tests
This commit is contained in:
Bill Burke
parent
a994af9010
commit
57cb46148f
5 changed files with 24 additions and 21 deletions
|
|
@ -38,6 +38,8 @@ import org.keycloak.services.managers.AuthenticationManager;
|
|||
import org.keycloak.services.managers.RealmManager;
|
||||
import org.keycloak.services.resources.Cors;
|
||||
import org.keycloak.services.resources.admin.info.ServerInfoAdminResource;
|
||||
import org.keycloak.services.resources.admin.permissions.AdminPermissions;
|
||||
import org.keycloak.services.resources.admin.permissions.RealmsPermissionEvaluator;
|
||||
import org.keycloak.theme.Theme;
|
||||
import org.keycloak.theme.ThemeProvider;
|
||||
|
||||
|
|
@ -229,7 +231,7 @@ public class AdminRoot {
|
|||
handlePreflightRequest();
|
||||
|
||||
AdminAuth auth = authenticateRealmAdminRequest(headers);
|
||||
if (!isAdmin(auth)) {
|
||||
if (!AdminPermissions.realms(session, auth).isAdmin()) {
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
|
||||
|
|
@ -244,26 +246,6 @@ public class AdminRoot {
|
|||
return adminResource;
|
||||
}
|
||||
|
||||
protected boolean isAdmin(AdminAuth auth) {
|
||||
|
||||
RealmManager realmManager = new RealmManager(session);
|
||||
if (auth.getRealm().equals(realmManager.getKeycloakAdminstrationRealm())) {
|
||||
if (auth.hasOneOfRealmRole(AdminRoles.ADMIN, AdminRoles.CREATE_REALM)) {
|
||||
return true;
|
||||
}
|
||||
for (RealmModel realm : session.realms().getRealms()) {
|
||||
ClientModel client = realm.getMasterAdminClient();
|
||||
if (auth.hasOneOfAppRole(client, AdminRoles.ALL_REALM_ROLES)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
} else {
|
||||
ClientModel client = auth.getRealm().getClientByClientId(realmManager.getRealmAdminClientId(auth.getRealm()));
|
||||
return auth.hasOneOfAppRole(client, AdminRoles.ALL_REALM_ROLES);
|
||||
}
|
||||
}
|
||||
|
||||
protected void handlePreflightRequest() {
|
||||
if (request.getHttpMethod().equalsIgnoreCase("OPTIONS")) {
|
||||
logger.debug("Cors admin pre-flight");
|
||||
|
|
|
|||
|
|
@ -317,6 +317,22 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage
|
|||
return hasAnyAdminRole(realm);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isAdmin() {
|
||||
RealmManager realmManager = new RealmManager(session);
|
||||
if (adminsRealm.equals(realmManager.getKeycloakAdminstrationRealm())) {
|
||||
if (identity.hasRealmRole(AdminRoles.ADMIN) || identity.hasRealmRole(AdminRoles.CREATE_REALM)) {
|
||||
return true;
|
||||
}
|
||||
for (RealmModel realm : session.realms().getRealms()) {
|
||||
if (isAdmin(realm)) return true;
|
||||
}
|
||||
return false;
|
||||
} else {
|
||||
return isAdmin(adminsRealm);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean canCreateRealm() {
|
||||
RealmManager realmManager = new RealmManager(session);
|
||||
|
|
|
|||
|
|
@ -27,6 +27,8 @@ public interface RealmsPermissionEvaluator {
|
|||
|
||||
boolean isAdmin(RealmModel realm);
|
||||
|
||||
boolean isAdmin();
|
||||
|
||||
boolean canCreateRealm();
|
||||
|
||||
void requireCreateRealm();
|
||||
|
|
|
|||
|
|
@ -116,6 +116,7 @@ public class TestCleanup {
|
|||
|
||||
|
||||
public void executeCleanup() {
|
||||
if (adminClient == null) throw new RuntimeException("ADMIN CLIENT NULL");
|
||||
RealmResource realm = adminClient.realm(realmName);
|
||||
|
||||
if (userIds != null) {
|
||||
|
|
|
|||
|
|
@ -167,6 +167,7 @@ public abstract class AbstractKeycloakTest {
|
|||
removeRealm(testRealm.getRealm());
|
||||
}
|
||||
} else {
|
||||
log.info("calling all TestCleanup");
|
||||
// Logout all users after the test
|
||||
List<RealmRepresentation> realms = testContext.getTestRealmReps();
|
||||
for (RealmRepresentation realm : realms) {
|
||||
|
|
@ -178,6 +179,7 @@ public abstract class AbstractKeycloakTest {
|
|||
try {
|
||||
if (cleanup != null) cleanup.executeCleanup();
|
||||
} catch (Exception e) {
|
||||
log.error("failed cleanup!", e);
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue