Java Code Examples for org.keycloak.representations.idm.authorization.Permission#getResourceName()

The following examples show how to use org.keycloak.representations.idm.authorization.Permission#getResourceName() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ConflictingScopePermissionTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
/**
 * <p>Scope Read on Resource A has two conflicting permissions. One is granting access for Marta and the other for Kolo.
 *
 * <p>Scope Read should not be granted for Marta.
 */
@Test
public void testMartaCanAccessResourceAWithExecuteAndWrite() throws Exception {
    ClientResource client = getClient(getRealm());
    AuthorizationResource authorization = client.authorization();
    ResourceServerRepresentation settings = authorization.getSettings();

    settings.setPolicyEnforcementMode(PolicyEnforcementMode.ENFORCING);
    settings.setDecisionStrategy(DecisionStrategy.UNANIMOUS);

    authorization.update(settings);

    Collection<Permission> permissions = getEntitlements("marta", "password");

    assertEquals(1, permissions.size());

    for (Permission permission : new ArrayList<>(permissions)) {
        String resourceSetName = permission.getResourceName();

        switch (resourceSetName) {
            case "Resource A":
                assertThat(permission.getScopes(), containsInAnyOrder("execute", "write"));
                permissions.remove(permission);
                break;
            case "Resource C":
                assertThat(permission.getScopes(), containsInAnyOrder("execute", "write", "read"));
                permissions.remove(permission);
                break;
            default:
                fail("Unexpected permission for resource [" + resourceSetName + "]");
        }
    }

    assertTrue(permissions.isEmpty());
}
 
Example 2
Source File: ConflictingScopePermissionTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
/**
 * <p>Scope Read on Resource A has two conflicting permissions. One is granting access for Marta and the other for Kolo.
 *
 * <p>Scope Read should not be granted for Marta.
 */
@Test
public void testMartaCanAccessResourceA() throws Exception {
    ClientResource client = getClient(getRealm());
    AuthorizationResource authorization = client.authorization();
    ResourceServerRepresentation settings = authorization.getSettings();

    settings.setPolicyEnforcementMode(PolicyEnforcementMode.ENFORCING);
    settings.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);

    authorization.update(settings);

    Collection<Permission> permissions = getEntitlements("marta", "password");

    assertEquals(1, permissions.size());

    for (Permission permission : new ArrayList<>(permissions)) {
        String resourceSetName = permission.getResourceName();

        switch (resourceSetName) {
            case "Resource A":
                assertThat(permission.getScopes(), containsInAnyOrder("execute", "write", "read"));
                permissions.remove(permission);
                break;
            case "Resource C":
                assertThat(permission.getScopes(), containsInAnyOrder("execute", "write", "read"));
                permissions.remove(permission);
                break;
            default:
                fail("Unexpected permission for resource [" + resourceSetName + "]");
        }
    }

    assertTrue(permissions.isEmpty());
}
 
Example 3
Source File: ConflictingScopePermissionTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Test
public void testWithPermissiveMode() throws Exception {
    ClientResource client = getClient(getRealm());
    AuthorizationResource authorization = client.authorization();
    ResourceServerRepresentation settings = authorization.getSettings();

    settings.setPolicyEnforcementMode(PolicyEnforcementMode.PERMISSIVE);
    settings.setDecisionStrategy(DecisionStrategy.UNANIMOUS);

    authorization.update(settings);

    Collection<Permission> permissions = getEntitlements("marta", "password");

    assertEquals(3, permissions.size());

    for (Permission permission : new ArrayList<>(permissions)) {
        String resourceSetName = permission.getResourceName();

        switch (resourceSetName) {
            case "Resource A":
                assertThat(permission.getScopes(), containsInAnyOrder("execute", "write"));
                permissions.remove(permission);
                break;
            case "Resource C":
                assertThat(permission.getScopes(), containsInAnyOrder("execute", "write", "read"));
                permissions.remove(permission);
                break;
            case "Resource B":
                assertThat(permission.getScopes(), containsInAnyOrder("execute", "write", "read"));
                permissions.remove(permission);
                break;
            default:
                fail("Unexpected permission for resource [" + resourceSetName + "]");
        }
    }

    assertTrue(permissions.isEmpty());
}
 
Example 4
Source File: ConflictingScopePermissionTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Test
public void testWithDisabledMode() throws Exception {
    ClientResource client = getClient(getRealm());
    AuthorizationResource authorization = client.authorization();
    ResourceServerRepresentation settings = authorization.getSettings();

    settings.setPolicyEnforcementMode(PolicyEnforcementMode.DISABLED);
    settings.setDecisionStrategy(DecisionStrategy.UNANIMOUS);

    authorization.update(settings);

    Collection<Permission> permissions = getEntitlements("marta", "password");

    assertEquals(3, permissions.size());

    for (Permission permission : new ArrayList<>(permissions)) {
        String resourceSetName = permission.getResourceName();

        switch (resourceSetName) {
            case "Resource A":
                assertThat(permission.getScopes(), containsInAnyOrder("execute", "write", "read"));
                permissions.remove(permission);
                break;
            case "Resource C":
                assertThat(permission.getScopes(), containsInAnyOrder("execute", "write", "read"));
                permissions.remove(permission);
                break;
            case "Resource B":
                assertThat(permission.getScopes(), containsInAnyOrder("execute", "write", "read"));
                permissions.remove(permission);
                break;
            default:
                fail("Unexpected permission for resource [" + resourceSetName + "]");
        }
    }

    assertTrue(permissions.isEmpty());
}