[KEYCLOAK-8289] - Remove authorization services from product preview profile
This commit is contained in:
parent
723ba42264
commit
43f5983613
35 changed files with 27 additions and 220 deletions
|
@ -34,7 +34,7 @@ public class Profile {
|
||||||
|
|
||||||
public enum Feature {
|
public enum Feature {
|
||||||
ACCOUNT2,
|
ACCOUNT2,
|
||||||
AUTHORIZATION,
|
ADMIN_FINE_GRAINED_AUTHZ,
|
||||||
DOCKER,
|
DOCKER,
|
||||||
IMPERSONATION,
|
IMPERSONATION,
|
||||||
OPENSHIFT_INTEGRATION,
|
OPENSHIFT_INTEGRATION,
|
||||||
|
@ -54,7 +54,7 @@ public class Profile {
|
||||||
}
|
}
|
||||||
|
|
||||||
private enum ProfileValue {
|
private enum ProfileValue {
|
||||||
PRODUCT(Feature.AUTHORIZATION, Feature.SCRIPTS, Feature.DOCKER, Feature.ACCOUNT2, Feature.TOKEN_EXCHANGE),
|
PRODUCT(Feature.ADMIN_FINE_GRAINED_AUTHZ, Feature.SCRIPTS, Feature.DOCKER, Feature.ACCOUNT2, Feature.TOKEN_EXCHANGE),
|
||||||
PREVIEW(Feature.ACCOUNT2),
|
PREVIEW(Feature.ACCOUNT2),
|
||||||
COMMUNITY(Feature.DOCKER, Feature.ACCOUNT2);
|
COMMUNITY(Feature.DOCKER, Feature.ACCOUNT2);
|
||||||
|
|
||||||
|
|
|
@ -547,14 +547,12 @@ public class ModelToRepresentation {
|
||||||
rep.setProtocolMappers(mappings);
|
rep.setProtocolMappers(mappings);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
|
|
||||||
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
|
AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
|
||||||
ResourceServer resourceServer = authorization.getStoreFactory().getResourceServerStore().findById(clientModel.getId());
|
ResourceServer resourceServer = authorization.getStoreFactory().getResourceServerStore().findById(clientModel.getId());
|
||||||
|
|
||||||
if (resourceServer != null) {
|
if (resourceServer != null) {
|
||||||
rep.setAuthorizationServicesEnabled(true);
|
rep.setAuthorizationServicesEnabled(true);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
return rep;
|
return rep;
|
||||||
}
|
}
|
||||||
|
|
|
@ -257,8 +257,6 @@ public class RealmsResource {
|
||||||
|
|
||||||
@Path("{realm}/authz")
|
@Path("{realm}/authz")
|
||||||
public Object getAuthorizationService(@PathParam("realm") String name) {
|
public Object getAuthorizationService(@PathParam("realm") String name) {
|
||||||
ProfileHelper.requireFeature(Profile.Feature.AUTHORIZATION);
|
|
||||||
|
|
||||||
init(name);
|
init(name);
|
||||||
AuthorizationProvider authorization = this.session.getProvider(AuthorizationProvider.class);
|
AuthorizationProvider authorization = this.session.getProvider(AuthorizationProvider.class);
|
||||||
AuthorizationService service = new AuthorizationService(authorization);
|
AuthorizationService service = new AuthorizationService(authorization);
|
||||||
|
|
|
@ -109,7 +109,7 @@ public class AccountConsole {
|
||||||
|
|
||||||
EventStoreProvider eventStore = session.getProvider(EventStoreProvider.class);
|
EventStoreProvider eventStore = session.getProvider(EventStoreProvider.class);
|
||||||
map.put("isEventsEnabled", eventStore != null && realm.isEventsEnabled());
|
map.put("isEventsEnabled", eventStore != null && realm.isEventsEnabled());
|
||||||
map.put("isAuthorizationEnabled", Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION));
|
map.put("isAuthorizationEnabled", true);
|
||||||
|
|
||||||
FreeMarkerUtil freeMarkerUtil = new FreeMarkerUtil();
|
FreeMarkerUtil freeMarkerUtil = new FreeMarkerUtil();
|
||||||
String result = freeMarkerUtil.processTemplate(map, "index.ftl", theme);
|
String result = freeMarkerUtil.processTemplate(map, "index.ftl", theme);
|
||||||
|
|
|
@ -172,7 +172,7 @@ public class AccountFormService extends AbstractSecuredLocalService {
|
||||||
account.setUser(auth.getUser());
|
account.setUser(auth.getUser());
|
||||||
}
|
}
|
||||||
|
|
||||||
account.setFeatures(realm.isIdentityFederationEnabled(), eventStore != null && realm.isEventsEnabled(), true, Profile.isFeatureEnabled(Feature.AUTHORIZATION));
|
account.setFeatures(realm.isIdentityFederationEnabled(), eventStore != null && realm.isEventsEnabled(), true, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static UriBuilder accountServiceBaseUrl(UriInfo uriInfo) {
|
public static UriBuilder accountServiceBaseUrl(UriInfo uriInfo) {
|
||||||
|
|
|
@ -606,8 +606,6 @@ public class ClientResource {
|
||||||
|
|
||||||
@Path("/authz")
|
@Path("/authz")
|
||||||
public AuthorizationService authorization() {
|
public AuthorizationService authorization() {
|
||||||
ProfileHelper.requireFeature(Profile.Feature.AUTHORIZATION);
|
|
||||||
|
|
||||||
AuthorizationService resource = new AuthorizationService(this.session, this.client, this.auth, adminEvent);
|
AuthorizationService resource = new AuthorizationService(this.session, this.client, this.auth, adminEvent);
|
||||||
|
|
||||||
ResteasyProviderFactory.getInstance().injectProperties(resource);
|
ResteasyProviderFactory.getInstance().injectProperties(resource);
|
||||||
|
@ -691,12 +689,10 @@ public class ClientResource {
|
||||||
}
|
}
|
||||||
|
|
||||||
private void updateAuthorizationSettings(ClientRepresentation rep) {
|
private void updateAuthorizationSettings(ClientRepresentation rep) {
|
||||||
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
|
|
||||||
if (TRUE.equals(rep.getAuthorizationServicesEnabled())) {
|
if (TRUE.equals(rep.getAuthorizationServicesEnabled())) {
|
||||||
authorization().enable(false);
|
authorization().enable(false);
|
||||||
} else {
|
} else {
|
||||||
authorization().disable();
|
authorization().disable();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -177,7 +177,6 @@ public class ClientsResource {
|
||||||
|
|
||||||
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), clientModel.getId()).representation(rep).success();
|
adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), clientModel.getId()).representation(rep).success();
|
||||||
|
|
||||||
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
|
|
||||||
if (TRUE.equals(rep.getAuthorizationServicesEnabled())) {
|
if (TRUE.equals(rep.getAuthorizationServicesEnabled())) {
|
||||||
AuthorizationService authorizationService = getAuthorizationService(clientModel);
|
AuthorizationService authorizationService = getAuthorizationService(clientModel);
|
||||||
|
|
||||||
|
@ -189,7 +188,6 @@ public class ClientsResource {
|
||||||
authorizationService.resourceServer().importSettings(authorizationSettings);
|
authorizationService.resourceServer().importSettings(authorizationSettings);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(clientModel.getId()).build()).build();
|
return Response.created(session.getContext().getUri().getAbsolutePathBuilder().path(clientModel.getId()).build()).build();
|
||||||
} catch (ModelDuplicateException e) {
|
} catch (ModelDuplicateException e) {
|
||||||
|
|
|
@ -55,9 +55,6 @@ public abstract class AbstractBaseServletAuthzAdapterTest extends AbstractExampl
|
||||||
protected static final String REALM_NAME = "servlet-authz";
|
protected static final String REALM_NAME = "servlet-authz";
|
||||||
protected static final String RESOURCE_SERVER_ID = "servlet-authz-app";
|
protected static final String RESOURCE_SERVER_ID = "servlet-authz-app";
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void enabled() { ProfileAssume.assumePreview(); }
|
|
||||||
|
|
||||||
@ArquillianResource
|
@ArquillianResource
|
||||||
private Deployer deployer;
|
private Deployer deployer;
|
||||||
|
|
||||||
|
|
|
@ -122,9 +122,6 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
||||||
testRealmPage.setAuthRealm(REALM_NAME);
|
testRealmPage.setAuthRealm(REALM_NAME);
|
||||||
}
|
}
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void enabled() { ProfileAssume.assumePreview(); }
|
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void beforePhotozExampleAdapterTest() throws Exception {
|
public void beforePhotozExampleAdapterTest() throws Exception {
|
||||||
DroneUtils.addWebDriver(jsDriver);
|
DroneUtils.addWebDriver(jsDriver);
|
||||||
|
|
|
@ -57,9 +57,6 @@ public class DefaultAuthzConfigAdapterTest extends AbstractExampleAdapterTest {
|
||||||
private static final String REALM_NAME = "hello-world-authz";
|
private static final String REALM_NAME = "hello-world-authz";
|
||||||
private static final String RESOURCE_SERVER_ID = "hello-world-authz-service";
|
private static final String RESOURCE_SERVER_ID = "hello-world-authz-service";
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void enabled() { ProfileAssume.assumePreview(); }
|
|
||||||
|
|
||||||
@ArquillianResource
|
@ArquillianResource
|
||||||
private Deployer deployer;
|
private Deployer deployer;
|
||||||
|
|
||||||
|
|
|
@ -63,9 +63,6 @@ public class ServletPolicyEnforcerTest extends AbstractExampleAdapterTest {
|
||||||
protected static final String REALM_NAME = "servlet-policy-enforcer-authz";
|
protected static final String REALM_NAME = "servlet-policy-enforcer-authz";
|
||||||
protected static final String RESOURCE_SERVER_ID = "servlet-policy-enforcer";
|
protected static final String RESOURCE_SERVER_ID = "servlet-policy-enforcer";
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void enabled() { ProfileAssume.assumePreview(); }
|
|
||||||
|
|
||||||
@ArquillianResource
|
@ArquillianResource
|
||||||
private Deployer deployer;
|
private Deployer deployer;
|
||||||
|
|
||||||
|
|
|
@ -50,11 +50,6 @@ import org.keycloak.util.JsonSerialization;
|
||||||
*/
|
*/
|
||||||
public class AuthzCleanupTest extends AbstractKeycloakTest {
|
public class AuthzCleanupTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void enabled() {
|
|
||||||
ProfileAssume.assumePreview();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Deployment
|
@Deployment
|
||||||
public static WebArchive deploy() {
|
public static WebArchive deploy() {
|
||||||
return RunOnServerDeployment.create();
|
return RunOnServerDeployment.create();
|
||||||
|
|
|
@ -809,8 +809,6 @@ public class PermissionsTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void clientAuthorization() {
|
public void clientAuthorization() {
|
||||||
ProfileAssume.assumePreview();
|
|
||||||
|
|
||||||
ClientRepresentation newClient = new ClientRepresentation();
|
ClientRepresentation newClient = new ClientRepresentation();
|
||||||
newClient.setClientId("foo-authz");
|
newClient.setClientId("foo-authz");
|
||||||
adminClient.realms().realm(REALM_NAME).clients().create(newClient);
|
adminClient.realms().realm(REALM_NAME).clients().create(newClient);
|
||||||
|
|
|
@ -128,8 +128,6 @@ public class InstallationTest extends AbstractClientTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testOidcBearerOnlyWithAuthzJson() {
|
public void testOidcBearerOnlyWithAuthzJson() {
|
||||||
ProfileAssume.assumePreview();
|
|
||||||
|
|
||||||
oidcBearerOnlyClientWithAuthzId = createOidcBearerOnlyClientWithAuthz(OIDC_NAME_BEARER_ONLY_WITH_AUTHZ_NAME);
|
oidcBearerOnlyClientWithAuthzId = createOidcBearerOnlyClientWithAuthz(OIDC_NAME_BEARER_ONLY_WITH_AUTHZ_NAME);
|
||||||
oidcBearerOnlyClientWithAuthz = findClientResource(OIDC_NAME_BEARER_ONLY_WITH_AUTHZ_NAME);
|
oidcBearerOnlyClientWithAuthz = findClientResource(OIDC_NAME_BEARER_ONLY_WITH_AUTHZ_NAME);
|
||||||
|
|
||||||
|
|
|
@ -57,11 +57,6 @@ public abstract class AbstractAuthorizationTest extends AbstractClientTest {
|
||||||
return "authz-test";
|
return "authz-test";
|
||||||
}
|
}
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void enabled() {
|
|
||||||
ProfileAssume.assumePreview();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
||||||
testRealms.add(createTestRealm().build());
|
testRealms.add(createTestRealm().build());
|
||||||
|
|
|
@ -52,11 +52,6 @@ import org.keycloak.testsuite.util.UserBuilder;
|
||||||
*/
|
*/
|
||||||
public abstract class AbstractPolicyManagementTest extends AbstractKeycloakTest {
|
public abstract class AbstractPolicyManagementTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void enabled() {
|
|
||||||
ProfileAssume.assumePreview();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
||||||
testRealms.add(createTestRealm().build());
|
testRealms.add(createTestRealm().build());
|
||||||
|
|
|
@ -1,53 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
|
||||||
* and other contributors as indicated by the @author tags.
