remove scope support for now
This commit is contained in:
Bill Burke
parent
8f29bf0a5a
commit
801ef3281a
2 changed files with 3 additions and 72 deletions
|
|
@ -54,23 +54,6 @@ public class TokenManager {
|
|||
return accessCodeMap.remove(key);
|
||||
}
|
||||
|
||||
protected boolean desiresScope(AccessScope scope, String key, String roleName) {
|
||||
if (scope == null || scope.isEmpty()) return true;
|
||||
List<String> val = scope.get(key);
|
||||
if (val == null) return false;
|
||||
return val.contains(roleName);
|
||||
|
||||
}
|
||||
|
||||
protected boolean desiresScopeGroup(AccessScope scope, String key) {
|
||||
if (scope == null || scope.isEmpty()) return true;
|
||||
return scope.containsKey(key);
|
||||
}
|
||||
|
||||
protected boolean isEmpty(AccessScope scope) {
|
||||
return scope == null || scope.isEmpty();
|
||||
}
|
||||
|
||||
public static void applyScope(RoleModel role, RoleModel scope, Set<RoleModel> visited, Set<RoleModel> requested) {
|
||||
if (visited.contains(scope)) return;
|
||||
visited.add(scope);
|
||||
|
|
@ -205,9 +188,7 @@ public class TokenManager {
|
|||
}
|
||||
|
||||
public AccessToken createClientAccessToken(String scopeParam, RealmModel realm, ClientModel client, UserModel user, List<RoleModel> realmRolesRequested, MultivaluedMap<String, RoleModel> resourceRolesRequested) {
|
||||
AccessScope scopeMap = null;
|
||||
if (scopeParam != null) scopeMap = decodeScope(scopeParam);
|
||||
|
||||
// todo scopeParam is ignored until we figure out a scheme that fits with openid connect
|
||||
|
||||
Set<RoleModel> roleMappings = realm.getRoleMappings(user);
|
||||
Set<RoleModel> scopeMappings = realm.getScopeMappings(client);
|
||||
|
|
@ -226,14 +207,11 @@ public class TokenManager {
|
|||
}
|
||||
|
||||
for (RoleModel role : requestedRoles) {
|
||||
if (role.getContainer() instanceof RealmModel && desiresScope(scopeMap, "realm", role.getName())) {
|
||||
if (role.getContainer() instanceof RealmModel) {
|
||||
realmRolesRequested.add(role);
|
||||
} else if (role.getContainer() instanceof ApplicationModel) {
|
||||
ApplicationModel app = (ApplicationModel)role.getContainer();
|
||||
if (desiresScope(scopeMap, app.getName(), role.getName())) {
|
||||
resourceRolesRequested.add(app.getName(), role);
|
||||
|
||||
}
|
||||
resourceRolesRequested.add(app.getName(), role);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -337,28 +315,6 @@ public class TokenManager {
|
|||
|
||||
}
|
||||
|
||||
public String encodeScope(AccessScope scope) {
|
||||
String token = null;
|
||||
try {
|
||||
token = JsonSerialization.writeValueAsString(scope);
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
return Base64Url.encode(token.getBytes());
|
||||
}
|
||||
|
||||
public AccessScope decodeScope(String scopeParam) {
|
||||
AccessScope scope = null;
|
||||
byte[] bytes = Base64Url.decode(scopeParam);
|
||||
try {
|
||||
scope = JsonSerialization.readValue(bytes, AccessScope.class);
|
||||
} catch (IOException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
return scope;
|
||||
}
|
||||
|
||||
|
||||
public String encodeToken(RealmModel realm, Object token) {
|
||||
String encodedToken = new JWSBuilder()
|
||||
.jsonContent(token)
|
||||
|
|
|
|||
|
|
@ -89,31 +89,6 @@ public class OAuthGrantTest {
|
|||
Assert.assertTrue(resourceAccess.get("test-app").isUserInRole("customer-user"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void oauthGrantAcceptTestWithScope() throws IOException {
|
||||
oauth.addScope("test-app", "customer-user");
|
||||
oauth.clientId("third-party");
|
||||
oauth.doLoginGrant("test-user@localhost", "password");
|
||||
|
||||
grantPage.assertCurrent();
|
||||
Assert.assertTrue(driver.getPageSource().contains(ROLE_CUSTOMER));
|
||||
|
||||
grantPage.accept();
|
||||
|
||||
Assert.assertTrue(oauth.getCurrentQuery().containsKey("code"));
|
||||
OAuthClient.AccessTokenResponse accessToken = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get("code"), "password");
|
||||
|
||||
AccessToken token = oauth.verifyToken(accessToken.getAccessToken());
|
||||
|
||||
AccessToken.Access realmAccess = token.getRealmAccess();
|
||||
Assert.assertNull(realmAccess);
|
||||
|
||||
Map<String,AccessToken.Access> resourceAccess = token.getResourceAccess();
|
||||
Assert.assertEquals(1, resourceAccess.size());
|
||||
Assert.assertEquals(1, resourceAccess.get("test-app").getRoles().size());
|
||||
Assert.assertTrue(resourceAccess.get("test-app").isUserInRole("customer-user"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void oauthGrantCancelTest() throws IOException {
|
||||
oauth.clientId("third-party");
|
||||
|
|
|
|||
Loading…
Reference in a new issue