Merge pull request #5021 from pedroigor/KEYCLOAK-6621

[KEYCLOAK-6621] - Removing unnecessary code to process scopes from typed resources
This commit is contained in:
Pedro Igor 2018-03-01 09:40:02 -03:00 committed by GitHub
commit 9b1275f182
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
19 changed files with 192 additions and 104 deletions

View file

@ -51,9 +51,8 @@ public class ResourceRepresentation {
@JsonInclude(JsonInclude.Include.NON_EMPTY)
private List<PolicyRepresentation> policies;
private List<ScopeRepresentation> typedScopes;
private String displayName;
private String displayName;
/**
* Creates a new instance.
*
@ -187,14 +186,6 @@ public class ResourceRepresentation {
this.ownerManagedAccess = ownerManagedAccess;
}
public void setTypedScopes(List<ScopeRepresentation> typedScopes) {
this.typedScopes = typedScopes;
}
public List<ScopeRepresentation> getTypedScopes() {
return typedScopes;
}
public void addScope(String... scopeNames) {
if (scopes == null) {
scopes = new HashSet<>();

View file

@ -25,7 +25,6 @@
{
"name": "Premium Resource",
"uri": "/protected/premium/*",
"type": "urn:servlet-authz:protected:resource",
"scopes": [
{
"name": "urn:servlet-authz:protected:premium:access"
@ -34,7 +33,6 @@
},
{
"name": "Main Page",
"type": "urn:servlet-authz:protected:resource",
"scopes": [
{
"name": "urn:servlet-authz:page:main:actionForAdmin"

View file

@ -48,8 +48,9 @@ public class PolicyAdapter implements Policy, CachedModel<Policy> {
@Override
public Policy getDelegateForUpdate() {
if (updated == null) {
cacheSession.registerPolicyInvalidation(cached.getId(), cached.getName(), cached.getResourcesIds(), cached.getScopesIds(), cached.getResourceServerId());
updated = cacheSession.getPolicyStoreDelegate().findById(cached.getId(), cached.getResourceServerId());
String defaultResourceType = updated.getConfig().get("defaultResourceType");
cacheSession.registerPolicyInvalidation(cached.getId(), cached.getName(), cached.getResourcesIds(), cached.getScopesIds(), defaultResourceType, cached.getResourceServerId());
if (updated == null) throw new IllegalStateException("Not found in database");
}
return updated;
@ -97,7 +98,7 @@ public class PolicyAdapter implements Policy, CachedModel<Policy> {
@Override
public void setName(String name) {
getDelegateForUpdate();
cacheSession.registerPolicyInvalidation(cached.getId(), name, cached.getResourcesIds(), cached.getScopesIds(), cached.getResourceServerId());
cacheSession.registerPolicyInvalidation(cached.getId(), name, cached.getResourcesIds(), cached.getScopesIds(), cached.getConfig().get("defaultResourceType"), cached.getResourceServerId());
updated.setName(name);
}
@ -148,6 +149,10 @@ public class PolicyAdapter implements Policy, CachedModel<Policy> {
@Override
public void setConfig(Map<String, String> config) {
getDelegateForUpdate();
if (config.containsKey("defaultResourceType") || cached.getConfig().containsKey("defaultResourceType")) {
cacheSession.registerPolicyInvalidation(cached.getId(), cached.getName(), cached.getResourcesIds(), cached.getScopesIds(), cached.getConfig().get("defaultResourceType"), cached.getResourceServerId());
cacheSession.registerPolicyInvalidation(cached.getId(), cached.getName(), cached.getResourcesIds(), cached.getScopesIds(), config.get("defaultResourceType"), cached.getResourceServerId());
}
updated.setConfig(config);
}
@ -155,6 +160,9 @@ public class PolicyAdapter implements Policy, CachedModel<Policy> {
@Override
public void removeConfig(String name) {
getDelegateForUpdate();
if (name.equals("defaultResourceType")) {
cacheSession.registerPolicyInvalidation(cached.getId(), cached.getName(), cached.getResourcesIds(), cached.getScopesIds(), cached.getConfig().get("defaultResourceType"), cached.getResourceServerId());
}
updated.removeConfig(name);
}
@ -162,6 +170,10 @@ public class PolicyAdapter implements Policy, CachedModel<Policy> {
@Override
public void putConfig(String name, String value) {
getDelegateForUpdate();
if (name.equals("defaultResourceType")) {
cacheSession.registerPolicyInvalidation(cached.getId(), cached.getName(), cached.getResourcesIds(), cached.getScopesIds(), cached.getConfig().get("defaultResourceType"), cached.getResourceServerId());
cacheSession.registerPolicyInvalidation(cached.getId(), cached.getName(), cached.getResourcesIds(), cached.getScopesIds(), value, cached.getResourceServerId());
}
updated.putConfig(name, value);
}
@ -207,14 +219,14 @@ public class PolicyAdapter implements Policy, CachedModel<Policy> {
@Override
public void addScope(Scope scope) {
getDelegateForUpdate();
cacheSession.registerPolicyInvalidation(cached.getId(), cached.getName(), cached.getResourcesIds(), new HashSet<>(Arrays.asList(scope.getId())), cached.getResourceServerId());
cacheSession.registerPolicyInvalidation(cached.getId(), cached.getName(), cached.getResourcesIds(), new HashSet<>(Arrays.asList(scope.getId())), cached.getConfig().get("defaultResourceType"), cached.getResourceServerId());
updated.addScope(scope);
}
@Override
public void removeScope(Scope scope) {
getDelegateForUpdate();
cacheSession.registerPolicyInvalidation(cached.getId(), cached.getName(), cached.getResourcesIds(), new HashSet<>(Arrays.asList(scope.getId())), cached.getResourceServerId());
cacheSession.registerPolicyInvalidation(cached.getId(), cached.getName(), cached.getResourcesIds(), new HashSet<>(Arrays.asList(scope.getId())), cached.getConfig().get("defaultResourceType"), cached.getResourceServerId());
updated.removeScope(scope);
}
@ -237,7 +249,7 @@ public class PolicyAdapter implements Policy, CachedModel<Policy> {
getDelegateForUpdate();
HashSet<String> resources = new HashSet<>();
resources.add(resource.getId());
cacheSession.registerPolicyInvalidation(cached.getId(), cached.getName(), resources, cached.getScopesIds(), cached.getResourceServerId());
cacheSession.registerPolicyInvalidation(cached.getId(), cached.getName(), resources, cached.getScopesIds(), cached.getConfig().get("defaultResourceType"), cached.getResourceServerId());
updated.addResource(resource);
}
@ -247,7 +259,7 @@ public class PolicyAdapter implements Policy, CachedModel<Policy> {
getDelegateForUpdate();
HashSet<String> resources = new HashSet<>();
resources.add(resource.getId());
cacheSession.registerPolicyInvalidation(cached.getId(), cached.getName(), resources, cached.getScopesIds(), cached.getResourceServerId());
cacheSession.registerPolicyInvalidation(cached.getId(), cached.getName(), resources, cached.getScopesIds(), cached.getConfig().get("defaultResourceType"), cached.getResourceServerId());
updated.removeResource(resource);
}

View file

@ -27,6 +27,7 @@ import org.keycloak.models.cache.infinispan.authorization.stream.InScopePredicat
import org.keycloak.models.cache.infinispan.entities.Revisioned;
import org.keycloak.models.cache.infinispan.events.InvalidationEvent;
import java.util.Objects;
import java.util.Set;
/**
@ -112,6 +113,11 @@ public class StoreFactoryCacheManager extends CacheManager {
if (resources != null) {
for (String resource : resources) {
invalidations.add(StoreFactoryCacheSession.getPolicyByResource(resource, serverId));
if (Objects.nonNull(scopes)) {
for (String scope : scopes) {
invalidations.add(StoreFactoryCacheSession.getPolicyByResourceScope(scope, resource, serverId));
}
}
}
}
@ -124,6 +130,7 @@ public class StoreFactoryCacheManager extends CacheManager {
if (scopes != null) {
for (String scope : scopes) {
invalidations.add(StoreFactoryCacheSession.getPolicyByScope(scope, serverId));
invalidations.add(StoreFactoryCacheSession.getPolicyByResourceScope(scope, null, serverId));
}
}
}

View file

@ -271,8 +271,11 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
invalidationEvents.add(ResourceUpdatedEvent.create(id, name, type, uri, scopes, serverId, owner));
}
public void registerPolicyInvalidation(String id, String name, Set<String> resources, Set<String> scopes, String serverId) {
public void registerPolicyInvalidation(String id, String name, Set<String> resources, Set<String> scopes, String defaultResourceType, String serverId) {
Set<String> resourceTypes = getResourceTypes(resources, serverId);
if (Objects.nonNull(defaultResourceType)) {
resourceTypes.add(defaultResourceType);
}
cache.policyUpdated(id, name, resources, resourceTypes, scopes, serverId, invalidations);
PolicyAdapter adapter = managedPolicies.get(id);
if (adapter != null) adapter.invalidateFlag();
@ -369,6 +372,10 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
return "policy.scope." + scope + "." + serverId;
}
public static String getPolicyByResourceScope(String scope, String resourceId, String serverId) {
return "policy.resource. " + resourceId + ".scope." + scope + "." + serverId;
}
public static String getPermissionTicketByResource(String resourceId, String serverId) {
return "permission.ticket.resource." + resourceId + "." + serverId;
}
@ -664,8 +671,9 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
@Override
public Policy create(AbstractPolicyRepresentation representation, ResourceServer resourceServer) {
Policy policy = getPolicyStoreDelegate().create(representation, resourceServer);
registerPolicyInvalidation(policy.getId(), representation.getName(), representation.getResources(), representation.getScopes(), resourceServer.getId());
return policy;
Policy cached = findById(policy.getId(), resourceServer.getId());
registerPolicyInvalidation(policy.getId(), representation.getName(), representation.getResources(), representation.getScopes(), null, resourceServer.getId());
return cached;
}
@Override
@ -678,6 +686,10 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
Set<String> resources = policy.getResources().stream().map(resource -> resource.getId()).collect(Collectors.toSet());
ResourceServer resourceServer = policy.getResourceServer();
Set<String> resourceTypes = getResourceTypes(resources, resourceServer.getId());
String defaultResourceType = policy.getConfig().get("defaultResourceType");
if (Objects.nonNull(defaultResourceType)) {
resourceTypes.add(defaultResourceType);
}
Set<String> scopes = policy.getScopes().stream().map(scope -> scope.getId()).collect(Collectors.toSet());
invalidationEvents.add(PolicyRemovedEvent.create(id, policy.getName(), resources, resourceTypes, scopes, resourceServer.getId()));
cache.policyRemoval(id, policy.getName(), resources, resourceTypes, scopes, resourceServer.getId(), invalidations);
@ -771,6 +783,19 @@ public class StoreFactoryCacheSession implements CachedStoreFactoryProvider {
return result;
}
@Override
public List<Policy> findByScopeIds(List<String> scopeIds, String resourceId, String resourceServerId) {
if (scopeIds == null) return null;
List<Policy> result = new ArrayList<>();
for (String id : scopeIds) {
String cacheKey = getPolicyByResourceScope(id, resourceId, resourceServerId);
result.addAll(cacheQuery(cacheKey, PolicyScopeListQuery.class, () -> getPolicyStoreDelegate().findByScopeIds(Arrays.asList(id), resourceId, resourceServerId), (revision, resources) -> new PolicyScopeListQuery(revision, cacheKey, id, resources.stream().map(resource -> resource.getId()).collect(Collectors.toSet()), resourceServerId), resourceServerId));
}
return result;
}
@Override
public List<Policy> findByType(String type, String resourceServerId) {
return getPolicyStoreDelegate().findByType(type, resourceServerId);

View file

@ -57,6 +57,8 @@ import org.keycloak.representations.idm.authorization.Logic;
@NamedQuery(name="findPolicyIdByName", query="select p.id from PolicyEntity p where p.resourceServer.id = :serverId and p.name = :name"),
@NamedQuery(name="findPolicyIdByResource", query="select p.id from PolicyEntity p inner join p.resources r where p.resourceServer.id = :serverId and (r.resourceServer.id = :serverId and r.id = :resourceId)"),
@NamedQuery(name="findPolicyIdByScope", query="select pe.id from PolicyEntity pe where pe.resourceServer.id = :serverId and pe.id IN (select p.id from ScopeEntity s inner join s.policies p where s.resourceServer.id = :serverId and (p.resourceServer.id = :serverId and p.type = 'scope' and s.id in (:scopeIds)))"),
@NamedQuery(name="findPolicyIdByResourceScope", query="select pe.id from PolicyEntity pe where pe.resourceServer.id = :serverId and pe.id IN (select p.id from ScopeEntity s inner join s.policies p where s.resourceServer.id = :serverId and (p.resourceServer.id = :serverId and p.type = 'scope' and s.id in (:scopeIds))) and pe.id IN (select p.id from ResourceEntity r inner join r.policies p where r.resourceServer.id = :serverId and (p.resourceServer.id = :serverId and p.type = 'scope' and r.id in (:resourceId))))"),
@NamedQuery(name="findPolicyIdByNullResourceScope", query="select pe.id from PolicyEntity pe where pe.resourceServer.id = :serverId and pe.id IN (select p.id from ScopeEntity s inner join s.policies p where s.resourceServer.id = :serverId and (p.resourceServer.id = :serverId and p.type = 'scope' and s.id in (:scopeIds))) and pe.resources is empty"),
@NamedQuery(name="findPolicyIdByType", query="select p.id from PolicyEntity p where p.resourceServer.id = :serverId and p.type = :type"),
@NamedQuery(name="findPolicyIdByResourceType", query="select p.id from PolicyEntity p inner join p.config c where p.resourceServer.id = :serverId and KEY(c) = 'defaultResourceType' and c like :type"),
@NamedQuery(name="findPolicyIdByDependentPolices", query="select p.id from PolicyEntity p inner join p.associatedPolicies ap where p.resourceServer.id = :serverId and (ap.resourceServer.id = :serverId and ap.id = :policyId)"),

View file

@ -22,6 +22,7 @@ import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import javax.persistence.EntityManager;
import javax.persistence.FlushModeType;
@ -114,7 +115,10 @@ public class JPAPolicyStore implements PolicyStore {
List<String> result = query.getResultList();
List<Policy> list = new LinkedList<>();
for (String id : result) {
list.add(provider.getStoreFactory().getPolicyStore().findById(id, resourceServerId));
Policy policy = provider.getStoreFactory().getPolicyStore().findById(id, resourceServerId);
if (Objects.nonNull(policy)) {
list.add(policy);
}
}
return list;
}
@ -157,7 +161,10 @@ public class JPAPolicyStore implements PolicyStore {
List<String> result = query.getResultList();
List<Policy> list = new LinkedList<>();
for (String id : result) {
list.add(provider.getStoreFactory().getPolicyStore().findById(id, resourceServerId));
Policy policy = provider.getStoreFactory().getPolicyStore().findById(id, resourceServerId);
if (Objects.nonNull(policy)) {
list.add(policy);
}
}
return list;
}
@ -173,7 +180,10 @@ public class JPAPolicyStore implements PolicyStore {
List<String> result = query.getResultList();
List<Policy> list = new LinkedList<>();
for (String id : result) {
list.add(provider.getStoreFactory().getPolicyStore().findById(id, resourceServerId));
Policy policy = provider.getStoreFactory().getPolicyStore().findById(id, resourceServerId);
if (Objects.nonNull(policy)) {
list.add(policy);
}
}
return list;
}
@ -189,7 +199,10 @@ public class JPAPolicyStore implements PolicyStore {
List<String> result = query.getResultList();
List<Policy> list = new LinkedList<>();
for (String id : result) {
list.add(provider.getStoreFactory().getPolicyStore().findById(id, resourceServerId));
Policy policy = provider.getStoreFactory().getPolicyStore().findById(id, resourceServerId);
if (Objects.nonNull(policy)) {
list.add(policy);
}
}
return list;
}
@ -210,7 +223,41 @@ public class JPAPolicyStore implements PolicyStore {
List<String> result = query.getResultList();
List<Policy> list = new LinkedList<>();
for (String id : result) {
list.add(provider.getStoreFactory().getPolicyStore().findById(id, resourceServerId));
Policy policy = provider.getStoreFactory().getPolicyStore().findById(id, resourceServerId);
if (Objects.nonNull(policy)) {
list.add(policy);
}
}
return list;
}
@Override
public List<Policy> findByScopeIds(List<String> scopeIds, String resourceId, String resourceServerId) {
if (scopeIds==null || scopeIds.isEmpty()) {
return Collections.emptyList();
}
// Use separate subquery to handle DB2 and MSSSQL
TypedQuery<String> query;
if (resourceId == null) {
query = entityManager.createNamedQuery("findPolicyIdByNullResourceScope", String.class);
} else {
query = entityManager.createNamedQuery("findPolicyIdByResourceScope", String.class);
query.setParameter("resourceId", resourceId);
}
query.setFlushMode(FlushModeType.COMMIT);
query.setParameter("scopeIds", scopeIds);
query.setParameter("serverId", resourceServerId);
List<String> result = query.getResultList();
List<Policy> list = new LinkedList<>();
for (String id : result) {
Policy policy = provider.getStoreFactory().getPolicyStore().findById(id, resourceServerId);
if (Objects.nonNull(policy)) {
list.add(policy);
}
}
return list;
}
@ -226,7 +273,10 @@ public class JPAPolicyStore implements PolicyStore {
List<String> result = query.getResultList();
List<Policy> list = new LinkedList<>();
for (String id : result) {
list.add(provider.getStoreFactory().getPolicyStore().findById(id, resourceServerId));
Policy policy = provider.getStoreFactory().getPolicyStore().findById(id, resourceServerId);
if (Objects.nonNull(policy)) {
list.add(policy);
}
}
return list;
}
@ -243,7 +293,10 @@ public class JPAPolicyStore implements PolicyStore {
List<String> result = query.getResultList();
List<Policy> list = new LinkedList<>();
for (String id : result) {
list.add(provider.getStoreFactory().getPolicyStore().findById(id, resourceServerId));
Policy policy = provider.getStoreFactory().getPolicyStore().findById(id, resourceServerId);
if (Objects.nonNull(policy)) {
list.add(policy);
}
}
return list;
}

View file

@ -385,6 +385,11 @@ public final class AuthorizationProvider implements Provider {
return policyStore.findByScopeIds(scopeIds, resourceServerId);
}
@Override
public List<Policy> findByScopeIds(List<String> scopeIds, String resourceId, String resourceServerId) {
return policyStore.findByScopeIds(scopeIds, resourceId, resourceServerId);
}
@Override
public List<Policy> findByType(String type, String resourceServerId) {
return policyStore.findByType(type, resourceServerId);

View file

@ -79,22 +79,19 @@ public class DefaultPolicyEvaluator implements PolicyEvaluator {
evaluatePolicies(() -> {
List<Policy> policies = policyStore.findByResourceType(resource.getType(), resourceServer.getId());
for (Resource typedResource : resourceStore.findByType(resource.getType(), resourceServer.getId())) {
policies.addAll(policyStore.findByResource(typedResource.getId(), resourceServer.getId()));
if (!resource.getOwner().equals(resourceServer.getId())) {
for (Resource typedResource : resourceStore.findByType(resource.getType(), resourceServer.getId())) {
policies.addAll(policyStore.findByResource(typedResource.getId(), resourceServer.getId()));
}
}
return policies;
}, consumer);
}
if (scopes.isEmpty() && !resource.getScopes().isEmpty()) {
scopes.removeAll(resource.getScopes());
evaluatePolicies(() -> policyStore.findByScopeIds(resource.getScopes().stream().map(Scope::getId).collect(Collectors.toList()), resourceServer.getId()), consumer);
}
}
if (!scopes.isEmpty()) {
evaluatePolicies(() -> policyStore.findByScopeIds(scopes.stream().map(Scope::getId).collect(Collectors.toList()), resourceServer.getId()), consumer);
evaluatePolicies(() -> policyStore.findByScopeIds(scopes.stream().map(Scope::getId).collect(Collectors.toList()), null, resourceServer.getId()), consumer);
}
if (PolicyEnforcementMode.PERMISSIVE.equals(enforcementMode) && !verified.get()) {

View file

@ -111,6 +111,16 @@ public interface PolicyStore {
*/
List<Policy> findByScopeIds(List<String> scopeIds, String resourceServerId);
/**
* Returns a list of {@link Policy} associated with a {@link org.keycloak.authorization.core.model.Scope} with the given <code>resourceId</code> and <code>scopeIds</code>.
*
* @param scopeIds the id of the scopes
* @param resourceId the id of the resource
* @param resourceServerId the resource server id
* @return a list of policies associated with the given scopes
*/
List<Policy> findByScopeIds(List<String> scopeIds, String resourceId, String resourceServerId);
/**
* Returns a list of {@link Policy} with the given <code>type</code>.
*

View file

@ -841,24 +841,6 @@ public class ModelToRepresentation {
}
return scope;
}).collect(Collectors.toSet()));
if (resource.getType() != null) {
ResourceStore resourceStore = authorization.getStoreFactory().getResourceStore();
for (Resource typed : resourceStore.findByType(resource.getType(), resourceServer.getId())) {
if (typed.getOwner().equals(resourceServer.getId()) && !typed.getId().equals(resource.getId())) {
resource.setTypedScopes(typed.getScopes().stream().map(model1 -> {
ScopeRepresentation scope = new ScopeRepresentation();
scope.setId(model1.getId());
scope.setName(model1.getName());
String iconUri = model1.getIconUri();
if (iconUri != null) {
scope.setIconUri(iconUri);
}
return scope;
}).filter(scopeRepresentation -> !resource.getScopes().contains(scopeRepresentation)).collect(Collectors.toList()));
}
}
}
}
return resource;

View file

@ -234,7 +234,7 @@ public class ResourceSetService {
return representation;
}).collect(Collectors.toList());
if (model.getType() != null) {
if (model.getType() != null && !model.getOwner().equals(resourceServer.getId())) {
ResourceStore resourceStore = authorization.getStoreFactory().getResourceStore();
for (Resource typed : resourceStore.findByType(model.getType(), resourceServer.getId())) {
if (typed.getOwner().equals(resourceServer.getId()) && !typed.getId().equals(model.getId())) {
@ -273,7 +273,8 @@ public class ResourceSetService {
policies.addAll(policyStore.findByResource(model.getId(), resourceServer.getId()));
policies.addAll(policyStore.findByResourceType(model.getType(), resourceServer.getId()));
policies.addAll(policyStore.findByScopeIds(model.getScopes().stream().map(scope -> scope.getId()).collect(Collectors.toList()), resourceServer.getId()));
policies.addAll(policyStore.findByScopeIds(model.getScopes().stream().map(scope -> scope.getId()).collect(Collectors.toList()), id, resourceServer.getId()));
policies.addAll(policyStore.findByScopeIds(model.getScopes().stream().map(scope -> scope.getId()).collect(Collectors.toList()), null, resourceServer.getId()));
List<PolicyRepresentation> representation = new ArrayList<>();

View file

@ -25,7 +25,6 @@
{
"name": "Premium Resource",
"uri": "/protected/premium/*",
"type": "urn:servlet-authz:protected:resource",
"scopes": [
{
"name": "urn:servlet-authz:protected:premium:access"
@ -34,7 +33,6 @@
},
{
"name": "Main Page",
"type": "urn:servlet-authz:protected:resource",
"scopes": [
{
"name": "urn:servlet-authz:page:main:actionForAdmin"

View file

@ -62,64 +62,51 @@
"resources": [
{
"name": "Welcome Resource",
"uri": "",
"typedScopes": []
"uri": ""
},
{
"name": "Pattern 1",
"uri": "",
"typedScopes": []
"uri": ""
},
{
"name": "Pattern 2",
"uri": "/resource/resource-a",
"typedScopes": []
"uri": "/resource/resource-a"
},
{
"name": "Pattern 3",
"uri": "/resource/resource-b/test",
"typedScopes": []
"uri": "/resource/resource-b/test"
},
{
"name": "Pattern 4",
"uri": "/resource-c",
"typedScopes": []
"uri": "/resource-c"
},
{
"name": "Pattern 5",
"uri": "/resource/d/resource-d",
"typedScopes": []
"uri": "/resource/d/resource-d"
},
{
"name": "Pattern 6",
"uri": "",
"typedScopes": []
"uri": ""
},
{
"name": "Pattern 7",
"uri": "",
"typedScopes": []
"uri": ""
},
{
"name": "Pattern 8",
"typedScopes": []
"name": "Pattern 8"
},
{
"name": "Pattern 9",
"typedScopes": []
"name": "Pattern 9"
},
{
"name": "Pattern 10",
"typedScopes": []
"name": "Pattern 10"
},
{
"name": "Pattern 11",
"typedScopes": []
"name": "Pattern 11"
},
{
"name": "Pattern 12",
"uri": "/realm_uri",
"typedScopes": []
"uri": "/realm_uri"
}
],
"policies": [

View file

@ -13,8 +13,7 @@
{
"name": "urn:acme.com:scopes:admin:view"
}
],
"typedScopes": []
]
},
{
"name": "Role resource",
@ -24,8 +23,7 @@
{
"name": "urn:acme.com:scopes:role:view"
}
],
"typedScopes": []
]
},
{
"name": "User profile resource",
@ -38,8 +36,7 @@
{
"name": "urn:acme.com:scopes:userprofile:view"
}
],
"typedScopes": []
]
},
{
"name": "Account resource",
@ -49,8 +46,7 @@
{
"name": "urn:acme.com:scopes:account:manage"
}
],
"typedScopes": []
]
}
],
"policies": [

View file

@ -134,8 +134,7 @@
{
"name": "urn:photoz.com:scopes:profile:view"
}
],
"typedScopes": []
]
},
{
"name": "Album Resource",
@ -151,8 +150,7 @@
{
"name": "urn:photoz.com:scopes:album:delete"
}
],
"typedScopes": []
]
},
{
"name": "Admin Resources",
@ -162,8 +160,7 @@
{
"name": "urn:photoz.com:scopes:album:admin:manage"
}
],
"typedScopes": []
]
}
],
"policies": [

View file

@ -44,6 +44,7 @@ import org.keycloak.testsuite.console.page.fragment.ModalDialog;
import org.keycloak.testsuite.console.page.fragment.MultipleStringSelect2;
import org.keycloak.testsuite.console.page.fragment.SingleStringSelect2;
import org.keycloak.testsuite.page.Form;
import org.openqa.selenium.By;
import org.openqa.selenium.WebElement;
import org.openqa.selenium.support.FindBy;
import org.openqa.selenium.support.ui.Select;
@ -115,6 +116,7 @@ public class ScopePermissionForm extends Form {
resourceSelect.update(resources);
resourceScopeSelect.update(expected.getScopes());
} else {
driver.findElement(By.className("select2-search-choice-close")).click();
scopeSelect.update(expected.getScopes());
}

View file

@ -88,7 +88,7 @@ public class ScopePermissionManagementTest extends AbstractAuthorizationSettings
}
@Test
public void testCreateWithoutPolicies() throws InterruptedException {
public void testCreateWithoutPolicies() {
authorizationPage.navigateTo();
ScopePermissionRepresentation expected = new ScopePermissionRepresentation();
@ -105,7 +105,7 @@ public class ScopePermissionManagementTest extends AbstractAuthorizationSettings
}
@Test
public void testUpdateResourceScope() throws InterruptedException {
public void testUpdateResourceScope() {
authorizationPage.navigateTo();
ScopePermissionRepresentation expected = new ScopePermissionRepresentation();
@ -149,7 +149,32 @@ public class ScopePermissionManagementTest extends AbstractAuthorizationSettings
}
@Test
public void testUpdateScopeOnly() throws InterruptedException {
public void testUpdateWithoutResource() {
authorizationPage.navigateTo();
ScopePermissionRepresentation expected = new ScopePermissionRepresentation();
expected.setName("testUpdateWithoutResource Permission");
expected.setDescription("description");
expected.addResource("Resource A");
expected.addScope("Scope A");
expected.addPolicy("Policy C");
expected = createPermission(expected);
expected.getResources().clear();
expected.addScope("Scope B");
authorizationPage.navigateTo();
authorizationPage.authorizationTabs().permissions().update(expected.getName(), expected);
assertAlertSuccess();
authorizationPage.navigateTo();
ScopePermission actual = authorizationPage.authorizationTabs().permissions().name(expected.getName());
assertPolicy(expected, actual);
}
@Test
public void testUpdateScopeOnly() {
authorizationPage.navigateTo();
ScopePermissionRepresentation expected = new ScopePermissionRepresentation();
@ -180,7 +205,7 @@ public class ScopePermissionManagementTest extends AbstractAuthorizationSettings
}
@Test
public void testDelete() throws InterruptedException {
public void testDelete() {
authorizationPage.navigateTo();
ScopePermissionRepresentation expected = new ScopePermissionRepresentation();
@ -198,7 +223,7 @@ public class ScopePermissionManagementTest extends AbstractAuthorizationSettings
}
@Test
public void testDeleteFromList() throws InterruptedException {
public void testDeleteFromList() {
authorizationPage.navigateTo();
ScopePermissionRepresentation expected = new ScopePermissionRepresentation();

View file

@ -1292,7 +1292,7 @@ module.controller('ResourceServerPolicyScopeDetailCtrl', function($scope, $route
if ($scope.selectedResource != null) {
$scope.policy.resources = [$scope.selectedResource._id];
} else {
delete $scope.policy.resources;
$scope.policy.resources = [];
}
var scopes = [];