Examples with UmaPermissionRepresentation org.keycloak.representations.idm.authorization.UmaPermissionRepresentation used on opensource projects

Search in sources :

Example 6 with UmaPermissionRepresentation

use of org.keycloak.representations.idm.authorization.UmaPermissionRepresentation in project keycloak by keycloak.

the class UserManagedPermissionServiceTest method testFindPermission.

@Test
public void testFindPermission() {
    ResourceRepresentation resource = new ResourceRepresentation();
    resource.setName(UUID.randomUUID().toString());
    resource.setOwner("marta");
    resource.setOwnerManagedAccess(true);
    resource.addScope("Scope A", "Scope B", "Scope C");
    ProtectionResource protection = getAuthzClient().protection();
    resource = protection.resource().create(resource);
    PolicyResource policy = getAuthzClient().protection("marta", "password").policy(resource.getId());
    for (int i = 0; i < 10; i++) {
        UmaPermissionRepresentation permission = new UmaPermissionRepresentation();
        permission.setName("Custom User-Managed Policy " + i);
        permission.addRole("role_a");
        policy.create(permission);
    }
    assertEquals(10, policy.find(null, null, null, null).size());
    List<UmaPermissionRepresentation> byId = policy.find("Custom User-Managed Policy 8", null, null, null);
    assertEquals(1, byId.size());
    assertEquals(byId.get(0).getId(), policy.findById(byId.get(0).getId()).getId());
    assertEquals(10, policy.find(null, "Scope A", null, null).size());
    assertEquals(5, policy.find(null, null, -1, 5).size());
    assertEquals(2, policy.find(null, null, -1, 2).size());
}
Also used : ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) PolicyResource(org.keycloak.authorization.client.resource.PolicyResource) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Example 7 with UmaPermissionRepresentation

use of org.keycloak.representations.idm.authorization.UmaPermissionRepresentation in project keycloak by keycloak.

the class UserManagedPermissionServiceTest method testUpdate.

private void testUpdate() {
    ResourceRepresentation resource = new ResourceRepresentation();
    resource.setName("Resource A");
    resource.setOwnerManagedAccess(true);
    resource.setOwner("marta");
    resource.addScope("Scope A", "Scope B", "Scope C");
    resource = getAuthzClient().protection().resource().create(resource);
    UmaPermissionRepresentation permission = new UmaPermissionRepresentation();
    permission.setName("Custom User-Managed Permission");
    permission.setDescription("Users from specific roles are allowed to access");
    permission.addScope("Scope A");
    permission.addRole("role_a");
    ProtectionResource protection = getAuthzClient().protection("marta", "password");
    permission = protection.policy(resource.getId()).create(permission);
    assertEquals(1, getAssociatedPolicies(permission).size());
    permission.setName("Changed");
    permission.setDescription("Changed");
    protection.policy(resource.getId()).update(permission);
    UmaPermissionRepresentation updated = protection.policy(resource.getId()).findById(permission.getId());
    assertEquals(permission.getName(), updated.getName());
    assertEquals(permission.getDescription(), updated.getDescription());
    permission.removeRole("role_a");
    permission.addRole("role_b", "role_c");
    protection.policy(resource.getId()).update(permission);
    assertEquals(1, getAssociatedPolicies(permission).size());
    updated = protection.policy(resource.getId()).findById(permission.getId());
    assertTrue(permission.getRoles().containsAll(updated.getRoles()));
    permission.addRole("role_d");
    protection.policy(resource.getId()).update(permission);
    assertEquals(1, getAssociatedPolicies(permission).size());
    updated = protection.policy(resource.getId()).findById(permission.getId());
    assertTrue(permission.getRoles().containsAll(updated.getRoles()));
    permission.addGroup("/group_a/group_b");
    protection.policy(resource.getId()).update(permission);
    assertEquals(2, getAssociatedPolicies(permission).size());
    updated = protection.policy(resource.getId()).findById(permission.getId());
    assertTrue(permission.getGroups().containsAll(updated.getGroups()));
    permission.addGroup("/group_a");
    protection.policy(resource.getId()).update(permission);
    assertEquals(2, getAssociatedPolicies(permission).size());
    updated = protection.policy(resource.getId()).findById(permission.getId());
    assertTrue(permission.getGroups().containsAll(updated.getGroups()));
    permission.removeGroup("/group_a/group_b");
    permission.addGroup("/group_c");
    protection.policy(resource.getId()).update(permission);
    assertEquals(2, getAssociatedPolicies(permission).size());
    updated = protection.policy(resource.getId()).findById(permission.getId());
    assertTrue(permission.getGroups().containsAll(updated.getGroups()));
    permission.addClient("client-a");
    protection.policy(resource.getId()).update(permission);
    assertEquals(3, getAssociatedPolicies(permission).size());
    updated = protection.policy(resource.getId()).findById(permission.getId());
    assertTrue(permission.getClients().containsAll(updated.getClients()));
    permission.addClient("resource-server-test");
    protection.policy(resource.getId()).update(permission);
    assertEquals(3, getAssociatedPolicies(permission).size());
    updated = protection.policy(resource.getId()).findById(permission.getId());
    assertTrue(permission.getClients().containsAll(updated.getClients()));
    permission.removeClient("client-a");
    protection.policy(resource.getId()).update(permission);
    assertEquals(3, getAssociatedPolicies(permission).size());
    updated = protection.policy(resource.getId()).findById(permission.getId());
    assertTrue(permission.getClients().containsAll(updated.getClients()));
    if (Profile.isFeatureEnabled(Profile.Feature.UPLOAD_SCRIPTS)) {
        permission.setCondition("$evaluation.grant()");
        protection.policy(resource.getId()).update(permission);
        assertEquals(4, getAssociatedPolicies(permission).size());
        updated = protection.policy(resource.getId()).findById(permission.getId());
        assertEquals(permission.getCondition(), updated.getCondition());
    }
    permission.addUser("alice");
    protection.policy(resource.getId()).update(permission);
    int expectedPolicies = Profile.isFeatureEnabled(Profile.Feature.UPLOAD_SCRIPTS) ? 5 : 4;
    assertEquals(expectedPolicies, getAssociatedPolicies(permission).size());
    updated = protection.policy(resource.getId()).findById(permission.getId());
    assertEquals(1, updated.getUsers().size());
    assertEquals(permission.getUsers(), updated.getUsers());
    permission.addUser("kolo");
    protection.policy(resource.getId()).update(permission);
    assertEquals(expectedPolicies, getAssociatedPolicies(permission).size());
    updated = protection.policy(resource.getId()).findById(permission.getId());
    assertEquals(2, updated.getUsers().size());
    assertEquals(permission.getUsers(), updated.getUsers());
    permission.removeUser("alice");
    protection.policy(resource.getId()).update(permission);
    assertEquals(expectedPolicies, getAssociatedPolicies(permission).size());
    updated = protection.policy(resource.getId()).findById(permission.getId());
    assertEquals(1, updated.getUsers().size());
    assertEquals(permission.getUsers(), updated.getUsers());
    permission.setUsers(null);
    protection.policy(resource.getId()).update(permission);
    assertEquals(--expectedPolicies, getAssociatedPolicies(permission).size());
    updated = protection.policy(resource.getId()).findById(permission.getId());
    assertEquals(permission.getUsers(), updated.getUsers());
    if (Profile.isFeatureEnabled(Profile.Feature.UPLOAD_SCRIPTS)) {
        permission.setCondition(null);
        protection.policy(resource.getId()).update(permission);
        assertEquals(--expectedPolicies, getAssociatedPolicies(permission).size());
        updated = protection.policy(resource.getId()).findById(permission.getId());
        assertEquals(permission.getCondition(), updated.getCondition());
    }
    ;
    permission.setRoles(null);
    protection.policy(resource.getId()).update(permission);
    assertEquals(--expectedPolicies, getAssociatedPolicies(permission).size());
    updated = protection.policy(resource.getId()).findById(permission.getId());
    assertEquals(permission.getRoles(), updated.getRoles());
    permission.setClients(null);
    protection.policy(resource.getId()).update(permission);
    assertEquals(--expectedPolicies, getAssociatedPolicies(permission).size());
    updated = protection.policy(resource.getId()).findById(permission.getId());
    assertEquals(permission.getClients(), updated.getClients());
    permission.setGroups(null);
    try {
        protection.policy(resource.getId()).update(permission);
        assertEquals(1, getAssociatedPolicies(permission).size());
        fail("Permission must be removed because the last associated policy was removed");
    } catch (NotFoundException ignore) {
    } catch (Exception e) {
        fail("Expected not found");
    }
}
Also used : ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) NotFoundException(javax.ws.rs.NotFoundException) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException) NotFoundException(javax.ws.rs.NotFoundException) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 8 with UmaPermissionRepresentation

use of org.keycloak.representations.idm.authorization.UmaPermissionRepresentation in project keycloak by keycloak.

the class UserManagedPermissionServiceTest method testRemovePoliciesOnResourceDelete.

@Test
public void testRemovePoliciesOnResourceDelete() {
    ResourceRepresentation resource = new ResourceRepresentation();
    resource.setName("Resource A");
    resource.setOwnerManagedAccess(true);
    resource.setOwner("marta");
    resource.addScope("Scope A", "Scope B", "Scope C");
    resource = getAuthzClient().protection().resource().create(resource);
    UmaPermissionRepresentation newPermission = new UmaPermissionRepresentation();
    newPermission.setName("Custom User-Managed Permission");
    newPermission.setDescription("Users from specific roles are allowed to access");
    newPermission.addScope("Scope A", "Scope B", "Scope C");
    newPermission.addRole("role_a", "role_b", "role_c", "role_d");
    newPermission.addGroup("/group_a", "/group_a/group_b", "/group_c");
    newPermission.addClient("client-a", "resource-server-test");
    if (Profile.isFeatureEnabled(Profile.Feature.UPLOAD_SCRIPTS)) {
        newPermission.setCondition("$evaluation.grant()");
    }
    newPermission.addUser("kolo");
    ProtectionResource protection = getAuthzClient().protection("marta", "password");
    protection.policy(resource.getId()).create(newPermission);
    getTestingClient().server().run((RunOnServer) UserManagedPermissionServiceTest::testRemovePoliciesOnResourceDelete);
}
Also used : ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Example 9 with UmaPermissionRepresentation

use of org.keycloak.representations.idm.authorization.UmaPermissionRepresentation in project keycloak by keycloak.

the class UserManagedPermissionServiceTest method testCreate.

private void testCreate() {
    ResourceRepresentation resource = new ResourceRepresentation();
    resource.setName("Resource A");
    resource.setOwnerManagedAccess(true);
    resource.setOwner("marta");
    resource.addScope("Scope A", "Scope B", "Scope C");
    resource = getAuthzClient().protection().resource().create(resource);
    UmaPermissionRepresentation newPermission = new UmaPermissionRepresentation();
    newPermission.setName("Custom User-Managed Permission");
    newPermission.setDescription("Users from specific roles are allowed to access");
    newPermission.addScope("Scope A", "Scope B", "Scope C");
    newPermission.addRole("role_a", "role_b", "role_c", "role_d");
    newPermission.addGroup("/group_a", "/group_a/group_b", "/group_c");
    newPermission.addClient("client-a", "resource-server-test");
    if (Profile.isFeatureEnabled(Profile.Feature.UPLOAD_SCRIPTS)) {
        newPermission.setCondition("$evaluation.grant()");
    }
    newPermission.addUser("kolo");
    ProtectionResource protection = getAuthzClient().protection("marta", "password");
    UmaPermissionRepresentation permission = protection.policy(resource.getId()).create(newPermission);
    assertEquals(newPermission.getName(), permission.getName());
    assertEquals(newPermission.getDescription(), permission.getDescription());
    assertNotNull(permission.getScopes());
    assertTrue(permission.getScopes().containsAll(newPermission.getScopes()));
    assertNotNull(permission.getRoles());
    assertTrue(permission.getRoles().containsAll(newPermission.getRoles()));
    assertNotNull(permission.getGroups());
    assertTrue(permission.getGroups().containsAll(newPermission.getGroups()));
    assertNotNull(permission.getClients());
    assertTrue(permission.getClients().containsAll(newPermission.getClients()));
    assertEquals(newPermission.getCondition(), permission.getCondition());
    assertNotNull(permission.getUsers());
    assertTrue(permission.getUsers().containsAll(newPermission.getUsers()));
}
Also used : ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)

Example 10 with UmaPermissionRepresentation

use of org.keycloak.representations.idm.authorization.UmaPermissionRepresentation in project keycloak by keycloak.

the class UserManagedPermissionServiceTest method testRemovePoliciesOnGroupDelete.

@Test
public void testRemovePoliciesOnGroupDelete() {
    ResourceRepresentation resource = new ResourceRepresentation();
    resource.setName("Resource A");
    resource.setOwnerManagedAccess(true);
    resource.setOwner("marta");
    resource.addScope("Scope A", "Scope B", "Scope C");
    resource = getAuthzClient().protection().resource().create(resource);
    UmaPermissionRepresentation newPermission = new UmaPermissionRepresentation();
    newPermission.setName("Custom User-Managed Permission");
    newPermission.addGroup("/group_remove");
    ProtectionResource protection = getAuthzClient().protection("marta", "password");
    protection.policy(resource.getId()).create(newPermission);
    getTestingClient().server().run((RunOnServer) UserManagedPermissionServiceTest::testRemovePoliciesOnGroupDelete);
}
Also used : ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) Test(org.junit.Test)

Aggregations

UmaPermissionRepresentation (org.keycloak.representations.idm.authorization.UmaPermissionRepresentation)18 ProtectionResource (org.keycloak.authorization.client.resource.ProtectionResource)15 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)15 Test (org.junit.Test)13 NotFoundException (javax.ws.rs.NotFoundException)9 AuthorizationDeniedException (org.keycloak.authorization.client.AuthorizationDeniedException)9 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)9 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)5 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)5 AuthorizationResource (org.keycloak.authorization.client.resource.AuthorizationResource)3 IOException (java.io.IOException)2 Consumes (javax.ws.rs.Consumes)2 PUT (javax.ws.rs.PUT)2 Path (javax.ws.rs.Path)2 Produces (javax.ws.rs.Produces)2 PolicyTypeResourceService (org.keycloak.authorization.admin.PolicyTypeResourceService)2 PolicyResource (org.keycloak.authorization.client.resource.PolicyResource)2 Policy (org.keycloak.authorization.model.Policy)2 AccessToken (org.keycloak.representations.AccessToken)2 Permission (org.keycloak.representations.idm.authorization.Permission)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial