Examples with UmaPermissionRepresentation org.keycloak.representations.idm.authorization.UmaPermissionRepresentation used on opensource projects

Search in sources :

Example 16 with UmaPermissionRepresentation

use of org.keycloak.representations.idm.authorization.UmaPermissionRepresentation in project keycloak by keycloak.

the class UserManagedPermissionServiceTest method testPermissionInAdditionToUserGrantedPermission.

@Test
public void testPermissionInAdditionToUserGrantedPermission() {
    ResourceRepresentation resource = new ResourceRepresentation();
    resource.setName("Resource A");
    resource.setOwnerManagedAccess(true);
    resource.setOwner("marta");
    resource.addScope("Scope A", "Scope B", "Scope C");
    resource = getAuthzClient().protection().resource().create(resource);
    PermissionResponse ticketResponse = getAuthzClient().protection().permission().create(new PermissionRequest(resource.getId(), "Scope A"));
    AuthorizationRequest request = new AuthorizationRequest();
    request.setTicket(ticketResponse.getTicket());
    try {
        getAuthzClient().authorization("kolo", "password").authorize(request);
        fail("User should not have permission");
    } catch (Exception e) {
        assertTrue(AuthorizationDeniedException.class.isInstance(e));
        assertTrue(e.getMessage().contains("request_submitted"));
    }
    List<PermissionTicketRepresentation> tickets = getAuthzClient().protection().permission().findByResource(resource.getId());
    assertEquals(1, tickets.size());
    PermissionTicketRepresentation ticket = tickets.get(0);
    ticket.setGranted(true);
    getAuthzClient().protection().permission().update(ticket);
    AuthorizationResponse authzResponse = getAuthzClient().authorization("kolo", "password").authorize(request);
    assertNotNull(authzResponse);
    UmaPermissionRepresentation permission = new UmaPermissionRepresentation();
    permission.setName("Custom User-Managed Permission");
    permission.addScope("Scope A");
    permission.addRole("role_a");
    ProtectionResource protection = getAuthzClient().protection("marta", "password");
    permission = protection.policy(resource.getId()).create(permission);
    getAuthzClient().authorization("kolo", "password").authorize(request);
    ticket.setGranted(false);
    getAuthzClient().protection().permission().update(ticket);
    getAuthzClient().authorization("kolo", "password").authorize(request);
    permission = getAuthzClient().protection("marta", "password").policy(resource.getId()).findById(permission.getId());
    assertNotNull(permission);
    permission.removeRole("role_a");
    permission.addRole("role_b");
    getAuthzClient().protection("marta", "password").policy(resource.getId()).update(permission);
    try {
        getAuthzClient().authorization("kolo", "password").authorize(request);
        fail("User should not have permission");
    } catch (Exception e) {
        assertTrue(AuthorizationDeniedException.class.isInstance(e));
    }
    request = new AuthorizationRequest();
    request.addPermission(resource.getId());
    try {
        getAuthzClient().authorization("kolo", "password").authorize(request);
        fail("User should not have permission");
    } catch (Exception e) {
        assertTrue(AuthorizationDeniedException.class.isInstance(e));
    }
    getAuthzClient().protection("marta", "password").policy(resource.getId()).delete(permission.getId());
    try {
        getAuthzClient().authorization("kolo", "password").authorize(request);
        fail("User should not have permission");
    } catch (Exception e) {
        assertTrue(AuthorizationDeniedException.class.isInstance(e));
    }
}
Also used : PermissionRequest(org.keycloak.representations.idm.authorization.PermissionRequest) ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) PermissionTicketRepresentation(org.keycloak.representations.idm.authorization.PermissionTicketRepresentation) PermissionResponse(org.keycloak.representations.idm.authorization.PermissionResponse) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException) NotFoundException(javax.ws.rs.NotFoundException) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Example 17 with UmaPermissionRepresentation

use of org.keycloak.representations.idm.authorization.UmaPermissionRepresentation in project keycloak by keycloak.

the class UserManagedPermissionServiceTest method testUploadScriptDisabled.

