[KEYCLOAK-5095] - Adding tests
This commit is contained in:
Pedro Igor
parent
cdb3c159c5
commit
8b2d47dd71
3 changed files with 64 additions and 18 deletions
|
|
@ -1,6 +1,10 @@
|
|||
package org.keycloak.testsuite.authz;
|
||||
|
||||
import org.junit.BeforeClass;
|
||||
import org.keycloak.authorization.client.representation.EntitlementResponse;
|
||||
import org.keycloak.jose.jws.JWSInput;
|
||||
import org.keycloak.jose.jws.JWSInputException;
|
||||
import org.keycloak.representations.AccessToken;
|
||||
import org.keycloak.testsuite.AbstractKeycloakTest;
|
||||
import org.keycloak.testsuite.ProfileAssume;
|
||||
|
||||
|
|
@ -13,4 +17,15 @@ public abstract class AbstractAuthzTest extends AbstractKeycloakTest {
|
|||
public static void enabled() {
|
||||
ProfileAssume.assumePreview();
|
||||
}
|
||||
|
||||
protected AccessToken toAccessToken(String rpt) {
|
||||
AccessToken accessToken;
|
||||
|
||||
try {
|
||||
accessToken = new JWSInput(rpt).readJsonContent(AccessToken.class);
|
||||
} catch (JWSInputException cause) {
|
||||
throw new RuntimeException("Failed to deserialize RPT", cause);
|
||||
}
|
||||
return accessToken;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -39,13 +39,14 @@ import org.keycloak.authorization.client.representation.AuthorizationRequest;
|
|||
import org.keycloak.authorization.client.representation.AuthorizationResponse;
|
||||
import org.keycloak.authorization.client.representation.PermissionRequest;
|
||||
import org.keycloak.authorization.client.util.HttpResponseException;
|
||||
import org.keycloak.representations.AccessToken;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
import org.keycloak.representations.idm.authorization.JSPolicyRepresentation;
|
||||
import org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation;
|
||||
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
|
||||
import org.keycloak.testsuite.AbstractKeycloakTest;
|
||||
import org.keycloak.testsuite.util.ClientBuilder;
|
||||
import org.keycloak.testsuite.util.OAuthClient;
|
||||
import org.keycloak.testsuite.util.RealmBuilder;
|
||||
import org.keycloak.testsuite.util.RoleBuilder;
|
||||
import org.keycloak.testsuite.util.RolesBuilder;
|
||||
|
|
@ -55,7 +56,7 @@ import org.keycloak.util.JsonSerialization;
|
|||
/**
|
||||
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
|
||||
*/
|
||||
public class RequireUmaAuthorizationScopeTest extends AbstractAuthzTest {
|
||||
public class AuthorizationAPITest extends AbstractAuthzTest {
|
||||
|
||||
@Override
|
||||
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
||||
|
|
@ -69,6 +70,11 @@ public class RequireUmaAuthorizationScopeTest extends AbstractAuthzTest {
|
|||
.redirectUris("http://localhost/resource-server-test")
|
||||
.defaultRoles("uma_protection")
|
||||
.directAccessGrants())
|
||||
.client(ClientBuilder.create().clientId("test-client")
|
||||
.secret("secret")
|
||||
.authorizationServicesEnabled(true)
|
||||
.redirectUris("http://localhost/test-client")
|
||||
.directAccessGrants())
|
||||
.build());
|
||||
}
|
||||
|
||||
|
|
@ -143,6 +149,22 @@ public class RequireUmaAuthorizationScopeTest extends AbstractAuthzTest {
|
|||
failAccessTokenWithoutUmaAuthorization();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testResourceServerAsAudience() throws Exception {
|
||||
AuthzClient authzClient = getAuthzClient();
|
||||
PermissionRequest request = new PermissionRequest();
|
||||
|
||||
request.setResourceSetName("Resource A");
|
||||
|
||||
String accessToken = new OAuthClient().realm("authz-test").clientId("test-client").doGrantAccessTokenRequest("secret", "marta", "password").getAccessToken();
|
||||
String ticket = authzClient.protection().permission().forResource(request).getTicket();
|
||||
AuthorizationResponse response = authzClient.authorization(accessToken).authorize(new AuthorizationRequest(ticket));
|
||||
|
||||
assertNotNull(response.getRpt());
|
||||
AccessToken rpt = toAccessToken(response.getRpt());
|
||||
assertEquals("resource-server-test", rpt.getAudience()[0]);
|
||||
}
|
||||
|
||||
private RealmResource getRealm() throws Exception {
|
||||
return adminClient.realm("authz-test");
|
||||
}
|
||||
|
|
@ -41,6 +41,7 @@ import org.keycloak.authorization.client.representation.EntitlementResponse;
|
|||
import org.keycloak.authorization.client.representation.PermissionRequest;
|
||||
import org.keycloak.jose.jws.JWSInput;
|
||||
import org.keycloak.jose.jws.JWSInputException;
|
||||
import org.keycloak.protocol.oidc.utils.OIDCResponseType;
|
||||
import org.keycloak.representations.AccessToken;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.representations.idm.authorization.JSPolicyRepresentation;
|
||||
|
|
@ -49,6 +50,7 @@ import org.keycloak.representations.idm.authorization.ResourcePermissionRepresen
|
|||
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
|
||||
import org.keycloak.testsuite.AbstractKeycloakTest;
|
||||
import org.keycloak.testsuite.util.ClientBuilder;
|
||||
import org.keycloak.testsuite.util.OAuthClient;
|
||||
import org.keycloak.testsuite.util.RealmBuilder;
|
||||
import org.keycloak.testsuite.util.RoleBuilder;
|
||||
import org.keycloak.testsuite.util.RolesBuilder;
|
||||
|
|
@ -74,6 +76,11 @@ public class EntitlementAPITest extends AbstractAuthzTest {
|
|||
.redirectUris("http://localhost/resource-server-test")
|
||||
.defaultRoles("uma_protection")
|
||||
.directAccessGrants())
|
||||
.client(ClientBuilder.create().clientId("test-client")
|
||||
.secret("secret")
|
||||
.authorizationServicesEnabled(true)
|
||||
.redirectUris("http://localhost/test-client")
|
||||
.directAccessGrants())
|
||||
.build());
|
||||
}
|
||||
|
||||
|
|
@ -155,7 +162,7 @@ public class EntitlementAPITest extends AbstractAuthzTest {
|
|||
request.setMetadata(metadata);
|
||||
|
||||
EntitlementResponse response = getAuthzClient().entitlement(authzClient.obtainAccessToken("marta", "password").getToken()).get("resource-server-test", request);
|
||||
AccessToken rpt = toAccessToken(response);
|
||||
AccessToken rpt = toAccessToken(response.getRpt());
|
||||
|
||||
List<Permission> permissions = rpt.getAuthorization().getPermissions();
|
||||
|
||||
|
|
@ -175,7 +182,7 @@ public class EntitlementAPITest extends AbstractAuthzTest {
|
|||
request.setRpt(response.getRpt());
|
||||
|
||||
response = getAuthzClient().entitlement(authzClient.obtainAccessToken("marta", "password").getToken()).get("resource-server-test", request);
|
||||
rpt = toAccessToken(response);
|
||||
rpt = toAccessToken(response.getRpt());
|
||||
|
||||
permissions = rpt.getAuthorization().getPermissions();
|
||||
|
||||
|
|
@ -199,7 +206,7 @@ public class EntitlementAPITest extends AbstractAuthzTest {
|
|||
request.setRpt(response.getRpt());
|
||||
|
||||
response = getAuthzClient().entitlement(authzClient.obtainAccessToken("marta", "password").getToken()).get("resource-server-test", request);
|
||||
rpt = toAccessToken(response);
|
||||
rpt = toAccessToken(response.getRpt());
|
||||
|
||||
permissions = rpt.getAuthorization().getPermissions();
|
||||
|
||||
|
|
@ -222,7 +229,7 @@ public class EntitlementAPITest extends AbstractAuthzTest {
|
|||
request.setRpt(response.getRpt());
|
||||
|
||||
response = getAuthzClient().entitlement(authzClient.obtainAccessToken("marta", "password").getToken()).get("resource-server-test", request);
|
||||
rpt = toAccessToken(response);
|
||||
rpt = toAccessToken(response.getRpt());
|
||||
|
||||
permissions = rpt.getAuthorization().getPermissions();
|
||||
|
||||
|
|
@ -234,8 +241,21 @@ public class EntitlementAPITest extends AbstractAuthzTest {
|
|||
assertEquals("Resource 12", permissions.get(4).getResourceSetName());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testResourceServerAsAudience() throws Exception {
|
||||
EntitlementRequest request = new EntitlementRequest();
|
||||
|
||||
request.addPermission(new PermissionRequest("Resource 1"));
|
||||
|
||||
String accessToken = new OAuthClient().realm("authz-test").clientId("test-client").doGrantAccessTokenRequest("secret", "marta", "password").getAccessToken();
|
||||
EntitlementResponse response = getAuthzClient().entitlement(accessToken).get("resource-server-test", request);
|
||||
AccessToken rpt = toAccessToken(response.getRpt());
|
||||
|
||||
assertEquals("resource-server-test", rpt.getAudience()[0]);
|
||||
}
|
||||
|
||||
private void assertResponse(AuthorizationRequestMetadata metadata, Supplier<EntitlementResponse> responseSupplier) {
|
||||
AccessToken.Authorization authorization = toAccessToken(responseSupplier.get()).getAuthorization();
|
||||
AccessToken.Authorization authorization = toAccessToken(responseSupplier.get().getRpt()).getAuthorization();
|
||||
|
||||
List<Permission> permissions = authorization.getPermissions();
|
||||
|
||||
|
|
@ -251,17 +271,6 @@ public class EntitlementAPITest extends AbstractAuthzTest {
|
|||
}
|
||||
}
|
||||
|
||||
private AccessToken toAccessToken(EntitlementResponse response) {
|
||||
AccessToken accessToken;
|
||||
|
||||
try {
|
||||
accessToken = new JWSInput(response.getRpt()).readJsonContent(AccessToken.class);
|
||||
} catch (JWSInputException cause) {
|
||||
throw new RuntimeException("Failed to deserialize RPT", cause);
|
||||
}
|
||||
return accessToken;
|
||||
}
|
||||
|
||||
private RealmResource getRealm() throws Exception {
|
||||
return adminClient.realm("authz-test");
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue