libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Limit the received content when handling the content as a String

Browse source 
Closes #27293

Co-authored-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
This commit is contained in:
Alexander Schwartz 2024-03-07 12:00:45 +01:00 committed by Alexander Schwartz
parent 66c9f173f2
commit 6de5325d1c
32 changed files with 607 additions and 194 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
docs/documentation/upgrading/topics/changes/changes-25_0_0.adoc
View file

@ -4,6 +4,20 @@ The nonce claim is now only added to the ID token strictly following the OpenID
A new `Nonce backwards compatible` mapper is also included in the software that can be assigned to client scopes to revert to the old behavior. For example, the JS adapter checked the returned `nonce` claim in all the tokens before fixing issue https://github.com/keycloak/keycloak/issues/26651[#26651] in version 24.0.0. Therefore, if an old version of the JS adapter is used, the mapper should be added to the required clients by using client scopes. A new `Nonce backwards compatible` mapper is also included in the software that can be assigned to client scopes to revert to the old behavior. For example, the JS adapter checked the returned `nonce` claim in all the tokens before fixing issue https://github.com/keycloak/keycloak/issues/26651[#26651] in version 24.0.0. Therefore, if an old version of the JS adapter is used, the mapper should be added to the required clients by using client scopes.
= Limiting memory usage when consuming HTTP responses
In some scenarios like brokering Keycloak uses HTTP to talk to external servers.
To avoid a denial of service when those providers send too much data, {project_name} now restricts responses to 10 MB by default.
Users can configure this limit by setting the provider configuration option `spi-connections-http-client-default-max-consumed-response-size`:
.Restricting the consumed responses to 1 MB
[source,bash]
----
bin/kc.[sh|bat] --spi-connections-http-client-default-max-consumed-response-size=1000000
----
= Removed a model module = Removed a model module
The module `org.keycloak:keycloak-model-legacy` module was deprecated in a previous release and is removed in this release. Use the `org.keycloak:keycloak-model-storage` module instead. The module `org.keycloak:keycloak-model-legacy` module was deprecated in a previous release and is removed in this release. Use the `org.keycloak:keycloak-model-storage` module instead.

52
server-spi-private/src/main/java/org/keycloak/broker/provider/util/SimpleHttp.java
View file

@ -43,6 +43,7 @@ import org.apache.http.entity.StringEntity;
import org.apache.http.message.BasicNameValuePair; import org.apache.http.message.BasicNameValuePair;
import org.keycloak.common.util.Base64; import org.keycloak.common.util.Base64;
import org.keycloak.connections.httpclient.HttpClientProvider; import org.keycloak.connections.httpclient.HttpClientProvider;
import org.keycloak.connections.httpclient.SafeInputStream;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;
@ -86,48 +87,54 @@ public class SimpleHttp {
private int connectionRequestTimeoutMillis = UNDEFINED_TIMEOUT; private int connectionRequestTimeoutMillis = UNDEFINED_TIMEOUT;
private long maxConsumedResponseSize;
private RequestConfig.Builder requestConfigBuilder; private RequestConfig.Builder requestConfigBuilder;
protected SimpleHttp(String url, String method, HttpClient client) { protected SimpleHttp(String url, String method, HttpClient client, long maxConsumedResponseSize) {
this.client = client; this.client = client;
this.url = url; this.url = url;
this.method = method; this.method = method;
this.maxConsumedResponseSize = maxConsumedResponseSize;
} }
public static SimpleHttp doDelete(String url, KeycloakSession session) { public static SimpleHttp doDelete(String url, KeycloakSession session) {
return doDelete(url, session.getProvider(HttpClientProvider.class).getHttpClient()); HttpClientProvider provider = session.getProvider(HttpClientProvider.class);
return doDelete(url, provider.getHttpClient(), provider.getMaxConsumedResponseSize());
} }
public static SimpleHttp doDelete(String url, HttpClient client) { protected static SimpleHttp doDelete(String url, HttpClient client, long maxConsumedResponseSize) {
return new SimpleHttp(url, "DELETE", client); return new SimpleHttp(url, "DELETE", client, maxConsumedResponseSize);
} }
public static SimpleHttp doGet(String url, KeycloakSession session) { public static SimpleHttp doGet(String url, KeycloakSession session) {
return doGet(url, session.getProvider(HttpClientProvider.class).getHttpClient()); HttpClientProvider provider = session.getProvider(HttpClientProvider.class);
return doGet(url, provider.getHttpClient(), provider.getMaxConsumedResponseSize());
} }
public static SimpleHttp doGet(String url, HttpClient client) { protected static SimpleHttp doGet(String url, HttpClient client, long maxConsumedResponseSize) {
return new SimpleHttp(url, "GET", client); return new SimpleHttp(url, "GET", client, maxConsumedResponseSize);
} }
public static SimpleHttp doPost(String url, KeycloakSession session) { public static SimpleHttp doPost(String url, KeycloakSession session) {
return doPost(url, session.getProvider(HttpClientProvider.class).getHttpClient()); HttpClientProvider provider = session.getProvider(HttpClientProvider.class);
return doPost(url, provider.getHttpClient(), provider.getMaxConsumedResponseSize());
} }
public static SimpleHttp doPost(String url, HttpClient client) { protected static SimpleHttp doPost(String url, HttpClient client, long maxConsumedResponseSize) {
return new SimpleHttp(url, "POST", client); return new SimpleHttp(url, "POST", client, maxConsumedResponseSize);
} }
public static SimpleHttp doPut(String url, HttpClient client) { protected static SimpleHttp doPut(String url, HttpClient client, long maxConsumedResponseSize) {
return new SimpleHttp(url, "PUT", client); return new SimpleHttp(url, "PUT", client, maxConsumedResponseSize);
} }
public static SimpleHttp doHead(String url, HttpClient client) { protected static SimpleHttp doHead(String url, HttpClient client, long maxConsumedResponseSize) {
return new SimpleHttp(url, "HEAD", client); return new SimpleHttp(url, "HEAD", client, maxConsumedResponseSize);
} }
public static SimpleHttp doPatch(String url, HttpClient client) { protected static SimpleHttp doPatch(String url, HttpClient client, long maxConsumedResponseSize) {
return new SimpleHttp(url, "PATCH", client); return new SimpleHttp(url, "PATCH", client, maxConsumedResponseSize);
} }
public SimpleHttp header(String name, String value) { public SimpleHttp header(String name, String value) {
@ -178,6 +185,11 @@ public class SimpleHttp {
return this; return this;
} }
public SimpleHttp setMaxConsumedResponseSize(long maxConsumedResponseSize) {
this.maxConsumedResponseSize = maxConsumedResponseSize;
return this;
}
public SimpleHttp auth(String token) { public SimpleHttp auth(String token) {
header("Authorization", "Bearer " + token); header("Authorization", "Bearer " + token);
return this; return this;
@ -296,7 +308,7 @@ public class SimpleHttp {
httpRequest.setConfig(requestConfigBuilder.build()); httpRequest.setConfig(requestConfigBuilder.build());
} }
return new Response(client.execute(httpRequest)); return new Response(client.execute(httpRequest), maxConsumedResponseSize);
} }
private RequestConfig.Builder requestConfigBuilder() { private RequestConfig.Builder requestConfigBuilder() {
@ -341,12 +353,14 @@ public class SimpleHttp {
public static class Response implements AutoCloseable { public static class Response implements AutoCloseable {
private final HttpResponse response; private final HttpResponse response;
private final long maxConsumedResponseSize;
private int statusCode = -1; private int statusCode = -1;
private String responseString; private String responseString;
private ContentType contentType; private ContentType contentType;
public Response(HttpResponse response) { public Response(HttpResponse response, long maxConsumedResponseSize) {
this.response = response; this.response = response;
this.maxConsumedResponseSize = maxConsumedResponseSize;
} }
private void readResponse() throws IOException { private void readResponse() throws IOException {
@ -368,6 +382,8 @@ public class SimpleHttp {
} }
} }
is = new SafeInputStream(is, maxConsumedResponseSize);
try (InputStreamReader reader = charset == null ? new InputStreamReader(is, StandardCharsets.UTF_8) : try (InputStreamReader reader = charset == null ? new InputStreamReader(is, StandardCharsets.UTF_8) :
new InputStreamReader(is, charset)) { new InputStreamReader(is, charset)) {

13
server-spi-private/src/main/java/org/keycloak/connections/httpclient/HttpClientProvider.java
View file

@ -55,6 +55,8 @@ public interface HttpClientProvider extends Provider {
* Decoding response with the correct character set is performed according to the headers returned in the server's response. * Decoding response with the correct character set is performed according to the headers returned in the server's response.
* To retrieve binary data, use {@link #getInputStream(String)} * To retrieve binary data, use {@link #getInputStream(String)}
* *
* Implementations should limit the amount of data returned to avoid an {@link OutOfMemoryError}.
*
* @param uri URI with data to receive. * @param uri URI with data to receive.
* @return Body of the response as a String. * @return Body of the response as a String.
* @throws IOException On network errors, no content being returned or a non-2xx HTTP status code * @throws IOException On network errors, no content being returned or a non-2xx HTTP status code
@ -90,4 +92,15 @@ public interface HttpClientProvider extends Provider {
return getInputStream(uri); return getInputStream(uri);
} }
long DEFAULT_MAX_CONSUMED_RESPONSE_SIZE = 10_000_000L;
/**
* Get the configured limit for the response size.
*
* @return number of bytes
*/
default long getMaxConsumedResponseSize() {
return DEFAULT_MAX_CONSUMED_RESPONSE_SIZE;
}
} }

69
server-spi-private/src/main/java/org/keycloak/connections/httpclient/SafeInputStream.java Normal file
View file

@ -0,0 +1,69 @@
/*
* Copyright 2024 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.connections.httpclient;
import java.io.IOException;
import java.io.InputStream;
/**
* Limit the amount of data read to prevent a {@link OutOfMemoryError}.
*
* @author Alexander Schwartz
*/
public class SafeInputStream extends InputStream {
private long bytesConsumed;
private final InputStream delegate;
private final long maxBytesToConsume;
public SafeInputStream(InputStream delegate, long maxBytesToConsume) {
this.delegate = delegate;
this.maxBytesToConsume = maxBytesToConsume;
}
@Override
public int read(byte[] b, int off, int len) throws IOException {
int sizeRead = delegate.read(b, off, len);
if (sizeRead > 0) {
bytesConsumed += sizeRead;
}
checkConsumedBytes();
return sizeRead;
}
private void checkConsumedBytes() throws IOException {
if (bytesConsumed > maxBytesToConsume) {
throw new IOException(String.format("Response is at least %s bytes in size, with max bytes to be consumed being %d", bytesConsumed, maxBytesToConsume));
}
}
@Override
public int read() throws IOException {
int result = delegate.read();
if (result > 0) {
++bytesConsumed;
}
checkConsumedBytes();
return result;
}
@Override
public void close() throws IOException {
delegate.close();
}
}

62
server-spi-private/src/test/java/org/keycloak/broker/provider/util/SimpleHttpTest.java
View file

@ -4,8 +4,9 @@ import org.apache.http.HttpEntity;
import org.apache.http.HttpHost; import org.apache.http.HttpHost;
import org.apache.http.HttpRequest; import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse; import org.apache.http.HttpResponse;
import org.apache.http.HttpStatus;
import org.apache.http.HttpVersion; import org.apache.http.HttpVersion;
import org.apache.http.client.ClientProtocolException; import org.apache.http.ProtocolVersion;
import org.apache.http.client.HttpClient; import org.apache.http.client.HttpClient;
import org.apache.http.client.ResponseHandler; import org.apache.http.client.ResponseHandler;
import org.apache.http.client.methods.HttpPost; import org.apache.http.client.methods.HttpPost;
@ -20,7 +21,9 @@ import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.junit.runners.Parameterized; import org.junit.runners.Parameterized;
import org.junit.runners.Parameterized.Parameters; import org.junit.runners.Parameterized.Parameters;
import org.keycloak.common.util.SecretGenerator;
import org.keycloak.common.util.StreamUtil; import org.keycloak.common.util.StreamUtil;
import org.keycloak.connections.httpclient.HttpClientProvider;
import java.io.IOException; import java.io.IOException;
import java.net.URLEncoder; import java.net.URLEncoder;
@ -29,8 +32,11 @@ import java.nio.charset.StandardCharsets;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collection; import java.util.Collection;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.startsWith;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertNotEquals;
import static org.junit.Assert.assertThrows;
import static org.junit.Assert.fail; import static org.junit.Assert.fail;
/** /**
@ -64,7 +70,7 @@ public final class SimpleHttpTest {
@Test @Test
public void withCharset() throws IOException { public void withCharset() throws IOException {
HttpResponse httpResponse = createBasicResponse(entity); HttpResponse httpResponse = createBasicResponse(entity);
SimpleHttp.Response response = new SimpleHttp.Response(httpResponse); SimpleHttp.Response response = new SimpleHttp.Response(httpResponse, HttpClientProvider.DEFAULT_MAX_CONSUMED_RESPONSE_SIZE);
if (success) { if (success) {
assertEquals(original, response.asString()); assertEquals(original, response.asString());
} else { } else {
@ -90,21 +96,39 @@ public final class SimpleHttpTest {
@Parameters(name = "{index}: requestWithEncoding({0})") @Parameters(name = "{index}: requestWithEncoding({0})")
public static Collection<Object[]> entities() { public static Collection<Object[]> entities() {
return Arrays.asList(new Object[][] { { "English" }, { "Русский" }, { "GermanÜmläütß" } }); return Arrays.asList(new Object[][] {
{ "English" },
{ "Русский" },
{ "GermanÜmläütß" },
{ SecretGenerator.getInstance().randomString(1000) },
{ SecretGenerator.getInstance().randomString(1024) }
});
} }
@Test @Test
public void requestWithEncoding() throws IOException { public void requestWithEncoding() throws IOException {
String expectedResponse = "{\"value\":\"" + value + "\"}";
HttpClientMock client = new HttpClientMock(); HttpClientMock client = new HttpClientMock();
SimpleHttp.doPost("", client).json(new DummyEntity(value)).asResponse(); if (expectedResponse.getBytes(StandardCharsets.UTF_8).length < 1024) {
assertEquals("{\"value\":\"" + value + "\"}", client.data); SimpleHttp.Response response = SimpleHttp.doPost("", client, 1024).json(new DummyEntity(value)).asResponse();
assertEquals(expectedResponse, response.asString());
} else {
IOException e = assertThrows(IOException.class, () -> SimpleHttp.doPost("", client, 1024).json(new DummyEntity(value)).asResponse().asString());
assertThat(e.getMessage(), startsWith("Response is at least"));
}
} }
@Test @Test
public void requestWithEncodingParam() throws IOException { public void requestWithEncodingParam() throws IOException {
String expectedResponse = "dummy=" + URLEncoder.encode(value, "UTF-8");
HttpClientMock client = new HttpClientMock(); HttpClientMock client = new HttpClientMock();
SimpleHttp.doPost("", client).param("dummy", value).asResponse(); if (expectedResponse.getBytes(StandardCharsets.UTF_8).length < 1024) {
assertEquals("dummy=" + URLEncoder.encode(value, "UTF-8"), client.data); SimpleHttp.Response response = SimpleHttp.doPost("", client, 1024).param("dummy", value).asResponse();
assertEquals(expectedResponse, response.asString());
} else {
IOException e = assertThrows(IOException.class, () -> SimpleHttp.doPost("", client, 1024).json(new DummyEntity(value)).asResponse().asString());
assertThat(e.getMessage(), startsWith("Response is at least"));
}
} }
public static final class DummyEntity { public static final class DummyEntity {
@ -119,8 +143,6 @@ public final class SimpleHttpTest {
*/ */
public static final class HttpClientMock implements HttpClient { public static final class HttpClientMock implements HttpClient {
String data;
@Override @Override
public HttpParams getParams() { public HttpParams getParams() {
fail(); return null; fail(); return null;
@ -132,50 +154,52 @@ public final class SimpleHttpTest {
} }
@Override @Override
public HttpResponse execute(HttpUriRequest paramHttpUriRequest) throws IOException, ClientProtocolException { public HttpResponse execute(HttpUriRequest paramHttpUriRequest) throws IOException {
HttpPost post = (HttpPost) paramHttpUriRequest; HttpPost post = (HttpPost) paramHttpUriRequest;
data = StreamUtil.readString(post.getEntity().getContent()); String content = StreamUtil.readString(post.getEntity().getContent(), StandardCharsets.UTF_8);
return null; BasicHttpResponse httpResponse = new BasicHttpResponse(new ProtocolVersion("HTTP", 1, 1), HttpStatus.SC_OK, "OK");
httpResponse.setEntity(new StringEntity(content, StandardCharsets.UTF_8));
return httpResponse;
} }
@Override @Override
public HttpResponse execute(HttpUriRequest paramHttpUriRequest, HttpContext paramHttpContext) public HttpResponse execute(HttpUriRequest paramHttpUriRequest, HttpContext paramHttpContext)
throws IOException, ClientProtocolException { throws IOException {
fail(); return null; fail(); return null;
} }
@Override @Override
public HttpResponse execute(HttpHost paramHttpHost, HttpRequest paramHttpRequest) throws IOException, ClientProtocolException { public HttpResponse execute(HttpHost paramHttpHost, HttpRequest paramHttpRequest) throws IOException {
fail(); return null; fail(); return null;
} }
@Override @Override
public HttpResponse execute(HttpHost paramHttpHost, HttpRequest paramHttpRequest, HttpContext paramHttpContext) public HttpResponse execute(HttpHost paramHttpHost, HttpRequest paramHttpRequest, HttpContext paramHttpContext)
throws IOException, ClientProtocolException { throws IOException {
fail(); return null; fail(); return null;
} }
@Override @Override
public <T> T execute(HttpUriRequest paramHttpUriRequest, ResponseHandler<? extends T> paramResponseHandler) public <T> T execute(HttpUriRequest paramHttpUriRequest, ResponseHandler<? extends T> paramResponseHandler)
throws IOException, ClientProtocolException { throws IOException {
fail(); return null; fail(); return null;
} }
@Override @Override
public <T> T execute(HttpUriRequest paramHttpUriRequest, ResponseHandler<? extends T> paramResponseHandler, public <T> T execute(HttpUriRequest paramHttpUriRequest, ResponseHandler<? extends T> paramResponseHandler,
HttpContext paramHttpContext) throws IOException, ClientProtocolException { HttpContext paramHttpContext) throws IOException {
fail(); return null; fail(); return null;
} }
@Override @Override
public <T> T execute(HttpHost paramHttpHost, HttpRequest paramHttpRequest, ResponseHandler<? extends T> paramResponseHandler) public <T> T execute(HttpHost paramHttpHost, HttpRequest paramHttpRequest, ResponseHandler<? extends T> paramResponseHandler)
throws IOException, ClientProtocolException { throws IOException {
fail(); return null; fail(); return null;
} }
@Override @Override
public <T> T execute(HttpHost paramHttpHost, HttpRequest paramHttpRequest, ResponseHandler<? extends T> paramResponseHandler, public <T> T execute(HttpHost paramHttpHost, HttpRequest paramHttpRequest, ResponseHandler<? extends T> paramResponseHandler,
HttpContext paramHttpContext) throws IOException, ClientProtocolException { HttpContext paramHttpContext) throws IOException {
fail(); return null; fail(); return null;
} }

34
services/src/main/java/org/keycloak/connections/httpclient/DefaultHttpClientFactory.java
View file

@ -41,6 +41,7 @@ import java.io.InputStream;
import java.security.KeyStore; import java.security.KeyStore;
import java.util.List; import java.util.List;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.util.EntityUtils; import org.apache.http.util.EntityUtils;
@ -49,20 +50,11 @@ import static org.keycloak.utils.StringUtil.isBlank;
/** /**
* The default {@link HttpClientFactory} for {@link HttpClientProvider HttpClientProvider's} used by Keycloak for outbound HTTP calls. * The default {@link HttpClientFactory} for {@link HttpClientProvider HttpClientProvider's} used by Keycloak for outbound HTTP calls.
* <p> * <p>
* The constructed clients can be configured via Keycloaks SPI configuration, e.g. {@code standalone.xml, standalone-ha.xml, domain.xml}. * Example for Quarkus configuration:
* </p>
* <p> * <p>
* Examples for jboss-cli
* </p>
* <pre>
* {@code * {@code
* * spi-connections-http-client-default-connection-pool-size=10
* /subsystem=keycloak-server/spi=connectionsHttpClient/provider=default:add(enabled=true)
* /subsystem=keycloak-server/spi=connectionsHttpClient/provider=default:write-attribute(name=properties.connection-pool-size,value=128)
* /subsystem=keycloak-server/spi=connectionsHttpClient/provider=default:write-attribute(name=properties.proxy-mappings,value=[".*\\.(google|googleapis)\\.com;http://www-proxy.acme.corp.com:8080",".*\\.acme\\.corp\\.com;NO_PROXY",".*;http://fallback:8080"])
* } * }
* </pre>
* </p>
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a> * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/ */
public class DefaultHttpClientFactory implements HttpClientFactory { public class DefaultHttpClientFactory implements HttpClientFactory {
@ -73,13 +65,15 @@ public class DefaultHttpClientFactory implements HttpClientFactory {
private static final String HTTPS_PROXY = "https_proxy"; private static final String HTTPS_PROXY = "https_proxy";
private static final String HTTP_PROXY = "http_proxy"; private static final String HTTP_PROXY = "http_proxy";
private static final String NO_PROXY = "no_proxy"; private static final String NO_PROXY = "no_proxy";
public static final String MAX_CONSUMED_RESPONSE_SIZE = "max-consumed-response-size";
private volatile CloseableHttpClient httpClient; private volatile CloseableHttpClient httpClient;
private Config.Scope config; private Config.Scope config;
private final BasicResponseHandler stringResponseHandler = new BasicResponseHandler(); private BasicResponseHandler stringResponseHandler;
private final InputStreamResponseHandler inputStreamResponseHandler = new InputStreamResponseHandler(); private final InputStreamResponseHandler inputStreamResponseHandler = new InputStreamResponseHandler();
private long maxConsumedResponseSize;
private static class InputStreamResponseHandler extends AbstractResponseHandler<InputStream> { private static class InputStreamResponseHandler extends AbstractResponseHandler<InputStream> {
@ -144,6 +138,11 @@ public class DefaultHttpClientFactory implements HttpClientFactory {
} }
return body; return body;
} }
@Override
public long getMaxConsumedResponseSize() {
return maxConsumedResponseSize;
}
}; };
} }
@ -153,7 +152,7 @@ public class DefaultHttpClientFactory implements HttpClientFactory {
if (httpClient != null) { if (httpClient != null) {
httpClient.close(); httpClient.close();
} }
} catch (IOException e) { } catch (IOException ignored) {
} }
} }
@ -254,7 +253,8 @@ public class DefaultHttpClientFactory implements HttpClientFactory {
@Override @Override
public void postInit(KeycloakSessionFactory factory) { public void postInit(KeycloakSessionFactory factory) {
maxConsumedResponseSize = config.getLong(MAX_CONSUMED_RESPONSE_SIZE, HttpClientProvider.DEFAULT_MAX_CONSUMED_RESPONSE_SIZE);
stringResponseHandler = new SafeBasicResponseHandler(maxConsumedResponseSize);
} }
@Override @Override
@ -334,6 +334,12 @@ public class DefaultHttpClientFactory implements HttpClientFactory {
.type("string") .type("string")
.helpText("Denotes the combination of a regex based hostname pattern and a proxy-uri in the form of hostnamePattern;proxyUri.") .helpText("Denotes the combination of a regex based hostname pattern and a proxy-uri in the form of hostnamePattern;proxyUri.")
.add() .add()
.property()
.name(MAX_CONSUMED_RESPONSE_SIZE)
.type("long")
.helpText("Maximum size of a response consumed by the client (to prevent denial of service)")
.defaultValue(HttpClientProvider.DEFAULT_MAX_CONSUMED_RESPONSE_SIZE)
.add()
.build(); .build();
} }

41
services/src/main/java/org/keycloak/connections/httpclient/SafeBasicResponseHandler.java Normal file
View file

@ -0,0 +1,41 @@
/*
* Copyright 2024 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.connections.httpclient;
import org.apache.http.HttpEntity;
import org.apache.http.impl.client.BasicResponseHandler;
import java.io.IOException;
/**
* Limit the amount of data read to prevent a {@link OutOfMemoryError}.
*
* @author Alexander Schwartz
*/
class SafeBasicResponseHandler extends BasicResponseHandler {
private final long maxConsumedResponseSize;
SafeBasicResponseHandler(long maxConsumedResponseSize) {
this.maxConsumedResponseSize = maxConsumedResponseSize;
}
@Override
public String handleEntity(HttpEntity entity) throws IOException {
return super.handleEntity(new SafeHttpEntity(entity, maxConsumedResponseSize));
}
}

88
services/src/main/java/org/keycloak/connections/httpclient/SafeHttpEntity.java Normal file
View file

@ -0,0 +1,88 @@
/*
* Copyright 2024 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.connections.httpclient;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
/**
* Limit the amount of data read to prevent a {@link OutOfMemoryError}.
*
* @author Alexander Schwartz
*/
class SafeHttpEntity implements HttpEntity {
private final HttpEntity delegate;
private final long maxConsumedResponseSize;
SafeHttpEntity(HttpEntity delegate, long maxConsumedResponseSize) {
this.delegate = delegate;
this.maxConsumedResponseSize = maxConsumedResponseSize;
}
@Override
public boolean isRepeatable() {
return delegate.isRepeatable();
}
@Override
public boolean isChunked() {
return delegate.isChunked();
}
@Override
public long getContentLength() {
return delegate.getContentLength();
}
@Override
public Header getContentType() {
return delegate.getContentType();
}
@Override
public Header getContentEncoding() {
return delegate.getContentEncoding();
}
@Override
public InputStream getContent() throws IOException, UnsupportedOperationException {
return new SafeInputStream(delegate.getContent(), maxConsumedResponseSize);
}
@Override
public void writeTo(OutputStream outputStream) throws IOException {
delegate.writeTo(outputStream);
}
@Override
public boolean isStreaming() {
return delegate.isStreaming();
}
@Override
@Deprecated
public void consumeContent() throws IOException {
delegate.consumeContent();
}
}

68
services/src/test/java/org/keycloak/connections/httpclient/SafeBasicResponseHandlerTest.java Normal file
View file

@ -0,0 +1,68 @@
/*
* Copyright 2024 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.connections.httpclient;
import org.apache.http.HttpEntity;
import org.apache.http.entity.StringEntity;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Test;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.util.concurrent.atomic.AtomicBoolean;
/**
* @author Alexander Schwartz
*/
public class SafeBasicResponseHandlerTest {
@Test
public void shouldThrowExceptionForLongResponses() throws UnsupportedEncodingException {
// arrange
AtomicBoolean inputStreamHasBeenClosed = new AtomicBoolean(false);
HttpEntity entity = new StringEntity("1234567890") {
@Override
public InputStream getContent() throws IOException {
InputStream delegate = super.getContent();
return new InputStream() {
@Override
public int read() throws IOException {
return delegate.read();
}
@Override
public void close() throws IOException {
super.close();
inputStreamHasBeenClosed.set(true);
}
};
}
};
// act
IOException exception = Assert.assertThrows(IOException.class, () -> new SafeBasicResponseHandler(5).handleEntity(entity));
// assert
MatcherAssert.assertThat("Too long response should throw an exception", exception.getMessage(), Matchers.startsWith("Response is at least"));
MatcherAssert.assertThat("Stream should have been closed", inputStreamHasBeenClosed.get(), Matchers.is(true));
}
}

52
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/broker/util/SimpleHttpDefault.java Normal file
View file

@ -0,0 +1,52 @@
/*
* Copyright 2024 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.broker.util;
import org.apache.http.client.HttpClient;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.connections.httpclient.HttpClientProvider;
/**
* This class provides additional builders used in tests to create instances of SimpleHttpTest with a default length response size set.
*
* @author Alexander Schwartz
*/
public abstract class SimpleHttpDefault extends SimpleHttp {
protected SimpleHttpDefault(String url, String method, HttpClient client, long maxConsumedResponseSize) {
// dummy constructor, only needed to make the compiler happy
super(url, method, client, maxConsumedResponseSize);
}
public static SimpleHttp doDelete(String url, HttpClient client) {
return SimpleHttp.doDelete(url, client, HttpClientProvider.DEFAULT_MAX_CONSUMED_RESPONSE_SIZE);
}
public static SimpleHttp doPost(String url, HttpClient client) {
return SimpleHttp.doPost(url, client, HttpClientProvider.DEFAULT_MAX_CONSUMED_RESPONSE_SIZE);
}
public static SimpleHttp doPut(String url, HttpClient client) {
return SimpleHttp.doPut(url, client, HttpClientProvider.DEFAULT_MAX_CONSUMED_RESPONSE_SIZE);
}
public static SimpleHttp doGet(String url, HttpClient client) {
return SimpleHttp.doGet(url, client, HttpClientProvider.DEFAULT_MAX_CONSUMED_RESPONSE_SIZE);
}
}

5
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java
View file

@ -72,6 +72,7 @@ import org.keycloak.representations.RefreshToken;
import org.keycloak.representations.UserInfo; import org.keycloak.representations.UserInfo;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.testsuite.broker.util.SimpleHttpDefault;
import org.keycloak.testsuite.runonserver.RunOnServerException; import org.keycloak.testsuite.runonserver.RunOnServerException;
import org.keycloak.util.BasicAuthHelper; import org.keycloak.util.BasicAuthHelper;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;
@ -1127,7 +1128,7 @@ public class OAuthClient {
public OIDCConfigurationRepresentation doWellKnownRequest(String realm) { public OIDCConfigurationRepresentation doWellKnownRequest(String realm) {
try (CloseableHttpClient client = HttpClientBuilder.create().build()) { try (CloseableHttpClient client = HttpClientBuilder.create().build()) {
SimpleHttp request = SimpleHttp.doGet(baseUrl + "/realms/" + realm + "/.well-known/openid-configuration", SimpleHttp request = SimpleHttpDefault.doGet(baseUrl + "/realms/" + realm + "/.well-known/openid-configuration",
client); client);
if (requestHeaders != null) { if (requestHeaders != null) {
for (Map.Entry<String, String> entry : requestHeaders.entrySet()) { for (Map.Entry<String, String> entry : requestHeaders.entrySet()) {
@ -2196,7 +2197,7 @@ public class OAuthClient {
private JSONWebKeySet getRealmKeys(String realm) { private JSONWebKeySet getRealmKeys(String realm) {
String certUrl = baseUrl + "/realms/" + realm + "/protocol/openid-connect/certs"; String certUrl = baseUrl + "/realms/" + realm + "/protocol/openid-connect/certs";
try (CloseableHttpClient client = httpClient.get()){ try (CloseableHttpClient client = httpClient.get()){
return SimpleHttp.doGet(certUrl, client).asJson(JSONWebKeySet.class); return SimpleHttpDefault.doGet(certUrl, client).asJson(JSONWebKeySet.class);
} catch (IOException e) { } catch (IOException e) {
throw new RuntimeException("Failed to retrieve keys", e); throw new RuntimeException("Failed to retrieve keys", e);
} }

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AbstractRestServiceTest.java
View file

