KEYCLOAK-17844 Add option to disable authorization services to workaround issues with many clients

This commit is contained in:
Stian Thorgersen 2021-05-27 22:28:56 +02:00 committed by GitHub
parent 3d8f152787
commit 2cb59e2503
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
55 changed files with 400 additions and 37 deletions

View file

@ -44,6 +44,7 @@ public class Profile {
DEPRECATED; DEPRECATED;
} }
public enum Feature { public enum Feature {
AUTHORIZATION(Type.DEFAULT),
ACCOUNT2(Type.DEFAULT), ACCOUNT2(Type.DEFAULT),
ACCOUNT_API(Type.DEFAULT), ACCOUNT_API(Type.DEFAULT),
ADMIN_FINE_GRAINED_AUTHZ(Type.PREVIEW), ADMIN_FINE_GRAINED_AUTHZ(Type.PREVIEW),

View file

@ -18,6 +18,7 @@
package org.keycloak.authorization; package org.keycloak.authorization;
import org.keycloak.common.Profile;
import org.keycloak.provider.Provider; import org.keycloak.provider.Provider;
import org.keycloak.provider.ProviderFactory; import org.keycloak.provider.ProviderFactory;
import org.keycloak.provider.Spi; import org.keycloak.provider.Spi;
@ -45,4 +46,9 @@ public class AuthorizationSpi implements Spi {
public Class<? extends ProviderFactory> getProviderFactoryClass() { public Class<? extends ProviderFactory> getProviderFactoryClass() {
return AuthorizationProviderFactory.class; return AuthorizationProviderFactory.class;
} }
@Override
public boolean isEnabled() {
return Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION);
}
} }

View file

@ -18,6 +18,7 @@
package org.keycloak.authorization.policy.provider; package org.keycloak.authorization.policy.provider;
import org.keycloak.common.Profile;
import org.keycloak.provider.Provider; import org.keycloak.provider.Provider;
import org.keycloak.provider.ProviderFactory; import org.keycloak.provider.ProviderFactory;
import org.keycloak.provider.Spi; import org.keycloak.provider.Spi;
@ -45,4 +46,9 @@ public class PolicySpi implements Spi {
public Class<? extends ProviderFactory> getProviderFactoryClass() { public Class<? extends ProviderFactory> getProviderFactoryClass() {
return PolicyProviderFactory.class; return PolicyProviderFactory.class;
} }
@Override
public boolean isEnabled() {
return Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION);
}
} }

View file

@ -18,6 +18,7 @@
package org.keycloak.authorization.store; package org.keycloak.authorization.store;
import org.keycloak.common.Profile;
import org.keycloak.provider.Provider; import org.keycloak.provider.Provider;
import org.keycloak.provider.ProviderFactory; import org.keycloak.provider.ProviderFactory;
import org.keycloak.provider.Spi; import org.keycloak.provider.Spi;
@ -48,4 +49,9 @@ public class StoreFactorySpi implements Spi {
public Class<? extends ProviderFactory> getProviderFactoryClass() { public Class<? extends ProviderFactory> getProviderFactoryClass() {
return AuthorizationStoreFactory.class; return AuthorizationStoreFactory.class;
} }
@Override
public boolean isEnabled() {
return Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION);
}
} }

View file

@ -18,6 +18,7 @@
package org.keycloak.models.cache.authorization; package org.keycloak.models.cache.authorization;
import org.keycloak.common.Profile;
import org.keycloak.provider.Provider; import org.keycloak.provider.Provider;
import org.keycloak.provider.ProviderFactory; import org.keycloak.provider.ProviderFactory;
import org.keycloak.provider.Spi; import org.keycloak.provider.Spi;
@ -45,4 +46,9 @@ public class CachedStoreFactorySpi implements Spi {
public Class<? extends ProviderFactory> getProviderFactoryClass() { public Class<? extends ProviderFactory> getProviderFactoryClass() {
return CachedStoreProviderFactory.class; return CachedStoreProviderFactory.class;
} }
@Override
public boolean isEnabled() {
return Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION);
}
} }

View file

@ -24,6 +24,7 @@ import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory; import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
import org.keycloak.common.Profile;
import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.common.util.Time; import org.keycloak.common.util.Time;
import org.keycloak.component.ComponentModel; import org.keycloak.component.ComponentModel;
@ -315,7 +316,11 @@ public class ModelToRepresentation {
rep.setQuickLoginCheckMilliSeconds(realm.getQuickLoginCheckMilliSeconds()); rep.setQuickLoginCheckMilliSeconds(realm.getQuickLoginCheckMilliSeconds());
rep.setMaxDeltaTimeSeconds(realm.getMaxDeltaTimeSeconds()); rep.setMaxDeltaTimeSeconds(realm.getMaxDeltaTimeSeconds());
rep.setFailureFactor(realm.getFailureFactor()); rep.setFailureFactor(realm.getFailureFactor());
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
rep.setUserManagedAccessAllowed(realm.isUserManagedAccessAllowed()); rep.setUserManagedAccessAllowed(realm.isUserManagedAccessAllowed());
} else {
rep.setUserManagedAccessAllowed(false);
}
rep.setEventsEnabled(realm.isEventsEnabled()); rep.setEventsEnabled(realm.isEventsEnabled());
if (realm.getEventsExpiration() != 0) { if (realm.getEventsExpiration() != 0) {
@ -628,12 +633,14 @@ public class ModelToRepresentation {
if (!mappings.isEmpty()) if (!mappings.isEmpty())
rep.setProtocolMappers(mappings); rep.setProtocolMappers(mappings);
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class); AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
ResourceServer resourceServer = authorization.getStoreFactory().getResourceServerStore().findById(clientModel.getId()); ResourceServer resourceServer = authorization.getStoreFactory().getResourceServerStore().findById(clientModel.getId());
if (resourceServer != null) { if (resourceServer != null) {
rep.setAuthorizationServicesEnabled(true); rep.setAuthorizationServicesEnabled(true);
} }
}
return rep; return rep;
} }

View file

@ -52,6 +52,7 @@ import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.broker.provider.IdentityProvider; import org.keycloak.broker.provider.IdentityProvider;
import org.keycloak.broker.provider.IdentityProviderFactory; import org.keycloak.broker.provider.IdentityProviderFactory;
import org.keycloak.broker.social.SocialIdentityProvider; import org.keycloak.broker.social.SocialIdentityProvider;
import org.keycloak.common.Profile;
import org.keycloak.common.enums.SslRequired; import org.keycloak.common.enums.SslRequired;
import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.common.util.UriUtils; import org.keycloak.common.util.UriUtils;
@ -2237,7 +2238,7 @@ public class RepresentationToModel {
} }
public static void importAuthorizationSettings(ClientRepresentation clientRepresentation, ClientModel client, KeycloakSession session) { public static void importAuthorizationSettings(ClientRepresentation clientRepresentation, ClientModel client, KeycloakSession session) {
if (Boolean.TRUE.equals(clientRepresentation.getAuthorizationServicesEnabled())) { if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION) && Boolean.TRUE.equals(clientRepresentation.getAuthorizationServicesEnabled())) {
AuthorizationProviderFactory authorizationFactory = (AuthorizationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class); AuthorizationProviderFactory authorizationFactory = (AuthorizationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class);
AuthorizationProvider authorization = authorizationFactory.create(session, client.getRealm()); AuthorizationProvider authorization = authorizationFactory.create(session, client.getRealm());

View file

@ -26,4 +26,8 @@ public interface Spi {
String getName(); String getName();
Class<? extends Provider> getProviderClass(); Class<? extends Provider> getProviderClass();
Class<? extends ProviderFactory> getProviderFactoryClass(); Class<? extends ProviderFactory> getProviderFactoryClass();
default boolean isEnabled() {
return true;
}
} }

View file

@ -41,6 +41,7 @@ import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.StoreFactory; import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.common.Profile;
import org.keycloak.common.Version; import org.keycloak.common.Version;
import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.credential.CredentialModel; import org.keycloak.credential.CredentialModel;
@ -286,7 +287,9 @@ public class ExportUtils {
public static ClientRepresentation exportClient(KeycloakSession session, ClientModel client) { public static ClientRepresentation exportClient(KeycloakSession session, ClientModel client) {
ClientRepresentation clientRep = ModelToRepresentation.toRepresentation(client, session); ClientRepresentation clientRep = ModelToRepresentation.toRepresentation(client, session);
clientRep.setSecret(client.getSecret()); clientRep.setSecret(client.getSecret());
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
clientRep.setAuthorizationSettings(exportAuthorizationSettings(session, client)); clientRep.setAuthorizationSettings(exportAuthorizationSettings(session, client));
}
return clientRep; return clientRep;
} }

View file

@ -21,6 +21,7 @@ import org.keycloak.Config;
import org.keycloak.authentication.ClientAuthenticator; import org.keycloak.authentication.ClientAuthenticator;
import org.keycloak.authentication.ClientAuthenticatorFactory; import org.keycloak.authentication.ClientAuthenticatorFactory;
import org.keycloak.authorization.admin.AuthorizationService; import org.keycloak.authorization.admin.AuthorizationService;
import org.keycloak.common.Profile;
import org.keycloak.models.ClientModel; import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants; import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
@ -174,7 +175,7 @@ public class KeycloakOIDCClientInstallation implements ClientInstallationProvide
} }
private void configureAuthorizationSettings(KeycloakSession session, ClientModel client, ClientManager.InstallationAdapterConfig rep) { private void configureAuthorizationSettings(KeycloakSession session, ClientModel client, ClientManager.InstallationAdapterConfig rep) {
if (new AuthorizationService(session, client, null, null).isEnabled()) { if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION) && new AuthorizationService(session, client, null, null).isEnabled()) {
PolicyEnforcerConfig enforcerConfig = new PolicyEnforcerConfig(); PolicyEnforcerConfig enforcerConfig = new PolicyEnforcerConfig();
enforcerConfig.setEnforcementMode(null); enforcerConfig.setEnforcementMode(null);

View file

@ -18,6 +18,7 @@ package org.keycloak.services;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import org.keycloak.Config; import org.keycloak.Config;
import org.keycloak.common.Profile;
import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.component.ComponentFactoryProvider; import org.keycloak.component.ComponentFactoryProvider;
import org.keycloak.component.ComponentFactoryProviderFactory; import org.keycloak.component.ComponentFactoryProviderFactory;
@ -96,7 +97,12 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory, Pr
serverStartupTimestamp = System.currentTimeMillis(); serverStartupTimestamp = System.currentTimeMillis();
ProviderManager pm = new ProviderManager(KeycloakDeploymentInfo.create().services(), getClass().getClassLoader(), Config.scope().getArray("providers")); ProviderManager pm = new ProviderManager(KeycloakDeploymentInfo.create().services(), getClass().getClassLoader(), Config.scope().getArray("providers"));
spis.addAll(pm.loadSpis()); for (Spi spi : pm.loadSpis()) {
if (spi.isEnabled()) {
spis.add(spi);
}
}
factoriesMap = loadFactories(pm); factoriesMap = loadFactories(pm);
synchronized (ProviderManagerRegistry.SINGLETON) { synchronized (ProviderManagerRegistry.SINGLETON) {

View file

@ -17,6 +17,7 @@
package org.keycloak.services.managers; package org.keycloak.services.managers;
import org.keycloak.Config; import org.keycloak.Config;
import org.keycloak.common.Profile;
import org.keycloak.common.enums.SslRequired; import org.keycloak.common.enums.SslRequired;
import org.keycloak.migration.MigrationModelManager; import org.keycloak.migration.MigrationModelManager;
import org.keycloak.models.AccountRoles; import org.keycloak.models.AccountRoles;
@ -755,7 +756,7 @@ public class RealmManager {
} }
} }
if (Boolean.TRUE.equals(client.getAuthorizationServicesEnabled())) { if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION) && Boolean.TRUE.equals(client.getAuthorizationServicesEnabled())) {
// just create the default roles if the service account was missing in the import // just create the default roles if the service account was missing in the import
RepresentationToModel.createResourceServer(clientModel, session, serviceAccount == null); RepresentationToModel.createResourceServer(clientModel, session, serviceAccount == null);
RepresentationToModel.importAuthorizationSettings(client, clientModel, session); RepresentationToModel.importAuthorizationSettings(client, clientModel, session);

View file

@ -23,6 +23,7 @@ import org.keycloak.OAuthErrorException;
import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.AuthorizationService; import org.keycloak.authorization.AuthorizationService;
import org.keycloak.common.ClientConnection; import org.keycloak.common.ClientConnection;
import org.keycloak.common.Profile;
import org.keycloak.common.util.KeycloakUriBuilder; import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.events.EventBuilder; import org.keycloak.events.EventBuilder;
import org.keycloak.models.ClientModel; import org.keycloak.models.ClientModel;
@ -37,6 +38,7 @@ import org.keycloak.services.resource.RealmResourceProvider;
import org.keycloak.services.resources.account.AccountLoader; import org.keycloak.services.resources.account.AccountLoader;
import org.keycloak.services.util.CacheControlUtil; import org.keycloak.services.util.CacheControlUtil;
import org.keycloak.services.util.ResolveRelative; import org.keycloak.services.util.ResolveRelative;
import org.keycloak.utils.ProfileHelper;
import org.keycloak.wellknown.WellKnownProvider; import org.keycloak.wellknown.WellKnownProvider;
import javax.ws.rs.GET; import javax.ws.rs.GET;
@ -260,6 +262,8 @@ public class RealmsResource {
@Path("{realm}/authz") @Path("{realm}/authz")
public Object getAuthorizationService(@PathParam("realm") String name) { public Object getAuthorizationService(@PathParam("realm") String name) {
ProfileHelper.requireFeature(Profile.Feature.AUTHORIZATION);
init(name); init(name);
AuthorizationProvider authorization = this.session.getProvider(AuthorizationProvider.class); AuthorizationProvider authorization = this.session.getProvider(AuthorizationProvider.class);
AuthorizationService service = new AuthorizationService(authorization); AuthorizationService service = new AuthorizationService(authorization);

View file

@ -2,6 +2,7 @@ package org.keycloak.services.resources.account;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.common.Profile;
import org.keycloak.authentication.requiredactions.DeleteAccount; import org.keycloak.authentication.requiredactions.DeleteAccount;
import org.keycloak.common.Version; import org.keycloak.common.Version;
import org.keycloak.events.EventStoreProvider; import org.keycloak.events.EventStoreProvider;
@ -129,7 +130,7 @@ public class AccountConsole {
EventStoreProvider eventStore = session.getProvider(EventStoreProvider.class); EventStoreProvider eventStore = session.getProvider(EventStoreProvider.class);
map.put("isEventsEnabled", eventStore != null && realm.isEventsEnabled()); map.put("isEventsEnabled", eventStore != null && realm.isEventsEnabled());
map.put("isAuthorizationEnabled", true); map.put("isAuthorizationEnabled", Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION));
boolean isTotpConfigured = false; boolean isTotpConfigured = false;
boolean deleteAccountAllowed = false; boolean deleteAccountAllowed = false;

View file

@ -25,6 +25,7 @@ import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope; import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.store.PermissionTicketStore; import org.keycloak.authorization.store.PermissionTicketStore;
import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.common.Profile;
import org.keycloak.common.util.Base64Url; import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.Time; import org.keycloak.common.util.Time;
import org.keycloak.common.util.UriUtils; import org.keycloak.common.util.UriUtils;
@ -181,7 +182,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
account.setUser(auth.getUser()); account.setUser(auth.getUser());
} }
account.setFeatures(realm.isIdentityFederationEnabled(), eventStore != null && realm.isEventsEnabled(), true, true); account.setFeatures(realm.isIdentityFederationEnabled(), eventStore != null && realm.isEventsEnabled(), true, Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION));
} }
public static UriBuilder accountServiceBaseUrl(UriInfo uriInfo) { public static UriBuilder accountServiceBaseUrl(UriInfo uriInfo) {

View file

@ -22,6 +22,7 @@ import org.jboss.resteasy.spi.BadRequestException;
import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.authorization.admin.AuthorizationService; import org.keycloak.authorization.admin.AuthorizationService;
import org.keycloak.common.ClientConnection; import org.keycloak.common.ClientConnection;
import org.keycloak.common.Profile;
import org.keycloak.common.util.Time; import org.keycloak.common.util.Time;
import org.keycloak.events.Errors; import org.keycloak.events.Errors;
import org.keycloak.events.admin.OperationType; import org.keycloak.events.admin.OperationType;
@ -63,6 +64,7 @@ import org.keycloak.services.managers.ResourceAdminManager;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement; import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement;
import org.keycloak.services.resources.admin.permissions.AdminPermissions; import org.keycloak.services.resources.admin.permissions.AdminPermissions;
import org.keycloak.utils.ProfileHelper;
import org.keycloak.utils.ReservedCharValidator; import org.keycloak.utils.ReservedCharValidator;
import org.keycloak.validation.ValidationUtil; import org.keycloak.validation.ValidationUtil;
@ -591,6 +593,8 @@ public class ClientResource {
@Path("/authz") @Path("/authz")
public AuthorizationService authorization() { public AuthorizationService authorization() {
ProfileHelper.requireFeature(Profile.Feature.AUTHORIZATION);
AuthorizationService resource = new AuthorizationService(this.session, this.client, this.auth, adminEvent); AuthorizationService resource = new AuthorizationService(this.session, this.client, this.auth, adminEvent);
ResteasyProviderFactory.getInstance().injectProperties(resource); ResteasyProviderFactory.getInstance().injectProperties(resource);
@ -680,12 +684,14 @@ public class ClientResource {
} }
private void updateAuthorizationSettings(ClientRepresentation rep) { private void updateAuthorizationSettings(ClientRepresentation rep) {
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
if (TRUE.equals(rep.getAuthorizationServicesEnabled())) { if (TRUE.equals(rep.getAuthorizationServicesEnabled())) {
authorization().enable(false); authorization().enable(false);
} else { } else {
authorization().disable(); authorization().disable();
} }
} }
}
/** /**
* Converts the specified {@link UserSessionModel} into a {@link UserSessionRepresentation}. * Converts the specified {@link UserSessionModel} into a {@link UserSessionRepresentation}.

View file

@ -20,6 +20,7 @@ import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.ResteasyProviderFactory; import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.authorization.admin.AuthorizationService; import org.keycloak.authorization.admin.AuthorizationService;
import org.keycloak.common.Profile;
import org.keycloak.events.Errors; import org.keycloak.events.Errors;
import org.keycloak.events.admin.OperationType; import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType; import org.keycloak.events.admin.ResourceType;
@ -187,7 +188,7 @@ public class ClientsResource {
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), clientModel.getId()).representation(rep).success(); adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), clientModel.getId()).representation(rep).success();
if (TRUE.equals(rep.getAuthorizationServicesEnabled())) { if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION) && TRUE.equals(rep.getAuthorizationServicesEnabled())) {
AuthorizationService authorizationService = getAuthorizationService(clientModel); AuthorizationService authorizationService = getAuthorizationService(clientModel);
authorizationService.enable(true); authorizationService.enable(true);

View file

@ -25,6 +25,7 @@ import org.keycloak.authorization.permission.ResourcePermission;
import org.keycloak.authorization.policy.evaluation.EvaluationContext; import org.keycloak.authorization.policy.evaluation.EvaluationContext;
import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.ResourceStore; import org.keycloak.authorization.store.ResourceStore;
import org.keycloak.common.Profile;
import org.keycloak.models.AdminRoles; import org.keycloak.models.AdminRoles;
import org.keycloak.models.GroupModel; import org.keycloak.models.GroupModel;
import org.keycloak.representations.idm.authorization.Permission; import org.keycloak.representations.idm.authorization.Permission;
@ -59,8 +60,13 @@ class GroupPermissions implements GroupPermissionEvaluator, GroupPermissionManag
GroupPermissions(AuthorizationProvider authz, MgmtPermissions root) { GroupPermissions(AuthorizationProvider authz, MgmtPermissions root) {
this.authz = authz; this.authz = authz;
this.root = root; this.root = root;
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
resourceStore = authz.getStoreFactory().getResourceStore(); resourceStore = authz.getStoreFactory().getResourceStore();
policyStore = authz.getStoreFactory().getPolicyStore(); policyStore = authz.getStoreFactory().getPolicyStore();
} else {
resourceStore = null;
policyStore = null;
}
} }
private static String getGroupResourceName(GroupModel group) { private static String getGroupResourceName(GroupModel group) {

View file

@ -30,6 +30,7 @@ import org.keycloak.authorization.model.Scope;
import org.keycloak.authorization.permission.ResourcePermission; import org.keycloak.authorization.permission.ResourcePermission;
import org.keycloak.authorization.policy.evaluation.EvaluationContext; import org.keycloak.authorization.policy.evaluation.EvaluationContext;
import org.keycloak.authorization.store.ResourceServerStore; import org.keycloak.authorization.store.ResourceServerStore;
import org.keycloak.common.Profile;
import org.keycloak.models.AdminRoles; import org.keycloak.models.AdminRoles;
import org.keycloak.models.ClientModel; import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants; import org.keycloak.models.Constants;
@ -72,9 +73,11 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage
this.session = session; this.session = session;
this.realm = realm; this.realm = realm;
KeycloakSessionFactory keycloakSessionFactory = session.getKeycloakSessionFactory(); KeycloakSessionFactory keycloakSessionFactory = session.getKeycloakSessionFactory();
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
AuthorizationProviderFactory factory = (AuthorizationProviderFactory) keycloakSessionFactory.getProviderFactory(AuthorizationProvider.class); AuthorizationProviderFactory factory = (AuthorizationProviderFactory) keycloakSessionFactory.getProviderFactory(AuthorizationProvider.class);
this.authz = factory.create(session, realm); this.authz = factory.create(session, realm);
} }
}
MgmtPermissions(KeycloakSession session, RealmModel realm, AdminAuth auth) { MgmtPermissions(KeycloakSession session, RealmModel realm, AdminAuth auth) {
this(session, realm); this(session, realm);
@ -248,6 +251,7 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage
@Override @Override
public ResourceServer realmResourceServer() { public ResourceServer realmResourceServer() {
if (!Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) return null;
if (realmResourceServer != null) return realmResourceServer; if (realmResourceServer != null) return realmResourceServer;
ClientModel client = getRealmManagementClient(); ClientModel client = getRealmManagementClient();
if (client == null) return null; if (client == null) return null;
@ -258,6 +262,7 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage
} }
public ResourceServer initializeRealmResourceServer() { public ResourceServer initializeRealmResourceServer() {
if (!Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) return null;
if (realmResourceServer != null) return realmResourceServer; if (realmResourceServer != null) return realmResourceServer;
ClientModel client = getRealmManagementClient(); ClientModel client = getRealmManagementClient();
realmResourceServer = authz.getStoreFactory().getResourceServerStore().findById(client.getId()); realmResourceServer = authz.getStoreFactory().getResourceServerStore().findById(client.getId());

View file

@ -29,6 +29,7 @@ import org.keycloak.authorization.permission.ResourcePermission;
import org.keycloak.authorization.policy.evaluation.EvaluationContext; import org.keycloak.authorization.policy.evaluation.EvaluationContext;
import org.keycloak.authorization.store.PolicyStore; import org.keycloak.authorization.store.PolicyStore;
import org.keycloak.authorization.store.ResourceStore; import org.keycloak.authorization.store.ResourceStore;
import org.keycloak.common.Profile;
import org.keycloak.models.AdminRoles; import org.keycloak.models.AdminRoles;
import org.keycloak.models.ClientModel; import org.keycloak.models.ClientModel;
import org.keycloak.models.GroupModel; import org.keycloak.models.GroupModel;
@ -82,8 +83,13 @@ class UserPermissions implements UserPermissionEvaluator, UserPermissionManageme
this.session = session; this.session = session;
this.authz = authz; this.authz = authz;
this.root = root; this.root = root;
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
policyStore = authz.getStoreFactory().getPolicyStore(); policyStore = authz.getStoreFactory().getPolicyStore();
resourceStore = authz.getStoreFactory().getResourceStore(); resourceStore = authz.getStoreFactory().getResourceStore();
} else {
policyStore = null;
resourceStore = null;
}
} }

View file

@ -17,6 +17,7 @@
package org.keycloak.testsuite.account; package org.keycloak.testsuite.account;
import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.core.type.TypeReference;
import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import org.keycloak.admin.client.resource.AuthorizationResource; import org.keycloak.admin.client.resource.AuthorizationResource;
import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.ClientResource;
@ -24,6 +25,7 @@ import org.keycloak.admin.client.resource.ClientsResource;
import org.keycloak.authorization.client.AuthzClient; import org.keycloak.authorization.client.AuthzClient;
import org.keycloak.authorization.client.Configuration; import org.keycloak.authorization.client.Configuration;
import org.keycloak.broker.provider.util.SimpleHttp; import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.common.Profile;
import org.keycloak.common.util.KeycloakUriBuilder; import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.jose.jws.JWSInput; import org.keycloak.jose.jws.JWSInput;
import org.keycloak.models.AccountRoles; import org.keycloak.models.AccountRoles;
@ -38,6 +40,7 @@ import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.services.resources.account.resources.AbstractResourceService; import org.keycloak.services.resources.account.resources.AbstractResourceService;
import org.keycloak.services.resources.account.resources.AbstractResourceService.Permission; import org.keycloak.services.resources.account.resources.AbstractResourceService.Permission;
import org.keycloak.services.resources.account.resources.AbstractResourceService.Resource; import org.keycloak.services.resources.account.resources.AbstractResourceService.Resource;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.util.ClientBuilder; import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.TokenUtil; import org.keycloak.testsuite.util.TokenUtil;
import org.keycloak.testsuite.util.UserBuilder; import org.keycloak.testsuite.util.UserBuilder;
@ -70,6 +73,11 @@ public class ResourcesRestServiceTest extends AbstractRestServiceTest {
private AuthzClient authzClient; private AuthzClient authzClient;
private List<String> userNames = new ArrayList<>(Arrays.asList("alice", "jdoe", "bob")); private List<String> userNames = new ArrayList<>(Arrays.asList("alice", "jdoe", "bob"));
@BeforeClass
public static void enabled() {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
}
@Override @Override
public void configureTestRealm(RealmRepresentation testRealm) { public void configureTestRealm(RealmRepresentation testRealm) {
super.configureTestRealm(testRealm); super.configureTestRealm(testRealm);

View file

@ -19,8 +19,7 @@ package org.keycloak.testsuite.adapter.example.authorization;
import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.is;
import static org.junit.Assert.assertFalse; import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
import static org.junit.Assert.assertTrue;
import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS; import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS;
import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith; import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith;
import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad; import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
@ -49,6 +48,7 @@ import org.jboss.arquillian.test.api.ArquillianResource;
import org.junit.After; import org.junit.After;
import org.junit.Assert; import org.junit.Assert;
import org.junit.Before; import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import org.keycloak.admin.client.resource.AuthorizationResource; import org.keycloak.admin.client.resource.AuthorizationResource;
import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.ClientResource;
@ -71,6 +71,7 @@ import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.authorization.PolicyRepresentation; import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation; import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation; import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.adapter.page.PhotozClientAuthzTestApp; import org.keycloak.testsuite.adapter.page.PhotozClientAuthzTestApp;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.AppServerTestEnricher; import org.keycloak.testsuite.arquillian.AppServerTestEnricher;
@ -121,6 +122,11 @@ public abstract class AbstractBasePhotozExampleAdapterTest extends AbstractPhoto
@JavascriptBrowser @JavascriptBrowser
protected WebElement eventsArea; protected WebElement eventsArea;
@BeforeClass
public static void enabled() {
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
}
@Override @Override
public void setDefaultPageUriParameters() { public void setDefaultPageUriParameters() {
super.setDefaultPageUriParameters(); super.setDefaultPageUriParameters();

