KEYCLOAK-17844 Add option to disable authorization services to workaround issues with many clients
This commit is contained in:
Stian Thorgersen
GitHub
parent
3d8f152787
commit
2cb59e2503
55 changed files with 400 additions and 37 deletions
|
|
@ -44,6 +44,7 @@ public class Profile {
|
|||
DEPRECATED;
|
||||
}
|
||||
public enum Feature {
|
||||
AUTHORIZATION(Type.DEFAULT),
|
||||
ACCOUNT2(Type.DEFAULT),
|
||||
ACCOUNT_API(Type.DEFAULT),
|
||||
ADMIN_FINE_GRAINED_AUTHZ(Type.PREVIEW),
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@
|
|||
|
||||
package org.keycloak.authorization;
|
||||
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.provider.Provider;
|
||||
import org.keycloak.provider.ProviderFactory;
|
||||
import org.keycloak.provider.Spi;
|
||||
|
|
@ -45,4 +46,9 @@ public class AuthorizationSpi implements Spi {
|
|||
public Class<? extends ProviderFactory> getProviderFactoryClass() {
|
||||
return AuthorizationProviderFactory.class;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isEnabled() {
|
||||
return Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@
|
|||
|
||||
package org.keycloak.authorization.policy.provider;
|
||||
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.provider.Provider;
|
||||
import org.keycloak.provider.ProviderFactory;
|
||||
import org.keycloak.provider.Spi;
|
||||
|
|
@ -45,4 +46,9 @@ public class PolicySpi implements Spi {
|
|||
public Class<? extends ProviderFactory> getProviderFactoryClass() {
|
||||
return PolicyProviderFactory.class;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isEnabled() {
|
||||
return Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@
|
|||
|
||||
package org.keycloak.authorization.store;
|
||||
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.provider.Provider;
|
||||
import org.keycloak.provider.ProviderFactory;
|
||||
import org.keycloak.provider.Spi;
|
||||
|
|
@ -48,4 +49,9 @@ public class StoreFactorySpi implements Spi {
|
|||
public Class<? extends ProviderFactory> getProviderFactoryClass() {
|
||||
return AuthorizationStoreFactory.class;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isEnabled() {
|
||||
return Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@
|
|||
|
||||
package org.keycloak.models.cache.authorization;
|
||||
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.provider.Provider;
|
||||
import org.keycloak.provider.ProviderFactory;
|
||||
import org.keycloak.provider.Spi;
|
||||
|
|
@ -45,4 +46,9 @@ public class CachedStoreFactorySpi implements Spi {
|
|||
public Class<? extends ProviderFactory> getProviderFactoryClass() {
|
||||
return CachedStoreProviderFactory.class;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isEnabled() {
|
||||
return Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@ import org.keycloak.authorization.model.Resource;
|
|||
import org.keycloak.authorization.model.ResourceServer;
|
||||
import org.keycloak.authorization.model.Scope;
|
||||
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.common.util.MultivaluedHashMap;
|
||||
import org.keycloak.common.util.Time;
|
||||
import org.keycloak.component.ComponentModel;
|
||||
|
|
@ -315,7 +316,11 @@ public class ModelToRepresentation {
|
|||
rep.setQuickLoginCheckMilliSeconds(realm.getQuickLoginCheckMilliSeconds());
|
||||
rep.setMaxDeltaTimeSeconds(realm.getMaxDeltaTimeSeconds());
|
||||
rep.setFailureFactor(realm.getFailureFactor());
|
||||
rep.setUserManagedAccessAllowed(realm.isUserManagedAccessAllowed());
|
||||
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
|
||||
rep.setUserManagedAccessAllowed(realm.isUserManagedAccessAllowed());
|
||||
} else {
|
||||
rep.setUserManagedAccessAllowed(false);
|
||||
}
|
||||
|
||||
rep.setEventsEnabled(realm.isEventsEnabled());
|
||||
if (realm.getEventsExpiration() != 0) {
|
||||
|
|
@ -628,11 +633,13 @@ public class ModelToRepresentation {
|
|||
if (!mappings.isEmpty())
|
||||
rep.setProtocolMappers(mappings);
|
||||
|
||||
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
|
||||
ResourceServer resourceServer = authorization.getStoreFactory().getResourceServerStore().findById(clientModel.getId());
|
||||
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
|
||||
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
|
||||
ResourceServer resourceServer = authorization.getStoreFactory().getResourceServerStore().findById(clientModel.getId());
|
||||
|
||||
if (resourceServer != null) {
|
||||
rep.setAuthorizationServicesEnabled(true);
|
||||
if (resourceServer != null) {
|
||||
rep.setAuthorizationServicesEnabled(true);
|
||||
}
|
||||
}
|
||||
|
||||
return rep;
|
||||
|
|
|
|||
|
|
@ -52,6 +52,7 @@ import org.keycloak.authorization.store.StoreFactory;
|
|||
import org.keycloak.broker.provider.IdentityProvider;
|
||||
import org.keycloak.broker.provider.IdentityProviderFactory;
|
||||
import org.keycloak.broker.social.SocialIdentityProvider;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.common.enums.SslRequired;
|
||||
import org.keycloak.common.util.MultivaluedHashMap;
|
||||
import org.keycloak.common.util.UriUtils;
|
||||
|
|
@ -2237,7 +2238,7 @@ public class RepresentationToModel {
|
|||
}
|
||||
|
||||
public static void importAuthorizationSettings(ClientRepresentation clientRepresentation, ClientModel client, KeycloakSession session) {
|
||||
if (Boolean.TRUE.equals(clientRepresentation.getAuthorizationServicesEnabled())) {
|
||||
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION) && Boolean.TRUE.equals(clientRepresentation.getAuthorizationServicesEnabled())) {
|
||||
AuthorizationProviderFactory authorizationFactory = (AuthorizationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class);
|
||||
AuthorizationProvider authorization = authorizationFactory.create(session, client.getRealm());
|
||||
|
||||
|
|
|
|||
|
|
@ -26,4 +26,8 @@ public interface Spi {
|
|||
String getName();
|
||||
Class<? extends Provider> getProviderClass();
|
||||
Class<? extends ProviderFactory> getProviderFactoryClass();
|
||||
default boolean isEnabled() {
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -41,6 +41,7 @@ import org.keycloak.authorization.model.ResourceServer;
|
|||
import org.keycloak.authorization.model.Scope;
|
||||
import org.keycloak.authorization.store.PolicyStore;
|
||||
import org.keycloak.authorization.store.StoreFactory;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.common.Version;
|
||||
import org.keycloak.common.util.MultivaluedHashMap;
|
||||
import org.keycloak.credential.CredentialModel;
|
||||
|
|
@ -286,7 +287,9 @@ public class ExportUtils {
|
|||
public static ClientRepresentation exportClient(KeycloakSession session, ClientModel client) {
|
||||
ClientRepresentation clientRep = ModelToRepresentation.toRepresentation(client, session);
|
||||
clientRep.setSecret(client.getSecret());
|
||||
clientRep.setAuthorizationSettings(exportAuthorizationSettings(session,client));
|
||||
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
|
||||
clientRep.setAuthorizationSettings(exportAuthorizationSettings(session, client));
|
||||
}
|
||||
return clientRep;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ import org.keycloak.Config;
|
|||
import org.keycloak.authentication.ClientAuthenticator;
|
||||
import org.keycloak.authentication.ClientAuthenticatorFactory;
|
||||
import org.keycloak.authorization.admin.AuthorizationService;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
|
|
@ -174,7 +175,7 @@ public class KeycloakOIDCClientInstallation implements ClientInstallationProvide
|
|||
}
|
||||
|
||||
private void configureAuthorizationSettings(KeycloakSession session, ClientModel client, ClientManager.InstallationAdapterConfig rep) {
|
||||
if (new AuthorizationService(session, client, null, null).isEnabled()) {
|
||||
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION) && new AuthorizationService(session, client, null, null).isEnabled()) {
|
||||
PolicyEnforcerConfig enforcerConfig = new PolicyEnforcerConfig();