@Test
@DisableFeature(value = Profile.Feature.UPLOAD_SCRIPTS, skipRestart = true)
public void testUploadScriptDisabled() {
    ResourceRepresentation resource = new ResourceRepresentation();
    resource.setName("Resource A");
    resource.setOwnerManagedAccess(true);
    resource.setOwner("marta");
    resource.addScope("Scope A", "Scope B", "Scope C");
    resource = getAuthzClient().protection().resource().create(resource);
    UmaPermissionRepresentation newPermission = new UmaPermissionRepresentation();
    newPermission.setName("Custom User-Managed Permission");
    newPermission.setDescription("Users from specific roles are allowed to access");
    newPermission.setCondition("$evaluation.grant()");
    ProtectionResource protection = getAuthzClient().protection("marta", "password");
    try {
        protection.policy(resource.getId()).create(newPermission);
        fail("Should fail because upload scripts is disabled");
    } catch (Exception ignore) {
    }
    newPermission.setCondition(null);
    UmaPermissionRepresentation representation = protection.policy(resource.getId()).create(newPermission);
    representation.setCondition("$evaluation.grant();");
    try {
        protection.policy(resource.getId()).update(newPermission);
        fail("Should fail because upload scripts is disabled");
    } catch (Exception ignore) {
    }
}
Also used : ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException) NotFoundException(javax.ws.rs.NotFoundException) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) DisableFeature(org.keycloak.testsuite.arquillian.annotation.DisableFeature) Test(org.junit.Test)

Example 18 with UmaPermissionRepresentation

use of org.keycloak.representations.idm.authorization.UmaPermissionRepresentation in project keycloak by keycloak.

the class UserManagedPermissionServiceTest method testOwnerAccess.

@Test
public void testOwnerAccess() {
    ResourceRepresentation resource = new ResourceRepresentation();
    resource.setName(UUID.randomUUID().toString());
    resource.setOwner("marta");
    resource.addScope("Scope A", "Scope B", "Scope C");
    resource.setOwnerManagedAccess(true);
    ProtectionResource protection = getAuthzClient().protection();
    resource = protection.resource().create(resource);
    UmaPermissionRepresentation rep = null;
    try {
        rep = new UmaPermissionRepresentation();
        rep.setName("test");
        rep.addRole("role_b");
        rep = getAuthzClient().protection("marta", "password").policy(resource.getId()).create(rep);
    } catch (Exception e) {
        assertTrue(HttpResponseException.class.cast(e.getCause()).toString().contains("Only resources with owner managed accessed can have policies"));
    }
    AuthorizationResource authorization = getAuthzClient().authorization("marta", "password");
    AuthorizationRequest request = new AuthorizationRequest();
    request.addPermission(resource.getId(), "Scope A");
    AuthorizationResponse authorize = authorization.authorize(request);
    assertNotNull(authorize);
    try {
        getAuthzClient().authorization("kolo", "password").authorize(request);
        fail("User should not have permission");
    } catch (Exception e) {
        assertTrue(AuthorizationDeniedException.class.isInstance(e));
    }
    rep.addRole("role_a");
    getAuthzClient().protection("marta", "password").policy(resource.getId()).update(rep);
    authorization = getAuthzClient().authorization("kolo", "password");
    assertNotNull(authorization.authorize(request));
}
Also used : ProtectionResource(org.keycloak.authorization.client.resource.ProtectionResource) AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest) UmaPermissionRepresentation(org.keycloak.representations.idm.authorization.UmaPermissionRepresentation) HttpResponseException(org.keycloak.authorization.client.util.HttpResponseException) AuthorizationDeniedException(org.keycloak.authorization.client.AuthorizationDeniedException) NotFoundException(javax.ws.rs.NotFoundException) AuthorizationResource(org.keycloak.authorization.client.resource.AuthorizationResource) ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) Test(org.junit.Test)

Aggregations

UmaPermissionRepresentation (org.keycloak.representations.idm.authorization.UmaPermissionRepresentation)18 ProtectionResource (org.keycloak.authorization.client.resource.ProtectionResource)15 ResourceRepresentation (org.keycloak.representations.idm.authorization.ResourceRepresentation)15 Test (org.junit.Test)13 NotFoundException (javax.ws.rs.NotFoundException)9 AuthorizationDeniedException (org.keycloak.authorization.client.AuthorizationDeniedException)9 HttpResponseException (org.keycloak.authorization.client.util.HttpResponseException)9 AuthorizationRequest (org.keycloak.representations.idm.authorization.AuthorizationRequest)5 AuthorizationResponse (org.keycloak.representations.idm.authorization.AuthorizationResponse)5 AuthorizationResource (org.keycloak.authorization.client.resource.AuthorizationResource)3 IOException (java.io.IOException)2 Consumes (javax.ws.rs.Consumes)2 PUT (javax.ws.rs.PUT)2 Path (javax.ws.rs.Path)2 Produces (javax.ws.rs.Produces)2 PolicyTypeResourceService (org.keycloak.authorization.admin.PolicyTypeResourceService)2 PolicyResource (org.keycloak.authorization.client.resource.PolicyResource)2 Policy (org.keycloak.authorization.model.Policy)2 AccessToken (org.keycloak.representations.AccessToken)2 Permission (org.keycloak.representations.idm.authorization.Permission)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial