Merge remote-tracking branch 'upstream/master'
This commit is contained in:
commit
f14f303dfe
112 changed files with 1406 additions and 479 deletions
|
@ -47,6 +47,7 @@ import java.io.InputStream;
|
|||
import java.util.List;
|
||||
import java.util.logging.Level;
|
||||
import java.util.logging.Logger;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
|
@ -56,10 +57,18 @@ public class KeycloakOIDCFilter implements Filter {
|
|||
protected AdapterDeploymentContext deploymentContext;
|
||||
protected SessionIdMapper idMapper = new InMemorySessionIdMapper();
|
||||
protected NodesRegistrationManagement nodesRegistrationManagement;
|
||||
protected Pattern skipPattern;
|
||||
|
||||
private final static Logger log = Logger.getLogger(""+KeycloakOIDCFilter.class);
|
||||
|
||||
@Override
|
||||
public void init(final FilterConfig filterConfig) throws ServletException {
|
||||
|
||||
String skipPatternDefinition = filterConfig.getInitParameter("keycloak.config.skipPattern");
|
||||
if (skipPatternDefinition != null) {
|
||||
skipPattern = Pattern.compile(skipPatternDefinition, Pattern.DOTALL);
|
||||
}
|
||||
|
||||
String configResolverClass = filterConfig.getInitParameter("keycloak.config.resolver");
|
||||
if (configResolverClass != null) {
|
||||
try {
|
||||
|
@ -85,13 +94,7 @@ public class KeycloakOIDCFilter implements Filter {
|
|||
if (pathParam != null) path = pathParam;
|
||||
is = filterConfig.getServletContext().getResourceAsStream(path);
|
||||
}
|
||||
KeycloakDeployment kd;
|
||||
if (is == null) {
|
||||
log.fine("No adapter configuration. Keycloak is unconfigured and will deny all requests.");
|
||||
kd = new KeycloakDeployment();
|
||||
} else {
|
||||
kd = KeycloakDeploymentBuilder.build(is);
|
||||
}
|
||||
KeycloakDeployment kd = createKeycloakDeploymentFrom(is);
|
||||
deploymentContext = new AdapterDeploymentContext(kd);
|
||||
log.fine("Keycloak is using a per-deployment configuration.");
|
||||
}
|
||||
|
@ -99,13 +102,30 @@ public class KeycloakOIDCFilter implements Filter {
|
|||
nodesRegistrationManagement = new NodesRegistrationManagement();
|
||||
}
|
||||
|
||||
private KeycloakDeployment createKeycloakDeploymentFrom(InputStream is) {
|
||||
|
||||
if (is == null) {
|
||||
log.fine("No adapter configuration. Keycloak is unconfigured and will deny all requests.");
|
||||
return new KeycloakDeployment();
|
||||
}
|
||||
|
||||
return KeycloakDeploymentBuilder.build(is);
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
|
||||
|
||||
log.fine("Keycloak OIDC Filter");
|
||||
//System.err.println("Keycloak OIDC Filter: " + ((HttpServletRequest)req).getRequestURL().toString());
|
||||
HttpServletRequest request = (HttpServletRequest) req;
|
||||
HttpServletResponse response = (HttpServletResponse) res;
|
||||
|
||||
if (shouldSkip(request)) {
|
||||
chain.doFilter(req, res);
|
||||
return;
|
||||
}
|
||||
|
||||
OIDCServletHttpFacade facade = new OIDCServletHttpFacade(request, response);
|
||||
KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
|
||||
if (deployment == null || !deployment.isConfigured()) {
|
||||
|
@ -171,6 +191,26 @@ public class KeycloakOIDCFilter implements Filter {
|
|||
|
||||
}
|
||||
|
||||
/**
|
||||
* Decides whether this {@link Filter} should skip the given {@link HttpServletRequest} based on the configured {@link KeycloakOIDCFilter#skipPattern}.
|
||||
* Patterns are matched against the {@link HttpServletRequest#getRequestURI() requestURI} of a request without the context-path.
|
||||
* A request for {@code /myapp/index.html} would be tested with {@code /index.html} against the skip pattern.
|
||||
* Skipped requests will not be processed further by {@link KeycloakOIDCFilter} and immediately delegated to the {@link FilterChain}.
|
||||
*
|
||||
* @param request the request to check
|
||||
* @return {@code true} if the request should not be handled,
|
||||
* {@code false} otherwise.
|
||||
*/
|
||||
private boolean shouldSkip(HttpServletRequest request) {
|
||||
|
||||
if (skipPattern == null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
String requestPath = request.getRequestURI().substring(request.getContextPath().length());
|
||||
return skipPattern.matcher(requestPath).matches();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void destroy() {
|
||||
|
||||
|
|
|
@ -42,6 +42,10 @@ public interface OAuth2Constants {
|
|||
|
||||
String RESPONSE_TYPE = "response_type";
|
||||
|
||||
String ACCESS_TOKEN = "access_token";
|
||||
|
||||
String ID_TOKEN = "id_token";
|
||||
|
||||
String REFRESH_TOKEN = "refresh_token";
|
||||
|
||||
String AUTHORIZATION_CODE = "authorization_code";
|
||||
|
|
|
@ -18,7 +18,6 @@
|
|||
package org.keycloak.representations.idm;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
|
||||
*/
|
||||
public class AdminEventRepresentation {
|
||||
|
@ -27,6 +26,7 @@ public class AdminEventRepresentation {
|
|||
private String realmId;
|
||||
private AuthDetailsRepresentation authDetails;
|
||||
private String operationType;
|
||||
private String resourceType;
|
||||
private String resourcePath;
|
||||
private String representation;
|
||||
private String error;
|
||||
|
@ -63,6 +63,14 @@ public class AdminEventRepresentation {
|
|||
this.operationType = operationType;
|
||||
}
|
||||
|
||||
public String getResourceType() {
|
||||
return resourceType;
|
||||
}
|
||||
|
||||
public void setResourceType(String resourceType) {
|
||||
this.resourceType = resourceType;
|
||||
}
|
||||
|
||||
public String getResourcePath() {
|
||||
return resourcePath;
|
||||
}
|
||||
|
@ -86,5 +94,4 @@ public class AdminEventRepresentation {
|
|||
public void setError(String error) {
|
||||
this.error = error;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -26,6 +26,7 @@ import java.util.regex.Pattern;
|
|||
import org.keycloak.events.admin.AdminEvent;
|
||||
import org.keycloak.events.admin.AdminEventQuery;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:giriraj.sharma27@gmail.com">Giriraj Sharma</a>
|
||||
|
@ -71,6 +72,27 @@ public class MemAdminEventQuery implements AdminEventQuery {
|
|||
}
|
||||
return this;
|
||||
}
|
||||
|
||||
@Override
|
||||
public AdminEventQuery resourceType(ResourceType... resourceTypes) {
|
||||
|
||||
Iterator<AdminEvent> itr = this.adminEvents.iterator();
|
||||
while (itr.hasNext()) {
|
||||
AdminEvent next = itr.next();
|
||||
boolean include = false;
|
||||
for (ResourceType e : resourceTypes) {
|
||||
if (next.getResourceType().equals(e)) {
|
||||
include = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!include) {
|
||||
itr.remove();
|
||||
}
|
||||
}
|
||||
|
||||
return this;
|
||||
}
|
||||
|
||||
@Override
|
||||
public AdminEventQuery authRealm(String authRealmId) {
|
||||
|
|
|
@ -17,8 +17,12 @@
|
|||
|
||||
package org.keycloak.events.jpa;
|
||||
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
|
||||
import javax.persistence.Column;
|
||||
import javax.persistence.Entity;
|
||||
import javax.persistence.EnumType;
|
||||
import javax.persistence.Enumerated;
|
||||
import javax.persistence.Id;
|
||||
import javax.persistence.Table;
|
||||
|
||||
|
@ -41,6 +45,9 @@ public class AdminEventEntity {
|
|||
|
||||
@Column(name="OPERATION_TYPE")
|
||||
private String operationType;
|
||||
|
||||
@Column(name="RESOURCE_TYPE", length = 64)
|
||||
private String resourceType;
|
||||
|
||||
@Column(name="AUTH_REALM_ID")
|
||||
private String authRealmId;
|
||||
|
@ -151,4 +158,11 @@ public class AdminEventEntity {
|
|||
this.error = error;
|
||||
}
|
||||
|
||||
public String getResourceType() {
|
||||
return resourceType;
|
||||
}
|
||||
|
||||
public void setResourceType(String resourceType) {
|
||||
this.resourceType = resourceType;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -33,6 +33,7 @@ import javax.persistence.criteria.Root;
|
|||
import org.keycloak.events.admin.AdminEvent;
|
||||
import org.keycloak.events.admin.AdminEventQuery;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:giriraj.sharma27@gmail.com">Giriraj Sharma</a>
|
||||
|
@ -71,7 +72,19 @@ public class JpaAdminEventQuery implements AdminEventQuery {
|
|||
predicates.add(root.get("operationType").in(operationStrings));
|
||||
return this;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public AdminEventQuery resourceType(ResourceType... resourceTypes) {
|
||||
|
||||
List<String> resourceTypeStrings = new LinkedList<String>();
|
||||
for (ResourceType e : resourceTypes) {
|
||||
resourceTypeStrings.add(e.toString());
|
||||
}
|
||||
predicates.add(root.get("resourceType").in(resourceTypeStrings));
|
||||
|
||||
return this;
|
||||
}
|
||||
|
||||
@Override
|
||||
public AdminEventQuery authRealm(String authRealmId) {
|
||||
predicates.add(cb.equal(root.get("authRealmId"), authRealmId));
|
||||
|
|
|
@ -28,6 +28,7 @@ import org.keycloak.events.Event;
|
|||
import org.keycloak.events.EventQuery;
|
||||
import org.keycloak.events.EventStoreProvider;
|
||||
import org.keycloak.events.EventType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
|
||||
import javax.persistence.EntityManager;
|
||||
|
||||
|
@ -150,6 +151,11 @@ public class JpaEventStoreProvider implements EventStoreProvider {
|
|||
adminEventEntity.setRealmId(adminEvent.getRealmId());
|
||||
setAuthDetails(adminEventEntity, adminEvent.getAuthDetails());
|
||||
adminEventEntity.setOperationType(adminEvent.getOperationType().toString());
|
||||
|
||||
if (adminEvent.getResourceType() != null) {
|
||||
adminEventEntity.setResourceType(adminEvent.getResourceType().toString());
|
||||
}
|
||||
|
||||
adminEventEntity.setResourcePath(adminEvent.getResourcePath());
|
||||
adminEventEntity.setError(adminEvent.getError());
|
||||
|
||||
|
@ -165,6 +171,11 @@ public class JpaEventStoreProvider implements EventStoreProvider {
|
|||
adminEvent.setRealmId(adminEventEntity.getRealmId());
|
||||
setAuthDetails(adminEvent, adminEventEntity);
|
||||
adminEvent.setOperationType(OperationType.valueOf(adminEventEntity.getOperationType()));
|
||||
|
||||
if (adminEventEntity.getResourceType() != null) {
|
||||
adminEvent.setResourceType(ResourceType.valueOf(adminEventEntity.getResourceType()));
|
||||
}
|
||||
|
||||
adminEvent.setResourcePath(adminEventEntity.getResourcePath());
|
||||
adminEvent.setError(adminEventEntity.getError());
|
||||
|
||||
|
|
|
@ -195,4 +195,5 @@
|
|||
<addForeignKeyConstraint baseColumnNames="COMPONENT_ID" baseTableName="COMPONENT_CONFIG" constraintName="FK_COMPONENT_CONFIG" referencedColumnNames="ID" referencedTableName="COMPONENT"/>
|
||||
|
||||
</changeSet>
|
||||
|
||||
</databaseChangeLog>
|
27
model/jpa/src/main/resources/META-INF/jpa-changelog-2.2.0.xml
Executable file
27
model/jpa/src/main/resources/META-INF/jpa-changelog-2.2.0.xml
Executable file
|
@ -0,0 +1,27 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!--
|
||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
~ and other contributors as indicated by the @author tags.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
|
||||
|
||||
<changeSet author="thomas.darimont@gmail.com" id="2.2.0">
|
||||
<addColumn tableName="ADMIN_EVENT_ENTITY">
|
||||
<column name="RESOURCE_TYPE" type="VARCHAR(64)"></column>
|
||||
</addColumn>
|
||||
</changeSet>
|
||||
|
||||
</databaseChangeLog>
|
|
@ -35,4 +35,5 @@
|
|||
|
||||
<include file="META-INF/jpa-changelog-authz-master.xml"/>
|
||||
<include file="META-INF/jpa-changelog-2.1.0.xml"/>
|
||||
<include file="META-INF/jpa-changelog-2.2.0.xml"/>
|
||||
</databaseChangeLog>
|
||||
|
|
|
@ -29,6 +29,7 @@ import org.keycloak.events.admin.OperationType;
|
|||
import com.mongodb.BasicDBObject;
|
||||
import com.mongodb.DBCollection;
|
||||
import com.mongodb.DBCursor;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
|
||||
public class MongoAdminEventQuery implements AdminEventQuery{
|
||||
|
||||
|
@ -57,6 +58,18 @@ public class MongoAdminEventQuery implements AdminEventQuery{
|
|||
query.put("operationType", new BasicDBObject("$in", operationStrings));
|
||||
return this;
|
||||
}
|
||||
|
||||
@Override
|
||||
public AdminEventQuery resourceType(ResourceType... resourceTypes) {
|
||||
|
||||
List<String> resourceTypeStrings = new LinkedList<String>();
|
||||
for (ResourceType e : resourceTypes) {
|
||||
resourceTypeStrings.add(e.toString());
|
||||
}
|
||||
query.put("resourceType", new BasicDBObject("$in", resourceTypeStrings));
|
||||
|
||||
return this;
|
||||
}
|
||||
|
||||
@Override
|
||||
public AdminEventQuery authRealm(String authRealmId) {
|
||||
|
|
|
@ -29,6 +29,7 @@ import org.keycloak.events.Event;
|
|||
import org.keycloak.events.EventQuery;
|
||||
import org.keycloak.events.EventStoreProvider;
|
||||
import org.keycloak.events.EventType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
@ -172,6 +173,9 @@ public class MongoEventStoreProvider implements EventStoreProvider {
|
|||
adminEvent.setTime(o.getLong("time"));
|
||||
adminEvent.setRealmId(o.getString("realmId"));
|
||||
adminEvent.setOperationType(OperationType.valueOf(o.getString("operationType")));
|
||||
if (o.getString("resourceType") != null) {
|
||||
adminEvent.setResourceType(ResourceType.valueOf(o.getString("resourceType")));
|
||||
}
|
||||
setAuthDetails(adminEvent, o);
|
||||
adminEvent.setResourcePath(o.getString("resourcePath"));
|
||||
adminEvent.setError(o.getString("error"));
|
||||
|
|
|
@ -28,6 +28,11 @@ public class AdminEvent {
|
|||
|
||||
private AuthDetails authDetails;
|
||||
|
||||
/**
|
||||
* The resource type an AdminEvent was triggered for.
|
||||
*/
|
||||
private ResourceType resourceType;
|
||||
|
||||
private OperationType operationType;
|
||||
|
||||
private String resourcePath;
|
||||
|
@ -133,4 +138,16 @@ public class AdminEvent {
|
|||
this.error = error;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the type of the affected {@link ResourceType} for this {@link AdminEvent}, e.g. {@link ResourceType#USER USER}, {@link ResourceType#GROUP GROUP} etc.
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
public ResourceType getResourceType() {
|
||||
return resourceType;
|
||||
}
|
||||
|
||||
public void setResourceType(ResourceType resourceType) {
|
||||
this.resourceType = resourceType;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -73,6 +73,13 @@ public interface AdminEventQuery {
|
|||
*/
|
||||
AdminEventQuery operation(OperationType... operations);
|
||||
|
||||
/**
|
||||
* Search by {@link ResourceType}.
|
||||
* @param resourceTypes
|
||||
* @return <code>this</code> for method chaining
|
||||
*/
|
||||
AdminEventQuery resourceType(ResourceType ... resourceTypes);
|
||||
|
||||
/**
|
||||
* Search by resource path. Supports wildcards <code>*</code> and <code>**</code>. For example:
|
||||
* <ul>
|
||||
|
@ -124,5 +131,4 @@ public interface AdminEventQuery {
|
|||
* @return
|
||||
*/
|
||||
List<AdminEvent> getResultList();
|
||||
|
||||
}
|
||||
|
|
|
@ -0,0 +1,155 @@
|
|||
/*
|
||||
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.keycloak.events.admin;
|
||||
|
||||
/**
|
||||
* Represents Keycloak resource types for which {@link AdminEvent AdminEvent's} can be triggered.
|
||||
*
|
||||
* @author <a href="mailto:thomas.darimont@gmail.com">Thomas Darimont</a>
|
||||
*/
|
||||
public enum ResourceType {
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
REALM
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
, REALM_ROLE
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
, REALM_ROLE_MAPPING
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
, REALM_SCOPE_MAPPING
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
, AUTH_FLOW
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
, AUTH_EXECUTION_FLOW
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
, AUTH_EXECUTION
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
, AUTHENTICATOR_CONFIG
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
, REQUIRED_ACTION
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
, IDENTITY_PROVIDER
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
, IDENTITY_PROVIDER_MAPPER
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
, PROTOCOL_MAPPER
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
, USER
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
, USER_LOGIN_FAILURE
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
, USER_SESSION
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
, USER_FEDERATION_PROVIDER
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
, USER_FEDERATION_MAPPER
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
, GROUP
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
, GROUP_MEMBERSHIP
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
, CLIENT
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
, CLIENT_INITIAL_ACCESS_MODEL
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
, CLIENT_ROLE
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
, CLIENT_ROLE_MAPPING
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
, CLIENT_TEMPLATE
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
, CLIENT_SCOPE_MAPPING
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
, CLUSTER_NODE;
|
||||
}
|
|
@ -199,6 +199,9 @@ public class ModelToRepresentation {
|
|||
rep.setAuthDetails(toRepresentation(adminEvent.getAuthDetails()));
|
||||
}
|
||||
rep.setOperationType(adminEvent.getOperationType().toString());
|
||||
if (adminEvent.getResourceType() != null) {
|
||||
rep.setResourceType(adminEvent.getResourceType().toString());
|
||||
}
|
||||
rep.setResourcePath(adminEvent.getResourcePath());
|
||||
rep.setRepresentation(adminEvent.getRepresentation());
|
||||
rep.setError(adminEvent.getError());
|
||||
|
|
|
@ -171,11 +171,11 @@ public class OIDCLoginProtocol implements LoginProtocol {
|
|||
.build();
|
||||
|
||||
if (responseType.hasResponseType(OIDCResponseType.ID_TOKEN)) {
|
||||
redirectUri.addParam("id_token", res.getIdToken());
|
||||
redirectUri.addParam(OAuth2Constants.ID_TOKEN, res.getIdToken());
|
||||
}
|
||||
|
||||
if (responseType.hasResponseType(OIDCResponseType.TOKEN)) {
|
||||
redirectUri.addParam("access_token", res.getToken());
|
||||
redirectUri.addParam(OAuth2Constants.ACCESS_TOKEN, res.getToken());
|
||||
redirectUri.addParam("token_type", res.getTokenType());
|
||||
redirectUri.addParam("session_state", res.getSessionState());
|
||||
redirectUri.addParam("expires_in", String.valueOf(res.getExpiresIn()));
|
||||
|
|
|
@ -340,6 +340,12 @@ public class AuthorizationEndpoint extends AuthorizationEndpointBase {
|
|||
return redirectErrorToClient(parsedResponseMode, OAuthErrorException.REQUEST_URI_NOT_SUPPORTED, null);
|
||||
}
|
||||
|
||||
if (parsedResponseType.isImplicitOrHybridFlow() && nonce == null) {
|
||||
logger.missingParameter(OIDCLoginProtocol.NONCE_PARAM);
|
||||
event.error(Errors.INVALID_REQUEST);
|
||||
return redirectErrorToClient(parsedResponseMode, OAuthErrorException.INVALID_REQUEST, "Missing parameter: nonce");
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
|
|
|
@ -26,6 +26,7 @@ import org.keycloak.events.EventStoreProvider;
|
|||
import org.keycloak.events.admin.AdminEvent;
|
||||
import org.keycloak.events.admin.AuthDetails;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
|
@ -86,8 +87,13 @@ public class AdminEventBuilder {
|
|||
return this;
|
||||
}
|
||||
|
||||
public AdminEventBuilder operation(OperationType e) {
|
||||
adminEvent.setOperationType(e);
|
||||
public AdminEventBuilder operation(OperationType operationType) {
|
||||
adminEvent.setOperationType(operationType);
|
||||
return this;
|
||||
}
|
||||
|
||||
public AdminEventBuilder resource(ResourceType resourceType){
|
||||
adminEvent.setResourceType(resourceType);
|
||||
return this;
|
||||
}
|
||||
|
||||
|
|
|
@ -19,6 +19,7 @@ package org.keycloak.services.resources.admin;
|
|||
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||
import org.keycloak.common.ClientConnection;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
|
@ -65,7 +66,7 @@ public class AttackDetectionResource {
|
|||
public AttackDetectionResource(RealmAuth auth, RealmModel realm, AdminEventBuilder adminEvent) {
|
||||
this.auth = auth;
|
||||
this.realm = realm;
|
||||
this.adminEvent = adminEvent.realm(realm);
|
||||
this.adminEvent = adminEvent.realm(realm).resource(ResourceType.USER_LOGIN_FAILURE);
|
||||
|
||||
auth.init(RealmAuth.Resource.USER);
|
||||
}
|
||||
|
|
|
@ -29,6 +29,7 @@ import org.keycloak.authentication.FormAuthenticator;
|
|||
import org.keycloak.authentication.RequiredActionFactory;
|
||||
import org.keycloak.authentication.RequiredActionProvider;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.AuthenticationExecutionModel;
|
||||
import org.keycloak.models.AuthenticationFlowModel;
|
||||
import org.keycloak.models.AuthenticatorConfigModel;
|
||||
|
@ -89,7 +90,7 @@ public class AuthenticationManagementResource {
|
|||
this.session = session;
|
||||
this.auth = auth;
|
||||
this.auth.init(RealmAuth.Resource.REALM);
|
||||
this.adminEvent = adminEvent;
|
||||
this.adminEvent = adminEvent.resource(ResourceType.AUTH_FLOW);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -375,7 +376,7 @@ public class AuthenticationManagementResource {
|
|||
execution = realm.addAuthenticatorExecution(execution);
|
||||
|
||||
data.put("id", execution.getId());
|
||||
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(data).success();
|
||||
adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTH_EXECUTION_FLOW).resourcePath(uriInfo).representation(data).success();
|
||||
}
|
||||
|
||||
private int getNextPriority(AuthenticationFlowModel parentFlow) {
|
||||
|
@ -428,7 +429,7 @@ public class AuthenticationManagementResource {
|
|||
execution = realm.addAuthenticatorExecution(execution);
|
||||
|
||||
data.put("id", execution.getId());
|
||||
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(data).success();
|
||||
adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo).representation(data).success();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -543,7 +544,7 @@ public class AuthenticationManagementResource {
|
|||
if (!model.getRequirement().name().equals(rep.getRequirement())) {
|
||||
model.setRequirement(AuthenticationExecutionModel.Requirement.valueOf(rep.getRequirement()));
|
||||
realm.updateAuthenticatorExecution(model);
|
||||
adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
|
||||
adminEvent.operation(OperationType.UPDATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo).representation(rep).success();
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -567,7 +568,7 @@ public class AuthenticationManagementResource {
|
|||
model.setPriority(getNextPriority(parentFlow));
|
||||
model = realm.addAuthenticatorExecution(model);
|
||||
|
||||
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, model.getId()).representation(execution).success();
|
||||
adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo, model.getId()).representation(execution).success();
|
||||
return Response.created(uriInfo.getAbsolutePathBuilder().path(model.getId()).build()).build();
|
||||
}
|
||||
|
||||
|
@ -620,7 +621,7 @@ public class AuthenticationManagementResource {
|
|||
model.setPriority(tmp);
|
||||
realm.updateAuthenticatorExecution(model);
|
||||
|
||||
adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).success();
|
||||
adminEvent.operation(OperationType.UPDATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo).success();
|
||||
}
|
||||
|
||||
public List<AuthenticationExecutionModel> getSortedExecutions(AuthenticationFlowModel parentFlow) {
|
||||
|
@ -665,7 +666,7 @@ public class AuthenticationManagementResource {
|
|||
next.setPriority(tmp);
|
||||
realm.updateAuthenticatorExecution(next);
|
||||
|
||||
adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).success();
|
||||
adminEvent.operation(OperationType.UPDATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo).success();
|
||||
}
|
||||
|
||||
|
||||
|
@ -698,7 +699,7 @@ public class AuthenticationManagementResource {
|
|||
|
||||
realm.removeAuthenticatorExecution(model);
|
||||
|
||||
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
|
||||
adminEvent.operation(OperationType.DELETE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo).success();
|
||||
}
|
||||
|
||||
|
||||
|
@ -728,7 +729,7 @@ public class AuthenticationManagementResource {
|
|||
realm.updateAuthenticatorExecution(model);
|
||||
|
||||
json.setId(config.getId());
|
||||
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(json).success();
|
||||
adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(uriInfo).representation(json).success();
|
||||
return Response.created(uriInfo.getAbsolutePathBuilder().path(config.getId()).build()).build();
|
||||
}
|
||||
|
||||
|
@ -811,7 +812,7 @@ public class AuthenticationManagementResource {
|
|||
requiredAction = realm.addRequiredActionProvider(requiredAction);
|
||||
|
||||
data.put("id", requiredAction.getId());
|
||||
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(data).success();
|
||||
adminEvent.operation(OperationType.CREATE).resource(ResourceType.REQUIRED_ACTION).resourcePath(uriInfo).representation(data).success();
|
||||
}
|
||||
|
||||
|
||||
|
@ -890,7 +891,7 @@ public class AuthenticationManagementResource {
|
|||
update.setConfig(rep.getConfig());
|
||||
realm.updateRequiredActionProvider(update);
|
||||
|
||||
adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
|
||||
adminEvent.operation(OperationType.UPDATE).resource(ResourceType.REQUIRED_ACTION).resourcePath(uriInfo).representation(rep).success();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -908,7 +909,7 @@ public class AuthenticationManagementResource {
|
|||
}
|
||||
realm.removeRequiredActionProvider(model);
|
||||
|
||||
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
|
||||
adminEvent.operation(OperationType.DELETE).resource(ResourceType.REQUIRED_ACTION).resourcePath(uriInfo).success();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -990,7 +991,7 @@ public class AuthenticationManagementResource {
|
|||
auth.requireManage();
|
||||
|
||||
AuthenticatorConfigModel config = realm.addAuthenticatorConfig(RepresentationToModel.toModel(rep));
|
||||
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, config.getId()).representation(rep).success();
|
||||
adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTHENTICATOR_CONFIG).resourcePath(uriInfo, config.getId()).representation(rep).success();
|
||||
return Response.created(uriInfo.getAbsolutePathBuilder().path(config.getId()).build()).build();
|
||||
}
|
||||
|
||||
|
@ -1040,7 +1041,7 @@ public class AuthenticationManagementResource {
|
|||
|
||||
realm.removeAuthenticatorConfig(config);
|
||||
|
||||
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
|
||||
adminEvent.operation(OperationType.DELETE).resource(ResourceType.AUTHENTICATOR_CONFIG).resourcePath(uriInfo).success();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1063,6 +1064,6 @@ public class AuthenticationManagementResource {
|
|||
exists.setAlias(rep.getAlias());
|
||||
exists.setConfig(rep.getConfig());
|
||||
realm.updateAuthenticatorConfig(exists);
|
||||
adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
|
||||
adminEvent.operation(OperationType.UPDATE).resource(ResourceType.AUTHENTICATOR_CONFIG).resourcePath(uriInfo).representation(rep).success();
|
||||
}
|
||||
}
|
|
@ -24,6 +24,7 @@ import org.jboss.resteasy.spi.NotAcceptableException;
|
|||
import org.jboss.resteasy.spi.NotFoundException;
|
||||
import org.keycloak.common.util.StreamUtil;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
|
@ -79,7 +80,7 @@ public class ClientAttributeCertificateResource {
|
|||
this.attributePrefix = attributePrefix;
|
||||
this.privateAttribute = attributePrefix + "." + PRIVATE_KEY;
|
||||
this.certificateAttribute = attributePrefix + "." + X509CERTIFICATE;
|
||||
this.adminEvent = adminEvent;
|
||||
this.adminEvent = adminEvent.resource(ResourceType.CLIENT);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -18,6 +18,7 @@
|
|||
package org.keycloak.services.resources.admin;
|
||||
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.ClientInitialAccessModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
|
@ -49,7 +50,7 @@ public class ClientInitialAccessResource {
|
|||
public ClientInitialAccessResource(RealmModel realm, RealmAuth auth, AdminEventBuilder adminEvent) {
|
||||
this.auth = auth;
|
||||
this.realm = realm;
|
||||
this.adminEvent = adminEvent;
|
||||
this.adminEvent = adminEvent.resource(ResourceType.CLIENT_INITIAL_ACCESS_MODEL);
|
||||
|
||||
auth.init(RealmAuth.Resource.CLIENT);
|
||||
}
|
||||
|
|
|
@ -22,6 +22,7 @@ import org.jboss.resteasy.spi.NotFoundException;
|
|||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||
import org.keycloak.authorization.admin.AuthorizationService;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.ClientSessionModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
|
@ -99,7 +100,7 @@ public class ClientResource {
|
|||
this.auth = auth;
|
||||
this.client = clientModel;
|
||||
this.session = session;
|
||||
this.adminEvent = adminEvent;
|
||||
this.adminEvent = adminEvent.resource(ResourceType.CLIENT);
|
||||
|
||||
auth.init(RealmAuth.Resource.CLIENT);
|
||||
}
|
||||
|
@ -343,7 +344,7 @@ public class ClientResource {
|
|||
throw new NotFoundException("Could not find client");
|
||||
}
|
||||
|
||||
adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success();
|
||||
adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).resource(ResourceType.CLIENT).success();
|
||||
return new ResourceAdminManager(session).pushClientRevocationPolicy(uriInfo.getRequestUri(), realm, client);
|
||||
|
||||
}
|
||||
|
@ -496,7 +497,7 @@ public class ClientResource {
|
|||
}
|
||||
if (logger.isDebugEnabled()) logger.debug("Register node: " + node);
|
||||
client.registerNode(node, Time.currentTime());
|
||||
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, node).success();
|
||||
adminEvent.operation(OperationType.CREATE).resource(ResourceType.CLUSTER_NODE).resourcePath(uriInfo, node).success();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -521,7 +522,7 @@ public class ClientResource {
|
|||
throw new NotFoundException("Client does not have node ");
|
||||
}
|
||||
client.unregisterNode(node);
|
||||
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
|
||||
adminEvent.operation(OperationType.DELETE).resource(ResourceType.CLUSTER_NODE).resourcePath(uriInfo).success();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -544,7 +545,7 @@ public class ClientResource {
|
|||
|
||||
logger.debug("Test availability of cluster nodes");
|
||||
GlobalRequestResult result = new ResourceAdminManager(session).testNodesAvailability(uriInfo.getRequestUri(), realm, client);
|
||||
adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).representation(result).success();
|
||||
adminEvent.operation(OperationType.ACTION).resource(ResourceType.CLUSTER_NODE).resourcePath(uriInfo).representation(result).success();
|
||||
return result;
|
||||
}
|
||||
|
||||
|
|
|
@ -19,6 +19,7 @@ package org.keycloak.services.resources.admin;
|
|||
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||
import org.jboss.resteasy.spi.NotFoundException;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.ModelException;
|
||||
|
@ -70,7 +71,7 @@ public class ClientRoleMappingsResource {
|
|||
this.auth = auth;
|
||||
this.user = user;
|
||||
this.client = client;
|
||||
this.adminEvent = adminEvent;
|
||||
this.adminEvent = adminEvent.resource(ResourceType.CLIENT_ROLE_MAPPING);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -20,6 +20,7 @@ import org.jboss.resteasy.annotations.cache.NoCache;
|
|||
import org.jboss.resteasy.spi.NotFoundException;
|
||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.ClientTemplateModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.ModelDuplicateException;
|
||||
|
@ -73,7 +74,7 @@ public class ClientTemplateResource {
|
|||
this.auth = auth;
|
||||
this.template = template;
|
||||
this.session = session;
|
||||
this.adminEvent = adminEvent;
|
||||
this.adminEvent = adminEvent.resource(ResourceType.CLIENT_TEMPLATE);
|
||||
|
||||
auth.init(RealmAuth.Resource.CLIENT);
|
||||
}
|
||||
|
|
|
@ -20,6 +20,7 @@ import org.jboss.resteasy.annotations.cache.NoCache;
|
|||
import org.jboss.resteasy.spi.NotFoundException;
|
||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.ClientTemplateModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.ModelDuplicateException;
|
||||
|
@ -61,7 +62,7 @@ public class ClientTemplatesResource {
|
|||
public ClientTemplatesResource(RealmModel realm, RealmAuth auth, AdminEventBuilder adminEvent) {
|
||||
this.realm = realm;
|
||||
this.auth = auth;
|
||||
this.adminEvent = adminEvent;
|
||||
this.adminEvent = adminEvent.resource(ResourceType.CLIENT_TEMPLATE);
|
||||
|
||||
auth.init(RealmAuth.Resource.CLIENT);
|
||||
}
|
||||
|
|
|
@ -20,6 +20,7 @@ import org.jboss.resteasy.annotations.cache.NoCache;
|
|||
import org.jboss.resteasy.spi.NotFoundException;
|
||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.ModelDuplicateException;
|
||||
|
@ -63,7 +64,7 @@ public class ClientsResource {
|
|||
public ClientsResource(RealmModel realm, RealmAuth auth, AdminEventBuilder adminEvent) {
|
||||
this.realm = realm;
|
||||
this.auth = auth;
|
||||
this.adminEvent = adminEvent;
|
||||
this.adminEvent = adminEvent.resource(ResourceType.CLIENT);
|
||||
|
||||
auth.init(RealmAuth.Resource.CLIENT);
|
||||
}
|
||||
|
|
|
@ -20,6 +20,7 @@ import org.jboss.resteasy.annotations.cache.NoCache;
|
|||
import org.jboss.resteasy.spi.NotFoundException;
|
||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.GroupModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
|
@ -62,7 +63,7 @@ public class GroupResource {
|
|||
this.realm = realm;
|
||||
this.session = session;
|
||||
this.auth = auth;
|
||||
this.adminEvent = adminEvent;
|
||||
this.adminEvent = adminEvent.resource(ResourceType.GROUP);
|
||||
this.group = group;
|
||||
}
|
||||
|
||||
|
|
|
@ -20,6 +20,7 @@ import org.jboss.resteasy.annotations.cache.NoCache;
|
|||
import org.jboss.resteasy.spi.NotFoundException;
|
||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.GroupModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
|
@ -53,7 +54,7 @@ public class GroupsResource {
|
|||
this.realm = realm;
|
||||
this.session = session;
|
||||
this.auth = auth;
|
||||
this.adminEvent = adminEvent;
|
||||
this.adminEvent = adminEvent.resource(ResourceType.GROUP);
|
||||
auth.init(RealmAuth.Resource.USER);
|
||||
|
||||
}
|
||||
|
|
|
@ -22,6 +22,7 @@ import org.keycloak.broker.provider.IdentityProvider;
|
|||
import org.keycloak.broker.provider.IdentityProviderFactory;
|
||||
import org.keycloak.broker.provider.IdentityProviderMapper;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.FederatedIdentityModel;
|
||||
import org.keycloak.models.IdentityProviderMapperModel;
|
||||
import org.keycloak.models.IdentityProviderModel;
|
||||
|
@ -82,7 +83,7 @@ public class IdentityProviderResource {
|
|||
this.session = session;
|
||||
this.identityProviderModel = identityProviderModel;
|
||||
this.auth = auth;
|
||||
this.adminEvent = adminEvent;
|
||||
this.adminEvent = adminEvent.resource(ResourceType.IDENTITY_PROVIDER);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -317,7 +318,7 @@ public class IdentityProviderResource {
|
|||
IdentityProviderMapperModel model = RepresentationToModel.toModel(mapper);
|
||||
model = realm.addIdentityProviderMapper(model);
|
||||
|
||||
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, model.getId())
|
||||
adminEvent.operation(OperationType.CREATE).resource(ResourceType.IDENTITY_PROVIDER_MAPPER).resourcePath(uriInfo, model.getId())
|
||||
.representation(mapper).success();
|
||||
|
||||
return Response.created(uriInfo.getAbsolutePathBuilder().path(model.getId()).build()).build();
|
||||
|
@ -367,7 +368,7 @@ public class IdentityProviderResource {
|
|||
if (model == null) throw new NotFoundException("Model not found");
|
||||
model = RepresentationToModel.toModel(rep);
|
||||
realm.updateIdentityProviderMapper(model);
|
||||
adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
|
||||
adminEvent.operation(OperationType.UPDATE).resource(ResourceType.IDENTITY_PROVIDER_MAPPER).resourcePath(uriInfo).representation(rep).success();
|
||||
|
||||
}
|
||||
|
||||
|
@ -389,7 +390,7 @@ public class IdentityProviderResource {
|
|||
IdentityProviderMapperModel model = realm.getIdentityProviderMapperById(id);
|
||||
if (model == null) throw new NotFoundException("Model not found");
|
||||
realm.removeIdentityProviderMapper(model);
|
||||
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
|
||||
adminEvent.operation(OperationType.DELETE).resource(ResourceType.IDENTITY_PROVIDER_MAPPER).resourcePath(uriInfo).success();
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -25,6 +25,7 @@ import org.keycloak.broker.provider.IdentityProvider;
|
|||
import org.keycloak.broker.provider.IdentityProviderFactory;
|
||||
import org.keycloak.connections.httpclient.HttpClientProvider;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.IdentityProviderModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.ModelDuplicateException;
|
||||
|
@ -71,7 +72,7 @@ public class IdentityProvidersResource {
|
|||
this.session = session;
|
||||
this.auth = auth;
|
||||
this.auth.init(RealmAuth.Resource.IDENTITY_PROVIDER);
|
||||
this.adminEvent = adminEvent;
|
||||
this.adminEvent = adminEvent.resource(ResourceType.IDENTITY_PROVIDER);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -19,6 +19,7 @@ package org.keycloak.services.resources.admin;
|
|||
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||
import org.jboss.resteasy.spi.NotFoundException;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.ModelDuplicateException;
|
||||
import org.keycloak.models.ProtocolMapperContainerModel;
|
||||
|
@ -70,7 +71,7 @@ public class ProtocolMappersResource {
|
|||
public ProtocolMappersResource(ProtocolMapperContainerModel client, RealmAuth auth, AdminEventBuilder adminEvent) {
|
||||
this.auth = auth;
|
||||
this.client = client;
|
||||
this.adminEvent = adminEvent;
|
||||
this.adminEvent = adminEvent.resource(ResourceType.PROTOCOL_MAPPER);
|
||||
|
||||
auth.init(Resource.CLIENT);
|
||||
}
|
||||
|
|
|
@ -31,6 +31,7 @@ import org.keycloak.events.EventType;
|
|||
import org.keycloak.events.admin.AdminEvent;
|
||||
import org.keycloak.events.admin.AdminEventQuery;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.exportimport.ClientDescriptionConverter;
|
||||
import org.keycloak.exportimport.ClientDescriptionConverterFactory;
|
||||
import org.keycloak.jose.jws.JWSBuilder;
|
||||
|
@ -127,7 +128,7 @@ public class RealmAdminResource {
|
|||
this.auth = auth;
|
||||
this.realm = realm;
|
||||
this.tokenManager = tokenManager;
|
||||
this.adminEvent = adminEvent.realm(realm);
|
||||
this.adminEvent = adminEvent.realm(realm).resource(ResourceType.REALM);
|
||||
|
||||
auth.init(RealmAuth.Resource.REALM);
|
||||
auth.requireAny();
|
||||
|
@ -413,7 +414,7 @@ public class RealmAdminResource {
|
|||
UserSessionModel userSession = session.sessions().getUserSession(realm, sessionId);
|
||||
if (userSession == null) throw new NotFoundException("Sesssion not found");
|
||||
AuthenticationManager.backchannelLogout(session, realm, userSession, uriInfo, connection, headers, true);
|
||||
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
|
||||
adminEvent.operation(OperationType.DELETE).resource(ResourceType.USER_SESSION).resourcePath(uriInfo).success();
|
||||
|
||||
}
|
||||
|
||||
|
@ -600,7 +601,8 @@ public class RealmAdminResource {
|
|||
@QueryParam("authUser") String authUser, @QueryParam("authIpAddress") String authIpAddress,
|
||||
@QueryParam("resourcePath") String resourcePath, @QueryParam("dateFrom") String dateFrom,
|
||||
@QueryParam("dateTo") String dateTo, @QueryParam("first") Integer firstResult,
|
||||
@QueryParam("max") Integer maxResults) {
|
||||
@QueryParam("max") Integer maxResults,
|
||||
@QueryParam("resourceTypes") List<String> resourceTypes) {
|
||||
auth.init(RealmAuth.Resource.EVENTS).requireView();
|
||||
|
||||
EventStoreProvider eventStore = session.getProvider(EventStoreProvider.class);
|
||||
|
@ -634,6 +636,16 @@ public class RealmAdminResource {
|
|||
query.operation(t);
|
||||
}
|
||||
|
||||
if (resourceTypes != null && !resourceTypes.isEmpty()) {
|
||||
ResourceType[] t = new ResourceType[resourceTypes.size()];
|
||||
for (int i = 0; i < t.length; i++) {
|
||||
t[i] = ResourceType.valueOf(resourceTypes.get(i));
|
||||
}
|
||||
query.resourceType(t);
|
||||
}
|
||||
|
||||
|
||||
|
||||
if(dateFrom != null) {
|
||||
SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd");
|
||||
Date from = null;
|
||||
|
@ -757,7 +769,7 @@ public class RealmAdminResource {
|
|||
}
|
||||
realm.addDefaultGroup(group);
|
||||
|
||||
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).success();
|
||||
adminEvent.operation(OperationType.CREATE).resource(ResourceType.GROUP).resourcePath(uriInfo).success();
|
||||
}
|
||||
|
||||
@DELETE
|
||||
|
@ -772,7 +784,7 @@ public class RealmAdminResource {
|
|||
}
|
||||
realm.removeDefaultGroup(group);
|
||||
|
||||
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
|
||||
adminEvent.operation(OperationType.DELETE).resource(ResourceType.GROUP).resourcePath(uriInfo).success();
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -19,6 +19,7 @@ package org.keycloak.services.resources.admin;
|
|||
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||
import org.jboss.resteasy.spi.NotFoundException;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
|
@ -116,6 +117,13 @@ public class RoleByIdResource extends RoleResource {
|
|||
|
||||
RoleModel role = getRoleModel(id);
|
||||
deleteRole(role);
|
||||
|
||||
if (role.isClientRole()) {
|
||||
adminEvent.resource(ResourceType.CLIENT_ROLE);
|
||||
} else {
|
||||
adminEvent.resource(ResourceType.REALM_ROLE);
|
||||
}
|
||||
|
||||
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
|
||||
}
|
||||
|
||||
|
@ -133,6 +141,13 @@ public class RoleByIdResource extends RoleResource {
|
|||
|
||||
RoleModel role = getRoleModel(id);
|
||||
updateRole(rep, role);
|
||||
|
||||
if (role.isClientRole()) {
|
||||
adminEvent.resource(ResourceType.CLIENT_ROLE);
|
||||
} else {
|
||||
adminEvent.resource(ResourceType.REALM_ROLE);
|
||||
}
|
||||
|
||||
adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
|
||||
}
|
||||
|
||||
|
|
|
@ -20,6 +20,7 @@ package org.keycloak.services.resources.admin;
|
|||
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||
import org.jboss.resteasy.spi.NotFoundException;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.ModelDuplicateException;
|
||||
import org.keycloak.models.RealmModel;
|
||||
|
@ -116,6 +117,13 @@ public class RoleContainerResource extends RoleResource {
|
|||
role.setScopeParamRequired(scopeParamRequired);
|
||||
|
||||
rep.setId(role.getId());
|
||||
|
||||
if (role.isClientRole()) {
|
||||
adminEvent.resource(ResourceType.CLIENT_ROLE);
|
||||
} else {
|
||||
adminEvent.resource(ResourceType.REALM_ROLE);
|
||||
}
|
||||
|
||||
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, role.getName()).representation(rep).success();
|
||||
|
||||
return Response.created(uriInfo.getAbsolutePathBuilder().path(role.getName()).build()).build();
|
||||
|
@ -164,13 +172,18 @@ public class RoleContainerResource extends RoleResource {
|
|||
throw new NotFoundException("Could not find client");
|
||||
}
|
||||
|
||||
RoleRepresentation rep = getRole(roleName);
|
||||
RoleModel role = roleContainer.getRole(roleName);
|
||||
if (role == null) {
|
||||
throw new NotFoundException("Could not find role");
|
||||
}
|
||||
deleteRole(role);
|
||||
|
||||
if (role.isClientRole()) {
|
||||
adminEvent.resource(ResourceType.CLIENT_ROLE);
|
||||
} else {
|
||||
adminEvent.resource(ResourceType.REALM_ROLE);
|
||||
}
|
||||
|
||||
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
|
||||
|
||||
}
|
||||
|
@ -199,6 +212,12 @@ public class RoleContainerResource extends RoleResource {
|
|||
try {
|
||||
updateRole(rep, role);
|
||||
|
||||
if (role.isClientRole()) {
|
||||
adminEvent.resource(ResourceType.CLIENT_ROLE);
|
||||
} else {
|
||||
adminEvent.resource(ResourceType.REALM_ROLE);
|
||||
}
|
||||
|
||||
adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
|
||||
|
||||
return Response.noContent().build();
|
||||
|
|
|
@ -20,6 +20,7 @@ import org.jboss.resteasy.annotations.cache.NoCache;
|
|||
import org.jboss.resteasy.spi.NotFoundException;
|
||||
import org.keycloak.common.ClientConnection;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.ModelException;
|
||||
|
@ -88,7 +89,7 @@ public class RoleMapperResource {
|
|||
public RoleMapperResource(RealmModel realm, RealmAuth auth, RoleMapperModel roleMapper, AdminEventBuilder adminEvent) {
|
||||
this.auth = auth;
|
||||
this.realm = realm;
|
||||
this.adminEvent = adminEvent;
|
||||
this.adminEvent = adminEvent.resource(ResourceType.REALM_ROLE_MAPPING);
|
||||
this.roleMapper = roleMapper;
|
||||
|
||||
}
|
||||
|
|
|
@ -19,6 +19,7 @@ package org.keycloak.services.resources.admin;
|
|||
|
||||
import org.jboss.resteasy.spi.NotFoundException;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RoleModel;
|
||||
|
@ -67,6 +68,12 @@ public abstract class RoleResource {
|
|||
role.addCompositeRole(composite);
|
||||
}
|
||||
|
||||
if (role.isClientRole()) {
|
||||
adminEvent.resource(ResourceType.CLIENT_ROLE);
|
||||
} else {
|
||||
adminEvent.resource(ResourceType.REALM_ROLE);
|
||||
}
|
||||
|
||||
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(roles).success();
|
||||
}
|
||||
|
||||
|
@ -111,6 +118,12 @@ public abstract class RoleResource {
|
|||
role.removeCompositeRole(composite);
|
||||
}
|
||||
|
||||
if (role.isClientRole()) {
|
||||
adminEvent.resource(ResourceType.CLIENT_ROLE);
|
||||
} else {
|
||||
adminEvent.resource(ResourceType.REALM_ROLE);
|
||||
}
|
||||
|
||||
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).representation(roles).success();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -20,6 +20,7 @@ package org.keycloak.services.resources.admin;
|
|||
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||
import org.jboss.resteasy.spi.NotFoundException;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
|
@ -60,7 +61,7 @@ public class ScopeMappedClientResource {
|
|||
this.scopeContainer = scopeContainer;
|
||||
this.session = session;
|
||||
this.scopedClient = scopedClient;
|
||||
this.adminEvent = adminEvent;
|
||||
this.adminEvent = adminEvent.resource(ResourceType.CLIENT_SCOPE_MAPPING);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -20,6 +20,7 @@ package org.keycloak.services.resources.admin;
|
|||
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||
import org.jboss.resteasy.spi.NotFoundException;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
|
@ -65,7 +66,7 @@ public class ScopeMappedResource {
|
|||
this.auth = auth;
|
||||
this.scopeContainer = scopeContainer;
|
||||
this.session = session;
|
||||
this.adminEvent = adminEvent;
|
||||
this.adminEvent = adminEvent.resource(ResourceType.REALM_SCOPE_MAPPING);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -42,6 +42,7 @@ import javax.ws.rs.core.UriInfo;
|
|||
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||
import org.jboss.resteasy.spi.NotFoundException;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.mappers.FederationConfigValidationException;
|
||||
import org.keycloak.mappers.UserFederationMapper;
|
||||
import org.keycloak.mappers.UserFederationMapperFactory;
|
||||
|
@ -87,7 +88,7 @@ public class UserFederationProviderResource {
|
|||
this.realm = realm;
|
||||
this.auth = auth;
|
||||
this.federationProviderModel = federationProviderModel;
|
||||
this.adminEvent = adminEvent;
|
||||
this.adminEvent = adminEvent.resource(ResourceType.USER_FEDERATION_PROVIDER);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -311,7 +312,7 @@ public class UserFederationProviderResource {
|
|||
|
||||
model = realm.addUserFederationMapper(model);
|
||||
|
||||
adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, model.getId())
|
||||
adminEvent.operation(OperationType.CREATE).resource(ResourceType.USER_FEDERATION_MAPPER).resourcePath(uriInfo, model.getId())
|
||||
.representation(mapper).success();
|
||||
|
||||
return Response.created(uriInfo.getAbsolutePathBuilder().path(model.getId()).build()).build();
|
||||
|
@ -364,7 +365,7 @@ public class UserFederationProviderResource {
|
|||
validateModel(model);
|
||||
|
||||
realm.updateUserFederationMapper(model);
|
||||
adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
|
||||
adminEvent.operation(OperationType.UPDATE).resource(ResourceType.USER_FEDERATION_MAPPER).resourcePath(uriInfo).representation(rep).success();
|
||||
|
||||
}
|
||||
|
||||
|
@ -386,7 +387,7 @@ public class UserFederationProviderResource {
|
|||
UserFederationMapperModel model = realm.getUserFederationMapperById(id);
|
||||
if (model == null) throw new NotFoundException("Model not found");
|
||||
realm.removeUserFederationMapper(model);
|
||||
adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
|
||||
adminEvent.operation(OperationType.DELETE).resource(ResourceType.USER_FEDERATION_MAPPER).resourcePath(uriInfo).success();
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -21,6 +21,7 @@ import org.jboss.resteasy.spi.NotFoundException;
|
|||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||
import org.keycloak.common.constants.KerberosConstants;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.mappers.FederationConfigValidationException;
|
||||
import org.keycloak.models.AuthenticationExecutionModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
|
@ -84,7 +85,7 @@ public class UserFederationProvidersResource {
|
|||
public UserFederationProvidersResource(RealmModel realm, RealmAuth auth, AdminEventBuilder adminEvent) {
|
||||
this.auth = auth;
|
||||
this.realm = realm;
|
||||
this.adminEvent = adminEvent;
|
||||
this.adminEvent = adminEvent.resource(ResourceType.USER_FEDERATION_PROVIDER);
|
||||
|
||||
auth.init(RealmAuth.Resource.USER);
|
||||
}
|
||||
|
|
|
@ -28,6 +28,7 @@ import org.keycloak.events.Details;
|
|||
import org.keycloak.events.EventBuilder;
|
||||
import org.keycloak.events.EventType;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.ClientSessionModel;
|
||||
import org.keycloak.models.Constants;
|
||||
|
@ -99,6 +100,8 @@ import org.keycloak.services.resources.AccountService;
|
|||
import org.keycloak.common.util.Time;
|
||||
import org.keycloak.services.validation.Validation;
|
||||
|
||||
import static org.keycloak.events.admin.ResourceType.GROUP_MEMBERSHIP;
|
||||
|
||||
/**
|
||||
* Base resource for managing users
|
||||
*
|
||||
|
@ -129,7 +132,7 @@ public class UsersResource {
|
|||
public UsersResource(RealmModel realm, RealmAuth auth, AdminEventBuilder adminEvent) {
|
||||
this.auth = auth;
|
||||
this.realm = realm;
|
||||
this.adminEvent = adminEvent;
|
||||
this.adminEvent = adminEvent.resource(ResourceType.USER);
|
||||
|
||||
auth.init(RealmAuth.Resource.USER);
|
||||
}
|
||||
|
@ -961,7 +964,7 @@ public class UsersResource {
|
|||
try {
|
||||
if (user.isMemberOf(group)){
|
||||
user.leaveGroup(group);
|
||||
adminEvent.operation(OperationType.DELETE).representation(ModelToRepresentation.toRepresentation(group, true)).resourcePath(uriInfo).success();
|
||||
adminEvent.operation(OperationType.DELETE).resource(ResourceType.GROUP_MEMBERSHIP).representation(ModelToRepresentation.toRepresentation(group, true)).resourcePath(uriInfo).success();
|
||||
}
|
||||
} catch (ModelException me) {
|
||||
Properties messages = AdminRoot.getMessages(session, realm, auth.getAuth().getToken().getLocale());
|
||||
|
@ -986,7 +989,7 @@ public class UsersResource {
|
|||
}
|
||||
if (!user.isMemberOf(group)){
|
||||
user.joinGroup(group);
|
||||
adminEvent.operation(OperationType.CREATE).representation(ModelToRepresentation.toRepresentation(group, true)).resourcePath(uriInfo).success();
|
||||
adminEvent.operation(OperationType.CREATE).resource(ResourceType.GROUP_MEMBERSHIP).representation(ModelToRepresentation.toRepresentation(group, true)).resourcePath(uriInfo).success();
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -25,6 +25,7 @@ import java.util.LinkedHashMap;
|
|||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.ServiceLoader;
|
||||
|
||||
import javax.ws.rs.GET;
|
||||
import javax.ws.rs.WebApplicationException;
|
||||
|
@ -35,6 +36,8 @@ import org.keycloak.broker.provider.IdentityProviderFactory;
|
|||
import org.keycloak.common.util.MultivaluedHashMap;
|
||||
import org.keycloak.events.EventType;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.PasswordPolicy;
|
||||
import org.keycloak.policy.PasswordPolicyProvider;
|
||||
import org.keycloak.policy.PasswordPolicyProviderFactory;
|
||||
import org.keycloak.provider.*;
|
||||
|
@ -66,7 +69,7 @@ import org.keycloak.representations.info.ThemeInfoRepresentation;
|
|||
*/
|
||||
public class ServerInfoAdminResource {
|
||||
|
||||
private static final Map<String, List<String>> ENUMS = createEnumsMap(EventType.class, OperationType.class);
|
||||
private static final Map<String, List<String>> ENUMS = createEnumsMap(EventType.class, OperationType.class, ResourceType.class);
|
||||
|
||||
@Context
|
||||
private KeycloakSession session;
|
||||
|
|
|
@ -69,6 +69,7 @@ public class EventsListenerProvider implements EventListenerProvider {
|
|||
newEvent.setAuthDetails(adminEvent.getAuthDetails());
|
||||
newEvent.setError(adminEvent.getError());
|
||||
newEvent.setOperationType(adminEvent.getOperationType());
|
||||
newEvent.setResourceType(adminEvent.getResourceType());
|
||||
newEvent.setRealmId(adminEvent.getRealmId());
|
||||
newEvent.setRepresentation(adminEvent.getRepresentation());
|
||||
newEvent.setResourcePath(adminEvent.getResourcePath());
|
||||
|
|
|
@ -26,6 +26,7 @@ import org.keycloak.common.util.Time;
|
|||
import org.keycloak.connections.infinispan.InfinispanConnectionProvider;
|
||||
import org.keycloak.events.Event;
|
||||
import org.keycloak.events.admin.AdminEvent;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserSessionModel;
|
||||
|
@ -492,6 +493,9 @@ public class TestingResourceProvider implements RealmResourceProvider {
|
|||
event.setAuthDetails(repToModel(rep.getAuthDetails()));
|
||||
event.setError(rep.getError());
|
||||
event.setOperationType(OperationType.valueOf(rep.getOperationType()));
|
||||
if (rep.getResourceType() != null) {
|
||||
event.setResourceType(ResourceType.valueOf(rep.getResourceType()));
|
||||
}
|
||||
event.setRealmId(rep.getRealmId());
|
||||
event.setRepresentation(rep.getRepresentation());
|
||||
event.setResourcePath(rep.getResourcePath());
|
||||
|
|
|
@ -29,6 +29,7 @@
|
|||
<button onclick="keycloak.register()">Register</button>