|
||||
|
||||
enforcerConfig.setEnforcementMode(null);
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ package org.keycloak.services;
|
|||
|
||||
import org.jboss.logging.Logger;
|
||||
import org.keycloak.Config;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.common.util.MultivaluedHashMap;
|
||||
import org.keycloak.component.ComponentFactoryProvider;
|
||||
import org.keycloak.component.ComponentFactoryProviderFactory;
|
||||
|
|
@ -96,7 +97,12 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory, Pr
|
|||
serverStartupTimestamp = System.currentTimeMillis();
|
||||
|
||||
ProviderManager pm = new ProviderManager(KeycloakDeploymentInfo.create().services(), getClass().getClassLoader(), Config.scope().getArray("providers"));
|
||||
spis.addAll(pm.loadSpis());
|
||||
for (Spi spi : pm.loadSpis()) {
|
||||
if (spi.isEnabled()) {
|
||||
spis.add(spi);
|
||||
}
|
||||
}
|
||||
|
||||
factoriesMap = loadFactories(pm);
|
||||
|
||||
synchronized (ProviderManagerRegistry.SINGLETON) {
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@
|
|||
package org.keycloak.services.managers;
|
||||
|
||||
import org.keycloak.Config;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.common.enums.SslRequired;
|
||||
import org.keycloak.migration.MigrationModelManager;
|
||||
import org.keycloak.models.AccountRoles;
|
||||
|
|
@ -755,7 +756,7 @@ public class RealmManager {
|
|||
}
|
||||
}
|
||||
|
||||
if (Boolean.TRUE.equals(client.getAuthorizationServicesEnabled())) {
|
||||
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION) && Boolean.TRUE.equals(client.getAuthorizationServicesEnabled())) {
|
||||
// just create the default roles if the service account was missing in the import
|
||||
RepresentationToModel.createResourceServer(clientModel, session, serviceAccount == null);
|
||||
RepresentationToModel.importAuthorizationSettings(client, clientModel, session);
|
||||
|
|
|
|||
|
|
@ -23,6 +23,7 @@ import org.keycloak.OAuthErrorException;
|
|||
import org.keycloak.authorization.AuthorizationProvider;
|
||||
import org.keycloak.authorization.AuthorizationService;
|
||||
import org.keycloak.common.ClientConnection;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.common.util.KeycloakUriBuilder;
|
||||
import org.keycloak.events.EventBuilder;
|
||||
import org.keycloak.models.ClientModel;
|
||||
|
|
@ -37,6 +38,7 @@ import org.keycloak.services.resource.RealmResourceProvider;
|
|||
import org.keycloak.services.resources.account.AccountLoader;
|
||||
import org.keycloak.services.util.CacheControlUtil;
|
||||
import org.keycloak.services.util.ResolveRelative;
|
||||
import org.keycloak.utils.ProfileHelper;
|
||||
import org.keycloak.wellknown.WellKnownProvider;
|
||||
|
||||
import javax.ws.rs.GET;
|
||||
|
|
@ -260,6 +262,8 @@ public class RealmsResource {
|
|||
|
||||
@Path("{realm}/authz")
|
||||
public Object getAuthorizationService(@PathParam("realm") String name) {
|
||||
ProfileHelper.requireFeature(Profile.Feature.AUTHORIZATION);
|
||||
|
||||
init(name);
|
||||
AuthorizationProvider authorization = this.session.getProvider(AuthorizationProvider.class);
|
||||
AuthorizationService service = new AuthorizationService(authorization);
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ package org.keycloak.services.resources.account;
|
|||
|
||||
import org.jboss.logging.Logger;
|
||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.authentication.requiredactions.DeleteAccount;
|
||||
import org.keycloak.common.Version;
|
||||
import org.keycloak.events.EventStoreProvider;
|
||||
|
|
@ -129,7 +130,7 @@ public class AccountConsole {
|
|||
|
||||
EventStoreProvider eventStore = session.getProvider(EventStoreProvider.class);
|
||||
map.put("isEventsEnabled", eventStore != null && realm.isEventsEnabled());
|
||||
map.put("isAuthorizationEnabled", true);
|
||||
map.put("isAuthorizationEnabled", Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION));
|
||||
|
||||
boolean isTotpConfigured = false;
|
||||
boolean deleteAccountAllowed = false;
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ import org.keycloak.authorization.model.ResourceServer;
|
|||
import org.keycloak.authorization.model.Scope;
|
||||
import org.keycloak.authorization.store.PermissionTicketStore;
|
||||
import org.keycloak.authorization.store.PolicyStore;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.common.util.Base64Url;
|
||||
import org.keycloak.common.util.Time;
|
||||
import org.keycloak.common.util.UriUtils;
|
||||
|
|
@ -181,7 +182,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
|
|||
account.setUser(auth.getUser());
|
||||
}
|
||||
|
||||
account.setFeatures(realm.isIdentityFederationEnabled(), eventStore != null && realm.isEventsEnabled(), true, true);
|
||||
account.setFeatures(realm.isIdentityFederationEnabled(), eventStore != null && realm.isEventsEnabled(), true, Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION));
|
||||
}
|
||||
|
||||
public static UriBuilder accountServiceBaseUrl(UriInfo uriInfo) {
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ import org.jboss.resteasy.spi.BadRequestException;
|
|||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||
import org.keycloak.authorization.admin.AuthorizationService;
|
||||
import org.keycloak.common.ClientConnection;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.common.util.Time;
|
||||
import org.keycloak.events.Errors;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
|
|
@ -63,6 +64,7 @@ import org.keycloak.services.managers.ResourceAdminManager;
|
|||
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
|
||||
import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement;
|
||||
import org.keycloak.services.resources.admin.permissions.AdminPermissions;
|
||||
import org.keycloak.utils.ProfileHelper;
|
||||
import org.keycloak.utils.ReservedCharValidator;
|
||||
import org.keycloak.validation.ValidationUtil;
|
||||
|
||||
|
|
@ -591,6 +593,8 @@ public class ClientResource {
|
|||
|
||||
@Path("/authz")
|
||||
public AuthorizationService authorization() {
|
||||
ProfileHelper.requireFeature(Profile.Feature.AUTHORIZATION);
|
||||
|
||||
AuthorizationService resource = new AuthorizationService(this.session, this.client, this.auth, adminEvent);
|
||||
|
||||
ResteasyProviderFactory.getInstance().injectProperties(resource);
|
||||
|
|
@ -680,10 +684,12 @@ public class ClientResource {
|
|||
}
|
||||
|
||||
private void updateAuthorizationSettings(ClientRepresentation rep) {
|
||||
if (TRUE.equals(rep.getAuthorizationServicesEnabled())) {
|
||||
authorization().enable(false);
|
||||
} else {
|
||||
authorization().disable();
|
||||
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
|
||||
if (TRUE.equals(rep.getAuthorizationServicesEnabled())) {
|
||||
authorization().enable(false);
|
||||
} else {
|
||||
authorization().disable();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import org.jboss.logging.Logger;
|
|||
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||
import org.keycloak.authorization.admin.AuthorizationService;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.events.Errors;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
|
|
@ -187,7 +188,7 @@ public class ClientsResource {
|
|||
|
||||
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), clientModel.getId()).representation(rep).success();
|
||||
|
||||
if (TRUE.equals(rep.getAuthorizationServicesEnabled())) {
|
||||
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION) && TRUE.equals(rep.getAuthorizationServicesEnabled())) {
|
||||
AuthorizationService authorizationService = getAuthorizationService(clientModel);
|
||||
|
||||
authorizationService.enable(true);
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ import org.keycloak.authorization.permission.ResourcePermission;
|
|||
import org.keycloak.authorization.policy.evaluation.EvaluationContext;
|
||||
import org.keycloak.authorization.store.PolicyStore;
|
||||
import org.keycloak.authorization.store.ResourceStore;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.models.AdminRoles;
|
||||
import org.keycloak.models.GroupModel;
|
||||
import org.keycloak.representations.idm.authorization.Permission;
|
||||
|
|
@ -59,8 +60,13 @@ class GroupPermissions implements GroupPermissionEvaluator, GroupPermissionManag
|
|||
GroupPermissions(AuthorizationProvider authz, MgmtPermissions root) {
|
||||
this.authz = authz;
|
||||
this.root = root;
|
||||
resourceStore = authz.getStoreFactory().getResourceStore();
|
||||
policyStore = authz.getStoreFactory().getPolicyStore();
|
||||
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
|
||||
resourceStore = authz.getStoreFactory().getResourceStore();
|
||||
policyStore = authz.getStoreFactory().getPolicyStore();
|
||||
} else {
|
||||
resourceStore = null;
|
||||
policyStore = null;
|
||||
}
|
||||
}
|
||||
|
||||
private static String getGroupResourceName(GroupModel group) {
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@ import org.keycloak.authorization.model.Scope;
|
|||
import org.keycloak.authorization.permission.ResourcePermission;
|
||||
import org.keycloak.authorization.policy.evaluation.EvaluationContext;
|
||||
import org.keycloak.authorization.store.ResourceServerStore;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.models.AdminRoles;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.Constants;
|
||||
|
|
@ -72,8 +73,10 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage
|
|||
this.session = session;
|
||||
this.realm = realm;
|
||||
KeycloakSessionFactory keycloakSessionFactory = session.getKeycloakSessionFactory();
|
||||
AuthorizationProviderFactory factory = (AuthorizationProviderFactory) keycloakSessionFactory.getProviderFactory(AuthorizationProvider.class);
|
||||
this.authz = factory.create(session, realm);
|
||||
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
|
||||
AuthorizationProviderFactory factory = (AuthorizationProviderFactory) keycloakSessionFactory.getProviderFactory(AuthorizationProvider.class);
|
||||
this.authz = factory.create(session, realm);
|
||||
}
|
||||
}
|
||||
|
||||
MgmtPermissions(KeycloakSession session, RealmModel realm, AdminAuth auth) {
|
||||
|
|
@ -248,6 +251,7 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage
|
|||
|
||||
@Override
|
||||
public ResourceServer realmResourceServer() {
|
||||
if (!Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) return null;
|
||||
if (realmResourceServer != null) return realmResourceServer;
|
||||
ClientModel client = getRealmManagementClient();
|
||||
if (client == null) return null;
|
||||
|
|
@ -258,6 +262,7 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage
|
|||
}
|
||||
|
||||
public ResourceServer initializeRealmResourceServer() {
|
||||
if (!Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) return null;
|
||||
if (realmResourceServer != null) return realmResourceServer;
|
||||
ClientModel client = getRealmManagementClient();
|
||||
realmResourceServer = authz.getStoreFactory().getResourceServerStore().findById(client.getId());
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@ import org.keycloak.authorization.permission.ResourcePermission;
|
|||
import org.keycloak.authorization.policy.evaluation.EvaluationContext;
|
||||
import org.keycloak.authorization.store.PolicyStore;
|
||||
import org.keycloak.authorization.store.ResourceStore;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.models.AdminRoles;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.GroupModel;
|
||||
|
|
@ -82,8 +83,13 @@ class UserPermissions implements UserPermissionEvaluator, UserPermissionManageme
|
|||
this.session = session;
|
||||
this.authz = authz;
|
||||
this.root = root;
|
||||
policyStore = authz.getStoreFactory().getPolicyStore();
|
||||
resourceStore = authz.getStoreFactory().getResourceStore();
|
||||
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
|
||||
policyStore = authz.getStoreFactory().getPolicyStore();
|
||||
resourceStore = authz.getStoreFactory().getResourceStore();
|
||||
} else {
|
||||
policyStore = null;
|
||||
resourceStore = null;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@
|
|||
package org.keycloak.testsuite.account;
|
||||
|
||||
import com.fasterxml.jackson.core.type.TypeReference;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.admin.client.resource.AuthorizationResource;
|
||||
import org.keycloak.admin.client.resource.ClientResource;
|
||||
|
|
@ -24,6 +25,7 @@ import org.keycloak.admin.client.resource.ClientsResource;
|
|||
import org.keycloak.authorization.client.AuthzClient;
|
||||
import org.keycloak.authorization.client.Configuration;
|
||||
import org.keycloak.broker.provider.util.SimpleHttp;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.common.util.KeycloakUriBuilder;
|
||||
import org.keycloak.jose.jws.JWSInput;
|
||||
import org.keycloak.models.AccountRoles;
|
||||
|
|
@ -38,6 +40,7 @@ import org.keycloak.representations.idm.authorization.ScopeRepresentation;
|
|||
import org.keycloak.services.resources.account.resources.AbstractResourceService;
|
||||
import org.keycloak.services.resources.account.resources.AbstractResourceService.Permission;
|
||||
import org.keycloak.services.resources.account.resources.AbstractResourceService.Resource;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.util.ClientBuilder;
|
||||
import org.keycloak.testsuite.util.TokenUtil;
|
||||
import org.keycloak.testsuite.util.UserBuilder;
|
||||
|
|
@ -70,6 +73,11 @@ public class ResourcesRestServiceTest extends AbstractRestServiceTest {
|
|||
private AuthzClient authzClient;
|
||||
private List<String> userNames = new ArrayList<>(Arrays.asList("alice", "jdoe", "bob"));
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void configureTestRealm(RealmRepresentation testRealm) {
|
||||
super.configureTestRealm(testRealm);
|
||||
|
|
|
|||
|
|
@ -19,8 +19,7 @@ package org.keycloak.testsuite.adapter.example.authorization;
|
|||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.equalTo;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
|
||||
import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS;
|
||||
import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith;
|
||||
import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
|
||||
|
|
@ -49,6 +48,7 @@ import org.jboss.arquillian.test.api.ArquillianResource;
|
|||
import org.junit.After;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.admin.client.resource.AuthorizationResource;
|
||||
import org.keycloak.admin.client.resource.ClientResource;
|
||||
|
|
@ -71,6 +71,7 @@ import org.keycloak.representations.idm.UserRepresentation;
|
|||
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
|
||||
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
|
||||
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.adapter.page.PhotozClientAuthzTestApp;
|
||||
import org.keycloak.testsuite.admin.ApiUtil;
|
||||
import org.keycloak.testsuite.arquillian.AppServerTestEnricher;
|
||||
|
|
@ -121,6 +122,11 @@ public abstract class AbstractBasePhotozExampleAdapterTest extends AbstractPhoto
|
|||
@JavascriptBrowser
|
||||
protected WebElement eventsArea;
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setDefaultPageUriParameters() {
|
||||
super.setDefaultPageUriParameters();
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ package org.keycloak.testsuite.adapter.example.authorization;
|
|||
import org.jboss.arquillian.container.test.api.Deployer;
|
||||
import org.jboss.arquillian.test.api.ArquillianResource;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
import org.keycloak.admin.client.resource.AuthorizationResource;
|
||||
import org.keycloak.admin.client.resource.ClientResource;
|
||||
import org.keycloak.admin.client.resource.ClientsResource;
|
||||
|
|
@ -27,6 +28,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
|
|||
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
|
||||
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
