KEYCLOAK-4769 Add test for URI priority
This commit is contained in:
parent
5e57e84384
commit
9c0e7cb4a5
3 changed files with 49 additions and 0 deletions
|
@ -115,6 +115,11 @@
|
||||||
{
|
{
|
||||||
"name": "Pattern 11",
|
"name": "Pattern 11",
|
||||||
"typedScopes": []
|
"typedScopes": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "Pattern 12",
|
||||||
|
"uri": "/realm_uri",
|
||||||
|
"typedScopes": []
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"policies": [
|
"policies": [
|
||||||
|
@ -256,6 +261,16 @@
|
||||||
"resources": "[\"Pattern 11\"]",
|
"resources": "[\"Pattern 11\"]",
|
||||||
"applyPolicies": "[\"Default Policy\"]"
|
"applyPolicies": "[\"Default Policy\"]"
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "Pattern 12 Permission",
|
||||||
|
"type": "resource",
|
||||||
|
"logic": "POSITIVE",
|
||||||
|
"decisionStrategy": "UNANIMOUS",
|
||||||
|
"config": {
|
||||||
|
"resources": "[\"Pattern 12\"]",
|
||||||
|
"applyPolicies": "[\"Default Policy\"]"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"scopes": []
|
"scopes": []
|
||||||
|
|
|
@ -56,6 +56,10 @@
|
||||||
{
|
{
|
||||||
"name": "Pattern 11",
|
"name": "Pattern 11",
|
||||||
"path": "/api/{version}/{resource}"
|
"path": "/api/{version}/{resource}"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "Pattern 12",
|
||||||
|
"path": "/keycloak_json_uri"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -290,12 +290,14 @@ public abstract class AbstractServletPolicyEnforcerTest extends AbstractExampleA
|
||||||
login("alice", "alice");
|
login("alice", "alice");
|
||||||
|
|
||||||
navigateTo("/resource/a/i/b/c/d/e");
|
navigateTo("/resource/a/i/b/c/d/e");
|
||||||
|
assertFalse(wasDenied());
|
||||||
navigateTo("/resource/a/i/b/c/");
|
navigateTo("/resource/a/i/b/c/");
|
||||||
assertFalse(wasDenied());
|
assertFalse(wasDenied());
|
||||||
|
|
||||||
updatePermissionPolicies("Pattern 10 Permission", "Deny Policy");
|
updatePermissionPolicies("Pattern 10 Permission", "Deny Policy");
|
||||||
login("alice", "alice");
|
login("alice", "alice");
|
||||||
navigateTo("/resource/a/i/b/c/d/e");
|
navigateTo("/resource/a/i/b/c/d/e");
|
||||||
|
assertTrue(wasDenied());
|
||||||
navigateTo("/resource/a/i/b/c/d");
|
navigateTo("/resource/a/i/b/c/d");
|
||||||
assertTrue(wasDenied());
|
assertTrue(wasDenied());
|
||||||
|
|
||||||
|
@ -350,6 +352,34 @@ public abstract class AbstractServletPolicyEnforcerTest extends AbstractExampleA
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testPriorityOfURIForResource() {
|
||||||
|
performTests(() -> {
|
||||||
|
login("alice", "alice");
|
||||||
|
navigateTo("/realm_uri");
|
||||||
|
assertTrue(wasDenied());
|
||||||
|
navigateTo("/keycloak_json_uri");
|
||||||
|
assertFalse(wasDenied());
|
||||||
|
|
||||||
|
updatePermissionPolicies("Pattern 12 Permission", "Deny Policy");
|
||||||
|
|
||||||
|
login("alice", "alice");
|
||||||
|
navigateTo("/realm_uri");
|
||||||
|
assertTrue(wasDenied());
|
||||||
|
navigateTo("/keycloak_json_uri");
|
||||||
|
assertTrue(wasDenied());
|
||||||
|
|
||||||
|
updatePermissionPolicies("Pattern 12 Permission", "Default Policy");
|
||||||
|
|
||||||
|
login("alice", "alice");
|
||||||
|
navigateTo("/realm_uri");
|
||||||
|
assertTrue(wasDenied());
|
||||||
|
navigateTo("/keycloak_json_uri");
|
||||||
|
assertFalse(wasDenied());
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
private void navigateTo(String path) {
|
private void navigateTo(String path) {
|
||||||
this.driver.navigate().to(getResourceServerUrl() + path);
|
this.driver.navigate().to(getResourceServerUrl() + path);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue