libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

[KEYCLOAK-13927] Allow deleting permission tickets with the Authz client

Browse source
This commit is contained in:
Bart Monhemius 2020-04-22 16:11:47 +02:00 committed by Pedro Igor
parent a04c70531a
commit acc5ab9e44
2 changed files with 61 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
authz/client/src/main/java/org/keycloak/authorization/client/resource/PermissionResource.java
View file

@ -237,13 +237,43 @@ public class PermissionResource {
if (ticket.getId() == null) { if (ticket.getId() == null) {
throw new IllegalArgumentException("Permission ticket must have an id"); throw new IllegalArgumentException("Permission ticket must have an id");
} }
Callable callable = new Callable() { Callable<Void> callable = new Callable<Void>() {
@Override @Override
public Object call() throws Exception { public Void call() throws Exception {
http.<List>put(serverConfiguration.getPermissionEndpoint()+"/ticket") http.<Void>put(serverConfiguration.getPermissionEndpoint()+"/ticket")
.json(JsonSerialization.writeValueAsBytes(ticket)) .json(JsonSerialization.writeValueAsBytes(ticket))
.authorizationBearer(pat.call()) .authorizationBearer(pat.call())
.response().json(List.class).execute(); .response()
.execute();
return null;
}
};
try {
callable.call();
} catch (Exception cause) {
Throwables.retryAndWrapExceptionIfNecessary(callable, pat, "Error updating permission ticket", cause);
}
}
/**
* Deletes a permission ticket.
*
* @param ticket the permission ticket
*/
public void delete(final PermissionTicketRepresentation ticket) {
if (ticket == null) {
throw new IllegalArgumentException("Permission ticket must not be null or empty");
}
if (ticket.getId() == null) {
throw new IllegalArgumentException("Permission ticket must have an id");
}
Callable<Void> callable = new Callable<Void>() {
@Override
public Void call() throws Exception {
http.<Void>delete(serverConfiguration.getPermissionEndpoint() + "/ticket/" + ticket.getId())
.authorizationBearer(pat.call())
.response()
.execute();
return null; return null;
} }
}; };

28
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedAccessTest.java
View file

@ -255,6 +255,22 @@ public class UserManagedAccessTest extends AbstractResourceServerTest {
assertNotNull(permissions); assertNotNull(permissions);
assertPermissions(permissions, resource.getName(), "ScopeA", "ScopeB"); assertPermissions(permissions, resource.getName(), "ScopeA", "ScopeB");
assertTrue(permissions.isEmpty()); assertTrue(permissions.isEmpty());
for (PermissionTicketRepresentation ticket : tickets) {
getAuthzClient().protection().permission().delete(ticket);
}
tickets = getAuthzClient().protection().permission().find(resource.getId(), null, null, null, null, null, null, null);
assertEquals(0, tickets.size());
try {
response = authorize("kolo", "password", resource.getId(), new String[] {"ScopeA", "ScopeB"});
fail("User should not have access to resource from another user");
} catch (AuthorizationDeniedException ade) {
}
} }
@Test @Test
@ -513,6 +529,14 @@ public class UserManagedAccessTest extends AbstractResourceServerTest {
for (PermissionTicketRepresentation ticket : permissionTickets) { for (PermissionTicketRepresentation ticket : permissionTickets) {
assertTrue(ticket.isGranted()); assertTrue(ticket.isGranted());
} }
for (PermissionTicketRepresentation ticket : permissionTickets) {
permissionResource.delete(ticket);
}
permissionTickets = permissionResource.findByResource(resource.getId());
assertEquals(0, permissionTickets.size());
} }
@Test @Test
@ -588,10 +612,12 @@ public class UserManagedAccessTest extends AbstractResourceServerTest {
for (PermissionTicketRepresentation representation : new ArrayList<>(permissionTickets)) { for (PermissionTicketRepresentation representation : new ArrayList<>(permissionTickets)) {
if (representation.isGranted()) { if (representation.isGranted()) {
permissionTickets.remove(representation); permissionResource.delete(representation);
} }
} }
permissionTickets = permissionResource.findByResource(resource.getId());
assertEquals(1, permissionTickets.size()); assertEquals(1, permissionTickets.size());
} }