Merge pull request #544 from stianst/master

KEYCLOAK-569 Check application roles for scope
2014-07-21 13:52:43 +01:00 · 2014-07-21 13:52:43 +01:00 · 469eb77486
commit 469eb77486
parent d2b42e3843 213b685b43
4 changed files with 58 additions and 2 deletions
--- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/ApplicationAdapter.java
+++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/ApplicationAdapter.java
@ -184,6 +184,20 @@ public class ApplicationAdapter extends ClientAdapter implements ApplicationMode
        return roles;
    }

+    @Override
+    public boolean hasScope(RoleModel role) {
+        if (super.hasScope(role)) {
+            return true;
+        }
+        Set<RoleModel> roles = getRoles();
+        if (roles.contains(role)) return true;
+
+        for (RoleModel mapping : roles) {
+            if (mapping.hasRole(role)) return true;
+        }
+        return false;
+    }
+
    @Override
    public boolean equals(Object o) {
        if (this == o) return true;
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java
@ -166,6 +166,20 @@ public class ApplicationAdapter extends ClientAdapter implements ApplicationMode
        return list;
    }

+    @Override
+    public boolean hasScope(RoleModel role) {
+        if (super.hasScope(role)) {
+            return true;
+        }
+        Set<RoleModel> roles = getRoles();
+        if (roles.contains(role)) return true;
+
+        for (RoleModel mapping : roles) {
+            if (mapping.hasRole(role)) return true;
+        }
+        return false;
+    }
+
    @Override
    public Set<RoleModel> getApplicationScopeMappings(ClientModel client) {
        Set<RoleModel> roleMappings = client.getScopeMappings();
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java
@ -160,6 +160,20 @@ public class ApplicationAdapter extends ClientAdapter<MongoApplicationEntity> im
        return result;
    }

+    @Override
+    public boolean hasScope(RoleModel role) {
+        if (super.hasScope(role)) {
+            return true;
+        }
+        Set<RoleModel> roles = getRoles();
+        if (roles.contains(role)) return true;
+
+        for (RoleModel mapping : roles) {
+            if (mapping.hasRole(role)) return true;
+        }
+        return false;
+    }
+
    @Override
    public Set<RoleModel> getApplicationScopeMappings(ClientModel client) {
        Set<RoleModel> result = new HashSet<RoleModel>();
@ -204,6 +218,7 @@ public class ApplicationAdapter extends ClientAdapter<MongoApplicationEntity> im
        updateMongoEntity();
    }

+
    @Override
    public boolean equals(Object o) {
        if (this == o) return true;
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
@ -184,6 +184,9 @@ public class CompositeRoleTest {
        Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
        Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
        Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
+
+        AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
+        Assert.assertEquals(200, refreshResponse.getStatusCode());
    }


@ -207,10 +210,11 @@ public class CompositeRoleTest {

        Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size());
        Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
+
+        AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
+        Assert.assertEquals(200, refreshResponse.getStatusCode());
    }

-
-
    @Test
    public void testRealmOnlyWithUserCompositeAppComposite() throws Exception {
        oauth.realm("Test");
@ -232,6 +236,9 @@ public class CompositeRoleTest {
        Assert.assertEquals(2, token.getRealmAccess().getRoles().size());
        Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_COMPOSITE_1"));
        Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
+
+        AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
+        Assert.assertEquals(200, refreshResponse.getStatusCode());
    }

    @Test
@ -254,6 +261,9 @@ public class CompositeRoleTest {

        Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
        Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
+
+        AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
+        Assert.assertEquals(200, refreshResponse.getStatusCode());
    }

    @Test
@ -276,6 +286,9 @@ public class CompositeRoleTest {

        Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
        Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
+
+        AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
+        Assert.assertEquals(200, refreshResponse.getStatusCode());
    }

 }