@ -38,6 +38,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature; import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.broker.util.SimpleHttpDefault;
import org.keycloak.testsuite.util.ClientBuilder; import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.TokenUtil; import org.keycloak.testsuite.util.TokenUtil;
import org.keycloak.testsuite.util.UserBuilder; import org.keycloak.testsuite.util.UserBuilder;
@ -139,7 +140,7 @@ public abstract class AbstractRestServiceTest extends AbstractTestRealmKeycloakT
// Check if the feature really works // Check if the feature really works
private void checkIfFeatureWorks(boolean shouldWorks) { private void checkIfFeatureWorks(boolean shouldWorks) {
try { try {
List<SessionRepresentation> sessions = SimpleHttp.doGet(getAccountUrl("sessions"), httpClient).auth(tokenUtil.getToken()) List<SessionRepresentation> sessions = SimpleHttpDefault.doGet(getAccountUrl("sessions"), httpClient).auth(tokenUtil.getToken())
.asJson(new TypeReference<List<SessionRepresentation>>() { .asJson(new TypeReference<List<SessionRepresentation>>() {
}); });
assertEquals(1, sessions.size()); assertEquals(1, sessions.size());

15
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountRestServiceReadOnlyAttributesTest.java
View file

@ -40,6 +40,7 @@ import org.keycloak.representations.userprofile.config.UPAttributePermissions;
import org.keycloak.representations.userprofile.config.UPConfig; import org.keycloak.representations.userprofile.config.UPConfig;
import org.keycloak.services.messages.Messages; import org.keycloak.services.messages.Messages;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.broker.util.SimpleHttpDefault;
import org.keycloak.userprofile.UserProfileConstants; import org.keycloak.userprofile.UserProfileConstants;
import static org.hamcrest.Matchers.contains; import static org.hamcrest.Matchers.contains;
@ -149,7 +150,7 @@ public class AccountRestServiceReadOnlyAttributesTest extends AbstractRestServic
private void testAccountUpdateAttributeExpectFailure(String attrName, boolean deniedForAdminAsWell) throws IOException { private void testAccountUpdateAttributeExpectFailure(String attrName, boolean deniedForAdminAsWell) throws IOException {
// Attribute not yet supposed to be on the user // Attribute not yet supposed to be on the user
UserRepresentation user = SimpleHttp.doGet(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).asJson(UserRepresentation.class); UserRepresentation user = SimpleHttpDefault.doGet(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).asJson(UserRepresentation.class);
assertThat(Optional.ofNullable(user.getAttributes()).orElse(Map.of()).keySet(), not(contains(attrName))); assertThat(Optional.ofNullable(user.getAttributes()).orElse(Map.of()).keySet(), not(contains(attrName)));
// Assert not possible to add the attribute to the user // Assert not possible to add the attribute to the user
@ -175,7 +176,7 @@ public class AccountRestServiceReadOnlyAttributesTest extends AbstractRestServic
} }
// Update attribute of the user with account REST to the same value (Case when we are updating existing attribute) - should be fine as our attribute is not changed // Update attribute of the user with account REST to the same value (Case when we are updating existing attribute) - should be fine as our attribute is not changed
user = SimpleHttp.doGet(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).asJson(UserRepresentation.class); user = SimpleHttpDefault.doGet(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).asJson(UserRepresentation.class);
Assert.assertEquals("foo", user.getAttributes().get(attrName).get(0)); Assert.assertEquals("foo", user.getAttributes().get(attrName).get(0));
user.singleAttribute("someOtherAttr", "foo"); user.singleAttribute("someOtherAttr", "foo");
user = updateAndGet(user); user = updateAndGet(user);
@ -198,7 +199,7 @@ public class AccountRestServiceReadOnlyAttributesTest extends AbstractRestServic
private void testAccountUpdateAttributeExpectSuccess(String attrName) throws IOException { private void testAccountUpdateAttributeExpectSuccess(String attrName) throws IOException {
// Attribute not yet supposed to be on the user // Attribute not yet supposed to be on the user
UserRepresentation user = SimpleHttp.doGet(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).asJson(UserRepresentation.class); UserRepresentation user = SimpleHttpDefault.doGet(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).asJson(UserRepresentation.class);
assertThat(Optional.ofNullable(user.getAttributes()).orElse(Map.of()).keySet(), not(contains(attrName))); assertThat(Optional.ofNullable(user.getAttributes()).orElse(Map.of()).keySet(), not(contains(attrName)));
// Assert not possible to add the attribute to the user // Assert not possible to add the attribute to the user
@ -206,7 +207,7 @@ public class AccountRestServiceReadOnlyAttributesTest extends AbstractRestServic
user = updateAndGet(user); user = updateAndGet(user);
// Update attribute of the user with account REST to the same value (Case when we are updating existing attribute) - should be fine as our attribute is not changed // Update attribute of the user with account REST to the same value (Case when we are updating existing attribute) - should be fine as our attribute is not changed
user = SimpleHttp.doGet(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).asJson(UserRepresentation.class); user = SimpleHttpDefault.doGet(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).asJson(UserRepresentation.class);
Assert.assertEquals("foo", user.getAttributes().get(attrName).get(0)); Assert.assertEquals("foo", user.getAttributes().get(attrName).get(0));
user.singleAttribute("someOtherAttr", "foo"); user.singleAttribute("someOtherAttr", "foo");
user = updateAndGet(user); user = updateAndGet(user);
@ -226,18 +227,18 @@ public class AccountRestServiceReadOnlyAttributesTest extends AbstractRestServic
} }
private UserRepresentation updateAndGet(UserRepresentation user) throws IOException { private UserRepresentation updateAndGet(UserRepresentation user) throws IOException {
int status = SimpleHttp.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user).asStatus(); int status = SimpleHttpDefault.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user).asStatus();
assertEquals(204, status); assertEquals(204, status);
return get(); return get();
} }
private UserRepresentation get() throws IOException { private UserRepresentation get() throws IOException {
return SimpleHttp.doGet(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).asJson(UserRepresentation.class); return SimpleHttpDefault.doGet(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).asJson(UserRepresentation.class);
} }
private void updateError(UserRepresentation user, int expectedStatus, String expectedMessage) throws IOException { private void updateError(UserRepresentation user, int expectedStatus, String expectedMessage) throws IOException {
SimpleHttp.Response response = SimpleHttp.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user).asResponse(); SimpleHttp.Response response = SimpleHttpDefault.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user).asResponse();
assertEquals(expectedStatus, response.getStatus()); assertEquals(expectedStatus, response.getStatus());
assertEquals(expectedMessage, response.asJson(ErrorRepresentation.class).getErrorMessage()); assertEquals(expectedMessage, response.asJson(ErrorRepresentation.class).getErrorMessage());
} }

133
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountRestServiceTest.java
View file

@ -69,6 +69,7 @@ import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest; import org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature; import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.broker.util.SimpleHttpDefault;
import org.keycloak.testsuite.forms.VerifyProfileTest; import org.keycloak.testsuite.forms.VerifyProfileTest;
import org.keycloak.testsuite.util.OAuthClient; import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.TokenUtil; import org.keycloak.testsuite.util.TokenUtil;
@ -297,7 +298,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
user.setFirstName(originalFirstName); user.setFirstName(originalFirstName);
user.setLastName(originalLastName); user.setLastName(originalLastName);
user.setEmail(originalEmail); user.setEmail(originalEmail);
SimpleHttp.Response response = SimpleHttp.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user).asResponse(); SimpleHttp.Response response = SimpleHttpDefault.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user).asResponse();
System.out.println(response.asString()); System.out.println(response.asString());
assertEquals(204, response.getStatus()); assertEquals(204, response.getStatus());
} }
@ -345,7 +346,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
adminClient.realm("test").update(realmRep); adminClient.realm("test").update(realmRep);
user.setEmail(originalEmail); user.setEmail(originalEmail);
SimpleHttp.Response response = SimpleHttp.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user).asResponse(); SimpleHttp.Response response = SimpleHttpDefault.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user).asResponse();
System.out.println(response.asString()); System.out.println(response.asString());
assertEquals(204, response.getStatus()); assertEquals(204, response.getStatus());
} }
@ -405,7 +406,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
user.setFirstName(originalFirstName); user.setFirstName(originalFirstName);
user.setLastName(originalLastName); user.setLastName(originalLastName);
user.setEmail(originalEmail); user.setEmail(originalEmail);
SimpleHttp.Response response = SimpleHttp.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user).asResponse(); SimpleHttp.Response response = SimpleHttpDefault.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user).asResponse();
System.out.println(response.asString()); System.out.println(response.asString());
assertEquals(204, response.getStatus()); assertEquals(204, response.getStatus());
} }
@ -512,7 +513,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
user.setFirstName(originalFirstName); user.setFirstName(originalFirstName);
user.setLastName(originalLastName); user.setLastName(originalLastName);
user.setEmail(originalEmail); user.setEmail(originalEmail);
SimpleHttp.Response response = SimpleHttp.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user).asResponse(); SimpleHttp.Response response = SimpleHttpDefault.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user).asResponse();
System.out.println(response.asString()); System.out.println(response.asString());
assertEquals(204, response.getStatus()); assertEquals(204, response.getStatus());
} }
@ -562,7 +563,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
user.setUsername(originalUsername); user.setUsername(originalUsername);
user.setAttributes(originalAttributes); user.setAttributes(originalAttributes);
SimpleHttp.Response response = SimpleHttp.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user).asResponse(); SimpleHttp.Response response = SimpleHttpDefault.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user).asResponse();
System.out.println(response.asString()); System.out.println(response.asString());
assertEquals(204, response.getStatus()); assertEquals(204, response.getStatus());
} }
@ -586,7 +587,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
assertEquals("Homer1", user.getFirstName()); assertEquals("Homer1", user.getFirstName());
} finally { } finally {
user.setFirstName(originalFirstname); user.setFirstName(originalFirstname);
int status = SimpleHttp.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user).asStatus(); int status = SimpleHttpDefault.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user).asStatus();
assertEquals(204, status); assertEquals(204, status);
} }
} }
@ -601,7 +602,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
} }
protected static UserRepresentation getUser(String accountUrl, CloseableHttpClient httpClient, TokenUtil tokenUtil) throws IOException { protected static UserRepresentation getUser(String accountUrl, CloseableHttpClient httpClient, TokenUtil tokenUtil) throws IOException {
SimpleHttp a = SimpleHttp.doGet(accountUrl, httpClient).auth(tokenUtil.getToken()); SimpleHttp a = SimpleHttpDefault.doGet(accountUrl, httpClient).auth(tokenUtil.getToken());
try { try {
return a.asJson(UserRepresentation.class); return a.asJson(UserRepresentation.class);
@ -612,7 +613,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
} }
protected UserRepresentation updateAndGet(UserRepresentation user) throws IOException { protected UserRepresentation updateAndGet(UserRepresentation user) throws IOException {
SimpleHttp a = SimpleHttp.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user); SimpleHttp a = SimpleHttpDefault.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user);
try { try {
assertEquals(204, a.asStatus()); assertEquals(204, a.asStatus());
} catch (AssertionError e) { } catch (AssertionError e) {
@ -624,7 +625,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
protected void updateError(UserRepresentation user, int expectedStatus, String expectedMessage) throws IOException { protected void updateError(UserRepresentation user, int expectedStatus, String expectedMessage) throws IOException {
SimpleHttp.Response response = SimpleHttp.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user).asResponse(); SimpleHttp.Response response = SimpleHttpDefault.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user).asResponse();
assertEquals(expectedStatus, response.getStatus()); assertEquals(expectedStatus, response.getStatus());
ErrorRepresentation errorRep = response.asJson(ErrorRepresentation.class); ErrorRepresentation errorRep = response.asJson(ErrorRepresentation.class);
List<ErrorRepresentation> errors = errorRep.getErrors(); List<ErrorRepresentation> errors = errorRep.getErrors();
@ -643,23 +644,23 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
TokenUtil viewToken = new TokenUtil("view-account-access", "password"); TokenUtil viewToken = new TokenUtil("view-account-access", "password");
// Read with no access // Read with no access
assertEquals(403, SimpleHttp.doGet(getAccountUrl(null), httpClient).header("Accept", "application/json").auth(noaccessToken.getToken()).asStatus()); assertEquals(403, SimpleHttpDefault.doGet(getAccountUrl(null), httpClient).header("Accept", "application/json").auth(noaccessToken.getToken()).asStatus());
// Update with no access // Update with no access
assertEquals(403, SimpleHttp.doPost(getAccountUrl(null), httpClient).auth(noaccessToken.getToken()).json(new UserRepresentation()).asStatus()); assertEquals(403, SimpleHttpDefault.doPost(getAccountUrl(null), httpClient).auth(noaccessToken.getToken()).json(new UserRepresentation()).asStatus());
// Update with read only // Update with read only
assertEquals(403, SimpleHttp.doPost(getAccountUrl(null), httpClient).auth(viewToken.getToken()).json(new UserRepresentation()).asStatus()); assertEquals(403, SimpleHttpDefault.doPost(getAccountUrl(null), httpClient).auth(viewToken.getToken()).json(new UserRepresentation()).asStatus());
} }
@Test @Test
public void testUpdateProfilePermissions() throws IOException { public void testUpdateProfilePermissions() throws IOException {
TokenUtil noaccessToken = new TokenUtil("no-account-access", "password"); TokenUtil noaccessToken = new TokenUtil("no-account-access", "password");
int status = SimpleHttp.doGet(getAccountUrl(null), httpClient).header("Accept", "application/json").auth(noaccessToken.getToken()).asStatus(); int status = SimpleHttpDefault.doGet(getAccountUrl(null), httpClient).header("Accept", "application/json").auth(noaccessToken.getToken()).asStatus();
assertEquals(403, status); assertEquals(403, status);
TokenUtil viewToken = new TokenUtil("view-account-access", "password"); TokenUtil viewToken = new TokenUtil("view-account-access", "password");
status = SimpleHttp.doGet(getAccountUrl(null), httpClient).header("Accept", "application/json").auth(viewToken.getToken()).asStatus(); status = SimpleHttpDefault.doGet(getAccountUrl(null), httpClient).header("Accept", "application/json").auth(viewToken.getToken()).asStatus();
assertEquals(200, status); assertEquals(200, status);
} }
@ -739,7 +740,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
assertExpectedCredentialTypes(credentials, PasswordCredentialModel.TYPE, OTPCredentialModel.TYPE); assertExpectedCredentialTypes(credentials, PasswordCredentialModel.TYPE, OTPCredentialModel.TYPE);
// Test password-only // Test password-only
credentials = SimpleHttp.doGet(getAccountUrl("credentials?" + AccountCredentialResource.TYPE + "=password"), httpClient) credentials = SimpleHttpDefault.doGet(getAccountUrl("credentials?" + AccountCredentialResource.TYPE + "=password"), httpClient)
.auth(tokenUtil.getToken()).asJson(new TypeReference<List<AccountCredentialResource.CredentialContainer>>() {}); .auth(tokenUtil.getToken()).asJson(new TypeReference<List<AccountCredentialResource.CredentialContainer>>() {});
Assert.assertEquals(1, credentials.size()); Assert.assertEquals(1, credentials.size());
password = credentials.get(0); password = credentials.get(0);
@ -747,8 +748,8 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
Assert.assertEquals(1, password.getUserCredentialMetadatas().size()); Assert.assertEquals(1, password.getUserCredentialMetadatas().size());
// Test password-only and user-credentials // Test password-only and user-credentials
credentials = SimpleHttp.doGet(getAccountUrl("credentials?" + AccountCredentialResource.TYPE + "=password&" + credentials = SimpleHttpDefault.doGet(getAccountUrl("credentials?" + AccountCredentialResource.TYPE + "=password&" +
AccountCredentialResource.USER_CREDENTIALS + "=false"), httpClient) AccountCredentialResource.USER_CREDENTIALS + "=false"), httpClient)
.auth(tokenUtil.getToken()).asJson(new TypeReference<List<AccountCredentialResource.CredentialContainer>>() {}); .auth(tokenUtil.getToken()).asJson(new TypeReference<List<AccountCredentialResource.CredentialContainer>>() {});
Assert.assertEquals(1, credentials.size()); Assert.assertEquals(1, credentials.size());
password = credentials.get(0); password = credentials.get(0);
@ -767,7 +768,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
.get(); .get();
// Test that current user can't update the credential, which belongs to the different user // Test that current user can't update the credential, which belongs to the different user
SimpleHttp.Response response = SimpleHttp SimpleHttp.Response response = SimpleHttpDefault
.doPut(getAccountUrl("credentials/" + otpCredential.getId() + "/label"), httpClient) .doPut(getAccountUrl("credentials/" + otpCredential.getId() + "/label"), httpClient)
.auth(tokenUtil.getToken()) .auth(tokenUtil.getToken())
.json("new-label") .json("new-label")
@ -775,7 +776,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
assertEquals(404, response.getStatus()); assertEquals(404, response.getStatus());
// Test that current user can't delete the credential, which belongs to the different user // Test that current user can't delete the credential, which belongs to the different user
response = SimpleHttp response = SimpleHttpDefault
.doDelete(getAccountUrl("credentials/" + otpCredential.getId()), httpClient) .doDelete(getAccountUrl("credentials/" + otpCredential.getId()), httpClient)
.acceptJson() .acceptJson()
.auth(tokenUtil.getToken()) .auth(tokenUtil.getToken())
@ -846,7 +847,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
.filter(credentialRep -> OTPCredentialModel.TYPE.equals(credentialRep.getType())) .filter(credentialRep -> OTPCredentialModel.TYPE.equals(credentialRep.getType()))
.findFirst() .findFirst()
.get(); .get();
SimpleHttp.Response response = SimpleHttp SimpleHttp.Response response = SimpleHttpDefault
.doDelete(getAccountUrl("credentials/" + otpCredential.getId()), httpClient) .doDelete(getAccountUrl("credentials/" + otpCredential.getId()), httpClient)
.acceptJson() .acceptJson()
.auth(tokenUtil.getToken()) .auth(tokenUtil.getToken())
@ -865,7 +866,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
// Send REST request to get all credential containers and credentials of current user // Send REST request to get all credential containers and credentials of current user
private List<AccountCredentialResource.CredentialContainer> getCredentials() throws IOException { private List<AccountCredentialResource.CredentialContainer> getCredentials() throws IOException {
return SimpleHttp.doGet(getAccountUrl("credentials"), httpClient) return SimpleHttpDefault.doGet(getAccountUrl("credentials"), httpClient)
.auth(tokenUtil.getToken()).asJson(new TypeReference<List<AccountCredentialResource.CredentialContainer>>() {}); .auth(tokenUtil.getToken()).asJson(new TypeReference<List<AccountCredentialResource.CredentialContainer>>() {});
} }
@ -944,7 +945,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
String otpCredentialId = otpCredential.getUserCredentialMetadatas().get(0).getCredential().getId(); String otpCredentialId = otpCredential.getUserCredentialMetadatas().get(0).getCredential().getId();
// remove credential using account console as otp is removable // remove credential using account console as otp is removable
try (SimpleHttp.Response response = SimpleHttp try (SimpleHttp.Response response = SimpleHttpDefault
.doDelete(getAccountUrl("credentials/" + otpCredentialId), httpClient) .doDelete(getAccountUrl("credentials/" + otpCredentialId), httpClient)
.acceptJson() .acceptJson()
.auth(tokenUtil.getToken()) .auth(tokenUtil.getToken())
@ -982,7 +983,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
assertCredentialContainerExpected(password, PasswordCredentialModel.TYPE, CredentialTypeMetadata.Category.BASIC_AUTHENTICATION.toString(), assertCredentialContainerExpected(password, PasswordCredentialModel.TYPE, CredentialTypeMetadata.Category.BASIC_AUTHENTICATION.toString(),
"password-display-name", "password-help-text", "kcAuthenticatorPasswordClass", "password-display-name", "password-help-text", "kcAuthenticatorPasswordClass",
null, UserModel.RequiredAction.UPDATE_PASSWORD.toString(), false, 1); null, UserModel.RequiredAction.UPDATE_PASSWORD.toString(), false, 1);
try (SimpleHttp.Response response = SimpleHttp try (SimpleHttp.Response response = SimpleHttpDefault
.doDelete(getAccountUrl("credentials/" + password.getUserCredentialMetadatas().get(0).getCredential().getId()), httpClient) .doDelete(getAccountUrl("credentials/" + password.getUserCredentialMetadatas().get(0).getCredential().getId()), httpClient)
.acceptJson() .acceptJson()
.auth(tokenUtil.getToken()) .auth(tokenUtil.getToken())
@ -1070,11 +1071,11 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
public void testDeleteSessions() throws IOException { public void testDeleteSessions() throws IOException {
TokenUtil viewToken = new TokenUtil("view-account-access", "password"); TokenUtil viewToken = new TokenUtil("view-account-access", "password");
oauth.doLogin("view-account-access", "password"); oauth.doLogin("view-account-access", "password");
List<SessionRepresentation> sessions = SimpleHttp.doGet(getAccountUrl("sessions"), httpClient).auth(viewToken.getToken()).asJson(new TypeReference<List<SessionRepresentation>>() {}); List<SessionRepresentation> sessions = SimpleHttpDefault.doGet(getAccountUrl("sessions"), httpClient).auth(viewToken.getToken()).asJson(new TypeReference<List<SessionRepresentation>>() {});
assertEquals(2, sessions.size()); assertEquals(2, sessions.size());
int status = SimpleHttp.doDelete(getAccountUrl("sessions?current=false"), httpClient).acceptJson().auth(viewToken.getToken()).asStatus(); int status = SimpleHttpDefault.doDelete(getAccountUrl("sessions?current=false"), httpClient).acceptJson().auth(viewToken.getToken()).asStatus();
assertEquals(200, status); assertEquals(200, status);
sessions = SimpleHttp.doGet(getAccountUrl("sessions"), httpClient).auth(viewToken.getToken()).asJson(new TypeReference<List<SessionRepresentation>>() {}); sessions = SimpleHttpDefault.doGet(getAccountUrl("sessions"), httpClient).auth(viewToken.getToken()).asJson(new TypeReference<List<SessionRepresentation>>() {});
assertEquals(1, sessions.size()); assertEquals(1, sessions.size());
} }
@ -1085,7 +1086,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
assertNull(tokenResponse.getErrorDescription()); assertNull(tokenResponse.getErrorDescription());
TokenUtil token = new TokenUtil("view-applications-access", "password"); TokenUtil token = new TokenUtil("view-applications-access", "password");
List<ClientRepresentation> applications = SimpleHttp List<ClientRepresentation> applications = SimpleHttpDefault
.doGet(getAccountUrl("applications"), httpClient) .doGet(getAccountUrl("applications"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.auth(token.getToken()) .auth(token.getToken())
@ -1108,7 +1109,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
assertNull(tokenResponse.getErrorDescription()); assertNull(tokenResponse.getErrorDescription());
TokenUtil token = new TokenUtil("view-applications-access", "password"); TokenUtil token = new TokenUtil("view-applications-access", "password");
List<ClientRepresentation> applications = SimpleHttp List<ClientRepresentation> applications = SimpleHttpDefault
.doGet(getAccountUrl("applications"), httpClient) .doGet(getAccountUrl("applications"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.param("name", "In Use") .param("name", "In Use")
@ -1135,7 +1136,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
assertNull(offlineTokenResponse.getErrorDescription()); assertNull(offlineTokenResponse.getErrorDescription());
TokenUtil token = new TokenUtil("view-applications-access", "password"); TokenUtil token = new TokenUtil("view-applications-access", "password");
List<ClientRepresentation> applications = SimpleHttp List<ClientRepresentation> applications = SimpleHttpDefault
.doGet(getAccountUrl("applications"), httpClient) .doGet(getAccountUrl("applications"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.auth(token.getToken()) .auth(token.getToken())
@ -1172,14 +1173,14 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
ConsentRepresentation requestedConsent = new ConsentRepresentation(); ConsentRepresentation requestedConsent = new ConsentRepresentation();
requestedConsent.setGrantedScopes(Collections.singletonList(consentScopeRepresentation)); requestedConsent.setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
SimpleHttp SimpleHttpDefault
.doPost(getAccountUrl("applications/" + appId + "/consent"), httpClient) .doPost(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.json(requestedConsent) .json(requestedConsent)
.auth(token.getToken()) .auth(token.getToken())
.asJson(ConsentRepresentation.class); .asJson(ConsentRepresentation.class);
List<ClientRepresentation> applications = SimpleHttp List<ClientRepresentation> applications = SimpleHttpDefault
.doGet(getAccountUrl("applications"), httpClient) .doGet(getAccountUrl("applications"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.auth(token.getToken()) .auth(token.getToken())
@ -1187,7 +1188,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
}); });
assertFalse(applications.isEmpty()); assertFalse(applications.isEmpty());
SimpleHttp SimpleHttpDefault
.doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient) .doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.auth(token.getToken()) .auth(token.getToken())
@ -1217,7 +1218,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
assertNull(tokenResponse.getErrorDescription()); assertNull(tokenResponse.getErrorDescription());
TokenUtil token = new TokenUtil("view-applications-access", "password"); TokenUtil token = new TokenUtil("view-applications-access", "password");
List<ClientRepresentation> applications = SimpleHttp List<ClientRepresentation> applications = SimpleHttpDefault
.doGet(getAccountUrl("applications"), httpClient) .doGet(getAccountUrl("applications"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.auth(token.getToken()) .auth(token.getToken())
@ -1246,7 +1247,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test @Test
public void listApplicationsWithoutPermission() throws IOException { public void listApplicationsWithoutPermission() throws IOException {
TokenUtil token = new TokenUtil("no-account-access", "password"); TokenUtil token = new TokenUtil("no-account-access", "password");
SimpleHttp.Response response = SimpleHttp SimpleHttp.Response response = SimpleHttpDefault
.doGet(getAccountUrl("applications"), httpClient) .doGet(getAccountUrl("applications"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.auth(token.getToken()) .auth(token.getToken())
@ -1258,7 +1259,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
public void getNotExistingApplication() throws IOException { public void getNotExistingApplication() throws IOException {
TokenUtil token = new TokenUtil("view-applications-access", "password"); TokenUtil token = new TokenUtil("view-applications-access", "password");
String appId = "not-existing"; String appId = "not-existing";
SimpleHttp.Response response = SimpleHttp SimpleHttp.Response response = SimpleHttpDefault
.doGet(getAccountUrl("applications/" + appId), httpClient) .doGet(getAccountUrl("applications/" + appId), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.auth(token.getToken()) .auth(token.getToken())
@ -1283,7 +1284,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,2); List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,2);
ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes); ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes);
ConsentRepresentation consentRepresentation = SimpleHttp ConsentRepresentation consentRepresentation = SimpleHttpDefault
.doPost(getAccountUrl("applications/" + appId + "/consent"), httpClient) .doPost(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.json(requestedConsent) .json(requestedConsent)
@ -1304,7 +1305,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
events.assertEmpty(); events.assertEmpty();
//cleanup //cleanup
SimpleHttp.doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient) SimpleHttpDefault.doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.auth(tokenUtil.getToken()) .auth(tokenUtil.getToken())
.asResponse(); .asResponse();
@ -1317,7 +1318,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,1); List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,1);
ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes); ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes);
ConsentRepresentation consentRepresentation = SimpleHttp ConsentRepresentation consentRepresentation = SimpleHttpDefault
.doPost(getAccountUrl("applications/" + appId + "/consent"), httpClient) .doPost(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.json(requestedConsent) .json(requestedConsent)
@ -1331,7 +1332,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
requestedScopes = testRealm().clientScopes().findAll().subList(1,2); requestedScopes = testRealm().clientScopes().findAll().subList(1,2);
requestedConsent = createRequestedConsent(requestedScopes); requestedConsent = createRequestedConsent(requestedScopes);
ConsentRepresentation consentRepresentation2 = SimpleHttp ConsentRepresentation consentRepresentation2 = SimpleHttpDefault
.doPost(getAccountUrl("applications/" + appId + "/consent"), httpClient) .doPost(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.json(requestedConsent) .json(requestedConsent)
@ -1354,7 +1355,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
events.assertEmpty(); events.assertEmpty();
//Cleanup //Cleanup
SimpleHttp.doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient) SimpleHttpDefault.doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.auth(tokenUtil.getToken()) .auth(tokenUtil.getToken())
.asResponse(); .asResponse();
@ -1368,7 +1369,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,1); List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,1);
ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes); ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes);
SimpleHttp.Response response = SimpleHttp SimpleHttp.Response response = SimpleHttpDefault
.doPost(getAccountUrl("applications/" + appId + "/consent"), httpClient) .doPost(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.json(requestedConsent) .json(requestedConsent)
@ -1386,7 +1387,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,1); List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,1);
ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes); ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes);
SimpleHttp.Response response = SimpleHttp SimpleHttp.Response response = SimpleHttpDefault
.doPost(getAccountUrl("applications/" + appId + "/consent"), httpClient) .doPost(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.json(requestedConsent) .json(requestedConsent)
@ -1404,7 +1405,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,1); List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,1);
ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes); ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes);
ConsentRepresentation consentRepresentation = SimpleHttp ConsentRepresentation consentRepresentation = SimpleHttpDefault
.doPut(getAccountUrl("applications/" + appId + "/consent"), httpClient) .doPut(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.json(requestedConsent) .json(requestedConsent)
@ -1424,7 +1425,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
events.assertEmpty(); events.assertEmpty();
//Cleanup //Cleanup
SimpleHttp.doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient) SimpleHttpDefault.doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.auth(tokenUtil.getToken()) .auth(tokenUtil.getToken())
.asResponse(); .asResponse();
@ -1438,7 +1439,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,1); List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,1);
ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes); ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes);
ConsentRepresentation consentRepresentation = SimpleHttp ConsentRepresentation consentRepresentation = SimpleHttpDefault
.doPut(getAccountUrl("applications/" + appId + "/consent"), httpClient) .doPut(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.json(requestedConsent) .json(requestedConsent)
@ -1452,7 +1453,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
requestedScopes = testRealm().clientScopes().findAll().subList(1,2); requestedScopes = testRealm().clientScopes().findAll().subList(1,2);
requestedConsent = createRequestedConsent(requestedScopes); requestedConsent = createRequestedConsent(requestedScopes);
ConsentRepresentation consentRepresentation2 = SimpleHttp ConsentRepresentation consentRepresentation2 = SimpleHttpDefault
.doPut(getAccountUrl("applications/" + appId + "/consent"), httpClient) .doPut(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.json(requestedConsent) .json(requestedConsent)
@ -1475,7 +1476,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
events.assertEmpty(); events.assertEmpty();
//Cleanup //Cleanup
SimpleHttp.doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient) SimpleHttpDefault.doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.auth(tokenUtil.getToken()) .auth(tokenUtil.getToken())
.asResponse(); .asResponse();
@ -1489,7 +1490,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,1); List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,1);
ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes); ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes);
SimpleHttp.Response response = SimpleHttp SimpleHttp.Response response = SimpleHttpDefault
.doPut(getAccountUrl("applications/" + appId + "/consent"), httpClient) .doPut(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.json(requestedConsent) .json(requestedConsent)
@ -1507,7 +1508,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,1); List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,1);
ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes); ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes);
SimpleHttp.Response response = SimpleHttp SimpleHttp.Response response = SimpleHttpDefault
.doPut(getAccountUrl("applications/" + appId + "/consent"), httpClient) .doPut(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.json(requestedConsent) .json(requestedConsent)
@ -1525,7 +1526,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,1); List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,1);
ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes); ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes);
ConsentRepresentation consentRepresentation1 = SimpleHttp ConsentRepresentation consentRepresentation1 = SimpleHttpDefault
.doPost(getAccountUrl("applications/" + appId + "/consent"), httpClient) .doPost(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.json(requestedConsent) .json(requestedConsent)
@ -1536,7 +1537,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
assertEquals(1, consentRepresentation1.getGrantedScopes().size()); assertEquals(1, consentRepresentation1.getGrantedScopes().size());
assertEquals(requestedScopes.get(0).getId(), consentRepresentation1.getGrantedScopes().get(0).getId()); assertEquals(requestedScopes.get(0).getId(), consentRepresentation1.getGrantedScopes().get(0).getId());
ConsentRepresentation consentRepresentation2 = SimpleHttp ConsentRepresentation consentRepresentation2 = SimpleHttpDefault
.doGet(getAccountUrl("applications/" + appId + "/consent"), httpClient) .doGet(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.auth(tokenUtil.getToken()) .auth(tokenUtil.getToken())
@ -1550,7 +1551,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
public void getConsentForNotExistingClient() throws IOException { public void getConsentForNotExistingClient() throws IOException {
tokenUtil = new TokenUtil("view-consent-access", "password"); tokenUtil = new TokenUtil("view-consent-access", "password");
String appId = "not-existing"; String appId = "not-existing";
SimpleHttp.Response response = SimpleHttp SimpleHttp.Response response = SimpleHttpDefault
.doGet(getAccountUrl("applications/" + appId + "/consent"), httpClient) .doGet(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.auth(tokenUtil.getToken()) .auth(tokenUtil.getToken())
@ -1562,7 +1563,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
public void getNotExistingConsentForClient() throws IOException { public void getNotExistingConsentForClient() throws IOException {
tokenUtil = new TokenUtil("view-consent-access", "password"); tokenUtil = new TokenUtil("view-consent-access", "password");
String appId = "security-admin-console"; String appId = "security-admin-console";
SimpleHttp.Response response = SimpleHttp SimpleHttp.Response response = SimpleHttpDefault
.doGet(getAccountUrl("applications/" + appId + "/consent"), httpClient) .doGet(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.auth(tokenUtil.getToken()) .auth(tokenUtil.getToken())
@ -1574,7 +1575,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
public void getConsentWithoutPermission() throws IOException { public void getConsentWithoutPermission() throws IOException {
tokenUtil = new TokenUtil("no-account-access", "password"); tokenUtil = new TokenUtil("no-account-access", "password");
String appId = "security-admin-console"; String appId = "security-admin-console";
SimpleHttp.Response response = SimpleHttp SimpleHttp.Response response = SimpleHttpDefault
.doGet(getAccountUrl("applications/" + appId + "/consent"), httpClient) .doGet(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.auth(tokenUtil.getToken()) .auth(tokenUtil.getToken())
@ -1590,7 +1591,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,1); List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,1);
ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes); ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes);
ConsentRepresentation consentRepresentation = SimpleHttp ConsentRepresentation consentRepresentation = SimpleHttpDefault
.doPost(getAccountUrl("applications/" + appId + "/consent"), httpClient) .doPost(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.json(requestedConsent) .json(requestedConsent)
@ -1601,7 +1602,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
assertEquals(1, consentRepresentation.getGrantedScopes().size()); assertEquals(1, consentRepresentation.getGrantedScopes().size());
assertEquals(requestedScopes.get(0).getId(), consentRepresentation.getGrantedScopes().get(0).getId()); assertEquals(requestedScopes.get(0).getId(), consentRepresentation.getGrantedScopes().get(0).getId());
SimpleHttp.Response response = SimpleHttp SimpleHttp.Response response = SimpleHttpDefault
.doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient) .doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.auth(tokenUtil.getToken()) .auth(tokenUtil.getToken())
@ -1616,7 +1617,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
.assertEvent(); .assertEvent();
events.assertEmpty(); events.assertEmpty();
response = SimpleHttp response = SimpleHttpDefault
.doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient) .doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.auth(tokenUtil.getToken()) .auth(tokenUtil.getToken())
@ -1628,7 +1629,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
public void deleteConsentForNotExistingClient() throws IOException { public void deleteConsentForNotExistingClient() throws IOException {
tokenUtil = new TokenUtil("manage-consent-access", "password"); tokenUtil = new TokenUtil("manage-consent-access", "password");
String appId = "not-existing"; String appId = "not-existing";
SimpleHttp.Response response = SimpleHttp SimpleHttp.Response response = SimpleHttpDefault
.doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient) .doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.auth(tokenUtil.getToken()) .auth(tokenUtil.getToken())
@ -1640,7 +1641,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
public void deleteConsentWithoutPermission() throws IOException { public void deleteConsentWithoutPermission() throws IOException {
tokenUtil = new TokenUtil("view-consent-access", "password"); tokenUtil = new TokenUtil("view-consent-access", "password");
String appId = "security-admin-console"; String appId = "security-admin-console";
SimpleHttp.Response response = SimpleHttp SimpleHttp.Response response = SimpleHttpDefault
.doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient) .doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.auth(tokenUtil.getToken()) .auth(tokenUtil.getToken())
@ -1658,14 +1659,14 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
tokenUtil = new TokenUtil("view-applications-access", "password"); tokenUtil = new TokenUtil("view-applications-access", "password");
SimpleHttp.Response response = SimpleHttp SimpleHttp.Response response = SimpleHttpDefault
.doDelete(getAccountUrl("applications/offline-client/consent"), httpClient) .doDelete(getAccountUrl("applications/offline-client/consent"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.auth(tokenUtil.getToken()) .auth(tokenUtil.getToken())
.asResponse(); .asResponse();
assertEquals(204, response.getStatus()); assertEquals(204, response.getStatus());
List<ClientRepresentation> applications = SimpleHttp List<ClientRepresentation> applications = SimpleHttpDefault
.doGet(getAccountUrl("applications"), httpClient) .doGet(getAccountUrl("applications"), httpClient)
.header("Accept", "application/json") .header("Accept", "application/json")
.auth(tokenUtil.getToken()) .auth(tokenUtil.getToken())
@ -1692,7 +1693,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
public void testInvalidApiVersion() throws IOException { public void testInvalidApiVersion() throws IOException {
apiVersion = "v2-foo"; apiVersion = "v2-foo";
SimpleHttp.Response response = SimpleHttp.doGet(getAccountUrl("credentials"), httpClient).auth(tokenUtil.getToken()).asResponse(); SimpleHttp.Response response = SimpleHttpDefault.doGet(getAccountUrl("credentials"), httpClient).auth(tokenUtil.getToken()).asResponse();
assertEquals("API version not found", response.asJson().get("error").textValue()); assertEquals("API version not found", response.asJson().get("error").textValue());
assertEquals(404, response.getStatus()); assertEquals(404, response.getStatus());
} }
@ -1703,7 +1704,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
OAuthClient.AccessTokenResponse tokenResponse = oauth.doGrantAccessTokenRequest("password", "test-user@localhost", "password"); OAuthClient.AccessTokenResponse tokenResponse = oauth.doGrantAccessTokenRequest("password", "test-user@localhost", "password");
assertNull(tokenResponse.getErrorDescription()); assertNull(tokenResponse.getErrorDescription());
SimpleHttp.Response response = SimpleHttp.doGet(getAccountUrl(null), httpClient) SimpleHttp.Response response = SimpleHttpDefault.doGet(getAccountUrl(null), httpClient)
.auth(tokenResponse.getAccessToken()) .auth(tokenResponse.getAccessToken())
.header("Accept", "application/json") .header("Accept", "application/json")
.asResponse(); .asResponse();
@ -1719,7 +1720,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
tokenResponse = oauth.doGrantAccessTokenRequest("password", "test-user@localhost", "password"); tokenResponse = oauth.doGrantAccessTokenRequest("password", "test-user@localhost", "password");
assertNull(tokenResponse.getErrorDescription()); assertNull(tokenResponse.getErrorDescription());
response = SimpleHttp.doGet(getAccountUrl(null), httpClient) response = SimpleHttpDefault.doGet(getAccountUrl(null), httpClient)
.auth(tokenResponse.getAccessToken()) .auth(tokenResponse.getAccessToken())
.header("Accept", "application/json") .header("Accept", "application/json")
.asResponse(); .asResponse();
@ -1731,7 +1732,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
tokenResponse = oauth.doGrantAccessTokenRequest("password", "test-user@localhost", "password"); tokenResponse = oauth.doGrantAccessTokenRequest("password", "test-user@localhost", "password");
assertNull(tokenResponse.getErrorDescription()); assertNull(tokenResponse.getErrorDescription());
response = SimpleHttp.doGet(getAccountUrl(null), httpClient) response = SimpleHttpDefault.doGet(getAccountUrl(null), httpClient)
.auth(tokenResponse.getAccessToken()) .auth(tokenResponse.getAccessToken())
.header("Accept", "application/json") .header("Accept", "application/json")
.asResponse(); .asResponse();
@ -1749,7 +1750,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
realmRep.setAccountTheme("custom-account-provider"); realmRep.setAccountTheme("custom-account-provider");
adminClient.realm("test").update(realmRep); adminClient.realm("test").update(realmRep);
SimpleHttp.Response response = SimpleHttp.doGet(getAccountUrl(null), httpClient) SimpleHttp.Response response = SimpleHttpDefault.doGet(getAccountUrl(null), httpClient)
.header("Accept", "text/html") .header("Accept", "text/html")
.asResponse(); .asResponse();
assertEquals(200, response.getStatus()); assertEquals(200, response.getStatus());

5
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountRestServiceWithUserProfileTest.java
View file

@ -43,6 +43,7 @@ import org.keycloak.representations.idm.UserProfileAttributeMetadata;
import org.keycloak.representations.idm.UserProfileMetadata; import org.keycloak.representations.idm.UserProfileMetadata;
import org.keycloak.representations.account.UserRepresentation; import org.keycloak.representations.account.UserRepresentation;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.broker.util.SimpleHttpDefault;
import org.keycloak.testsuite.forms.VerifyProfileTest; import org.keycloak.testsuite.forms.VerifyProfileTest;
import org.keycloak.userprofile.UserProfileContext; import org.keycloak.userprofile.UserProfileContext;
@ -325,7 +326,7 @@ public class AccountRestServiceWithUserProfileTest extends AbstractRestServiceTe
user.setLastName(originalLastName); user.setLastName(originalLastName);
user.setEmail(originalEmail); user.setEmail(originalEmail);
user.setAttributes(originalAttributes); user.setAttributes(originalAttributes);
SimpleHttp.Response response = SimpleHttp.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user).asResponse(); SimpleHttp.Response response = SimpleHttpDefault.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user).asResponse();
System.out.println(response.asString()); System.out.println(response.asString());
assertEquals(204, response.getStatus()); assertEquals(204, response.getStatus());
} }
@ -384,7 +385,7 @@ public class AccountRestServiceWithUserProfileTest extends AbstractRestServiceTe
} }
protected UserRepresentation updateAndGet(UserRepresentation user) throws IOException { protected UserRepresentation updateAndGet(UserRepresentation user) throws IOException {
SimpleHttp a = SimpleHttp.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user); SimpleHttp a = SimpleHttpDefault.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user);
try { try {
assertEquals(204, a.asStatus()); assertEquals(204, a.asStatus());
} catch (AssertionError e) { } catch (AssertionError e) {

7
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/LinkedAccountsRestServiceTest.java
View file

@ -27,6 +27,7 @@ import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.broker.util.SimpleHttpDefault;
import org.keycloak.testsuite.util.TokenUtil; import org.keycloak.testsuite.util.TokenUtil;
import org.keycloak.testsuite.util.UserBuilder; import org.keycloak.testsuite.util.UserBuilder;
@ -133,7 +134,7 @@ public class LinkedAccountsRestServiceTest extends AbstractTestRealmKeycloakTest
} }
private SortedSet<LinkedAccountRepresentation> linkedAccountsRep() throws IOException { private SortedSet<LinkedAccountRepresentation> linkedAccountsRep() throws IOException {
return SimpleHttp.doGet(getAccountUrl("linked-accounts"), client).auth(tokenUtil.getToken()).asJson(new TypeReference<SortedSet<LinkedAccountRepresentation>>() {}); return SimpleHttpDefault.doGet(getAccountUrl("linked-accounts"), client).auth(tokenUtil.getToken()).asJson(new TypeReference<SortedSet<LinkedAccountRepresentation>>() {});
} }
private LinkedAccountRepresentation findLinkedAccount(String providerAlias) throws IOException { private LinkedAccountRepresentation findLinkedAccount(String providerAlias) throws IOException {
@ -147,7 +148,7 @@ public class LinkedAccountsRestServiceTest extends AbstractTestRealmKeycloakTest
@Test @Test
public void testBuildLinkedAccountUri() throws IOException { public void testBuildLinkedAccountUri() throws IOException {
AccountLinkUriRepresentation rep = SimpleHttp.doGet(getAccountUrl("linked-accounts/github?redirectUri=phonyUri"), client) AccountLinkUriRepresentation rep = SimpleHttpDefault.doGet(getAccountUrl("linked-accounts/github?redirectUri=phonyUri"), client)
.auth(tokenUtil.getToken()) .auth(tokenUtil.getToken())
.asJson(new TypeReference<AccountLinkUriRepresentation>() {}); .asJson(new TypeReference<AccountLinkUriRepresentation>() {});
URI brokerUri = rep.getAccountLinkUri(); URI brokerUri = rep.getAccountLinkUri();
@ -198,7 +199,7 @@ public class LinkedAccountsRestServiceTest extends AbstractTestRealmKeycloakTest
@Test @Test
public void testRemoveLinkedAccount() throws IOException { public void testRemoveLinkedAccount() throws IOException {
assertTrue(findLinkedAccount("github").isConnected()); assertTrue(findLinkedAccount("github").isConnected());
SimpleHttp.doDelete(getAccountUrl("linked-accounts/github"), client).auth(tokenUtil.getToken()).acceptJson().asResponse(); SimpleHttpDefault.doDelete(getAccountUrl("linked-accounts/github"), client).auth(tokenUtil.getToken()).acceptJson().asResponse();
assertFalse(findLinkedAccount("github").isConnected()); assertFalse(findLinkedAccount("github").isConnected());
} }

21
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ResourcesRestServiceTest.java
View file

@ -41,6 +41,7 @@ import org.keycloak.services.resources.account.resources.AbstractResourceService
import org.keycloak.services.resources.account.resources.AbstractResourceService.Permission; import org.keycloak.services.resources.account.resources.AbstractResourceService.Permission;
import org.keycloak.services.resources.account.resources.AbstractResourceService.Resource; import org.keycloak.services.resources.account.resources.AbstractResourceService.Resource;
import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.broker.util.SimpleHttpDefault;
import org.keycloak.testsuite.util.ClientBuilder; import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.TokenUtil; import org.keycloak.testsuite.util.TokenUtil;
import org.keycloak.testsuite.util.UserBuilder; import org.keycloak.testsuite.util.UserBuilder;
@ -350,7 +351,7 @@ public class ResourcesRestServiceTest extends AbstractRestServiceTest {
permissions.add(permission); permissions.add(permission);
} }
SimpleHttp.doPut(getAccountUrl("resources/" + encodePathAsIs(resource.getId()) + "/permissions"), httpClient) SimpleHttpDefault.doPut(getAccountUrl("resources/" + encodePathAsIs(resource.getId()) + "/permissions"), httpClient)
.auth(tokenUtil.getToken()) .auth(tokenUtil.getToken())
.json(permissions).asResponse(); .json(permissions).asResponse();
@ -386,7 +387,7 @@ public class ResourcesRestServiceTest extends AbstractRestServiceTest {
permissions.add(new Permission(users.get(users.size() - 1), "Scope A", "Scope B", "Scope C", "Scope D")); permissions.add(new Permission(users.get(users.size() - 1), "Scope A", "Scope B", "Scope C", "Scope D"));
String resourceId = sharedResource.getId(); String resourceId = sharedResource.getId();
SimpleHttp.Response response = SimpleHttp.doPut(getAccountUrl("resources/" + encodePathAsIs(resourceId) + "/permissions"), httpClient) SimpleHttp.Response response = SimpleHttpDefault.doPut(getAccountUrl("resources/" + encodePathAsIs(resourceId) + "/permissions"), httpClient)
.auth(tokenUtil.getToken()) .auth(tokenUtil.getToken())
.json(permissions).asResponse(); .json(permissions).asResponse();
@ -410,7 +411,7 @@ public class ResourcesRestServiceTest extends AbstractRestServiceTest {
public void failShareResourceInvalidPermissions() throws Exception { public void failShareResourceInvalidPermissions() throws Exception {
List<Permission> permissions = new ArrayList<>(); List<Permission> permissions = new ArrayList<>();
SimpleHttp.Response response = SimpleHttp.doPut(getAccountUrl("resources/" + encodePathAsIs(getMyResources().get(0).getId()) + "/permissions"), httpClient) SimpleHttp.Response response = SimpleHttpDefault.doPut(getAccountUrl("resources/" + encodePathAsIs(getMyResources().get(0).getId()) + "/permissions"), httpClient)
.auth(tokenUtil.getToken()) .auth(tokenUtil.getToken())
.json(permissions).asResponse(); .json(permissions).asResponse();
@ -446,16 +447,16 @@ public class ResourcesRestServiceTest extends AbstractRestServiceTest {
// test read access // test read access
for (String url : Arrays.asList(resourcesUrl, sharedWithOthersUrl, sharedWithMeUrl, resourceUrl, permissionsUrl, requestsUrl)) { for (String url : Arrays.asList(resourcesUrl, sharedWithOthersUrl, sharedWithMeUrl, resourceUrl, permissionsUrl, requestsUrl)) {
assertEquals( "no-account-access GET " + url, 403, assertEquals( "no-account-access GET " + url, 403,
SimpleHttp.doGet(url, httpClient).acceptJson().auth(noAccessTokenUtil.getToken()).asStatus()); SimpleHttpDefault.doGet(url, httpClient).acceptJson().auth(noAccessTokenUtil.getToken()).asStatus());
assertEquals("view-account-access GET " + url,200, assertEquals("view-account-access GET " + url,200,
SimpleHttp.doGet(url, httpClient).acceptJson().auth(viewProfileTokenUtil.getToken()).asStatus()); SimpleHttpDefault.doGet(url, httpClient).acceptJson().auth(viewProfileTokenUtil.getToken()).asStatus());
} }
// test write access // test write access
assertEquals( "no-account-access PUT " + permissionsUrl, 403, assertEquals( "no-account-access PUT " + permissionsUrl, 403,
SimpleHttp.doPut(permissionsUrl, httpClient).acceptJson().auth(noAccessTokenUtil.getToken()).json(Collections.emptyList()).asStatus()); SimpleHttpDefault.doPut(permissionsUrl, httpClient).acceptJson().auth(noAccessTokenUtil.getToken()).json(Collections.emptyList()).asStatus());
assertEquals( "view-account-access PUT " + permissionsUrl, 403, assertEquals( "view-account-access PUT " + permissionsUrl, 403,
SimpleHttp.doPut(permissionsUrl, httpClient).acceptJson().auth(viewProfileTokenUtil.getToken()).json(Collections.emptyList()).asStatus()); SimpleHttpDefault.doPut(permissionsUrl, httpClient).acceptJson().auth(viewProfileTokenUtil.getToken()).json(Collections.emptyList()).asStatus());
} }
@Test @Test
@ -475,7 +476,7 @@ public class ResourcesRestServiceTest extends AbstractRestServiceTest {
permissions.add(new Permission(users.get(users.size() - 1), "Scope B", "Scope D")); permissions.add(new Permission(users.get(users.size() - 1), "Scope B", "Scope D"));
String resourceId = sharedResource.getId(); String resourceId = sharedResource.getId();
SimpleHttp.Response response = SimpleHttp.doPut(getAccountUrl("resources/" + encodePathAsIs(resourceId) + "/permissions"), httpClient) SimpleHttp.Response response = SimpleHttpDefault.doPut(getAccountUrl("resources/" + encodePathAsIs(resourceId) + "/permissions"), httpClient)
.auth(tokenUtil.getToken()) .auth(tokenUtil.getToken())
.json(permissions).asResponse(); .json(permissions).asResponse();
@ -611,7 +612,7 @@ public class ResourcesRestServiceTest extends AbstractRestServiceTest {
} }
} }
SimpleHttp.doPut(getAccountUrl("resources/" + encodePathAsIs(resource.getId()) + "/permissions"), httpClient) SimpleHttpDefault.doPut(getAccountUrl("resources/" + encodePathAsIs(resource.getId()) + "/permissions"), httpClient)
.auth(tokenUtil.getToken()) .auth(tokenUtil.getToken())
.json(requests).asResponse(); .json(requests).asResponse();
@ -706,7 +707,7 @@ public class ResourcesRestServiceTest extends AbstractRestServiceTest {
} }
private SimpleHttp get(String resource, String token) { private SimpleHttp get(String resource, String token) {
return SimpleHttp.doGet(getAccountUrl("resources" + resource), httpClient).auth(token); return SimpleHttpDefault.doGet(getAccountUrl("resources" + resource), httpClient).auth(token);
} }
private AuthzClient createAuthzClient(ClientRepresentation client) { private AuthzClient createAuthzClient(ClientRepresentation client) {

27
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/SessionRestServiceTest.java
View file

@ -38,6 +38,7 @@ import org.keycloak.representations.account.ClientRepresentation;
import org.keycloak.representations.account.DeviceRepresentation; import org.keycloak.representations.account.DeviceRepresentation;
import org.keycloak.representations.account.SessionRepresentation; import org.keycloak.representations.account.SessionRepresentation;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.broker.util.SimpleHttpDefault;
import org.keycloak.testsuite.util.ClientBuilder; import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.ContainerAssume; import org.keycloak.testsuite.util.ContainerAssume;
import org.keycloak.testsuite.util.OAuthClient; import org.keycloak.testsuite.util.OAuthClient;
@ -100,25 +101,25 @@ public class SessionRestServiceTest extends AbstractRestServiceTest {
TokenUtil viewToken = new TokenUtil("view-account-access", "password"); TokenUtil viewToken = new TokenUtil("view-account-access", "password");
// Read sessions with no access // Read sessions with no access
assertEquals(403, SimpleHttp.doGet(getAccountUrl("sessions"), httpClient).header("Accept", "application/json") assertEquals(403, SimpleHttpDefault.doGet(getAccountUrl("sessions"), httpClient).header("Accept", "application/json")
.auth(noaccessToken.getToken()).asStatus()); .auth(noaccessToken.getToken()).asStatus());
// Delete all sessions with no access // Delete all sessions with no access
assertEquals(403, SimpleHttp.doDelete(getAccountUrl("sessions"), httpClient).header("Accept", "application/json") assertEquals(403, SimpleHttpDefault.doDelete(getAccountUrl("sessions"), httpClient).header("Accept", "application/json")
.auth(noaccessToken.getToken()).asStatus()); .auth(noaccessToken.getToken()).asStatus());
// Delete all sessions with read only // Delete all sessions with read only
assertEquals(403, SimpleHttp.doDelete(getAccountUrl("sessions"), httpClient).header("Accept", "application/json") assertEquals(403, SimpleHttpDefault.doDelete(getAccountUrl("sessions"), httpClient).header("Accept", "application/json")
.auth(viewToken.getToken()).asStatus()); .auth(viewToken.getToken()).asStatus());
// Delete single session with no access // Delete single session with no access
assertEquals(403, assertEquals(403,
SimpleHttp.doDelete(getAccountUrl("sessions/bogusId"), httpClient).header("Accept", "application/json") SimpleHttpDefault.doDelete(getAccountUrl("sessions/bogusId"), httpClient).header("Accept", "application/json")
.auth(noaccessToken.getToken()).asStatus()); .auth(noaccessToken.getToken()).asStatus());
// Delete single session with read only // Delete single session with read only
assertEquals(403, assertEquals(403,
SimpleHttp.doDelete(getAccountUrl("sessions/bogusId"), httpClient).header("Accept", "application/json") SimpleHttpDefault.doDelete(getAccountUrl("sessions/bogusId"), httpClient).header("Accept", "application/json")
.auth(viewToken.getToken()).asStatus()); .auth(viewToken.getToken()).asStatus());
} }
@ -310,14 +311,14 @@ public class SessionRestServiceTest extends AbstractRestServiceTest {
assertEquals(2, sessions.size()); assertEquals(2, sessions.size());
// With `ViewToken` you can only read // With `ViewToken` you can only read
int status = SimpleHttp.doDelete(getAccountUrl("sessions/" + sessionId), httpClient).acceptJson() int status = SimpleHttpDefault.doDelete(getAccountUrl("sessions/" + sessionId), httpClient).acceptJson()
.auth(viewToken.getToken()).asStatus(); .auth(viewToken.getToken()).asStatus();
assertEquals(403, status); assertEquals(403, status);
sessions = getSessions(viewToken.getToken()); sessions = getSessions(viewToken.getToken());
assertEquals(2, sessions.size()); assertEquals(2, sessions.size());
// Here you can delete the session // Here you can delete the session
status = SimpleHttp.doDelete(getAccountUrl("sessions/" + sessionId), httpClient).acceptJson().auth(tokenUtil.getToken()) status = SimpleHttpDefault.doDelete(getAccountUrl("sessions/" + sessionId), httpClient).acceptJson().auth(tokenUtil.getToken())
.asStatus(); .asStatus();
assertEquals(204, status); assertEquals(204, status);
sessions = getSessions(tokenUtil.getToken()); sessions = getSessions(tokenUtil.getToken());
@ -333,18 +334,18 @@ public class SessionRestServiceTest extends AbstractRestServiceTest {
assertEquals(3, getSessions().size()); assertEquals(3, getSessions().size());
String currentToken = tokenResponse.getAccessToken(); String currentToken = tokenResponse.getAccessToken();
int status = SimpleHttp.doDelete(getAccountUrl("sessions"), httpClient) int status = SimpleHttpDefault.doDelete(getAccountUrl("sessions"), httpClient)
.acceptJson() .acceptJson()
.auth(currentToken).asStatus(); .auth(currentToken).asStatus();
assertEquals(204, status); assertEquals(204, status);
assertEquals(1, getSessions(currentToken).size()); assertEquals(1, getSessions(currentToken).size());
status = SimpleHttp.doDelete(getAccountUrl("sessions?current=true"), httpClient) status = SimpleHttpDefault.doDelete(getAccountUrl("sessions?current=true"), httpClient)
.acceptJson() .acceptJson()
.auth(currentToken).asStatus(); .auth(currentToken).asStatus();
assertEquals(204, status); assertEquals(204, status);
status = SimpleHttp.doGet(getAccountUrl("sessions"), httpClient) status = SimpleHttpDefault.doGet(getAccountUrl("sessions"), httpClient)
.acceptJson() .acceptJson()
.auth(currentToken).asStatus(); .auth(currentToken).asStatus();
assertEquals(401, status); assertEquals(401, status);
@ -406,7 +407,7 @@ public class SessionRestServiceTest extends AbstractRestServiceTest {
} }
private List<SessionRepresentation> getSessions(String sessionOne) throws IOException { private List<SessionRepresentation> getSessions(String sessionOne) throws IOException {
return SimpleHttp return SimpleHttpDefault
.doGet(getAccountUrl("sessions"), httpClient).auth(sessionOne) .doGet(getAccountUrl("sessions"), httpClient).auth(sessionOne)
.asJson(new TypeReference<List<SessionRepresentation>>() { .asJson(new TypeReference<List<SessionRepresentation>>() {
}); });
@ -425,7 +426,7 @@ public class SessionRestServiceTest extends AbstractRestServiceTest {
} }
private List<DeviceRepresentation> queryDevices(String token) throws IOException { private List<DeviceRepresentation> queryDevices(String token) throws IOException {
return SimpleHttp return SimpleHttpDefault
.doGet(getAccountUrl("sessions/devices"), httpClient).auth(token) .doGet(getAccountUrl("sessions/devices"), httpClient).auth(token)
.asJson(new TypeReference<List<DeviceRepresentation>>() { .asJson(new TypeReference<List<DeviceRepresentation>>() {
}); });
@ -446,7 +447,7 @@ public class SessionRestServiceTest extends AbstractRestServiceTest {
} }
private List<SessionRepresentation> getSessions() throws IOException { private List<SessionRepresentation> getSessions() throws IOException {
return SimpleHttp return SimpleHttpDefault
.doGet(getAccountUrl("sessions"), httpClient).auth(tokenUtil.getToken()) .doGet(getAccountUrl("sessions"), httpClient).auth(tokenUtil.getToken())
.asJson(new TypeReference<List<SessionRepresentation>>() { .asJson(new TypeReference<List<SessionRepresentation>>() {
}); });

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AdminConsoleLandingPageTest.java
View file

@ -9,6 +9,7 @@ import org.junit.Test;
import org.keycloak.broker.provider.util.SimpleHttp; import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.broker.util.SimpleHttpDefault;
import java.io.IOException; import java.io.IOException;
import java.util.HashMap; import java.util.HashMap;
@ -41,7 +42,7 @@ public class AdminConsoleLandingPageTest extends AbstractKeycloakTest {
@Test @Test
public void landingPage() throws IOException { public void landingPage() throws IOException {
String body = SimpleHttp.doGet(suiteContext.getAuthServerInfo().getContextRoot() + "/auth/admin/master/console", client).asString(); String body = SimpleHttpDefault.doGet(suiteContext.getAuthServerInfo().getContextRoot() + "/auth/admin/master/console", client).asString();
Map<String, String> config = getConfig(body); Map<String, String> config = getConfig(body);
String authUrl = config.get("authUrl"); String authUrl = config.get("authUrl");

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AdminConsolePermissionsCalculatedTest.java
View file

@ -28,6 +28,7 @@ import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.representations.AccessTokenResponse; import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.broker.util.SimpleHttpDefault;
import org.keycloak.testsuite.updaters.Creator; import org.keycloak.testsuite.updaters.Creator;
import org.keycloak.testsuite.util.AdminClientUtil; import org.keycloak.testsuite.util.AdminClientUtil;
import org.keycloak.testsuite.util.RealmBuilder; import org.keycloak.testsuite.util.RealmBuilder;
@ -71,7 +72,7 @@ public class AdminConsolePermissionsCalculatedTest extends AbstractKeycloakTest
String whoAmiUrl = suiteContext.getAuthServerInfo().getContextRoot().toString() + "/auth/admin/master/console/whoami?currentRealm=master"; String whoAmiUrl = suiteContext.getAuthServerInfo().getContextRoot().toString() + "/auth/admin/master/console/whoami?currentRealm=master";
JsonNode jsonNode = SimpleHttp.doGet(whoAmiUrl, client).auth(accessToken.getToken()).asJson(); JsonNode jsonNode = SimpleHttpDefault.doGet(whoAmiUrl, client).auth(accessToken.getToken()).asJson();
assertTrue("Permissions for " + Config.getAdminRealm() + " realm.", jsonNode.at("/realm_access/" + Config.getAdminRealm()).isArray()); assertTrue("Permissions for " + Config.getAdminRealm() + " realm.", jsonNode.at("/realm_access/" + Config.getAdminRealm()).isArray());
} }

13
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AdminConsoleWhoAmILocaleTest.java
View file

