libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

remove scope support for now

Browse source
This commit is contained in:
Bill Burke 2014-03-06 09:59:27 -05:00
parent 8f29bf0a5a
commit 801ef3281a
2 changed files with 3 additions and 72 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
services/src/main/java/org/keycloak/services/managers/TokenManager.java
View file

@ -54,23 +54,6 @@ public class TokenManager {
return accessCodeMap.remove(key);
}
protected boolean desiresScope(AccessScope scope, String key, String roleName) {
if (scope == null || scope.isEmpty()) return true;
List<String> val = scope.get(key);
if (val == null) return false;
return val.contains(roleName);
}
protected boolean desiresScopeGroup(AccessScope scope, String key) {
if (scope == null || scope.isEmpty()) return true;
return scope.containsKey(key);
}
protected boolean isEmpty(AccessScope scope) {
return scope == null || scope.isEmpty();
}
public static void applyScope(RoleModel role, RoleModel scope, Set<RoleModel> visited, Set<RoleModel> requested) {
if (visited.contains(scope)) return;
visited.add(scope);
@ -205,9 +188,7 @@ public class TokenManager {
}
public AccessToken createClientAccessToken(String scopeParam, RealmModel realm, ClientModel client, UserModel user, List<RoleModel> realmRolesRequested, MultivaluedMap<String, RoleModel> resourceRolesRequested) {
AccessScope scopeMap = null;
if (scopeParam != null) scopeMap = decodeScope(scopeParam);
// todo scopeParam is ignored until we figure out a scheme that fits with openid connect
Set<RoleModel> roleMappings = realm.getRoleMappings(user);
Set<RoleModel> scopeMappings = realm.getScopeMappings(client);
@ -226,14 +207,11 @@ public class TokenManager {
}
for (RoleModel role : requestedRoles) {
if (role.getContainer() instanceof RealmModel && desiresScope(scopeMap, "realm", role.getName())) {
if (role.getContainer() instanceof RealmModel) {
realmRolesRequested.add(role);
} else if (role.getContainer() instanceof ApplicationModel) {
ApplicationModel app = (ApplicationModel)role.getContainer();
if (desiresScope(scopeMap, app.getName(), role.getName())) {
resourceRolesRequested.add(app.getName(), role);
}
}
}
@ -337,28 +315,6 @@ public class TokenManager {
}
public String encodeScope(AccessScope scope) {
String token = null;
try {
token = JsonSerialization.writeValueAsString(scope);
} catch (Exception e) {
throw new RuntimeException(e);
}
return Base64Url.encode(token.getBytes());
}
public AccessScope decodeScope(String scopeParam) {
AccessScope scope = null;
byte[] bytes = Base64Url.decode(scopeParam);
try {
scope = JsonSerialization.readValue(bytes, AccessScope.class);
} catch (IOException e) {
throw new RuntimeException(e);
}
return scope;
}
public String encodeToken(RealmModel realm, Object token) {
String encodedToken = new JWSBuilder()
.jsonContent(token)

25
testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java
View file

@ -89,31 +89,6 @@ public class OAuthGrantTest {
Assert.assertTrue(resourceAccess.get("test-app").isUserInRole("customer-user"));
}
@Test
public void oauthGrantAcceptTestWithScope() throws IOException {
oauth.addScope("test-app", "customer-user");
oauth.clientId("third-party");
oauth.doLoginGrant("test-user@localhost", "password");
grantPage.assertCurrent();
Assert.assertTrue(driver.getPageSource().contains(ROLE_CUSTOMER));
grantPage.accept();
Assert.assertTrue(oauth.getCurrentQuery().containsKey("code"));
OAuthClient.AccessTokenResponse accessToken = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get("code"), "password");
AccessToken token = oauth.verifyToken(accessToken.getAccessToken());
AccessToken.Access realmAccess = token.getRealmAccess();
Assert.assertNull(realmAccess);
Map<String,AccessToken.Access> resourceAccess = token.getResourceAccess();
Assert.assertEquals(1, resourceAccess.size());
Assert.assertEquals(1, resourceAccess.get("test-app").getRoles().size());
Assert.assertTrue(resourceAccess.get("test-app").isUserInRole("customer-user"));
}
@Test
public void oauthGrantCancelTest() throws IOException {
oauth.clientId("third-party");