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package org.keycloak.testsuite.admin.client.authorization;
|
|
||||||
|
|
||||||
import org.junit.BeforeClass;
|
|
||||||
import org.junit.Test;
|
|
||||||
import org.keycloak.testsuite.ProfileAssume;
|
|
||||||
import org.keycloak.testsuite.admin.client.AbstractClientTest;
|
|
||||||
|
|
||||||
import javax.ws.rs.ServerErrorException;
|
|
||||||
import javax.ws.rs.core.Response;
|
|
||||||
|
|
||||||
import static org.junit.Assert.assertEquals;
|
|
||||||
import static org.junit.Assert.fail;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
|
||||||
*/
|
|
||||||
public class AuthorizationDisabledInPreviewTest extends AbstractClientTest {
|
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void enabled() {
|
|
||||||
ProfileAssume.assumePreviewDisabled();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testAuthzServicesRemoved() {
|
|
||||||
String id = testRealmResource().clients().findAll().get(0).getId();
|
|
||||||
try {
|
|
||||||
testRealmResource().clients().get(id).authorization().getSettings();
|
|
||||||
} catch (ServerErrorException e) {
|
|
||||||
assertEquals(Response.Status.NOT_IMPLEMENTED.getStatusCode(), e.getResponse().getStatus());
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
fail("Feature Authorization should be disabled.");
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
|
@ -75,7 +75,6 @@ public class ClaimInformationPointProviderTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
@BeforeClass
|
@BeforeClass
|
||||||
public static void onBeforeClass() {
|
public static void onBeforeClass() {
|
||||||
ProfileAssume.assumePreview();
|
|
||||||
httpService = Undertow.builder().addHttpListener(8989, "localhost").setHandler(exchange -> {
|
httpService = Undertow.builder().addHttpListener(8989, "localhost").setHandler(exchange -> {
|
||||||
if (exchange.isInIoThread()) {
|
if (exchange.isInIoThread()) {
|
||||||
try {
|
try {
|
||||||
|
|
|
@ -40,9 +40,6 @@ import static org.keycloak.testsuite.utils.io.IOUtil.loadRealm;
|
||||||
*/
|
*/
|
||||||
public class EnforcerConfigTest extends AbstractKeycloakTest {
|
public class EnforcerConfigTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void enabled() { ProfileAssume.assumePreview(); }
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
||||||
RealmRepresentation realm = loadRealm(getClass().getResourceAsStream("/authorization-test/test-authz-realm.json"));
|
RealmRepresentation realm = loadRealm(getClass().getResourceAsStream("/authorization-test/test-authz-realm.json"));
|
||||||
|
|
|
@ -82,11 +82,6 @@ public class PolicyEnforcerClaimsTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
protected static final String REALM_NAME = "authz-test";
|
protected static final String REALM_NAME = "authz-test";
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void onBeforeClass() {
|
|
||||||
ProfileAssume.assumePreview();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
||||||
testRealms.add(RealmBuilder.create().name(REALM_NAME)
|
testRealms.add(RealmBuilder.create().name(REALM_NAME)
|
||||||
|
|
|
@ -86,11 +86,6 @@ public class PolicyEnforcerTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
protected static final String REALM_NAME = "authz-test";
|
protected static final String REALM_NAME = "authz-test";
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void onBeforeClass() {
|
|
||||||
ProfileAssume.assumePreview();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
||||||
testRealms.add(RealmBuilder.create().name(REALM_NAME)
|
testRealms.add(RealmBuilder.create().name(REALM_NAME)
|
||||||
|
|
|
@ -12,11 +12,6 @@ import org.keycloak.testsuite.ProfileAssume;
|
||||||
*/
|
*/
|
||||||
public abstract class AbstractAuthzTest extends AbstractKeycloakTest {
|
public abstract class AbstractAuthzTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void enabled() {
|
|
||||||
ProfileAssume.assumePreview();
|
|
||||||
}
|
|
||||||
|
|
||||||
protected AccessToken toAccessToken(String rpt) {
|
protected AccessToken toAccessToken(String rpt) {
|
||||||
AccessToken accessToken;
|
AccessToken accessToken;
|
||||||
|
|
||||||
|
|
|
@ -182,8 +182,6 @@ public class InvalidationCrossDCTest extends AbstractAdminCrossDCTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void authzResourceInvalidationTest() throws Exception {
|
public void authzResourceInvalidationTest() throws Exception {
|
||||||
ProfileAssume.assumePreview();
|
|
||||||
|
|
||||||
enableDcOnLoadBalancer(DC.FIRST);
|
enableDcOnLoadBalancer(DC.FIRST);
|
||||||
enableDcOnLoadBalancer(DC.SECOND);
|
enableDcOnLoadBalancer(DC.SECOND);
|
||||||
|
|
||||||
|
|
|
@ -384,10 +384,8 @@ public class ExportImportUtil {
|
||||||
Assert.assertNotNull(linked);
|
Assert.assertNotNull(linked);
|
||||||
Assert.assertEquals("my-service-user", linked.getUsername());
|
Assert.assertEquals("my-service-user", linked.getUsername());
|
||||||
|
|
||||||
if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
|
|
||||||
assertAuthorizationSettings(realmRsc);
|
assertAuthorizationSettings(realmRsc);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
private static boolean isClientScopeGranted(Map<String, Object> consent, String clientScopeName) {
|
private static boolean isClientScopeGranted(Map<String, Object> consent, String clientScopeName) {
|
||||||
|
|
|
@ -64,11 +64,6 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
|
||||||
|
|
||||||
public static final String EXECUTION_ID = "scriptAuth";
|
public static final String EXECUTION_ID = "scriptAuth";
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void enabled() {
|
|
||||||
ProfileAssume.assumePreview();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void configureTestRealm(RealmRepresentation testRealm) {
|
public void configureTestRealm(RealmRepresentation testRealm) {
|
||||||
|
|
||||||
|
|
|
@ -355,8 +355,6 @@ public abstract class AbstractMigrationTest extends AbstractKeycloakTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
private void testResourceWithMultipleUris() {
|
private void testResourceWithMultipleUris() {
|
||||||
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
|
|
||||||
|
|
||||||
ClientsResource clients = migrationRealm.clients();
|
ClientsResource clients = migrationRealm.clients();
|
||||||
ClientRepresentation clientRepresentation = clients.findByClientId("authz-servlet").get(0);
|
ClientRepresentation clientRepresentation = clients.findByClientId("authz-servlet").get(0);
|
||||||
ResourceRepresentation resource = clients.get(clientRepresentation.getId()).authorization().resources().findByName("Protected Resource").get(0);
|
ResourceRepresentation resource = clients.get(clientRepresentation.getId()).authorization().resources().findByName("Protected Resource").get(0);
|
||||||
|
|
|
@ -43,11 +43,6 @@ public abstract class AbstractAuthorizationSettingsTest extends AbstractClientTe
|
||||||
|
|
||||||
protected ClientRepresentation newClient;
|
protected ClientRepresentation newClient;
|
||||||
|
|
||||||
@BeforeClass
|
|
||||||
public static void enabled() {
|
|
||||||
ProfileAssume.assumePreview();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void configureTest() {
|
public void configureTest() {
|
||||||
this.newClient = createResourceServer();
|
this.newClient = createResourceServer();
|
||||||
|
|
|
@ -1,64 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
|
||||||
* and other contributors as indicated by the @author tags.
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
package org.keycloak.testsuite.console.clients;
|
|
||||||
|
|
||||||
import org.jboss.arquillian.graphene.page.Page;
|
|
||||||
import org.junit.Test;
|
|
||||||
import org.keycloak.representations.idm.ClientRepresentation;
|
|
||||||
import org.keycloak.testsuite.ProfileAssume;
|
|
||||||
import org.keycloak.testsuite.console.page.clients.settings.ClientSettings;
|
|
||||||
import org.openqa.selenium.By;
|
|
||||||
|
|
||||||
import static org.junit.Assert.assertEquals;
|
|
||||||
import static org.junit.Assert.assertFalse;
|
|
||||||
import static org.junit.Assert.assertTrue;
|
|
||||||
import static org.keycloak.testsuite.auth.page.login.Login.OIDC;
|
|
||||||
|
|
||||||
/**
|
|
||||||
*
|
|
||||||
* @author <a href="mailto:vramik@redhat.com">Vlastislav Ramik</a>
|
|
||||||
*/
|
|
||||||
public class ClientAuthorizationServicesAvailableTest extends AbstractClientTest {
|
|
||||||
|
|
||||||
private ClientRepresentation newClient;
|
|
||||||
|
|
||||||
@Page
|
|
||||||
private ClientSettings clientSettingsPage;
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void authzServicesAvailable() {
|
|
||||||
ProfileAssume.assumePreview();
|
|
||||||
|
|
||||||
newClient = createClientRep("oidc-public", OIDC);
|
|
||||||
createClient(newClient);
|
|
||||||
assertEquals("oidc-public", clientSettingsPage.form().getClientId());
|
|
||||||
|
|
||||||
assertTrue(driver.findElement(By.xpath("//*[@for='authorizationServicesEnabled']")).isDisplayed());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void authzServicesUnavailable() throws InterruptedException {
|
|
||||||
ProfileAssume.assumePreviewDisabled();
|
|
||||||
|
|
||||||
newClient = createClientRep("oidc-public", OIDC);
|
|
||||||
createClient(newClient);
|
|
||||||
assertEquals("oidc-public", clientSettingsPage.form().getClientId());
|
|
||||||
|
|
||||||
assertFalse(driver.findElement(By.xpath("//*[@for='authorizationServicesEnabled']")).isDisplayed());
|
|
||||||
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -132,7 +132,7 @@
|
||||||
<input ng-model="clientEdit.serviceAccountsEnabled" name="serviceAccountsEnabled" id="serviceAccountsEnabled" onoffswitch on-text="{{:: 'onText' | translate}}" off-text="{{:: 'offText' | translate}}"/>
|
<input ng-model="clientEdit.serviceAccountsEnabled" name="serviceAccountsEnabled" id="serviceAccountsEnabled" onoffswitch on-text="{{:: 'onText' | translate}}" off-text="{{:: 'offText' | translate}}"/>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group" data-ng-show="serverInfo.featureEnabled('AUTHORIZATION') && protocol == 'openid-connect'">
|
<div class="form-group" data-ng-show="protocol == 'openid-connect'">
|
||||||
<label class="col-md-2 control-label" for="authorizationServicesEnabled">{{:: 'authz-authorization-services-enabled' | translate}}</label>
|
<label class="col-md-2 control-label" for="authorizationServicesEnabled">{{:: 'authz-authorization-services-enabled' | translate}}</label>
|
||||||
<kc-tooltip>{{:: 'authz-authorization-services-enabled.tooltip' | translate}}</kc-tooltip>
|
<kc-tooltip>{{:: 'authz-authorization-services-enabled.tooltip' | translate}}</kc-tooltip>
|
||||||
<div class="col-md-6">
|
<div class="col-md-6">
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
|
|
||||||
<ul class="nav nav-tabs" data-ng-show="!create">
|
<ul class="nav nav-tabs" data-ng-show="!create">
|
||||||
<li ng-class="{active: !path[6]}"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/roles/{{role.id}}">{{:: 'details' | translate}}</a></li>
|
<li ng-class="{active: !path[6]}"><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/roles/{{role.id}}">{{:: 'details' | translate}}</a></li>
|
||||||
<li ng-class="{active: path[6] && path[6] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('AUTHORIZATION') && access.manageAuthorization && client.access.configure">
|
<li ng-class="{active: path[6] && path[6] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('ADMIN_FINE_GRAINED_AUTHZ') && access.manageAuthorization && client.access.configure">
|
||||||
<a href="#/realms/{{realm.realm}}/clients/{{client.id}}/roles/{{role.id}}/permissions">{{:: 'authz-permissions' | translate}}</a>
|
<a href="#/realms/{{realm.realm}}/clients/{{client.id}}/roles/{{role.id}}/permissions">{{:: 'authz-permissions' | translate}}</a>
|
||||||
<kc-tooltip>{{:: 'manage-permissions-role.tooltip' | translate}}</kc-tooltip>
|
<kc-tooltip>{{:: 'manage-permissions-role.tooltip' | translate}}</kc-tooltip>
|
||||||
</li>
|
</li>
|
||||||
|
|
|
@ -27,7 +27,7 @@
|
||||||
<kc-tooltip>{{:: 'scope.tooltip' | translate}}</kc-tooltip>
|
<kc-tooltip>{{:: 'scope.tooltip' | translate}}</kc-tooltip>
|
||||||
</li>
|
</li>
|
||||||
<li ng-class="{active: path[4] == 'authz'}"
|
<li ng-class="{active: path[4] == 'authz'}"
|
||||||
data-ng-show="serverInfo.featureEnabled('AUTHORIZATION') && !disableAuthorizationTab && client.authorizationServicesEnabled && !client.origin">
|
data-ng-show="!disableAuthorizationTab && client.authorizationServicesEnabled && !client.origin">
|
||||||
<a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' |
|
<a href="#/realms/{{realm.realm}}/clients/{{client.id}}/authz/resource-server">{{:: 'authz-authorization' |
|
||||||
translate}}</a></li>
|
translate}}</a></li>
|
||||||
<li ng-class="{active: path[4] == 'revocation'}" data-ng-show="client.protocol != 'docker-v2' && client.protocol != 'saml' && !client.origin"><a
|
<li ng-class="{active: path[4] == 'revocation'}" data-ng-show="client.protocol != 'docker-v2' && client.protocol != 'saml' && !client.origin"><a
|
||||||
|
@ -55,7 +55,7 @@
|
||||||
<a href="#/realms/{{realm.realm}}/clients/{{client.id}}/service-account-roles">{{:: 'service-account-roles' | translate}}</a>
|
<a href="#/realms/{{realm.realm}}/clients/{{client.id}}/service-account-roles">{{:: 'service-account-roles' | translate}}</a>
|
||||||
<kc-tooltip>{{:: 'service-account-roles.tooltip' | translate}}</kc-tooltip>
|
<kc-tooltip>{{:: 'service-account-roles.tooltip' | translate}}</kc-tooltip>
|
||||||
</li>
|
</li>
|
||||||
<li ng-class="{active: path[4] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('AUTHORIZATION') && client.access.manage && access.manageAuthorization">
|
<li ng-class="{active: path[4] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('ADMIN_FINE_GRAINED_AUTHZ') && client.access.manage && access.manageAuthorization">
|
||||||
<a href="#/realms/{{realm.realm}}/clients/{{client.id}}/permissions">{{:: 'authz-permissions' | translate}}</a>
|
<a href="#/realms/{{realm.realm}}/clients/{{client.id}}/permissions">{{:: 'authz-permissions' | translate}}</a>
|
||||||
<kc-tooltip>{{:: 'manage-permissions-client.tooltip' | translate}}</kc-tooltip>
|
<kc-tooltip>{{:: 'manage-permissions-client.tooltip' | translate}}</kc-tooltip>
|
||||||
</li>
|
</li>
|
||||||
|
|
|
@ -9,7 +9,7 @@
|
||||||
<li ng-class="{active: path[4] == 'attributes'}"><a href="#/realms/{{realm.realm}}/groups/{{group.id}}/attributes">{{:: 'attributes' | translate}}</a></li>
|
<li ng-class="{active: path[4] == 'attributes'}"><a href="#/realms/{{realm.realm}}/groups/{{group.id}}/attributes">{{:: 'attributes' | translate}}</a></li>
|
||||||
<li ng-class="{active: path[4] == 'role-mappings'}" ><a href="#/realms/{{realm.realm}}/groups/{{group.id}}/role-mappings">{{:: 'role-mappings' | translate}}</a></li>
|
<li ng-class="{active: path[4] == 'role-mappings'}" ><a href="#/realms/{{realm.realm}}/groups/{{group.id}}/role-mappings">{{:: 'role-mappings' | translate}}</a></li>
|
||||||
<li ng-class="{active: path[4] == 'members'}"><a href="#/realms/{{realm.realm}}/groups/{{group.id}}/members">{{:: 'members' | translate}}</a></li>
|
<li ng-class="{active: path[4] == 'members'}"><a href="#/realms/{{realm.realm}}/groups/{{group.id}}/members">{{:: 'members' | translate}}</a></li>
|
||||||
<li ng-class="{active: path[4] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('AUTHORIZATION') && group.access.manage && access.manageAuthorization">
|
<li ng-class="{active: path[4] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('ADMIN_FINE_GRAINED_AUTHZ') && group.access.manage && access.manageAuthorization">
|
||||||
<a href="#/realms/{{realm.realm}}/groups/{{group.id}}/permissions">{{:: 'authz-permissions' | translate}}</a>
|
<a href="#/realms/{{realm.realm}}/groups/{{group.id}}/permissions">{{:: 'authz-permissions' | translate}}</a>
|
||||||
<kc-tooltip>{{:: 'manage-permissions-group.tooltip' | translate}}</kc-tooltip>
|
<kc-tooltip>{{:: 'manage-permissions-group.tooltip' | translate}}</kc-tooltip>
|
||||||
</li>
|
</li>
|
||||||
|
|
|
@ -12,6 +12,6 @@
|
||||||
<li ng-class="{active: !path[6] && path.length > 5}"><a href="#/realms/{{realm.realm}}/identity-provider-settings/provider/{{identityProvider.providerId}}/{{identityProvider.alias}}">{{:: 'settings' | translate}}</a></li>
|
<li ng-class="{active: !path[6] && path.length > 5}"><a href="#/realms/{{realm.realm}}/identity-provider-settings/provider/{{identityProvider.providerId}}/{{identityProvider.alias}}">{{:: 'settings' | translate}}</a></li>
|
||||||
<li ng-class="{active: path[4] == 'mappers'}"><a href="#/realms/{{realm.realm}}/identity-provider-mappers/{{identityProvider.alias}}/mappers">{{:: 'mappers' | translate}}</a></li>
|
<li ng-class="{active: path[4] == 'mappers'}"><a href="#/realms/{{realm.realm}}/identity-provider-mappers/{{identityProvider.alias}}/mappers">{{:: 'mappers' | translate}}</a></li>
|
||||||
<li ng-class="{active: path[6] == 'export'}"><a href="#/realms/{{realm.realm}}/identity-provider-settings/provider/{{identityProvider.providerId}}/{{identityProvider.alias}}/export" data-ng-show="!importFile && !newIdentityProvider && identityProvider.providerId == 'saml'">{{:: 'export' | translate}}</a></li>
|
<li ng-class="{active: path[6] == 'export'}"><a href="#/realms/{{realm.realm}}/identity-provider-settings/provider/{{identityProvider.providerId}}/{{identityProvider.alias}}/export" data-ng-show="!importFile && !newIdentityProvider && identityProvider.providerId == 'saml'">{{:: 'export' | translate}}</a></li>
|
||||||
<li ng-class="{active: path[6] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('AUTHORIZATION') && !newIdentityProvider && access.manageAuthorization"><a href="#/realms/{{realm.realm}}/identity-provider-settings/provider/{{identityProvider.providerId}}/{{identityProvider.alias}}/permissions">{{:: 'authz-permissions' | translate}}</a></li>
|
<li ng-class="{active: path[6] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('ADMIN_FINE_GRAINED_AUTHZ') && !newIdentityProvider && access.manageAuthorization"><a href="#/realms/{{realm.realm}}/identity-provider-settings/provider/{{identityProvider.providerId}}/{{identityProvider.alias}}/permissions">{{:: 'authz-permissions' | translate}}</a></li>
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
|
|
||||||
<ul class="nav nav-tabs" data-ng-show="!create">
|
<ul class="nav nav-tabs" data-ng-show="!create">
|
||||||
<li ng-class="{active: !path[4]}"><a href="#/realms/{{realm.realm}}/roles/{{role.id}}">{{:: 'details' | translate}}</a></li>
|
<li ng-class="{active: !path[4]}"><a href="#/realms/{{realm.realm}}/roles/{{role.id}}">{{:: 'details' | translate}}</a></li>
|
||||||
<li ng-class="{active: path[4] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('AUTHORIZATION') && access.manageRealm && access.manageAuthorization">
|
<li ng-class="{active: path[4] == 'permissions'}" data-ng-show="serverInfo.featureEnabled('ADMIN_FINE_GRAINED_AUTHZ') && access.manageRealm && access.manageAuthorization">
|
||||||
<a href="#/realms/{{realm.realm}}/roles/{{role.id}}/permissions">{{:: 'authz-permissions' | translate}}</a>
|
<a href="#/realms/{{realm.realm}}/roles/{{role.id}}/permissions">{{:: 'authz-permissions' | translate}}</a>
|
||||||
<kc-tooltip>{{:: 'manage-permissions-role.tooltip' | translate}}</kc-tooltip>
|
<kc-tooltip>{{:: 'manage-permissions-role.tooltip' | translate}}</kc-tooltip>
|
||||||
</li>
|
</li>
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
|
|
||||||
<ul class="nav nav-tabs">
|
<ul class="nav nav-tabs">
|
||||||
<li ng-class="{active: path[2] == 'users'}"><a href="#/realms/{{realm.realm}}/users">{{:: 'lookup' | translate}}</a></li>
|
<li ng-class="{active: path[2] == 'users'}"><a href="#/realms/{{realm.realm}}/users">{{:: 'lookup' | translate}}</a></li>
|
||||||
<li ng-class="{active: path[2] == 'users-permissions'}" data-ng-show="serverInfo.featureEnabled('AUTHORIZATION') && access.manageUsers && access.manageAuthorization">
|
<li ng-class="{active: path[2] == 'users-permissions'}" data-ng-show="serverInfo.featureEnabled('ADMIN_FINE_GRAINED_AUTHZ') && access.manageUsers && access.manageAuthorization">
|
||||||
<a href="#/realms/{{realm.realm}}/users-permissions">{{:: 'authz-permissions' | translate}}</a>
|
<a href="#/realms/{{realm.realm}}/users-permissions">{{:: 'authz-permissions' | translate}}</a>
|
||||||
<kc-tooltip>{{:: 'manage-permissions-users.tooltip' | translate}}</kc-tooltip>
|
<kc-tooltip>{{:: 'manage-permissions-users.tooltip' | translate}}</kc-tooltip>
|
||||||
</li>
|
</li>
|
||||||
|
|
Loading…
Reference in a new issue