From 938933267515bcf8f5f762ca4e9a4742f0c06f9f Mon Sep 17 00:00:00 2001 From: Bart Monhemius Date: Thu, 23 Apr 2020 08:54:29 +0200 Subject: [PATCH] [KEYCLOAK-13927] Accept only ticketId instead of the PermissionTicketRepresentation for delete in PermissionResource --- .../client/resource/PermissionResource.java | 16 ++++++---------- .../testsuite/authz/UserManagedAccessTest.java | 7 +++---- 2 files changed, 9 insertions(+), 14 deletions(-) diff --git a/authz/client/src/main/java/org/keycloak/authorization/client/resource/PermissionResource.java b/authz/client/src/main/java/org/keycloak/authorization/client/resource/PermissionResource.java index 6b98d17139..26d013b52e 100644 --- a/authz/client/src/main/java/org/keycloak/authorization/client/resource/PermissionResource.java +++ b/authz/client/src/main/java/org/keycloak/authorization/client/resource/PermissionResource.java @@ -256,21 +256,17 @@ public class PermissionResource { } /** - * Deletes a permission ticket. - * - * @param ticket the permission ticket + * Deletes a permission ticket by ID. + * @param ticketId the permission ticket ID */ - public void delete(final PermissionTicketRepresentation ticket) { - if (ticket == null) { - throw new IllegalArgumentException("Permission ticket must not be null or empty"); - } - if (ticket.getId() == null) { - throw new IllegalArgumentException("Permission ticket must have an id"); + public void delete(final String ticketId) { + if (ticketId == null || ticketId.trim().isEmpty()) { + throw new IllegalArgumentException("Permission ticket ID must not be null or empty"); } Callable callable = new Callable() { @Override public Void call() throws Exception { - http.delete(serverConfiguration.getPermissionEndpoint() + "/ticket/" + ticket.getId()) + http.delete(serverConfiguration.getPermissionEndpoint() + "/ticket/" + ticketId) .authorizationBearer(pat.call()) .response() .execute(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedAccessTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedAccessTest.java index 8454c5ea0f..92633b0100 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedAccessTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedAccessTest.java @@ -258,14 +258,13 @@ public class UserManagedAccessTest extends AbstractResourceServerTest { for (PermissionTicketRepresentation ticket : tickets) { - getAuthzClient().protection().permission().delete(ticket); + getAuthzClient().protection().permission().delete(ticket.getId()); } tickets = getAuthzClient().protection().permission().find(resource.getId(), null, null, null, null, null, null, null); assertEquals(0, tickets.size()); try { - response = authorize("kolo", "password", resource.getId(), new String[] {"ScopeA", "ScopeB"}); fail("User should not have access to resource from another user"); } catch (AuthorizationDeniedException ade) { @@ -531,7 +530,7 @@ public class UserManagedAccessTest extends AbstractResourceServerTest { } for (PermissionTicketRepresentation ticket : permissionTickets) { - permissionResource.delete(ticket); + permissionResource.delete(ticket.getId()); } permissionTickets = permissionResource.findByResource(resource.getId()); @@ -612,7 +611,7 @@ public class UserManagedAccessTest extends AbstractResourceServerTest { for (PermissionTicketRepresentation representation : new ArrayList<>(permissionTickets)) { if (representation.isGranted()) { - permissionResource.delete(representation); + permissionResource.delete(representation.getId()); } }