libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-6644 PhotozExampleAdapterTest is not stable

Browse source
This commit is contained in:
vramik 2018-03-02 18:03:54 +01:00
parent 569f26776e
commit 9d10ccef70
15 changed files with 661 additions and 603 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
testsuite/integration-arquillian/test-apps/photoz/photoz-html5-client/src/main/webapp/index.html
View file

@ -31,6 +31,7 @@
<div id="content" ng-view/>
</div>
<div style="display: none;" id="bearer"></div>
<pre style="background-color: #ddd; border: 1px solid #ccc; padding: 10px;" id="output"></pre>
</body>

2
testsuite/integration-arquillian/test-apps/photoz/photoz-html5-client/src/main/webapp/js/app.js
View file

@ -166,8 +166,10 @@ module.factory('authInterceptor', function ($q, $injector, $timeout, Identity) {
if (Identity.authorization && Identity.authorization.rpt && request.url.indexOf('/authorize') == -1) {
retries = 0;
request.headers.Authorization = 'Bearer ' + Identity.authorization.rpt;
document.getElementById("bearer").innerHTML = 'rpt: Bearer ' + Identity.authorization.rpt;
} else {
request.headers.Authorization = 'Bearer ' + Identity.authc.token;
document.getElementById("bearer").innerHTML = 'authc: Bearer ' + Identity.authc.token;
}
return request;
},

55
testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/album/AlbumService.java
View file

@ -3,19 +3,14 @@ package org.keycloak.example.photoz.album;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.authorization.client.AuthzClient;
import org.keycloak.authorization.client.ClientAuthorizationContext;
import org.keycloak.authorization.client.Configuration;
import org.keycloak.authorization.client.representation.ResourceRepresentation;
import org.keycloak.authorization.client.representation.ScopeRepresentation;
import org.keycloak.authorization.client.resource.ProtectionResource;
import org.keycloak.example.photoz.ErrorResponse;
import org.keycloak.example.photoz.entity.Album;
import org.keycloak.example.photoz.util.Transaction;
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.keycloak.util.JsonSerialization;
import javax.inject.Inject;
import javax.persistence.EntityManager;
import javax.persistence.Query;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
@ -28,16 +23,16 @@ import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import java.security.Principal;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.ws.rs.core.HttpHeaders;
import org.jboss.logging.Logger;
@Path("/album")
@Transaction
public class AlbumService {
private static volatile long nextId = 0;
private final Logger log = Logger.getLogger(AlbumService.class);
public static final String SCOPE_ALBUM_VIEW = "album:view";
public static final String SCOPE_ALBUM_DELETE = "album:delete";
@ -50,33 +45,35 @@ public class AlbumService {
@POST
@Consumes("application/json")
public Response create(Album newAlbum, @QueryParam("user") String username) {
newAlbum.setId(++nextId);
public Response create(Album newAlbum, @QueryParam("user") String invalidUser, @Context HttpHeaders headers) {
printAuthHeaders(headers);
if (username == null) {
username = request.getUserPrincipal().getName();
String userId = request.getUserPrincipal().getName();
if (invalidUser != null) {
userId = invalidUser;
}
newAlbum.setUserId(username);
Query queryDuplicatedAlbum = this.entityManager.createQuery("from Album where name = :name and userId = :userId");
queryDuplicatedAlbum.setParameter("name", newAlbum.getName());
queryDuplicatedAlbum.setParameter("userId", username);
if (!queryDuplicatedAlbum.getResultList().isEmpty()) {
throw new ErrorResponse("Name [" + newAlbum.getName() + "] already taken. Choose another one.", Status.CONFLICT);
}
this.entityManager.persist(newAlbum);
newAlbum.setUserId(userId);
log.debug("PERSISTING " + newAlbum);
entityManager.persist(newAlbum);
try {
createProtectedResource(newAlbum);
} catch (RuntimeException e) {
log.debug("ERROR " + e);
entityManager.remove(newAlbum);
throw e;
}
return Response.ok(newAlbum).build();
}
@Path("{id}")
@DELETE
public Response delete(@PathParam("id") String id) {
public Response delete(@PathParam("id") String id, @Context HttpHeaders headers) {
printAuthHeaders(headers);
Album album = this.entityManager.find(Album.class, Long.valueOf(id));
try {
@ -113,6 +110,7 @@ public class AlbumService {
}
private void createProtectedResource(Album album) {
log.debug("Creating ProtectedResource for " + album);
try {
HashSet<ScopeRepresentation> scopes = new HashSet<>();
@ -145,7 +143,7 @@ public class AlbumService {
}
protection.resource().delete(search.get(0).getId());
} catch (Exception e) {
} catch (RuntimeException e) {
throw new RuntimeException("Could not search protected resource.", e);
}
}
@ -161,4 +159,11 @@ public class AlbumService {
private KeycloakSecurityContext getKeycloakSecurityContext() {
return KeycloakSecurityContext.class.cast(request.getAttribute(KeycloakSecurityContext.class.getName()));
}
private void printAuthHeaders(HttpHeaders headers) {
log.debug("-----------------Authorization headers--------------------------");
for (String authHeader : headers.getRequestHeader(HttpHeaders.AUTHORIZATION)) {
log.debug(authHeader);
}
}
}

15
testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/entity/Album.java
View file

@ -17,24 +17,30 @@
*/
package org.keycloak.example.photoz.entity;
import java.io.Serializable;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.OneToMany;
import javax.persistence.GenerationType;
import javax.persistence.Transient;
import java.util.ArrayList;
import java.util.List;
import javax.persistence.Table;
import javax.persistence.UniqueConstraint;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
@Entity
public class Album {
@Table(uniqueConstraints = {
@UniqueConstraint(columnNames = {"name", "userId"})
})
public class Album implements Serializable {
@Id
@GeneratedValue
private Long id;
@Column(nullable = false)
@ -88,4 +94,9 @@ public class Album {
public void setUserManaged(boolean userManaged) {
this.userManaged = userManaged;
}
@Override
public String toString() {
return "Album{" + "id=" + id + ", name=" + name + ", userId=" + userId + '}';
}
}

3
testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/entity/Photo.java
View file

@ -17,6 +17,7 @@
*/
package org.keycloak.example.photoz.entity;
import java.io.Serializable;
import javax.persistence.Basic;
import javax.persistence.Column;
import javax.persistence.Entity;
@ -30,7 +31,7 @@ import javax.persistence.ManyToOne;
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
@Entity
public class Photo {
public class Photo implements Serializable {
@Id
@GeneratedValue

