From 2cb59e2503fc06a099d4781c5cdc2c789482e5b7 Mon Sep 17 00:00:00 2001 From: Stian Thorgersen Date: Thu, 27 May 2021 22:28:56 +0200 Subject: [PATCH] KEYCLOAK-17844 Add option to disable authorization services to workaround issues with many clients --- .../java/org/keycloak/common/Profile.java | 1 + .../authorization/AuthorizationSpi.java | 6 ++ .../policy/provider/PolicySpi.java | 6 ++ .../authorization/store/StoreFactorySpi.java | 6 ++ .../authorization/CachedStoreFactorySpi.java | 6 ++ .../models/utils/ModelToRepresentation.java | 17 ++++-- .../models/utils/RepresentationToModel.java | 3 +- .../main/java/org/keycloak/provider/Spi.java | 4 ++ .../exportimport/util/ExportUtils.java | 5 +- .../KeycloakOIDCClientInstallation.java | 3 +- .../DefaultKeycloakSessionFactory.java | 8 ++- .../services/managers/RealmManager.java | 3 +- .../services/resources/RealmsResource.java | 4 ++ .../resources/account/AccountConsole.java | 3 +- .../resources/account/AccountFormService.java | 3 +- .../resources/admin/ClientResource.java | 14 +++-- .../resources/admin/ClientsResource.java | 3 +- .../admin/permissions/GroupPermissions.java | 10 +++- .../admin/permissions/MgmtPermissions.java | 9 ++- .../admin/permissions/UserPermissions.java | 10 +++- .../account/ResourcesRestServiceTest.java | 8 +++ .../AbstractBasePhotozExampleAdapterTest.java | 10 +++- .../AbstractBaseServletAuthzAdapterTest.java | 8 +++ .../AbstractPhotozExampleAdapterTest.java | 8 +++ .../DefaultAuthzConfigAdapterTest.java | 8 +++ .../ServletPolicyEnforcerTest.java | 8 +++ .../BrokerLinkAndTokenExchangeTest.java | 7 +++ .../testsuite/admin/AuthzCleanupTest.java | 8 +++ .../admin/FineGrainAdminUnitTest.java | 7 +++ .../admin/ManagementPermissionsTest.java | 8 +++ .../testsuite/admin/PermissionsTest.java | 7 +++ .../keycloak/testsuite/admin/UsersTest.java | 15 +++++ .../admin/client/InstallationTest.java | 8 +++ .../AbstractAuthorizationTest.java | 6 ++ .../AbstractPolicyManagementTest.java | 6 ++ .../AuthorizationDisabledInPreviewTest.java | 56 +++++++++++++++++++ .../ClaimInformationPointProviderTest.java | 7 +++ .../authorization/EnforcerConfigTest.java | 10 ++++ .../PolicyEnforcerClaimsTest.java | 8 +++ .../authorization/PolicyEnforcerTest.java | 8 +++ .../partialimport/PartialImportTest.java | 21 +++++-- .../testsuite/admin/realm/RealmTest.java | 8 ++- .../testsuite/authz/AbstractAuthzTest.java | 9 +++ .../keycloak/testsuite/cli/KcinitTest.java | 8 +++ .../cli/registration/KcRegCreateTest.java | 4 ++ .../crossdc/InvalidationCrossDCTest.java | 5 ++ .../exportimport/ExportImportUtil.java | 8 ++- .../forms/ScriptAuthenticatorTest.java | 7 +++ .../migration/AbstractMigrationTest.java | 4 ++ .../JsonFileImport483MigrationTest.java | 4 +- .../keycloak/testsuite/model/ImportTest.java | 4 ++ .../oauth/ClientTokenExchangeTest.java | 8 +++ .../AbstractAuthorizationSettingsTest.java | 8 +++ .../resources/partials/client-detail.html | 2 +- .../resources/partials/realm-detail.html | 2 +- 55 files changed, 400 insertions(+), 37 deletions(-) create mode 100644 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AuthorizationDisabledInPreviewTest.java diff --git a/common/src/main/java/org/keycloak/common/Profile.java b/common/src/main/java/org/keycloak/common/Profile.java index 86bc94e1bf..9fa8a96704 100755 --- a/common/src/main/java/org/keycloak/common/Profile.java +++ b/common/src/main/java/org/keycloak/common/Profile.java @@ -44,6 +44,7 @@ public class Profile { DEPRECATED; } public enum Feature { + AUTHORIZATION(Type.DEFAULT), ACCOUNT2(Type.DEFAULT), ACCOUNT_API(Type.DEFAULT), ADMIN_FINE_GRAINED_AUTHZ(Type.PREVIEW), diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/AuthorizationSpi.java b/server-spi-private/src/main/java/org/keycloak/authorization/AuthorizationSpi.java index 65028b3c0c..25a100d937 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/AuthorizationSpi.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/AuthorizationSpi.java @@ -18,6 +18,7 @@ package org.keycloak.authorization; +import org.keycloak.common.Profile; import org.keycloak.provider.Provider; import org.keycloak.provider.ProviderFactory; import org.keycloak.provider.Spi; @@ -45,4 +46,9 @@ public class AuthorizationSpi implements Spi { public Class getProviderFactoryClass() { return AuthorizationProviderFactory.class; } + + @Override + public boolean isEnabled() { + return Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION); + } } diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/policy/provider/PolicySpi.java b/server-spi-private/src/main/java/org/keycloak/authorization/policy/provider/PolicySpi.java index 422981d0c9..f60bb1beac 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/policy/provider/PolicySpi.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/policy/provider/PolicySpi.java @@ -18,6 +18,7 @@ package org.keycloak.authorization.policy.provider; +import org.keycloak.common.Profile; import org.keycloak.provider.Provider; import org.keycloak.provider.ProviderFactory; import org.keycloak.provider.Spi; @@ -45,4 +46,9 @@ public class PolicySpi implements Spi { public Class getProviderFactoryClass() { return PolicyProviderFactory.class; } + + @Override + public boolean isEnabled() { + return Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION); + } } diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/store/StoreFactorySpi.java b/server-spi-private/src/main/java/org/keycloak/authorization/store/StoreFactorySpi.java index 2527665423..e76b921503 100644 --- a/server-spi-private/src/main/java/org/keycloak/authorization/store/StoreFactorySpi.java +++ b/server-spi-private/src/main/java/org/keycloak/authorization/store/StoreFactorySpi.java @@ -18,6 +18,7 @@ package org.keycloak.authorization.store; +import org.keycloak.common.Profile; import org.keycloak.provider.Provider; import org.keycloak.provider.ProviderFactory; import org.keycloak.provider.Spi; @@ -48,4 +49,9 @@ public class StoreFactorySpi implements Spi { public Class getProviderFactoryClass() { return AuthorizationStoreFactory.class; } + + @Override + public boolean isEnabled() { + return Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION); + } } diff --git a/server-spi-private/src/main/java/org/keycloak/models/cache/authorization/CachedStoreFactorySpi.java b/server-spi-private/src/main/java/org/keycloak/models/cache/authorization/CachedStoreFactorySpi.java index 2e189ff5af..2adce501bf 100644 --- a/server-spi-private/src/main/java/org/keycloak/models/cache/authorization/CachedStoreFactorySpi.java +++ b/server-spi-private/src/main/java/org/keycloak/models/cache/authorization/CachedStoreFactorySpi.java @@ -18,6 +18,7 @@ package org.keycloak.models.cache.authorization; +import org.keycloak.common.Profile; import org.keycloak.provider.Provider; import org.keycloak.provider.ProviderFactory; import org.keycloak.provider.Spi; @@ -45,4 +46,9 @@ public class CachedStoreFactorySpi implements Spi { public Class getProviderFactoryClass() { return CachedStoreProviderFactory.class; } + + @Override + public boolean isEnabled() { + return Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION); + } } diff --git a/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java b/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java index 4b61790e33..2b751474f9 100755 --- a/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java +++ b/server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java @@ -24,6 +24,7 @@ import org.keycloak.authorization.model.Resource; import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.policy.provider.PolicyProviderFactory; +import org.keycloak.common.Profile; import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.common.util.Time; import org.keycloak.component.ComponentModel; @@ -315,7 +316,11 @@ public class ModelToRepresentation { rep.setQuickLoginCheckMilliSeconds(realm.getQuickLoginCheckMilliSeconds()); rep.setMaxDeltaTimeSeconds(realm.getMaxDeltaTimeSeconds()); rep.setFailureFactor(realm.getFailureFactor()); - rep.setUserManagedAccessAllowed(realm.isUserManagedAccessAllowed()); + if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) { + rep.setUserManagedAccessAllowed(realm.isUserManagedAccessAllowed()); + } else { + rep.setUserManagedAccessAllowed(false); + } rep.setEventsEnabled(realm.isEventsEnabled()); if (realm.getEventsExpiration() != 0) { @@ -628,11 +633,13 @@ public class ModelToRepresentation { if (!mappings.isEmpty()) rep.setProtocolMappers(mappings); - AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); - ResourceServer resourceServer = authorization.getStoreFactory().getResourceServerStore().findById(clientModel.getId()); + if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) { + AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); + ResourceServer resourceServer = authorization.getStoreFactory().getResourceServerStore().findById(clientModel.getId()); - if (resourceServer != null) { - rep.setAuthorizationServicesEnabled(true); + if (resourceServer != null) { + rep.setAuthorizationServicesEnabled(true); + } } return rep; diff --git a/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java b/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java index 29af8510e2..cbb2b48cdb 100755 --- a/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java +++ b/server-spi-private/src/main/java/org/keycloak/models/utils/RepresentationToModel.java @@ -52,6 +52,7 @@ import org.keycloak.authorization.store.StoreFactory; import org.keycloak.broker.provider.IdentityProvider; import org.keycloak.broker.provider.IdentityProviderFactory; import org.keycloak.broker.social.SocialIdentityProvider; +import org.keycloak.common.Profile; import