.setName(scopeRepresentation.getName());
    representation.addScope(scopeRepresentation.getId());
    getClientResource().authorization().permissions().scope().create(representation);
    ScopePermissionRepresentation permissionRepresentation = getClientResource().authorization().permissions().scope().findByName(scopeRepresentation.getName());
    List<ScopeRepresentation> scopes = getClientResource().authorization().policies().policy(permissionRepresentation.getId()).scopes();
    assertEquals(1, scopes.size());
    scopeResource.remove();
    assertTrue(getClientResource().authorization().policies().policy(permissionRepresentation.getId()).scopes().isEmpty());
}
Also used : ResourceScopeResource(org.keycloak.admin.client.resource.ResourceScopeResource) ScopeRepresentation(org.keycloak.representations.idm.authorization.ScopeRepresentation) ScopePermissionRepresentation(org.keycloak.representations.idm.authorization.ScopePermissionRepresentation) Test(org.junit.Test)

Example 3 with ScopePermissionRepresentation

use of org.keycloak.representations.idm.authorization.ScopePermissionRepresentation in project keycloak by keycloak.

the class ScopePermissionManagementTest method testDelete.

@Test
public void testDelete() {
    AuthorizationResource authorization = getClient().authorization();
    ScopePermissionRepresentation representation = new ScopePermissionRepresentation();
    representation.setName("Test Delete Permission");
    representation.addScope("execute");
    representation.addPolicy("Only Marta Policy");
    assertCreated(authorization, representation);
    ScopePermissionsResource permissions = authorization.permissions().scope();
    permissions.findById(representation.getId()).remove();
    ScopePermissionResource removed = permissions.findById(representation.getId());
    try {
        removed.toRepresentation();
        fail("Permission not removed");
    } catch (NotFoundException ignore) {
    }
}
Also used : ScopePermissionResource(org.keycloak.admin.client.resource.ScopePermissionResource) NotFoundException(javax.ws.rs.NotFoundException) ScopePermissionsResource(org.keycloak.admin.client.resource.ScopePermissionsResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ScopePermissionRepresentation(org.keycloak.representations.idm.authorization.ScopePermissionRepresentation) Test(org.junit.Test)

Example 4 with ScopePermissionRepresentation

use of org.keycloak.representations.idm.authorization.ScopePermissionRepresentation in project keycloak by keycloak.

the class ScopePermissionManagementTest method assertCreated.

private void assertCreated(AuthorizationResource authorization, ScopePermissionRepresentation representation) {
    ScopePermissionsResource permissions = authorization.permissions().scope();
    try (Response response = permissions.create(representation)) {
        ScopePermissionRepresentation created = response.readEntity(ScopePermissionRepresentation.class);
        ScopePermissionResource permission = permissions.findById(created.getId());
        assertRepresentation(representation, permission);
    }
}
Also used : Response(javax.ws.rs.core.Response) ScopePermissionResource(org.keycloak.admin.client.resource.ScopePermissionResource) ScopePermissionsResource(org.keycloak.admin.client.resource.ScopePermissionsResource) ScopePermissionRepresentation(org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)

Example 5 with ScopePermissionRepresentation

use of org.keycloak.representations.idm.authorization.ScopePermissionRepresentation in project keycloak by keycloak.

the class ScopePermissionManagementTest method failCreateWithSameName.

@Test
public void failCreateWithSameName() {
    AuthorizationResource authorization = getClient().authorization();
    ScopePermissionRepresentation permission1 = new ScopePermissionRepresentation();
    permission1.setName("Conflicting Name Permission");
    permission1.addScope("read");
    permission1.addPolicy("Only Marta Policy");
    ScopePermissionsResource permissions = authorization.permissions().scope();
    permissions.create(permission1).close();
    ScopePermissionRepresentation permission2 = new ScopePermissionRepresentation();
    permission2.setName(permission1.getName());
    try (Response response = permissions.create(permission2)) {
        assertEquals(Response.Status.CONFLICT.getStatusCode(), response.getStatus());
    }
}
Also used : Response(javax.ws.rs.core.Response) ScopePermissionsResource(org.keycloak.admin.client.resource.ScopePermissionsResource) AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource) ScopePermissionRepresentation(org.keycloak.representations.idm.authorization.ScopePermissionRepresentation) Test(org.junit.Test)

Aggregations

ScopePermissionRepresentation (org.keycloak.representations.idm.authorization.ScopePermissionRepresentation)43 Test (org.junit.Test)32 AuthorizationResource (org.keycloak.admin.client.resource.AuthorizationResource)23 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)17 AuthzClient (org.keycloak.authorization.client.AuthzClient)16 JSPolicyRepresentation (org.keycloak.representations.idm.authorization.JSPolicyRepresentation)16 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)16 ClientResource (org.keycloak.admin.client.resource.ClientResource)15 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)15 Permission (org.keycloak.representations.idm.authorization.Permission)14 Response (javax.ws.rs.core.Response)13 OAuthClient (org.keycloak.testsuite.util.OAuthClient)13 PermissionResponse (org.keycloak.representations.idm.authorization.PermissionResponse)11 TokenIntrospectionResponse (org.keycloak.authorization.client.representation.TokenIntrospectionResponse)10 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)10 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)7 ResourcePermissionRepresentation (org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)7 ScopePermissionsResource (org.keycloak.admin.client.resource.ScopePermissionsResource)6 ScopePermission (org.keycloak.testsuite.console.page.clients.authorization.permission.ScopePermission)5 ArrayList (java.util.ArrayList)4