@ -11,6 +11,7 @@ import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.representations.AccessTokenResponse; import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.broker.util.SimpleHttpDefault;
import org.keycloak.testsuite.util.RealmBuilder; import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.UserBuilder; import org.keycloak.testsuite.util.UserBuilder;
@ -101,7 +102,7 @@ public class AdminConsoleWhoAmILocaleTest extends AbstractKeycloakTest {
@Test @Test
public void testLocaleRealmI18nDisabledUserWithoutLocale() throws Exception { public void testLocaleRealmI18nDisabledUserWithoutLocale() throws Exception {
JsonNode whoAmI = SimpleHttp JsonNode whoAmI = SimpleHttpDefault
.doGet(whoAmiUrl(REALM_I18N_OFF), client) .doGet(whoAmiUrl(REALM_I18N_OFF), client)
.header("Accept", "application/json") .header("Accept", "application/json")
.auth(accessToken(REALM_I18N_OFF, USER_WITHOUT_LOCALE)) .auth(accessToken(REALM_I18N_OFF, USER_WITHOUT_LOCALE))
@ -112,7 +113,7 @@ public class AdminConsoleWhoAmILocaleTest extends AbstractKeycloakTest {
@Test @Test
public void testLocaleRealmI18nDisabledUserWithLocale() throws Exception { public void testLocaleRealmI18nDisabledUserWithLocale() throws Exception {
JsonNode whoAmI = SimpleHttp JsonNode whoAmI = SimpleHttpDefault
.doGet(whoAmiUrl(REALM_I18N_OFF), client) .doGet(whoAmiUrl(REALM_I18N_OFF), client)
.header("Accept", "application/json") .header("Accept", "application/json")
.auth(accessToken(REALM_I18N_OFF, USER_WITH_LOCALE)) .auth(accessToken(REALM_I18N_OFF, USER_WITH_LOCALE))
@ -123,7 +124,7 @@ public class AdminConsoleWhoAmILocaleTest extends AbstractKeycloakTest {
@Test @Test
public void testLocaleRealmI18nEnabledUserWithoutLocale() throws Exception { public void testLocaleRealmI18nEnabledUserWithoutLocale() throws Exception {
JsonNode whoAmI = SimpleHttp JsonNode whoAmI = SimpleHttpDefault
.doGet(whoAmiUrl(REALM_I18N_ON), client) .doGet(whoAmiUrl(REALM_I18N_ON), client)
.header("Accept", "application/json") .header("Accept", "application/json")
.auth(accessToken(REALM_I18N_ON, USER_WITHOUT_LOCALE)) .auth(accessToken(REALM_I18N_ON, USER_WITHOUT_LOCALE))
@ -134,7 +135,7 @@ public class AdminConsoleWhoAmILocaleTest extends AbstractKeycloakTest {
@Test @Test
public void testLocaleRealmI18nEnabledUserWithLocale() throws Exception { public void testLocaleRealmI18nEnabledUserWithLocale() throws Exception {
JsonNode whoAmI = SimpleHttp JsonNode whoAmI = SimpleHttpDefault
.doGet(whoAmiUrl(REALM_I18N_ON), client) .doGet(whoAmiUrl(REALM_I18N_ON), client)
.header("Accept", "application/json") .header("Accept", "application/json")
.auth(accessToken(REALM_I18N_ON, USER_WITH_LOCALE)) .auth(accessToken(REALM_I18N_ON, USER_WITH_LOCALE))
@ -145,7 +146,7 @@ public class AdminConsoleWhoAmILocaleTest extends AbstractKeycloakTest {
@Test @Test
public void testLocaleRealmI18nEnabledAcceptLanguageHeader() throws Exception { public void testLocaleRealmI18nEnabledAcceptLanguageHeader() throws Exception {
JsonNode whoAmI = SimpleHttp JsonNode whoAmI = SimpleHttpDefault
.doGet(whoAmiUrl(REALM_I18N_ON), client) .doGet(whoAmiUrl(REALM_I18N_ON), client)
.header("Accept", "application/json") .header("Accept", "application/json")
.auth(accessToken(REALM_I18N_ON, USER_WITHOUT_LOCALE)) .auth(accessToken(REALM_I18N_ON, USER_WITHOUT_LOCALE))
@ -157,7 +158,7 @@ public class AdminConsoleWhoAmILocaleTest extends AbstractKeycloakTest {
@Test @Test
public void testLocaleRealmI18nEnabledKeycloakLocaleCookie() throws Exception { public void testLocaleRealmI18nEnabledKeycloakLocaleCookie() throws Exception {
JsonNode whoAmI = SimpleHttp JsonNode whoAmI = SimpleHttpDefault
.doGet(whoAmiUrl(REALM_I18N_ON), client) .doGet(whoAmiUrl(REALM_I18N_ON), client)
.header("Accept", "application/json") .header("Accept", "application/json")
.auth(accessToken(REALM_I18N_ON, USER_WITHOUT_LOCALE)) .auth(accessToken(REALM_I18N_ON, USER_WITHOUT_LOCALE))

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerTest.java
View file

@ -39,6 +39,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.broker.util.SimpleHttpDefault;
import org.keycloak.testsuite.updaters.RealmAttributeUpdater; import org.keycloak.testsuite.updaters.RealmAttributeUpdater;
import org.keycloak.testsuite.util.AccountHelper; import org.keycloak.testsuite.util.AccountHelper;
import org.keycloak.testsuite.util.OAuthClient; import org.keycloak.testsuite.util.OAuthClient;
@ -490,7 +491,7 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
assertThat(errorPage.getError(), is("Page not found")); assertThat(errorPage.getError(), is("Page not found"));
try (CloseableHttpClient client = HttpClientBuilder.create().build()) { try (CloseableHttpClient client = HttpClientBuilder.create().build()) {
SimpleHttp.Response simple = SimpleHttp.doGet(LINK, client).asResponse(); SimpleHttp.Response simple = SimpleHttpDefault.doGet(LINK, client).asResponse();
assertThat(simple, notNullValue()); assertThat(simple, notNullValue());
assertThat(simple.getStatus(), is(Response.Status.NOT_FOUND.getStatusCode())); assertThat(simple.getStatus(), is(Response.Status.NOT_FOUND.getStatusCode()));

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerTransientSessionsTest.java
View file

@ -53,6 +53,7 @@ import org.keycloak.representations.idm.UserSessionRepresentation;
import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature; import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.broker.util.SimpleHttpDefault;
import org.keycloak.testsuite.updaters.ClientAttributeUpdater; import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
import org.keycloak.testsuite.updaters.Creator; import org.keycloak.testsuite.updaters.Creator;
import org.keycloak.testsuite.util.AccountHelper; import org.keycloak.testsuite.util.AccountHelper;
@ -362,7 +363,7 @@ public final class KcOidcBrokerTransientSessionsTest extends AbstractAdvancedBro
assertThat(errorPage.getError(), is("Page not found")); assertThat(errorPage.getError(), is("Page not found"));
try (CloseableHttpClient client = HttpClientBuilder.create().build()) { try (CloseableHttpClient client = HttpClientBuilder.create().build()) {
SimpleHttp.Response simple = SimpleHttp.doGet(LINK, client).asResponse(); SimpleHttp.Response simple = SimpleHttpDefault.doGet(LINK, client).asResponse();
assertThat(simple, notNullValue()); assertThat(simple, notNullValue());
assertThat(simple.getStatus(), is(Response.Status.NOT_FOUND.getStatusCode())); assertThat(simple.getStatus(), is(Response.Status.NOT_FOUND.getStatusCode()));

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/error/UncaughtErrorPageTest.java
View file

@ -21,6 +21,7 @@ import org.keycloak.representations.idm.OAuth2ErrorRepresentation;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected; import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected;
import org.keycloak.testsuite.broker.util.SimpleHttpDefault;
import org.keycloak.testsuite.pages.ErrorPage; import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;
import org.keycloak.utils.MediaType; import org.keycloak.utils.MediaType;
@ -166,7 +167,7 @@ public class UncaughtErrorPageTest extends AbstractKeycloakTest {
URI uri = suiteContext.getAuthServerInfo().getUriBuilder().path("/auth/realms/master/testing/uncaught-error").build(); URI uri = suiteContext.getAuthServerInfo().getUriBuilder().path("/auth/realms/master/testing/uncaught-error").build();
try (CloseableHttpClient client = HttpClientBuilder.create().build()) { try (CloseableHttpClient client = HttpClientBuilder.create().build()) {
SimpleHttp.Response response = SimpleHttp.doGet(uri.toString(), client).header("Accept", MediaType.TEXT_HTML_UTF_8).asResponse(); SimpleHttp.Response response = SimpleHttpDefault.doGet(uri.toString(), client).header("Accept", MediaType.TEXT_HTML_UTF_8).asResponse();
for (BrowserSecurityHeaders header : BrowserSecurityHeaders.values()) { for (BrowserSecurityHeaders header : BrowserSecurityHeaders.values()) {
String expectedValue = header.getDefaultValue(); String expectedValue = header.getDefaultValue();

27
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPAccountRestApiTest.java
View file

@ -45,6 +45,7 @@ import org.keycloak.representations.userprofile.config.UPConfig;
import org.keycloak.services.messages.Messages; import org.keycloak.services.messages.Messages;
import org.keycloak.services.resources.account.AccountCredentialResource; import org.keycloak.services.resources.account.AccountCredentialResource;
import org.keycloak.storage.ldap.idm.model.LDAPObject; import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.testsuite.broker.util.SimpleHttpDefault;
import org.keycloak.testsuite.forms.VerifyProfileTest; import org.keycloak.testsuite.forms.VerifyProfileTest;
import org.keycloak.testsuite.util.LDAPRule; import org.keycloak.testsuite.util.LDAPRule;
import org.keycloak.testsuite.util.LDAPTestUtils; import org.keycloak.testsuite.util.LDAPTestUtils;
@ -248,11 +249,11 @@ public class LDAPAccountRestApiTest extends AbstractLDAPTest {
RealmModel appRealm = ctx.getRealm(); RealmModel appRealm = ctx.getRealm();
appRealm.setEditUsernameAllowed(false); appRealm.setEditUsernameAllowed(false);
}); });
UserRepresentation user = SimpleHttp.doGet(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).asJson(UserRepresentation.class); UserRepresentation user = SimpleHttpDefault.doGet(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).asJson(UserRepresentation.class);
user.setEmail("john-alias@email.org"); user.setEmail("john-alias@email.org");
SimpleHttp.doPost(getAccountUrl(null), httpClient).json(user).auth(tokenUtil.getToken()).asStatus(); SimpleHttpDefault.doPost(getAccountUrl(null), httpClient).json(user).auth(tokenUtil.getToken()).asStatus();
UserRepresentation usernew = SimpleHttp.doGet(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).asJson(UserRepresentation.class); UserRepresentation usernew = SimpleHttpDefault.doGet(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).asJson(UserRepresentation.class);
assertEquals("johnkeycloak", usernew.getUsername()); assertEquals("johnkeycloak", usernew.getUsername());
assertEquals("John", usernew.getFirstName()); assertEquals("John", usernew.getFirstName());
assertEquals("Doe", usernew.getLastName()); assertEquals("Doe", usernew.getLastName());
@ -261,7 +262,7 @@ public class LDAPAccountRestApiTest extends AbstractLDAPTest {
//clean up //clean up
usernew.setEmail("john@email.org"); usernew.setEmail("john@email.org");
SimpleHttp.doPost(getAccountUrl(null), httpClient).json(usernew).auth(tokenUtil.getToken()).asStatus(); SimpleHttpDefault.doPost(getAccountUrl(null), httpClient).json(usernew).auth(tokenUtil.getToken()).asStatus();
} }
@ -272,11 +273,11 @@ public class LDAPAccountRestApiTest extends AbstractLDAPTest {
RealmModel appRealm = ctx.getRealm(); RealmModel appRealm = ctx.getRealm();
appRealm.setEditUsernameAllowed(false); appRealm.setEditUsernameAllowed(false);
}); });
UserRepresentation user = SimpleHttp.doGet(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).asJson(UserRepresentation.class); UserRepresentation user = SimpleHttpDefault.doGet(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).asJson(UserRepresentation.class);
user.setEmail("john-alias@email.org"); user.setEmail("john-alias@email.org");
SimpleHttp.doPost(getAccountUrl(null), httpClient).json(user).auth(tokenUtil.getToken()).asStatus(); SimpleHttpDefault.doPost(getAccountUrl(null), httpClient).json(user).auth(tokenUtil.getToken()).asStatus();
UserRepresentation usernew = SimpleHttp.doGet(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).asJson(UserRepresentation.class); UserRepresentation usernew = SimpleHttpDefault.doGet(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).asJson(UserRepresentation.class);
assertEquals("johnkeycloak", usernew.getUsername()); assertEquals("johnkeycloak", usernew.getUsername());
assertEquals("John", usernew.getFirstName()); assertEquals("John", usernew.getFirstName());
assertEquals("Doe", usernew.getLastName()); assertEquals("Doe", usernew.getLastName());
@ -288,7 +289,7 @@ public class LDAPAccountRestApiTest extends AbstractLDAPTest {
//clean up //clean up
usernew.setEmail("john@email.org"); usernew.setEmail("john@email.org");
final int i = SimpleHttp.doPost(getAccountUrl(null), httpClient).json(usernew).auth(tokenUtil.getToken()).asStatus(); final int i = SimpleHttpDefault.doPost(getAccountUrl(null), httpClient).json(usernew).auth(tokenUtil.getToken()).asStatus();
org.keycloak.representations.idm.UserRepresentation userRep = testRealm().users() org.keycloak.representations.idm.UserRepresentation userRep = testRealm().users()
.search(usernew.getUsername()).get(0); .search(usernew.getUsername()).get(0);
@ -300,7 +301,7 @@ public class LDAPAccountRestApiTest extends AbstractLDAPTest {
userRep.setAttributes(null); userRep.setAttributes(null);
testRealm().users().get(userRep.getId()).update(userRep); testRealm().users().get(userRep.getId()).update(userRep);
usernew = SimpleHttp.doGet(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).asJson(UserRepresentation.class); usernew = SimpleHttpDefault.doGet(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).asJson(UserRepresentation.class);
// Metadata attributes still not present in account REST // Metadata attributes still not present in account REST
Assert.assertNull(usernew.getAttributes()); Assert.assertNull(usernew.getAttributes());
@ -317,23 +318,23 @@ public class LDAPAccountRestApiTest extends AbstractLDAPTest {
} }
private UserRepresentation getProfile() throws IOException { private UserRepresentation getProfile() throws IOException {
return SimpleHttp.doGet(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).asJson(UserRepresentation.class); return SimpleHttpDefault.doGet(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).asJson(UserRepresentation.class);
} }
private void updateProfileExpectSuccess(UserRepresentation user) throws IOException { private void updateProfileExpectSuccess(UserRepresentation user) throws IOException {
int status = SimpleHttp.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user).asStatus(); int status = SimpleHttpDefault.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user).asStatus();
assertEquals(204, status); assertEquals(204, status);
} }
private void updateProfileExpectError(UserRepresentation user, int expectedStatus, String expectedMessage) throws IOException { private void updateProfileExpectError(UserRepresentation user, int expectedStatus, String expectedMessage) throws IOException {
SimpleHttp.Response response = SimpleHttp.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user).asResponse(); SimpleHttp.Response response = SimpleHttpDefault.doPost(getAccountUrl(null), httpClient).auth(tokenUtil.getToken()).json(user).asResponse();
assertEquals(expectedStatus, response.getStatus()); assertEquals(expectedStatus, response.getStatus());
assertEquals(expectedMessage, response.asJson(ErrorRepresentation.class).getErrorMessage()); assertEquals(expectedMessage, response.asJson(ErrorRepresentation.class).getErrorMessage());
} }
// Send REST request to get all credential containers and credentials of current user // Send REST request to get all credential containers and credentials of current user
private List<AccountCredentialResource.CredentialContainer> getCredentials() throws IOException { private List<AccountCredentialResource.CredentialContainer> getCredentials() throws IOException {
return SimpleHttp.doGet(getAccountUrl("credentials"), httpClient) return SimpleHttpDefault.doGet(getAccountUrl("credentials"), httpClient)
.auth(tokenUtil.getToken()).asJson(new TypeReference<List<AccountCredentialResource.CredentialContainer>>() {}); .auth(tokenUtil.getToken()).asJson(new TypeReference<List<AccountCredentialResource.CredentialContainer>>() {});
} }

5
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BackwardsCompatibilityUserStorageTest.java
View file

