Merge pull request #4079 from mhajas/KEYCLOAK-4769

KEYCLOAK-4769 Add test for URI priority
2017-04-26 12:20:53 -03:00 · 2017-04-26 12:20:53 -03:00 · b84507507d
commit b84507507d
parent d6a0c9e186 9c0e7cb4a5
3 changed files with 49 additions and 0 deletions
--- a/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/servlet-policy-enforcer-authz-realm.json
+++ b/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/servlet-policy-enforcer-authz-realm.json
@ -115,6 +115,11 @@
                    {
                        "name": "Pattern 11",
                        "typedScopes": []
+                    },
+                    {
+                        "name": "Pattern 12",
+                        "uri": "/realm_uri",
+                        "typedScopes": []
                    }
                ],
                "policies": [
@ -256,6 +261,16 @@
                            "resources": "[\"Pattern 11\"]",
                            "applyPolicies": "[\"Default Policy\"]"
                        }
+                    },
+                    {
+                        "name": "Pattern 12 Permission",
+                        "type": "resource",
+                        "logic": "POSITIVE",
+                        "decisionStrategy": "UNANIMOUS",
+                        "config": {
+                            "resources": "[\"Pattern 12\"]",
+                            "applyPolicies": "[\"Default Policy\"]"
+                        }
                    }
                ],
                "scopes": []
--- a/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/src/main/webapp/WEB-INF/keycloak.json
+++ b/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/src/main/webapp/WEB-INF/keycloak.json
@ -56,6 +56,10 @@
            {
                "name": "Pattern 11",
                "path": "/api/{version}/{resource}"
+            },
+            {
+                "name": "Pattern 12",
+                "path": "/keycloak_json_uri"
            }
        ]
    }
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletPolicyEnforcerTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletPolicyEnforcerTest.java
@ -290,12 +290,14 @@ public abstract class AbstractServletPolicyEnforcerTest extends AbstractExampleA
            login("alice", "alice");

            navigateTo("/resource/a/i/b/c/d/e");
+            assertFalse(wasDenied());
            navigateTo("/resource/a/i/b/c/");
            assertFalse(wasDenied());

            updatePermissionPolicies("Pattern 10 Permission", "Deny Policy");
            login("alice", "alice");
            navigateTo("/resource/a/i/b/c/d/e");
+            assertTrue(wasDenied());
            navigateTo("/resource/a/i/b/c/d");
            assertTrue(wasDenied());

@ -350,6 +352,34 @@ public abstract class AbstractServletPolicyEnforcerTest extends AbstractExampleA
        });
    }

+    @Test
+    public void testPriorityOfURIForResource() {
+        performTests(() -> {
+            login("alice", "alice");
+            navigateTo("/realm_uri");
+            assertTrue(wasDenied());
+            navigateTo("/keycloak_json_uri");
+            assertFalse(wasDenied());
+
+            updatePermissionPolicies("Pattern 12 Permission", "Deny Policy");
+
+            login("alice", "alice");
+            navigateTo("/realm_uri");
+            assertTrue(wasDenied());
+            navigateTo("/keycloak_json_uri");
+            assertTrue(wasDenied());
+
+            updatePermissionPolicies("Pattern 12 Permission", "Default Policy");
+
+            login("alice", "alice");
+            navigateTo("/realm_uri");
+            assertTrue(wasDenied());
+            navigateTo("/keycloak_json_uri");
+            assertFalse(wasDenied());
+        });
+    }
+
+
    private void navigateTo(String path) {
        this.driver.navigate().to(getResourceServerUrl() + path);
    }