Fix CRLF with LF

This commit is contained in:
Stian Thorgersen 2015-07-20 07:48:02 +02:00
parent 27ac253098
commit 66a2b916f2
4 changed files with 650 additions and 650 deletions

View file

@ -1,73 +1,73 @@
package org.keycloak.representations.idm; package org.keycloak.representations.idm;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
/** /**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
public class RequiredActionProviderRepresentation { public class RequiredActionProviderRepresentation {
private String alias; private String alias;
private String name; private String name;
private String providerId; private String providerId;
private boolean enabled; private boolean enabled;
private boolean defaultAction; private boolean defaultAction;
private Map<String, String> config = new HashMap<String, String>(); private Map<String, String> config = new HashMap<String, String>();
public String getAlias() { public String getAlias() {
return alias; return alias;
} }
public void setAlias(String alias) { public void setAlias(String alias) {
this.alias = alias; this.alias = alias;
} }
/** /**
* Used for display purposes. Probably should clean this code up and make alias and name the same, but * Used for display purposes. Probably should clean this code up and make alias and name the same, but
* the old code references an Enum and the admin console creates a "friendly" name for each enum. * the old code references an Enum and the admin console creates a "friendly" name for each enum.
* *
* @return * @return
*/ */
public String getName() { public String getName() {
return name; return name;
} }
public void setName(String name) { public void setName(String name) {
this.name = name; this.name = name;
} }
public boolean isEnabled() { public boolean isEnabled() {
return enabled; return enabled;
} }
public void setEnabled(boolean enabled) { public void setEnabled(boolean enabled) {
this.enabled = enabled; this.enabled = enabled;
} }
public boolean isDefaultAction() { public boolean isDefaultAction() {
return defaultAction; return defaultAction;
} }
public void setDefaultAction(boolean defaultAction) { public void setDefaultAction(boolean defaultAction) {
this.defaultAction = defaultAction; this.defaultAction = defaultAction;
} }
public String getProviderId() { public String getProviderId() {
return providerId; return providerId;
} }
public void setProviderId(String providerId) { public void setProviderId(String providerId) {
this.providerId = providerId; this.providerId = providerId;
} }
public Map<String, String> getConfig() { public Map<String, String> getConfig() {
return config; return config;
} }
public void setConfig(Map<String, String> config) { public void setConfig(Map<String, String> config) {
this.config = config; this.config = config;
} }
} }

View file

@ -1,58 +1,58 @@
package org.keycloak.utils; package org.keycloak.utils;
import org.keycloak.authentication.Authenticator; import org.keycloak.authentication.Authenticator;
import org.keycloak.authentication.AuthenticatorFactory; import org.keycloak.authentication.AuthenticatorFactory;
import org.keycloak.authentication.ConfigurableAuthenticatorFactory; import org.keycloak.authentication.ConfigurableAuthenticatorFactory;
import org.keycloak.authentication.FormAction; import org.keycloak.authentication.FormAction;
import org.keycloak.authentication.FormActionFactory; import org.keycloak.authentication.FormActionFactory;
import org.keycloak.authentication.authenticators.OTPFormAuthenticatorFactory; import org.keycloak.authentication.authenticators.OTPFormAuthenticatorFactory;
import org.keycloak.authentication.authenticators.SpnegoAuthenticatorFactory; import org.keycloak.authentication.authenticators.SpnegoAuthenticatorFactory;
import org.keycloak.authentication.authenticators.UsernamePasswordFormFactory; import org.keycloak.authentication.authenticators.UsernamePasswordFormFactory;
import org.keycloak.models.AuthenticationExecutionModel; import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticationFlowModel; import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel; import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.utils.DefaultAuthenticationFlows; import org.keycloak.models.utils.DefaultAuthenticationFlows;
import org.keycloak.representations.idm.CredentialRepresentation; import org.keycloak.representations.idm.CredentialRepresentation;
/** /**
* used to set an execution a state based on type. * used to set an execution a state based on type.
* *
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
public class CredentialHelper { public class CredentialHelper {
public static void setRequiredCredential(KeycloakSession session, String type, RealmModel realm) { public static void setRequiredCredential(KeycloakSession session, String type, RealmModel realm) {
AuthenticationExecutionModel.Requirement requirement = AuthenticationExecutionModel.Requirement.REQUIRED; AuthenticationExecutionModel.Requirement requirement = AuthenticationExecutionModel.Requirement.REQUIRED;
authenticationRequirement(session, realm, type, requirement); authenticationRequirement(session, realm, type, requirement);
} }
public static void setAlternativeCredential(KeycloakSession session, String type, RealmModel realm) { public static void setAlternativeCredential(KeycloakSession session, String type, RealmModel realm) {
AuthenticationExecutionModel.Requirement requirement = AuthenticationExecutionModel.Requirement.ALTERNATIVE; AuthenticationExecutionModel.Requirement requirement = AuthenticationExecutionModel.Requirement.ALTERNATIVE;
authenticationRequirement(session, realm, type, requirement); authenticationRequirement(session, realm, type, requirement);
} }
public static void authenticationRequirement(KeycloakSession session, RealmModel realm, String type, AuthenticationExecutionModel.Requirement requirement) { public static void authenticationRequirement(KeycloakSession session, RealmModel realm, String type, AuthenticationExecutionModel.Requirement requirement) {
for (AuthenticationFlowModel flow : realm.getAuthenticationFlows()) { for (AuthenticationFlowModel flow : realm.getAuthenticationFlows()) {
for (AuthenticationExecutionModel execution : realm.getAuthenticationExecutions(flow.getId())) { for (AuthenticationExecutionModel execution : realm.getAuthenticationExecutions(flow.getId())) {
String providerId = execution.getAuthenticator(); String providerId = execution.getAuthenticator();
ConfigurableAuthenticatorFactory factory = getConfigurableAuthenticatorFactory(session, providerId); ConfigurableAuthenticatorFactory factory = getConfigurableAuthenticatorFactory(session, providerId);
if (factory == null) continue; if (factory == null) continue;
if (type.equals(factory.getReferenceCategory())) { if (type.equals(factory.getReferenceCategory())) {
execution.setRequirement(requirement); execution.setRequirement(requirement);
realm.updateAuthenticatorExecution(execution); realm.updateAuthenticatorExecution(execution);
} }
} }
} }
} }
public static ConfigurableAuthenticatorFactory getConfigurableAuthenticatorFactory(KeycloakSession session, String providerId) { public static ConfigurableAuthenticatorFactory getConfigurableAuthenticatorFactory(KeycloakSession session, String providerId) {
ConfigurableAuthenticatorFactory factory = (AuthenticatorFactory)session.getKeycloakSessionFactory().getProviderFactory(Authenticator.class, providerId); ConfigurableAuthenticatorFactory factory = (AuthenticatorFactory)session.getKeycloakSessionFactory().getProviderFactory(Authenticator.class, providerId);
if (factory == null) { if (factory == null) {
factory = (FormActionFactory)session.getKeycloakSessionFactory().getProviderFactory(FormAction.class, providerId); factory = (FormActionFactory)session.getKeycloakSessionFactory().getProviderFactory(FormAction.class, providerId);
} }
return factory; return factory;
} }
} }

View file

@ -1,223 +1,223 @@
/* /*
* JBoss, Home of Professional Open Source. * JBoss, Home of Professional Open Source.
* Copyright 2012, Red Hat, Inc., and individual contributors * Copyright 2012, Red Hat, Inc., and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the * as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors. * distribution for a full listing of individual contributors.
* *
* This is free software; you can redistribute it and/or modify it * This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as * under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of * published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version. * the License, or (at your option) any later version.
* *
* This software is distributed in the hope that it will be useful, * This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of * but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details. * Lesser General Public License for more details.
* *
* You should have received a copy of the GNU Lesser General Public * You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free * License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org. * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/ */
package org.keycloak.testsuite.actions; package org.keycloak.testsuite.actions;
import org.junit.Assert; import org.junit.Assert;
import org.junit.ClassRule; import org.junit.ClassRule;
import org.junit.Rule; import org.junit.Rule;
import org.junit.Test; import org.junit.Test;
import org.keycloak.authentication.requiredactions.UpdateTotp; import org.keycloak.authentication.requiredactions.UpdateTotp;
import org.keycloak.events.Details; import org.keycloak.events.Details;
import org.keycloak.events.Event; import org.keycloak.events.Event;
import org.keycloak.events.EventType; import org.keycloak.events.EventType;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredActionProviderModel; import org.keycloak.models.RequiredActionProviderModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.models.utils.TimeBasedOTP; import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.representations.idm.CredentialRepresentation; import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.services.managers.RealmManager; import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.OAuthClient; import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.pages.AccountTotpPage; import org.keycloak.testsuite.pages.AccountTotpPage;
import org.keycloak.testsuite.pages.AppPage; import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.AppPage.RequestType; import org.keycloak.testsuite.pages.AppPage.RequestType;
import org.keycloak.testsuite.pages.LoginConfigTotpPage; import org.keycloak.testsuite.pages.LoginConfigTotpPage;
import org.keycloak.testsuite.pages.LoginPage; import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.LoginTotpPage; import org.keycloak.testsuite.pages.LoginTotpPage;
import org.keycloak.testsuite.pages.RegisterPage; import org.keycloak.testsuite.pages.RegisterPage;
import org.keycloak.testsuite.rule.KeycloakRule; import org.keycloak.testsuite.rule.KeycloakRule;
import org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup; import org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup;
import org.keycloak.testsuite.rule.WebResource; import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule; import org.keycloak.testsuite.rule.WebRule;
import org.keycloak.utils.CredentialHelper; import org.keycloak.utils.CredentialHelper;
import org.openqa.selenium.WebDriver; import org.openqa.selenium.WebDriver;
/** /**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a> * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/ */
public class RequiredActionTotpSetupTest { public class RequiredActionTotpSetupTest {
@ClassRule @ClassRule
public static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakSetup() { public static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakSetup() {
@Override @Override
public void config(RealmManager manager, RealmModel defaultRealm, RealmModel appRealm) { public void config(RealmManager manager, RealmModel defaultRealm, RealmModel appRealm) {
CredentialHelper.setRequiredCredential(manager.getSession(), CredentialRepresentation.TOTP, appRealm); CredentialHelper.setRequiredCredential(manager.getSession(), CredentialRepresentation.TOTP, appRealm);
//appRealm.addRequiredCredential(CredentialRepresentation.TOTP); //appRealm.addRequiredCredential(CredentialRepresentation.TOTP);
RequiredActionProviderModel requiredAction = appRealm.getRequiredActionProviderByAlias(UserModel.RequiredAction.CONFIGURE_TOTP.name()); RequiredActionProviderModel requiredAction = appRealm.getRequiredActionProviderByAlias(UserModel.RequiredAction.CONFIGURE_TOTP.name());
requiredAction.setDefaultAction(true); requiredAction.setDefaultAction(true);
appRealm.updateRequiredActionProvider(requiredAction); appRealm.updateRequiredActionProvider(requiredAction);
appRealm.setResetPasswordAllowed(true); appRealm.setResetPasswordAllowed(true);
} }
}); });
@Rule @Rule
public AssertEvents events = new AssertEvents(keycloakRule); public AssertEvents events = new AssertEvents(keycloakRule);
@Rule @Rule
public WebRule webRule = new WebRule(this); public WebRule webRule = new WebRule(this);
@WebResource @WebResource
protected WebDriver driver; protected WebDriver driver;
@WebResource @WebResource
protected AppPage appPage; protected AppPage appPage;
@WebResource @WebResource
protected LoginPage loginPage; protected LoginPage loginPage;
@WebResource @WebResource
protected LoginTotpPage loginTotpPage; protected LoginTotpPage loginTotpPage;
@WebResource @WebResource
protected LoginConfigTotpPage totpPage; protected LoginConfigTotpPage totpPage;
@WebResource @WebResource
protected AccountTotpPage accountTotpPage; protected AccountTotpPage accountTotpPage;
@WebResource @WebResource
protected OAuthClient oauth; protected OAuthClient oauth;
@WebResource @WebResource
protected RegisterPage registerPage; protected RegisterPage registerPage;
protected TimeBasedOTP totp = new TimeBasedOTP(); protected TimeBasedOTP totp = new TimeBasedOTP();
@Test @Test
public void setupTotpRegister() { public void setupTotpRegister() {
loginPage.open(); loginPage.open();
loginPage.clickRegister(); loginPage.clickRegister();
registerPage.register("firstName", "lastName", "email@mail.com", "setupTotp", "password", "password"); registerPage.register("firstName", "lastName", "email@mail.com", "setupTotp", "password", "password");
String userId = events.expectRegister("setupTotp", "email@mail.com").assertEvent().getUserId(); String userId = events.expectRegister("setupTotp", "email@mail.com").assertEvent().getUserId();
totpPage.assertCurrent(); totpPage.assertCurrent();
totpPage.configure(totp.generate(totpPage.getTotpSecret())); totpPage.configure(totp.generate(totpPage.getTotpSecret()));
String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setuptotp").assertEvent().getSessionId(); String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setuptotp").assertEvent().getSessionId();
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType()); Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().user(userId).session(sessionId).detail(Details.USERNAME, "setuptotp").assertEvent(); events.expectLogin().user(userId).session(sessionId).detail(Details.USERNAME, "setuptotp").assertEvent();
} }
@Test @Test
public void setupTotpExisting() { public void setupTotpExisting() {
loginPage.open(); loginPage.open();
loginPage.login("test-user@localhost", "password"); loginPage.login("test-user@localhost", "password");
totpPage.assertCurrent(); totpPage.assertCurrent();
String totpSecret = totpPage.getTotpSecret(); String totpSecret = totpPage.getTotpSecret();
totpPage.configure(totp.generate(totpSecret)); totpPage.configure(totp.generate(totpSecret));
String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).assertEvent().getSessionId(); String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).assertEvent().getSessionId();
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType()); Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
Event loginEvent = events.expectLogin().session(sessionId).assertEvent(); Event loginEvent = events.expectLogin().session(sessionId).assertEvent();
oauth.openLogout(); oauth.openLogout();
events.expectLogout(loginEvent.getSessionId()).assertEvent(); events.expectLogout(loginEvent.getSessionId()).assertEvent();
loginPage.open(); loginPage.open();
loginPage.login("test-user@localhost", "password"); loginPage.login("test-user@localhost", "password");
String src = driver.getPageSource(); String src = driver.getPageSource();
loginTotpPage.login(totp.generate(totpSecret)); loginTotpPage.login(totp.generate(totpSecret));
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType()); Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent(); events.expectLogin().assertEvent();
} }
@Test @Test
public void setupTotpRegisteredAfterTotpRemoval() { public void setupTotpRegisteredAfterTotpRemoval() {
// Register new user // Register new user
loginPage.open(); loginPage.open();
loginPage.clickRegister(); loginPage.clickRegister();
registerPage.register("firstName2", "lastName2", "email2@mail.com", "setupTotp2", "password2", "password2"); registerPage.register("firstName2", "lastName2", "email2@mail.com", "setupTotp2", "password2", "password2");
String userId = events.expectRegister("setupTotp2", "email2@mail.com").assertEvent().getUserId(); String userId = events.expectRegister("setupTotp2", "email2@mail.com").assertEvent().getUserId();
// Configure totp // Configure totp
totpPage.assertCurrent(); totpPage.assertCurrent();
String totpCode = totpPage.getTotpSecret(); String totpCode = totpPage.getTotpSecret();
totpPage.configure(totp.generate(totpCode)); totpPage.configure(totp.generate(totpCode));
// After totp config, user should be on the app page // After totp config, user should be on the app page
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType()); Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent(); events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent();
Event loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent(); Event loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent();
// Logout // Logout
oauth.openLogout(); oauth.openLogout();
events.expectLogout(loginEvent.getSessionId()).user(userId).assertEvent(); events.expectLogout(loginEvent.getSessionId()).user(userId).assertEvent();
// Try to login after logout // Try to login after logout
loginPage.open(); loginPage.open();
loginPage.login("setupTotp2", "password2"); loginPage.login("setupTotp2", "password2");
// Totp is already configured, thus one-time password is needed, login page should be loaded // Totp is already configured, thus one-time password is needed, login page should be loaded
Assert.assertTrue(loginPage.isCurrent()); Assert.assertTrue(loginPage.isCurrent());
Assert.assertFalse(totpPage.isCurrent()); Assert.assertFalse(totpPage.isCurrent());
// Login with one-time password // Login with one-time password
loginTotpPage.login(totp.generate(totpCode)); loginTotpPage.login(totp.generate(totpCode));
loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent(); loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent();
// Open account page // Open account page
accountTotpPage.open(); accountTotpPage.open();
accountTotpPage.assertCurrent(); accountTotpPage.assertCurrent();
// Remove google authentificator // Remove google authentificator
accountTotpPage.removeTotp(); accountTotpPage.removeTotp();
events.expectAccount(EventType.REMOVE_TOTP).user(userId).assertEvent(); events.expectAccount(EventType.REMOVE_TOTP).user(userId).assertEvent();
// Logout // Logout
oauth.openLogout(); oauth.openLogout();
events.expectLogout(loginEvent.getSessionId()).user(userId).assertEvent(); events.expectLogout(loginEvent.getSessionId()).user(userId).assertEvent();
// Try to login // Try to login
loginPage.open(); loginPage.open();
loginPage.login("setupTotp2", "password2"); loginPage.login("setupTotp2", "password2");
// Since the authentificator was removed, it has to be set up again // Since the authentificator was removed, it has to be set up again
totpPage.assertCurrent(); totpPage.assertCurrent();
totpPage.configure(totp.generate(totpPage.getTotpSecret())); totpPage.configure(totp.generate(totpPage.getTotpSecret()));
String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent().getSessionId(); String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent().getSessionId();
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType()); Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().user(userId).session(sessionId).detail(Details.USERNAME, "setuptotp2").assertEvent(); events.expectLogin().user(userId).session(sessionId).detail(Details.USERNAME, "setuptotp2").assertEvent();
} }
} }

View file

@ -1,296 +1,296 @@
/* /*
* JBoss, Home of Professional Open Source. * JBoss, Home of Professional Open Source.
* Copyright 2012, Red Hat, Inc., and individual contributors * Copyright 2012, Red Hat, Inc., and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the * as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors. * distribution for a full listing of individual contributors.
* *
* This is free software; you can redistribute it and/or modify it * This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as * under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of * published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version. * the License, or (at your option) any later version.
* *
* This software is distributed in the hope that it will be useful, * This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of * but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details. * Lesser General Public License for more details.
* *
* You should have received a copy of the GNU Lesser General Public * You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free * License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org. * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/ */
package org.keycloak.testsuite.composites; package org.keycloak.testsuite.composites;
import org.junit.Assert; import org.junit.Assert;
import org.junit.ClassRule; import org.junit.ClassRule;
import org.junit.Rule; import org.junit.Rule;
import org.junit.Test; import org.junit.Test;
import org.keycloak.OAuth2Constants; import org.keycloak.OAuth2Constants;
import org.keycloak.enums.SslRequired; import org.keycloak.enums.SslRequired;
import org.keycloak.models.ClientModel; import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel; import org.keycloak.models.RoleModel;
import org.keycloak.models.UserCredentialModel; import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.representations.AccessToken; import org.keycloak.representations.AccessToken;
import org.keycloak.services.managers.ClientManager; import org.keycloak.services.managers.ClientManager;
import org.keycloak.services.managers.RealmManager; import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.ApplicationServlet; import org.keycloak.testsuite.ApplicationServlet;
import org.keycloak.testsuite.OAuthClient; import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.OAuthClient.AccessTokenResponse; import org.keycloak.testsuite.OAuthClient.AccessTokenResponse;
import org.keycloak.testsuite.pages.LoginPage; import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.rule.AbstractKeycloakRule; import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.keycloak.testsuite.rule.WebResource; import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule; import org.keycloak.testsuite.rule.WebRule;
import org.openqa.selenium.WebDriver; import org.openqa.selenium.WebDriver;
import java.security.PublicKey; import java.security.PublicKey;
/** /**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a> * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/ */
public class CompositeRoleTest { public class CompositeRoleTest {
public static PublicKey realmPublicKey; public static PublicKey realmPublicKey;
@ClassRule @ClassRule
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule(){ public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule(){
@Override @Override
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) { protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
RealmModel realm = manager.createRealm("test"); RealmModel realm = manager.createRealm("test");
KeycloakModelUtils.generateRealmKeys(realm); KeycloakModelUtils.generateRealmKeys(realm);
realmPublicKey = realm.getPublicKey(); realmPublicKey = realm.getPublicKey();
realm.setSsoSessionIdleTimeout(3000); realm.setSsoSessionIdleTimeout(3000);
realm.setAccessTokenLifespan(10000); realm.setAccessTokenLifespan(10000);
realm.setSsoSessionMaxLifespan(10000); realm.setSsoSessionMaxLifespan(10000);
realm.setAccessCodeLifespanUserAction(1000); realm.setAccessCodeLifespanUserAction(1000);
realm.setAccessCodeLifespan(1000); realm.setAccessCodeLifespan(1000);
realm.setSslRequired(SslRequired.EXTERNAL); realm.setSslRequired(SslRequired.EXTERNAL);
realm.setEnabled(true); realm.setEnabled(true);
realm.addRequiredCredential(UserCredentialModel.PASSWORD); realm.addRequiredCredential(UserCredentialModel.PASSWORD);
final RoleModel realmRole1 = realm.addRole("REALM_ROLE_1"); final RoleModel realmRole1 = realm.addRole("REALM_ROLE_1");
final RoleModel realmRole2 = realm.addRole("REALM_ROLE_2"); final RoleModel realmRole2 = realm.addRole("REALM_ROLE_2");
final RoleModel realmRole3 = realm.addRole("REALM_ROLE_3"); final RoleModel realmRole3 = realm.addRole("REALM_ROLE_3");
final RoleModel realmComposite1 = realm.addRole("REALM_COMPOSITE_1"); final RoleModel realmComposite1 = realm.addRole("REALM_COMPOSITE_1");
realmComposite1.addCompositeRole(realmRole1); realmComposite1.addCompositeRole(realmRole1);
final UserModel realmComposite1User = session.users().addUser(realm, "REALM_COMPOSITE_1_USER"); final UserModel realmComposite1User = session.users().addUser(realm, "REALM_COMPOSITE_1_USER");
realmComposite1User.setEnabled(true); realmComposite1User.setEnabled(true);
realmComposite1User.updateCredential(UserCredentialModel.password("password")); realmComposite1User.updateCredential(UserCredentialModel.password("password"));
realmComposite1User.grantRole(realmComposite1); realmComposite1User.grantRole(realmComposite1);
final UserModel realmRole1User = session.users().addUser(realm, "REALM_ROLE_1_USER"); final UserModel realmRole1User = session.users().addUser(realm, "REALM_ROLE_1_USER");
realmRole1User.setEnabled(true); realmRole1User.setEnabled(true);
realmRole1User.updateCredential(UserCredentialModel.password("password")); realmRole1User.updateCredential(UserCredentialModel.password("password"));
realmRole1User.grantRole(realmRole1); realmRole1User.grantRole(realmRole1);
final ClientModel realmComposite1Application = new ClientManager(manager).createClient(realm, "REALM_COMPOSITE_1_APPLICATION"); final ClientModel realmComposite1Application = new ClientManager(manager).createClient(realm, "REALM_COMPOSITE_1_APPLICATION");
realmComposite1Application.setFullScopeAllowed(false); realmComposite1Application.setFullScopeAllowed(false);
realmComposite1Application.setEnabled(true); realmComposite1Application.setEnabled(true);
realmComposite1Application.addScopeMapping(realmComposite1); realmComposite1Application.addScopeMapping(realmComposite1);
realmComposite1Application.addRedirectUri("http://localhost:8081/app/*"); realmComposite1Application.addRedirectUri("http://localhost:8081/app/*");
realmComposite1Application.setBaseUrl("http://localhost:8081/app"); realmComposite1Application.setBaseUrl("http://localhost:8081/app");
realmComposite1Application.setManagementUrl("http://localhost:8081/app/logout"); realmComposite1Application.setManagementUrl("http://localhost:8081/app/logout");
realmComposite1Application.setSecret("password"); realmComposite1Application.setSecret("password");
final ClientModel realmRole1Application = new ClientManager(manager).createClient(realm, "REALM_ROLE_1_APPLICATION"); final ClientModel realmRole1Application = new ClientManager(manager).createClient(realm, "REALM_ROLE_1_APPLICATION");
realmRole1Application.setFullScopeAllowed(false); realmRole1Application.setFullScopeAllowed(false);
realmRole1Application.setEnabled(true); realmRole1Application.setEnabled(true);
realmRole1Application.addScopeMapping(realmRole1); realmRole1Application.addScopeMapping(realmRole1);
realmRole1Application.addRedirectUri("http://localhost:8081/app/*"); realmRole1Application.addRedirectUri("http://localhost:8081/app/*");
realmRole1Application.setBaseUrl("http://localhost:8081/app"); realmRole1Application.setBaseUrl("http://localhost:8081/app");
realmRole1Application.setManagementUrl("http://localhost:8081/app/logout"); realmRole1Application.setManagementUrl("http://localhost:8081/app/logout");
realmRole1Application.setSecret("password"); realmRole1Application.setSecret("password");
final ClientModel appRoleApplication = new ClientManager(manager).createClient(realm, "APP_ROLE_APPLICATION"); final ClientModel appRoleApplication = new ClientManager(manager).createClient(realm, "APP_ROLE_APPLICATION");
appRoleApplication.setFullScopeAllowed(false); appRoleApplication.setFullScopeAllowed(false);
appRoleApplication.setEnabled(true); appRoleApplication.setEnabled(true);
appRoleApplication.addRedirectUri("http://localhost:8081/app/*"); appRoleApplication.addRedirectUri("http://localhost:8081/app/*");
appRoleApplication.setBaseUrl("http://localhost:8081/app"); appRoleApplication.setBaseUrl("http://localhost:8081/app");
appRoleApplication.setManagementUrl("http://localhost:8081/app/logout"); appRoleApplication.setManagementUrl("http://localhost:8081/app/logout");
appRoleApplication.setSecret("password"); appRoleApplication.setSecret("password");
final RoleModel appRole1 = appRoleApplication.addRole("APP_ROLE_1"); final RoleModel appRole1 = appRoleApplication.addRole("APP_ROLE_1");
final RoleModel appRole2 = appRoleApplication.addRole("APP_ROLE_2"); final RoleModel appRole2 = appRoleApplication.addRole("APP_ROLE_2");
final RoleModel realmAppCompositeRole = realm.addRole("REALM_APP_COMPOSITE_ROLE"); final RoleModel realmAppCompositeRole = realm.addRole("REALM_APP_COMPOSITE_ROLE");
realmAppCompositeRole.addCompositeRole(appRole1); realmAppCompositeRole.addCompositeRole(appRole1);
final UserModel realmAppCompositeUser = session.users().addUser(realm, "REALM_APP_COMPOSITE_USER"); final UserModel realmAppCompositeUser = session.users().addUser(realm, "REALM_APP_COMPOSITE_USER");
realmAppCompositeUser.setEnabled(true); realmAppCompositeUser.setEnabled(true);
realmAppCompositeUser.updateCredential(UserCredentialModel.password("password")); realmAppCompositeUser.updateCredential(UserCredentialModel.password("password"));
realmAppCompositeUser.grantRole(realmAppCompositeRole); realmAppCompositeUser.grantRole(realmAppCompositeRole);
final UserModel realmAppRoleUser = session.users().addUser(realm, "REALM_APP_ROLE_USER"); final UserModel realmAppRoleUser = session.users().addUser(realm, "REALM_APP_ROLE_USER");
realmAppRoleUser.setEnabled(true); realmAppRoleUser.setEnabled(true);
realmAppRoleUser.updateCredential(UserCredentialModel.password("password")); realmAppRoleUser.updateCredential(UserCredentialModel.password("password"));
realmAppRoleUser.grantRole(appRole2); realmAppRoleUser.grantRole(appRole2);
final ClientModel appCompositeApplication = new ClientManager(manager).createClient(realm, "APP_COMPOSITE_APPLICATION"); final ClientModel appCompositeApplication = new ClientManager(manager).createClient(realm, "APP_COMPOSITE_APPLICATION");
appCompositeApplication.setFullScopeAllowed(false); appCompositeApplication.setFullScopeAllowed(false);
appCompositeApplication.setEnabled(true); appCompositeApplication.setEnabled(true);
appCompositeApplication.addRedirectUri("http://localhost:8081/app/*"); appCompositeApplication.addRedirectUri("http://localhost:8081/app/*");
appCompositeApplication.setBaseUrl("http://localhost:8081/app"); appCompositeApplication.setBaseUrl("http://localhost:8081/app");
appCompositeApplication.setManagementUrl("http://localhost:8081/app/logout"); appCompositeApplication.setManagementUrl("http://localhost:8081/app/logout");
appCompositeApplication.setSecret("password"); appCompositeApplication.setSecret("password");
final RoleModel appCompositeRole = appCompositeApplication.addRole("APP_COMPOSITE_ROLE"); final RoleModel appCompositeRole = appCompositeApplication.addRole("APP_COMPOSITE_ROLE");
appCompositeApplication.addScopeMapping(appRole2); appCompositeApplication.addScopeMapping(appRole2);
appCompositeRole.addCompositeRole(realmRole1); appCompositeRole.addCompositeRole(realmRole1);
appCompositeRole.addCompositeRole(realmRole2); appCompositeRole.addCompositeRole(realmRole2);
appCompositeRole.addCompositeRole(realmRole3); appCompositeRole.addCompositeRole(realmRole3);
appCompositeRole.addCompositeRole(appRole1); appCompositeRole.addCompositeRole(appRole1);
final UserModel appCompositeUser = session.users().addUser(realm, "APP_COMPOSITE_USER"); final UserModel appCompositeUser = session.users().addUser(realm, "APP_COMPOSITE_USER");
appCompositeUser.setEnabled(true); appCompositeUser.setEnabled(true);
appCompositeUser.updateCredential(UserCredentialModel.password("password")); appCompositeUser.updateCredential(UserCredentialModel.password("password"));
appCompositeUser.grantRole(realmAppCompositeRole); appCompositeUser.grantRole(realmAppCompositeRole);
appCompositeUser.grantRole(realmComposite1); appCompositeUser.grantRole(realmComposite1);
deployServlet("app", "/app", ApplicationServlet.class); deployServlet("app", "/app", ApplicationServlet.class);
} }
}; };
@Rule @Rule
public WebRule webRule = new WebRule(this); public WebRule webRule = new WebRule(this);
@WebResource @WebResource
protected WebDriver driver; protected WebDriver driver;
@WebResource @WebResource
protected OAuthClient oauth; protected OAuthClient oauth;
@WebResource @WebResource
protected LoginPage loginPage; protected LoginPage loginPage;
@Test @Test
public void testAppCompositeUser() throws Exception { public void testAppCompositeUser() throws Exception {
oauth.realm("test"); oauth.realm("test");
oauth.realmPublicKey(realmPublicKey); oauth.realmPublicKey(realmPublicKey);
oauth.clientId("APP_COMPOSITE_APPLICATION"); oauth.clientId("APP_COMPOSITE_APPLICATION");
oauth.doLogin("APP_COMPOSITE_USER", "password"); oauth.doLogin("APP_COMPOSITE_USER", "password");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE); String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password"); AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode()); Assert.assertEquals(200, response.getStatusCode());
Assert.assertEquals("bearer", response.getTokenType()); Assert.assertEquals("bearer", response.getTokenType());
AccessToken token = oauth.verifyToken(response.getAccessToken()); AccessToken token = oauth.verifyToken(response.getAccessToken());
Assert.assertEquals(keycloakRule.getUser("test", "APP_COMPOSITE_USER").getId(), token.getSubject()); Assert.assertEquals(keycloakRule.getUser("test", "APP_COMPOSITE_USER").getId(), token.getSubject());
Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size()); Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size());
Assert.assertEquals(1, token.getRealmAccess().getRoles().size()); Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1")); Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1")); Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password"); AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
Assert.assertEquals(200, refreshResponse.getStatusCode()); Assert.assertEquals(200, refreshResponse.getStatusCode());
} }
@Test @Test
public void testRealmAppCompositeUser() throws Exception { public void testRealmAppCompositeUser() throws Exception {
oauth.realm("test"); oauth.realm("test");
oauth.realmPublicKey(realmPublicKey); oauth.realmPublicKey(realmPublicKey);
oauth.clientId("APP_ROLE_APPLICATION"); oauth.clientId("APP_ROLE_APPLICATION");
oauth.doLogin("REALM_APP_COMPOSITE_USER", "password"); oauth.doLogin("REALM_APP_COMPOSITE_USER", "password");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE); String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password"); AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode()); Assert.assertEquals(200, response.getStatusCode());
Assert.assertEquals("bearer", response.getTokenType()); Assert.assertEquals("bearer", response.getTokenType());
AccessToken token = oauth.verifyToken(response.getAccessToken()); AccessToken token = oauth.verifyToken(response.getAccessToken());
Assert.assertEquals(keycloakRule.getUser("test", "REALM_APP_COMPOSITE_USER").getId(), token.getSubject()); Assert.assertEquals(keycloakRule.getUser("test", "REALM_APP_COMPOSITE_USER").getId(), token.getSubject());
Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size()); Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size());
Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1")); Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password"); AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
Assert.assertEquals(200, refreshResponse.getStatusCode()); Assert.assertEquals(200, refreshResponse.getStatusCode());
} }
@Test @Test
public void testRealmOnlyWithUserCompositeAppComposite() throws Exception { public void testRealmOnlyWithUserCompositeAppComposite() throws Exception {
oauth.realm("test"); oauth.realm("test");
oauth.realmPublicKey(realmPublicKey); oauth.realmPublicKey(realmPublicKey);
oauth.clientId("REALM_COMPOSITE_1_APPLICATION"); oauth.clientId("REALM_COMPOSITE_1_APPLICATION");
oauth.doLogin("REALM_COMPOSITE_1_USER", "password"); oauth.doLogin("REALM_COMPOSITE_1_USER", "password");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE); String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password"); AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode()); Assert.assertEquals(200, response.getStatusCode());
Assert.assertEquals("bearer", response.getTokenType()); Assert.assertEquals("bearer", response.getTokenType());
AccessToken token = oauth.verifyToken(response.getAccessToken()); AccessToken token = oauth.verifyToken(response.getAccessToken());
Assert.assertEquals(keycloakRule.getUser("test", "REALM_COMPOSITE_1_USER").getId(), token.getSubject()); Assert.assertEquals(keycloakRule.getUser("test", "REALM_COMPOSITE_1_USER").getId(), token.getSubject());
Assert.assertEquals(2, token.getRealmAccess().getRoles().size()); Assert.assertEquals(2, token.getRealmAccess().getRoles().size());
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_COMPOSITE_1")); Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_COMPOSITE_1"));
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1")); Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password"); AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
Assert.assertEquals(200, refreshResponse.getStatusCode()); Assert.assertEquals(200, refreshResponse.getStatusCode());
} }
@Test @Test
public void testRealmOnlyWithUserCompositeAppRole() throws Exception { public void testRealmOnlyWithUserCompositeAppRole() throws Exception {
oauth.realm("test"); oauth.realm("test");
oauth.realmPublicKey(realmPublicKey); oauth.realmPublicKey(realmPublicKey);
oauth.clientId("REALM_ROLE_1_APPLICATION"); oauth.clientId("REALM_ROLE_1_APPLICATION");
oauth.doLogin("REALM_COMPOSITE_1_USER", "password"); oauth.doLogin("REALM_COMPOSITE_1_USER", "password");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE); String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password"); AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode()); Assert.assertEquals(200, response.getStatusCode());
Assert.assertEquals("bearer", response.getTokenType()); Assert.assertEquals("bearer", response.getTokenType());
AccessToken token = oauth.verifyToken(response.getAccessToken()); AccessToken token = oauth.verifyToken(response.getAccessToken());
Assert.assertEquals(keycloakRule.getUser("test", "REALM_COMPOSITE_1_USER").getId(), token.getSubject()); Assert.assertEquals(keycloakRule.getUser("test", "REALM_COMPOSITE_1_USER").getId(), token.getSubject());
Assert.assertEquals(1, token.getRealmAccess().getRoles().size()); Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1")); Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password"); AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
Assert.assertEquals(200, refreshResponse.getStatusCode()); Assert.assertEquals(200, refreshResponse.getStatusCode());
} }
@Test @Test
public void testRealmOnlyWithUserRoleAppComposite() throws Exception { public void testRealmOnlyWithUserRoleAppComposite() throws Exception {
oauth.realm("test"); oauth.realm("test");
oauth.realmPublicKey(realmPublicKey); oauth.realmPublicKey(realmPublicKey);
oauth.clientId("REALM_COMPOSITE_1_APPLICATION"); oauth.clientId("REALM_COMPOSITE_1_APPLICATION");
oauth.doLogin("REALM_ROLE_1_USER", "password"); oauth.doLogin("REALM_ROLE_1_USER", "password");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE); String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password"); AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode()); Assert.assertEquals(200, response.getStatusCode());
Assert.assertEquals("bearer", response.getTokenType()); Assert.assertEquals("bearer", response.getTokenType());
AccessToken token = oauth.verifyToken(response.getAccessToken()); AccessToken token = oauth.verifyToken(response.getAccessToken());
Assert.assertEquals(keycloakRule.getUser("test", "REALM_ROLE_1_USER").getId(), token.getSubject()); Assert.assertEquals(keycloakRule.getUser("test", "REALM_ROLE_1_USER").getId(), token.getSubject());
Assert.assertEquals(1, token.getRealmAccess().getRoles().size()); Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1")); Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password"); AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
Assert.assertEquals(200, refreshResponse.getStatusCode()); Assert.assertEquals(200, refreshResponse.getStatusCode());
} }
} }