54
testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/unsecured/UnsecuredService.java Normal file
View file

@ -0,0 +1,54 @@
/*
* Copyright 2018 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.example.photoz.unsecured;
import javax.inject.Inject;
import javax.persistence.EntityManager;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import javax.ws.rs.GET;
import org.jboss.logging.Logger;
/**
* Service used to ensure there is clean DB before test
*
* @author <a href="mailto:vramik@redhat.com">Vlastislav Ramik</a>
*/
@Path("/unsecured/clean")
public class UnsecuredService {
private final Logger log = Logger.getLogger(UnsecuredService.class);
@Inject
private EntityManager entityManager;
@GET
@Produces("application/json")
public Response cleanAll() {
int deletedAlbums = entityManager.createQuery("delete from Album").executeUpdate();
int deletedPhotos = entityManager.createQuery("delete from Photo").executeUpdate();
if (deletedAlbums != 0 || deletedPhotos != 0) {
log.warnf("Database was not empty. Deleted {0} Albums, {1} Photos", deletedAlbums, deletedPhotos);
} else {
log.debug("Database was clean before test");
}
return Response.ok().build();
}
}

2
testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/util/TransactionInterceptor.java
View file

@ -35,7 +35,7 @@ public class TransactionInterceptor {
private Instance<EntityManager> entityManager;
@AroundInvoke
public Object aroundInvoke(InvocationContext context) {
public Object aroundInvoke(InvocationContext context) throws Exception {
EntityManager entityManager = this.entityManager.get();
EntityTransaction transaction = entityManager.getTransaction();

4
testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/resources/META-INF/persistence.xml
View file

@ -15,8 +15,8 @@
<property name="hibernate.connection.driver_class" value="org.h2.Driver" />
<property name="hibernate.connection.url" value="jdbc:h2:mem:test-keycloak-photoz-example" />
<property name="hibernate.connection.user" value="sa" />
<property name="hibernate.flushMode" value="FLUSH_AUTO" />
<property name="hibernate.hbm2ddl.auto" value="update" />
<property name="hibernate.flushMode" value="COMMIT" />
<property name="hibernate.hbm2ddl.auto" value="create-drop" />
<property name="hibernate.show_sql" value="false" />
</properties>
</persistence-unit>

0
testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/resources/META-INF/beans.xml → testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/webapp/WEB-INF/beans.xml
View file

6
testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/webapp/WEB-INF/web.xml
View file

@ -25,6 +25,12 @@
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Unsecured</web-resource-name>
<url-pattern>/unsecured/*</url-pattern>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>KEYCLOAK</auth-method>

164
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/PhotozClientAuthzTestApp.java
View file

@ -27,10 +27,11 @@ import org.keycloak.testsuite.util.URLUtils;
import org.openqa.selenium.By;
import org.openqa.selenium.WebElement;
import org.openqa.selenium.support.FindBy;
import org.openqa.selenium.support.ui.Select;
import java.net.URL;
import static org.hamcrest.Matchers.containsString;
import static org.junit.Assert.assertThat;
import static org.keycloak.testsuite.util.WaitUtils.pause;
import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement;
@ -82,12 +83,26 @@ public class PhotozClientAuthzTestApp extends AbstractPageWithInjectedUrl {
}
public void createAlbum(String name, String buttonId) {
log.debugf("Creating album {0} with buttonId: {1}", name, buttonId);
navigateTo();
this.driver.findElement(By.id("create-album")).click();
Form.setInputValue(this.driver.findElement(By.id("album.name")), name);
WebElement createAlbum = driver.findElement(By.id("create-album"));
waitUntilElement(createAlbum).is().clickable();
createAlbum.click();
WebElement albumNameInput = driver.findElement(By.id("album.name"));
waitUntilElement(albumNameInput).is().present();
Form.setInputValue(albumNameInput, name);
pause(200); // We need to wait a bit for the form to "accept" the input (otherwise it registers the input as empty)
this.driver.findElement(By.id(buttonId)).click();
waitUntilElement(albumNameInput).attribute(Form.VALUE).contains(name);
WebElement button = driver.findElement(By.id(buttonId));
waitUntilElement(button).is().clickable();
button.click();
pause(WAIT_AFTER_OPERATION);
if (buttonId.equals("save-album-invalid")) {
waitForPageToLoad();
assertThat(driver.getPageSource(), containsString("Could not register protected resource."));
} else {
waitUntilElement(albumNameInput).is().not().present();
}
}
public void createAlbumWithInvalidUser(String name) {
@ -99,32 +114,51 @@ public class PhotozClientAuthzTestApp extends AbstractPageWithInjectedUrl {
return this.url;
}
public void deleteAlbum(String name) {
driver.findElements(By.xpath("//a[text()='" + name + "']/following-sibling::a[text()='X']")).forEach(WebElement::click);
public void deleteAlbum(String name, boolean shouldBeDenied) {
log.debugf("Deleting album {0}", name);
WebElement delete = driver.findElement(By.id("delete-" + name));
waitUntilElement(delete).is().clickable();
delete.click();
pause(WAIT_AFTER_OPERATION);
if (shouldBeDenied) {
waitForDenial();
} else {
waitUntilElement(delete).is().not().present();
}
}
public void navigateToAdminAlbum() {
public void navigateToAdminAlbum(boolean shouldBeDenied) {
log.debug("Navigating to Admin Album");
URLUtils.navigateToUri(toString() + "/#/admin/album", true);
driver.navigate().refresh(); // This is sometimes necessary for loading the new policy settings
waitForPageToLoad();
pause(WAIT_AFTER_OPERATION);
if (shouldBeDenied) {
waitForDenial();
} else {
waitUntilElement(output).text().equalTo("");
}
}
public void logOut() {
waitUntilElement(signOutButton); // Sometimes doesn't work in PhantomJS!
waitUntilElement(signOutButton).is().clickable(); // Sometimes doesn't work in PhantomJS!
signOutButton.click();
pause(WAIT_AFTER_OPERATION);
}
public void requestEntitlement() {
waitUntilElement(entitlement).is().clickable();
entitlement.click();
waitForPageToLoad();
pause(WAIT_AFTER_OPERATION);
pause(WAIT_AFTER_OPERATION);
}
public void requestEntitlements() {
waitUntilElement(entitlements).is().clickable();
entitlements.click();
waitForPageToLoad();
pause(WAIT_AFTER_OPERATION);
pause(WAIT_AFTER_OPERATION);
}
@ -168,6 +202,7 @@ public class PhotozClientAuthzTestApp extends AbstractPageWithInjectedUrl {
}
this.loginPage.form().login(username, password);
waitForPageToLoad();//guess
// simple check if we are at the consent page, if so just click 'Yes'
if (this.consentPage.isCurrent()) {
@ -177,12 +212,8 @@ public class PhotozClientAuthzTestApp extends AbstractPageWithInjectedUrl {
pause(WAIT_AFTER_OPERATION);
}
public boolean wasDenied() {
return this.driver.findElement(By.id("output")).getText().contains("You can not access");
}
public void viewAlbum(String name) throws InterruptedException {
viewAlbum(name, true);
private void waitForDenial() {
waitUntilElement(output).text().contains("You can not access");
}
public void viewAllAlbums() {
@ -190,83 +221,130 @@ public class PhotozClientAuthzTestApp extends AbstractPageWithInjectedUrl {
pause(WAIT_AFTER_OPERATION);
}
public void viewAlbum(String name, boolean refresh) throws InterruptedException {
this.driver.findElement(By.xpath("//a[text() = '" + name + "']")).click();
public void viewAlbum(String name, boolean shouldBeDenied) {
WebElement viewalbum = driver.findElement(By.xpath("//a[text() = '" + name + "']"));
waitUntilElement(viewalbum).is().clickable();
viewalbum.click();
waitForPageToLoad();
if (refresh) {
if (shouldBeDenied) waitForDenial();
driver.navigate().refresh(); // This is sometimes necessary for loading the new policy settings
}
waitForPageToLoad();
pause(WAIT_AFTER_OPERATION);
}
public void accountPage() throws InterruptedException {
public void accountPage() {
navigateTo();
this.driver.findElement(By.id("my-account")).click();
WebElement myAccount = driver.findElement(By.id("my-account"));
waitUntilElement(myAccount).is().clickable();
myAccount.click();
waitForPageToLoad();
pause(WAIT_AFTER_OPERATION);
}
public void accountMyResources() throws InterruptedException {
public void accountMyResources() {
accountPage();
this.driver.findElement(By.xpath("//a[text() = 'My Resources']")).click();
WebElement myResources = driver.findElement(By.xpath("//a[text() = 'My Resources']"));
waitUntilElement(myResources).is().clickable();
myResources.click();
waitForPageToLoad();
pause(WAIT_AFTER_OPERATION);
}
public void accountMyResource(String name) throws InterruptedException {
public void accountMyResource(String name) {
accountMyResources();
this.driver.findElement(By.id("detail-" + name)).click();
WebElement myResource = driver.findElement(By.id("detail-" + name));
waitUntilElement(myResource).is().clickable();
myResource.click();
waitForPageToLoad();
pause(WAIT_AFTER_OPERATION);
}
public void accountGrantResource(String name, String requester) throws InterruptedException {
public void accountGrantResource(String name, String requester) {
accountMyResources();
this.driver.findElement(By.id("grant-" + name + "-" + requester)).click();
WebElement grantResource = driver.findElement(By.id("grant-" + name + "-" + requester));
waitUntilElement(grantResource).is().clickable();
grantResource.click();
waitForPageToLoad();
pause(WAIT_AFTER_OPERATION);
}
public void accountGrantRemoveScope(String name, String requester, String scope) throws InterruptedException {
public void accountGrantRemoveScope(String name, String requester, String scope) {
accountMyResources();
this.driver.findElement(By.id("grant-remove-scope-" + name + "-" + requester + "-" + scope)).click();
WebElement grantRemoveScope = driver.findElement(By.id("grant-remove-scope-" + name + "-" + requester + "-" + scope));
waitUntilElement(grantRemoveScope).is().clickable();
grantRemoveScope.click();
waitForPageToLoad();
pause(WAIT_AFTER_OPERATION);
}
public void accountRevokeResource(String name, String requester) throws InterruptedException {
public void accountRevokeResource(String name, String requester) {
accountMyResource(name);
this.driver.findElement(By.id("revoke-" + name + "-" + requester)).click();
WebElement revokeResource = driver.findElement(By.id("revoke-" + name + "-" + requester));
waitUntilElement(revokeResource).is().clickable();
revokeResource.click();
waitForPageToLoad();
pause(WAIT_AFTER_OPERATION);
}
public void accountShareResource(String name, String user) throws InterruptedException {
public void accountShareResource(String name, String user) {
accountMyResource(name);
this.driver.findElement(By.id("user_id")).sendKeys(user);
this.driver.findElement(By.id("share-button")).click();
WebElement userIdInput = driver.findElement(By.id("user_id"));
Form.setInputValue(userIdInput, user);
pause(200); // We need to wait a bit for the form to "accept" the input (otherwise it registers the input as empty)
waitUntilElement(userIdInput).attribute(Form.VALUE).contains(user);
WebElement shareButton = driver.findElement(By.id("share-button"));
waitUntilElement(shareButton).is().clickable();
shareButton.click();
waitForPageToLoad();
pause(WAIT_AFTER_OPERATION);
}
public void accountShareRemoveScope(String name, String user, String scope) throws InterruptedException {
public void accountShareRemoveScope(String name, String user, String scope) {
accountMyResource(name);
this.driver.findElement(By.id("user_id")).sendKeys(user);
this.driver.findElement(By.id("share-remove-scope-" + name + "-" + scope)).click();
this.driver.findElement(By.id("share-button")).click();
WebElement userIdInput = driver.findElement(By.id("user_id"));
Form.setInputValue(userIdInput, user);
pause(200); // We need to wait a bit for the form to "accept" the input (otherwise it registers the input as empty)
waitUntilElement(userIdInput).attribute(Form.VALUE).contains(user);
WebElement shareRemoveScope = driver.findElement(By.id("share-remove-scope-" + name + "-" + scope));
waitUntilElement(shareRemoveScope).is().clickable();
shareRemoveScope.click();
waitForPageToLoad();
WebElement shareButton = driver.findElement(By.id("share-button"));
waitUntilElement(shareButton).is().clickable();
shareButton.click();
waitForPageToLoad();
pause(WAIT_AFTER_OPERATION);
}
public void accountDenyResource(String name) throws InterruptedException {
public void accountDenyResource(String name) {
accountMyResource(name);
this.driver.findElement(By.xpath("//a[text() = 'Deny']")).click();
WebElement denyLink = driver.findElement(By.linkText("Deny"));
waitUntilElement(denyLink).is().clickable();
denyLink.click();
waitForPageToLoad();
pause(WAIT_AFTER_OPERATION);
}
public void requestResourceProtectedAnyScope() throws InterruptedException {
public void requestResourceProtectedAnyScope(boolean shouldBeDenied) {
navigateTo();
this.driver.findElement(By.id("requestPathWithAnyProtectedScope")).click();
WebElement requestPathWithAnyProtectedScope = driver.findElement(By.id("requestPathWithAnyProtectedScope"));
waitUntilElement(requestPathWithAnyProtectedScope).is().clickable();
requestPathWithAnyProtectedScope.click();
if (shouldBeDenied) waitForDenial();
pause(WAIT_AFTER_OPERATION);
}
public void requestResourceProtectedAllScope() throws InterruptedException {
public void requestResourceProtectedAllScope(boolean shouldBeDenied) {
navigateTo();
this.driver.findElement(By.id("requestPathWithAllProtectedScope")).click();
WebElement requestPathWithAllProtectedScope = driver.findElement(By.id("requestPathWithAllProtectedScope"));
waitUntilElement(requestPathWithAllProtectedScope).is().clickable();
requestPathWithAllProtectedScope.click();
if (shouldBeDenied) waitForDenial();
pause(WAIT_AFTER_OPERATION);
}

483
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java
View file

@ -16,7 +16,11 @@
*/
package org.keycloak.testsuite.adapter.example.authorization;
import static org.hamcrest.Matchers.empty;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.not;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;
import static org.keycloak.testsuite.util.IOUtil.loadJson;
import static org.keycloak.testsuite.util.IOUtil.loadRealm;
@ -31,14 +35,18 @@ import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.LaxRedirectStrategy;
import org.jboss.arquillian.container.test.api.Deployer;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.After;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
@ -68,7 +76,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
private static final String REALM_NAME = "photoz";
private static final String RESOURCE_SERVER_ID = "photoz-restful-api";
private static int TOKEN_LIFESPAN_LEEWAY = 3; // seconds
private static final int TOKEN_LIFESPAN_LEEWAY = 3; // seconds
@ArquillianResource
private Deployer deployer;
@ -86,8 +94,19 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
public static void enabled() { ProfileAssume.assumePreview(); }
@Before
public void beforePhotozExampleAdapterTest() throws FileNotFoundException {
public void beforePhotozExampleAdapterTest() throws Exception {
deleteAllCookiesForClientPage();
this.deployer.deploy(RESOURCE_SERVER_ID);
try (CloseableHttpClient httpClient = HttpClientBuilder.create().setRedirectStrategy(new LaxRedirectStrategy()).build()) {
HttpGet request = new HttpGet(clientPage.toString() + "/unsecured/clean");
httpClient.execute(request).close();
}
}
@After
public void afterPhotozExampleAdapterTest() {
this.deployer.undeploy(RESOURCE_SERVER_ID);
}
@Override
@ -115,109 +134,102 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
importResourceServerSettings();
}
private List<ResourceRepresentation> getResourcesOfUser(String username) throws FileNotFoundException {
return getAuthorizationResource().resources().resources().stream().filter(resource -> resource.getOwner().getName().equals(username)).collect(Collectors.toList());
}
private void printUpdatedPolicies() throws FileNotFoundException {
log.debug("Check updated policies");
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
log.debugf("Policy: {0}", policy.getName());
for (String key : policy.getConfig().keySet()) {
log.debugf("-- key: {0}, value: {1}", key, policy.getConfig().get(key));
}
}
log.debug("------------------------------");
}
@Test
public void testUserCanCreateAndDeleteAlbum() throws Exception {
try {
this.deployer.deploy(RESOURCE_SERVER_ID);
loginToClientPage("alice", "alice");
this.clientPage.createAlbum("Alice Family Album");
List<ResourceRepresentation> resources = getAuthorizationResource().resources().resources();
assertFalse(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
clientPage.createAlbum("Alice Family Album");
log.debug("Check if alice has resources stored");
assertThat(getResourcesOfUser("alice"), is(not(empty())));
this.clientPage.deleteAlbum("Alice Family Album");
resources = getAuthorizationResource().resources().resources();
assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
} finally {
this.deployer.undeploy(RESOURCE_SERVER_ID);
}
clientPage.deleteAlbum("Alice Family Album", false);
log.debug("Check if alice has resources deleted");
assertThat(getResourcesOfUser("alice"), is(empty()));
}
@Test
public void createAlbumWithInvalidUser() throws Exception {
try {
this.deployer.deploy(RESOURCE_SERVER_ID);
loginToClientPage("alice", "alice");
clientPage.createAlbumWithInvalidUser("Alice Family Album");
log.debug("Check if the album was not created.");
waitUntilElement(clientPage.getOutput()).text().not().contains("Request was successful");
waitUntilElement(clientPage.getOutput()).text().contains("Could not register protected resource");
} finally {
this.deployer.undeploy(RESOURCE_SERVER_ID);
}
}
@Test
public void testOnlyOwnerCanDeleteAlbum() throws Exception {
try {
this.deployer.deploy(RESOURCE_SERVER_ID);
loginToClientPage("alice", "alice");
this.clientPage.createAlbum("Alice-Family-Album");
clientPage.createAlbum("Alice-Family-Album");
loginToClientPage("admin", "admin");
this.clientPage.navigateToAdminAlbum();
clientPage.navigateToAdminAlbum(false);
List<ResourceRepresentation> resources = getAuthorizationResource().resources().resources();
assertFalse(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
log.debug("Check if alice has resources stored");
assertThat(getResourcesOfUser("alice"), is(not(empty())));
log.debug("Adding applyPolicies \"Only Owner Policy\" to \"Delete Album Permission\" policies.");
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
if ("Delete Album Permission".equals(policy.getName())) {
policy.getConfig().put("applyPolicies", "[\"Only Owner Policy\"]");
getAuthorizationResource().policies().policy(policy.getId()).update(policy);
}
}
printUpdatedPolicies();
loginToClientPage("admin", "admin");
this.clientPage.navigateToAdminAlbum();
this.clientPage.deleteAlbum("Alice-Family-Album");
assertTrue(this.clientPage.wasDenied());
resources = getAuthorizationResource().resources().resources();
assertFalse(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
clientPage.navigateToAdminAlbum(false);
clientPage.deleteAlbum("Alice-Family-Album", true);
log.debug("Check if alice has resources stored");
assertThat(getResourcesOfUser("alice"), is(not(empty())));
log.debug("Adding applyPolicies \"Only Owner and Administrators Policy\" to \"Delete Album Permission\" policies.");
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
if ("Delete Album Permission".equals(policy.getName())) {
policy.getConfig().put("applyPolicies", "[\"Only Owner and Administrators Policy\"]");
getAuthorizationResource().policies().policy(policy.getId()).update(policy);
}
}
printUpdatedPolicies();
this.clientPage.navigateToAdminAlbum();
this.clientPage.deleteAlbum("Alice-Family-Album");
assertFalse(this.clientPage.wasDenied());
resources = getAuthorizationResource().resources().resources();
assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
} finally {
this.deployer.undeploy(RESOURCE_SERVER_ID);
}
clientPage.navigateToAdminAlbum(false);
clientPage.deleteAlbum("Alice-Family-Album", false);
log.debug("Check if alice has resources deleted");
assertThat(getResourcesOfUser("alice"), is(empty()));
}
@Test
public void testRegularUserCanNotAccessAdminResources() throws Exception {
try {
this.deployer.deploy(RESOURCE_SERVER_ID);
loginToClientPage("alice", "alice");
this.clientPage.navigateToAdminAlbum();
assertTrue(this.clientPage.wasDenied());
} finally {
this.deployer.undeploy(RESOURCE_SERVER_ID);
}
clientPage.navigateToAdminAlbum(true);
}
@Test
public void testAdminOnlyFromSpecificAddress() throws Exception {
try {
this.deployer.deploy(RESOURCE_SERVER_ID);
loginToClientPage("admin", "admin");
this.clientPage.navigateToAdminAlbum();
assertFalse(this.clientPage.wasDenied());
clientPage.navigateToAdminAlbum(false);
log.debug("Changing codes \"127.0.0.1\" to \"127.3.3.3\" of \"Only From a Specific Client Address\" policies.");
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
if ("Only From a Specific Client Address".equals(policy.getName())) {
String code = policy.getConfig().get("code");
@ -225,28 +237,20 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
getAuthorizationResource().policies().policy(policy.getId()).update(policy);
}
}
printUpdatedPolicies();
this.clientPage.navigateToAdminAlbum();
assertTrue(this.clientPage.wasDenied());
} finally {
this.deployer.undeploy(RESOURCE_SERVER_ID);
}
clientPage.navigateToAdminAlbum(true);
}
@Test
public void testAdminWithoutPermissionsToTypedResource() throws Exception {
try {
this.deployer.deploy(RESOURCE_SERVER_ID);
loginToClientPage("alice", "alice");
this.clientPage.createAlbum("Alice Family Album");
clientPage.createAlbum("Alice Family Album");
loginToClientPage("admin", "admin");
this.clientPage.navigateToAdminAlbum();
assertFalse(this.clientPage.wasDenied());
clientPage.navigateToAdminAlbum(false);
this.clientPage.viewAlbum("Alice Family Album");
assertFalse(this.clientPage.wasDenied());
clientPage.viewAlbum("Alice Family Album", false);
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
if ("Album Resource Permission".equals(policy.getName())) {
@ -259,22 +263,17 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
RoleRepresentation roleRepresentation = manageAlbumRole.toRepresentation();
List<Map> roles = JsonSerialization.readValue(policy.getConfig().get("roles"), List.class);
roles = roles.stream().filter(new Predicate<Map>() {
@Override
public boolean test(Map map) {
return !map.get("id").equals(roleRepresentation.getId());
}
}).collect(Collectors.toList());
roles = roles.stream().filter((Map map) -> !map.get("id").equals(roleRepresentation.getId())).collect(Collectors.toList());
policy.getConfig().put("roles", JsonSerialization.writeValueAsString(roles));
getAuthorizationResource().policies().policy(policy.getId()).update(policy);
}
}
printUpdatedPolicies();
this.clientPage.navigateToAdminAlbum();
this.clientPage.viewAlbum("Alice Family Album");
assertTrue(this.clientPage.wasDenied());
clientPage.navigateToAdminAlbum(false);
clientPage.viewAlbum("Alice Family Album", true);
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
if ("Album Resource Permission".equals(policy.getName())) {
@ -282,36 +281,26 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
getAuthorizationResource().policies().policy(policy.getId()).update(policy);
}
}
printUpdatedPolicies();
this.clientPage.navigateToAdminAlbum();
this.clientPage.viewAlbum("Alice Family Album");
assertFalse(this.clientPage.wasDenied());
clientPage.navigateToAdminAlbum(false);
clientPage.viewAlbum("Alice Family Album", false);
this.clientPage.navigateToAdminAlbum();
this.clientPage.deleteAlbum("Alice Family Album");
List<ResourceRepresentation> resources = getAuthorizationResource().resources().resources();
assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
} finally {
this.deployer.undeploy(RESOURCE_SERVER_ID);
}
clientPage.navigateToAdminAlbum(false);
clientPage.deleteAlbum("Alice Family Album", false);
assertThat(getResourcesOfUser("alice"), is(empty()));
}
@Test
public void testAdminWithoutPermissionsToDeleteAlbum() throws Exception {
try {
this.deployer.deploy(RESOURCE_SERVER_ID);
loginToClientPage("alice", "alice");
this.clientPage.createAlbum("Alice Family Album");
clientPage.createAlbum("Alice Family Album");
loginToClientPage("admin", "admin");
this.clientPage.navigateToAdminAlbum();
assertFalse(this.clientPage.wasDenied());
clientPage.navigateToAdminAlbum(false);
this.clientPage.deleteAlbum("Alice Family Album");
assertFalse(this.clientPage.wasDenied());
List<ResourceRepresentation> resources = getAuthorizationResource().resources().resources();
assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
clientPage.deleteAlbum("Alice Family Album", false);
assertThat(getResourcesOfUser("alice"), is(empty()));
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
if ("Delete Album Permission".equals(policy.getName())) {
@ -319,20 +308,18 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
getAuthorizationResource().policies().policy(policy.getId()).update(policy);
}
}
printUpdatedPolicies();
loginToClientPage("alice", "alice");
this.clientPage.createAlbum("Alice Family Album");
clientPage.createAlbum("Alice Family Album");
loginToClientPage("admin", "admin");
this.clientPage.navigateToAdminAlbum();
this.clientPage.viewAlbum("Alice Family Album");
assertFalse(this.clientPage.wasDenied());
resources = getAuthorizationResource().resources().resources();
assertFalse(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
clientPage.navigateToAdminAlbum(false);
clientPage.viewAlbum("Alice Family Album", false);
assertThat(getResourcesOfUser("alice"), is(not(empty())));
this.clientPage.navigateToAdminAlbum();
this.clientPage.deleteAlbum("Alice Family Album");
assertTrue(this.clientPage.wasDenied());
clientPage.navigateToAdminAlbum(false);
clientPage.deleteAlbum("Alice Family Album", true);
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
if ("Delete Album Permission".equals(policy.getName())) {
@ -340,27 +327,18 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
getAuthorizationResource().policies().policy(policy.getId()).update(policy);
}
}
printUpdatedPolicies();
this.clientPage.navigateToAdminAlbum();
this.clientPage.deleteAlbum("Alice Family Album");
assertFalse(this.clientPage.wasDenied());
resources = getAuthorizationResource().resources().resources();
assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
} finally {
this.deployer.undeploy(RESOURCE_SERVER_ID);
}
clientPage.navigateToAdminAlbum(false);
clientPage.deleteAlbum("Alice Family Album", false);
assertThat(getResourcesOfUser("alice"), is(empty()));
}
@Test
public void testClientRoleRepresentingUserConsent() throws Exception {
try {
this.deployer.deploy(RESOURCE_SERVER_ID);
loginToClientPage("alice", "alice");
assertFalse(this.clientPage.wasDenied());
this.clientPage.createAlbum("Alice Family Album");
this.clientPage.viewAlbum("Alice Family Album");
assertFalse(this.clientPage.wasDenied());
clientPage.createAlbum("Alice Family Album");
clientPage.viewAlbum("Alice Family Album", false);
UsersResource usersResource = realmsResouce().realm(REALM_NAME).users();
List<UserRepresentation> users = usersResource.search("alice", null, null, null, null, null);
@ -383,29 +361,18 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
roleResource.update(roleRepresentation);
loginToClientPage("alice", "alice");
this.clientPage.viewAlbum("Alice Family Album");
assertTrue(this.clientPage.wasDenied());
clientPage.viewAlbum("Alice Family Album", true);
loginToClientPage("alice", "alice", RESOURCE_SERVER_ID + "/manage-albums");
this.clientPage.viewAlbum("Alice Family Album", false);
assertFalse(this.clientPage.wasDenied());
} finally {
this.deployer.undeploy(RESOURCE_SERVER_ID);
}
clientPage.viewAlbum("Alice Family Album", false);
}
@Test
public void testClientRoleNotRequired() throws Exception {
try {
this.deployer.deploy(RESOURCE_SERVER_ID);
loginToClientPage("alice", "alice");
assertFalse(this.clientPage.wasDenied());
this.clientPage.createAlbum("Alice Family Album");
this.clientPage.viewAlbum("Alice Family Album");
assertFalse(this.clientPage.wasDenied());
clientPage.createAlbum("Alice Family Album");
clientPage.viewAlbum("Alice Family Album", false);
UsersResource usersResource = realmsResouce().realm(REALM_NAME).users();
List<UserRepresentation> users = usersResource.search("alice", null, null, null, null, null);
@ -428,8 +395,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
manageAlbumRole.update(roleRepresentation);
loginToClientPage("alice", "alice");
this.clientPage.viewAlbum("Alice Family Album");
assertTrue(this.clientPage.wasDenied());
clientPage.viewAlbum("Alice Family Album", true);
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
if ("Any User Policy".equals(policy.getName())) {
@ -446,48 +412,36 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
getAuthorizationResource().policies().policy(policy.getId()).update(policy);
}
}
printUpdatedPolicies();
loginToClientPage("alice", "alice");
this.clientPage.viewAlbum("Alice Family Album");
assertFalse(this.clientPage.wasDenied());
} finally {
this.deployer.undeploy(RESOURCE_SERVER_ID);
}
clientPage.viewAlbum("Alice Family Album", false);
}
@Test
public void testOverridePermissionFromResourceParent() throws Exception {
try {
this.deployer.deploy(RESOURCE_SERVER_ID);
loginToClientPage("alice", "alice");
String resourceName = "My Resource Instance";
this.clientPage.createAlbum(resourceName);
assertFalse(this.clientPage.wasDenied());
clientPage.createAlbum(resourceName);
this.clientPage.viewAlbum(resourceName);
assertFalse(this.clientPage.wasDenied());
clientPage.viewAlbum(resourceName, false);
this.clientPage.navigateTo();
this.clientPage.deleteAlbum(resourceName);
assertFalse(this.clientPage.wasDenied());
clientPage.navigateTo();
clientPage.deleteAlbum(resourceName, false);
this.clientPage.createAlbum(resourceName);
clientPage.createAlbum(resourceName);
this.clientPage.logOut();
clientPage.logOut();
loginToClientPage("admin", "admin");
this.clientPage.navigateToAdminAlbum();
this.clientPage.viewAlbum(resourceName);
assertFalse(this.clientPage.wasDenied());
clientPage.navigateToAdminAlbum(false);
clientPage.viewAlbum(resourceName, false);
this.clientPage.navigateToAdminAlbum();;
this.clientPage.deleteAlbum(resourceName);
assertFalse(this.clientPage.wasDenied());
clientPage.navigateToAdminAlbum(false);
clientPage.deleteAlbum(resourceName, false);
loginToClientPage("alice", "alice");
this.clientPage.createAlbum(resourceName);
assertFalse(this.clientPage.wasDenied());
clientPage.createAlbum(resourceName);
getAuthorizationResource().resources().resources().forEach(resource -> {
if (resource.getName().equals(resourceName)) {
@ -504,67 +458,51 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
resourceInstancePermission.setConfig(config);
getAuthorizationResource().policies().create(resourceInstancePermission);
} catch (Exception e) {
} catch (IOException e) {
throw new RuntimeException("Error creating policy.", e);
}
}
});
printUpdatedPolicies();
loginToClientPage("admin", "admin");
this.clientPage.navigateToAdminAlbum();
this.clientPage.viewAlbum(resourceName);
assertTrue(this.clientPage.wasDenied());
clientPage.navigateToAdminAlbum(false);
clientPage.viewAlbum(resourceName, true);
this.clientPage.navigateToAdminAlbum();
this.clientPage.deleteAlbum(resourceName);
assertTrue(this.clientPage.wasDenied());
clientPage.navigateToAdminAlbum(false);
clientPage.deleteAlbum(resourceName, true);
loginToClientPage("alice", "alice");
this.clientPage.deleteAlbum(resourceName);
assertFalse(this.clientPage.wasDenied());
clientPage.deleteAlbum(resourceName, false);
ResourcesResource resourcesResource = getAuthorizationResource().resources();
List<ResourceRepresentation> resources = resourcesResource.resources();
assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
} finally {
this.deployer.undeploy(RESOURCE_SERVER_ID);
}
assertThat(getResourcesOfUser("alice"), is(empty()));
}
@Test
public void testInheritPermissionFromResourceParent() throws Exception {
try {
this.deployer.deploy(RESOURCE_SERVER_ID);
loginToClientPage("alice", "alice");
String resourceName = "My Resource Instance";
this.clientPage.createAlbum(resourceName);
assertFalse(this.clientPage.wasDenied());
clientPage.createAlbum(resourceName);
this.clientPage.viewAlbum(resourceName);
assertFalse(this.clientPage.wasDenied());
clientPage.viewAlbum(resourceName, false);
this.clientPage.navigateTo();
this.clientPage.deleteAlbum(resourceName);
assertFalse(this.clientPage.wasDenied());
clientPage.navigateTo();
clientPage.deleteAlbum(resourceName, false);
this.clientPage.createAlbum(resourceName);
clientPage.createAlbum(resourceName);
loginToClientPage("admin", "admin");
this.clientPage.navigateToAdminAlbum();
this.clientPage.viewAlbum(resourceName);
assertFalse(this.clientPage.wasDenied());
clientPage.navigateToAdminAlbum(false);
clientPage.viewAlbum(resourceName, false);
this.clientPage.navigateToAdminAlbum();;
this.clientPage.deleteAlbum(resourceName);
assertFalse(this.clientPage.wasDenied());
clientPage.navigateToAdminAlbum(false);
clientPage.deleteAlbum(resourceName, false);
loginToClientPage("alice", "alice");
this.clientPage.createAlbum(resourceName);
assertFalse(this.clientPage.wasDenied());
clientPage.createAlbum(resourceName);
ResourcesResource resourcesResource = getAuthorizationResource().resources();
resourcesResource.resources().forEach(resource -> {
@ -582,7 +520,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
resourceInstancePermission.setConfig(config);
getAuthorizationResource().policies().create(resourceInstancePermission);
} catch (Exception e) {
} catch (IOException e) {
throw new RuntimeException("Error creating policy.", e);
}
}
@ -590,13 +528,11 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
loginToClientPage("admin", "admin");
this.clientPage.navigateToAdminAlbum();
this.clientPage.viewAlbum(resourceName);
assertTrue(this.clientPage.wasDenied());
clientPage.navigateToAdminAlbum(false);
clientPage.viewAlbum(resourceName, true);
this.clientPage.navigateToAdminAlbum();
this.clientPage.deleteAlbum(resourceName);
assertTrue(this.clientPage.wasDenied());
clientPage.navigateToAdminAlbum(false);
clientPage.deleteAlbum(resourceName, true);
resourcesResource.resources().forEach(resource -> {
if (resource.getName().equals(resourceName)) {
@ -607,17 +543,14 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
loginToClientPage("admin", "admin");
this.clientPage.navigateToAdminAlbum();
this.clientPage.viewAlbum(resourceName);
assertFalse(this.clientPage.wasDenied());
clientPage.navigateToAdminAlbum(false);
clientPage.viewAlbum(resourceName, false);
this.clientPage.navigateToAdminAlbum();
this.clientPage.deleteAlbum(resourceName);
assertTrue(this.clientPage.wasDenied());
clientPage.navigateToAdminAlbum(false);
clientPage.deleteAlbum(resourceName, true);
loginToClientPage("alice", "alice");
this.clientPage.deleteAlbum(resourceName);
assertFalse(this.clientPage.wasDenied());
clientPage.deleteAlbum(resourceName, false);
List<ResourceRepresentation> resources = resourcesResource.resources();
assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
@ -627,17 +560,11 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
resourcesResource.resource(resource.getId()).update(resource);
}
});
} finally {
this.deployer.undeploy(RESOURCE_SERVER_ID);
}
}
//KEYCLOAK-3777
@Test
public void testEntitlementRequest() throws Exception {
try {
this.deployer.deploy(RESOURCE_SERVER_ID);
clientPage.navigateTo();
loginToClientPage("admin", "admin");
@ -648,122 +575,89 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
String pageSource = driver.getPageSource();
assertTrue(pageSource.contains("album:view"));
assertTrue(pageSource.contains("album:delete"));
} finally {
this.deployer.undeploy(RESOURCE_SERVER_ID);
}
}
@Test
public void testResourceProtectedWithAnyScope() throws Exception {
try {
this.deployer.deploy(RESOURCE_SERVER_ID);
loginToClientPage("alice", "alice");
this.clientPage.requestResourceProtectedAllScope();
assertTrue(this.clientPage.wasDenied());
this.clientPage.requestResourceProtectedAnyScope();
assertFalse(this.clientPage.wasDenied());
} finally {
this.deployer.undeploy(RESOURCE_SERVER_ID);
}
clientPage.requestResourceProtectedAllScope(true);
clientPage.requestResourceProtectedAnyScope(false);
}
@Test
public void testRequestResourceToOwner() throws Exception {
try {
this.deployer.deploy(RESOURCE_SERVER_ID);
loginToClientPage("alice", "alice");
this.clientPage.createAlbum("Alice-Family-Album", true);
clientPage.createAlbum("Alice-Family-Album", true);
loginToClientPage("jdoe", "jdoe");
this.clientPage.viewAllAlbums();
this.clientPage.viewAlbum("Alice-Family-Album");
assertTrue(this.clientPage.wasDenied());
this.clientPage.navigateTo();
this.clientPage.viewAllAlbums();
this.clientPage.deleteAlbum("Alice-Family-Album");
assertTrue(this.clientPage.wasDenied());
clientPage.viewAllAlbums();
clientPage.viewAlbum("Alice-Family-Album", true);
clientPage.navigateTo();
clientPage.viewAllAlbums();
clientPage.deleteAlbum("Alice-Family-Album", true);
loginToClientPage("alice", "alice");
this.clientPage.accountGrantResource("Alice-Family-Album", "jdoe");
clientPage.accountGrantResource("Alice-Family-Album", "jdoe");
loginToClientPage("jdoe", "jdoe");
this.clientPage.viewAllAlbums();
this.clientPage.viewAlbum("Alice-Family-Album");
assertFalse(this.clientPage.wasDenied());
this.clientPage.navigateTo();
this.clientPage.viewAllAlbums();
this.clientPage.deleteAlbum("Alice-Family-Album");
assertFalse(this.clientPage.wasDenied());
clientPage.viewAllAlbums();
clientPage.viewAlbum("Alice-Family-Album", false);
clientPage.navigateTo();
clientPage.viewAllAlbums();
clientPage.deleteAlbum("Alice-Family-Album", false);
loginToClientPage("alice", "alice");
this.clientPage.createAlbum("Alice-Family-Album", true);
clientPage.createAlbum("Alice-Family-Album", true);
loginToClientPage("jdoe", "jdoe");
this.clientPage.viewAllAlbums();
this.clientPage.viewAlbum("Alice-Family-Album");
assertTrue(this.clientPage.wasDenied());
this.clientPage.navigateTo();
this.clientPage.viewAllAlbums();
this.clientPage.deleteAlbum("Alice-Family-Album");
assertTrue(this.clientPage.wasDenied());
clientPage.viewAllAlbums();
clientPage.viewAlbum("Alice-Family-Album", true);
clientPage.navigateTo();
clientPage.viewAllAlbums();
clientPage.deleteAlbum("Alice-Family-Album", true);
loginToClientPage("alice", "alice");
this.clientPage.accountGrantRemoveScope("Alice-Family-Album", "jdoe", "album:delete");
this.clientPage.accountGrantResource("Alice-Family-Album", "jdoe");
clientPage.accountGrantRemoveScope("Alice-Family-Album", "jdoe", "album:delete");
clientPage.accountGrantResource("Alice-Family-Album", "jdoe");
loginToClientPage("jdoe", "jdoe");
this.clientPage.viewAllAlbums();
this.clientPage.viewAlbum("Alice-Family-Album");
assertFalse(this.clientPage.wasDenied());
this.clientPage.navigateTo();
this.clientPage.viewAllAlbums();
this.clientPage.deleteAlbum("Alice-Family-Album");
assertTrue(this.clientPage.wasDenied());
} finally {
this.deployer.undeploy(RESOURCE_SERVER_ID);
}
clientPage.viewAllAlbums();
clientPage.viewAlbum("Alice-Family-Album", false);
clientPage.navigateTo();
clientPage.viewAllAlbums();
clientPage.deleteAlbum("Alice-Family-Album", true);
}
@Test
public void testOwnerSharingResource() throws Exception {
try {
this.deployer.deploy(RESOURCE_SERVER_ID);
loginToClientPage("alice", "alice");
this.clientPage.createAlbum("Alice-Family-Album", true);
this.clientPage.accountShareResource("Alice-Family-Album", "jdoe");
clientPage.createAlbum("Alice-Family-Album", true);
clientPage.accountShareResource("Alice-Family-Album", "jdoe");
loginToClientPage("jdoe", "jdoe");
this.clientPage.viewAllAlbums();
this.clientPage.viewAlbum("Alice-Family-Album");
assertFalse(this.clientPage.wasDenied());
this.clientPage.navigateTo();
this.clientPage.viewAllAlbums();
this.clientPage.deleteAlbum("Alice-Family-Album");
assertFalse(this.clientPage.wasDenied());
clientPage.viewAllAlbums();
clientPage.viewAlbum("Alice-Family-Album", false);
clientPage.navigateTo();
clientPage.viewAllAlbums();
clientPage.deleteAlbum("Alice-Family-Album", false);
loginToClientPage("alice", "alice");
this.clientPage.createAlbum("Alice-Family-Album", true);
this.clientPage.accountShareRemoveScope("Alice-Family-Album", "jdoe", "album:delete");
clientPage.createAlbum("Alice-Family-Album", true);
clientPage.accountShareRemoveScope("Alice-Family-Album", "jdoe", "album:delete");
loginToClientPage("jdoe", "jdoe");
this.clientPage.viewAllAlbums();
this.clientPage.viewAlbum("Alice-Family-Album");
assertFalse(this.clientPage.wasDenied());
this.clientPage.navigateTo();
this.clientPage.viewAllAlbums();
this.clientPage.deleteAlbum("Alice-Family-Album");
assertTrue(this.clientPage.wasDenied());
clientPage.viewAllAlbums();
clientPage.viewAlbum("Alice-Family-Album", false);
clientPage.navigateTo();
clientPage.viewAllAlbums();
clientPage.deleteAlbum("Alice-Family-Album", true);
loginToClientPage("alice", "alice");
this.clientPage.accountRevokeResource("Alice-Family-Album", "jdoe");
clientPage.accountRevokeResource("Alice-Family-Album", "jdoe");
loginToClientPage("jdoe", "jdoe");
this.clientPage.viewAllAlbums();
this.clientPage.viewAlbum("Alice-Family-Album");
assertTrue(this.clientPage.wasDenied());
} finally {
this.deployer.undeploy(RESOURCE_SERVER_ID);
}
clientPage.viewAllAlbums();
clientPage.viewAlbum("Alice-Family-Album", true);
}
private void importResourceServerSettings() throws FileNotFoundException {
@ -791,6 +685,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
}
private void loginToClientPage(String username, String password, String... scopes) throws InterruptedException {
log.debugf("--logging in as {0} with password: {1}; scopes: {2}", username, password, Arrays.toString(scopes));
// We need to log out by deleting cookies because the log out button sometimes doesn't work in PhantomJS
deleteAllCookiesForTestRealm();
clientPage.navigateTo();

4
testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml
View file

@ -45,6 +45,10 @@
<property name="chromeArguments">${chromeArguments}</property>
</extension>
<extension qualifier="drone">
<property name="instantiationTimeoutInSeconds">${droneInstantiationTimeoutInSeconds}</property>
</extension>
<extension qualifier="graphene">
<property name="waitGuiInterval">5</property>
<property name="waitAjaxInterval">5</property>

1
testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/authorization/WildflyPhotozExampleAdapterTest.java
View file

@ -16,7 +16,6 @@
*/
package org.keycloak.testsuite.adapter.example.authorization;
import org.keycloak.testsuite.adapter.example.authorization.AbstractPhotozExampleAdapterTest;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
/**

2
testsuite/integration-arquillian/tests/pom.xml
View file

@ -102,6 +102,7 @@
<browser>htmlUnit</browser>
<webdriverDownloadBinaries>true</webdriverDownloadBinaries>
<droneInstantiationTimeoutInSeconds>60</droneInstantiationTimeoutInSeconds>
<github.username/>
<github.secretToken/>
<ieDriverArch/>
@ -278,6 +279,7 @@
<js.chromeArguments>${js.chromeArguments}</js.chromeArguments>
<htmlUnitBrowserVersion>${htmlUnitBrowserVersion}</htmlUnitBrowserVersion>
<webdriverDownloadBinaries>${webdriverDownloadBinaries}</webdriverDownloadBinaries>
<droneInstantiationTimeoutInSeconds>${droneInstantiationTimeoutInSeconds}</droneInstantiationTimeoutInSeconds>
<github.username>${github.username}</github.username>
<github.secretToken>${github.secretToken}</github.secretToken>