KEYCLOAK-569 Check application roles for scope

This commit is contained in:
Stian Thorgersen 2014-07-21 13:50:27 +01:00
parent d2b42e3843
commit 213b685b43
4 changed files with 58 additions and 2 deletions

View file

@ -184,6 +184,20 @@ public class ApplicationAdapter extends ClientAdapter implements ApplicationMode
return roles; return roles;
} }
@Override
public boolean hasScope(RoleModel role) {
if (super.hasScope(role)) {
return true;
}
Set<RoleModel> roles = getRoles();
if (roles.contains(role)) return true;
for (RoleModel mapping : roles) {
if (mapping.hasRole(role)) return true;
}
return false;
}
@Override @Override
public boolean equals(Object o) { public boolean equals(Object o) {
if (this == o) return true; if (this == o) return true;

View file

@ -166,6 +166,20 @@ public class ApplicationAdapter extends ClientAdapter implements ApplicationMode
return list; return list;
} }
@Override
public boolean hasScope(RoleModel role) {
if (super.hasScope(role)) {
return true;
}
Set<RoleModel> roles = getRoles();
if (roles.contains(role)) return true;
for (RoleModel mapping : roles) {
if (mapping.hasRole(role)) return true;
}
return false;
}
@Override @Override
public Set<RoleModel> getApplicationScopeMappings(ClientModel client) { public Set<RoleModel> getApplicationScopeMappings(ClientModel client) {
Set<RoleModel> roleMappings = client.getScopeMappings(); Set<RoleModel> roleMappings = client.getScopeMappings();

View file

@ -160,6 +160,20 @@ public class ApplicationAdapter extends ClientAdapter<MongoApplicationEntity> im
return result; return result;
} }
@Override
public boolean hasScope(RoleModel role) {
if (super.hasScope(role)) {
return true;
}
Set<RoleModel> roles = getRoles();
if (roles.contains(role)) return true;
for (RoleModel mapping : roles) {
if (mapping.hasRole(role)) return true;
}
return false;
}
@Override @Override
public Set<RoleModel> getApplicationScopeMappings(ClientModel client) { public Set<RoleModel> getApplicationScopeMappings(ClientModel client) {
Set<RoleModel> result = new HashSet<RoleModel>(); Set<RoleModel> result = new HashSet<RoleModel>();
@ -204,6 +218,7 @@ public class ApplicationAdapter extends ClientAdapter<MongoApplicationEntity> im
updateMongoEntity(); updateMongoEntity();
} }
@Override @Override
public boolean equals(Object o) { public boolean equals(Object o) {
if (this == o) return true; if (this == o) return true;

View file

@ -184,6 +184,9 @@ public class CompositeRoleTest {
Assert.assertEquals(1, token.getRealmAccess().getRoles().size()); Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1")); Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1")); Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
Assert.assertEquals(200, refreshResponse.getStatusCode());
} }
@ -207,10 +210,11 @@ public class CompositeRoleTest {
Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size()); Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size());
Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1")); Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
Assert.assertEquals(200, refreshResponse.getStatusCode());
} }
@Test @Test
public void testRealmOnlyWithUserCompositeAppComposite() throws Exception { public void testRealmOnlyWithUserCompositeAppComposite() throws Exception {
oauth.realm("Test"); oauth.realm("Test");
@ -232,6 +236,9 @@ public class CompositeRoleTest {
Assert.assertEquals(2, token.getRealmAccess().getRoles().size()); Assert.assertEquals(2, token.getRealmAccess().getRoles().size());
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_COMPOSITE_1")); Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_COMPOSITE_1"));
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1")); Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
Assert.assertEquals(200, refreshResponse.getStatusCode());
} }
@Test @Test
@ -254,6 +261,9 @@ public class CompositeRoleTest {
Assert.assertEquals(1, token.getRealmAccess().getRoles().size()); Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1")); Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
Assert.assertEquals(200, refreshResponse.getStatusCode());
} }
@Test @Test
@ -276,6 +286,9 @@ public class CompositeRoleTest {
Assert.assertEquals(1, token.getRealmAccess().getRoles().size()); Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1")); Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
Assert.assertEquals(200, refreshResponse.getStatusCode());
} }
} }