From e85c2c982650bae4dd4b0e0ad67d028d896c4479 Mon Sep 17 00:00:00 2001 From: mposolda Date: Fri, 21 Feb 2014 19:10:38 +0100 Subject: [PATCH 1/2] Fix testsuite with Mongo --- .../keycloak/adapters/ApplicationAdapter.java | 4 +++- .../mongo/keycloak/adapters/RealmAdapter.java | 16 ++++++++-------- .../org/keycloak/model/test/UserModelTest.java | 17 +++-------------- 3 files changed, 14 insertions(+), 23 deletions(-) diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java index 0686f4201c..80835f2b7e 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java @@ -126,7 +126,9 @@ public class ApplicationAdapter extends AbstractAdapter implements ApplicationMo @Override public RoleModel getRoleById(String id) { RoleEntity role = getMongoStore().loadEntity(RoleEntity.class, id, invocationContext); - if (role == null) { + + // Check that role belongs to this application + if (role == null || !getId().equals(role.getApplicationId())) { return null; } else { return new RoleAdapter(role, this, invocationContext); diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java index 06991cc70d..2604dfe7b9 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java @@ -316,13 +316,10 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel { @Override public UserModel getUserById(String id) { - DBObject query = new QueryBuilder() - .and("id").is(id) - .and("realmId").is(getId()) - .get(); - UserEntity user = getMongoStore().loadSingleEntity(UserEntity.class, query, invocationContext); + UserEntity user = getMongoStore().loadEntity(UserEntity.class, id, invocationContext); - if (user == null) { + // Check that it's user from this realm + if (user == null || !getId().equals(user.getRealmId())) { return null; } else { return new UserAdapter(user, invocationContext); @@ -426,7 +423,7 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel { @Override public RoleModel getRoleById(String id) { RoleEntity role = getMongoStore().loadEntity(RoleEntity.class, id, invocationContext); - if (role == null) { + if (role == null || !getId().equals(role.getRealmId())) { return null; } else { return new RoleAdapter(role, this, invocationContext); @@ -660,7 +657,10 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel { @Override public OAuthClientModel getOAuthClientById(String id) { OAuthClientEntity clientEntity = getMongoStore().loadEntity(OAuthClientEntity.class, id, invocationContext); - if (clientEntity == null) return null; + + // Check if client belongs to this realm + if (clientEntity == null || !getId().equals(clientEntity.getRealmId())) return null; + return new OAuthClientAdapter(clientEntity, invocationContext); } diff --git a/model/tests/src/test/java/org/keycloak/model/test/UserModelTest.java b/model/tests/src/test/java/org/keycloak/model/test/UserModelTest.java index 89bc061cd5..12b463505a 100755 --- a/model/tests/src/test/java/org/keycloak/model/test/UserModelTest.java +++ b/model/tests/src/test/java/org/keycloak/model/test/UserModelTest.java @@ -3,13 +3,8 @@ package org.keycloak.model.test; import org.junit.Assert; import org.junit.Test; import org.keycloak.models.RealmModel; -import org.keycloak.models.RoleModel; import org.keycloak.models.UserModel; import org.keycloak.models.UserModel.RequiredAction; -import org.keycloak.services.managers.RealmManager; - -import java.util.Iterator; -import java.util.List; /** * @author Stian Thorgersen @@ -36,6 +31,9 @@ public class UserModelTest extends AbstractModelTest { UserModel persisted = realmManager.getRealm(realm.getId()).getUser("user"); assertEquals(user, persisted); + + UserModel persisted2 = realmManager.getRealm(realm.getId()).getUserById(user.getId()); + assertEquals(user, persisted2); } @Test @@ -108,14 +106,5 @@ public class UserModelTest extends AbstractModelTest { Assert.assertArrayEquals(expected.getWebOrigins().toArray(), actual.getWebOrigins().toArray()); } - public static void assertEquals(List expected, List actual) { - Assert.assertEquals(expected.size(), actual.size()); - Iterator exp = expected.iterator(); - Iterator act = actual.iterator(); - while (exp.hasNext()) { - Assert.assertEquals(exp.next().getName(), act.next().getName()); - } - } - } From 8a4ef40e9e6bcab4f652794de8bef802eead28f9 Mon Sep 17 00:00:00 2001 From: mposolda Date: Fri, 21 Feb 2014 19:11:38 +0100 Subject: [PATCH 2/2] Added new unit tests. Change get***ById() to find just entities from this realm/application --- .../models/jpa/ApplicationAdapter.java | 15 ++- .../org/keycloak/models/jpa/RealmAdapter.java | 29 +++-- .../jpa/entities/ApplicationEntity.java | 12 ++ .../models/jpa/entities/RealmEntity.java | 2 +- .../mongo/keycloak/adapters/RealmAdapter.java | 2 + .../model/test/AbstractModelTest.java | 32 +++++ .../org/keycloak/model/test/AdapterTest.java | 61 ++++++++-- .../model/test/ApplicationModelTest.java | 1 + .../org/keycloak/model/test/ModelTest.java | 9 -- .../model/test/MultipleRealmsTest.java | 110 ++++++++++++++++++ 10 files changed, 244 insertions(+), 29 deletions(-) create mode 100644 model/tests/src/test/java/org/keycloak/model/test/MultipleRealmsTest.java diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java index 4703da9ec2..9c25a3813f 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java @@ -125,11 +125,13 @@ public class ApplicationAdapter implements ApplicationModel { @Override public boolean removeRoleById(String id) { - ApplicationRoleEntity role = em.find(ApplicationRoleEntity.class, id); - if (role == null) { + RoleAdapter roleAdapter = getRoleById(id); + if (roleAdapter == null) { return false; } + ApplicationRoleEntity role = (ApplicationRoleEntity)roleAdapter.getRole(); + application.getRoles().remove(role); application.getDefaultRoles().remove(role); @@ -154,8 +156,13 @@ public class ApplicationAdapter implements ApplicationModel { } @Override - public RoleModel getRoleById(String id) { - return realm.getRoleById(id); + public RoleAdapter getRoleById(String id) { + RoleEntity entity = em.find(RoleEntity.class, id); + + // Check if it's application role and belongs to this application + if (entity == null || !(entity instanceof ApplicationRoleEntity)) return null; + ApplicationRoleEntity appRoleEntity = (ApplicationRoleEntity)entity; + return (appRoleEntity.getApplication().equals(this.application)) ? new RoleAdapter(this.realm, em, appRoleEntity) : null; } @Override diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java index 608788e566..46e2b7dfb5 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java @@ -431,7 +431,11 @@ public class RealmAdapter implements RealmModel { @Override public UserModel getUserById(String id) { - return new UserAdapter(em.find(UserEntity.class, id)); + UserEntity entity = em.find(UserEntity.class, id); + + // Check if user belongs to this realm + if (entity == null || !this.realm.equals(entity.getRealm())) return null; + return new UserAdapter(entity); } @Override @@ -562,6 +566,7 @@ public class RealmAdapter implements RealmModel { applicationData.setApplicationUser(user); applicationData.setName(name); applicationData.setEnabled(true); + applicationData.setRealm(realm); realm.getApplications().add(applicationData); em.persist(applicationData); em.flush(); @@ -606,7 +611,9 @@ public class RealmAdapter implements RealmModel { @Override public ApplicationModel getApplicationById(String id) { ApplicationEntity app = em.find(ApplicationEntity.class, id); - if (app == null) return null; + + // Check if application belongs to this realm + if (app == null || !this.realm.equals(app.getRealm())) return null; return new ApplicationAdapter(this, em, app); } @@ -783,7 +790,9 @@ public class RealmAdapter implements RealmModel { @Override public OAuthClientModel getOAuthClientById(String id) { OAuthClientEntity client = em.find(OAuthClientEntity.class, id); - if (client == null) return null; + + // Check if client belongs to this realm + if (client == null || !this.realm.equals(client.getRealm())) return null; return new OAuthClientAdapter(client); } @@ -846,7 +855,6 @@ public class RealmAdapter implements RealmModel { @Override public boolean removeRoleById(String id) { RoleModel role = getRoleById(id); - if (role == null) return false; if (role == null) { return false; @@ -877,8 +885,11 @@ public class RealmAdapter implements RealmModel { @Override public RoleModel getRoleById(String id) { RoleEntity entity = em.find(RoleEntity.class, id); - if (entity == null) return null; - return new RoleAdapter(this, em, entity); + + // Check if it's realm role and belongs to this realm + if (entity == null || !(entity instanceof RealmRoleEntity)) return null; + RealmRoleEntity realmRoleEntity = (RealmRoleEntity)entity; + return (realmRoleEntity.getRealm().equals(this.realm)) ? new RoleAdapter(this, em, realmRoleEntity) : null; } @Override @@ -894,8 +905,8 @@ public class RealmAdapter implements RealmModel { protected TypedQuery getUserRoleMappingEntityTypedQuery(UserAdapter user, RoleAdapter role) { TypedQuery query = em.createNamedQuery("userHasRole", UserRoleMappingEntity.class); - query.setParameter("user", ((UserAdapter)user).getUser()); - query.setParameter("role", ((RoleAdapter) role).getRole()); + query.setParameter("user", user.getUser()); + query.setParameter("role", role.getRole()); return query; } @@ -938,6 +949,8 @@ public class RealmAdapter implements RealmModel { @Override public void deleteRoleMapping(UserModel user, RoleModel role) { + if (user == null || role == null) return; + TypedQuery query = getUserRoleMappingEntityTypedQuery((UserAdapter) user, (RoleAdapter) role); List results = query.getResultList(); if (results.size() == 0) return; diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java index e44da8b9ff..19a59817db 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/ApplicationEntity.java @@ -6,6 +6,7 @@ import javax.persistence.FetchType; import javax.persistence.GeneratedValue; import javax.persistence.Id; import javax.persistence.JoinTable; +import javax.persistence.ManyToOne; import javax.persistence.OneToMany; import javax.persistence.OneToOne; import java.util.ArrayList; @@ -40,6 +41,9 @@ public class ApplicationEntity { @JoinTable(name="ApplicationDefaultRoles") Collection defaultRoles = new ArrayList(); + @ManyToOne() + private RealmEntity realm; + public String getId() { return id; } @@ -107,4 +111,12 @@ public class ApplicationEntity { public void setDefaultRoles(Collection defaultRoles) { this.defaultRoles = defaultRoles; } + + public RealmEntity getRealm() { + return realm; + } + + public void setRealm(RealmEntity realm) { + this.realm = realm; + } } diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java index d744bffe2f..e29b59df6c 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java @@ -68,7 +68,7 @@ public class RealmEntity { @JoinTable(name="OAuthClient_RequiredCreds") Collection requiredOAuthClCredentials = new ArrayList(); - @OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true) + @OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "realm") Collection applications = new ArrayList(); @OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "realm") diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java index 2604dfe7b9..758c2cc472 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java @@ -576,6 +576,8 @@ public class RealmAdapter extends AbstractAdapter implements RealmModel { @Override public void deleteRoleMapping(UserModel user, RoleModel role) { + if (user == null || role == null) return; + UserEntity userEntity = ((UserAdapter)user).getUser(); getMongoStore().pullItemFromList(userEntity, "roleIds", role.getId(), invocationContext); } diff --git a/model/tests/src/test/java/org/keycloak/model/test/AbstractModelTest.java b/model/tests/src/test/java/org/keycloak/model/test/AbstractModelTest.java index f334236650..c7c9671706 100644 --- a/model/tests/src/test/java/org/keycloak/model/test/AbstractModelTest.java +++ b/model/tests/src/test/java/org/keycloak/model/test/AbstractModelTest.java @@ -3,12 +3,15 @@ package org.keycloak.model.test; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; +import java.util.Set; import org.jboss.resteasy.logging.Logger; import org.junit.After; +import org.junit.Assert; import org.junit.Before; import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSessionFactory; +import org.keycloak.models.RoleModel; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.services.managers.RealmManager; import org.keycloak.services.resources.KeycloakApplication; @@ -60,4 +63,33 @@ public class AbstractModelTest { return JsonSerialization.readValue(bytes, RealmRepresentation.class); } + + + // Helper methods for role equality + + public static void assertRolesEquals(Set expected, Set actual) { + Assert.assertEquals(expected.size(), actual.size()); + for (RoleModel current : actual) { + assertRolesContains(current, expected); + } + } + + public static void assertRolesContains(RoleModel expected, Set actual) { + for (RoleModel current : actual) { + if (current.getId().equals(expected.getId())) { + assertRolesEquals(current, expected); + return; + } + } + + Assert.fail("Role with id=" + expected.getId() + " name=" + expected.getName() + " not in set " + actual); + } + + public static void assertRolesEquals(RoleModel expected, RoleModel actual) { + Assert.assertEquals(expected.getId(), actual.getId()); + Assert.assertEquals(expected.getName(), actual.getName()); + Assert.assertEquals(expected.getDescription(), actual.getDescription()); + Assert.assertEquals(expected.getContainer(), actual.getContainer()); + Assert.assertEquals(expected.getComposites().size(), actual.getComposites().size()); + } } diff --git a/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java b/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java index ea6fa66cbd..6e71d6ed53 100755 --- a/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java +++ b/model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java @@ -430,13 +430,60 @@ public class AdapterTest extends AbstractModelTest { Set roles = realmModel.getRoles(); Assert.assertEquals(5, roles.size()); UserModel user = realmModel.addUser("bburke"); - RoleModel role = realmModel.getRole("user"); - realmModel.grantRole(user, role); - Assert.assertTrue(realmModel.hasRole(user, role)); - System.out.println("Role id: " + role.getId()); - role = realmModel.getRoleById(role.getId()); - Assert.assertNotNull(role); - Assert.assertEquals("user", role.getName()); + RoleModel realmUserRole = realmModel.getRole("user"); + realmModel.grantRole(user, realmUserRole); + Assert.assertTrue(realmModel.hasRole(user, realmUserRole)); + RoleModel found = realmModel.getRoleById(realmUserRole.getId()); + Assert.assertNotNull(found); + assertRolesEquals(found, realmUserRole); + + // Test app roles + ApplicationModel application = realmModel.addApplication("app1"); + application.addRole("user"); + application.addRole("bar"); + Set appRoles = application.getRoles(); + Assert.assertEquals(2, appRoles.size()); + RoleModel appBarRole = application.getRole("bar"); + + // This should return null because it's realmRole + Assert.assertNull(application.getRoleById(realmUserRole.getId())); + + // This should return null because appBarRole is application role + Assert.assertNull(realmModel.getRoleById(appBarRole.getId())); + found = application.getRoleById(appBarRole.getId()); + Assert.assertNotNull(found); + assertRolesEquals(found, appBarRole); + + realmModel.grantRole(user, appBarRole); + realmModel.grantRole(user, application.getRole("user")); + + roles = realmModel.getRealmRoleMappings(user); + Assert.assertEquals(roles.size(), 2); + assertRolesContains(realmUserRole, roles); + Assert.assertTrue(realmModel.hasRole(user, realmUserRole)); + // Role "foo" is default realm role + Assert.assertTrue(realmModel.hasRole(user, realmModel.getRole("foo"))); + + roles = application.getApplicationRoleMappings(user); + Assert.assertEquals(roles.size(), 2); + assertRolesContains(application.getRole("user"), roles); + assertRolesContains(appBarRole, roles); + Assert.assertTrue(realmModel.hasRole(user, appBarRole)); + + // Test that application role 'user' don't clash with realm role 'user' + Assert.assertNotEquals(realmModel.getRole("user").getId(), application.getRole("user").getId()); + + Assert.assertEquals(6, realmModel.getRoleMappings(user).size()); + + // Revoke some roles + realmModel.deleteRoleMapping(user, realmModel.getRole("foo")); + realmModel.deleteRoleMapping(user, appBarRole); + roles = realmModel.getRoleMappings(user); + Assert.assertEquals(4, roles.size()); + assertRolesContains(realmUserRole, roles); + assertRolesContains(application.getRole("user"), roles); + Assert.assertFalse(realmModel.hasRole(user, appBarRole)); } + // TODO: test scopes } diff --git a/model/tests/src/test/java/org/keycloak/model/test/ApplicationModelTest.java b/model/tests/src/test/java/org/keycloak/model/test/ApplicationModelTest.java index d2e460c1c7..3cac5782e9 100755 --- a/model/tests/src/test/java/org/keycloak/model/test/ApplicationModelTest.java +++ b/model/tests/src/test/java/org/keycloak/model/test/ApplicationModelTest.java @@ -33,6 +33,7 @@ public class ApplicationModelTest extends AbstractModelTest { application.setName("app-name"); application.addRole("role-1"); application.addRole("role-2"); + application.addRole("role-3"); application.addDefaultRole("role-1"); application.addDefaultRole("role-2"); diff --git a/model/tests/src/test/java/org/keycloak/model/test/ModelTest.java b/model/tests/src/test/java/org/keycloak/model/test/ModelTest.java index 33e8490477..b15e888898 100755 --- a/model/tests/src/test/java/org/keycloak/model/test/ModelTest.java +++ b/model/tests/src/test/java/org/keycloak/model/test/ModelTest.java @@ -68,15 +68,6 @@ public class ModelTest extends AbstractModelTest { Assert.assertEquals(expected.getSocialConfig(), actual.getSocialConfig()); } - public static void assertEquals(List expected, List actual) { - Assert.assertEquals(expected.size(), actual.size()); - Iterator exp = expected.iterator(); - Iterator act = actual.iterator(); - while (exp.hasNext()) { - Assert.assertEquals(exp.next().getName(), act.next().getName()); - } - } - private RealmModel importExport(RealmModel src, String copyName) { RealmRepresentation representation = ModelToRepresentation.toRepresentation(src); RealmModel copy = realmManager.createRealm(copyName); diff --git a/model/tests/src/test/java/org/keycloak/model/test/MultipleRealmsTest.java b/model/tests/src/test/java/org/keycloak/model/test/MultipleRealmsTest.java new file mode 100644 index 0000000000..25808e3519 --- /dev/null +++ b/model/tests/src/test/java/org/keycloak/model/test/MultipleRealmsTest.java @@ -0,0 +1,110 @@ +package org.keycloak.model.test; + +import java.util.List; + +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.keycloak.models.ApplicationModel; +import org.keycloak.models.OAuthClientModel; +import org.keycloak.models.RealmModel; +import org.keycloak.models.RoleModel; +import org.keycloak.models.UserCredentialModel; +import org.keycloak.models.UserModel; + +/** + * @author Marek Posolda + */ +public class MultipleRealmsTest extends AbstractModelTest { + + private RealmModel realm1; + private RealmModel realm2; + + @Before + public void before() throws Exception { + super.before(); + realm1 = identitySession.createRealm("id1", "realm1"); + realm2 = identitySession.createRealm("id2", "realm2"); + + createObjects(realm1); + createObjects(realm2); + } + + @Test + public void testUsers() { + UserModel r1user1 = realm1.getUser("user1"); + UserModel r2user1 = realm2.getUser("user1"); + Assert.assertEquals(r1user1.getLoginName(), r2user1.getLoginName()); + Assert.assertNotEquals(r1user1.getId(), r2user1.getId()); + + // Test password + realm1.updateCredential(r1user1, UserCredentialModel.password("pass1")); + realm2.updateCredential(r2user1, UserCredentialModel.password("pass2")); + + Assert.assertTrue(realm1.validatePassword(r1user1, "pass1")); + Assert.assertFalse(realm1.validatePassword(r1user1, "pass2")); + Assert.assertFalse(realm2.validatePassword(r2user1, "pass1")); + Assert.assertTrue(realm2.validatePassword(r2user1, "pass2")); + + // Test searching + Assert.assertEquals(2, realm1.searchForUser("user").size()); + + realm1.removeUser("user1"); + realm1.removeUser("user2"); + Assert.assertEquals(0, realm1.searchForUser("user").size()); + Assert.assertEquals(2, realm2.searchForUser("user").size()); + } + + @Test + public void testGetById() { + Assert.assertEquals(realm1, identitySession.getRealm("id1")); + Assert.assertEquals(realm1, identitySession.getRealmByName("realm1")); + Assert.assertEquals(realm2, identitySession.getRealm("id2")); + Assert.assertEquals(realm2, identitySession.getRealmByName("realm2")); + + ApplicationModel r1app1 = realm1.getApplicationByName("app1"); + ApplicationModel r1app2 = realm1.getApplicationByName("app2"); + ApplicationModel r2app1 = realm2.getApplicationByName("app1"); + ApplicationModel r2app2 = realm2.getApplicationByName("app2"); + + Assert.assertEquals(r1app1, realm1.getApplicationById(r1app1.getId())); + Assert.assertNull(realm2.getApplicationById(r1app1.getId())); + + OAuthClientModel r2cl1 = realm2.getOAuthClient("cl1"); + Assert.assertNull(realm1.getOAuthClientById(r2cl1.getId())); + Assert.assertEquals(r2cl1.getId(), realm2.getOAuthClientById(r2cl1.getId()).getId()); + + RoleModel r1App1Role = r1app1.getRole("app1Role1"); + Assert.assertNull(realm1.getRoleById(r1App1Role.getId())); + Assert.assertNull(realm2.getRoleById(r1App1Role.getId())); + Assert.assertEquals(r1App1Role, r1app1.getRoleById(r1App1Role.getId())); + Assert.assertNull(r1app2.getRoleById(r1App1Role.getId())); + Assert.assertNull(r2app1.getRoleById(r1App1Role.getId())); + Assert.assertNull(r2app2.getRoleById(r1App1Role.getId())); + + RoleModel r2Role1 = realm2.getRole("role2"); + Assert.assertNull(realm1.getRoleById(r2Role1.getId())); + Assert.assertEquals(r2Role1, realm2.getRoleById(r2Role1.getId())); + Assert.assertNull(r1app1.getRoleById(r2Role1.getId())); + Assert.assertNull(r1app2.getRoleById(r2Role1.getId())); + Assert.assertNull(r2app1.getRoleById(r2Role1.getId())); + Assert.assertNull(r2app2.getRoleById(r2Role1.getId())); + } + + private void createObjects(RealmModel realm) { + ApplicationModel app1 = realm.addApplication("app1"); + realm.addApplication("app2"); + + realm.addUser("user1"); + realm.addUser("user2"); + + realm.addRole("role1"); + realm.addRole("role2"); + + app1.addRole("app1Role1"); + app1.addScope(realm.getRole("role1")); + + realm.addOAuthClient("cl1"); + } + +}