View file

@ -19,6 +19,7 @@ package org.keycloak.testsuite.adapter.example.authorization;
import org.jboss.arquillian.container.test.api.Deployer; import org.jboss.arquillian.container.test.api.Deployer;
import org.jboss.arquillian.test.api.ArquillianResource; import org.jboss.arquillian.test.api.ArquillianResource;
import org.junit.Before; import org.junit.Before;
import org.junit.BeforeClass;
import org.keycloak.admin.client.resource.AuthorizationResource; import org.keycloak.admin.client.resource.AuthorizationResource;
import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.ClientsResource; import org.keycloak.admin.client.resource.ClientsResource;
@ -27,6 +28,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.authorization.PolicyRepresentation; import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation; import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
import org.keycloak.representations.idm.authorization.UserPolicyRepresentation; import org.keycloak.representations.idm.authorization.UserPolicyRepresentation;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest; import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature; import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.util.UIUtils; import org.keycloak.testsuite.util.UIUtils;
@ -42,6 +44,7 @@ import java.net.URL;
import java.util.List; import java.util.List;
import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertFalse;
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS; import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS;
import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad; import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
import static org.keycloak.testsuite.utils.io.IOUtil.loadJson; import static org.keycloak.testsuite.utils.io.IOUtil.loadJson;
@ -60,6 +63,11 @@ public abstract class AbstractBaseServletAuthzAdapterTest extends AbstractExampl
@ArquillianResource @ArquillianResource
private Deployer deployer; private Deployer deployer;
@BeforeClass
public static void enabled() {
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
}
@Override @Override
public void addAdapterTestRealms(List<RealmRepresentation> testRealms) { public void addAdapterTestRealms(List<RealmRepresentation> testRealms) {
testRealms.add( testRealms.add(

View file

@ -25,6 +25,7 @@ import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.not; import static org.hamcrest.Matchers.not;
import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
import java.io.IOException; import java.io.IOException;
import java.util.Arrays; import java.util.Arrays;
@ -33,6 +34,7 @@ import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import org.keycloak.admin.client.resource.AuthorizationResource; import org.keycloak.admin.client.resource.AuthorizationResource;
import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.ClientResource;
@ -47,6 +49,7 @@ import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.authorization.PolicyRepresentation; import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation; import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected; import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;
@ -55,6 +58,11 @@ import org.keycloak.util.JsonSerialization;
*/ */
public abstract class AbstractPhotozExampleAdapterTest extends AbstractBasePhotozExampleAdapterTest { public abstract class AbstractPhotozExampleAdapterTest extends AbstractBasePhotozExampleAdapterTest {
@BeforeClass
public static void enabled() {
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
}
@Test @Test
public void testUserCanCreateAndDeleteAlbum() throws Exception { public void testUserCanCreateAndDeleteAlbum() throws Exception {
loginToClientPage(aliceUser); loginToClientPage(aliceUser);

View file

@ -20,6 +20,7 @@ import org.jboss.arquillian.container.test.api.Deployer;
import org.jboss.arquillian.container.test.api.Deployment; import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.test.api.ArquillianResource; import org.jboss.arquillian.test.api.ArquillianResource;
import org.jboss.shrinkwrap.api.spec.WebArchive; import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import org.keycloak.admin.client.resource.AuthorizationResource; import org.keycloak.admin.client.resource.AuthorizationResource;
import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.ClientResource;
@ -27,6 +28,7 @@ import org.keycloak.admin.client.resource.ClientsResource;
import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.authorization.PolicyRepresentation; import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest; import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.util.ServerURLs; import org.keycloak.testsuite.util.ServerURLs;
@ -40,6 +42,7 @@ import java.net.URL;
import java.util.List; import java.util.List;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
import static org.keycloak.testsuite.utils.io.IOUtil.loadRealm; import static org.keycloak.testsuite.utils.io.IOUtil.loadRealm;
/** /**
@ -62,6 +65,11 @@ public class DefaultAuthzConfigAdapterTest extends AbstractExampleAdapterTest {
@ArquillianResource @ArquillianResource
private Deployer deployer; private Deployer deployer;
@BeforeClass
public static void enabled() {
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
}
@Override @Override
public void addAdapterTestRealms(List<RealmRepresentation> testRealms) { public void addAdapterTestRealms(List<RealmRepresentation> testRealms) {
testRealms.add( testRealms.add(

View file

@ -16,12 +16,15 @@
*/ */
package org.keycloak.testsuite.adapter.example.authorization; package org.keycloak.testsuite.adapter.example.authorization;
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS; import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS;
import java.io.IOException; import java.io.IOException;
import org.jboss.arquillian.container.test.api.Deployment; import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.shrinkwrap.api.spec.WebArchive; import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.BeforeClass;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature; import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.util.ServerURLs; import org.keycloak.testsuite.util.ServerURLs;
@ -42,6 +45,11 @@ import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
@EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true) @EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
public class ServletPolicyEnforcerTest extends AbstractServletPolicyEnforcerTest { public class ServletPolicyEnforcerTest extends AbstractServletPolicyEnforcerTest {
@BeforeClass
public static void enabled() {
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
}
@Deployment(name = RESOURCE_SERVER_ID, managed = false) @Deployment(name = RESOURCE_SERVER_ID, managed = false)
public static WebArchive deployment() { public static WebArchive deployment() {
return exampleDeployment(RESOURCE_SERVER_ID); return exampleDeployment(RESOURCE_SERVER_ID);

View file

@ -23,6 +23,7 @@ import org.jboss.arquillian.test.api.ArquillianResource;
import org.jboss.shrinkwrap.api.spec.WebArchive; import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.Assert; import org.junit.Assert;
import org.junit.Before; import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import org.keycloak.OAuth2Constants; import org.keycloak.OAuth2Constants;
import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.admin.client.resource.RealmResource;
@ -52,6 +53,7 @@ import org.keycloak.representations.idm.authorization.ClientPolicyRepresentation
import org.keycloak.representations.idm.authorization.DecisionStrategy; import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement; import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement;
import org.keycloak.services.resources.admin.permissions.AdminPermissions; import org.keycloak.services.resources.admin.permissions.AdminPermissions;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest; import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature; import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
@ -104,6 +106,11 @@ public class BrokerLinkAndTokenExchangeTest extends AbstractServletsAdapterTest
public static final String UNAUTHORIZED_CHILD_CLIENT = "unauthorized-child-client"; public static final String UNAUTHORIZED_CHILD_CLIENT = "unauthorized-child-client";
public static final String PARENT_CLIENT = "parent-client"; public static final String PARENT_CLIENT = "parent-client";
@BeforeClass
public static void enabled() {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
}
@Deployment(name = ClientApp.DEPLOYMENT_NAME) @Deployment(name = ClientApp.DEPLOYMENT_NAME)
protected static WebArchive accountLink() { protected static WebArchive accountLink() {
return servletDeployment(ClientApp.DEPLOYMENT_NAME, LinkAndExchangeServlet.class, ServletTestUtils.class); return servletDeployment(ClientApp.DEPLOYMENT_NAME, LinkAndExchangeServlet.class, ServletTestUtils.class);

View file

@ -16,6 +16,7 @@
*/ */
package org.keycloak.testsuite.admin; package org.keycloak.testsuite.admin;
import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import org.keycloak.admin.client.resource.ClientsResource; import org.keycloak.admin.client.resource.ClientsResource;
import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.AuthorizationProvider;
@ -31,6 +32,7 @@ import org.keycloak.representations.idm.authorization.Logic;
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation; import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
import org.keycloak.representations.idm.authorization.RolePolicyRepresentation; import org.keycloak.representations.idm.authorization.RolePolicyRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
import org.keycloak.testsuite.util.ClientBuilder; import org.keycloak.testsuite.util.ClientBuilder;
@ -39,6 +41,7 @@ import org.keycloak.util.JsonSerialization;
import java.util.List; import java.util.List;
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
import static org.keycloak.testsuite.auth.page.AuthRealm.TEST; import static org.keycloak.testsuite.auth.page.AuthRealm.TEST;
/** /**
@ -48,6 +51,11 @@ import static org.keycloak.testsuite.auth.page.AuthRealm.TEST;
@AuthServerContainerExclude(AuthServer.REMOTE) @AuthServerContainerExclude(AuthServer.REMOTE)
public class AuthzCleanupTest extends AbstractKeycloakTest { public class AuthzCleanupTest extends AbstractKeycloakTest {
@BeforeClass
public static void enabled() {
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
}
@Override @Override
public void addTestRealms(List<RealmRepresentation> testRealms) { public void addTestRealms(List<RealmRepresentation> testRealms) {
testRealms.add(RealmBuilder.create().name(TEST) testRealms.add(RealmBuilder.create().name(TEST)

View file

@ -18,6 +18,7 @@ package org.keycloak.testsuite.admin;
import org.hamcrest.Matchers; import org.hamcrest.Matchers;
import org.junit.Assert; import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.Keycloak;
import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.AuthorizationProvider;
@ -52,6 +53,7 @@ import org.keycloak.services.resources.admin.permissions.AdminPermissions;
import org.keycloak.services.resources.admin.permissions.ClientPermissionManagement; import org.keycloak.services.resources.admin.permissions.ClientPermissionManagement;
import org.keycloak.services.resources.admin.permissions.GroupPermissionManagement; import org.keycloak.services.resources.admin.permissions.GroupPermissionManagement;
import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature; import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected; import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected;
import org.keycloak.testsuite.auth.page.AuthRealm; import org.keycloak.testsuite.auth.page.AuthRealm;
@ -83,6 +85,11 @@ public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
public static final String CLIENT_NAME = "application"; public static final String CLIENT_NAME = "application";
@BeforeClass
public static void enabled() {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
}
@Override @Override
public void addTestRealms(List<RealmRepresentation> testRealms) { public void addTestRealms(List<RealmRepresentation> testRealms) {
RealmRepresentation testRealmRep = new RealmRepresentation(); RealmRepresentation testRealmRep = new RealmRepresentation();

