KEYCLOAK-569 Check application roles for scope
This commit is contained in:
parent
d2b42e3843
commit
213b685b43
4 changed files with 58 additions and 2 deletions
|
@ -184,6 +184,20 @@ public class ApplicationAdapter extends ClientAdapter implements ApplicationMode
|
||||||
return roles;
|
return roles;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean hasScope(RoleModel role) {
|
||||||
|
if (super.hasScope(role)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
Set<RoleModel> roles = getRoles();
|
||||||
|
if (roles.contains(role)) return true;
|
||||||
|
|
||||||
|
for (RoleModel mapping : roles) {
|
||||||
|
if (mapping.hasRole(role)) return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean equals(Object o) {
|
public boolean equals(Object o) {
|
||||||
if (this == o) return true;
|
if (this == o) return true;
|
||||||
|
|
|
@ -166,6 +166,20 @@ public class ApplicationAdapter extends ClientAdapter implements ApplicationMode
|
||||||
return list;
|
return list;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean hasScope(RoleModel role) {
|
||||||
|
if (super.hasScope(role)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
Set<RoleModel> roles = getRoles();
|
||||||
|
if (roles.contains(role)) return true;
|
||||||
|
|
||||||
|
for (RoleModel mapping : roles) {
|
||||||
|
if (mapping.hasRole(role)) return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Set<RoleModel> getApplicationScopeMappings(ClientModel client) {
|
public Set<RoleModel> getApplicationScopeMappings(ClientModel client) {
|
||||||
Set<RoleModel> roleMappings = client.getScopeMappings();
|
Set<RoleModel> roleMappings = client.getScopeMappings();
|
||||||
|
|
|
@ -160,6 +160,20 @@ public class ApplicationAdapter extends ClientAdapter<MongoApplicationEntity> im
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean hasScope(RoleModel role) {
|
||||||
|
if (super.hasScope(role)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
Set<RoleModel> roles = getRoles();
|
||||||
|
if (roles.contains(role)) return true;
|
||||||
|
|
||||||
|
for (RoleModel mapping : roles) {
|
||||||
|
if (mapping.hasRole(role)) return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Set<RoleModel> getApplicationScopeMappings(ClientModel client) {
|
public Set<RoleModel> getApplicationScopeMappings(ClientModel client) {
|
||||||
Set<RoleModel> result = new HashSet<RoleModel>();
|
Set<RoleModel> result = new HashSet<RoleModel>();
|
||||||
|
@ -204,6 +218,7 @@ public class ApplicationAdapter extends ClientAdapter<MongoApplicationEntity> im
|
||||||
updateMongoEntity();
|
updateMongoEntity();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean equals(Object o) {
|
public boolean equals(Object o) {
|
||||||
if (this == o) return true;
|
if (this == o) return true;
|
||||||
|
|
|
@ -184,6 +184,9 @@ public class CompositeRoleTest {
|
||||||
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
|
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
|
||||||
Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
|
Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
|
||||||
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
|
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
|
||||||
|
|
||||||
|
AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
|
||||||
|
Assert.assertEquals(200, refreshResponse.getStatusCode());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -207,10 +210,11 @@ public class CompositeRoleTest {
|
||||||
|
|
||||||
Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size());
|
Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size());
|
||||||
Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
|
Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
|
||||||
|
|
||||||
|
AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
|
||||||
|
Assert.assertEquals(200, refreshResponse.getStatusCode());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testRealmOnlyWithUserCompositeAppComposite() throws Exception {
|
public void testRealmOnlyWithUserCompositeAppComposite() throws Exception {
|
||||||
oauth.realm("Test");
|
oauth.realm("Test");
|
||||||
|
@ -232,6 +236,9 @@ public class CompositeRoleTest {
|
||||||
Assert.assertEquals(2, token.getRealmAccess().getRoles().size());
|
Assert.assertEquals(2, token.getRealmAccess().getRoles().size());
|
||||||
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_COMPOSITE_1"));
|
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_COMPOSITE_1"));
|
||||||
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
|
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
|
||||||
|
|
||||||
|
AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
|
||||||
|
Assert.assertEquals(200, refreshResponse.getStatusCode());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
@ -254,6 +261,9 @@ public class CompositeRoleTest {
|
||||||
|
|
||||||
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
|
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
|
||||||
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
|
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
|
||||||
|
|
||||||
|
AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
|
||||||
|
Assert.assertEquals(200, refreshResponse.getStatusCode());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
@ -276,6 +286,9 @@ public class CompositeRoleTest {
|
||||||
|
|
||||||
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
|
Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
|
||||||
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
|
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
|
||||||
|
|
||||||
|
AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
|
||||||
|
Assert.assertEquals(200, refreshResponse.getStatusCode());
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue