change role name
This commit is contained in:
Bill Burke
parent
852e9274d4
commit
6b991b850e
3 changed files with 5 additions and 26 deletions
|
|
@ -101,7 +101,7 @@ public interface OAuth2Constants {
|
||||||
String REFRESH_TOKEN_TYPE="urn:ietf:params:oauth:token-type:refresh_token";
|
String REFRESH_TOKEN_TYPE="urn:ietf:params:oauth:token-type:refresh_token";
|
||||||
String JWT_TOKEN_TYPE="urn:ietf:params:oauth:token-type:jwt";
|
String JWT_TOKEN_TYPE="urn:ietf:params:oauth:token-type:jwt";
|
||||||
String ID_TOKEN_TYPE="urn:ietf:params:oauth:token-type:id_token";
|
String ID_TOKEN_TYPE="urn:ietf:params:oauth:token-type:id_token";
|
||||||
String TOKEN_EXCHANGEABLE ="token-exchangeable";
|
String TOKEN_EXCHANGER ="token-exchanger";
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -602,8 +602,8 @@ public class TokenEndpoint {
|
||||||
boolean allowed = false;
|
boolean allowed = false;
|
||||||
UserModel serviceAccount = session.users().getServiceAccount(client);
|
UserModel serviceAccount = session.users().getServiceAccount(client);
|
||||||
if (serviceAccount != null) {
|
if (serviceAccount != null) {
|
||||||
RoleModel exchangeable = targetClient.getRole(OAuth2Constants.TOKEN_EXCHANGEABLE);
|
RoleModel exchangeable = targetClient.getRole(OAuth2Constants.TOKEN_EXCHANGER);
|
||||||
RoleModel realmExchangeable = AdminPermissions.management(session, realm).getRealmManagementClient().getRole(OAuth2Constants.TOKEN_EXCHANGEABLE);
|
RoleModel realmExchangeable = AdminPermissions.management(session, realm).getRealmManagementClient().getRole(OAuth2Constants.TOKEN_EXCHANGER);
|
||||||
allowed = (exchangeable != null && serviceAccount.hasRole(exchangeable)) || (realmExchangeable != null && serviceAccount.hasRole(realmExchangeable));
|
allowed = (exchangeable != null && serviceAccount.hasRole(exchangeable)) || (realmExchangeable != null && serviceAccount.hasRole(realmExchangeable));
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -17,48 +17,27 @@
|
||||||
|
|
||||||
package org.keycloak.testsuite.oauth;
|
package org.keycloak.testsuite.oauth;
|
||||||
|
|
||||||
import org.apache.http.HttpResponse;
|
|
||||||
import org.apache.http.client.methods.HttpPost;
|
|
||||||
import org.apache.http.impl.client.DefaultHttpClient;
|
|
||||||
import org.jboss.arquillian.container.test.api.Deployment;
|
import org.jboss.arquillian.container.test.api.Deployment;
|
||||||
import org.jboss.shrinkwrap.api.spec.WebArchive;
|
import org.jboss.shrinkwrap.api.spec.WebArchive;
|
||||||
import org.junit.Before;
|
|
||||||
import org.junit.Rule;
|
import org.junit.Rule;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.keycloak.OAuth2Constants;
|
import org.keycloak.OAuth2Constants;
|
||||||
import org.keycloak.TokenVerifier;
|
import org.keycloak.TokenVerifier;
|
||||||
import org.keycloak.admin.client.resource.RealmResource;
|
|
||||||
import org.keycloak.authentication.authenticators.client.ClientIdAndSecretAuthenticator;
|
|
||||||
import org.keycloak.events.Details;
|
|
||||||
import org.keycloak.events.Errors;
|
|
||||||
import org.keycloak.models.ClientModel;
|
import org.keycloak.models.ClientModel;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.RoleModel;
|
import org.keycloak.models.RoleModel;
|
||||||
import org.keycloak.models.UserCredentialModel;
|
import org.keycloak.models.UserCredentialModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
|
||||||
import org.keycloak.models.utils.TimeBasedOTP;
|
|
||||||
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
||||||
import org.keycloak.representations.AccessToken;
|
import org.keycloak.representations.AccessToken;
|
||||||
import org.keycloak.representations.RefreshToken;
|
|
||||||
import org.keycloak.representations.idm.ClientRepresentation;
|
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
import org.keycloak.representations.idm.UserRepresentation;
|
|
||||||
import org.keycloak.services.resources.admin.permissions.AdminPermissions;
|
import org.keycloak.services.resources.admin.permissions.AdminPermissions;
|
||||||
import org.keycloak.testsuite.AbstractKeycloakTest;
|
import org.keycloak.testsuite.AbstractKeycloakTest;
|
||||||
import org.keycloak.testsuite.Assert;
|
import org.keycloak.testsuite.Assert;
|
||||||
import org.keycloak.testsuite.AssertEvents;
|
import org.keycloak.testsuite.AssertEvents;
|
||||||
import org.keycloak.testsuite.admin.FineGrainAdminUnitTest;
|
|
||||||
import org.keycloak.testsuite.runonserver.RunOnServerDeployment;
|
import org.keycloak.testsuite.runonserver.RunOnServerDeployment;
|
||||||
import org.keycloak.testsuite.util.ClientBuilder;
|
|
||||||
import org.keycloak.testsuite.util.ClientManager;
|
|
||||||
import org.keycloak.testsuite.util.OAuthClient;
|
import org.keycloak.testsuite.util.OAuthClient;
|
||||||
import org.keycloak.testsuite.util.RealmBuilder;
|
|
||||||
import org.keycloak.testsuite.util.RealmManager;
|
|
||||||
import org.keycloak.testsuite.util.UserBuilder;
|
|
||||||
import org.keycloak.testsuite.util.UserManager;
|
|
||||||
import org.keycloak.util.JsonSerialization;
|
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
|
|
@ -89,7 +68,7 @@ public class TokenExchangeTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
public static void setupRealm(KeycloakSession session) {
|
public static void setupRealm(KeycloakSession session) {
|
||||||
RealmModel realm = session.realms().getRealmByName(TEST);
|
RealmModel realm = session.realms().getRealmByName(TEST);
|
||||||
RoleModel realmExchangeable = AdminPermissions.management(session, realm).getRealmManagementClient().addRole(OAuth2Constants.TOKEN_EXCHANGEABLE);
|
RoleModel realmExchangeable = AdminPermissions.management(session, realm).getRealmManagementClient().addRole(OAuth2Constants.TOKEN_EXCHANGER);
|
||||||
|
|
||||||
RoleModel exampleRole = realm.addRole("example");
|
RoleModel exampleRole = realm.addRole("example");
|
||||||
|
|
||||||
|
|
@ -100,7 +79,7 @@ public class TokenExchangeTest extends AbstractKeycloakTest {
|
||||||
target.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
|
target.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
|
||||||
target.setFullScopeAllowed(false);
|
target.setFullScopeAllowed(false);
|
||||||
target.addScopeMapping(exampleRole);
|
target.addScopeMapping(exampleRole);
|
||||||
RoleModel targetExchangeable = target.addRole(OAuth2Constants.TOKEN_EXCHANGEABLE);
|
RoleModel targetExchangeable = target.addRole(OAuth2Constants.TOKEN_EXCHANGER);
|
||||||
|
|
||||||
target = realm.addClient("realm-exchanger");
|
target = realm.addClient("realm-exchanger");
|
||||||
target.setClientId("realm-exchanger");
|
target.setClientId("realm-exchanger");
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue