package org.keycloak.testsuite.authz;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.admin.client.resource.AuthorizationResource;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.authorization.client.AuthorizationDeniedException;
import org.keycloak.authorization.client.resource.PermissionResource;
import org.keycloak.events.EventType;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.idm.authorization.AuthorizationRequest;
import org.keycloak.representations.idm.authorization.AuthorizationResponse;
import org.keycloak.representations.idm.authorization.JSPolicyRepresentation;
import org.keycloak.representations.idm.authorization.Permission;
import org.keycloak.representations.idm.authorization.PermissionTicketRepresentation;
import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
import org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;

@AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
/* loaded from: input_file:org/keycloak/testsuite/authz/UserManagedAccessTest.class */
public class UserManagedAccessTest extends AbstractResourceServerTest {
    private ResourceRepresentation resource;

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Before
    public void configureAuthorization() throws Exception {
        AuthorizationResource authorization = getClient(getRealm()).authorization();
        JSPolicyRepresentation jSPolicyRepresentation = new JSPolicyRepresentation();
        jSPolicyRepresentation.setName("Only Owner Policy");
        jSPolicyRepresentation.setCode("if ($evaluation.getContext().getIdentity().getId() == $evaluation.getPermission().getResource().getOwner()) {$evaluation.grant();}");
        authorization.policies().js().create(jSPolicyRepresentation).close();
    }

    @Test
    public void testOnlyOwnerCanAccess() throws Exception {
        ResourcePermissionRepresentation resourcePermissionRepresentation = new ResourcePermissionRepresentation();
        this.resource = addResource("Resource A", "marta", true, "ScopeA", "ScopeB");
        resourcePermissionRepresentation.setName(this.resource.getName() + " Permission");
        resourcePermissionRepresentation.addResource(this.resource.getId());
        resourcePermissionRepresentation.addPolicy(new String[]{"Only Owner Policy"});
        getClient(getRealm()).authorization().permissions().resource().create(resourcePermissionRepresentation).close();
        AuthorizationResponse authorize = authorize("marta", "password", this.resource.getName(), new String[]{"ScopeA", "ScopeB"});
        String token = authorize.getToken();
        Assert.assertNotNull(token);
        Assert.assertFalse(authorize.isUpgraded());
        AccessToken.Authorization authorization = toAccessToken(token).getAuthorization();
        Assert.assertNotNull(authorization);
        Collection<Permission> permissions = authorization.getPermissions();
        Assert.assertNotNull(permissions);
        assertPermissions(permissions, this.resource.getName(), "ScopeA", "ScopeB");
        Assert.assertTrue(permissions.isEmpty());
        try {
            authorize("kolo", "password", this.resource.getId(), new String[]{"ScopeA", "ScopeB"});
            Assert.fail("User should have access to resource from another user");
        } catch (AuthorizationDeniedException e) {
        }
    }

    @Test
    public void testOnlyOwnerCanAccessPermissionsToScope() throws Exception {
        this.resource = addResource("Resource A", "marta", true, "ScopeA", "ScopeB");
        ScopePermissionRepresentation scopePermissionRepresentation = new ScopePermissionRepresentation();
        scopePermissionRepresentation.setName(this.resource.getName() + " Scope A Permission");
        scopePermissionRepresentation.addScope(new String[]{"ScopeA"});
        scopePermissionRepresentation.addPolicy(new String[]{"Only Owner Policy"});
        getClient(getRealm()).authorization().permissions().scope().create(scopePermissionRepresentation).close();
        ScopePermissionRepresentation scopePermissionRepresentation2 = new ScopePermissionRepresentation();
        scopePermissionRepresentation2.setName(this.resource.getName() + " Scope B Permission");
        scopePermissionRepresentation2.addScope(new String[]{"ScopeB"});
        scopePermissionRepresentation2.addPolicy(new String[]{"Only Owner Policy"});
        getClient(getRealm()).authorization().permissions().scope().create(scopePermissionRepresentation2).close();
        AuthorizationResponse authorize = authorize("marta", "password", this.resource.getName(), new String[]{"ScopeA", "ScopeB"});
        String token = authorize.getToken();
        Assert.assertNotNull(token);
        Assert.assertFalse(authorize.isUpgraded());
        AccessToken.Authorization authorization = toAccessToken(token).getAuthorization();
        Assert.assertNotNull(authorization);
        Collection<Permission> permissions = authorization.getPermissions();
        Assert.assertNotNull(permissions);
        assertPermissions(permissions, this.resource.getName(), "ScopeA", "ScopeB");
        Assert.assertTrue(permissions.isEmpty());
        try {
            authorize = authorize("kolo", "password", this.resource.getId(), new String[]{"ScopeA", "ScopeB"});
            Assert.fail("User should not have access to resource from another user");
        } catch (AuthorizationDeniedException e) {
        }
        for (PermissionTicketRepresentation permissionTicketRepresentation : getAuthzClient().protection().permission().find(this.resource.getId(), (String) null, (String) null, (String) null, (Boolean) null, (Boolean) null, (Integer) null, (Integer) null)) {
            permissionTicketRepresentation.setGranted(true);
            getAuthzClient().protection().permission().update(permissionTicketRepresentation);
        }
        try {
            authorize = authorize("kolo", "password", this.resource.getId(), new String[]{"ScopeA", "ScopeB"});
        } catch (AuthorizationDeniedException e2) {
            Assert.fail("User should have access to resource from another user");
        }
        Collection<Permission> permissions2 = toAccessToken(authorize.getToken()).getAuthorization().getPermissions();
        assertPermissions(permissions2, this.resource.getName(), "ScopeA", "ScopeB");
        Assert.assertTrue(permissions2.isEmpty());
        try {
            authorize = authorize("marta", "password", this.resource.getId(), new String[]{"ScopeB"});
        } catch (AuthorizationDeniedException e3) {
            Assert.fail("User should have access to his own resources");
        }
        Collection<Permission> permissions3 = toAccessToken(authorize.getToken()).getAuthorization().getPermissions();
        assertPermissions(permissions3, this.resource.getName(), "ScopeB");
        Assert.assertTrue(permissions3.isEmpty());
    }

    @Test
    public void testOnlyOwnerCanAccessResourceWithType() throws Exception {
        ResourceRepresentation addResource = addResource("Typed Resource", getClient(getRealm()).toRepresentation().getId(), false, "ScopeA", "ScopeB");
        addResource.setType("my:resource");
        getClient(getRealm()).authorization().resources().resource(addResource.getId()).update(addResource);
        this.resource = addResource("Resource A", "marta", true, "ScopeA", "ScopeB");
        this.resource.setType(addResource.getType());
        getClient(getRealm()).authorization().resources().resource(this.resource.getId()).update(this.resource);
        ResourceRepresentation addResource2 = addResource("Resource B", "marta", true, "ScopeA", "ScopeB");
        addResource2.setType(addResource.getType());
        getClient(getRealm()).authorization().resources().resource(addResource2.getId()).update(addResource2);
        ResourcePermissionRepresentation resourcePermissionRepresentation = new ResourcePermissionRepresentation();
        resourcePermissionRepresentation.setName(this.resource.getType() + " Permission");
        resourcePermissionRepresentation.setResourceType(this.resource.getType());
        resourcePermissionRepresentation.addPolicy(new String[]{"Only Owner Policy"});
        getClient(getRealm()).authorization().permissions().resource().create(resourcePermissionRepresentation).close();
        AuthorizationResponse authorize = authorize("marta", "password", this.resource.getName(), new String[]{"ScopeA", "ScopeB"});
        String token = authorize.getToken();
        Assert.assertNotNull(token);
        Assert.assertFalse(authorize.isUpgraded());
        AccessToken.Authorization authorization = toAccessToken(token).getAuthorization();
        Assert.assertNotNull(authorization);
        Collection<Permission> permissions = authorization.getPermissions();
        Assert.assertNotNull(permissions);
        assertPermissions(permissions, this.resource.getName(), "ScopeA", "ScopeB");
        Assert.assertTrue(permissions.isEmpty());
        try {
            authorize("kolo", "password", this.resource.getId(), new String[]{"ScopeA", "ScopeB"});
            Assert.fail("User should not have access to resource from another user");
        } catch (AuthorizationDeniedException e) {
        }
        List<PermissionTicketRepresentation> find = getAuthzClient().protection().permission().find(this.resource.getId(), (String) null, (String) null, (String) null, (Boolean) null, (Boolean) null, (Integer) null, (Integer) null);
        for (PermissionTicketRepresentation permissionTicketRepresentation : find) {
            permissionTicketRepresentation.setGranted(true);
            getAuthzClient().protection().permission().update(permissionTicketRepresentation);
        }
        try {
            authorize("kolo", "password", this.resource.getId(), new String[]{"ScopeA", "ScopeB"});
        } catch (AuthorizationDeniedException e2) {
            Assert.fail("User should have access to resource from another user");
        }
        Collection<Permission> permissions2 = authorization.getPermissions();
        Assert.assertNotNull(permissions2);
        assertPermissions(permissions2, this.resource.getName(), "ScopeA", "ScopeB");
        Assert.assertTrue(permissions2.isEmpty());
        Iterator it = find.iterator();
        while (it.hasNext()) {
            getAuthzClient().protection().permission().delete(((PermissionTicketRepresentation) it.next()).getId());
        }
        Assert.assertEquals(0L, getAuthzClient().protection().permission().find(this.resource.getId(), (String) null, (String) null, (String) null, (Boolean) null, (Boolean) null, (Integer) null, (Integer) null).size());
        try {
            authorize("kolo", "password", this.resource.getId(), new String[]{"ScopeA", "ScopeB"});
            Assert.fail("User should not have access to resource from another user");
        } catch (AuthorizationDeniedException e3) {
        }
    }

    @Test
    public void testUserGrantsAccessToResource() throws Exception {
        ResourcePermissionRepresentation resourcePermissionRepresentation = new ResourcePermissionRepresentation();
        this.resource = addResource("Resource A", "marta", true, "ScopeA", "ScopeB");
        resourcePermissionRepresentation.setName(this.resource.getName() + " Permission");
        resourcePermissionRepresentation.addResource(this.resource.getId());
        resourcePermissionRepresentation.addPolicy(new String[]{"Only Owner Policy"});
        ClientResource client = getClient(getRealm());
        client.authorization().permissions().resource().create(resourcePermissionRepresentation).close();
        AuthorizationResponse authorize = authorize("marta", "password", "Resource A", new String[]{"ScopeA", "ScopeB"});
        String token = authorize.getToken();
        Assert.assertNotNull(token);
        Assert.assertFalse(authorize.isUpgraded());
        AccessToken.Authorization authorization = toAccessToken(token).getAuthorization();
        Assert.assertNotNull(authorization);
        Collection<Permission> permissions = authorization.getPermissions();
        Assert.assertNotNull(permissions);
        assertPermissions(permissions, "Resource A", "ScopeA", "ScopeB");
        Assert.assertTrue(permissions.isEmpty());
        getTestContext().getTestingClient().testing().clearEventQueue();
        try {
            authorize("kolo", "password", this.resource.getId(), new String[0]);
            Assert.fail("User should not have access to resource from another user");
        } catch (AuthorizationDeniedException e) {
        }
        String id = getRealm().toRepresentation().getId();
        String clientId = client.toRepresentation().getClientId();
        this.events.expectLogin().realm(id).client(clientId).user(AssertEvents.isUUID()).clearDetails().assertEvent();
        this.events.expectLogin().realm(id).client(clientId).user(AssertEvents.isUUID()).clearDetails().assertEvent();
        this.events.expect(EventType.PERMISSION_TOKEN_ERROR).realm(id).client(clientId).user(AssertEvents.isUUID()).session((String) null).error("access_denied").detail("reason", "request_submitted").assertEvent();
        PermissionResource permission = getAuthzClient().protection().permission();
        List<PermissionTicketRepresentation> findByResource = permission.findByResource(this.resource.getId());
        Assert.assertFalse(findByResource.isEmpty());
        Assert.assertEquals(2L, findByResource.size());
        for (PermissionTicketRepresentation permissionTicketRepresentation : findByResource) {
            Assert.assertFalse(permissionTicketRepresentation.isGranted());
            permissionTicketRepresentation.setGranted(true);
            permission.update(permissionTicketRepresentation);
        }
        List findByResource2 = permission.findByResource(this.resource.getId());
        Assert.assertFalse(findByResource2.isEmpty());
        Assert.assertEquals(2L, findByResource2.size());
        Iterator it = findByResource2.iterator();
        while (it.hasNext()) {
            Assert.assertTrue(((PermissionTicketRepresentation) it.next()).isGranted());
        }
        getTestContext().getTestingClient().testing().clearEventQueue();
        AuthorizationResponse authorize2 = authorize("kolo", "password", this.resource.getId(), new String[]{"ScopeA", "ScopeB"});
        String token2 = authorize2.getToken();
        Assert.assertNotNull(token2);
        Assert.assertFalse(authorize2.isUpgraded());
        AccessToken.Authorization authorization2 = toAccessToken(token2).getAuthorization();
        Assert.assertNotNull(authorization2);
        Collection<Permission> permissions2 = authorization2.getPermissions();
        Assert.assertNotNull(permissions2);
        assertPermissions(permissions2, this.resource.getName(), "ScopeA", "ScopeB");
        Assert.assertTrue(permissions2.isEmpty());
        this.events.expectLogin().realm(id).client(clientId).user(AssertEvents.isUUID()).clearDetails().assertEvent();
        this.events.expectLogin().realm(id).client(clientId).user(AssertEvents.isUUID()).clearDetails().assertEvent();
        this.events.expect(EventType.PERMISSION_TOKEN).realm(id).client(clientId).user(AssertEvents.isUUID()).session((String) null).clearDetails().assertEvent();
    }

    @Test
    public void testUserGrantedAccessConsideredWhenRequestingAuthorizationByResourceName() throws Exception {
        ResourcePermissionRepresentation resourcePermissionRepresentation = new ResourcePermissionRepresentation();
        this.resource = addResource("Resource A", "marta", true, "ScopeA", "ScopeB");
        resourcePermissionRepresentation.setName(this.resource.getName() + " Permission");
        resourcePermissionRepresentation.addResource(this.resource.getId());
        resourcePermissionRepresentation.addPolicy(new String[]{"Only Owner Policy"});
        getClient(getRealm()).authorization().permissions().resource().create(resourcePermissionRepresentation).close();
        try {
            authorize("kolo", "password", this.resource.getId(), new String[0]);
            Assert.fail("User should not have access to resource from another user");
        } catch (AuthorizationDeniedException e) {
        }
        PermissionResource permission = getAuthzClient().protection().permission();
        List<PermissionTicketRepresentation> findByResource = permission.findByResource(this.resource.getId());
        Assert.assertFalse(findByResource.isEmpty());
        Assert.assertEquals(2L, findByResource.size());
        for (PermissionTicketRepresentation permissionTicketRepresentation : findByResource) {
            Assert.assertFalse(permissionTicketRepresentation.isGranted());
            permissionTicketRepresentation.setGranted(true);
            permission.update(permissionTicketRepresentation);
        }
        List findByResource2 = permission.findByResource(this.resource.getId());
        Assert.assertFalse(findByResource2.isEmpty());
        Assert.assertEquals(2L, findByResource2.size());
        Iterator it = findByResource2.iterator();
        while (it.hasNext()) {
            Assert.assertTrue(((PermissionTicketRepresentation) it.next()).isGranted());
        }
        AuthorizationRequest authorizationRequest = new AuthorizationRequest();
        authorizationRequest.addPermission("Resource A", new String[]{"ScopeA", "ScopeB"});
        List<Permission> authorize = authorize("kolo", "password", authorizationRequest);
        Assert.assertEquals(1L, authorize.size());
        Permission permission2 = authorize.get(0);
        Assert.assertEquals("Resource A", permission2.getResourceName());
        Assert.assertTrue(permission2.getScopes().containsAll(Arrays.asList("ScopeA", "ScopeB")));
        ResourceRepresentation findById = getAuthzClient().protection().resource().findById(this.resource.getId());
        findById.setName("Resource A Changed");
        getAuthzClient().protection().resource().update(findById);
        AuthorizationRequest authorizationRequest2 = new AuthorizationRequest();
        authorizationRequest2.addPermission("Resource A", new String[]{"ScopeA", "ScopeB"});
        try {
            authorize("kolo", "password", authorizationRequest2);
            Assert.fail("User should not have access to resource from another user");
        } catch (RuntimeException e2) {
            Assert.assertTrue(e2.getCause().toString().contains("invalid_resource"));
        }
        AuthorizationRequest authorizationRequest3 = new AuthorizationRequest();
        authorizationRequest3.addPermission(findById.getName(), new String[]{"ScopeA", "ScopeB"});
        List<Permission> authorize2 = authorize("kolo", "password", authorizationRequest3);
        Assert.assertEquals(1L, authorize2.size());
        Permission permission3 = authorize2.get(0);
        Assert.assertEquals(findById.getName(), permission3.getResourceName());
        Assert.assertTrue(permission3.getScopes().containsAll(Arrays.asList("ScopeA", "ScopeB")));
    }

    @Test
    public void testUserGrantsAccessToResourceWithoutScopes() throws Exception {
        ResourcePermissionRepresentation resourcePermissionRepresentation = new ResourcePermissionRepresentation();
        this.resource = addResource("Resource A", "marta", true, new String[0]);
        resourcePermissionRepresentation.setName(this.resource.getName() + " Permission");
        resourcePermissionRepresentation.addResource(this.resource.getId());
        resourcePermissionRepresentation.addPolicy(new String[]{"Only Owner Policy"});
        getClient(getRealm()).authorization().permissions().resource().create(resourcePermissionRepresentation).close();
        AuthorizationResponse authorize = authorize("marta", "password", "Resource A", new String[0]);
        String token = authorize.getToken();
        Assert.assertNotNull(token);
        Assert.assertFalse(authorize.isUpgraded());
        AccessToken.Authorization authorization = toAccessToken(token).getAuthorization();
        Assert.assertNotNull(authorization);
        Collection<Permission> permissions = authorization.getPermissions();
        Assert.assertNotNull(permissions);
        assertPermissions(permissions, "Resource A", new String[0]);
        Assert.assertTrue(permissions.isEmpty());
        try {
            authorize("kolo", "password", this.resource.getId(), new String[0]);
            Assert.fail("User should have access to resource from another user");
        } catch (AuthorizationDeniedException e) {
        }
        PermissionResource permission = getAuthzClient().protection().permission();
        List<PermissionTicketRepresentation> findByResource = permission.findByResource(this.resource.getId());
        Assert.assertFalse(findByResource.isEmpty());
        Assert.assertEquals(1L, findByResource.size());
        for (PermissionTicketRepresentation permissionTicketRepresentation : findByResource) {
            Assert.assertFalse(permissionTicketRepresentation.isGranted());
            permissionTicketRepresentation.setGranted(true);
            permission.update(permissionTicketRepresentation);
        }
        List findByResource2 = permission.findByResource(this.resource.getId());
        Assert.assertFalse(findByResource2.isEmpty());
        Assert.assertEquals(1L, findByResource2.size());
        Iterator it = findByResource2.iterator();
        while (it.hasNext()) {
            Assert.assertTrue(((PermissionTicketRepresentation) it.next()).isGranted());
        }
        AuthorizationResponse authorize2 = authorize("kolo", "password", this.resource.getId(), new String[0]);
        String token2 = authorize2.getToken();
        Assert.assertNotNull(token2);
        Assert.assertFalse(authorize2.isUpgraded());
        AccessToken.Authorization authorization2 = toAccessToken(token2).getAuthorization();
        Assert.assertNotNull(authorization2);
        Collection<Permission> permissions2 = authorization2.getPermissions();
        Assert.assertNotNull(permissions2);
        assertPermissions(permissions2, this.resource.getName(), new String[0]);
        Assert.assertTrue(permissions2.isEmpty());
        AuthorizationResponse authorize3 = authorize("kolo", "password", this.resource.getId(), new String[0]);
        String token3 = authorize3.getToken();
        Assert.assertNotNull(token3);
        Assert.assertFalse(authorize3.isUpgraded());
        AccessToken.Authorization authorization3 = toAccessToken(token3).getAuthorization();
        Assert.assertNotNull(authorization3);
        Collection<Permission> permissions3 = authorization3.getPermissions();
        Assert.assertNotNull(permissions3);
        assertPermissions(permissions3, this.resource.getName(), new String[0]);
        Assert.assertTrue(permissions3.isEmpty());
        List findByResource3 = permission.findByResource(this.resource.getId());
        Assert.assertFalse(findByResource3.isEmpty());
        Assert.assertEquals(1L, findByResource3.size());
        Iterator it2 = findByResource3.iterator();
        while (it2.hasNext()) {
            Assert.assertTrue(((PermissionTicketRepresentation) it2.next()).isGranted());
        }
        Iterator it3 = findByResource3.iterator();
        while (it3.hasNext()) {
            permission.delete(((PermissionTicketRepresentation) it3.next()).getId());
        }
        Assert.assertEquals(0L, permission.findByResource(this.resource.getId()).size());
    }

    @Test
    public void testScopePermissionsToScopeOnly() throws Exception {
        ResourcePermissionRepresentation resourcePermissionRepresentation = new ResourcePermissionRepresentation();
        this.resource = addResource("Resource A", "marta", true, "ScopeA", "ScopeB");
        resourcePermissionRepresentation.setName(this.resource.getName() + " Permission");
        resourcePermissionRepresentation.addResource(this.resource.getId());
        resourcePermissionRepresentation.addPolicy(new String[]{"Only Owner Policy"});
        getClient(getRealm()).authorization().permissions().resource().create(resourcePermissionRepresentation).close();
        AuthorizationResponse authorize = authorize("marta", "password", "Resource A", new String[]{"ScopeA", "ScopeB"});
        String token = authorize.getToken();
        Assert.assertNotNull(token);
        Assert.assertFalse(authorize.isUpgraded());
        AccessToken.Authorization authorization = toAccessToken(token).getAuthorization();
        Assert.assertNotNull(authorization);
        Collection<Permission> permissions = authorization.getPermissions();
        Assert.assertNotNull(permissions);
        assertPermissions(permissions, "Resource A", "ScopeA", "ScopeB");
        Assert.assertTrue(permissions.isEmpty());
        try {
            authorize("kolo", "password", this.resource.getId(), new String[]{"ScopeA"});
            Assert.fail("User should not have access to resource from another user");
        } catch (AuthorizationDeniedException e) {
        }
        PermissionResource permission = getAuthzClient().protection().permission();
        List findByResource = permission.findByResource(this.resource.getId());
        Assert.assertFalse(findByResource.isEmpty());
        Assert.assertEquals(1L, findByResource.size());
        PermissionTicketRepresentation permissionTicketRepresentation = (PermissionTicketRepresentation) findByResource.get(0);
        Assert.assertFalse(permissionTicketRepresentation.isGranted());
        permissionTicketRepresentation.setGranted(true);
        permission.update(permissionTicketRepresentation);
        AuthorizationResponse authorize2 = authorize("kolo", "password", this.resource.getId(), new String[]{"ScopeA", "ScopeB"});
        String token2 = authorize2.getToken();
        Assert.assertNotNull(token2);
        Assert.assertFalse(authorize2.isUpgraded());
        AccessToken.Authorization authorization2 = toAccessToken(token2).getAuthorization();
        Assert.assertNotNull(authorization2);
        Collection<Permission> permissions2 = authorization2.getPermissions();
        Assert.assertNotNull(permissions2);
        assertPermissions(permissions2, this.resource.getName(), "ScopeA");
        Assert.assertTrue(permissions2.isEmpty());
        List findByResource2 = permission.findByResource(this.resource.getId());
        Assert.assertFalse(findByResource2.isEmpty());
        Assert.assertEquals(2L, findByResource2.size());
        Iterator it = new ArrayList(findByResource2).iterator();
        while (it.hasNext()) {
            PermissionTicketRepresentation permissionTicketRepresentation2 = (PermissionTicketRepresentation) it.next();
            if (permissionTicketRepresentation2.isGranted()) {
                permission.delete(permissionTicketRepresentation2.getId());
            }
        }
        Assert.assertEquals(1L, permission.findByResource(this.resource.getId()).size());
    }

    @Test
    public void testPermissiveModePermissions() throws Exception {
        this.resource = addResource("Resource A", new String[0]);
        try {
            authorize("kolo", "password", this.resource.getId(), (String[]) null);
            Assert.fail("Access should be denied, server in enforcing mode");
        } catch (AuthorizationDeniedException e) {
        }
        AuthorizationResource authorization = getClient(getRealm()).authorization();
        ResourceServerRepresentation settings = authorization.getSettings();
        settings.setPolicyEnforcementMode(PolicyEnforcementMode.PERMISSIVE);
        authorization.update(settings);
        AuthorizationResponse authorize = authorize("marta", "password", "Resource A", (String[]) null);
        String token = authorize.getToken();
        Assert.assertNotNull(token);
        Assert.assertFalse(authorize.isUpgraded());
        AccessToken.Authorization authorization2 = toAccessToken(token).getAuthorization();
        Assert.assertNotNull(authorization2);
        Collection<Permission> permissions = authorization2.getPermissions();
        Assert.assertNotNull(permissions);
        assertPermissions(permissions, "Resource A", new String[0]);
        Assert.assertTrue(permissions.isEmpty());
    }

    private List<Permission> authorize(String str, String str2, AuthorizationRequest authorizationRequest) {
        return new ArrayList(toAccessToken(getAuthzClient().authorization(str, str2).authorize(authorizationRequest).getToken()).getAuthorization().getPermissions());
    }
}