|
||||
import org.keycloak.representations.idm.authorization.UserPolicyRepresentation;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest;
|
||||
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
|
||||
import org.keycloak.testsuite.util.UIUtils;
|
||||
|
|
@ -42,6 +44,7 @@ import java.net.URL;
|
|||
import java.util.List;
|
||||
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
|
||||
import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS;
|
||||
import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
|
||||
import static org.keycloak.testsuite.utils.io.IOUtil.loadJson;
|
||||
|
|
@ -60,6 +63,11 @@ public abstract class AbstractBaseServletAuthzAdapterTest extends AbstractExampl
|
|||
@ArquillianResource
|
||||
private Deployer deployer;
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addAdapterTestRealms(List<RealmRepresentation> testRealms) {
|
||||
testRealms.add(
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ import static org.hamcrest.Matchers.is;
|
|||
import static org.hamcrest.Matchers.not;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Arrays;
|
||||
|
|
@ -33,6 +34,7 @@ import java.util.List;
|
|||
import java.util.Map;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.admin.client.resource.AuthorizationResource;
|
||||
import org.keycloak.admin.client.resource.ClientResource;
|
||||
|
|
@ -47,6 +49,7 @@ import org.keycloak.representations.idm.RoleRepresentation;
|
|||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
|
||||
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected;
|
||||
import org.keycloak.util.JsonSerialization;
|
||||
|
||||
|
|
@ -55,6 +58,11 @@ import org.keycloak.util.JsonSerialization;
|
|||
*/
|
||||
public abstract class AbstractPhotozExampleAdapterTest extends AbstractBasePhotozExampleAdapterTest {
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testUserCanCreateAndDeleteAlbum() throws Exception {
|
||||
loginToClientPage(aliceUser);
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import org.jboss.arquillian.container.test.api.Deployer;
|
|||
import org.jboss.arquillian.container.test.api.Deployment;
|
||||
import org.jboss.arquillian.test.api.ArquillianResource;
|
||||
import org.jboss.shrinkwrap.api.spec.WebArchive;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.admin.client.resource.AuthorizationResource;
|
||||
import org.keycloak.admin.client.resource.ClientResource;
|
||||
|
|
@ -27,6 +28,7 @@ import org.keycloak.admin.client.resource.ClientsResource;
|
|||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
|
||||
import org.keycloak.testsuite.util.ServerURLs;
|
||||
|
|
@ -40,6 +42,7 @@ import java.net.URL;
|
|||
import java.util.List;
|
||||
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
|
||||
import static org.keycloak.testsuite.utils.io.IOUtil.loadRealm;
|
||||
|
||||
/**
|
||||
|
|
@ -62,6 +65,11 @@ public class DefaultAuthzConfigAdapterTest extends AbstractExampleAdapterTest {
|
|||
@ArquillianResource
|
||||
private Deployer deployer;
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addAdapterTestRealms(List<RealmRepresentation> testRealms) {
|
||||
testRealms.add(
|
||||
|
|
|
|||
|
|
@ -16,12 +16,15 @@
|
|||
*/
|
||||
package org.keycloak.testsuite.adapter.example.authorization;
|
||||
|
||||
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
|
||||
import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import org.jboss.arquillian.container.test.api.Deployment;
|
||||
import org.jboss.shrinkwrap.api.spec.WebArchive;
|
||||
import org.junit.BeforeClass;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
|
||||
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
|
||||
import org.keycloak.testsuite.util.ServerURLs;
|
||||
|
|
@ -42,6 +45,11 @@ import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
|
|||
@EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
|
||||
public class ServletPolicyEnforcerTest extends AbstractServletPolicyEnforcerTest {
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
|
||||
}
|
||||
|
||||
@Deployment(name = RESOURCE_SERVER_ID, managed = false)
|
||||
public static WebArchive deployment() {
|
||||
return exampleDeployment(RESOURCE_SERVER_ID);
|
||||
|
|
|
|||
|
|
@ -23,6 +23,7 @@ import org.jboss.arquillian.test.api.ArquillianResource;
|
|||
import org.jboss.shrinkwrap.api.spec.WebArchive;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.OAuth2Constants;
|
||||
import org.keycloak.admin.client.resource.RealmResource;
|
||||
|
|
@ -52,6 +53,7 @@ import org.keycloak.representations.idm.authorization.ClientPolicyRepresentation
|
|||
import org.keycloak.representations.idm.authorization.DecisionStrategy;
|
||||
import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement;
|
||||
import org.keycloak.services.resources.admin.permissions.AdminPermissions;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
|
||||
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
|
||||
|
|
@ -104,6 +106,11 @@ public class BrokerLinkAndTokenExchangeTest extends AbstractServletsAdapterTest
|
|||
public static final String UNAUTHORIZED_CHILD_CLIENT = "unauthorized-child-client";
|
||||
public static final String PARENT_CLIENT = "parent-client";
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
|
||||
}
|
||||
|
||||
@Deployment(name = ClientApp.DEPLOYMENT_NAME)
|
||||
protected static WebArchive accountLink() {
|
||||
return servletDeployment(ClientApp.DEPLOYMENT_NAME, LinkAndExchangeServlet.class, ServletTestUtils.class);
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@
|
|||
*/
|
||||
package org.keycloak.testsuite.admin;
|
||||
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.admin.client.resource.ClientsResource;
|
||||
import org.keycloak.authorization.AuthorizationProvider;
|
||||
|
|
@ -31,6 +32,7 @@ import org.keycloak.representations.idm.authorization.Logic;
|
|||
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
|
||||
import org.keycloak.representations.idm.authorization.RolePolicyRepresentation;
|
||||
import org.keycloak.testsuite.AbstractKeycloakTest;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
|
||||
import org.keycloak.testsuite.util.ClientBuilder;
|
||||
|
|
@ -39,6 +41,7 @@ import org.keycloak.util.JsonSerialization;
|
|||
|
||||
import java.util.List;
|
||||
|
||||
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
|
||||
import static org.keycloak.testsuite.auth.page.AuthRealm.TEST;
|
||||
|
||||
/**
|
||||
|
|
@ -48,6 +51,11 @@ import static org.keycloak.testsuite.auth.page.AuthRealm.TEST;
|
|||
@AuthServerContainerExclude(AuthServer.REMOTE)
|
||||
public class AuthzCleanupTest extends AbstractKeycloakTest {
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
||||
testRealms.add(RealmBuilder.create().name(TEST)
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ package org.keycloak.testsuite.admin;
|
|||
|
||||
import org.hamcrest.Matchers;
|
||||
import org.junit.Assert;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.admin.client.Keycloak;
|
||||
import org.keycloak.authorization.AuthorizationProvider;
|
||||
|
|
@ -52,6 +53,7 @@ import org.keycloak.services.resources.admin.permissions.AdminPermissions;
|
|||
import org.keycloak.services.resources.admin.permissions.ClientPermissionManagement;
|
||||
import org.keycloak.services.resources.admin.permissions.GroupPermissionManagement;
|
||||
import org.keycloak.testsuite.AbstractKeycloakTest;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
|
||||
import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected;
|
||||
import org.keycloak.testsuite.auth.page.AuthRealm;
|
||||
|
|
@ -83,6 +85,11 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
|
|||
|
||||
public static final String CLIENT_NAME = "application";
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
||||
RealmRepresentation testRealmRep = new RealmRepresentation();
|
||||
|
|
|
|||
|
|
@ -16,13 +16,16 @@
|
|||
*/
|
||||
package org.keycloak.testsuite.admin;
|
||||