View file

@ -16,13 +16,16 @@
*/ */
package org.keycloak.testsuite.admin; package org.keycloak.testsuite.admin;
import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.GroupResource; import org.keycloak.admin.client.resource.GroupResource;
import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.RoleResource; import org.keycloak.admin.client.resource.RoleResource;
import org.keycloak.common.Profile;
import org.keycloak.representations.idm.*; import org.keycloak.representations.idm.*;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.ProfileAssume;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
@ -35,6 +38,11 @@ import static org.junit.Assert.assertTrue;
*/ */
public class ManagementPermissionsTest extends AbstractTestRealmKeycloakTest { public class ManagementPermissionsTest extends AbstractTestRealmKeycloakTest {
@BeforeClass
public static void enabled() {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
}
@Override @Override
public void configureTestRealm(RealmRepresentation testRealm) { public void configureTestRealm(RealmRepresentation testRealm) {

View file

@ -21,11 +21,13 @@ import org.hamcrest.Matchers;
import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataOutput; import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataOutput;
import org.junit.AfterClass; import org.junit.AfterClass;
import org.junit.Before; import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Rule; import org.junit.Rule;
import org.junit.Test; import org.junit.Test;
import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.AuthorizationResource; import org.keycloak.admin.client.resource.AuthorizationResource;
import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.common.Profile;
import org.keycloak.models.AdminRoles; import org.keycloak.models.AdminRoles;
import org.keycloak.models.Constants; import org.keycloak.models.Constants;
import org.keycloak.models.credential.OTPCredentialModel; import org.keycloak.models.credential.OTPCredentialModel;
@ -58,6 +60,7 @@ import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.services.resources.admin.AdminAuth.Resource; import org.keycloak.services.resources.admin.AdminAuth.Resource;
import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.util.AdminClientUtil; import org.keycloak.testsuite.util.AdminClientUtil;
import org.keycloak.testsuite.util.ClientBuilder; import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.CredentialBuilder; import org.keycloak.testsuite.util.CredentialBuilder;
@ -99,6 +102,10 @@ public class PermissionsTest extends AbstractKeycloakTest {
@Rule public GreenMailRule greenMailRule = new GreenMailRule(); @Rule public GreenMailRule greenMailRule = new GreenMailRule();
@BeforeClass
public static void enabled() {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
}
// Remove all realms before first run // Remove all realms before first run
@Override @Override

View file

@ -18,10 +18,12 @@
package org.keycloak.testsuite.admin; package org.keycloak.testsuite.admin;
import org.junit.Before; import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.AuthorizationResource; import org.keycloak.admin.client.resource.AuthorizationResource;
import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.common.Profile;
import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.GroupRepresentation; import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.representations.idm.ManagementPermissionRepresentation; import org.keycloak.representations.idm.ManagementPermissionRepresentation;
@ -31,6 +33,7 @@ import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.PolicyRepresentation; import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation; import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation;
import org.keycloak.representations.idm.authorization.UserPolicyRepresentation; import org.keycloak.representations.idm.authorization.UserPolicyRepresentation;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.util.AdminClientUtil; import org.keycloak.testsuite.util.AdminClientUtil;
import java.io.IOException; import java.io.IOException;
@ -167,12 +170,16 @@ public class UsersTest extends AbstractAdminTest {
@Test @Test
public void countUsersWithGroupViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException { public void countUsersWithGroupViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
RealmResource testRealmResource = setupTestEnvironmentWithPermissions(true); RealmResource testRealmResource = setupTestEnvironmentWithPermissions(true);
assertThat(testRealmResource.users().count(), is(3)); assertThat(testRealmResource.users().count(), is(3));
} }
@Test @Test
public void countUsersBySearchWithGroupViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException { public void countUsersBySearchWithGroupViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
RealmResource testRealmResource = setupTestEnvironmentWithPermissions(true); RealmResource testRealmResource = setupTestEnvironmentWithPermissions(true);
//search all //search all
assertThat(testRealmResource.users().count("user"), is(3)); assertThat(testRealmResource.users().count("user"), is(3));
@ -195,6 +202,8 @@ public class UsersTest extends AbstractAdminTest {
@Test @Test
public void countUsersByFiltersWithGroupViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException { public void countUsersByFiltersWithGroupViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
RealmResource testRealmResource = setupTestEnvironmentWithPermissions(true); RealmResource testRealmResource = setupTestEnvironmentWithPermissions(true);
//search username //search username
assertThat(testRealmResource.users().count(null, null, null, "user"), is(3)); assertThat(testRealmResource.users().count(null, null, null, "user"), is(3));
@ -230,12 +239,16 @@ public class UsersTest extends AbstractAdminTest {
@Test @Test
public void countUsersWithNoViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException { public void countUsersWithNoViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
RealmResource testRealmResource = setupTestEnvironmentWithPermissions(false); RealmResource testRealmResource = setupTestEnvironmentWithPermissions(false);
assertThat(testRealmResource.users().count(), is(0)); assertThat(testRealmResource.users().count(), is(0));
} }
@Test @Test
public void countUsersBySearchWithNoViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException { public void countUsersBySearchWithNoViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
RealmResource testRealmResource = setupTestEnvironmentWithPermissions(false); RealmResource testRealmResource = setupTestEnvironmentWithPermissions(false);
//search all //search all
assertThat(testRealmResource.users().count("user"), is(0)); assertThat(testRealmResource.users().count("user"), is(0));
@ -258,6 +271,8 @@ public class UsersTest extends AbstractAdminTest {
@Test @Test
public void countUsersByFiltersWithNoViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException { public void countUsersByFiltersWithNoViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
RealmResource testRealmResource = setupTestEnvironmentWithPermissions(false); RealmResource testRealmResource = setupTestEnvironmentWithPermissions(false);
//search username //search username
assertThat(testRealmResource.users().count(null, null, null, "user"), is(0)); assertThat(testRealmResource.users().count(null, null, null, "user"), is(0));

View file

@ -26,6 +26,7 @@ import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.ParserConfigurationException;
import org.junit.After; import org.junit.After;
import org.junit.Before; import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.events.admin.OperationType; import org.keycloak.events.admin.OperationType;
@ -34,6 +35,7 @@ import org.keycloak.protocol.saml.SamlConfigAttributes;
import org.keycloak.protocol.saml.SamlProtocol; import org.keycloak.protocol.saml.SamlProtocol;
import org.keycloak.protocol.saml.installation.SamlSPDescriptorClientInstallation; import org.keycloak.protocol.saml.installation.SamlSPDescriptorClientInstallation;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants; import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.updaters.ClientAttributeUpdater; import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
import org.keycloak.testsuite.util.AdminEventPaths; import org.keycloak.testsuite.util.AdminEventPaths;
@ -46,6 +48,7 @@ import org.xml.sax.SAXException;
import javax.ws.rs.NotFoundException; import javax.ws.rs.NotFoundException;
import static org.junit.Assert.assertThat; import static org.junit.Assert.assertThat;
import static org.hamcrest.Matchers.*; import static org.hamcrest.Matchers.*;
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
import static org.keycloak.testsuite.util.ServerURLs.getAuthServerContextRoot; import static org.keycloak.testsuite.util.ServerURLs.getAuthServerContextRoot;
import static org.keycloak.saml.common.constants.JBossSAMLURIConstants.METADATA_NSURI; import static org.keycloak.saml.common.constants.JBossSAMLURIConstants.METADATA_NSURI;
@ -71,6 +74,11 @@ public class InstallationTest extends AbstractClientTest {
private ClientResource samlClient; private ClientResource samlClient;
private String samlClientId; private String samlClientId;
@BeforeClass
public static void enabled() {
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
}
@Before @Before
public void createClients() { public void createClients() {
oidcClientId = createOidcClient(OIDC_NAME); oidcClientId = createOidcClient(OIDC_NAME);

View file

@ -38,6 +38,7 @@ import org.keycloak.testsuite.util.UserBuilder;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS; import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS;
import java.util.List; import java.util.List;
@ -50,6 +51,11 @@ public abstract class AbstractAuthorizationTest extends AbstractClientTest {
protected static final String RESOURCE_SERVER_CLIENT_ID = "resource-server-test"; protected static final String RESOURCE_SERVER_CLIENT_ID = "resource-server-test";
@BeforeClass
public static void enabled() {
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
}
@Override @Override
public void setDefaultPageUriParameters() { public void setDefaultPageUriParameters() {
super.setDefaultPageUriParameters(); super.setDefaultPageUriParameters();

View file

@ -20,6 +20,7 @@ import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull; import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
import java.io.IOException; import java.io.IOException;
import java.util.ArrayList; import java.util.ArrayList;
@ -52,6 +53,11 @@ import org.keycloak.testsuite.util.UserBuilder;
*/ */
public abstract class AbstractPolicyManagementTest extends AbstractKeycloakTest { public abstract class AbstractPolicyManagementTest extends AbstractKeycloakTest {
@BeforeClass
public static void enabled() {
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
}
@Override @Override
public void addTestRealms(List<RealmRepresentation> testRealms) { public void addTestRealms(List<RealmRepresentation> testRealms) {
testRealms.add(createTestRealm().build()); testRealms.add(createTestRealm().build());

View file

@ -0,0 +1,56 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.admin.client.authorization;
import org.junit.BeforeClass;
import org.junit.Test;
import org.keycloak.common.Profile;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.admin.client.AbstractClientTest;
import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected;
import javax.ws.rs.ServerErrorException;
import javax.ws.rs.core.Response;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.fail;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class AuthorizationDisabledInPreviewTest extends AbstractClientTest {
@BeforeClass
public static void enabled() {
ProfileAssume.assumeFeatureDisabled(Profile.Feature.AUTHORIZATION);
}
@Test
@UncaughtServerErrorExpected
public void testAuthzServicesRemoved() {
String id = testRealmResource().clients().findAll().get(0).getId();
try {
testRealmResource().clients().get(id).authorization().getSettings();
} catch (ServerErrorException e) {
assertEquals(Response.Status.NOT_IMPLEMENTED.getStatusCode(), e.getResponse().getStatus());
return;
}
fail("Feature Authorization should be disabled.");
}
}

View file

@ -19,6 +19,7 @@ package org.keycloak.testsuite.admin.client.authorization;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull; import static org.junit.Assert.assertNull;
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
import static org.keycloak.testsuite.utils.io.IOUtil.loadRealm; import static org.keycloak.testsuite.utils.io.IOUtil.loadRealm;
import java.io.BufferedInputStream; import java.io.BufferedInputStream;
@ -62,6 +63,7 @@ import org.keycloak.representations.IDToken;
import org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig; import org.keycloak.representations.adapters.config.PolicyEnforcerConfig.PathConfig;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;
@ -74,6 +76,11 @@ public class ClaimInformationPointProviderTest extends AbstractKeycloakTest {
private static Undertow httpService; private static Undertow httpService;
@BeforeClass
public static void enabled() {
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
}
@BeforeClass @BeforeClass
public static void onBeforeClass() { public static void onBeforeClass() {
httpService = Undertow.builder().addHttpListener(8989, "localhost").setHandler(exchange -> { httpService = Undertow.builder().addHttpListener(8989, "localhost").setHandler(exchange -> {

View file

@ -16,6 +16,7 @@
*/ */
package org.keycloak.testsuite.admin.client.authorization; package org.keycloak.testsuite.admin.client.authorization;
import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import org.keycloak.adapters.KeycloakDeployment; import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.KeycloakDeploymentBuilder; import org.keycloak.adapters.KeycloakDeploymentBuilder;
@ -30,8 +31,12 @@ import java.util.Map;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNotNull;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
import static org.keycloak.testsuite.utils.io.IOUtil.loadRealm; import static org.keycloak.testsuite.utils.io.IOUtil.loadRealm;
/** /**
@ -40,6 +45,11 @@ import static org.keycloak.testsuite.utils.io.IOUtil.loadRealm;
@AuthServerContainerExclude(AuthServer.REMOTE) @AuthServerContainerExclude(AuthServer.REMOTE)
public class EnforcerConfigTest extends AbstractKeycloakTest { public class EnforcerConfigTest extends AbstractKeycloakTest {
@BeforeClass
public static void enabled() {
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
}
@Override @Override
public void addTestRealms(List<RealmRepresentation> testRealms) { public void addTestRealms(List<RealmRepresentation> testRealms) {
RealmRepresentation realm = loadRealm(getClass().getResourceAsStream("/authorization-test/test-authz-realm.json")); RealmRepresentation realm = loadRealm(getClass().getResourceAsStream("/authorization-test/test-authz-realm.json"));

View file

@ -20,6 +20,7 @@ import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS; import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS;
import java.io.BufferedInputStream; import java.io.BufferedInputStream;
@ -36,6 +37,7 @@ import java.util.stream.Collectors;
import javax.security.cert.X509Certificate; import javax.security.cert.X509Certificate;
import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import org.keycloak.AuthorizationContext; import org.keycloak.AuthorizationContext;
import org.keycloak.KeycloakSecurityContext; import org.keycloak.KeycloakSecurityContext;
@ -65,6 +67,7 @@ import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation; import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation; import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature; import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
@ -84,6 +87,11 @@ public class PolicyEnforcerClaimsTest extends AbstractKeycloakTest {
protected static final String REALM_NAME = "authz-test"; protected static final String REALM_NAME = "authz-test";
@BeforeClass
public static void enabled() {
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
}
@Override @Override
public void addTestRealms(List<RealmRepresentation> testRealms) { public void addTestRealms(List<RealmRepresentation> testRealms) {
testRealms.add(RealmBuilder.create().name(REALM_NAME) testRealms.add(RealmBuilder.create().name(REALM_NAME)

View file

@ -21,6 +21,7 @@ import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail; import static org.junit.Assert.fail;
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS; import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS;
import javax.security.cert.X509Certificate; import javax.security.cert.X509Certificate;
@ -43,6 +44,7 @@ import java.util.stream.Collectors;
import org.junit.Assert; import org.junit.Assert;
import org.junit.Before; import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import org.keycloak.AuthorizationContext; import org.keycloak.AuthorizationContext;
import org.keycloak.KeycloakSecurityContext; import org.keycloak.KeycloakSecurityContext;
@ -81,6 +83,7 @@ import org.keycloak.representations.idm.authorization.RolePolicyRepresentation;
import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation; import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation; import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature; import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
@ -101,6 +104,11 @@ public class PolicyEnforcerTest extends AbstractKeycloakTest {
private static final String RESOURCE_SERVER_CLIENT_ID = "resource-server-test"; private static final String RESOURCE_SERVER_CLIENT_ID = "resource-server-test";
private static final String REALM_NAME = "authz-test"; private static final String REALM_NAME = "authz-test";
@BeforeClass
public static void enabled() {
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
}
@Override @Override
public void addTestRealms(List<RealmRepresentation> testRealms) { public void addTestRealms(List<RealmRepresentation> testRealms) {
testRealms.add(RealmBuilder.create().name(REALM_NAME) testRealms.add(RealmBuilder.create().name(REALM_NAME)

View file

@ -25,6 +25,7 @@ import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.IdentityProviderResource; import org.keycloak.admin.client.resource.IdentityProviderResource;
import org.keycloak.admin.client.resource.RoleResource; import org.keycloak.admin.client.resource.RoleResource;
import org.keycloak.admin.client.resource.UserResource; import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.common.Profile;
import org.keycloak.events.admin.OperationType; import org.keycloak.events.admin.OperationType;
import org.keycloak.partialimport.PartialImportResult; import org.keycloak.partialimport.PartialImportResult;
import org.keycloak.partialimport.PartialImportResults; import org.keycloak.partialimport.PartialImportResults;
@ -40,6 +41,7 @@ import org.keycloak.representations.idm.RolesRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AbstractAuthTest; import org.keycloak.testsuite.AbstractAuthTest;
import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature; import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.util.AssertAdminEvents; import org.keycloak.testsuite.util.AssertAdminEvents;
@ -65,6 +67,7 @@ import org.keycloak.common.constants.ServiceAccountConstants;
import org.keycloak.partialimport.ResourceType; import org.keycloak.partialimport.ResourceType;
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation; import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS; import static org.keycloak.common.Profile.Feature.UPLOAD_SCRIPTS;
import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER; import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;
@ -469,6 +472,8 @@ public class PartialImportTest extends AbstractAuthTest {
@EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true) @EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
@Test @Test
public void testAddClientsWithServiceAccountsAndAuthorization() throws IOException { public void testAddClientsWithServiceAccountsAndAuthorization() throws IOException {
ProfileAssume.assumeFeatureDisabled(Profile.Feature.AUTHORIZATION);
setFail(); setFail();
addClients(true); addClients(true);
@ -482,12 +487,16 @@ public class PartialImportTest extends AbstractAuthTest {
ClientRepresentation client = clientRsc.toRepresentation(); ClientRepresentation client = clientRsc.toRepresentation();
assertTrue(client.getName().startsWith(CLIENT_PREFIX)); assertTrue(client.getName().startsWith(CLIENT_PREFIX));
Assert.assertTrue(client.isServiceAccountsEnabled()); Assert.assertTrue(client.isServiceAccountsEnabled());
if (ProfileAssume.isFeatureEnabled(AUTHORIZATION)) {
Assert.assertTrue(client.getAuthorizationServicesEnabled()); Assert.assertTrue(client.getAuthorizationServicesEnabled());
AuthorizationResource authRsc = clientRsc.authorization(); AuthorizationResource authRsc = clientRsc.authorization();
ResourceServerRepresentation authRep = authRsc.exportSettings(); ResourceServerRepresentation authRep = authRsc.exportSettings();
Assert.assertNotNull(authRep); Assert.assertNotNull(authRep);
Assert.assertEquals(2, authRep.getResources().size()); Assert.assertEquals(2, authRep.getResources().size());
Assert.assertEquals(3, authRep.getPolicies().size()); Assert.assertEquals(3, authRep.getPolicies().size());
} else {
Assert.assertNull(client.getAuthorizationServicesEnabled());
}
} else { } else {
UserResource userRsc = testRealmResource().users().get(result.getId()); UserResource userRsc = testRealmResource().users().get(result.getId());
Assert.assertTrue(userRsc.toRepresentation().getUsername().startsWith( Assert.assertTrue(userRsc.toRepresentation().getUsername().startsWith(

View file

@ -25,6 +25,7 @@ import org.junit.rules.ExpectedException;
import org.keycloak.OAuth2Constants; import org.keycloak.OAuth2Constants;
import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.common.Profile;
import org.keycloak.common.util.Time; import org.keycloak.common.util.Time;
import org.keycloak.events.EventType; import org.keycloak.events.EventType;
import org.keycloak.events.admin.OperationType; import org.keycloak.events.admin.OperationType;
@ -47,6 +48,7 @@ import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.admin.AbstractAdminTest; import org.keycloak.testsuite.admin.AbstractAdminTest;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
@ -439,7 +441,11 @@ public class RealmTest extends AbstractAdminTest {
assertEquals(Boolean.TRUE, rep.isRegistrationAllowed()); assertEquals(Boolean.TRUE, rep.isRegistrationAllowed());
assertEquals(Boolean.TRUE, rep.isRegistrationEmailAsUsername()); assertEquals(Boolean.TRUE, rep.isRegistrationEmailAsUsername());
assertEquals(Boolean.TRUE, rep.isEditUsernameAllowed()); assertEquals(Boolean.TRUE, rep.isEditUsernameAllowed());
if (ProfileAssume.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
assertEquals(Boolean.TRUE, rep.isUserManagedAccessAllowed()); assertEquals(Boolean.TRUE, rep.isUserManagedAccessAllowed());
} else {
assertEquals(Boolean.FALSE, rep.isUserManagedAccessAllowed());
}
// second change // second change
rep.setRegistrationAllowed(false); rep.setRegistrationAllowed(false);

View file

@ -1,18 +1,27 @@
package org.keycloak.testsuite.authz; package org.keycloak.testsuite.authz;
import org.junit.BeforeClass;
import org.keycloak.common.Profile; import org.keycloak.common.Profile;
import org.keycloak.jose.jws.JWSInput; import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.JWSInputException; import org.keycloak.jose.jws.JWSInputException;
import org.keycloak.representations.AccessToken; import org.keycloak.representations.AccessToken;
import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature; import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
/** /**
* @author mhajas * @author mhajas
*/ */
@EnableFeature(value = Profile.Feature.UPLOAD_SCRIPTS, skipRestart = true) @EnableFeature(value = Profile.Feature.UPLOAD_SCRIPTS, skipRestart = true)
public abstract class AbstractAuthzTest extends AbstractKeycloakTest { public abstract class AbstractAuthzTest extends AbstractKeycloakTest {
@BeforeClass
public static void enabled() {
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
}
protected AccessToken toAccessToken(String rpt) { protected AccessToken toAccessToken(String rpt) {
AccessToken accessToken; AccessToken accessToken;

View file

@ -49,6 +49,7 @@ import org.keycloak.services.resources.admin.permissions.AdminPermissionManageme
import org.keycloak.services.resources.admin.permissions.AdminPermissions; import org.keycloak.services.resources.admin.permissions.AdminPermissions;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.actions.DummyRequiredActionFactory; import org.keycloak.testsuite.actions.DummyRequiredActionFactory;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
@ -69,6 +70,8 @@ import java.util.stream.Collectors;
import org.junit.Assume; import org.junit.Assume;
import org.junit.BeforeClass; import org.junit.BeforeClass;
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
/** /**
* Test that clients can override auth flows * Test that clients can override auth flows
* *
@ -86,6 +89,11 @@ public class KcinitTest extends AbstractTestRealmKeycloakTest {
@Page @Page
protected LoginPage loginPage; protected LoginPage loginPage;
@BeforeClass
public static void enabled() {
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
}
@Override @Override
public void configureTestRealm(RealmRepresentation testRealm) { public void configureTestRealm(RealmRepresentation testRealm) {
} }

View file

@ -11,6 +11,7 @@ import org.keycloak.admin.client.resource.ClientsResource;
import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.client.registration.cli.config.ConfigData; import org.keycloak.client.registration.cli.config.ConfigData;
import org.keycloak.client.registration.cli.config.FileConfigHandler; import org.keycloak.client.registration.cli.config.FileConfigHandler;
import org.keycloak.common.Profile;
import org.keycloak.common.constants.ServiceAccountConstants; import org.keycloak.common.constants.ServiceAccountConstants;
import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.RoleRepresentation;
@ -18,6 +19,7 @@ import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.authorization.PolicyEnforcementMode; import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation; import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
import org.keycloak.representations.oidc.OIDCClientRepresentation; import org.keycloak.representations.oidc.OIDCClientRepresentation;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.cli.KcRegExec; import org.keycloak.testsuite.cli.KcRegExec;
import org.keycloak.testsuite.util.TempFileResource; import org.keycloak.testsuite.util.TempFileResource;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;
@ -237,6 +239,8 @@ public class KcRegCreateTest extends AbstractRegCliTest {
@Test @Test
public void testCreateWithAuthorizationServices() throws IOException { public void testCreateWithAuthorizationServices() throws IOException {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
FileConfigHandler handler = initCustomConfigFile(); FileConfigHandler handler = initCustomConfigFile();
try (TempFileResource configFile = new TempFileResource(handler.getConfigFile())) { try (TempFileResource configFile = new TempFileResource(handler.getConfigFile())) {

View file

@ -22,6 +22,7 @@ import java.util.concurrent.atomic.AtomicInteger;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.ResourcesResource; import org.keycloak.admin.client.resource.ResourcesResource;
@ -35,6 +36,8 @@ import org.keycloak.common.util.Retry;
import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
/** /**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a> * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/ */
@ -182,6 +185,8 @@ public class InvalidationCrossDCTest extends AbstractAdminCrossDCTest {
@Test @Test
public void authzResourceInvalidationTest() throws Exception { public void authzResourceInvalidationTest() throws Exception {
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
enableDcOnLoadBalancer(DC.FIRST); enableDcOnLoadBalancer(DC.FIRST);
enableDcOnLoadBalancer(DC.SECOND); enableDcOnLoadBalancer(DC.SECOND);

View file

@ -25,6 +25,7 @@ import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.ClientScopeResource; import org.keycloak.admin.client.resource.ClientScopeResource;
import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.UserResource; import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.common.Profile;
import org.keycloak.common.constants.KerberosConstants; import org.keycloak.common.constants.KerberosConstants;
import org.keycloak.models.Constants; import org.keycloak.models.Constants;
import org.keycloak.models.LDAPConstants; import org.keycloak.models.LDAPConstants;
@ -57,6 +58,7 @@ import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.ldap.mappers.FullNameLDAPStorageMapper; import org.keycloak.storage.ldap.mappers.FullNameLDAPStorageMapper;
import org.keycloak.storage.ldap.mappers.FullNameLDAPStorageMapperFactory; import org.keycloak.storage.ldap.mappers.FullNameLDAPStorageMapperFactory;
import org.keycloak.storage.ldap.mappers.LDAPStorageMapper; import org.keycloak.storage.ldap.mappers.LDAPStorageMapper;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.client.KeycloakTestingClient; import org.keycloak.testsuite.client.KeycloakTestingClient;
import org.keycloak.testsuite.util.RealmRepUtil; import org.keycloak.testsuite.util.RealmRepUtil;
@ -423,9 +425,11 @@ public class ExportImportUtil {
Assert.assertTrue(containsRole(allRoles, findClientRole(realmRsc, otherApp.getId(), "otherapp-user"))); Assert.assertTrue(containsRole(allRoles, findClientRole(realmRsc, otherApp.getId(), "otherapp-user")));
Assert.assertTrue(containsRole(allRoles, findClientRole(realmRsc, otherApp.getId(), "otherapp-admin"))); Assert.assertTrue(containsRole(allRoles, findClientRole(realmRsc, otherApp.getId(), "otherapp-admin")));
if(ProfileAssume.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
assertAuthorizationSettingsOtherApp(realmRsc); assertAuthorizationSettingsOtherApp(realmRsc);
assertAuthorizationSettingsTestAppAuthz(realmRsc); assertAuthorizationSettingsTestAppAuthz(realmRsc);
} }
}
private static boolean isClientScopeGranted(Map<String, Object> consent, String... clientScopeNames) { private static boolean isClientScopeGranted(Map<String, Object> consent, String... clientScopeNames) {

View file

@ -50,6 +50,8 @@ import java.io.IOException;
import java.util.Map; import java.util.Map;
import java.util.UUID; import java.util.UUID;
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
/** /**
* Tests for {@link org.keycloak.authentication.authenticators.browser.ScriptBasedAuthenticator} * Tests for {@link org.keycloak.authentication.authenticators.browser.ScriptBasedAuthenticator}
* *
@ -70,6 +72,11 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
public static final String EXECUTION_ID = "scriptAuth"; public static final String EXECUTION_ID = "scriptAuth";
@BeforeClass
public static void enabled() {
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
}
@Override @Override
public void configureTestRealm(RealmRepresentation testRealm) { public void configureTestRealm(RealmRepresentation testRealm) {

View file

@ -31,6 +31,7 @@ import org.keycloak.authentication.authenticators.broker.IdpUsernamePasswordForm
import org.keycloak.authentication.authenticators.browser.OTPFormAuthenticatorFactory; import org.keycloak.authentication.authenticators.browser.OTPFormAuthenticatorFactory;
import org.keycloak.authentication.authenticators.conditional.ConditionalUserConfiguredAuthenticatorFactory; import org.keycloak.authentication.authenticators.conditional.ConditionalUserConfiguredAuthenticatorFactory;
import org.keycloak.broker.provider.util.SimpleHttp; import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.common.Profile;
import org.keycloak.common.constants.KerberosConstants; import org.keycloak.common.constants.KerberosConstants;
import org.keycloak.component.PrioritizedComponentModel; import org.keycloak.component.PrioritizedComponentModel;
import org.keycloak.keys.KeyProvider; import org.keycloak.keys.KeyProvider;
@ -63,6 +64,7 @@ import org.keycloak.representations.idm.authorization.ResourceServerRepresentati
import org.keycloak.storage.UserStorageProvider; import org.keycloak.storage.UserStorageProvider;
import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.exportimport.ExportImportUtil; import org.keycloak.testsuite.exportimport.ExportImportUtil;
import org.keycloak.testsuite.runonserver.RunHelpers; import org.keycloak.testsuite.runonserver.RunHelpers;
@ -567,6 +569,8 @@ public abstract class AbstractMigrationTest extends AbstractKeycloakTest {
} }
private void testResourceWithMultipleUris() { private void testResourceWithMultipleUris() {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
ClientsResource clients = migrationRealm.clients(); ClientsResource clients = migrationRealm.clients();
ClientRepresentation clientRepresentation = clients.findByClientId("authz-servlet").get(0); ClientRepresentation clientRepresentation = clients.findByClientId("authz-servlet").get(0);
ResourceRepresentation resource = clients.get(clientRepresentation.getId()).authorization().resources().findByName("Protected Resource").get(0); ResourceRepresentation resource = clients.get(clientRepresentation.getId()).authorization().resources().findByName("Protected Resource").get(0);

View file

@ -17,8 +17,10 @@
package org.keycloak.testsuite.migration; package org.keycloak.testsuite.migration;
import org.junit.Test; import org.junit.Test;
import org.keycloak.common.Profile;
import org.keycloak.exportimport.util.ImportUtils; import org.keycloak.exportimport.util.ImportUtils;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.utils.io.IOUtil; import org.keycloak.testsuite.utils.io.IOUtil;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;
@ -53,7 +55,7 @@ public class JsonFileImport483MigrationTest extends AbstractJsonFileImportMigrat
checkRealmsImported(); checkRealmsImported();
testMigrationTo5_x(); testMigrationTo5_x();
testMigrationTo6_x(); testMigrationTo6_x();
testMigrationTo7_x(true); testMigrationTo7_x(ProfileAssume.isFeatureEnabled(Profile.Feature.AUTHORIZATION));
testMigrationTo8_x(); testMigrationTo8_x();
testMigrationTo9_x(); testMigrationTo9_x();
testMigrationTo12_x(true); testMigrationTo12_x(true);

View file

@ -24,6 +24,7 @@ import org.junit.Test;
import org.junit.runners.MethodSorters; import org.junit.runners.MethodSorters;
import org.keycloak.authorization.AuthorizationProvider; import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.ResourceServer; import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.common.Profile;
import org.keycloak.models.ClientModel; import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants; import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
@ -31,6 +32,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager; import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
import org.keycloak.testsuite.runonserver.RunOnServerException; import org.keycloak.testsuite.runonserver.RunOnServerException;
@ -122,6 +124,8 @@ public class ImportTest extends AbstractTestRealmKeycloakTest {
// KEYCLOAK-12640 // KEYCLOAK-12640
@Test @Test
public void importAuthorizationSettings() throws Exception { public void importAuthorizationSettings() throws Exception {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
RealmRepresentation testRealm = loadJson(getClass().getResourceAsStream("/model/authz-bug.json"), RealmRepresentation.class); RealmRepresentation testRealm = loadJson(getClass().getResourceAsStream("/model/authz-bug.json"), RealmRepresentation.class);
adminClient.realms().create(testRealm); adminClient.realms().create(testRealm);

View file

@ -17,6 +17,7 @@
package org.keycloak.testsuite.oauth; package org.keycloak.testsuite.oauth;
import org.junit.BeforeClass;
import org.junit.Rule; import org.junit.Rule;
import org.junit.Test; import org.junit.Test;
import org.keycloak.OAuth2Constants; import org.keycloak.OAuth2Constants;
@ -46,6 +47,7 @@ import org.keycloak.services.resources.admin.permissions.AdminPermissions;
import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature; import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
@ -66,6 +68,7 @@ import java.util.Map;
import static org.hamcrest.Matchers.instanceOf; import static org.hamcrest.Matchers.instanceOf;
import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull; import static org.junit.Assert.assertNull;
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
import static org.keycloak.models.ImpersonationSessionNote.IMPERSONATOR_ID; import static org.keycloak.models.ImpersonationSessionNote.IMPERSONATOR_ID;
import static org.keycloak.models.ImpersonationSessionNote.IMPERSONATOR_USERNAME; import static org.keycloak.models.ImpersonationSessionNote.IMPERSONATOR_USERNAME;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
@ -82,6 +85,11 @@ public class ClientTokenExchangeTest extends AbstractKeycloakTest {
@Rule @Rule
public AssertEvents events = new AssertEvents(this); public AssertEvents events = new AssertEvents(this);
@BeforeClass
public static void enabled() {
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
}
@Test @Test
@UncaughtServerErrorExpected @UncaughtServerErrorExpected
@DisableFeature(value = Profile.Feature.TOKEN_EXCHANGE, skipRestart = true) @DisableFeature(value = Profile.Feature.TOKEN_EXCHANGE, skipRestart = true)

View file

@ -18,11 +18,14 @@ package org.keycloak.testsuite.console.authorization;
import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
import static org.keycloak.common.Profile.Feature.AUTHORIZATION;
import static org.keycloak.testsuite.auth.page.login.Login.OIDC; import static org.keycloak.testsuite.auth.page.login.Login.OIDC;
import org.jboss.arquillian.graphene.page.Page; import org.jboss.arquillian.graphene.page.Page;
import org.junit.Before; import org.junit.Before;
import org.junit.BeforeClass;
import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.console.clients.AbstractClientTest; import org.keycloak.testsuite.console.clients.AbstractClientTest;
import org.keycloak.testsuite.console.page.clients.authorization.Authorization; import org.keycloak.testsuite.console.page.clients.authorization.Authorization;
import org.keycloak.testsuite.console.page.clients.settings.ClientSettings; import org.keycloak.testsuite.console.page.clients.settings.ClientSettings;
@ -42,6 +45,11 @@ public abstract class AbstractAuthorizationSettingsTest extends AbstractClientTe
protected ClientRepresentation newClient; protected ClientRepresentation newClient;
@BeforeClass
public static void enabled() {
ProfileAssume.assumeFeatureEnabled(AUTHORIZATION);
}
@Before @Before
public void configureTest() { public void configureTest() {
this.newClient = createResourceServer(); this.newClient = createResourceServer();

View file

@ -161,7 +161,7 @@
on-text="{{:: 'onText' | translate}}" off-text="{{:: 'offText' | translate}}" /> on-text="{{:: 'onText' | translate}}" off-text="{{:: 'offText' | translate}}" />
</div> </div>
</div> </div>
<div class="form-group" data-ng-show="protocol == 'openid-connect' && !clientEdit.publicClient && !clientEdit.bearerOnly"> <div class="form-group" data-ng-show="serverInfo.featureEnabled('AUTHORIZATION') && protocol == 'openid-connect' && !clientEdit.publicClient && !clientEdit.bearerOnly">
<label class="col-md-2 control-label" for="authorizationServicesEnabled">{{:: 'authz-authorization-services-enabled' | translate}}</label> <label class="col-md-2 control-label" for="authorizationServicesEnabled">{{:: 'authz-authorization-services-enabled' | translate}}</label>
<kc-tooltip>{{:: 'authz-authorization-services-enabled.tooltip' | translate}}</kc-tooltip> <kc-tooltip>{{:: 'authz-authorization-services-enabled.tooltip' | translate}}</kc-tooltip>
<div class="col-md-6"> <div class="col-md-6">

View file

@ -47,7 +47,7 @@
<kc-tooltip>{{:: 'realm-detail.enabled.tooltip' | translate}}</kc-tooltip> <kc-tooltip>{{:: 'realm-detail.enabled.tooltip' | translate}}</kc-tooltip>
</div> </div>
<div class="form-group"> <div class="form-group" data-ng-show="serverInfo.featureEnabled('AUTHORIZATION')">
<label class="col-md-2 control-label" for="userManagedAccessAllowed">{{:: 'userManagedAccess' | translate}}</label> <label class="col-md-2 control-label" for="userManagedAccessAllowed">{{:: 'userManagedAccess' | translate}}</label>
<div class="col-md-6"> <div class="col-md-6">
<input ng-model="realm.userManagedAccessAllowed" name="userManagedAccessAllowed" id="userManagedAccessAllowed" onoffswitch on-text="{{:: 'onText' | translate}}" off-text="{{:: 'offText' | translate}}" /> <input ng-model="realm.userManagedAccessAllowed" name="userManagedAccessAllowed" id="userManagedAccessAllowed" onoffswitch on-text="{{:: 'onText' | translate}}" off-text="{{:: 'offText' | translate}}" />