From 7983ed064fa6d2910d8501e0ac6de22dcd55de83 Mon Sep 17 00:00:00 2001 From: Pedro Igor Date: Fri, 29 Jul 2016 15:25:36 -0300 Subject: [PATCH] [KEYCLOAK-3372] - More tests and code cleanup --- .../page/PhotozClientAuthzTestApp.java | 5 +- ...AbstractDefaultAuthzConfigAdapterTest.java | 27 +- .../AbstractPhotozExampleAdapterTest.java | 238 +++++++++++++++--- .../AbstractServletAuthzAdapterTest.java | 39 ++- .../WildflyDefaultAuthzConfigAdapterTest.java | 2 +- .../WildflyPhotozExampleAdapterTest.java | 2 +- .../WildflyServletAuthzAdapterTest.java | 2 +- 7 files changed, 232 insertions(+), 83 deletions(-) rename testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/{ => authorization}/WildflyDefaultAuthzConfigAdapterTest.java (94%) rename testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/{ => authorization}/WildflyPhotozExampleAdapterTest.java (94%) rename testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/{ => authorization}/WildflyServletAuthzAdapterTest.java (95%) diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/PhotozClientAuthzTestApp.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/PhotozClientAuthzTestApp.java index 4721737daa..0e07157fe4 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/PhotozClientAuthzTestApp.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/PhotozClientAuthzTestApp.java @@ -50,7 +50,10 @@ public class PhotozClientAuthzTestApp extends AbstractPageWithInjectedUrl { protected ConsentPage consentPage; public void createAlbum(String name) { - this.driver.findElement(By.id("create-album")).click(); + navigateTo(); + By id = By.id("create-album"); + WaitUtils.waitUntilElement(id); + this.driver.findElement(id).click(); Form.setInputValue(this.driver.findElement(By.id("album.name")), name); this.driver.findElement(By.id("save-album")).click(); pause(500); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractDefaultAuthzConfigAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractDefaultAuthzConfigAdapterTest.java index 82b3ec4133..46666747ca 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractDefaultAuthzConfigAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractDefaultAuthzConfigAdapterTest.java @@ -59,31 +59,28 @@ public abstract class AbstractDefaultAuthzConfigAdapterTest extends AbstractExam @Test public void testDefaultAuthzConfig() throws Exception { - configureAuthorizationServices(); - deploy(); - navigateToResourceServer(); - login(); + try { + this.deployer.deploy(RESOURCE_SERVER_ID); + configureAuthorizationServices(); - assertTrue(this.driver.getPageSource().contains("Your permissions are")); - assertTrue(this.driver.getPageSource().contains("Default Resource")); + login(); + + assertTrue(this.driver.getPageSource().contains("Your permissions are")); + assertTrue(this.driver.getPageSource().contains("Default Resource")); + } finally { + this.deployer.undeploy(RESOURCE_SERVER_ID); + } } - private void login() { - this.loginPage.form().login("alice", "alice"); - } - - private void navigateToResourceServer() throws MalformedURLException { + private void login() throws MalformedURLException { this.driver.navigate().to(getResourceServerUrl()); + this.loginPage.form().login("alice", "alice"); } private URL getResourceServerUrl() throws MalformedURLException { return this.appServerContextRootPage.getUriBuilder().path(RESOURCE_SERVER_ID).build().toURL(); } - private void deploy() { - this.deployer.deploy(RESOURCE_SERVER_ID); - } - private void configureAuthorizationServices() { ClientsResource clients = realmsResouce().realm(REALM_NAME).clients(); ClientRepresentation client = clients.findByClientId(RESOURCE_SERVER_ID).get(0); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java index 28662fa573..9a0fb262dd 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java @@ -25,6 +25,7 @@ import org.junit.Test; import org.keycloak.admin.client.resource.AuthorizationResource; import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.ClientsResource; +import org.keycloak.admin.client.resource.ResourcesResource; import org.keycloak.admin.client.resource.RoleResource; import org.keycloak.admin.client.resource.UserResource; import org.keycloak.admin.client.resource.UsersResource; @@ -43,6 +44,10 @@ import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.function.Consumer; @@ -95,7 +100,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd } @Test - public void testCreateDeleteAlbum() throws Exception { + public void testUserCanCreateAndDeleteAlbum() throws Exception { try { this.deployer.deploy(RESOURCE_SERVER_ID); @@ -103,13 +108,11 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd this.clientPage.createAlbum("Alice Family Album"); List resources = getAuthorizationResource().resources().resources(); - assertFalse(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty()); this.clientPage.deleteAlbum("Alice Family Album"); resources = getAuthorizationResource().resources().resources(); - assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty()); } finally { this.deployer.undeploy(RESOURCE_SERVER_ID); @@ -122,11 +125,11 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd this.deployer.deploy(RESOURCE_SERVER_ID); this.clientPage.login("alice", "alice"); this.clientPage.createAlbum("Alice-Family-Album"); + this.clientPage.login("admin", "admin"); this.clientPage.navigateToAdminAlbum(); List resources = getAuthorizationResource().resources().resources(); - assertFalse(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty()); for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) { @@ -137,11 +140,11 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd } this.clientPage.login("admin", "admin"); + this.clientPage.navigateToAdminAlbum(); this.clientPage.deleteAlbum("Alice-Family-Album"); - + assertTrue(this.clientPage.wasDenied()); resources = getAuthorizationResource().resources().resources(); - assertFalse(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty()); for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) { @@ -153,9 +156,8 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd this.clientPage.navigateToAdminAlbum(); this.clientPage.deleteAlbum("Alice-Family-Album"); - + assertFalse(this.clientPage.wasDenied()); resources = getAuthorizationResource().resources().resources(); - assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty()); } finally { this.deployer.undeploy(RESOURCE_SERVER_ID); @@ -166,9 +168,9 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd public void testRegularUserCanNotAccessAdminResources() throws Exception { try { this.deployer.deploy(RESOURCE_SERVER_ID); + this.clientPage.login("alice", "alice"); this.clientPage.navigateToAdminAlbum(); - assertTrue(this.clientPage.wasDenied()); } finally { this.deployer.undeploy(RESOURCE_SERVER_ID); @@ -179,9 +181,9 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd public void testAdminOnlyFromSpecificAddress() throws Exception { try { this.deployer.deploy(RESOURCE_SERVER_ID); + this.clientPage.login("admin", "admin"); this.clientPage.navigateToAdminAlbum(); - assertFalse(this.clientPage.wasDenied()); for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) { @@ -193,7 +195,6 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd } this.clientPage.navigateToAdminAlbum(); - assertTrue(this.clientPage.wasDenied()); } finally { this.deployer.undeploy(RESOURCE_SERVER_ID); @@ -204,16 +205,15 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd public void testAdminWithoutPermissionsToTypedResource() throws Exception { try { this.deployer.deploy(RESOURCE_SERVER_ID); + this.clientPage.login("alice", "alice"); this.clientPage.createAlbum("Alice Family Album"); this.clientPage.login("admin", "admin"); this.clientPage.navigateToAdminAlbum(); - assertFalse(this.clientPage.wasDenied()); this.clientPage.viewAlbum("Alice Family Album"); - assertFalse(this.clientPage.wasDenied()); for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) { @@ -242,7 +242,6 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd this.clientPage.navigateToAdminAlbum(); this.clientPage.viewAlbum("Alice Family Album"); - assertTrue(this.clientPage.wasDenied()); for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) { @@ -254,14 +253,11 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd this.clientPage.navigateToAdminAlbum(); this.clientPage.viewAlbum("Alice Family Album"); - assertFalse(this.clientPage.wasDenied()); this.clientPage.navigateToAdminAlbum(); this.clientPage.deleteAlbum("Alice Family Album"); - List resources = getAuthorizationResource().resources().resources(); - assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty()); } finally { this.deployer.undeploy(RESOURCE_SERVER_ID); @@ -269,23 +265,20 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd } @Test - public void testAdminWithoutPermissionsToDeleteScopePermission() throws Exception { + public void testAdminWithoutPermissionsToDeleteAlbum() throws Exception { try { this.deployer.deploy(RESOURCE_SERVER_ID); + this.clientPage.login("alice", "alice"); this.clientPage.createAlbum("Alice Family Album"); this.clientPage.login("admin", "admin"); this.clientPage.navigateToAdminAlbum(); - assertFalse(this.clientPage.wasDenied()); this.clientPage.deleteAlbum("Alice Family Album"); - assertFalse(this.clientPage.wasDenied()); - List resources = getAuthorizationResource().resources().resources(); - assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty()); for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) { @@ -301,14 +294,11 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd this.clientPage.login("admin", "admin"); this.clientPage.navigateToAdminAlbum(); this.clientPage.viewAlbum("Alice Family Album"); - assertFalse(this.clientPage.wasDenied()); resources = getAuthorizationResource().resources().resources(); - assertFalse(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty()); this.clientPage.navigateToAdminAlbum(); - this.clientPage.deleteAlbum("Alice Family Album"); assertTrue(this.clientPage.wasDenied()); @@ -321,11 +311,8 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd this.clientPage.navigateToAdminAlbum(); this.clientPage.deleteAlbum("Alice Family Album"); - assertFalse(this.clientPage.wasDenied()); - resources = getAuthorizationResource().resources().resources(); - assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty()); } finally { this.deployer.undeploy(RESOURCE_SERVER_ID); @@ -336,8 +323,8 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd public void testClientRoleRepresentingUserConsent() throws Exception { try { this.deployer.deploy(RESOURCE_SERVER_ID); - this.clientPage.login("alice", "alice"); + this.clientPage.login("alice", "alice"); assertFalse(this.clientPage.wasDenied()); UsersResource usersResource = realmsResouce().realm(REALM_NAME).users(); @@ -361,11 +348,9 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd roleResource.update(roleRepresentation); this.clientPage.login("alice", "alice"); - assertTrue(this.clientPage.wasDenied()); this.clientPage.loginWithScopes("alice", "alice", RESOURCE_SERVER_ID + "/manage-albums"); - assertFalse(this.clientPage.wasDenied()); } finally { this.deployer.undeploy(RESOURCE_SERVER_ID); @@ -376,6 +361,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd public void testClientRoleNotRequired() throws Exception { try { this.deployer.deploy(RESOURCE_SERVER_ID); + this.clientPage.login("alice", "alice"); assertFalse(this.clientPage.wasDenied()); @@ -401,37 +387,207 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd manageAlbumRole.update(roleRepresentation); this.clientPage.login("alice", "alice"); - assertTrue(this.clientPage.wasDenied()); for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) { if ("Any User Policy".equals(policy.getName())) { List roles = JsonSerialization.readValue(policy.getConfig().get("roles"), List.class); - roles.forEach(new Consumer() { - @Override - public void accept(Map role) { - String roleId = (String) role.get("id"); - if (roleId.equals(manageAlbumRole.toRepresentation().getId())) { - role.put("required", false); - } + roles.forEach(role -> { + String roleId = (String) role.get("id"); + if (roleId.equals(manageAlbumRole.toRepresentation().getId())) { + role.put("required", false); } }); policy.getConfig().put("roles", JsonSerialization.writeValueAsString(roles)); - getAuthorizationResource().policies().policy(policy.getId()).update(policy); } } this.clientPage.login("alice", "alice"); - assertFalse(this.clientPage.wasDenied()); } finally { this.deployer.undeploy(RESOURCE_SERVER_ID); } } + @Test + public void testOverridePermissionFromResourceParent() throws Exception { + try { + this.deployer.deploy(RESOURCE_SERVER_ID); + + this.clientPage.login("alice", "alice"); + String resourceName = "My Resource Instance"; + this.clientPage.createAlbum(resourceName); + assertFalse(this.clientPage.wasDenied()); + + this.clientPage.viewAlbum(resourceName); + assertFalse(this.clientPage.wasDenied()); + + this.clientPage.navigateTo(); + this.clientPage.deleteAlbum(resourceName); + assertFalse(this.clientPage.wasDenied()); + + this.clientPage.createAlbum(resourceName); + + this.clientPage.login("admin", "admin"); + + this.clientPage.navigateToAdminAlbum(); + this.clientPage.viewAlbum(resourceName); + assertFalse(this.clientPage.wasDenied()); + + this.clientPage.navigateToAdminAlbum();; + this.clientPage.deleteAlbum(resourceName); + assertFalse(this.clientPage.wasDenied()); + + this.clientPage.login("alice", "alice"); + this.clientPage.createAlbum(resourceName); + assertFalse(this.clientPage.wasDenied()); + + getAuthorizationResource().resources().resources().forEach(resource -> { + if (resource.getName().equals(resourceName)) { + try { + PolicyRepresentation resourceInstancePermission = new PolicyRepresentation(); + + resourceInstancePermission.setName(resourceName + "Permission"); + resourceInstancePermission.setType("resource"); + + Map config = new HashMap<>(); + + config.put("resources", JsonSerialization.writeValueAsString(Arrays.asList(resource.getId()))); + config.put("applyPolicies", JsonSerialization.writeValueAsString(Arrays.asList("Only Owner Policy"))); + + resourceInstancePermission.setConfig(config); + getAuthorizationResource().policies().create(resourceInstancePermission); + } catch (Exception e) { + throw new RuntimeException("Error creating policy.", e); + } + } + }); + + this.clientPage.login("admin", "admin"); + + this.clientPage.navigateToAdminAlbum(); + this.clientPage.viewAlbum(resourceName); + assertTrue(this.clientPage.wasDenied()); + + this.clientPage.navigateToAdminAlbum(); + this.clientPage.deleteAlbum(resourceName); + assertTrue(this.clientPage.wasDenied()); + + this.clientPage.login("alice", "alice"); + this.clientPage.deleteAlbum(resourceName); + assertFalse(this.clientPage.wasDenied()); + + ResourcesResource resourcesResource = getAuthorizationResource().resources(); + List resources = resourcesResource.resources(); + assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty()); + } finally { + this.deployer.undeploy(RESOURCE_SERVER_ID); + } + } + + @Test + public void testInheritPermissionFromResourceParent() throws Exception { + try { + this.deployer.deploy(RESOURCE_SERVER_ID); + + this.clientPage.login("alice", "alice"); + + String resourceName = "My Resource Instance"; + this.clientPage.createAlbum(resourceName); + assertFalse(this.clientPage.wasDenied()); + + this.clientPage.viewAlbum(resourceName); + assertFalse(this.clientPage.wasDenied()); + + this.clientPage.navigateTo(); + this.clientPage.deleteAlbum(resourceName); + assertFalse(this.clientPage.wasDenied()); + + this.clientPage.createAlbum(resourceName); + + this.clientPage.login("admin", "admin"); + + this.clientPage.navigateToAdminAlbum(); + this.clientPage.viewAlbum(resourceName); + assertFalse(this.clientPage.wasDenied()); + + this.clientPage.navigateToAdminAlbum();; + this.clientPage.deleteAlbum(resourceName); + assertFalse(this.clientPage.wasDenied()); + + this.clientPage.login("alice", "alice"); + this.clientPage.createAlbum(resourceName); + assertFalse(this.clientPage.wasDenied()); + + ResourcesResource resourcesResource = getAuthorizationResource().resources(); + resourcesResource.resources().forEach(resource -> { + if (resource.getName().equals(resourceName)) { + try { + PolicyRepresentation resourceInstancePermission = new PolicyRepresentation(); + + resourceInstancePermission.setName(resourceName + "Permission"); + resourceInstancePermission.setType("resource"); + + Map config = new HashMap<>(); + + config.put("resources", JsonSerialization.writeValueAsString(Arrays.asList(resource.getId()))); + config.put("applyPolicies", JsonSerialization.writeValueAsString(Arrays.asList("Only Owner Policy"))); + + resourceInstancePermission.setConfig(config); + getAuthorizationResource().policies().create(resourceInstancePermission); + } catch (Exception e) { + throw new RuntimeException("Error creating policy.", e); + } + } + }); + + this.clientPage.login("admin", "admin"); + + this.clientPage.navigateToAdminAlbum(); + this.clientPage.viewAlbum(resourceName); + assertTrue(this.clientPage.wasDenied()); + + this.clientPage.navigateToAdminAlbum(); + this.clientPage.deleteAlbum(resourceName); + assertTrue(this.clientPage.wasDenied()); + + resourcesResource.resources().forEach(resource -> { + if (resource.getName().equals(resourceName)) { + resource.setScopes(resource.getScopes().stream().filter(scope -> !scope.getName().equals("urn:photoz.com:scopes:album:view")).collect(Collectors.toSet())); + resourcesResource.resource(resource.getId()).update(resource); + } + }); + + this.clientPage.login("admin", "admin"); + + this.clientPage.navigateToAdminAlbum(); + this.clientPage.viewAlbum(resourceName); + assertFalse(this.clientPage.wasDenied()); + + this.clientPage.navigateToAdminAlbum(); + this.clientPage.deleteAlbum(resourceName); + assertTrue(this.clientPage.wasDenied()); + + this.clientPage.login("alice", "alice"); + this.clientPage.deleteAlbum(resourceName); + assertFalse(this.clientPage.wasDenied()); + List resources = resourcesResource.resources(); + assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty()); + + resourcesResource.resources().forEach(resource -> { + if (resource.getName().equals(resourceName)) { + resource.setScopes(Collections.emptySet()); + resourcesResource.resource(resource.getId()).update(resource); + } + }); + } finally { + this.deployer.undeploy(RESOURCE_SERVER_ID); + } + } + private void importResourceServerSettings() throws FileNotFoundException { getAuthorizationResource().importSettings(loadJson(new FileInputStream(new File(TEST_APPS_HOME_DIR + "/photoz/photoz-restful-api-authz-service.json")), ResourceServerRepresentation.class)); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletAuthzAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletAuthzAdapterTest.java index 2753c5e5bd..7f61556de9 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletAuthzAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletAuthzAdapterTest.java @@ -25,7 +25,6 @@ import org.keycloak.admin.client.resource.AuthorizationResource; import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.ClientsResource; import org.keycloak.admin.client.resource.RealmResource; -import org.keycloak.admin.client.resource.RoleResource; import org.keycloak.admin.client.resource.UserResource; import org.keycloak.admin.client.resource.UsersResource; import org.keycloak.representations.idm.ClientRepresentation; @@ -49,9 +48,6 @@ import java.net.URL; import java.util.Arrays; import java.util.HashMap; import java.util.List; -import java.util.Map; -import java.util.function.Predicate; -import java.util.stream.Collectors; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; @@ -88,14 +84,12 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda } @Test - public void testUserPermissions() throws Exception { + public void testRegularUserPermissions() throws Exception { try { this.deployer.deploy(RESOURCE_SERVER_ID); login("alice", "alice"); - assertFalse(wasDenied()); - assertTrue(hasLink("User Premium")); assertTrue(hasLink("Administration")); assertTrue(hasText("urn:servlet-authz:page:main:actionForUser")); @@ -103,18 +97,14 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda assertFalse(hasText("urn:servlet-authz:page:main:actionForPremiumUser")); navigateToDynamicMenuPage(); - assertTrue(hasText("Do user thing")); assertFalse(hasText("Do user premium thing")); assertFalse(hasText("Do administration thing")); - navigateToUserPremiumPage(); - assertTrue(wasDenied()); navigateToAdminPage(); - assertTrue(wasDenied()); } finally { this.deployer.undeploy(RESOURCE_SERVER_ID); @@ -127,7 +117,6 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda this.deployer.deploy(RESOURCE_SERVER_ID); login("jdoe", "jdoe"); - assertFalse(wasDenied()); assertTrue(hasLink("User Premium")); assertTrue(hasLink("Administration")); @@ -136,10 +125,15 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda assertFalse(hasText("urn:servlet-authz:page:main:actionForAdmin")); navigateToDynamicMenuPage(); - assertTrue(hasText("Do user thing")); assertTrue(hasText("Do user premium thing")); assertFalse(hasText("Do administration thing")); + + navigateToUserPremiumPage(); + assertFalse(wasDenied()); + + navigateToAdminPage(); + assertTrue(wasDenied()); } finally { this.deployer.undeploy(RESOURCE_SERVER_ID); } @@ -151,9 +145,7 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda this.deployer.deploy(RESOURCE_SERVER_ID); login("admin", "admin"); - assertFalse(wasDenied()); - assertTrue(hasLink("User Premium")); assertTrue(hasLink("Administration")); assertTrue(hasText("urn:servlet-authz:page:main:actionForUser")); @@ -161,26 +153,29 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda assertFalse(hasText("urn:servlet-authz:page:main:actionForPremiumUser")); navigateToDynamicMenuPage(); - assertTrue(hasText("Do user thing")); assertTrue(hasText("Do administration thing")); assertFalse(hasText("Do user premium thing")); + + navigateToUserPremiumPage(); + assertTrue(wasDenied()); + + navigateToAdminPage(); + assertFalse(wasDenied()); } finally { this.deployer.undeploy(RESOURCE_SERVER_ID); } } @Test - public void testGrantPremiumAccess() throws Exception { + public void testGrantPremiumAccessToUser() throws Exception { try { this.deployer.deploy(RESOURCE_SERVER_ID); login("alice", "alice"); - assertFalse(wasDenied()); navigateToUserPremiumPage(); - assertTrue(wasDenied()); for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) { @@ -193,7 +188,6 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda login("alice", "alice"); navigateToUserPremiumPage(); - assertFalse(wasDenied()); for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) { @@ -204,8 +198,8 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda } login("alice", "alice"); - navigateToUserPremiumPage(); + navigateToUserPremiumPage(); assertTrue(wasDenied()); PolicyRepresentation onlyAlicePolicy = new PolicyRepresentation(); @@ -230,10 +224,9 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda } } - logOut(); login("alice", "alice"); - navigateToUserPremiumPage(); + navigateToUserPremiumPage(); assertFalse(wasDenied()); } finally { this.deployer.undeploy(RESOURCE_SERVER_ID); diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/WildflyDefaultAuthzConfigAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/authorization/WildflyDefaultAuthzConfigAdapterTest.java similarity index 94% rename from testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/WildflyDefaultAuthzConfigAdapterTest.java rename to testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/authorization/WildflyDefaultAuthzConfigAdapterTest.java index 712daa06f5..7e31ead134 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/WildflyDefaultAuthzConfigAdapterTest.java +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/authorization/WildflyDefaultAuthzConfigAdapterTest.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.keycloak.testsuite.adapter.example; +package org.keycloak.testsuite.adapter.example.authorization; import org.keycloak.testsuite.adapter.example.authorization.AbstractDefaultAuthzConfigAdapterTest; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/WildflyPhotozExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/authorization/WildflyPhotozExampleAdapterTest.java similarity index 94% rename from testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/WildflyPhotozExampleAdapterTest.java rename to testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/authorization/WildflyPhotozExampleAdapterTest.java index d9e2c343fa..f35217c719 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/WildflyPhotozExampleAdapterTest.java +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/authorization/WildflyPhotozExampleAdapterTest.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.keycloak.testsuite.adapter.example; +package org.keycloak.testsuite.adapter.example.authorization; import org.keycloak.testsuite.adapter.example.authorization.AbstractPhotozExampleAdapterTest; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/WildflyServletAuthzAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/authorization/WildflyServletAuthzAdapterTest.java similarity index 95% rename from testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/WildflyServletAuthzAdapterTest.java rename to testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/authorization/WildflyServletAuthzAdapterTest.java index 9a9a49b8de..d50cf29c54 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/WildflyServletAuthzAdapterTest.java +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/authorization/WildflyServletAuthzAdapterTest.java @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.keycloak.testsuite.adapter.example; +package org.keycloak.testsuite.adapter.example.authorization; import org.jboss.arquillian.container.test.api.RunAsClient; import org.keycloak.testsuite.adapter.example.authorization.AbstractDefaultAuthzConfigAdapterTest;