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.admin.client.resource.ClientResource;
|
||||
import org.keycloak.admin.client.resource.GroupResource;
|
||||
import org.keycloak.admin.client.resource.RealmResource;
|
||||
import org.keycloak.admin.client.resource.RoleResource;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.representations.idm.*;
|
||||
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
|
||||
import javax.ws.rs.core.Response;
|
||||
|
||||
|
|
@ -35,6 +38,11 @@ import static org.junit.Assert.assertTrue;
|
|||
*/
|
||||
public class ManagementPermissionsTest extends AbstractTestRealmKeycloakTest {
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void configureTestRealm(RealmRepresentation testRealm) {
|
||||
|
||||
|
|
|
|||
|
|
@ -21,11 +21,13 @@ import org.hamcrest.Matchers;
|
|||
import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataOutput;
|
||||
import org.junit.AfterClass;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Rule;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.admin.client.Keycloak;
|
||||
import org.keycloak.admin.client.resource.AuthorizationResource;
|
||||
import org.keycloak.admin.client.resource.RealmResource;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.models.AdminRoles;
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.models.credential.OTPCredentialModel;
|
||||
|
|
@ -58,6 +60,7 @@ import org.keycloak.representations.idm.authorization.ScopeRepresentation;
|
|||
import org.keycloak.services.resources.admin.AdminAuth.Resource;
|
||||
import org.keycloak.testsuite.AbstractKeycloakTest;
|
||||
import org.keycloak.testsuite.Assert;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.util.AdminClientUtil;
|
||||
import org.keycloak.testsuite.util.ClientBuilder;
|
||||
import org.keycloak.testsuite.util.CredentialBuilder;
|
||||
|
|
@ -99,6 +102,10 @@ public class PermissionsTest extends AbstractKeycloakTest {
|
|||
|
||||
@Rule public GreenMailRule greenMailRule = new GreenMailRule();
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
|
||||
}
|
||||
|
||||
// Remove all realms before first run
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -18,10 +18,12 @@
|
|||
package org.keycloak.testsuite.admin;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.admin.client.Keycloak;
|
||||
import org.keycloak.admin.client.resource.AuthorizationResource;
|
||||
import org.keycloak.admin.client.resource.RealmResource;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.GroupRepresentation;
|
||||
import org.keycloak.representations.idm.ManagementPermissionRepresentation;
|
||||
|
|
@ -31,6 +33,7 @@ import org.keycloak.representations.idm.authorization.DecisionStrategy;
|
|||
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
|
||||
import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation;
|
||||
import org.keycloak.representations.idm.authorization.UserPolicyRepresentation;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.util.AdminClientUtil;
|
||||
|
||||
import java.io.IOException;
|
||||
|
|
@ -167,12 +170,16 @@ public class UsersTest extends AbstractAdminTest {
|
|||
|
||||
@Test
|
||||
public void countUsersWithGroupViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
|
||||
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
|
||||
|
||||
RealmResource testRealmResource = setupTestEnvironmentWithPermissions(true);
|
||||
assertThat(testRealmResource.users().count(), is(3));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void countUsersBySearchWithGroupViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
|
||||
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
|
||||
|
||||
RealmResource testRealmResource = setupTestEnvironmentWithPermissions(true);
|
||||
//search all
|
||||
assertThat(testRealmResource.users().count("user"), is(3));
|
||||
|
|
@ -195,6 +202,8 @@ public class UsersTest extends AbstractAdminTest {
|
|||
|
||||
@Test
|
||||
public void countUsersByFiltersWithGroupViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
|
||||
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
|
||||
|
||||
RealmResource testRealmResource = setupTestEnvironmentWithPermissions(true);
|
||||
//search username
|
||||
assertThat(testRealmResource.users().count(null, null, null, "user"), is(3));
|
||||
|
|
@ -230,12 +239,16 @@ public class UsersTest extends AbstractAdminTest {
|
|||
|
||||
@Test
|
||||
public void countUsersWithNoViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException {
|
||||
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
|
||||
|
||||
RealmResource testRealmResource = setupTestEnvironmentWithPermissions(false);
|
||||
assertThat(testRealmResource.users().count(), is(0));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void countUsersBySearchWithNoViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
|
||||
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
|
||||
|
||||
RealmResource testRealmResource = setupTestEnvironmentWithPermissions(false);
|
||||
//search all
|
||||
assertThat(testRealmResource.users().count("user"), is(0));
|
||||
|
|
@ -258,6 +271,8 @@ public class UsersTest extends AbstractAdminTest {
|
|||
|
||||
@Test
|
||||
public void countUsersByFiltersWithNoViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
|
||||
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
|
||||
|
||||
RealmResource testRealmResource = setupTestEnvironmentWithPermissions(false);
|
||||
//search username
|
||||
assertThat(testRealmResource.users().count(null, null, null, "user"), is(0));
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ import javax.xml.parsers.DocumentBuilderFactory;
|
|||
import javax.xml.parsers.ParserConfigurationException;
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.admin.client.resource.ClientResource;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
|
|
@ -34,6 +35,7 @@ import org.keycloak.protocol.saml.SamlConfigAttributes;
|
|||
import org.keycloak.protocol.saml.SamlProtocol;
|
||||
import org.keycloak.protocol.saml.installation.SamlSPDescriptorClientInstallation;
|
||||
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.admin.ApiUtil;
|
||||
import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
|
||||
import org.keycloak.testsuite.util.AdminEventPaths;
|
||||
|
|
@ -46,6 +48,7 @@ import org.xml.sax.SAXException;
|
|||
import javax.ws.rs.NotFoundException;
|
||||
import static org.junit.Assert.assertThat;
|
||||
import static org.hamcrest.Matchers.*;
|
||||
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
|
||||
import static org.keycloak.testsuite.util.ServerURLs.getAuthServerContextRoot;
|
||||
|
||||
import static org.keycloak.saml.common.constants.JBossSAMLURIConstants.METADATA_NSURI;
|
||||
|
|
@ -71,6 +74,11 @@ public class InstallationTest extends AbstractClientTest {
|
|||
private ClientResource samlClient;
|
||||
private String samlClientId;
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
|
||||
}
|
||||
|
||||
@Before
|
||||
public void createClients() {
|
||||
oidcClientId = createOidcClient(OIDC_NAME);
|
||||
|
|
|
|||
|
|
@ -38,6 +38,7 @@ import org.keycloak.testsuite.util.UserBuilder;
|
|||
import javax.ws.rs.core.Response;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
|
||||
import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS;
|
||||
|
||||
import java.util.List;
|
||||
|
|
@ -50,6 +51,11 @@ public abstract class AbstractAuthorizationTest extends AbstractClientTest {
|
|||
|
||||
protected static final String RESOURCE_SERVER_CLIENT_ID = "resource-server-test";
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setDefaultPageUriParameters() {
|
||||
super.setDefaultPageUriParameters();
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import static org.junit.Assert.assertEquals;
|
|||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.assertNull;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
|
|
@ -52,6 +53,11 @@ import org.keycloak.testsuite.util.UserBuilder;
|
|||
*/
|
||||
public abstract class AbstractPolicyManagementTest extends AbstractKeycloakTest {
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
||||
testRealms.add(createTestRealm().build());
|
||||
|
|
|
|||
|
|
@ -0,0 +1,56 @@
|
|||
/*
|
||||
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.keycloak.testsuite.admin.client.authorization;
|
||||
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.admin.client.AbstractClientTest;
|
||||
import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected;
|
||||
|
||||
import javax.ws.rs.ServerErrorException;
|
||||
import javax.ws.rs.core.Response;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.fail;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||
*/
|
||||
public class AuthorizationDisabledInPreviewTest extends AbstractClientTest {
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumeFeatureDisabled(Profile.Feature.AUTHORIZATION);
|
||||
}
|
||||
|
||||
@Test
|
||||
@UncaughtServerErrorExpected
|
||||
public void testAuthzServicesRemoved() {
|
||||
String id = testRealmResource().clients().findAll().get(0).getId();
|
||||
try {
|
||||
testRealmResource().clients().get(id).authorization().getSettings();
|
||||
} catch (ServerErrorException e) {
|
||||
assertEquals(Response.Status.NOT_IMPLEMENTED.getStatusCode(), e.getResponse().getStatus());
|
||||
return;
|
||||
}
|
||||
fail("Feature Authorization should be disabled.");
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -19,6 +19,7 @@ package org.keycloak.testsuite.admin.client.authorization;
|
|||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.assertNull;
|
||||
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
|
||||
import static org.keycloak.testsuite.utils.io.IOUtil.loadRealm;
|
||||
|
||||
import java.io.BufferedInputStream;
|
||||
|
|
@ -62,6 +63,7 @@ import org.keycloak.representations.IDToken;
|
|||
import org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.testsuite.AbstractKeycloakTest;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
|
||||
import org.keycloak.util.JsonSerialization;
|
||||
|
|
@ -74,6 +76,11 @@ public class ClaimInformationPointProviderTest extends AbstractKeycloakTest {
|
|||
|
||||
private static Undertow httpService;
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
|
||||
}
|
||||
|
||||
@BeforeClass
|
||||
public static void onBeforeClass() {
|
||||
httpService = Undertow.builder().addHttpListener(8989, "localhost").setHandler(exchange -> {
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@
|
|||
*/
|
||||
package org.keycloak.testsuite.admin.client.authorization;
|
||||
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.adapters.KeycloakDeployment;
|
||||
import org.keycloak.adapters.KeycloakDeploymentBuilder;
|
||||
|
|
@ -30,8 +31,12 @@ import java.util.Map;
|
|||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
|
||||
|
||||
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
|
||||
import static org.keycloak.testsuite.utils.io.IOUtil.loadRealm;
|
||||
|
||||
/**
|
||||
|
|
@ -40,6 +45,11 @@ import static org.keycloak.testsuite.utils.io.IOUtil.loadRealm;
|
|||
@AuthServerContainerExclude(AuthServer.REMOTE)
|
||||
public class EnforcerConfigTest extends AbstractKeycloakTest {
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
||||
RealmRepresentation realm = loadRealm(getClass().getResourceAsStream("/authorization-test/test-authz-realm.json"));
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import static org.junit.Assert.assertEquals;
|
|||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
|
||||
import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS;
|
||||
|
||||
import java.io.BufferedInputStream;
|
||||
|
|
@ -36,6 +37,7 @@ import java.util.stream.Collectors;
|
|||
|
||||
import javax.security.cert.X509Certificate;
|
||||
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.AuthorizationContext;
|
||||
import org.keycloak.KeycloakSecurityContext;
|
||||
|
|
@ -65,6 +67,7 @@ import org.keycloak.representations.idm.authorization.ResourceRepresentation;
|
|||
import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation;
|
||||
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
|
||||
import org.keycloak.testsuite.AbstractKeycloakTest;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
|
||||
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
|
||||
|
|
@ -84,6 +87,11 @@ public class PolicyEnforcerClaimsTest extends AbstractKeycloakTest {
|
|||
|
||||
protected static final String REALM_NAME = "authz-test";
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
||||
testRealms.add(RealmBuilder.create().name(REALM_NAME)
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ import static org.junit.Assert.assertFalse;
|
|||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.junit.Assert.fail;
|
||||
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
|
||||
import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS;
|
||||
|
||||
import javax.security.cert.X509Certificate;
|
||||
|
|
@ -43,6 +44,7 @@ import java.util.stream.Collectors;
|
|||
|
||||
import org.junit.Assert;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.AuthorizationContext;
|
||||
import org.keycloak.KeycloakSecurityContext;
|
||||
|
|
@ -81,6 +83,7 @@ import org.keycloak.representations.idm.authorization.RolePolicyRepresentation;
|
|||
import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation;
|
||||
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
|
||||
import org.keycloak.testsuite.AbstractKeycloakTest;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
|
||||
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
|
||||
|
|
@ -101,6 +104,11 @@ public class PolicyEnforcerTest extends AbstractKeycloakTest {
|
|||
private static final String RESOURCE_SERVER_CLIENT_ID = "resource-server-test";
|
||||
private static final String REALM_NAME = "authz-test";
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
||||
testRealms.add(RealmBuilder.create().name(REALM_NAME)
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ import org.keycloak.admin.client.resource.ClientResource;
|
|||
import org.keycloak.admin.client.resource.IdentityProviderResource;
|
||||
import org.keycloak.admin.client.resource.RoleResource;
|
||||
import org.keycloak.admin.client.resource.UserResource;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.partialimport.PartialImportResult;
|
||||
import org.keycloak.partialimport.PartialImportResults;
|
||||
|
|
@ -40,6 +41,7 @@ import org.keycloak.representations.idm.RolesRepresentation;
|
|||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.testsuite.AbstractAuthTest;
|
||||
import org.keycloak.testsuite.Assert;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.admin.ApiUtil;
|
||||
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
|
||||
import org.keycloak.testsuite.util.AssertAdminEvents;
|
||||
|
|
@ -65,6 +67,7 @@ import org.keycloak.common.constants.ServiceAccountConstants;
|
|||
import org.keycloak.partialimport.ResourceType;
|
||||
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
|
||||
|
||||
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
|
||||
import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS;
|
||||
import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER;
|
||||
import org.keycloak.util.JsonSerialization;
|
||||
|
|
@ -469,6 +472,8 @@ public class PartialImportTest extends AbstractAuthTest {
|
|||
@EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
|
||||
@Test
|
||||
public void testAddClientsWithServiceAccountsAndAuthorization() throws IOException {
|
||||
ProfileAssume.assumeFeatureDisabled(Profile.Feature.AUTHORIZATION);
|
||||
|
||||
setFail();
|
||||
addClients(true);
|
||||
|
||||
|
|
@ -482,12 +487,16 @@ public class PartialImportTest extends AbstractAuthTest {
|
|||
ClientRepresentation client = clientRsc.toRepresentation();
|
||||
assertTrue(client.getName().startsWith(CLIENT_PREFIX));
|
||||
Assert.assertTrue(client.isServiceAccountsEnabled());
|
||||
Assert.assertTrue(client.getAuthorizationServicesEnabled());
|
||||
AuthorizationResource authRsc = clientRsc.authorization();
|
||||
ResourceServerRepresentation authRep = authRsc.exportSettings();
|
||||
Assert.assertNotNull(authRep);
|
||||
Assert.assertEquals(2, authRep.getResources().size());
|
||||
Assert.assertEquals(3, authRep.getPolicies().size());
|
||||
if (ProfileAssume.isFeatureEnabled(AUTHORIZATION)) {
|
||||
Assert.assertTrue(client.getAuthorizationServicesEnabled());
|
||||
AuthorizationResource authRsc = clientRsc.authorization();
|
||||
ResourceServerRepresentation authRep = authRsc.exportSettings();
|
||||
Assert.assertNotNull(authRep);
|
||||
Assert.assertEquals(2, authRep.getResources().size());
|
||||
Assert.assertEquals(3, authRep.getPolicies().size());
|
||||
} else {
|
||||
Assert.assertNull(client.getAuthorizationServicesEnabled());
|
||||
}
|
||||
} else {
|
||||
UserResource userRsc = testRealmResource().users().get(result.getId());
|
||||
Assert.assertTrue(userRsc.toRepresentation().getUsername().startsWith(
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ import org.junit.rules.ExpectedException;
|
|||
import org.keycloak.OAuth2Constants;
|
||||
import org.keycloak.admin.client.Keycloak;
|
||||
import org.keycloak.admin.client.resource.RealmResource;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.common.util.Time;
|
||||
import org.keycloak.events.EventType;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
|
|
@ -47,6 +48,7 @@ import org.keycloak.representations.idm.RoleRepresentation;
|
|||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.testsuite.Assert;
|
||||
import org.keycloak.testsuite.AssertEvents;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.admin.AbstractAdminTest;
|
||||
import org.keycloak.testsuite.admin.ApiUtil;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
|
||||
|
|
@ -439,7 +441,11 @@ public class RealmTest extends AbstractAdminTest {
|
|||
assertEquals(Boolean.TRUE, rep.isRegistrationAllowed());
|
||||
assertEquals(Boolean.TRUE, rep.isRegistrationEmailAsUsername());
|
||||
assertEquals(Boolean.TRUE, rep.isEditUsernameAllowed());
|
||||
assertEquals(Boolean.TRUE, rep.isUserManagedAccessAllowed());
|
||||
if (ProfileAssume.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
|
||||
assertEquals(Boolean.TRUE, rep.isUserManagedAccessAllowed());
|
||||
} else {
|
||||
assertEquals(Boolean.FALSE, rep.isUserManagedAccessAllowed());
|
||||
}
|
||||
|
||||
// second change
|
||||
rep.setRegistrationAllowed(false);
|
||||
|
|
|
|||
|
|
@ -1,18 +1,27 @@
|
|||
package org.keycloak.testsuite.authz;
|
||||
|
||||
import org.junit.BeforeClass;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.jose.jws.JWSInput;
|
||||
import org.keycloak.jose.jws.JWSInputException;
|
||||
import org.keycloak.representations.AccessToken;
|
||||
import org.keycloak.testsuite.AbstractKeycloakTest;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
|
||||
|
||||
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
|
||||
|
||||
/**
|
||||
* @author mhajas
|
||||
*/
|
||||
@EnableFeature(value = Profile.Feature.UPLOAD_SCRIPTS, skipRestart = true)
|
||||
public abstract class AbstractAuthzTest extends AbstractKeycloakTest {
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
|
||||
}
|
||||
|
||||
protected AccessToken toAccessToken(String rpt) {
|
||||
AccessToken accessToken;
|
||||
|
||||
|
|
|
|||
|
|
@ -49,6 +49,7 @@ import org.keycloak.services.resources.admin.permissions.AdminPermissionManageme
|
|||
import org.keycloak.services.resources.admin.permissions.AdminPermissions;
|
||||
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
|
||||
import org.keycloak.testsuite.AssertEvents;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.actions.DummyRequiredActionFactory;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
|
||||
|
|
@ -69,6 +70,8 @@ import java.util.stream.Collectors;
|
|||
import org.junit.Assume;
|
||||
import org.junit.BeforeClass;
|
||||
|
||||
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
|
||||
|
||||
/**
|
||||
* Test that clients can override auth flows
|
||||
*
|
||||
|
|
@ -86,6 +89,11 @@ public class KcinitTest extends AbstractTestRealmKeycloakTest {
|
|||
@Page
|
||||
protected LoginPage loginPage;
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void configureTestRealm(RealmRepresentation testRealm) {
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ import org.keycloak.admin.client.resource.ClientsResource;
|
|||
import org.keycloak.admin.client.resource.RealmResource;
|
||||
import org.keycloak.client.registration.cli.config.ConfigData;
|
||||
import org.keycloak.client.registration.cli.config.FileConfigHandler;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.common.constants.ServiceAccountConstants;
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
|
|
@ -18,6 +19,7 @@ import org.keycloak.representations.idm.UserRepresentation;
|
|||
import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
|
||||
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
|
||||
import org.keycloak.representations.oidc.OIDCClientRepresentation;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.cli.KcRegExec;
|
||||
import org.keycloak.testsuite.util.TempFileResource;
|
||||
import org.keycloak.util.JsonSerialization;
|
||||
|
|
@ -237,6 +239,8 @@ public class KcRegCreateTest extends AbstractRegCliTest {
|
|||
|
||||
@Test
|
||||
public void testCreateWithAuthorizationServices() throws IOException {
|
||||
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
|
||||
|
||||
FileConfigHandler handler = initCustomConfigFile();
|
||||
|
||||
try (TempFileResource configFile = new TempFileResource(handler.getConfigFile())) {
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ import java.util.concurrent.atomic.AtomicInteger;
|
|||
|
||||
import javax.ws.rs.core.Response;
|
||||
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.admin.client.resource.ClientResource;
|
||||
import org.keycloak.admin.client.resource.ResourcesResource;
|
||||
|
|
@ -35,6 +36,8 @@ import org.keycloak.common.util.Retry;
|
|||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.admin.ApiUtil;
|
||||
|
||||
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||
*/
|
||||
|
|
@ -182,6 +185,8 @@ public class InvalidationCrossDCTest extends AbstractAdminCrossDCTest {
|
|||
|
||||
@Test
|
||||
public void authzResourceInvalidationTest() throws Exception {
|
||||
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
|
||||
|
||||
enableDcOnLoadBalancer(DC.FIRST);
|
||||
enableDcOnLoadBalancer(DC.SECOND);
|
||||
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ import org.keycloak.admin.client.resource.ClientResource;
|
|||
import org.keycloak.admin.client.resource.ClientScopeResource;
|
||||
import org.keycloak.admin.client.resource.RealmResource;
|
||||
import org.keycloak.admin.client.resource.UserResource;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.common.constants.KerberosConstants;
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.models.LDAPConstants;
|
||||
|
|
@ -57,6 +58,7 @@ import org.keycloak.storage.UserStorageProvider;
|
|||
import org.keycloak.storage.ldap.mappers.FullNameLDAPStorageMapper;
|
||||
import org.keycloak.storage.ldap.mappers.FullNameLDAPStorageMapperFactory;
|
||||
import org.keycloak.storage.ldap.mappers.LDAPStorageMapper;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.admin.ApiUtil;
|
||||
import org.keycloak.testsuite.client.KeycloakTestingClient;
|
||||
import org.keycloak.testsuite.util.RealmRepUtil;
|
||||
|
|
@ -423,8 +425,10 @@ public class ExportImportUtil {
|
|||
Assert.assertTrue(containsRole(allRoles, findClientRole(realmRsc, otherApp.getId(), "otherapp-user")));
|
||||
Assert.assertTrue(containsRole(allRoles, findClientRole(realmRsc, otherApp.getId(), "otherapp-admin")));
|
||||
|
||||
assertAuthorizationSettingsOtherApp(realmRsc);
|
||||
assertAuthorizationSettingsTestAppAuthz(realmRsc);
|
||||
if(ProfileAssume.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
|
||||
assertAuthorizationSettingsOtherApp(realmRsc);
|
||||
assertAuthorizationSettingsTestAppAuthz(realmRsc);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -50,6 +50,8 @@ import java.io.IOException;
|
|||
import java.util.Map;
|
||||
import java.util.UUID;
|
||||
|
||||
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
|
||||
|
||||
/**
|
||||
* Tests for {@link org.keycloak.authentication.authenticators.browser.ScriptBasedAuthenticator}
|
||||
*
|
||||
|
|
@ -70,6 +72,11 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
|
|||
|
||||
public static final String EXECUTION_ID = "scriptAuth";
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void configureTestRealm(RealmRepresentation testRealm) {
|
||||
|
||||
|
|
|
|||
|
|
@ -31,6 +31,7 @@ import org.keycloak.authentication.authenticators.broker.IdpUsernamePasswordForm
|
|||
import org.keycloak.authentication.authenticators.browser.OTPFormAuthenticatorFactory;
|
||||
import org.keycloak.authentication.authenticators.conditional.ConditionalUserConfiguredAuthenticatorFactory;
|
||||
import org.keycloak.broker.provider.util.SimpleHttp;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.common.constants.KerberosConstants;
|
||||
import org.keycloak.component.PrioritizedComponentModel;
|
||||
import org.keycloak.keys.KeyProvider;
|
||||
|
|
@ -63,6 +64,7 @@ import org.keycloak.representations.idm.authorization.ResourceServerRepresentati
|
|||
import org.keycloak.storage.UserStorageProvider;
|
||||
import org.keycloak.testsuite.AbstractKeycloakTest;
|
||||
import org.keycloak.testsuite.Assert;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.admin.ApiUtil;
|
||||
import org.keycloak.testsuite.exportimport.ExportImportUtil;
|
||||
import org.keycloak.testsuite.runonserver.RunHelpers;
|
||||
|
|
@ -567,6 +569,8 @@ public abstract class AbstractMigrationTest extends AbstractKeycloakTest {
|
|||
}
|
||||
|
||||
private void testResourceWithMultipleUris() {
|
||||
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
|
||||
|
||||
ClientsResource clients = migrationRealm.clients();
|
||||
ClientRepresentation clientRepresentation = clients.findByClientId("authz-servlet").get(0);
|
||||
ResourceRepresentation resource = clients.get(clientRepresentation.getId()).authorization().resources().findByName("Protected Resource").get(0);
|
||||
|
|
|
|||
|
|
@ -17,8 +17,10 @@
|
|||
package org.keycloak.testsuite.migration;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.exportimport.util.ImportUtils;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.utils.io.IOUtil;
|
||||
import org.keycloak.util.JsonSerialization;
|
||||
|
||||
|
|
@ -53,7 +55,7 @@ public class JsonFileImport483MigrationTest extends AbstractJsonFileImportMigrat
|
|||
checkRealmsImported();
|
||||
testMigrationTo5_x();
|
||||
testMigrationTo6_x();
|
||||
testMigrationTo7_x(true);
|
||||
testMigrationTo7_x(ProfileAssume.isFeatureEnabled(Profile.Feature.AUTHORIZATION));
|
||||
testMigrationTo8_x();
|
||||
testMigrationTo9_x();
|
||||
testMigrationTo12_x(true);
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@ import org.junit.Test;
|
|||
import org.junit.runners.MethodSorters;
|
||||
import org.keycloak.authorization.AuthorizationProvider;
|
||||
import org.keycloak.authorization.model.ResourceServer;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
|
|
@ -31,6 +32,7 @@ import org.keycloak.models.RealmModel;
|
|||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
|
||||
import org.keycloak.testsuite.runonserver.RunOnServerException;
|
||||
|
|
@ -122,6 +124,8 @@ public class ImportTest extends AbstractTestRealmKeycloakTest {
|
|||
// KEYCLOAK-12640
|
||||
@Test
|
||||
public void importAuthorizationSettings() throws Exception {
|
||||
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
|
||||
|
||||
RealmRepresentation testRealm = loadJson(getClass().getResourceAsStream("/model/authz-bug.json"), RealmRepresentation.class);
|
||||
adminClient.realms().create(testRealm);
|
||||
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@
|
|||
|
||||
package org.keycloak.testsuite.oauth;
|
||||
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Rule;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.OAuth2Constants;
|
||||
|
|
@ -46,6 +47,7 @@ import org.keycloak.services.resources.admin.permissions.AdminPermissions;
|
|||
import org.keycloak.testsuite.AbstractKeycloakTest;
|
||||
import org.keycloak.testsuite.Assert;
|
||||
import org.keycloak.testsuite.AssertEvents;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.admin.ApiUtil;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
|
||||
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
|
||||
|
|
@ -66,6 +68,7 @@ import java.util.Map;
|
|||
import static org.hamcrest.Matchers.instanceOf;
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.assertNull;
|
||||
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
|
||||
import static org.keycloak.models.ImpersonationSessionNote.IMPERSONATOR_ID;
|
||||
import static org.keycloak.models.ImpersonationSessionNote.IMPERSONATOR_USERNAME;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
|
||||
|
|
@ -82,6 +85,11 @@ public class ClientTokenExchangeTest extends AbstractKeycloakTest {
|
|||
@Rule
|
||||
public AssertEvents events = new AssertEvents(this);
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
|
||||
}
|
||||
|
||||
@Test
|
||||
@UncaughtServerErrorExpected
|
||||
@DisableFeature(value = Profile.Feature.TOKEN_EXCHANGE, skipRestart = true)
|
||||
|
|
|
|||
|
|
@ -18,11 +18,14 @@ package org.keycloak.testsuite.console.authorization;
|
|||
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
|
||||
import static org.keycloak.testsuite.auth.page.login.Login.OIDC;
|
||||
|
||||
import org.jboss.arquillian.graphene.page.Page;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
import org.keycloak.testsuite.console.clients.AbstractClientTest;
|
||||
import org.keycloak.testsuite.console.page.clients.authorization.Authorization;
|
||||
import org.keycloak.testsuite.console.page.clients.settings.ClientSettings;
|
||||
|
|
@ -42,6 +45,11 @@ public abstract class AbstractAuthorizationSettingsTest extends AbstractClientTe
|
|||
|
||||
protected ClientRepresentation newClient;
|
||||
|
||||
@BeforeClass
|
||||
public static void enabled() {
|
||||
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
|
||||
}
|
||||
|
||||
@Before
|
||||
public void configureTest() {
|
||||
this.newClient = createResourceServer();
|
||||
|
|
|
|||
|
|
@ -161,7 +161,7 @@
|
|||
on-text="{{:: 'onText' | translate}}" off-text="{{:: 'offText' | translate}}" />
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group" data-ng-show="protocol == 'openid-connect' && !clientEdit.publicClient && !clientEdit.bearerOnly">
|
||||
<div class="form-group" data-ng-show="serverInfo.featureEnabled('AUTHORIZATION') && protocol == 'openid-connect' && !clientEdit.publicClient && !clientEdit.bearerOnly">
|
||||
<label class="col-md-2 control-label" for="authorizationServicesEnabled">{{:: 'authz-authorization-services-enabled' | translate}}</label>
|
||||
<kc-tooltip>{{:: 'authz-authorization-services-enabled.tooltip' | translate}}</kc-tooltip>
|
||||
<div class="col-md-6">
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@
|
|||
<kc-tooltip>{{:: 'realm-detail.enabled.tooltip' | translate}}</kc-tooltip>
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<div class="form-group" data-ng-show="serverInfo.featureEnabled('AUTHORIZATION')">
|
||||
<label class="col-md-2 control-label" for="userManagedAccessAllowed">{{:: 'userManagedAccess' | translate}}</label>
|
||||
<div class="col-md-6">
|
||||
<input ng-model="realm.userManagedAccessAllowed" name="userManagedAccessAllowed" id="userManagedAccessAllowed" onoffswitch on-text="{{:: 'onText' | translate}}" off-text="{{:: 'offText' | translate}}" />
|
||||
|
|
|
|||
Loading…
Reference in a new issue