KEYCLOAK-4769 Add test for URI priority

This commit is contained in:
mhajas 2017-04-26 08:32:40 +02:00
parent 5e57e84384
commit 9c0e7cb4a5
3 changed files with 49 additions and 0 deletions

View file

@ -115,6 +115,11 @@
{ {
"name": "Pattern 11", "name": "Pattern 11",
"typedScopes": [] "typedScopes": []
},
{
"name": "Pattern 12",
"uri": "/realm_uri",
"typedScopes": []
} }
], ],
"policies": [ "policies": [
@ -256,6 +261,16 @@
"resources": "[\"Pattern 11\"]", "resources": "[\"Pattern 11\"]",
"applyPolicies": "[\"Default Policy\"]" "applyPolicies": "[\"Default Policy\"]"
} }
},
{
"name": "Pattern 12 Permission",
"type": "resource",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"resources": "[\"Pattern 12\"]",
"applyPolicies": "[\"Default Policy\"]"
}
} }
], ],
"scopes": [] "scopes": []

View file

@ -56,6 +56,10 @@
{ {
"name": "Pattern 11", "name": "Pattern 11",
"path": "/api/{version}/{resource}" "path": "/api/{version}/{resource}"
},
{
"name": "Pattern 12",
"path": "/keycloak_json_uri"
} }
] ]
} }

View file

@ -290,12 +290,14 @@ public abstract class AbstractServletPolicyEnforcerTest extends AbstractExampleA
login("alice", "alice"); login("alice", "alice");
navigateTo("/resource/a/i/b/c/d/e"); navigateTo("/resource/a/i/b/c/d/e");
assertFalse(wasDenied());
navigateTo("/resource/a/i/b/c/"); navigateTo("/resource/a/i/b/c/");
assertFalse(wasDenied()); assertFalse(wasDenied());
updatePermissionPolicies("Pattern 10 Permission", "Deny Policy"); updatePermissionPolicies("Pattern 10 Permission", "Deny Policy");
login("alice", "alice"); login("alice", "alice");
navigateTo("/resource/a/i/b/c/d/e"); navigateTo("/resource/a/i/b/c/d/e");
assertTrue(wasDenied());
navigateTo("/resource/a/i/b/c/d"); navigateTo("/resource/a/i/b/c/d");
assertTrue(wasDenied()); assertTrue(wasDenied());
@ -350,6 +352,34 @@ public abstract class AbstractServletPolicyEnforcerTest extends AbstractExampleA
}); });
} }
@Test
public void testPriorityOfURIForResource() {
performTests(() -> {
login("alice", "alice");
navigateTo("/realm_uri");
assertTrue(wasDenied());
navigateTo("/keycloak_json_uri");
assertFalse(wasDenied());
updatePermissionPolicies("Pattern 12 Permission", "Deny Policy");
login("alice", "alice");
navigateTo("/realm_uri");
assertTrue(wasDenied());
navigateTo("/keycloak_json_uri");
assertTrue(wasDenied());
updatePermissionPolicies("Pattern 12 Permission", "Default Policy");
login("alice", "alice");
navigateTo("/realm_uri");
assertTrue(wasDenied());
navigateTo("/keycloak_json_uri");
assertFalse(wasDenied());
});
}
private void navigateTo(String path) { private void navigateTo(String path) {
this.driver.navigate().to(getResourceServerUrl() + path); this.driver.navigate().to(getResourceServerUrl() + path);
} }