KEYCLOAK-4769 Add test for URI priority

This commit is contained in:
mhajas 2017-04-26 08:32:40 +02:00
parent 5e57e84384
commit 9c0e7cb4a5
3 changed files with 49 additions and 0 deletions

View file

@ -115,6 +115,11 @@
{
"name": "Pattern 11",
"typedScopes": []
},
{
"name": "Pattern 12",
"uri": "/realm_uri",
"typedScopes": []
}
],
"policies": [
@ -256,6 +261,16 @@
"resources": "[\"Pattern 11\"]",
"applyPolicies": "[\"Default Policy\"]"
}
},
{
"name": "Pattern 12 Permission",
"type": "resource",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"resources": "[\"Pattern 12\"]",
"applyPolicies": "[\"Default Policy\"]"
}
}
],
"scopes": []

View file

@ -56,6 +56,10 @@
{
"name": "Pattern 11",
"path": "/api/{version}/{resource}"
},
{
"name": "Pattern 12",
"path": "/keycloak_json_uri"
}
]
}

View file

@ -290,12 +290,14 @@ public abstract class AbstractServletPolicyEnforcerTest extends AbstractExampleA
login("alice", "alice");
navigateTo("/resource/a/i/b/c/d/e");
assertFalse(wasDenied());
navigateTo("/resource/a/i/b/c/");
assertFalse(wasDenied());
updatePermissionPolicies("Pattern 10 Permission", "Deny Policy");
login("alice", "alice");
navigateTo("/resource/a/i/b/c/d/e");
assertTrue(wasDenied());
navigateTo("/resource/a/i/b/c/d");
assertTrue(wasDenied());
@ -350,6 +352,34 @@ public abstract class AbstractServletPolicyEnforcerTest extends AbstractExampleA
});
}
@Test
public void testPriorityOfURIForResource() {
performTests(() -> {
login("alice", "alice");
navigateTo("/realm_uri");
assertTrue(wasDenied());
navigateTo("/keycloak_json_uri");
assertFalse(wasDenied());
updatePermissionPolicies("Pattern 12 Permission", "Deny Policy");
login("alice", "alice");
navigateTo("/realm_uri");
assertTrue(wasDenied());
navigateTo("/keycloak_json_uri");
assertTrue(wasDenied());
updatePermissionPolicies("Pattern 12 Permission", "Default Policy");
login("alice", "alice");
navigateTo("/realm_uri");
assertTrue(wasDenied());
navigateTo("/keycloak_json_uri");
assertFalse(wasDenied());
});
}
private void navigateTo(String path) {
this.driver.navigate().to(getResourceServerUrl() + path);
}