[KEYCLOAK-10279] - Do not limit results when fetching resources

This commit is contained in:
Pedro Igor 2019-05-27 16:58:01 -03:00 committed by Bruno Oliveira da Silva
parent 9a5b85910a
commit e9ea1f0e36
7 changed files with 96 additions and 5 deletions

View file

@ -143,6 +143,10 @@ public class PathCache {
return false;
}
public int size() {
return cache.size();
}
private static final class CacheEntry {
final String key;

View file

@ -143,7 +143,7 @@ public class PolicyEnforcer {
}
private Map<String, PathConfig> configurePaths(ProtectedResource protectedResource, PolicyEnforcerConfig enforcerConfig) {
boolean loadPathsFromServer = true;
boolean loadPathsFromServer = !enforcerConfig.getLazyLoadPaths();
for (PathConfig pathConfig : enforcerConfig.getPaths()) {
if (!PolicyEnforcerConfig.EnforcementMode.DISABLED.equals(pathConfig.getEnforcementMode())) {
@ -306,6 +306,10 @@ public class PolicyEnforcer {
return paths.values();
}
public PathCache getPathCache() {
return pathCache;
}
@Override
protected PathConfig resolvePathConfig(PathConfig originalConfig, String path) {
if (originalConfig.hasPattern()) {

View file

@ -283,6 +283,6 @@ public class ProtectedResource {
.param("matchingUri", Boolean.valueOf(matchingUri).toString())
.param("deep", Boolean.toString(deep))
.param("first", firstResult != null ? firstResult.toString() : null)
.param("max", maxResult != null ? maxResult.toString() : null);
.param("max", maxResult != null ? maxResult.toString() : Integer.toString(-1));
}
}
}

View file

@ -419,7 +419,7 @@ public class ResourceSetService {
attributes.put("uri_not_null", new String[] {"true"});
attributes.put("owner", new String[] {resourceServer.getId()});
List<Resource> serverResources = storeFactory.getResourceStore().findByResourceServer(attributes, this.resourceServer.getId(), firstResult != null ? firstResult : -1, maxResult != null ? maxResult : Constants.DEFAULT_MAX_RESULTS);
List<Resource> serverResources = storeFactory.getResourceStore().findByResourceServer(attributes, this.resourceServer.getId(), firstResult != null ? firstResult : -1, maxResult != null ? maxResult : -1);
PathMatcher<Map.Entry<String, Resource>> pathMatcher = new PathMatcher<Map.Entry<String, Resource>>() {
@Override
@ -479,4 +479,4 @@ public class ResourceSetService {
}
}
}
}
}

View file

@ -39,6 +39,7 @@ import java.util.concurrent.atomic.AtomicBoolean;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
@ -478,6 +479,64 @@ public class PolicyEnforcerTest extends AbstractKeycloakTest {
assertTrue(context.isGranted());
}
@Test
public void testLazyLoadPaths() {
ClientResource clientResource = getClientResource(RESOURCE_SERVER_CLIENT_ID);
for (int i = 0; i < 200; i++) {
ResourceRepresentation representation = new ResourceRepresentation();
representation.setType("test");
representation.setName("Resource " + i);
representation.setUri("/api/" + i);
javax.ws.rs.core.Response response = clientResource.authorization().resources().create(representation);
representation.setId(response.readEntity(ResourceRepresentation.class).getId());
response.close();
}
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
permission.setName("Test Permission");
permission.setResourceType("test");
permission.addPolicy("Only User Policy");
PermissionsResource permissions = clientResource.authorization().permissions();
permissions.resource().create(permission).close();
KeycloakDeployment deployment = KeycloakDeploymentBuilder.build(getAdapterConfiguration("enforcer-no-lazyload.json"));
PolicyEnforcer policyEnforcer = deployment.getPolicyEnforcer();
assertEquals(203, policyEnforcer.getPaths().size());
deployment = KeycloakDeploymentBuilder.build(getAdapterConfiguration("enforcer-lazyload.json"));
policyEnforcer = deployment.getPolicyEnforcer();
assertEquals(0, policyEnforcer.getPathMatcher().getPathCache().size());
assertEquals(0, policyEnforcer.getPaths().size());
oauth.realm(REALM_NAME);
oauth.clientId("public-client-test");
oauth.doLogin("marta", "password");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, null);
String token = response.getAccessToken();
for (int i = 0; i < 101; i++) {
policyEnforcer.enforce(createHttpFacade("/api/" + i, token));
}
assertEquals(101, policyEnforcer.getPathMatcher().getPathCache().size());
for (int i = 101; i < 200; i++) {
policyEnforcer.enforce(createHttpFacade("/api/" + i, token));
}
assertEquals(200, policyEnforcer.getPathMatcher().getPathCache().size());
assertEquals(0, policyEnforcer.getPaths().size());
}
private void initAuthorizationSettings(ClientResource clientResource) {
if (clientResource.authorization().resources().findByName("Resource A").isEmpty()) {
JSPolicyRepresentation jsPolicy = new JSPolicyRepresentation();

View file

@ -0,0 +1,13 @@
{
"realm": "authz-test",
"auth-server-url": "http://localhost:8180/auth",
"ssl-required": "external",
"resource": "resource-server-test",
"credentials": {
"secret": "secret"
},
"bearer-only": true,
"policy-enforcer": {
"lazy-load-paths": true
}
}

View file

@ -0,0 +1,11 @@
{
"realm": "authz-test",
"auth-server-url": "http://localhost:8180/auth",
"ssl-required": "external",
"resource": "resource-server-test",
"credentials": {
"secret": "secret"
},
"bearer-only": true,
"policy-enforcer": {}
}