org.keycloak.common.enums.SslRequired; import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.common.util.UriUtils; @@ -2237,7 +2238,7 @@ public class RepresentationToModel { } public static void importAuthorizationSettings(ClientRepresentation clientRepresentation, ClientModel client, KeycloakSession session) { - if (Boolean.TRUE.equals(clientRepresentation.getAuthorizationServicesEnabled())) { + if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION) && Boolean.TRUE.equals(clientRepresentation.getAuthorizationServicesEnabled())) { AuthorizationProviderFactory authorizationFactory = (AuthorizationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class); AuthorizationProvider authorization = authorizationFactory.create(session, client.getRealm()); diff --git a/server-spi/src/main/java/org/keycloak/provider/Spi.java b/server-spi/src/main/java/org/keycloak/provider/Spi.java index 8043bcf2e0..7966661415 100644 --- a/server-spi/src/main/java/org/keycloak/provider/Spi.java +++ b/server-spi/src/main/java/org/keycloak/provider/Spi.java @@ -26,4 +26,8 @@ public interface Spi { String getName(); Class getProviderClass(); Class getProviderFactoryClass(); + default boolean isEnabled() { + return true; + } + } diff --git a/services/src/main/java/org/keycloak/exportimport/util/ExportUtils.java b/services/src/main/java/org/keycloak/exportimport/util/ExportUtils.java index f262d4f6da..86c621f8f2 100755 --- a/services/src/main/java/org/keycloak/exportimport/util/ExportUtils.java +++ b/services/src/main/java/org/keycloak/exportimport/util/ExportUtils.java @@ -41,6 +41,7 @@ import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.StoreFactory; +import org.keycloak.common.Profile; import org.keycloak.common.Version; import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.credential.CredentialModel; @@ -286,7 +287,9 @@ public class ExportUtils { public static ClientRepresentation exportClient(KeycloakSession session, ClientModel client) { ClientRepresentation clientRep = ModelToRepresentation.toRepresentation(client, session); clientRep.setSecret(client.getSecret()); - clientRep.setAuthorizationSettings(exportAuthorizationSettings(session,client)); + if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) { + clientRep.setAuthorizationSettings(exportAuthorizationSettings(session, client)); + } return clientRep; } diff --git a/services/src/main/java/org/keycloak/protocol/oidc/installation/KeycloakOIDCClientInstallation.java b/services/src/main/java/org/keycloak/protocol/oidc/installation/KeycloakOIDCClientInstallation.java index d5b4378b42..201c17f92a 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/installation/KeycloakOIDCClientInstallation.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/installation/KeycloakOIDCClientInstallation.java @@ -21,6 +21,7 @@ import org.keycloak.Config; import org.keycloak.authentication.ClientAuthenticator; import org.keycloak.authentication.ClientAuthenticatorFactory; import org.keycloak.authorization.admin.AuthorizationService; +import org.keycloak.common.Profile; import org.keycloak.models.ClientModel; import org.keycloak.models.Constants; import org.keycloak.models.KeycloakSession; @@ -174,7 +175,7 @@ public class KeycloakOIDCClientInstallation implements ClientInstallationProvide } private void configureAuthorizationSettings(KeycloakSession session, ClientModel client, ClientManager.InstallationAdapterConfig rep) { - if (new AuthorizationService(session, client, null, null).isEnabled()) { + if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION) && new AuthorizationService(session, client, null, null).isEnabled()) { PolicyEnforcerConfig enforcerConfig = new PolicyEnforcerConfig(); enforcerConfig.setEnforcementMode(null); diff --git a/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java b/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java index 1edc4582bb..af506feeca 100755 --- a/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java +++ b/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java @@ -18,6 +18,7 @@ package org.keycloak.services; import org.jboss.logging.Logger; import org.keycloak.Config; +import org.keycloak.common.Profile; import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.component.ComponentFactoryProvider; import org.keycloak.component.ComponentFactoryProviderFactory; @@ -96,7 +97,12 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory, Pr serverStartupTimestamp = System.currentTimeMillis(); ProviderManager pm = new ProviderManager(KeycloakDeploymentInfo.create().services(), getClass().getClassLoader(), Config.scope().getArray("providers")); - spis.addAll(pm.loadSpis()); + for (Spi spi : pm.loadSpis()) { + if (spi.isEnabled()) { + spis.add(spi); + } + } + factoriesMap = loadFactories(pm); synchronized (ProviderManagerRegistry.SINGLETON) { diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java index 73b3208a53..66cdcb9bb3 100755 --- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java +++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java @@ -17,6 +17,7 @@ package org.keycloak.services.managers; import org.keycloak.Config; +import org.keycloak.common.Profile; import org.keycloak.common.enums.SslRequired; import org.keycloak.migration.MigrationModelManager; import org.keycloak.models.AccountRoles; @@ -755,7 +756,7 @@ public class RealmManager { } } - if (Boolean.TRUE.equals(client.getAuthorizationServicesEnabled())) { + if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION) && Boolean.TRUE.equals(client.getAuthorizationServicesEnabled())) { // just create the default roles if the service account was missing in the import RepresentationToModel.createResourceServer(clientModel, session, serviceAccount == null); RepresentationToModel.importAuthorizationSettings(client, clientModel, session); diff --git a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java index f58f5d9675..0401736c2a 100755 --- a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java @@ -23,6 +23,7 @@ import org.keycloak.OAuthErrorException; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.AuthorizationService; import org.keycloak.common.ClientConnection; +import org.keycloak.common.Profile; import org.keycloak.common.util.KeycloakUriBuilder; import org.keycloak.events.EventBuilder; import org.keycloak.models.ClientModel; @@ -37,6 +38,7 @@ import org.keycloak.services.resource.RealmResourceProvider; import org.keycloak.services.resources.account.AccountLoader; import org.keycloak.services.util.CacheControlUtil; import org.keycloak.services.util.ResolveRelative; +import org.keycloak.utils.ProfileHelper; import org.keycloak.wellknown.WellKnownProvider; import javax.ws.rs.GET; @@ -260,6 +262,8 @@ public class RealmsResource { @Path("{realm}/authz") public Object getAuthorizationService(@PathParam("realm") String name) { + ProfileHelper.requireFeature(Profile.Feature.AUTHORIZATION); + init(name); AuthorizationProvider authorization = this.session.getProvider(AuthorizationProvider.class); AuthorizationService service = new AuthorizationService(authorization); diff --git a/services/src/main/java/org/keycloak/services/resources/account/AccountConsole.java b/services/src/main/java/org/keycloak/services/resources/account/AccountConsole.java index d2bc772c6b..aa439b181f 100644 --- a/services/src/main/java/org/keycloak/services/resources/account/AccountConsole.java +++ b/services/src/main/java/org/keycloak/services/resources/account/AccountConsole.java @@ -2,6 +2,7 @@ package org.keycloak.services.resources.account; import org.jboss.logging.Logger; import org.jboss.resteasy.annotations.cache.NoCache; +import org.keycloak.common.Profile; import org.keycloak.authentication.requiredactions.DeleteAccount; import org.keycloak.common.Version; import org.keycloak.events.EventStoreProvider; @@ -129,7 +130,7 @@ public class AccountConsole { EventStoreProvider eventStore = session.getProvider(EventStoreProvider.class); map.put("isEventsEnabled", eventStore != null && realm.isEventsEnabled()); - map.put("isAuthorizationEnabled", true); + map.put("isAuthorizationEnabled", Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)); boolean isTotpConfigured = false; boolean deleteAccountAllowed = false; diff --git a/services/src/main/java/org/keycloak/services/resources/account/AccountFormService.java b/services/src/main/java/org/keycloak/services/resources/account/AccountFormService.java index 6ba2e3a043..36be040125 100755 --- a/services/src/main/java/org/keycloak/services/resources/account/AccountFormService.java +++ b/services/src/main/java/org/keycloak/services/resources/account/AccountFormService.java @@ -25,6 +25,7 @@ import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.store.PermissionTicketStore; import org.keycloak.authorization.store.PolicyStore; +import org.keycloak.common.Profile; import org.keycloak.common.util.Base64Url; import org.keycloak.common.util.Time; import org.keycloak.common.util.UriUtils; @@ -181,7 +182,7 @@ public class AccountFormService extends AbstractSecuredLocalService { account.setUser(auth.getUser()); } - account.setFeatures(realm.isIdentityFederationEnabled(), eventStore != null && realm.isEventsEnabled(), true, true); + account.setFeatures(realm.isIdentityFederationEnabled(), eventStore != null && realm.isEventsEnabled(), true, Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)); } public static UriBuilder accountServiceBaseUrl(UriInfo uriInfo) { diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java index 0825a433b8..cc4ecde123 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java @@ -22,6 +22,7 @@ import org.jboss.resteasy.spi.BadRequestException; import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.keycloak.authorization.admin.AuthorizationService; import org.keycloak.common.ClientConnection; +import org.keycloak.common.Profile; import org.keycloak.common.util.Time; import org.keycloak.events.Errors; import org.keycloak.events.admin.OperationType; @@ -63,6 +64,7 @@ import org.keycloak.services.managers.ResourceAdminManager; import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement; import org.keycloak.services.resources.admin.permissions.AdminPermissions; +import org.keycloak.utils.ProfileHelper; import org.keycloak.utils.ReservedCharValidator; import org.keycloak.validation.ValidationUtil; @@ -591,6 +593,8 @@ public class ClientResource { @Path("/authz") public AuthorizationService authorization() { + ProfileHelper.requireFeature(Profile.Feature.AUTHORIZATION); + AuthorizationService resource = new AuthorizationService(this.session, this.client, this.auth, adminEvent); ResteasyProviderFactory.getInstance().injectProperties(resource); @@ -680,10 +684,12 @@ public class ClientResource { } private void updateAuthorizationSettings(ClientRepresentation rep) { - if (TRUE.equals(rep.getAuthorizationServicesEnabled())) { - authorization().enable(false); - } else { - authorization().disable(); + if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) { + if (TRUE.equals(rep.getAuthorizationServicesEnabled())) { + authorization().enable(false); + } else { + authorization().disable(); + } } } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java index f0605ddc48..95601891d5 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java @@ -20,6 +20,7 @@ import org.jboss.logging.Logger; import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.keycloak.authorization.admin.AuthorizationService; +import org.keycloak.common.Profile; import org.keycloak.events.Errors; import org.keycloak.events.admin.OperationType; import org.keycloak.events.admin.ResourceType; @@ -187,7 +188,7 @@ public class ClientsResource { adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), clientModel.getId()).representation(rep).success(); - if (TRUE.equals(rep.getAuthorizationServicesEnabled())) { + if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION) && TRUE.equals(rep.getAuthorizationServicesEnabled())) { AuthorizationService authorizationService = getAuthorizationService(clientModel); authorizationService.enable(true); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java index 3c45a5e575..e94f31c5b7 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java @@ -25,6 +25,7 @@ import org.keycloak.authorization.permission.ResourcePermission; import org.keycloak.authorization.policy.evaluation.EvaluationContext; import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.ResourceStore; +import org.keycloak.common.Profile; import org.keycloak.models.AdminRoles; import org.keycloak.models.GroupModel; import org.keycloak.representations.idm.authorization.Permission; @@ -59,8 +60,13 @@ class GroupPermissions implements GroupPermissionEvaluator, GroupPermissionManag GroupPermissions(AuthorizationProvider authz, MgmtPermissions root) { this.authz = authz; this.root = root; - resourceStore = authz.getStoreFactory().getResourceStore(); - policyStore = authz.getStoreFactory().getPolicyStore(); + if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) { + resourceStore = authz.getStoreFactory().getResourceStore(); + policyStore = authz.getStoreFactory().getPolicyStore(); + } else { + resourceStore = null; + policyStore = null; + } } private static String getGroupResourceName(GroupModel group) { diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/MgmtPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/MgmtPermissions.java index c12f455b91..940f1eee21 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/MgmtPermissions.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/MgmtPermissions.java @@ -30,6 +30,7 @@ import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.permission.ResourcePermission; import org.keycloak.authorization.policy.evaluation.EvaluationContext; import org.keycloak.authorization.store.ResourceServerStore; +import org.keycloak.common.Profile; import org.keycloak.models.AdminRoles; import org.keycloak.models.ClientModel; import org.keycloak.models.Constants; @@ -72,8 +73,10 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage this.session = session; this.realm = realm; KeycloakSessionFactory keycloakSessionFactory = session.getKeycloakSessionFactory(); - AuthorizationProviderFactory factory = (AuthorizationProviderFactory) keycloakSessionFactory.getProviderFactory(AuthorizationProvider.class); - this.authz = factory.create(session, realm); + if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) { + AuthorizationProviderFactory factory = (AuthorizationProviderFactory) keycloakSessionFactory.getProviderFactory(AuthorizationProvider.class); + this.authz = factory.create(session, realm); + } } MgmtPermissions(KeycloakSession session, RealmModel realm, AdminAuth auth) { @@ -248,6 +251,7 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage @Override public ResourceServer realmResourceServer() { + if (!Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) return null; if (realmResourceServer != null) return realmResourceServer; ClientModel client = getRealmManagementClient(); if (client == null) return null; @@ -258,6 +262,7 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage } public ResourceServer initializeRealmResourceServer() { + if (!Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) return null; if (realmResourceServer != null) return realmResourceServer; ClientModel client = getRealmManagementClient(); realmResourceServer = authz.getStoreFactory().getResourceServerStore().findById(client.getId()); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java b/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java index e221abc332..b0f7d58064 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java @@ -29,6 +29,7 @@ import org.keycloak.authorization.permission.ResourcePermission; import org.keycloak.authorization.policy.evaluation.EvaluationContext; import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.ResourceStore; +import org.keycloak.common.Profile; import org.keycloak.models.AdminRoles; import org.keycloak.models.ClientModel; import org.keycloak.models.GroupModel; @@ -82,8 +83,13 @@ class UserPermissions implements UserPermissionEvaluator, UserPermissionManageme this.session = session; this.authz = authz; this.root = root; - policyStore = authz.getStoreFactory().getPolicyStore(); - resourceStore = authz.getStoreFactory().getResourceStore(); + if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) { + policyStore = authz.getStoreFactory().getPolicyStore(); + resourceStore = authz.getStoreFactory().getResourceStore(); + } else { + policyStore = null; + resourceStore = null; + } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ResourcesRestServiceTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ResourcesRestServiceTest.java index 60416d1d14..b4f6f49f94 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ResourcesRestServiceTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ResourcesRestServiceTest.java @@ -17,6 +17,7 @@ package org.keycloak.testsuite.account; import com.fasterxml.jackson.core.type.TypeReference; +import org.junit.BeforeClass; import org.junit.Test; import org.keycloak.admin.client.resource.AuthorizationResource; import org.keycloak.admin.client.resource.ClientResource; @@ -24,6 +25,7 @@ import org.keycloak.admin.client.resource.ClientsResource; import org.keycloak.authorization.client.AuthzClient; import org.keycloak.authorization.client.Configuration; import org.keycloak.broker.provider.util.SimpleHttp; +import org.keycloak.common.Profile; import org.keycloak.common.util.KeycloakUriBuilder; import org.keycloak.jose.jws.JWSInput; import org.keycloak.models.AccountRoles; @@ -38,6 +40,7 @@ import org.keycloak.representations.idm.authorization.ScopeRepresentation; import org.keycloak.services.resources.account.resources.AbstractResourceService; import org.keycloak.services.resources.account.resources.AbstractResourceService.Permission; import org.keycloak.services.resources.account.resources.AbstractResourceService.Resource; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.util.ClientBuilder; import org.keycloak.testsuite.util.TokenUtil; import org.keycloak.testsuite.util.UserBuilder; @@ -70,6 +73,11 @@ public class ResourcesRestServiceTest extends AbstractRestServiceTest { private AuthzClient authzClient; private List userNames = new ArrayList<>(Arrays.asList("alice", "jdoe", "bob")); + @BeforeClass + public static void enabled() { + ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION); + } + @Override public void configureTestRealm(RealmRepresentation testRealm) { super.configureTestRealm(testRealm); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractBasePhotozExampleAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractBasePhotozExampleAdapterTest.java index 735f296d28..ea046064f9 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractBasePhotozExampleAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractBasePhotozExampleAdapterTest.java @@ -19,8 +19,7 @@ package org.keycloak.testsuite.adapter.example.authorization; import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.is; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; +import static org.keycloak.common.Profile.Feature.AUTHORIZATION; import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS; import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith; import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad; @@ -49,6 +48,7 @@ import org.jboss.arquillian.test.api.ArquillianResource; import org.junit.After; import org.junit.Assert; import org.junit.Before; +import org.junit.BeforeClass; import org.junit.Test; import org.keycloak.admin.client.resource.AuthorizationResource; import org.keycloak.admin.client.resource.ClientResource; @@ -71,6 +71,7 @@ import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.authorization.PolicyRepresentation; import org.keycloak.representations.idm.authorization.ResourceRepresentation; import org.keycloak.representations.idm.authorization.ResourceServerRepresentation; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.adapter.page.PhotozClientAuthzTestApp; import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.arquillian.AppServerTestEnricher; @@ -121,6 +122,11 @@ public abstract class AbstractBasePhotozExampleAdapterTest extends AbstractPhoto @JavascriptBrowser protected WebElement eventsArea; + @BeforeClass + public static void enabled() { + ProfileAssume.assumeFeatureEnabled(AUTHORIZATION); + } + @Override public void setDefaultPageUriParameters() { super.setDefaultPageUriParameters(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractBaseServletAuthzAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractBaseServletAuthzAdapterTest.java index f7f5104e83..ebf63f3ff3 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractBaseServletAuthzAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractBaseServletAuthzAdapterTest.java @@ -19,6 +19,7 @@ package org.keycloak.testsuite.adapter.example.authorization; import org.jboss.arquillian.container.test.api.Deployer; import org.jboss.arquillian.test.api.ArquillianResource; import org.junit.Before; +import org.junit.BeforeClass; import org.keycloak.admin.client.resource.AuthorizationResource; import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.ClientsResource; @@ -27,6 +28,7 @@ import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.authorization.PolicyRepresentation; import org.keycloak.representations.idm.authorization.ResourceServerRepresentation; import org.keycloak.representations.idm.authorization.UserPolicyRepresentation; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest; import org.keycloak.testsuite.arquillian.annotation.EnableFeature; import org.keycloak.testsuite.util.UIUtils; @@ -42,6 +44,7 @@ import java.net.URL; import java.util.List; import static org.junit.Assert.assertFalse; +import static org.keycloak.common.Profile.Feature.AUTHORIZATION; import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS; import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad; import static org.keycloak.testsuite.utils.io.IOUtil.loadJson; @@ -60,6 +63,11 @@ public abstract class AbstractBaseServletAuthzAdapterTest extends AbstractExampl @ArquillianResource private Deployer deployer; + @BeforeClass + public static void enabled() { + ProfileAssume.assumeFeatureEnabled(AUTHORIZATION); + } + @Override public void addAdapterTestRealms(List testRealms) { testRealms.add( diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java index f1933930e6..631adb540d 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java @@ -25,6 +25,7 @@ import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.not; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; +import static org.keycloak.common.Profile.Feature.AUTHORIZATION; import java.io.IOException; import java.util.Arrays; @@ -33,6 +34,7 @@ import java.util.List; import java.util.Map; import java.util.stream.Collectors; +import org.junit.BeforeClass; import org.junit.Test; import org.keycloak.admin.client.resource.AuthorizationResource; import org.keycloak.admin.client.resource.ClientResource; @@ -47,6 +49,7 @@ import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.authorization.PolicyRepresentation; import org.keycloak.representations.idm.authorization.ResourceRepresentation; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected; import org.keycloak.util.JsonSerialization; @@ -55,6 +58,11 @@ import org.keycloak.util.JsonSerialization; */ public abstract class AbstractPhotozExampleAdapterTest extends AbstractBasePhotozExampleAdapterTest { + @BeforeClass + public static void enabled() { + ProfileAssume.assumeFeatureEnabled(AUTHORIZATION); + } + @Test public void testUserCanCreateAndDeleteAlbum() throws Exception { loginToClientPage(aliceUser); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/DefaultAuthzConfigAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/DefaultAuthzConfigAdapterTest.java index a6d26ee452..5fdd927c98 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/DefaultAuthzConfigAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/DefaultAuthzConfigAdapterTest.java @@ -20,6 +20,7 @@ import org.jboss.arquillian.container.test.api.Deployer; import org.jboss.arquillian.container.test.api.Deployment; import org.jboss.arquillian.test.api.ArquillianResource; import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.junit.BeforeClass; import org.junit.Test; import org.keycloak.admin.client.resource.AuthorizationResource; import org.keycloak.admin.client.resource.ClientResource; @@ -27,6 +28,7 @@ import org.keycloak.admin.client.resource.ClientsResource; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.authorization.PolicyRepresentation; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; import org.keycloak.testsuite.util.ServerURLs; @@ -40,6 +42,7 @@ import java.net.URL; import java.util.List; import static org.junit.Assert.assertTrue; +import static org.keycloak.common.Profile.Feature.AUTHORIZATION; import static org.keycloak.testsuite.utils.io.IOUtil.loadRealm; /** @@ -62,6 +65,11 @@ public class DefaultAuthzConfigAdapterTest extends AbstractExampleAdapterTest { @ArquillianResource private Deployer deployer; + @BeforeClass + public static void enabled() { + ProfileAssume.assumeFeatureEnabled(AUTHORIZATION); + } + @Override public void addAdapterTestRealms(List testRealms) { testRealms.add( diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/ServletPolicyEnforcerTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/ServletPolicyEnforcerTest.java index 22b280b291..3dcedfff0b 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/ServletPolicyEnforcerTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/ServletPolicyEnforcerTest.java @@ -16,12 +16,15 @@ */ package org.keycloak.testsuite.adapter.example.authorization; +import static org.keycloak.common.Profile.Feature.AUTHORIZATION; import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS; import java.io.IOException; import org.jboss.arquillian.container.test.api.Deployment; import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.junit.BeforeClass; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; import org.keycloak.testsuite.arquillian.annotation.EnableFeature; import org.keycloak.testsuite.util.ServerURLs; @@ -42,6 +45,11 @@ import org.keycloak.testsuite.utils.arquillian.ContainerConstants; @EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true) public class ServletPolicyEnforcerTest extends AbstractServletPolicyEnforcerTest { + @BeforeClass + public static void enabled() { + ProfileAssume.assumeFeatureEnabled(AUTHORIZATION); + } + @Deployment(name = RESOURCE_SERVER_ID, managed = false) public static WebArchive deployment() { return exampleDeployment(RESOURCE_SERVER_ID); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/BrokerLinkAndTokenExchangeTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/BrokerLinkAndTokenExchangeTest.java index d582b1b77d..7771b86b32 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/BrokerLinkAndTokenExchangeTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/BrokerLinkAndTokenExchangeTest.java @@ -23,6 +23,7 @@ import org.jboss.arquillian.test.api.ArquillianResource; import org.jboss.shrinkwrap.api.spec.WebArchive; import org.junit.Assert; import org.junit.Before; +import org.junit.BeforeClass; import org.junit.Test; import org.keycloak.OAuth2Constants; import org.keycloak.admin.client.resource.RealmResource; @@ -52,6 +53,7 @@ import org.keycloak.representations.idm.authorization.ClientPolicyRepresentation import org.keycloak.representations.idm.authorization.DecisionStrategy; import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement; import org.keycloak.services.resources.admin.permissions.AdminPermissions; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; import org.keycloak.testsuite.arquillian.annotation.DisableFeature; @@ -104,6 +106,11 @@ public class BrokerLinkAndTokenExchangeTest extends AbstractServletsAdapterTest public static final String UNAUTHORIZED_CHILD_CLIENT = "unauthorized-child-client"; public static final String PARENT_CLIENT = "parent-client"; + @BeforeClass + public static void enabled() { + ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION); + } + @Deployment(name = ClientApp.DEPLOYMENT_NAME) protected static WebArchive accountLink() { return servletDeployment(ClientApp.DEPLOYMENT_NAME, LinkAndExchangeServlet.class, ServletTestUtils.class); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AuthzCleanupTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AuthzCleanupTest.java index 48889deb9b..b4fc38a55d 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AuthzCleanupTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AuthzCleanupTest.java @@ -16,6 +16,7 @@ */ package org.keycloak.testsuite.admin; +import org.junit.BeforeClass; import org.junit.Test; import org.keycloak.admin.client.resource.ClientsResource; import org.keycloak.authorization.AuthorizationProvider; @@ -31,6 +32,7 @@ import org.keycloak.representations.idm.authorization.Logic; import org.keycloak.representations.idm.authorization.ResourceServerRepresentation; import org.keycloak.representations.idm.authorization.RolePolicyRepresentation; import org.keycloak.testsuite.AbstractKeycloakTest; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer; import org.keycloak.testsuite.util.ClientBuilder; @@ -39,6 +41,7 @@ import org.keycloak.util.JsonSerialization; import java.util.List; +import static org.keycloak.common.Profile.Feature.AUTHORIZATION; import static org.keycloak.testsuite.auth.page.AuthRealm.TEST; /** @@ -48,6 +51,11 @@ import static org.keycloak.testsuite.auth.page.AuthRealm.TEST; @AuthServerContainerExclude(AuthServer.REMOTE) public class AuthzCleanupTest extends AbstractKeycloakTest { + @BeforeClass + public static void enabled() { + ProfileAssume.assumeFeatureEnabled(AUTHORIZATION); + } + @Override public void addTestRealms(List testRealms) { testRealms.add(RealmBuilder.create().name(TEST) diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java index 80a11ad1ae..4f05f4ebf0 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/FineGrainAdminUnitTest.java @@ -18,6 +18,7 @@ package org.keycloak.testsuite.admin; import org.hamcrest.Matchers; import org.junit.Assert; +import org.junit.BeforeClass; import org.junit.Test; import org.keycloak.admin.client.Keycloak; import org.keycloak.authorization.AuthorizationProvider; @@ -52,6 +53,7 @@ import org.keycloak.services.resources.admin.permissions.AdminPermissions; import org.keycloak.services.resources.admin.permissions.ClientPermissionManagement; import org.keycloak.services.resources.admin.permissions.GroupPermissionManagement; import org.keycloak.testsuite.AbstractKeycloakTest; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.arquillian.annotation.EnableFeature; import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected; import org.keycloak.testsuite.auth.page.AuthRealm; @@ -83,6 +85,11 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest { public static final String CLIENT_NAME = "application"; + @BeforeClass + public static void enabled() { + ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION); + } + @Override public void addTestRealms(List testRealms) { RealmRepresentation testRealmRep = new RealmRepresentation(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ManagementPermissionsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ManagementPermissionsTest.java index 1da20f5cca..bc3c690516 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ManagementPermissionsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ManagementPermissionsTest.java @@ -16,13 +16,16 @@ */ package org.keycloak.testsuite.admin; +import org.junit.BeforeClass; import org.junit.Test; import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.GroupResource; import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.admin.client.resource.RoleResource; +import org.keycloak.common.Profile; import org.keycloak.representations.idm.*; import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; +import org.keycloak.testsuite.ProfileAssume; import javax.ws.rs.core.Response; @@ -35,6 +38,11 @@ import static org.junit.Assert.assertTrue; */ public class ManagementPermissionsTest extends AbstractTestRealmKeycloakTest { + @BeforeClass + public static void enabled() { + ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION); + } + @Override public void configureTestRealm(RealmRepresentation testRealm) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java index b7b358f93e..e6580f35b4 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java @@ -21,11 +21,13 @@ import org.hamcrest.Matchers; import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataOutput; import org.junit.AfterClass; import org.junit.Before; +import org.junit.BeforeClass; import org.junit.Rule; import org.junit.Test; import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.resource.AuthorizationResource; import org.keycloak.admin.client.resource.RealmResource; +import org.keycloak.common.Profile; import org.keycloak.models.AdminRoles; import org.keycloak.models.Constants; import org.keycloak.models.credential.OTPCredentialModel; @@ -58,6 +60,7 @@ import org.keycloak.representations.idm.authorization.ScopeRepresentation; import org.keycloak.services.resources.admin.AdminAuth.Resource; import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.Assert; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.util.AdminClientUtil; import org.keycloak.testsuite.util.ClientBuilder; import org.keycloak.testsuite.util.CredentialBuilder; @@ -99,6 +102,10 @@ public class PermissionsTest extends AbstractKeycloakTest { @Rule public GreenMailRule greenMailRule = new GreenMailRule(); + @BeforeClass + public static void enabled() { + ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION); + } // Remove all realms before first run @Override diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UsersTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UsersTest.java index 1770fb4ecf..c620e3ecb9 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UsersTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UsersTest.java @@ -18,10 +18,12 @@ package org.keycloak.testsuite.admin; import org.junit.Before; +import org.junit.BeforeClass; import org.junit.Test; import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.resource.AuthorizationResource; import org.keycloak.admin.client.resource.RealmResource; +import org.keycloak.common.Profile; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.GroupRepresentation; import org.keycloak.representations.idm.ManagementPermissionRepresentation; @@ -31,6 +33,7 @@ import org.keycloak.representations.idm.authorization.DecisionStrategy; import org.keycloak.representations.idm.authorization.PolicyRepresentation; import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation; import org.keycloak.representations.idm.authorization.UserPolicyRepresentation; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.util.AdminClientUtil; import java.io.IOException; @@ -167,12 +170,16 @@ public class UsersTest extends AbstractAdminTest { @Test public void countUsersWithGroupViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException { + ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION); + RealmResource testRealmResource = setupTestEnvironmentWithPermissions(true); assertThat(testRealmResource.users().count(), is(3)); } @Test public void countUsersBySearchWithGroupViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException { + ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION); + RealmResource testRealmResource = setupTestEnvironmentWithPermissions(true); //search all assertThat(testRealmResource.users().count("user"), is(3)); @@ -195,6 +202,8 @@ public class UsersTest extends AbstractAdminTest { @Test public void countUsersByFiltersWithGroupViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException { + ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION); + RealmResource testRealmResource = setupTestEnvironmentWithPermissions(true); //search username assertThat(testRealmResource.users().count(null, null, null, "user"), is(3)); @@ -230,12 +239,16 @@ public class UsersTest extends AbstractAdminTest { @Test public void countUsersWithNoViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException { + ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION); + RealmResource testRealmResource = setupTestEnvironmentWithPermissions(false); assertThat(testRealmResource.users().count(), is(0)); } @Test public void countUsersBySearchWithNoViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException { + ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION); + RealmResource testRealmResource = setupTestEnvironmentWithPermissions(false); //search all assertThat(testRealmResource.users().count("user"), is(0)); @@ -258,6 +271,8 @@ public class UsersTest extends AbstractAdminTest { @Test public void countUsersByFiltersWithNoViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException { + ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION); + RealmResource testRealmResource = setupTestEnvironmentWithPermissions(false); //search username assertThat(testRealmResource.users().count(null, null, null, "user"), is(0)); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/InstallationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/InstallationTest.java index 368e37f515..e36a739321 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/InstallationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/InstallationTest.java @@ -26,6 +26,7 @@ import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import org.junit.After; import org.junit.Before; +import org.junit.BeforeClass; import org.junit.Test; import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.events.admin.OperationType; @@ -34,6 +35,7 @@ import org.keycloak.protocol.saml.SamlConfigAttributes; import org.keycloak.protocol.saml.SamlProtocol; import org.keycloak.protocol.saml.installation.SamlSPDescriptorClientInstallation; import org.keycloak.saml.common.constants.JBossSAMLURIConstants; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.updaters.ClientAttributeUpdater; import org.keycloak.testsuite.util.AdminEventPaths; @@ -46,6 +48,7 @@ import org.xml.sax.SAXException; import javax.ws.rs.NotFoundException; import static org.junit.Assert.assertThat; import static org.hamcrest.Matchers.*; +import static org.keycloak.common.Profile.Feature.AUTHORIZATION; import static org.keycloak.testsuite.util.ServerURLs.getAuthServerContextRoot; import static org.keycloak.saml.common.constants.JBossSAMLURIConstants.METADATA_NSURI; @@ -71,6 +74,11 @@ public class InstallationTest extends AbstractClientTest { private ClientResource samlClient; private String samlClientId; + @BeforeClass + public static void enabled() { + ProfileAssume.assumeFeatureEnabled(AUTHORIZATION); + } + @Before public void createClients() { oidcClientId = createOidcClient(OIDC_NAME); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AbstractAuthorizationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AbstractAuthorizationTest.java index 85902e6202..246666ddc7 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AbstractAuthorizationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AbstractAuthorizationTest.java @@ -38,6 +38,7 @@ import org.keycloak.testsuite.util.UserBuilder; import javax.ws.rs.core.Response; import static org.junit.Assert.assertEquals; +import static org.keycloak.common.Profile.Feature.AUTHORIZATION; import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS; import java.util.List; @@ -50,6 +51,11 @@ public abstract class AbstractAuthorizationTest extends AbstractClientTest { protected static final String RESOURCE_SERVER_CLIENT_ID = "resource-server-test"; + @BeforeClass + public static void enabled() { + ProfileAssume.assumeFeatureEnabled(AUTHORIZATION); + } + @Override public void setDefaultPageUriParameters() { super.setDefaultPageUriParameters(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AbstractPolicyManagementTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AbstractPolicyManagementTest.java index a1ea8d4fb7..1d12c29aa7 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AbstractPolicyManagementTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AbstractPolicyManagementTest.java @@ -20,6 +20,7 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; +import static org.keycloak.common.Profile.Feature.AUTHORIZATION; import java.io.IOException; import java.util.ArrayList; @@ -52,6 +53,11 @@ import org.keycloak.testsuite.util.UserBuilder; */ public abstract class AbstractPolicyManagementTest extends AbstractKeycloakTest { + @BeforeClass + public static void enabled() { + ProfileAssume.assumeFeatureEnabled(AUTHORIZATION); + } + @Override public void addTestRealms(List testRealms) { testRealms.add(createTestRealm().build()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AuthorizationDisabledInPreviewTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AuthorizationDisabledInPreviewTest.java new file mode 100644 index 0000000000..690314406e --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AuthorizationDisabledInPreviewTest.java @@ -0,0 +1,56 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.testsuite.admin.client.authorization; + +import org.junit.BeforeClass; +import org.junit.Test; +import org.keycloak.common.Profile; +import org.keycloak.testsuite.ProfileAssume; +import org.keycloak.testsuite.admin.client.AbstractClientTest; +import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected; + +import javax.ws.rs.ServerErrorException; +import javax.ws.rs.core.Response; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.fail; + +/** + * @author Stian Thorgersen + */ +public class AuthorizationDisabledInPreviewTest extends AbstractClientTest { + + @BeforeClass + public static void enabled() { + ProfileAssume.assumeFeatureDisabled(Profile.Feature.AUTHORIZATION); + } + + @Test + @UncaughtServerErrorExpected + public void testAuthzServicesRemoved() { + String id = testRealmResource().clients().findAll().get(0).getId(); + try { + testRealmResource().clients().get(id).authorization().getSettings(); + } catch (ServerErrorException e) { + assertEquals(Response.Status.NOT_IMPLEMENTED.getStatusCode(), e.getResponse().getStatus()); + return; + } + fail("Feature Authorization should be disabled."); + } + +} \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ClaimInformationPointProviderTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ClaimInformationPointProviderTest.java index 695668d359..d2d5eeff76 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ClaimInformationPointProviderTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ClaimInformationPointProviderTest.java @@ -19,6 +19,7 @@ package org.keycloak.testsuite.admin.client.authorization; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; +import static org.keycloak.common.Profile.Feature.AUTHORIZATION; import static org.keycloak.testsuite.utils.io.IOUtil.loadRealm; import java.io.BufferedInputStream; @@ -62,6 +63,7 @@ import org.keycloak.representations.IDToken; import org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.testsuite.AbstractKeycloakTest; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer; import org.keycloak.util.JsonSerialization; @@ -74,6 +76,11 @@ public class ClaimInformationPointProviderTest extends AbstractKeycloakTest { private static Undertow httpService; + @BeforeClass + public static void enabled() { + ProfileAssume.assumeFeatureEnabled(AUTHORIZATION); + } + @BeforeClass public static void onBeforeClass() { httpService = Undertow.builder().addHttpListener(8989, "localhost").setHandler(exchange -> { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/EnforcerConfigTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/EnforcerConfigTest.java index 09869e6000..a5231d2e9f 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/EnforcerConfigTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/EnforcerConfigTest.java @@ -16,6 +16,7 @@ */ package org.keycloak.testsuite.admin.client.authorization; +import org.junit.BeforeClass; import org.junit.Test; import org.keycloak.adapters.KeycloakDeployment; import org.keycloak.adapters.KeycloakDeploymentBuilder; @@ -30,8 +31,12 @@ import java.util.Map; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; + +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer; + +import static org.keycloak.common.Profile.Feature.AUTHORIZATION; import static org.keycloak.testsuite.utils.io.IOUtil.loadRealm; /** @@ -40,6 +45,11 @@ import static org.keycloak.testsuite.utils.io.IOUtil.loadRealm; @AuthServerContainerExclude(AuthServer.REMOTE) public class EnforcerConfigTest extends AbstractKeycloakTest { + @BeforeClass + public static void enabled() { + ProfileAssume.assumeFeatureEnabled(AUTHORIZATION); + } + @Override public void addTestRealms(List testRealms) { RealmRepresentation realm = loadRealm(getClass().getResourceAsStream("/authorization-test/test-authz-realm.json")); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerClaimsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerClaimsTest.java index 7472e877ef..db9a200049 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerClaimsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerClaimsTest.java @@ -20,6 +20,7 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; +import static org.keycloak.common.Profile.Feature.AUTHORIZATION; import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS; import java.io.BufferedInputStream; @@ -36,6 +37,7 @@ import java.util.stream.Collectors; import javax.security.cert.X509Certificate; +import org.junit.BeforeClass; import org.junit.Test; import org.keycloak.AuthorizationContext; import org.keycloak.KeycloakSecurityContext; @@ -65,6 +67,7 @@ import org.keycloak.representations.idm.authorization.ResourceRepresentation; import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation; import org.keycloak.representations.idm.authorization.ScopeRepresentation; import org.keycloak.testsuite.AbstractKeycloakTest; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer; import org.keycloak.testsuite.arquillian.annotation.EnableFeature; @@ -84,6 +87,11 @@ public class PolicyEnforcerClaimsTest extends AbstractKeycloakTest { protected static final String REALM_NAME = "authz-test"; + @BeforeClass + public static void enabled() { + ProfileAssume.assumeFeatureEnabled(AUTHORIZATION); + } + @Override public void addTestRealms(List testRealms) { testRealms.add(RealmBuilder.create().name(REALM_NAME) diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerTest.java index 089233636d..fd5f6b341a 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerTest.java @@ -21,6 +21,7 @@ import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; +import static org.keycloak.common.Profile.Feature.AUTHORIZATION; import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS; import javax.security.cert.X509Certificate; @@ -43,6 +44,7 @@ import java.util.stream.Collectors; import org.junit.Assert; import org.junit.Before; +import org.junit.BeforeClass; import org.junit.Test; import org.keycloak.AuthorizationContext; import org.keycloak.KeycloakSecurityContext; @@ -81,6 +83,7 @@ import org.keycloak.representations.idm.authorization.RolePolicyRepresentation; import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation; import org.keycloak.representations.idm.authorization.ScopeRepresentation; import org.keycloak.testsuite.AbstractKeycloakTest; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer; import org.keycloak.testsuite.arquillian.annotation.EnableFeature; @@ -101,6 +104,11 @@ public class PolicyEnforcerTest extends AbstractKeycloakTest { private static final String RESOURCE_SERVER_CLIENT_ID = "resource-server-test"; private static final String REALM_NAME = "authz-test"; + @BeforeClass + public static void enabled() { + ProfileAssume.assumeFeatureEnabled(AUTHORIZATION); + } + @Override public void addTestRealms(List testRealms) { testRealms.add(RealmBuilder.create().name(REALM_NAME) diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/partialimport/PartialImportTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/partialimport/PartialImportTest.java index 8a0872a613..ac101328c6 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/partialimport/PartialImportTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/partialimport/PartialImportTest.java @@ -25,6 +25,7 @@ import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.IdentityProviderResource; import org.keycloak.admin.client.resource.RoleResource; import org.keycloak.admin.client.resource.UserResource; +import org.keycloak.common.Profile; import org.keycloak.events.admin.OperationType; import org.keycloak.partialimport.PartialImportResult; import org.keycloak.partialimport.PartialImportResults; @@ -40,6 +41,7 @@ import org.keycloak.representations.idm.RolesRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.testsuite.AbstractAuthTest; import org.keycloak.testsuite.Assert; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.arquillian.annotation.EnableFeature; import org.keycloak.testsuite.util.AssertAdminEvents; @@ -65,6 +67,7 @@ import org.keycloak.common.constants.ServiceAccountConstants; import org.keycloak.partialimport.ResourceType; import org.keycloak.representations.idm.authorization.ResourceServerRepresentation; +import static org.keycloak.common.Profile.Feature.AUTHORIZATION; import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS; import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER; import org.keycloak.util.JsonSerialization; @@ -469,6 +472,8 @@ public class PartialImportTest extends AbstractAuthTest { @EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true) @Test public void testAddClientsWithServiceAccountsAndAuthorization() throws IOException { + ProfileAssume.assumeFeatureDisabled(Profile.Feature.AUTHORIZATION); + setFail(); addClients(true); @@ -482,12 +487,16 @@ public class PartialImportTest extends AbstractAuthTest { ClientRepresentation client = clientRsc.toRepresentation(); assertTrue(client.getName().startsWith(CLIENT_PREFIX)); Assert.assertTrue(client.isServiceAccountsEnabled()); - Assert.assertTrue(client.getAuthorizationServicesEnabled()); - AuthorizationResource authRsc = clientRsc.authorization(); - ResourceServerRepresentation authRep = authRsc.exportSettings(); - Assert.assertNotNull(authRep); - Assert.assertEquals(2, authRep.getResources().size()); - Assert.assertEquals(3, authRep.getPolicies().size()); + if (ProfileAssume.isFeatureEnabled(AUTHORIZATION)) { + Assert.assertTrue(client.getAuthorizationServicesEnabled()); + AuthorizationResource authRsc = clientRsc.authorization(); + ResourceServerRepresentation authRep = authRsc.exportSettings(); + Assert.assertNotNull(authRep); + Assert.assertEquals(2, authRep.getResources().size()); + Assert.assertEquals(3, authRep.getPolicies().size()); + } else { + Assert.assertNull(client.getAuthorizationServicesEnabled()); + } } else { UserResource userRsc = testRealmResource().users().get(result.getId()); Assert.assertTrue(userRsc.toRepresentation().getUsername().startsWith( diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java index be649a67f6..9f9532cba6 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java @@ -25,6 +25,7 @@ import org.junit.rules.ExpectedException; import org.keycloak.OAuth2Constants; import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.resource.RealmResource; +import org.keycloak.common.Profile; import org.keycloak.common.util.Time; import org.keycloak.events.EventType; import org.keycloak.events.admin.OperationType; @@ -47,6 +48,7 @@ import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.AssertEvents; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.admin.AbstractAdminTest; import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; @@ -439,7 +441,11 @@ public class RealmTest extends AbstractAdminTest { assertEquals(Boolean.TRUE, rep.isRegistrationAllowed()); assertEquals(Boolean.TRUE, rep.isRegistrationEmailAsUsername()); assertEquals(Boolean.TRUE, rep.isEditUsernameAllowed()); - assertEquals(Boolean.TRUE, rep.isUserManagedAccessAllowed()); + if (ProfileAssume.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) { + assertEquals(Boolean.TRUE, rep.isUserManagedAccessAllowed()); + } else { + assertEquals(Boolean.FALSE, rep.isUserManagedAccessAllowed()); + } // second change rep.setRegistrationAllowed(false); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AbstractAuthzTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AbstractAuthzTest.java index adb5927554..c3a53b2b69 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AbstractAuthzTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AbstractAuthzTest.java @@ -1,18 +1,27 @@ package org.keycloak.testsuite.authz; +import org.junit.BeforeClass; import org.keycloak.common.Profile; import org.keycloak.jose.jws.JWSInput; import org.keycloak.jose.jws.JWSInputException; import org.keycloak.representations.AccessToken; import org.keycloak.testsuite.AbstractKeycloakTest; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.arquillian.annotation.EnableFeature; +import static org.keycloak.common.Profile.Feature.AUTHORIZATION; + /** * @author mhajas */ @EnableFeature(value = Profile.Feature.UPLOAD_SCRIPTS, skipRestart = true) public abstract class AbstractAuthzTest extends AbstractKeycloakTest { + @BeforeClass + public static void enabled() { + ProfileAssume.assumeFeatureEnabled(AUTHORIZATION); + } + protected AccessToken toAccessToken(String rpt) { AccessToken accessToken; diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cli/KcinitTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cli/KcinitTest.java index 1b5edaac0c..bd6d171c43 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cli/KcinitTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cli/KcinitTest.java @@ -49,6 +49,7 @@ import org.keycloak.services.resources.admin.permissions.AdminPermissionManageme import org.keycloak.services.resources.admin.permissions.AdminPermissions; import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; import org.keycloak.testsuite.AssertEvents; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.actions.DummyRequiredActionFactory; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer; @@ -69,6 +70,8 @@ import java.util.stream.Collectors; import org.junit.Assume; import org.junit.BeforeClass; +import static org.keycloak.common.Profile.Feature.AUTHORIZATION; + /** * Test that clients can override auth flows * @@ -86,6 +89,11 @@ public class KcinitTest extends AbstractTestRealmKeycloakTest { @Page protected LoginPage loginPage; + @BeforeClass + public static void enabled() { + ProfileAssume.assumeFeatureEnabled(AUTHORIZATION); + } + @Override public void configureTestRealm(RealmRepresentation testRealm) { } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cli/registration/KcRegCreateTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cli/registration/KcRegCreateTest.java index b0cfadcf11..bc77795f28 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cli/registration/KcRegCreateTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cli/registration/KcRegCreateTest.java @@ -11,6 +11,7 @@ import org.keycloak.admin.client.resource.ClientsResource; import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.client.registration.cli.config.ConfigData; import org.keycloak.client.registration.cli.config.FileConfigHandler; +import org.keycloak.common.Profile; import org.keycloak.common.constants.ServiceAccountConstants; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.RoleRepresentation; @@ -18,6 +19,7 @@ import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.authorization.PolicyEnforcementMode; import org.keycloak.representations.idm.authorization.ResourceServerRepresentation; import org.keycloak.representations.oidc.OIDCClientRepresentation; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.cli.KcRegExec; import org.keycloak.testsuite.util.TempFileResource; import org.keycloak.util.JsonSerialization; @@ -237,6 +239,8 @@ public class KcRegCreateTest extends AbstractRegCliTest { @Test public void testCreateWithAuthorizationServices() throws IOException { + ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION); + FileConfigHandler handler = initCustomConfigFile(); try (TempFileResource configFile = new TempFileResource(handler.getConfigFile())) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/InvalidationCrossDCTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/InvalidationCrossDCTest.java index 33547c12cb..22a173bf3d 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/InvalidationCrossDCTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/InvalidationCrossDCTest.java @@ -22,6 +22,7 @@ import java.util.concurrent.atomic.AtomicInteger; import javax.ws.rs.core.Response; +import org.junit.BeforeClass; import org.junit.Test; import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.ResourcesResource; @@ -35,6 +36,8 @@ import org.keycloak.common.util.Retry; import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.admin.ApiUtil; +import static org.keycloak.common.Profile.Feature.AUTHORIZATION; + /** * @author Marek Posolda */ @@ -182,6 +185,8 @@ public class InvalidationCrossDCTest extends AbstractAdminCrossDCTest { @Test public void authzResourceInvalidationTest() throws Exception { + ProfileAssume.assumeFeatureEnabled(AUTHORIZATION); + enableDcOnLoadBalancer(DC.FIRST); enableDcOnLoadBalancer(DC.SECOND); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/exportimport/ExportImportUtil.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/exportimport/ExportImportUtil.java index 202c49bfec..450f9beba4 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/exportimport/ExportImportUtil.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/exportimport/ExportImportUtil.java @@ -25,6 +25,7 @@ import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.ClientScopeResource; import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.admin.client.resource.UserResource; +import org.keycloak.common.Profile; import org.keycloak.common.constants.KerberosConstants; import org.keycloak.models.Constants; import org.keycloak.models.LDAPConstants; @@ -57,6 +58,7 @@ import org.keycloak.storage.UserStorageProvider; import org.keycloak.storage.ldap.mappers.FullNameLDAPStorageMapper; import org.keycloak.storage.ldap.mappers.FullNameLDAPStorageMapperFactory; import org.keycloak.storage.ldap.mappers.LDAPStorageMapper; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.client.KeycloakTestingClient; import org.keycloak.testsuite.util.RealmRepUtil; @@ -423,8 +425,10 @@ public class ExportImportUtil { Assert.assertTrue(containsRole(allRoles, findClientRole(realmRsc, otherApp.getId(), "otherapp-user"))); Assert.assertTrue(containsRole(allRoles, findClientRole(realmRsc, otherApp.getId(), "otherapp-admin"))); - assertAuthorizationSettingsOtherApp(realmRsc); - assertAuthorizationSettingsTestAppAuthz(realmRsc); + if(ProfileAssume.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) { + assertAuthorizationSettingsOtherApp(realmRsc); + assertAuthorizationSettingsTestAppAuthz(realmRsc); + } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ScriptAuthenticatorTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ScriptAuthenticatorTest.java index eec3a3d819..d10d2aba2e 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ScriptAuthenticatorTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ScriptAuthenticatorTest.java @@ -50,6 +50,8 @@ import java.io.IOException; import java.util.Map; import java.util.UUID; +import static org.keycloak.common.Profile.Feature.AUTHORIZATION; + /** * Tests for {@link org.keycloak.authentication.authenticators.browser.ScriptBasedAuthenticator} * @@ -70,6 +72,11 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest { public static final String EXECUTION_ID = "scriptAuth"; + @BeforeClass + public static void enabled() { + ProfileAssume.assumeFeatureEnabled(AUTHORIZATION); + } + @Override public void configureTestRealm(RealmRepresentation testRealm) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/AbstractMigrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/AbstractMigrationTest.java index 077cac50aa..9ee774af4d 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/AbstractMigrationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/AbstractMigrationTest.java @@ -31,6 +31,7 @@ import org.keycloak.authentication.authenticators.broker.IdpUsernamePasswordForm import org.keycloak.authentication.authenticators.browser.OTPFormAuthenticatorFactory; import org.keycloak.authentication.authenticators.conditional.ConditionalUserConfiguredAuthenticatorFactory; import org.keycloak.broker.provider.util.SimpleHttp; +import org.keycloak.common.Profile; import org.keycloak.common.constants.KerberosConstants; import org.keycloak.component.PrioritizedComponentModel; import org.keycloak.keys.KeyProvider; @@ -63,6 +64,7 @@ import org.keycloak.representations.idm.authorization.ResourceServerRepresentati import org.keycloak.storage.UserStorageProvider; import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.Assert; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.exportimport.ExportImportUtil; import org.keycloak.testsuite.runonserver.RunHelpers; @@ -567,6 +569,8 @@ public abstract class AbstractMigrationTest extends AbstractKeycloakTest { } private void testResourceWithMultipleUris() { + ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION); + ClientsResource clients = migrationRealm.clients(); ClientRepresentation clientRepresentation = clients.findByClientId("authz-servlet").get(0); ResourceRepresentation resource = clients.get(clientRepresentation.getId()).authorization().resources().findByName("Protected Resource").get(0); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport483MigrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport483MigrationTest.java index c27e7e5f4b..d241ab7c76 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport483MigrationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport483MigrationTest.java @@ -17,8 +17,10 @@ package org.keycloak.testsuite.migration; import org.junit.Test; +import org.keycloak.common.Profile; import org.keycloak.exportimport.util.ImportUtils; import org.keycloak.representations.idm.RealmRepresentation; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.utils.io.IOUtil; import org.keycloak.util.JsonSerialization; @@ -53,7 +55,7 @@ public class JsonFileImport483MigrationTest extends AbstractJsonFileImportMigrat checkRealmsImported(); testMigrationTo5_x(); testMigrationTo6_x(); - testMigrationTo7_x(true); + testMigrationTo7_x(ProfileAssume.isFeatureEnabled(Profile.Feature.AUTHORIZATION)); testMigrationTo8_x(); testMigrationTo9_x(); testMigrationTo12_x(true); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/ImportTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/ImportTest.java index c17c8acc71..5af87ff1db 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/ImportTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/ImportTest.java @@ -24,6 +24,7 @@ import org.junit.Test; import org.junit.runners.MethodSorters; import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.model.ResourceServer; +import org.keycloak.common.Profile; import org.keycloak.models.ClientModel; import org.keycloak.models.Constants; import org.keycloak.models.KeycloakSession; @@ -31,6 +32,7 @@ import org.keycloak.models.RealmModel; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.services.managers.RealmManager; import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer; import org.keycloak.testsuite.runonserver.RunOnServerException; @@ -122,6 +124,8 @@ public class ImportTest extends AbstractTestRealmKeycloakTest { // KEYCLOAK-12640 @Test public void importAuthorizationSettings() throws Exception { + ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION); + RealmRepresentation testRealm = loadJson(getClass().getResourceAsStream("/model/authz-bug.json"), RealmRepresentation.class); adminClient.realms().create(testRealm); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientTokenExchangeTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientTokenExchangeTest.java index 02a3b52934..bd175bb1ba 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientTokenExchangeTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientTokenExchangeTest.java @@ -17,6 +17,7 @@ package org.keycloak.testsuite.oauth; +import org.junit.BeforeClass; import org.junit.Rule; import org.junit.Test; import org.keycloak.OAuth2Constants; @@ -46,6 +47,7 @@ import org.keycloak.services.resources.admin.permissions.AdminPermissions; import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.AssertEvents; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; import org.keycloak.testsuite.arquillian.annotation.DisableFeature; @@ -66,6 +68,7 @@ import java.util.Map; import static org.hamcrest.Matchers.instanceOf; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; +import static org.keycloak.common.Profile.Feature.AUTHORIZATION; import static org.keycloak.models.ImpersonationSessionNote.IMPERSONATOR_ID; import static org.keycloak.models.ImpersonationSessionNote.IMPERSONATOR_USERNAME; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer; @@ -82,6 +85,11 @@ public class ClientTokenExchangeTest extends AbstractKeycloakTest { @Rule public AssertEvents events = new AssertEvents(this); + @BeforeClass + public static void enabled() { + ProfileAssume.assumeFeatureEnabled(AUTHORIZATION); + } + @Test @UncaughtServerErrorExpected @DisableFeature(value = Profile.Feature.TOKEN_EXCHANGE, skipRestart = true) diff --git a/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/AbstractAuthorizationSettingsTest.java b/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/AbstractAuthorizationSettingsTest.java index f02c19bc9c..c1b4df7cb4 100644 --- a/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/AbstractAuthorizationSettingsTest.java +++ b/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/AbstractAuthorizationSettingsTest.java @@ -18,11 +18,14 @@ package org.keycloak.testsuite.console.authorization; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; +import static org.keycloak.common.Profile.Feature.AUTHORIZATION; import static org.keycloak.testsuite.auth.page.login.Login.OIDC; import org.jboss.arquillian.graphene.page.Page; import org.junit.Before; +import org.junit.BeforeClass; import org.keycloak.representations.idm.ClientRepresentation; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.console.clients.AbstractClientTest; import org.keycloak.testsuite.console.page.clients.authorization.Authorization; import org.keycloak.testsuite.console.page.clients.settings.ClientSettings; @@ -42,6 +45,11 @@ public abstract class AbstractAuthorizationSettingsTest extends AbstractClientTe protected ClientRepresentation newClient; + @BeforeClass + public static void enabled() { + ProfileAssume.assumeFeatureEnabled(AUTHORIZATION); + } + @Before public void configureTest() { this.newClient = createResourceServer(); diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/client-detail.html b/themes/src/main/resources/theme/base/admin/resources/partials/client-detail.html index 5245a0b25a..11acdc716a 100755 --- a/themes/src/main/resources/theme/base/admin/resources/partials/client-detail.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/client-detail.html @@ -161,7 +161,7 @@ on-text="{{:: 'onText' | translate}}" off-text="{{:: 'offText' | translate}}" /> -
+
{{:: 'authz-authorization-services-enabled.tooltip' | translate}}
diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/realm-detail.html b/themes/src/main/resources/theme/base/admin/resources/partials/realm-detail.html index 6719a98c36..89eb413e5a 100755 --- a/themes/src/main/resources/theme/base/admin/resources/partials/realm-detail.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/realm-detail.html @@ -47,7 +47,7 @@ {{:: 'realm-detail.enabled.tooltip' | translate}}
-
+