@ -42,6 +42,7 @@ import org.keycloak.storage.UserStorageProvider;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.broker.util.SimpleHttpDefault;
import org.keycloak.testsuite.federation.BackwardsCompatibilityUserStorageFactory; import org.keycloak.testsuite.federation.BackwardsCompatibilityUserStorageFactory;
import org.keycloak.testsuite.pages.AppPage; import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.LoginConfigTotpPage; import org.keycloak.testsuite.pages.LoginConfigTotpPage;
@ -249,7 +250,7 @@ public class BackwardsCompatibilityUserStorageTest extends AbstractTestRealmKeyc
String otpCredentialId = otpCreds.get(0).getCredential().getId(); String otpCredentialId = otpCreds.get(0).getCredential().getId();
// Delete OTP credential from federated storage // Delete OTP credential from federated storage
int deleteStatus = SimpleHttp.doDelete(accountCredentialsUrl + "/" + otpCredentialId, httpClient) int deleteStatus = SimpleHttpDefault.doDelete(accountCredentialsUrl + "/" + otpCredentialId, httpClient)
.auth(accountToken).acceptJson().asStatus(); .auth(accountToken).acceptJson().asStatus();
Assert.assertEquals(204, deleteStatus); Assert.assertEquals(204, deleteStatus);
@ -352,7 +353,7 @@ public class BackwardsCompatibilityUserStorageTest extends AbstractTestRealmKeyc
} }
private List<CredentialMetadataRepresentation> getOtpCredentialFromAccountREST(String accountCredentialsUrl, CloseableHttpClient httpClient, TokenUtil tokenUtil) throws IOException { private List<CredentialMetadataRepresentation> getOtpCredentialFromAccountREST(String accountCredentialsUrl, CloseableHttpClient httpClient, TokenUtil tokenUtil) throws IOException {
List<AccountCredentialResource.CredentialContainer> credentials = SimpleHttp.doGet(accountCredentialsUrl, httpClient) List<AccountCredentialResource.CredentialContainer> credentials = SimpleHttpDefault.doGet(accountCredentialsUrl, httpClient)
.auth(tokenUtil.getToken()).asJson(new TypeReference<>() {}); .auth(tokenUtil.getToken()).asJson(new TypeReference<>() {});
return credentials.stream() return credentials.stream()

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/AbstractMigrationTest.java
View file

@ -72,6 +72,7 @@ import org.keycloak.storage.UserStorageProvider;
import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.broker.util.SimpleHttpDefault;
import org.keycloak.testsuite.exportimport.ExportImportUtil; import org.keycloak.testsuite.exportimport.ExportImportUtil;
import org.keycloak.testsuite.runonserver.RunHelpers; import org.keycloak.testsuite.runonserver.RunHelpers;
import org.keycloak.testsuite.util.OAuthClient; import org.keycloak.testsuite.util.OAuthClient;
@ -1118,7 +1119,7 @@ public abstract class AbstractMigrationTest extends AbstractKeycloakTest {
protected void testResourceTag() { protected void testResourceTag() {
try (CloseableHttpClient client = HttpClientBuilder.create().build()) { try (CloseableHttpClient client = HttpClientBuilder.create().build()) {
URI url = suiteContext.getAuthServerInfo().getUriBuilder().path("/auth").build(); URI url = suiteContext.getAuthServerInfo().getUriBuilder().path("/auth").build();
String response = SimpleHttp.doGet(url.toString(), client).asString(); String response = SimpleHttpDefault.doGet(url.toString(), client).asString();
Matcher m = Pattern.compile("resources/([^/]*)/common").matcher(response); Matcher m = Pattern.compile("resources/([^/]*)/common").matcher(response);
assertTrue(m.find()); assertTrue(m.find());
assertTrue(m.group(1).matches("[a-zA-Z0-9_\\-.~]{5}")); assertTrue(m.group(1).matches("[a-zA-Z0-9_\\-.~]{5}"));

5
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java
View file

@ -39,6 +39,7 @@ import org.keycloak.models.Constants;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.broker.util.SimpleHttpDefault;
import org.keycloak.testsuite.pages.ErrorPage; import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.testsuite.pages.LoginPage; import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.util.ClientBuilder; import org.keycloak.testsuite.util.ClientBuilder;
@ -301,10 +302,10 @@ public class OAuthRedirectUriTest extends AbstractKeycloakTest {
CloseableHttpClient client = HttpClients.custom().setDefaultRequestConfig(globalConfig).setDefaultCookieStore(cookieStore).build(); CloseableHttpClient client = HttpClients.custom().setDefaultRequestConfig(globalConfig).setDefaultCookieStore(cookieStore).build();
try { try {
String loginPage = SimpleHttp.doGet(loginUrl, client).asString(); String loginPage = SimpleHttpDefault.doGet(loginUrl, client).asString();
String formAction = loginPage.split("action=\"")[1].split("\"")[0].replaceAll("&amp;", "&"); String formAction = loginPage.split("action=\"")[1].split("\"")[0].replaceAll("&amp;", "&");
SimpleHttp.Response response = SimpleHttp.doPost(formAction, client).param("username", "test-user@localhost").param("password", "password").asResponse(); SimpleHttp.Response response = SimpleHttpDefault.doPost(formAction, client).param("username", "test-user@localhost").param("password", "password").asResponse();
response.getStatus(); response.getStatus();
assertThat(response.getFirstHeader("Location"), Matchers.startsWith("android-app://org.keycloak.examples.cordova/https/keycloak-cordova-example.github.io/login")); assertThat(response.getFirstHeader("Location"), Matchers.startsWith("android-app://org.keycloak.examples.cordova/https/keycloak-cordova-example.github.io/login"));

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenRevocationTest.java
View file

@ -61,6 +61,7 @@ import org.keycloak.representations.oidc.TokenMetadataRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.broker.util.SimpleHttpDefault;
import org.keycloak.testsuite.pages.LoginPage; import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.util.AdminClientUtil; import org.keycloak.testsuite.util.AdminClientUtil;
import org.keycloak.testsuite.util.ClientManager; import org.keycloak.testsuite.util.ClientManager;
@ -326,7 +327,7 @@ public class TokenRevocationTest extends AbstractKeycloakTest {
// Test account REST not possible // Test account REST not possible
String accountUrl = OAuthClient.AUTH_SERVER_ROOT + "/realms/test/account"; String accountUrl = OAuthClient.AUTH_SERVER_ROOT + "/realms/test/account";
SimpleHttp accountRequest = SimpleHttp.doGet(accountUrl, restHttpClient) SimpleHttp accountRequest = SimpleHttpDefault.doGet(accountUrl, restHttpClient)
.auth(accessTokenString) .auth(accessTokenString)
.acceptJson(); .acceptJson();
assertEquals(Status.UNAUTHORIZED.getStatusCode(), accountRequest.asStatus()); assertEquals(Status.UNAUTHORIZED.getStatusCode(), accountRequest.asStatus());

9
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCAdvancedRequestParamsTest.java
View file

@ -73,6 +73,7 @@ import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.AbstractAdminTest; import org.keycloak.testsuite.admin.AbstractAdminTest;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.broker.util.SimpleHttpDefault;
import org.keycloak.testsuite.client.resources.TestApplicationResourceUrls; import org.keycloak.testsuite.client.resources.TestApplicationResourceUrls;
import org.keycloak.testsuite.client.resources.TestOIDCEndpointsApplicationResource; import org.keycloak.testsuite.client.resources.TestOIDCEndpointsApplicationResource;
import org.keycloak.testsuite.pages.AppPage; import org.keycloak.testsuite.pages.AppPage;
@ -1436,11 +1437,11 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
private String createEncryptedRequestObject(String encAlg) throws IOException, JWEException { private String createEncryptedRequestObject(String encAlg) throws IOException, JWEException {
try (CloseableHttpClient httpClient = HttpClientBuilder.create().build()) { try (CloseableHttpClient httpClient = HttpClientBuilder.create().build()) {
OIDCConfigurationRepresentation representation = SimpleHttp OIDCConfigurationRepresentation representation = SimpleHttpDefault
.doGet(getAuthServerRoot().toString() + "realms/" + oauth.getRealm() + "/.well-known/openid-configuration", .doGet(getAuthServerRoot().toString() + "realms/" + oauth.getRealm() + "/.well-known/openid-configuration",
httpClient).asJson(OIDCConfigurationRepresentation.class); httpClient).asJson(OIDCConfigurationRepresentation.class);
String jwksUri = representation.getJwksUri(); String jwksUri = representation.getJwksUri();
JSONWebKeySet jsonWebKeySet = SimpleHttp.doGet(jwksUri, httpClient).asJson(JSONWebKeySet.class); JSONWebKeySet jsonWebKeySet = SimpleHttpDefault.doGet(jwksUri, httpClient).asJson(JSONWebKeySet.class);
Map<String, PublicKey> keysForUse = JWKSUtils.getKeysForUse(jsonWebKeySet, JWK.Use.ENCRYPTION); Map<String, PublicKey> keysForUse = JWKSUtils.getKeysForUse(jsonWebKeySet, JWK.Use.ENCRYPTION);
String keyId = null; String keyId = null;
@ -1523,11 +1524,11 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
byte[] contentBytes = JsonSerialization.writeValueAsBytes(requestObject); byte[] contentBytes = JsonSerialization.writeValueAsBytes(requestObject);
try (CloseableHttpClient httpClient = HttpClientBuilder.create().build()) { try (CloseableHttpClient httpClient = HttpClientBuilder.create().build()) {
OIDCConfigurationRepresentation representation = SimpleHttp OIDCConfigurationRepresentation representation = SimpleHttpDefault
.doGet(getAuthServerRoot().toString() + "realms/" + oauth.getRealm() + "/.well-known/openid-configuration", .doGet(getAuthServerRoot().toString() + "realms/" + oauth.getRealm() + "/.well-known/openid-configuration",
httpClient).asJson(OIDCConfigurationRepresentation.class); httpClient).asJson(OIDCConfigurationRepresentation.class);
String jwksUri = representation.getJwksUri(); String jwksUri = representation.getJwksUri();
JSONWebKeySet jsonWebKeySet = SimpleHttp.doGet(jwksUri, httpClient).asJson(JSONWebKeySet.class); JSONWebKeySet jsonWebKeySet = SimpleHttpDefault.doGet(jwksUri, httpClient).asJson(JSONWebKeySet.class);
Map<String, PublicKey> keysForUse = JWKSUtils.getKeysForUse(jsonWebKeySet, JWK.Use.ENCRYPTION); Map<String, PublicKey> keysForUse = JWKSUtils.getKeysForUse(jsonWebKeySet, JWK.Use.ENCRYPTION);
String keyId = jweHeader.getKeyId(); String keyId = jweHeader.getKeyId();

5
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCWellKnownProviderTest.java
View file

@ -47,6 +47,7 @@ import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.admin.AbstractAdminTest; import org.keycloak.testsuite.admin.AbstractAdminTest;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature; import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.broker.util.SimpleHttpDefault;
import org.keycloak.testsuite.forms.BrowserFlowTest; import org.keycloak.testsuite.forms.BrowserFlowTest;
import org.keycloak.testsuite.forms.LevelOfAssuranceFlowTest; import org.keycloak.testsuite.forms.LevelOfAssuranceFlowTest;
import org.keycloak.testsuite.util.AdminClientUtil; import org.keycloak.testsuite.util.AdminClientUtil;
@ -288,10 +289,10 @@ public class OIDCWellKnownProviderTest extends AbstractKeycloakTest {
public void certs() throws IOException { public void certs() throws IOException {
TokenSignatureUtil.registerKeyProvider(Algorithm.ES256, adminClient, testContext); TokenSignatureUtil.registerKeyProvider(Algorithm.ES256, adminClient, testContext);
OIDCConfigurationRepresentation representation = SimpleHttp.doGet(getAuthServerRoot().toString() + "realms/test/.well-known/openid-configuration", client).asJson(OIDCConfigurationRepresentation.class); OIDCConfigurationRepresentation representation = SimpleHttpDefault.doGet(getAuthServerRoot().toString() + "realms/test/.well-known/openid-configuration", client).asJson(OIDCConfigurationRepresentation.class);
String jwksUri = representation.getJwksUri(); String jwksUri = representation.getJwksUri();
JSONWebKeySet jsonWebKeySet = SimpleHttp.doGet(jwksUri, client).asJson(JSONWebKeySet.class); JSONWebKeySet jsonWebKeySet = SimpleHttpDefault.doGet(jwksUri, client).asJson(JSONWebKeySet.class);
assertEquals(3, jsonWebKeySet.getKeys().length); assertEquals(3, jsonWebKeySet.getKeys().length);
} }

7
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/url/DefaultHostnameTest.java
View file

@ -25,6 +25,7 @@ import org.keycloak.representations.idm.ClientInitialAccessPresentation;
import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.broker.util.SimpleHttpDefault;
import org.keycloak.testsuite.util.AdminClientUtil; import org.keycloak.testsuite.util.AdminClientUtil;
import org.keycloak.testsuite.util.ClientBuilder; import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.OAuthClient; import org.keycloak.testsuite.util.OAuthClient;
@ -274,7 +275,7 @@ public class DefaultHostnameTest extends AbstractHostnameTest {
private void assertWelcomePage(String expectedAdminUrl) throws IOException { private void assertWelcomePage(String expectedAdminUrl) throws IOException {
try (CloseableHttpClient client = HttpClientBuilder.create().build()) { try (CloseableHttpClient client = HttpClientBuilder.create().build()) {
SimpleHttp get = SimpleHttp.doGet(AUTH_SERVER_ROOT + "/", client); SimpleHttp get = SimpleHttpDefault.doGet(AUTH_SERVER_ROOT + "/", client);
for (Map.Entry<String, String> entry : createRequestHeaders(expectedAdminUrl).entrySet()) { for (Map.Entry<String, String> entry : createRequestHeaders(expectedAdminUrl).entrySet()) {
get.header(entry.getKey(), entry.getValue()); get.header(entry.getKey(), entry.getValue());
@ -288,7 +289,7 @@ public class DefaultHostnameTest extends AbstractHostnameTest {
private void assertOldAdminPageJsPathSetCorrectly(String realm, String expectedAdminUrl) throws IOException { private void assertOldAdminPageJsPathSetCorrectly(String realm, String expectedAdminUrl) throws IOException {
try (CloseableHttpClient client = HttpClientBuilder.create().build()) { try (CloseableHttpClient client = HttpClientBuilder.create().build()) {
SimpleHttp get = SimpleHttp.doGet(AUTH_SERVER_ROOT + "/admin/" + realm + "/console/", client); SimpleHttp get = SimpleHttpDefault.doGet(AUTH_SERVER_ROOT + "/admin/" + realm + "/console/", client);
for (Map.Entry<String, String> entry : createRequestHeaders(expectedAdminUrl).entrySet()) { for (Map.Entry<String, String> entry : createRequestHeaders(expectedAdminUrl).entrySet()) {
get.header(entry.getKey(), entry.getValue()); get.header(entry.getKey(), entry.getValue());
@ -302,7 +303,7 @@ public class DefaultHostnameTest extends AbstractHostnameTest {
private void assertAdminPage(String realm, String expectedFrontendUrl, String expectedAdminUrl) throws IOException, URISyntaxException { private void assertAdminPage(String realm, String expectedFrontendUrl, String expectedAdminUrl) throws IOException, URISyntaxException {
try (CloseableHttpClient client = HttpClientBuilder.create().build()) { try (CloseableHttpClient client = HttpClientBuilder.create().build()) {
SimpleHttp get = SimpleHttp.doGet(AUTH_SERVER_ROOT + "/admin/" + realm + "/console/", client); SimpleHttp get = SimpleHttpDefault.doGet(AUTH_SERVER_ROOT + "/admin/" + realm + "/console/", client);
for (Map.Entry<String, String> entry : createRequestHeaders(expectedAdminUrl).entrySet()) { for (Map.Entry<String, String> entry : createRequestHeaders(expectedAdminUrl).entrySet()) {
get.header(entry.getKey(), entry.getValue()); get.header(entry.getKey(), entry.getValue());