diff --git a/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/servlet-policy-enforcer-authz-realm.json b/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/servlet-policy-enforcer-authz-realm.json index 073dd80698..bad1b2595f 100644 --- a/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/servlet-policy-enforcer-authz-realm.json +++ b/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/servlet-policy-enforcer-authz-realm.json @@ -107,6 +107,14 @@ { "name": "Pattern 12", "uri": "/realm_uri" + }, + { + "name": "Pattern 13", + "uri": "/keycloak-6623/*" + }, + { + "name": "Pattern 14", + "uri": "/keycloak-6623/sub-resource/*" } ], "policies": [ @@ -258,6 +266,26 @@ "resources": "[\"Pattern 12\"]", "applyPolicies": "[\"Default Policy\"]" } + }, + { + "name": "Pattern 13 Permission", + "type": "resource", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "config": { + "resources": "[\"Pattern 13\"]", + "applyPolicies": "[\"Default Policy\"]" + } + }, + { + "name": "Pattern 14 Permission", + "type": "resource", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "config": { + "resources": "[\"Pattern 14\"]", + "applyPolicies": "[\"Default Policy\"]" + } } ], "scopes": [] diff --git a/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/src/main/webapp/WEB-INF/keycloak.json b/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/src/main/webapp/WEB-INF/keycloak.json index 1dfcd7beb6..0dd6a14f3a 100644 --- a/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/src/main/webapp/WEB-INF/keycloak.json +++ b/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/src/main/webapp/WEB-INF/keycloak.json @@ -60,6 +60,14 @@ { "name": "Pattern 12", "path": "/keycloak_json_uri" + }, + { + "name": "Pattern 14", + "path": "/keycloak-6623/sub-resource/*" + }, + { + "name": "Pattern 13", + "path": "/keycloak-6623/*" } ] } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletPolicyEnforcerTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletPolicyEnforcerTest.java index 2661185fa3..5c6b0ebcc4 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletPolicyEnforcerTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletPolicyEnforcerTest.java @@ -379,6 +379,32 @@ public abstract class AbstractServletPolicyEnforcerTest extends AbstractExampleA }); } + @Test + public void testPathOrderWithAllPaths() { + performTests(() -> { + login("alice", "alice"); + navigateTo("/keycloak-6623"); + assertFalse(wasDenied()); + navigateTo("/keycloak-6623/sub-resource"); + assertFalse(wasDenied()); + + updatePermissionPolicies("Pattern 13 Permission", "Deny Policy"); + + login("alice", "alice"); + navigateTo("/keycloak-6623"); + assertTrue(wasDenied()); + navigateTo("/keycloak-6623/sub-resource"); + assertFalse(wasDenied()); + + updatePermissionPolicies("Pattern 14 Permission", "Deny Policy"); + + login("alice", "alice"); + navigateTo("/keycloak-6623"); + assertTrue(wasDenied()); + navigateTo("/keycloak-6623/sub-resource/resource"); + assertTrue(wasDenied()); + }); + } private void navigateTo(String path) { this.driver.navigate().to(getResourceServerUrl() + path);