diff --git a/model/jpa/src/main/java/org/keycloak/connections/jpa/updater/liquibase/custom/AuthzResourceUseMoreURIs.java b/model/jpa/src/main/java/org/keycloak/connections/jpa/updater/liquibase/custom/AuthzResourceUseMoreURIs.java index 3505ded4b9..b50f3f67ba 100644 --- a/model/jpa/src/main/java/org/keycloak/connections/jpa/updater/liquibase/custom/AuthzResourceUseMoreURIs.java +++ b/model/jpa/src/main/java/org/keycloak/connections/jpa/updater/liquibase/custom/AuthzResourceUseMoreURIs.java @@ -14,7 +14,7 @@ public class AuthzResourceUseMoreURIs extends CustomKeycloakTask { @Override protected void generateStatementsImpl() throws CustomChangeException { try { - PreparedStatement statement = jdbcConnection.prepareStatement("select ID,URI from " + getTableName("RESOURCE_SERVER_RESOURCE")); + PreparedStatement statement = jdbcConnection.prepareStatement("select ID,URI from " + getTableName("RESOURCE_SERVER_RESOURCE") + " where URI is not null"); try { ResultSet resultSet = statement.executeQuery(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/AbstractMigrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/AbstractMigrationTest.java index 07b58af694..643d6765e1 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/AbstractMigrationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/AbstractMigrationTest.java @@ -16,8 +16,9 @@ */ package org.keycloak.testsuite.migration; -import org.keycloak.OAuth2Constants; +import org.hamcrest.Matchers; import org.keycloak.admin.client.resource.ClientResource; +import org.keycloak.admin.client.resource.ClientsResource; import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.admin.client.resource.RoleResource; import org.keycloak.common.constants.KerberosConstants; @@ -29,8 +30,6 @@ import org.keycloak.models.Constants; import org.keycloak.models.LDAPConstants; import org.keycloak.models.UserModel; import org.keycloak.models.utils.DefaultAuthenticationFlows; -import org.keycloak.protocol.oidc.OIDCLoginProtocolFactory; -import org.keycloak.protocol.saml.SamlProtocolFactory; import org.keycloak.representations.AccessToken; import org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation; import org.keycloak.representations.idm.AuthenticationFlowRepresentation; @@ -43,6 +42,7 @@ import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RequiredActionProviderRepresentation; import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.authorization.PolicyRepresentation; +import org.keycloak.representations.idm.authorization.ResourceRepresentation; import org.keycloak.storage.UserStorageProvider; import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.Assert; @@ -51,7 +51,8 @@ import org.keycloak.testsuite.exportimport.ExportImportUtil; import org.keycloak.testsuite.runonserver.RunHelpers; import org.keycloak.testsuite.util.OAuthClient; -import java.util.Collections; +import java.util.ArrayList; +import java.util.Arrays; import java.util.HashSet; import java.util.List; import java.util.Map; @@ -84,16 +85,26 @@ public abstract class AbstractMigrationTest extends AbstractKeycloakTest { protected RealmResource masterRealm; protected void testMigratedData() { + testMigratedData(true); + } + + protected void testMigratedData(boolean supportsAuthzService) { log.info("testing migrated data"); //master realm testMigratedMasterData(); //migrationRealm - testMigratedMigrationData(); + testMigratedMigrationData(supportsAuthzService); } - protected void testMigratedMigrationData() { + protected void testMigratedMigrationData(boolean supportsAuthzService) { assertNames(migrationRealm.roles().list(), "offline_access", "uma_authorization", "migration-test-realm-role"); - assertNames(migrationRealm.clients().findAll(), "account", "admin-cli", "broker", "migration-test-client", "realm-management", "security-admin-console"); + List expectedClientIds = new ArrayList<>(Arrays.asList("account", "admin-cli", "broker", "migration-test-client", "realm-management", "security-admin-console")); + + if (supportsAuthzService) { + expectedClientIds.add("authz-servlet"); + } + + assertNames(migrationRealm.clients().findAll(), expectedClientIds.toArray(new String[expectedClientIds.size()])); String id2 = migrationRealm.clients().findByClientId("migration-test-client").get(0).getId(); assertNames(migrationRealm.clients().get(id2).roles().list(), "migration-test-client-role"); assertNames(migrationRealm.users().search("", 0, 5), "migration-test-user"); @@ -199,8 +210,12 @@ public abstract class AbstractMigrationTest extends AbstractKeycloakTest { testOfflineScopeAddedToClient(); } - protected void testMigrationTo4_2_0() { + protected void testMigrationTo4_2_0(boolean supportsAuthzService) { testRequiredActionsPriority(this.masterRealm, this.migrationRealm); + + if (supportsAuthzService) { + testResourceWithMultipleUris(); + } } private void testCliConsoleScopeSize(RealmResource realm) { @@ -334,6 +349,13 @@ public abstract class AbstractMigrationTest extends AbstractKeycloakTest { assertEquals(1, migratedRulesPolicies.size()); } + private void testResourceWithMultipleUris() { + ClientsResource clients = migrationRealm.clients(); + ClientRepresentation clientRepresentation = clients.findByClientId("authz-servlet").get(0); + ResourceRepresentation resource = clients.get(clientRepresentation.getId()).authorization().resources().findByName("Protected Resource").get(0); + org.junit.Assert.assertThat(resource.getUris(), Matchers.containsInAnyOrder("/*")); + } + protected void testAuthorizationServices(RealmResource... realms) { log.info("testing authorization services"); for (RealmResource realm : realms) { @@ -513,8 +535,12 @@ public abstract class AbstractMigrationTest extends AbstractKeycloakTest { testMigrationTo3_4_2(); } - protected void testMigrationTo4_x() { + protected void testMigrationTo4_x(boolean supportsAuthzServices) { testMigrationTo4_0_0(); - testMigrationTo4_2_0(); + testMigrationTo4_2_0(supportsAuthzServices); + } + + protected void testMigrationTo4_x() { + testMigrationTo4_x(true); } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport198MigrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport198MigrationTest.java index 6c2de43efc..5a219e222e 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport198MigrationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport198MigrationTest.java @@ -63,7 +63,7 @@ public class JsonFileImport198MigrationTest extends AbstractJsonFileImportMigrat @Test public void migration1_9_8Test() throws Exception { - testMigratedMigrationData(); + testMigratedMigrationData(false); testMigrationTo2_0_0(); testMigrationTo2_1_0(); testMigrationTo2_2_0(); @@ -71,7 +71,7 @@ public class JsonFileImport198MigrationTest extends AbstractJsonFileImportMigrat testMigrationTo2_5_0(); //testMigrationTo2_5_1(); // Offline tokens migration is skipped for JSON testMigrationTo3_x(); - testMigrationTo4_x(); + testMigrationTo4_x(false); } @Override diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java index 6c6991d42d..da82d6e3c3 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java @@ -85,10 +85,10 @@ public class MigrationTest extends AbstractMigrationTest { @Test @Migration(versionFrom = "1.9.8.Final") public void migration1_9_8Test() throws Exception { - testMigratedData(); + testMigratedData(false); testMigrationTo2_x(); testMigrationTo3_x(); - testMigrationTo4_x(); + testMigrationTo4_x(false); } @Test @@ -96,5 +96,4 @@ public class MigrationTest extends AbstractMigrationTest { public void migrationInAuthorizationServicesTest() { testDroolsToRulesPolicyTypeMigration(); } - } diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-2.5.5.Final.json b/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-2.5.5.Final.json index aa649caaf5..c598bc83cc 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-2.5.5.Final.json +++ b/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-2.5.5.Final.json @@ -2776,7 +2776,63 @@ "useTemplateConfig" : false, "useTemplateScope" : false, "useTemplateMappers" : false - } ], + }, + { + "id": "70e8e897-82d4-49ab-82c9-c37e1a48b6bb", + "clientId": "authz-servlet", + "adminUrl": "http://localhost:8080/authz-servlet", + "baseUrl": "http://localhost:8080/authz-servlet", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [ + "http://localhost:8080/authz-servlet/*" + ], + "webOrigins": [ + "http://localhost:8080" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "authorizationServicesEnabled": true, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "authorizationSettings": { + "resources": [ + { + "name": "Admin Resource", + "uri": "/protected/admin/*", + "type": "http://servlet-authz/protected/admin", + "_id": "af06c58d-32b6-44d2-9057-2673ced120eb" + }, + { + "name": "Protected Resource", + "uri": "/*", + "type": "http://servlet-authz/protected/resource", + "_id": "d8ec89d2-7fc3-416c-9584-f242e8a6f827" + }, + { + "name": "Premium Resource", + "uri": "/protected/premium/*", + "type": "urn:servlet-authz:protected:resource", + "_id": "9c4dd55d-b7a1-45a5-a379-d2ae48b7b309" + }, + { + "name": "Main Page", + "type": "urn:servlet-authz:protected:resource", + "_id": "01394f0e-8b06-4ae8-a1cb-9f6ff7eeb6b4" + } + ] + } + }], "clientTemplates" : [ ], "browserSecurityHeaders" : { "xContentTypeOptions" : "nosniff", diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-3.4.3.Final.json b/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-3.4.3.Final.json index 9f79df172e..0f72b38c1f 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-3.4.3.Final.json +++ b/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-3.4.3.Final.json @@ -1,4 +1,5 @@ -[ { +[ + { "id" : "Migration", "realm" : "Migration", "notBefore" : 0, @@ -983,7 +984,63 @@ "useTemplateConfig" : false, "useTemplateScope" : false, "useTemplateMappers" : false - } ], + }, + { + "id": "70e8e897-82d4-49ab-82c9-c37e1a48b6bb", + "clientId": "authz-servlet", + "adminUrl": "http://localhost:8080/authz-servlet", + "baseUrl": "http://localhost:8080/authz-servlet", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [ + "http://localhost:8080/authz-servlet/*" + ], + "webOrigins": [ + "http://localhost:8080" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "authorizationServicesEnabled": true, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "authorizationSettings": { + "resources": [ + { + "name": "Admin Resource", + "uri": "/protected/admin/*", + "type": "http://servlet-authz/protected/admin", + "_id": "af06c58d-32b6-44d2-9057-2673ced120eb" + }, + { + "name": "Protected Resource", + "uri": "/*", + "type": "http://servlet-authz/protected/resource", + "_id": "d8ec89d2-7fc3-416c-9584-f242e8a6f827" + }, + { + "name": "Premium Resource", + "uri": "/protected/premium/*", + "type": "urn:servlet-authz:protected:resource", + "_id": "9c4dd55d-b7a1-45a5-a379-d2ae48b7b309" + }, + { + "name": "Main Page", + "type": "urn:servlet-authz:protected:resource", + "_id": "01394f0e-8b06-4ae8-a1cb-9f6ff7eeb6b4" + } + ] + } + }], "clientTemplates" : [ ], "browserSecurityHeaders" : { "xContentTypeOptions" : "nosniff",