tests
This commit is contained in:
Bill Burke
parent
a994af9010
commit
57cb46148f
5 changed files with 24 additions and 21 deletions
|
|
@ -38,6 +38,8 @@ import org.keycloak.services.managers.AuthenticationManager;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
import org.keycloak.services.resources.Cors;
|
import org.keycloak.services.resources.Cors;
|
||||||
import org.keycloak.services.resources.admin.info.ServerInfoAdminResource;
|
import org.keycloak.services.resources.admin.info.ServerInfoAdminResource;
|
||||||
|
import org.keycloak.services.resources.admin.permissions.AdminPermissions;
|
||||||
|
import org.keycloak.services.resources.admin.permissions.RealmsPermissionEvaluator;
|
||||||
import org.keycloak.theme.Theme;
|
import org.keycloak.theme.Theme;
|
||||||
import org.keycloak.theme.ThemeProvider;
|
import org.keycloak.theme.ThemeProvider;
|
||||||
|
|
||||||
|
|
@ -229,7 +231,7 @@ public class AdminRoot {
|
||||||
handlePreflightRequest();
|
handlePreflightRequest();
|
||||||
|
|
||||||
AdminAuth auth = authenticateRealmAdminRequest(headers);
|
AdminAuth auth = authenticateRealmAdminRequest(headers);
|
||||||
if (!isAdmin(auth)) {
|
if (!AdminPermissions.realms(session, auth).isAdmin()) {
|
||||||
throw new ForbiddenException();
|
throw new ForbiddenException();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -244,26 +246,6 @@ public class AdminRoot {
|
||||||
return adminResource;
|
return adminResource;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected boolean isAdmin(AdminAuth auth) {
|
|
||||||
|
|
||||||
RealmManager realmManager = new RealmManager(session);
|
|
||||||
if (auth.getRealm().equals(realmManager.getKeycloakAdminstrationRealm())) {
|
|
||||||
if (auth.hasOneOfRealmRole(AdminRoles.ADMIN, AdminRoles.CREATE_REALM)) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
for (RealmModel realm : session.realms().getRealms()) {
|
|
||||||
ClientModel client = realm.getMasterAdminClient();
|
|
||||||
if (auth.hasOneOfAppRole(client, AdminRoles.ALL_REALM_ROLES)) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
} else {
|
|
||||||
ClientModel client = auth.getRealm().getClientByClientId(realmManager.getRealmAdminClientId(auth.getRealm()));
|
|
||||||
return auth.hasOneOfAppRole(client, AdminRoles.ALL_REALM_ROLES);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
protected void handlePreflightRequest() {
|
protected void handlePreflightRequest() {
|
||||||
if (request.getHttpMethod().equalsIgnoreCase("OPTIONS")) {
|
if (request.getHttpMethod().equalsIgnoreCase("OPTIONS")) {
|
||||||
logger.debug("Cors admin pre-flight");
|
logger.debug("Cors admin pre-flight");
|
||||||
|
|
|
||||||
|
|
@ -317,6 +317,22 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage
|
||||||
return hasAnyAdminRole(realm);
|
return hasAnyAdminRole(realm);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isAdmin() {
|
||||||
|
RealmManager realmManager = new RealmManager(session);
|
||||||
|
if (adminsRealm.equals(realmManager.getKeycloakAdminstrationRealm())) {
|
||||||
|
if (identity.hasRealmRole(AdminRoles.ADMIN) || identity.hasRealmRole(AdminRoles.CREATE_REALM)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
for (RealmModel realm : session.realms().getRealms()) {
|
||||||
|
if (isAdmin(realm)) return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
} else {
|
||||||
|
return isAdmin(adminsRealm);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean canCreateRealm() {
|
public boolean canCreateRealm() {
|
||||||
RealmManager realmManager = new RealmManager(session);
|
RealmManager realmManager = new RealmManager(session);
|
||||||
|
|
|
||||||
|
|
@ -27,6 +27,8 @@ public interface RealmsPermissionEvaluator {
|
||||||
|
|
||||||
boolean isAdmin(RealmModel realm);
|
boolean isAdmin(RealmModel realm);
|
||||||
|
|
||||||
|
boolean isAdmin();
|
||||||
|
|
||||||
boolean canCreateRealm();
|
boolean canCreateRealm();
|
||||||
|
|
||||||
void requireCreateRealm();
|
void requireCreateRealm();
|
||||||
|
|
|
||||||
|
|
@ -116,6 +116,7 @@ public class TestCleanup {
|
||||||
|
|
||||||
|
|
||||||
public void executeCleanup() {
|
public void executeCleanup() {
|
||||||
|
if (adminClient == null) throw new RuntimeException("ADMIN CLIENT NULL");
|
||||||
RealmResource realm = adminClient.realm(realmName);
|
RealmResource realm = adminClient.realm(realmName);
|
||||||
|
|
||||||
if (userIds != null) {
|
if (userIds != null) {
|
||||||
|
|
|
||||||
|
|
@ -167,6 +167,7 @@ public abstract class AbstractKeycloakTest {
|
||||||
removeRealm(testRealm.getRealm());
|
removeRealm(testRealm.getRealm());
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
log.info("calling all TestCleanup");
|
||||||
// Logout all users after the test
|
// Logout all users after the test
|
||||||
List<RealmRepresentation> realms = testContext.getTestRealmReps();
|
List<RealmRepresentation> realms = testContext.getTestRealmReps();
|
||||||
for (RealmRepresentation realm : realms) {
|
for (RealmRepresentation realm : realms) {
|
||||||
|
|
@ -178,6 +179,7 @@ public abstract class AbstractKeycloakTest {
|
||||||
try {
|
try {
|
||||||
if (cleanup != null) cleanup.executeCleanup();
|
if (cleanup != null) cleanup.executeCleanup();
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
|
log.error("failed cleanup!", e);
|
||||||
throw new RuntimeException(e);
|
throw new RuntimeException(e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue