[KEYCLOAK-3372] - More tests and code cleanup
This commit is contained in:
Pedro Igor
parent
607b305c2f
commit
7983ed064f
7 changed files with 232 additions and 83 deletions
|
|
@ -50,7 +50,10 @@ public class PhotozClientAuthzTestApp extends AbstractPageWithInjectedUrl {
|
|||
protected ConsentPage consentPage;
|
||||
|
||||
public void createAlbum(String name) {
|
||||
this.driver.findElement(By.id("create-album")).click();
|
||||
navigateTo();
|
||||
By id = By.id("create-album");
|
||||
WaitUtils.waitUntilElement(id);
|
||||
this.driver.findElement(id).click();
|
||||
Form.setInputValue(this.driver.findElement(By.id("album.name")), name);
|
||||
this.driver.findElement(By.id("save-album")).click();
|
||||
pause(500);
|
||||
|
|
|
|||
|
|
@ -59,31 +59,28 @@ public abstract class AbstractDefaultAuthzConfigAdapterTest extends AbstractExam
|
|||
|
||||
@Test
|
||||
public void testDefaultAuthzConfig() throws Exception {
|
||||
configureAuthorizationServices();
|
||||
deploy();
|
||||
navigateToResourceServer();
|
||||
login();
|
||||
try {
|
||||
this.deployer.deploy(RESOURCE_SERVER_ID);
|
||||
configureAuthorizationServices();
|
||||
|
||||
assertTrue(this.driver.getPageSource().contains("Your permissions are"));
|
||||
assertTrue(this.driver.getPageSource().contains("Default Resource"));
|
||||
login();
|
||||
|
||||
assertTrue(this.driver.getPageSource().contains("Your permissions are"));
|
||||
assertTrue(this.driver.getPageSource().contains("Default Resource"));
|
||||
} finally {
|
||||
this.deployer.undeploy(RESOURCE_SERVER_ID);
|
||||
}
|
||||
}
|
||||
|
||||
private void login() {
|
||||
this.loginPage.form().login("alice", "alice");
|
||||
}
|
||||
|
||||
private void navigateToResourceServer() throws MalformedURLException {
|
||||
private void login() throws MalformedURLException {
|
||||
this.driver.navigate().to(getResourceServerUrl());
|
||||
this.loginPage.form().login("alice", "alice");
|
||||
}
|
||||
|
||||
private URL getResourceServerUrl() throws MalformedURLException {
|
||||
return this.appServerContextRootPage.getUriBuilder().path(RESOURCE_SERVER_ID).build().toURL();
|
||||
}
|
||||
|
||||
private void deploy() {
|
||||
this.deployer.deploy(RESOURCE_SERVER_ID);
|
||||
}
|
||||
|
||||
private void configureAuthorizationServices() {
|
||||
ClientsResource clients = realmsResouce().realm(REALM_NAME).clients();
|
||||
ClientRepresentation client = clients.findByClientId(RESOURCE_SERVER_ID).get(0);
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ import org.junit.Test;
|
|||
import org.keycloak.admin.client.resource.AuthorizationResource;
|
||||
import org.keycloak.admin.client.resource.ClientResource;
|
||||
import org.keycloak.admin.client.resource.ClientsResource;
|
||||
import org.keycloak.admin.client.resource.ResourcesResource;
|
||||
import org.keycloak.admin.client.resource.RoleResource;
|
||||
import org.keycloak.admin.client.resource.UserResource;
|
||||
import org.keycloak.admin.client.resource.UsersResource;
|
||||
|
|
@ -43,6 +44,10 @@ import java.io.File;
|
|||
import java.io.FileInputStream;
|
||||
import java.io.FileNotFoundException;
|
||||
import java.io.IOException;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.function.Consumer;
|
||||
|
|
@ -95,7 +100,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
}
|
||||
|
||||
@Test
|
||||
public void testCreateDeleteAlbum() throws Exception {
|
||||
public void testUserCanCreateAndDeleteAlbum() throws Exception {
|
||||
try {
|
||||
this.deployer.deploy(RESOURCE_SERVER_ID);
|
||||
|
||||
|
|
@ -103,13 +108,11 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
this.clientPage.createAlbum("Alice Family Album");
|
||||
|
||||
List<ResourceRepresentation> resources = getAuthorizationResource().resources().resources();
|
||||
|
||||
assertFalse(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
|
||||
|
||||
this.clientPage.deleteAlbum("Alice Family Album");
|
||||
|
||||
resources = getAuthorizationResource().resources().resources();
|
||||
|
||||
assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
|
||||
} finally {
|
||||
this.deployer.undeploy(RESOURCE_SERVER_ID);
|
||||
|
|
@ -122,11 +125,11 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
this.deployer.deploy(RESOURCE_SERVER_ID);
|
||||
this.clientPage.login("alice", "alice");
|
||||
this.clientPage.createAlbum("Alice-Family-Album");
|
||||
|
||||
this.clientPage.login("admin", "admin");
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
|
||||
List<ResourceRepresentation> resources = getAuthorizationResource().resources().resources();
|
||||
|
||||
assertFalse(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
|
||||
|
||||
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
|
||||
|
|
@ -137,11 +140,11 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
}
|
||||
|
||||
this.clientPage.login("admin", "admin");
|
||||
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
this.clientPage.deleteAlbum("Alice-Family-Album");
|
||||
|
||||
assertTrue(this.clientPage.wasDenied());
|
||||
resources = getAuthorizationResource().resources().resources();
|
||||
|
||||
assertFalse(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
|
||||
|
||||
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
|
||||
|
|
@ -153,9 +156,8 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
this.clientPage.deleteAlbum("Alice-Family-Album");
|
||||
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
resources = getAuthorizationResource().resources().resources();
|
||||
|
||||
assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
|
||||
} finally {
|
||||
this.deployer.undeploy(RESOURCE_SERVER_ID);
|
||||
|
|
@ -166,9 +168,9 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
public void testRegularUserCanNotAccessAdminResources() throws Exception {
|
||||
try {
|
||||
this.deployer.deploy(RESOURCE_SERVER_ID);
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
|
||||
assertTrue(this.clientPage.wasDenied());
|
||||
} finally {
|
||||
this.deployer.undeploy(RESOURCE_SERVER_ID);
|
||||
|
|
@ -179,9 +181,9 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
public void testAdminOnlyFromSpecificAddress() throws Exception {
|
||||
try {
|
||||
this.deployer.deploy(RESOURCE_SERVER_ID);
|
||||
|
||||
this.clientPage.login("admin", "admin");
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
|
||||
|
|
@ -193,7 +195,6 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
}
|
||||
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
|
||||
assertTrue(this.clientPage.wasDenied());
|
||||
} finally {
|
||||
this.deployer.undeploy(RESOURCE_SERVER_ID);
|
||||
|
|
@ -204,16 +205,15 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
public void testAdminWithoutPermissionsToTypedResource() throws Exception {
|
||||
try {
|
||||
this.deployer.deploy(RESOURCE_SERVER_ID);
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
this.clientPage.createAlbum("Alice Family Album");
|
||||
|
||||
this.clientPage.login("admin", "admin");
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
this.clientPage.viewAlbum("Alice Family Album");
|
||||
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
|
||||
|
|
@ -242,7 +242,6 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
this.clientPage.viewAlbum("Alice Family Album");
|
||||
|
||||
assertTrue(this.clientPage.wasDenied());
|
||||
|
||||
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
|
||||
|
|
@ -254,14 +253,11 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
this.clientPage.viewAlbum("Alice Family Album");
|
||||
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
this.clientPage.deleteAlbum("Alice Family Album");
|
||||
|
||||
List<ResourceRepresentation> resources = getAuthorizationResource().resources().resources();
|
||||
|
||||
assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
|
||||
} finally {
|
||||
this.deployer.undeploy(RESOURCE_SERVER_ID);
|
||||
|
|
@ -269,23 +265,20 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
}
|
||||
|
||||
@Test
|
||||
public void testAdminWithoutPermissionsToDeleteScopePermission() throws Exception {
|
||||
public void testAdminWithoutPermissionsToDeleteAlbum() throws Exception {
|
||||
try {
|
||||
this.deployer.deploy(RESOURCE_SERVER_ID);
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
this.clientPage.createAlbum("Alice Family Album");
|
||||
|
||||
this.clientPage.login("admin", "admin");
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
this.clientPage.deleteAlbum("Alice Family Album");
|
||||
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
List<ResourceRepresentation> resources = getAuthorizationResource().resources().resources();
|
||||
|
||||
assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
|
||||
|
||||
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
|
||||
|
|
@ -301,14 +294,11 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
this.clientPage.login("admin", "admin");
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
this.clientPage.viewAlbum("Alice Family Album");
|
||||
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
resources = getAuthorizationResource().resources().resources();
|
||||
|
||||
assertFalse(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
|
||||
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
|
||||
this.clientPage.deleteAlbum("Alice Family Album");
|
||||
assertTrue(this.clientPage.wasDenied());
|
||||
|
||||
|
|
@ -321,11 +311,8 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
this.clientPage.deleteAlbum("Alice Family Album");
|
||||
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
resources = getAuthorizationResource().resources().resources();
|
||||
|
||||
assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
|
||||
} finally {
|
||||
this.deployer.undeploy(RESOURCE_SERVER_ID);
|
||||
|
|
@ -336,8 +323,8 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
public void testClientRoleRepresentingUserConsent() throws Exception {
|
||||
try {
|
||||
this.deployer.deploy(RESOURCE_SERVER_ID);
|
||||
this.clientPage.login("alice", "alice");
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
UsersResource usersResource = realmsResouce().realm(REALM_NAME).users();
|
||||
|
|
@ -361,11 +348,9 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
roleResource.update(roleRepresentation);
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
|
||||
assertTrue(this.clientPage.wasDenied());
|
||||
|
||||
this.clientPage.loginWithScopes("alice", "alice", RESOURCE_SERVER_ID + "/manage-albums");
|
||||
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
} finally {
|
||||
this.deployer.undeploy(RESOURCE_SERVER_ID);
|
||||
|
|
@ -376,6 +361,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
public void testClientRoleNotRequired() throws Exception {
|
||||
try {
|
||||
this.deployer.deploy(RESOURCE_SERVER_ID);
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
|
@ -401,37 +387,207 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
manageAlbumRole.update(roleRepresentation);
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
|
||||
assertTrue(this.clientPage.wasDenied());
|
||||
|
||||
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
|
||||
if ("Any User Policy".equals(policy.getName())) {
|
||||
List<Map> roles = JsonSerialization.readValue(policy.getConfig().get("roles"), List.class);
|
||||
|
||||
roles.forEach(new Consumer<Map>() {
|
||||
@Override
|
||||
public void accept(Map role) {
|
||||
String roleId = (String) role.get("id");
|
||||
if (roleId.equals(manageAlbumRole.toRepresentation().getId())) {
|
||||
role.put("required", false);
|
||||
}
|
||||
roles.forEach(role -> {
|
||||
String roleId = (String) role.get("id");
|
||||
if (roleId.equals(manageAlbumRole.toRepresentation().getId())) {
|
||||
role.put("required", false);
|
||||
}
|
||||
});
|
||||
|
||||
policy.getConfig().put("roles", JsonSerialization.writeValueAsString(roles));
|
||||
|
||||
getAuthorizationResource().policies().policy(policy.getId()).update(policy);
|
||||
}
|
||||
}
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
} finally {
|
||||
this.deployer.undeploy(RESOURCE_SERVER_ID);
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testOverridePermissionFromResourceParent() throws Exception {
|
||||
try {
|
||||
this.deployer.deploy(RESOURCE_SERVER_ID);
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
String resourceName = "My Resource Instance";
|
||||
this.clientPage.createAlbum(resourceName);
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
this.clientPage.viewAlbum(resourceName);
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
this.clientPage.navigateTo();
|
||||
this.clientPage.deleteAlbum(resourceName);
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
this.clientPage.createAlbum(resourceName);
|
||||
|
||||
this.clientPage.login("admin", "admin");
|
||||
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
this.clientPage.viewAlbum(resourceName);
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
this.clientPage.navigateToAdminAlbum();;
|
||||
this.clientPage.deleteAlbum(resourceName);
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
this.clientPage.createAlbum(resourceName);
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
getAuthorizationResource().resources().resources().forEach(resource -> {
|
||||
if (resource.getName().equals(resourceName)) {
|
||||
try {
|
||||
PolicyRepresentation resourceInstancePermission = new PolicyRepresentation();
|
||||
|
||||
resourceInstancePermission.setName(resourceName + "Permission");
|
||||
resourceInstancePermission.setType("resource");
|
||||
|
||||
Map<String, String> config = new HashMap<>();
|
||||
|
||||
config.put("resources", JsonSerialization.writeValueAsString(Arrays.asList(resource.getId())));
|
||||
config.put("applyPolicies", JsonSerialization.writeValueAsString(Arrays.asList("Only Owner Policy")));
|
||||
|
||||
resourceInstancePermission.setConfig(config);
|
||||
getAuthorizationResource().policies().create(resourceInstancePermission);
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException("Error creating policy.", e);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
this.clientPage.login("admin", "admin");
|
||||
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
this.clientPage.viewAlbum(resourceName);
|
||||
assertTrue(this.clientPage.wasDenied());
|
||||
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
this.clientPage.deleteAlbum(resourceName);
|
||||
assertTrue(this.clientPage.wasDenied());
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
this.clientPage.deleteAlbum(resourceName);
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
ResourcesResource resourcesResource = getAuthorizationResource().resources();
|
||||
List<ResourceRepresentation> resources = resourcesResource.resources();
|
||||
assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
|
||||
} finally {
|
||||
this.deployer.undeploy(RESOURCE_SERVER_ID);
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testInheritPermissionFromResourceParent() throws Exception {
|
||||
try {
|
||||
this.deployer.deploy(RESOURCE_SERVER_ID);
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
|
||||
String resourceName = "My Resource Instance";
|
||||
this.clientPage.createAlbum(resourceName);
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
this.clientPage.viewAlbum(resourceName);
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
this.clientPage.navigateTo();
|
||||
this.clientPage.deleteAlbum(resourceName);
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
this.clientPage.createAlbum(resourceName);
|
||||
|
||||
this.clientPage.login("admin", "admin");
|
||||
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
this.clientPage.viewAlbum(resourceName);
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
this.clientPage.navigateToAdminAlbum();;
|
||||
this.clientPage.deleteAlbum(resourceName);
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
this.clientPage.createAlbum(resourceName);
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
ResourcesResource resourcesResource = getAuthorizationResource().resources();
|
||||
resourcesResource.resources().forEach(resource -> {
|
||||
if (resource.getName().equals(resourceName)) {
|
||||
try {
|
||||
PolicyRepresentation resourceInstancePermission = new PolicyRepresentation();
|
||||
|
||||
resourceInstancePermission.setName(resourceName + "Permission");
|
||||
resourceInstancePermission.setType("resource");
|
||||
|
||||
Map<String, String> config = new HashMap<>();
|
||||
|
||||
config.put("resources", JsonSerialization.writeValueAsString(Arrays.asList(resource.getId())));
|
||||
config.put("applyPolicies", JsonSerialization.writeValueAsString(Arrays.asList("Only Owner Policy")));
|
||||
|
||||
resourceInstancePermission.setConfig(config);
|
||||
getAuthorizationResource().policies().create(resourceInstancePermission);
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException("Error creating policy.", e);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
this.clientPage.login("admin", "admin");
|
||||
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
this.clientPage.viewAlbum(resourceName);
|
||||
assertTrue(this.clientPage.wasDenied());
|
||||
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
this.clientPage.deleteAlbum(resourceName);
|
||||
assertTrue(this.clientPage.wasDenied());
|
||||
|
||||
resourcesResource.resources().forEach(resource -> {
|
||||
if (resource.getName().equals(resourceName)) {
|
||||
resource.setScopes(resource.getScopes().stream().filter(scope -> !scope.getName().equals("urn:photoz.com:scopes:album:view")).collect(Collectors.toSet()));
|
||||
resourcesResource.resource(resource.getId()).update(resource);
|
||||
}
|
||||
});
|
||||
|
||||
this.clientPage.login("admin", "admin");
|
||||
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
this.clientPage.viewAlbum(resourceName);
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
this.clientPage.deleteAlbum(resourceName);
|
||||
assertTrue(this.clientPage.wasDenied());
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
this.clientPage.deleteAlbum(resourceName);
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
List<ResourceRepresentation> resources = resourcesResource.resources();
|
||||
assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
|
||||
|
||||
resourcesResource.resources().forEach(resource -> {
|
||||
if (resource.getName().equals(resourceName)) {
|
||||
resource.setScopes(Collections.emptySet());
|
||||
resourcesResource.resource(resource.getId()).update(resource);
|
||||
}
|
||||
});
|
||||
} finally {
|
||||
this.deployer.undeploy(RESOURCE_SERVER_ID);
|
||||
}
|
||||
}
|
||||
|
||||
private void importResourceServerSettings() throws FileNotFoundException {
|
||||
getAuthorizationResource().importSettings(loadJson(new FileInputStream(new File(TEST_APPS_HOME_DIR + "/photoz/photoz-restful-api-authz-service.json")), ResourceServerRepresentation.class));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,7 +25,6 @@ import org.keycloak.admin.client.resource.AuthorizationResource;
|
|||
import org.keycloak.admin.client.resource.ClientResource;
|
||||
import org.keycloak.admin.client.resource.ClientsResource;
|
||||
import org.keycloak.admin.client.resource.RealmResource;
|
||||
import org.keycloak.admin.client.resource.RoleResource;
|
||||
import org.keycloak.admin.client.resource.UserResource;
|
||||
import org.keycloak.admin.client.resource.UsersResource;
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
|
|
@ -49,9 +48,6 @@ import java.net.URL;
|
|||
import java.util.Arrays;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.function.Predicate;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
|
@ -88,14 +84,12 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda
|
|||
}
|
||||
|
||||
@Test
|
||||
public void testUserPermissions() throws Exception {
|
||||
public void testRegularUserPermissions() throws Exception {
|
||||
try {
|
||||
this.deployer.deploy(RESOURCE_SERVER_ID);
|
||||
|
||||
login("alice", "alice");
|
||||
|
||||
assertFalse(wasDenied());
|
||||
|
||||
assertTrue(hasLink("User Premium"));
|
||||
assertTrue(hasLink("Administration"));
|
||||
assertTrue(hasText("urn:servlet-authz:page:main:actionForUser"));
|
||||
|
|
@ -103,18 +97,14 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda
|
|||
assertFalse(hasText("urn:servlet-authz:page:main:actionForPremiumUser"));
|
||||
|
||||
navigateToDynamicMenuPage();
|
||||
|
||||
assertTrue(hasText("Do user thing"));
|
||||
assertFalse(hasText("Do user premium thing"));
|
||||
assertFalse(hasText("Do administration thing"));
|
||||
|
||||
|
||||
navigateToUserPremiumPage();
|
||||
|
||||
assertTrue(wasDenied());
|
||||
|
||||
navigateToAdminPage();
|
||||
|
||||
assertTrue(wasDenied());
|
||||
} finally {
|
||||
this.deployer.undeploy(RESOURCE_SERVER_ID);
|
||||
|
|
@ -127,7 +117,6 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda
|
|||
this.deployer.deploy(RESOURCE_SERVER_ID);
|
||||
|
||||
login("jdoe", "jdoe");
|
||||
|
||||
assertFalse(wasDenied());
|
||||
assertTrue(hasLink("User Premium"));
|
||||
assertTrue(hasLink("Administration"));
|
||||
|
|
@ -136,10 +125,15 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda
|
|||
assertFalse(hasText("urn:servlet-authz:page:main:actionForAdmin"));
|
||||
|
||||
navigateToDynamicMenuPage();
|
||||
|
||||
assertTrue(hasText("Do user thing"));
|
||||
assertTrue(hasText("Do user premium thing"));
|
||||
assertFalse(hasText("Do administration thing"));
|
||||
|
||||
navigateToUserPremiumPage();
|
||||
assertFalse(wasDenied());
|
||||
|
||||
navigateToAdminPage();
|
||||
assertTrue(wasDenied());
|
||||
} finally {
|
||||
this.deployer.undeploy(RESOURCE_SERVER_ID);
|
||||
}
|
||||
|
|
@ -151,9 +145,7 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda
|
|||
this.deployer.deploy(RESOURCE_SERVER_ID);
|
||||
|
||||
login("admin", "admin");
|
||||
|
||||
assertFalse(wasDenied());
|
||||
|
||||
assertTrue(hasLink("User Premium"));
|
||||
assertTrue(hasLink("Administration"));
|
||||
assertTrue(hasText("urn:servlet-authz:page:main:actionForUser"));
|
||||
|
|
@ -161,26 +153,29 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda
|
|||
assertFalse(hasText("urn:servlet-authz:page:main:actionForPremiumUser"));
|
||||
|
||||
navigateToDynamicMenuPage();
|
||||
|
||||
assertTrue(hasText("Do user thing"));
|
||||
assertTrue(hasText("Do administration thing"));
|
||||
assertFalse(hasText("Do user premium thing"));
|
||||
|
||||
navigateToUserPremiumPage();
|
||||
assertTrue(wasDenied());
|
||||
|
||||
navigateToAdminPage();
|
||||
assertFalse(wasDenied());
|
||||
} finally {
|
||||
this.deployer.undeploy(RESOURCE_SERVER_ID);
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGrantPremiumAccess() throws Exception {
|
||||
public void testGrantPremiumAccessToUser() throws Exception {
|
||||
try {
|
||||
this.deployer.deploy(RESOURCE_SERVER_ID);
|
||||
|
||||
login("alice", "alice");
|
||||
|
||||
assertFalse(wasDenied());
|
||||
|
||||
navigateToUserPremiumPage();
|
||||
|
||||
assertTrue(wasDenied());
|
||||
|
||||
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
|
||||
|
|
@ -193,7 +188,6 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda
|
|||
login("alice", "alice");
|
||||
|
||||
navigateToUserPremiumPage();
|
||||
|
||||
assertFalse(wasDenied());
|
||||
|
||||
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
|
||||
|
|
@ -204,8 +198,8 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda
|
|||
}
|
||||
|
||||
login("alice", "alice");
|
||||
navigateToUserPremiumPage();
|
||||
|
||||
navigateToUserPremiumPage();
|
||||
assertTrue(wasDenied());
|
||||
|
||||
PolicyRepresentation onlyAlicePolicy = new PolicyRepresentation();
|
||||
|
|
@ -230,10 +224,9 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda
|
|||
}
|
||||
}
|
||||
|
||||
logOut();
|
||||
login("alice", "alice");
|
||||
navigateToUserPremiumPage();
|
||||
|
||||
navigateToUserPremiumPage();
|
||||
assertFalse(wasDenied());
|
||||
} finally {
|
||||
this.deployer.undeploy(RESOURCE_SERVER_ID);
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.keycloak.testsuite.adapter.example;
|
||||
package org.keycloak.testsuite.adapter.example.authorization;
|
||||
|
||||
import org.keycloak.testsuite.adapter.example.authorization.AbstractDefaultAuthzConfigAdapterTest;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.keycloak.testsuite.adapter.example;
|
||||
package org.keycloak.testsuite.adapter.example.authorization;
|
||||
|
||||
import org.keycloak.testsuite.adapter.example.authorization.AbstractPhotozExampleAdapterTest;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.keycloak.testsuite.adapter.example;
|
||||
package org.keycloak.testsuite.adapter.example.authorization;
|
||||
|
||||
import org.jboss.arquillian.container.test.api.RunAsClient;
|
||||
import org.keycloak.testsuite.adapter.example.authorization.AbstractDefaultAuthzConfigAdapterTest;
|
||||
Loading…
Reference in a new issue