|
||||
<button onclick="refreshToken(9999)">Refresh Token</button>
|
||||
<button onclick="refreshToken(30)">Refresh Token (if <30s validity)</button>
|
||||
<button onclick="showError()">Show Error Response</button>
|
||||
<button onclick="loadProfile()">Get Profile</button>
|
||||
<button onclick="loadUserInfo()">Get User Info</button>
|
||||
<button onclick="output(keycloak.tokenParsed)">Show Token</button>
|
||||
|
@ -108,6 +109,20 @@
|
|||
output(o);
|
||||
}
|
||||
|
||||
function showError() {
|
||||
output("Error: " + getParameterByName("error") + "\n" + "Error description: " + getParameterByName("error_description"));
|
||||
}
|
||||
|
||||
function getParameterByName(name, url) {
|
||||
if (!url) url = window.location.href;
|
||||
name = name.replace(/[\[\]]/g, "\\$&");
|
||||
var regex = new RegExp("[?&#]" + name + "(=([^&#]*)|&|#|$)"),
|
||||
results = regex.exec(url);
|
||||
if (!results) return null;
|
||||
if (!results[2]) return '';
|
||||
return decodeURIComponent(results[2].replace(/\+/g, " "));
|
||||
}
|
||||
|
||||
function output(data) {
|
||||
if (typeof data === 'object') {
|
||||
data = JSON.stringify(data, null, ' ');
|
||||
|
|
|
@ -59,6 +59,8 @@ public class JSConsoleTestApp extends AbstractPageWithInjectedUrl {
|
|||
@FindBy(xpath = "//button[text() = 'Get Profile']")
|
||||
private WebElement getProfileButton;
|
||||
|
||||
@FindBy(xpath = "//button[text() = 'Show Error Response']")
|
||||
private WebElement showErrorButton;
|
||||
@FindBy(xpath = "//button[text() = 'Show Token']")
|
||||
private WebElement showTokenButton;
|
||||
@FindBy(xpath = "//button[text() = 'Show Refresh Token']")
|
||||
|
@ -137,4 +139,8 @@ public class JSConsoleTestApp extends AbstractPageWithInjectedUrl {
|
|||
public WebElement getInitButtonElement() {
|
||||
return initButton;
|
||||
}
|
||||
|
||||
public void showErrorResponse() {
|
||||
showErrorButton.click();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -23,21 +23,27 @@ import org.keycloak.testsuite.auth.page.login.OIDCLogin;
|
|||
import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl;
|
||||
import org.keycloak.testsuite.page.Form;
|
||||
import org.keycloak.testsuite.pages.ConsentPage;
|
||||
import org.keycloak.testsuite.util.URLUtils;
|
||||
import org.keycloak.testsuite.util.WaitUtils;
|
||||
import org.openqa.selenium.By;
|
||||
import org.openqa.selenium.WebElement;
|
||||
import org.openqa.selenium.support.FindBy;
|
||||
|
||||
import java.net.URL;
|
||||
import java.util.List;
|
||||
|
||||
import static org.keycloak.testsuite.util.WaitUtils.IMPLICIT_ELEMENT_WAIT_MILLIS;
|
||||
import static org.keycloak.testsuite.util.WaitUtils.pause;
|
||||
import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
|
||||
* @author Vaclav Muzikar <vmuzikar@redhat.com>
|
||||
*/
|
||||
public class PhotozClientAuthzTestApp extends AbstractPageWithInjectedUrl {
|
||||
|
||||
public static final String DEPLOYMENT_NAME = "photoz-html5-client";
|
||||
public static final int WAIT_AFTER_OPERATION = 2000;
|
||||
|
||||
@ArquillianResource
|
||||
@OperateOnDeployment(DEPLOYMENT_NAME)
|
||||
|
@ -49,14 +55,16 @@ public class PhotozClientAuthzTestApp extends AbstractPageWithInjectedUrl {
|
|||
@Page
|
||||
protected ConsentPage consentPage;
|
||||
|
||||
@FindBy(xpath = "//a[@ng-click = 'Identity.logout()']")
|
||||
WebElement signOutButton;
|
||||
|
||||
public void createAlbum(String name) {
|
||||
navigateTo();
|
||||
By id = By.id("create-album");
|
||||
WaitUtils.waitUntilElement(id);
|
||||
this.driver.findElement(id).click();
|
||||
this.driver.findElement(By.id("create-album")).click();
|
||||
Form.setInputValue(this.driver.findElement(By.id("album.name")), name);
|
||||
pause(200); // We need to wait a bit for the form to "accept" the input (otherwise it registers the input as empty)
|
||||
this.driver.findElement(By.id("save-album")).click();
|
||||
pause(500);
|
||||
pause(WAIT_AFTER_OPERATION);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -65,76 +73,44 @@ public class PhotozClientAuthzTestApp extends AbstractPageWithInjectedUrl {
|
|||
}
|
||||
|
||||
public void deleteAlbum(String name) {
|
||||
By id = By.id("delete-" + name);
|
||||
WaitUtils.waitUntilElement(id);
|
||||
this.driver.findElements(id).forEach(WebElement::click);
|
||||
pause(500);
|
||||
driver.findElements(By.xpath("//a[text()='" + name + "']/following-sibling::a[text()='X']")).forEach(WebElement::click);
|
||||
pause(WAIT_AFTER_OPERATION);
|
||||
}
|
||||
|
||||
public void navigateToAdminAlbum() {
|
||||
this.driver.navigate().to(this.getInjectedUrl().toString() + "/#/admin/album");
|
||||
pause(500);
|
||||
URLUtils.navigateToUri(driver, toString() + "/#/admin/album", true);
|
||||
driver.navigate().refresh(); // This is sometimes necessary for loading the new policy settings
|
||||
waitForPageToLoad(driver);
|
||||
pause(WAIT_AFTER_OPERATION);
|
||||
}
|
||||
|
||||
public void logOut() {
|
||||
navigateTo();
|
||||
By by = By.xpath("//a[text() = 'Sign Out']");
|
||||
WaitUtils.waitUntilElement(by);
|
||||
this.driver.findElement(by).click();
|
||||
pause(500);
|
||||
signOutButton.click(); // Sometimes doesn't work in PhantomJS!
|
||||
pause(WAIT_AFTER_OPERATION);
|
||||
}
|
||||
|
||||
public void login(String username, String password) throws InterruptedException {
|
||||
navigateTo();
|
||||
Thread.sleep(2000);
|
||||
if (this.driver.getCurrentUrl().startsWith(getInjectedUrl().toString())) {
|
||||
Thread.sleep(2000);
|
||||
logOut();
|
||||
navigateTo();
|
||||
}
|
||||
public void login(String username, String password, String... scopes) {
|
||||
if (scopes.length > 0) {
|
||||
StringBuilder scopesValue = new StringBuilder();
|
||||
|
||||
Thread.sleep(2000);
|
||||
|
||||
this.loginPage.form().login(username, password);
|
||||
|
||||
// simple check if we are at the consent page, if so just click 'Yes'
|
||||
if (this.consentPage.isCurrent()) {
|
||||
consentPage.confirm();
|
||||
Thread.sleep(2000);
|
||||
}
|
||||
}
|
||||
|
||||
public void loginWithScopes(String username, String password, String... scopes) throws Exception {
|
||||
navigateTo();
|
||||
Thread.sleep(2000);
|
||||
if (this.driver.getCurrentUrl().startsWith(getInjectedUrl().toString())) {
|
||||
Thread.sleep(2000);
|
||||
logOut();
|
||||
navigateTo();
|
||||
}
|
||||
|
||||
Thread.sleep(2000);
|
||||
|
||||
StringBuilder scopesValue = new StringBuilder();
|
||||
|
||||
for (String scope : scopes) {
|
||||
if (scopesValue.length() != 0) {
|
||||
scopesValue.append(" ");
|
||||
for (String scope : scopes) {
|
||||
if (scopesValue.length() != 0) {
|
||||
scopesValue.append(" ");
|
||||
}
|
||||
scopesValue.append(scope);
|
||||
}
|
||||
scopesValue.append(scope);
|
||||
|
||||
URLUtils.navigateToUri(driver, this.driver.getCurrentUrl() + " " + scopesValue, true);
|
||||
}
|
||||
|
||||
this.driver.navigate().to(this.driver.getCurrentUrl() + " " + scopesValue);
|
||||
|
||||
Thread.sleep(2000);
|
||||
|
||||
this.loginPage.form().login(username, password);
|
||||
|
||||
// simple check if we are at the consent page, if so just click 'Yes'
|
||||
if (this.consentPage.isCurrent()) {
|
||||
consentPage.confirm();
|
||||
Thread.sleep(2000);
|
||||
}
|
||||
|
||||
pause(WAIT_AFTER_OPERATION);
|
||||
}
|
||||
|
||||
public boolean wasDenied() {
|
||||
|
@ -142,10 +118,20 @@ public class PhotozClientAuthzTestApp extends AbstractPageWithInjectedUrl {
|
|||
}
|
||||
|
||||
public void viewAlbum(String name) throws InterruptedException {
|
||||
Thread.sleep(2000);
|
||||
By id = By.id("view-" + name);
|
||||
WaitUtils.waitUntilElement(id);
|
||||
this.driver.findElements(id).forEach(WebElement::click);
|
||||
pause(500);
|
||||
this.driver.findElement(By.xpath("//a[text() = '" + name + "']")).click();
|
||||
waitForPageToLoad(driver);
|
||||
driver.navigate().refresh(); // This is sometimes necessary for loading the new policy settings
|
||||
pause(WAIT_AFTER_OPERATION);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void navigateTo(boolean waitForMatch) {
|
||||
super.navigateTo(waitForMatch);
|
||||
pause(WAIT_AFTER_OPERATION);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isCurrent() {
|
||||
return URLUtils.currentUrlStartWith(driver, toString());
|
||||
}
|
||||
}
|
||||
|
|
|
@ -21,6 +21,7 @@ import java.util.Map;
|
|||
import java.util.Properties;
|
||||
|
||||
import org.junit.rules.ExternalResource;
|
||||
import org.keycloak.models.LDAPConstants;
|
||||
import org.keycloak.util.ldap.LDAPEmbeddedServer;
|
||||
|
||||
/**
|
||||
|
@ -30,6 +31,14 @@ public class LDAPRule extends ExternalResource {
|
|||
|
||||
public static final String LDAP_CONNECTION_PROPERTIES_LOCATION = "classpath:ldap/ldap-connection.properties";
|
||||
|
||||
private static final String PROPERTY_ENABLE_SSL = "enableSSL";
|
||||
|
||||
private static final String PROPERTY_KEYSTORE_FILE = "keystoreFile";
|
||||
|
||||
private static final String PRIVATE_KEY = "keystore/keycloak.jks";
|
||||
|
||||
private static final String PROPERTY_CERTIFICATE_PASSWORD = "certificatePassword";
|
||||
|
||||
protected LDAPTestConfiguration ldapTestConfiguration;
|
||||
protected LDAPEmbeddedServer ldapEmbeddedServer;
|
||||
|
||||
|
@ -66,6 +75,11 @@ public class LDAPRule extends ExternalResource {
|
|||
Properties defaultProperties = new Properties();
|
||||
defaultProperties.setProperty(LDAPEmbeddedServer.PROPERTY_DSF, LDAPEmbeddedServer.DSF_INMEMORY);
|
||||
defaultProperties.setProperty(LDAPEmbeddedServer.PROPERTY_LDIF_FILE, "classpath:ldap/users.ldif");
|
||||
defaultProperties.setProperty(LDAPConstants.CONNECTION_URL, "ldaps://localhost:10636");
|
||||
defaultProperties.setProperty(LDAPEmbeddedServer.PROPERTY_BIND_PORT, "10636");
|
||||
defaultProperties.setProperty(PROPERTY_ENABLE_SSL, "true");
|
||||
defaultProperties.setProperty(PROPERTY_CERTIFICATE_PASSWORD, "secret");
|
||||
defaultProperties.setProperty(PROPERTY_KEYSTORE_FILE, this.getClass().getClassLoader().getResource(LDAPRule.PRIVATE_KEY).getFile());
|
||||
|
||||
return new LDAPEmbeddedServer(defaultProperties);
|
||||
}
|
||||
|
|
|
@ -41,6 +41,7 @@ import org.keycloak.jose.jws.crypto.RSAProvider;
|
|||
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
||||
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
|
||||
import org.keycloak.protocol.oidc.representations.JSONWebKeySet;
|
||||
import org.keycloak.protocol.oidc.utils.OIDCResponseType;
|
||||
import org.keycloak.representations.AccessToken;
|
||||
import org.keycloak.representations.IDToken;
|
||||
import org.keycloak.representations.RefreshToken;
|
||||
|
@ -120,7 +121,7 @@ public class OAuthClient {
|
|||
maxAge = null;
|
||||
}
|
||||
|
||||
public AuthorizationCodeResponse doLogin(String username, String password) {
|
||||
public AuthorizationEndpointResponse doLogin(String username, String password) {
|
||||
openLoginForm();
|
||||
String src = driver.getPageSource();
|
||||
try {
|
||||
|
@ -132,7 +133,7 @@ public class OAuthClient {
|
|||
throw t;
|
||||
}
|
||||
|
||||
return new AuthorizationCodeResponse(this);
|
||||
return new AuthorizationEndpointResponse(this);
|
||||
}
|
||||
|
||||
public void doLoginGrant(String username, String password) {
|
||||
|
@ -637,7 +638,7 @@ public class OAuthClient {
|
|||
return realm;
|
||||
}
|
||||
|
||||
public static class AuthorizationCodeResponse {
|
||||
public static class AuthorizationEndpointResponse {
|
||||
|
||||
private boolean isRedirected;
|
||||
private String code;
|
||||
|
@ -645,11 +646,25 @@ public class OAuthClient {
|
|||
private String error;
|
||||
private String errorDescription;
|
||||
|
||||
public AuthorizationCodeResponse(OAuthClient client) {
|
||||
this(client, false);
|
||||
// Just during OIDC implicit or hybrid flow
|
||||
private String accessToken;
|
||||
private String idToken;
|
||||
|
||||
public AuthorizationEndpointResponse(OAuthClient client) {
|
||||
boolean fragment;
|
||||
try {
|
||||
fragment = client.responseType != null && OIDCResponseType.parse(client.responseType).isImplicitOrHybridFlow();
|
||||
} catch (IllegalArgumentException iae) {
|
||||
fragment = false;
|
||||
}
|
||||
init (client, fragment);
|
||||
}
|
||||
|
||||
public AuthorizationCodeResponse(OAuthClient client, boolean fragment) {
|
||||
public AuthorizationEndpointResponse(OAuthClient client, boolean fragment) {
|
||||
init(client, fragment);
|
||||
}
|
||||
|
||||
private void init(OAuthClient client, boolean fragment) {
|
||||
isRedirected = client.getCurrentRequest().equals(client.getRedirectUri());
|
||||
Map<String, String> params = fragment ? client.getCurrentFragment() : client.getCurrentQuery();
|
||||
|
||||
|
@ -657,6 +672,8 @@ public class OAuthClient {
|
|||
state = params.get(OAuth2Constants.STATE);
|
||||
error = params.get(OAuth2Constants.ERROR);
|
||||
errorDescription = params.get(OAuth2Constants.ERROR_DESCRIPTION);
|
||||
accessToken = params.get(OAuth2Constants.ACCESS_TOKEN);
|
||||
idToken = params.get(OAuth2Constants.ID_TOKEN);
|
||||
}
|
||||
|
||||
public boolean isRedirected() {
|
||||
|
@ -678,6 +695,14 @@ public class OAuthClient {
|
|||
public String getErrorDescription() {
|
||||
return errorDescription;
|
||||
}
|
||||
|
||||
public String getAccessToken() {
|
||||
return accessToken;
|
||||
}
|
||||
|
||||
public String getIdToken() {
|
||||
return idToken;
|
||||
}
|
||||
}
|
||||
|
||||
public static class AccessTokenResponse {
|
||||
|
|
|
@ -40,8 +40,12 @@ public final class URLUtils {
|
|||
driver.navigate().to(uri);
|
||||
|
||||
if (waitForMatch) {
|
||||
// Possible login URL; this is to eliminate unnecessary wait when navigating to a secured page and being
|
||||
// redirected to the login page
|
||||
String loginUrl = "^[^\\?]+/auth/realms/[^/]+/(protocol|login-actions).+$";
|
||||
|
||||
try {
|
||||
(new WebDriverWait(driver, 3)).until(urlMatches("^" + Pattern.quote(uri) + ".*$"));
|
||||
(new WebDriverWait(driver, 3)).until(or(urlMatches("^" + Pattern.quote(uri) + ".*$"), urlMatches(loginUrl)));
|
||||
} catch (TimeoutException e) {
|
||||
log.info("new current URL doesn't start with desired URL");
|
||||
}
|
||||
|
|
|
@ -101,10 +101,7 @@ public abstract class AbstractAuthTest extends AbstractKeycloakTest {
|
|||
}
|
||||
|
||||
public void deleteAllCookiesForTestRealm() {
|
||||
// testRealmPage.navigateTo();
|
||||
testRealmAccountPage.navigateTo(); // Because IE webdriver freezes when loading a JSON page (realm page), we need to use this alternative
|
||||
log.debug("deleting cookies in test realm");
|
||||
driver.manage().deleteAllCookies();
|
||||
deleteAllCookiesForRealm(testRealmAccountPage);
|
||||
}
|
||||
|
||||
public void listCookies() {
|
||||
|
|
|
@ -169,9 +169,13 @@ public abstract class AbstractKeycloakTest {
|
|||
}
|
||||
|
||||
public void deleteAllCookiesForMasterRealm() {
|
||||
deleteAllCookiesForRealm(accountPage);
|
||||
}
|
||||
|
||||
protected void deleteAllCookiesForRealm(Account realmAccountPage) {
|
||||
// masterRealmPage.navigateTo();
|
||||
accountPage.navigateTo(); // Because IE webdriver freezes when loading a JSON page (realm page), we need to use this alternative
|
||||
log.debug("deleting cookies in master realm");
|
||||
realmAccountPage.navigateTo(); // Because IE webdriver freezes when loading a JSON page (realm page), we need to use this alternative
|
||||
log.info("deleting cookies in '" + realmAccountPage.getAuthRealm() + "' realm");
|
||||
driver.manage().deleteAllCookies();
|
||||
}
|
||||
|
||||
|
|
|
@ -86,7 +86,7 @@ public abstract class TestRealmKeycloakTest extends AbstractKeycloakTest {
|
|||
String sessionId = loginEvent.getSessionId();
|
||||
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
|
||||
|
||||
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
|
||||
String code = new OAuthClient.AuthorizationEndpointResponse(oauth).getCode();
|
||||
OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
|
||||
|
||||
Assert.assertEquals(200, response.getStatusCode());
|
||||
|
|
|
@ -268,14 +268,14 @@ public abstract class AbstractJSConsoleExampleAdapterTest extends AbstractExampl
|
|||
jsConsoleTestAppPage.init();
|
||||
|
||||
jsConsoleTestAppPage.logIn();
|
||||
assertTrue(driver.getPageSource().contains("Implicit flow is disabled for the client"));
|
||||
assertResponseError("Implicit flow is disabled for the client");
|
||||
|
||||
setImplicitFlowFroClient();
|
||||
setImplicitFlowForClient();
|
||||
|
||||
jsConsoleTestAppPage.navigateTo();
|
||||
jsConsoleTestAppPage.init();
|
||||
jsConsoleTestAppPage.logIn();
|
||||
assertTrue(driver.getPageSource().contains("Standard flow is disabled for the client"));
|
||||
assertResponseError("Standard flow is disabled for the client");
|
||||
|
||||
logInAndInit("implicit");
|
||||
|
||||
|
@ -284,19 +284,19 @@ public abstract class AbstractJSConsoleExampleAdapterTest extends AbstractExampl
|
|||
|
||||
@Test
|
||||
public void implicitFlowQueryTest() {
|
||||
setImplicitFlowFroClient();
|
||||
setImplicitFlowForClient();
|
||||
|
||||
jsConsoleTestAppPage.navigateTo();
|
||||
jsConsoleTestAppPage.setFlow("implicit");
|
||||
jsConsoleTestAppPage.setResponseMode("query");
|
||||
jsConsoleTestAppPage.init();
|
||||
jsConsoleTestAppPage.logIn();
|
||||
assertTrue(driver.getPageSource().contains("Invalid parameter: response_mode"));
|
||||
assertResponseError("Response_mode 'query' not allowed");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void implicitFlowRefreshTokenTest() {
|
||||
setImplicitFlowFroClient();
|
||||
setImplicitFlowForClient();
|
||||
|
||||
logInAndInit("implicit");
|
||||
|
||||
|
@ -311,7 +311,7 @@ public abstract class AbstractJSConsoleExampleAdapterTest extends AbstractExampl
|
|||
realm.setAccessTokenLifespanForImplicitFlow(5);
|
||||
testRealmResource().update(realm);
|
||||
|
||||
setImplicitFlowFroClient();
|
||||
setImplicitFlowForClient();
|
||||
|
||||
logInAndInit("implicit");
|
||||
|
||||
|
@ -351,7 +351,7 @@ public abstract class AbstractJSConsoleExampleAdapterTest extends AbstractExampl
|
|||
waitUntilElement(jsConsoleTestAppPage.getOutputElement()).text().contains("Init Success (Authenticated)");
|
||||
}
|
||||
|
||||
private void setImplicitFlowFroClient() {
|
||||
private void setImplicitFlowForClient() {
|
||||
ClientResource clientResource = ApiUtil.findClientResourceByClientId(testRealmResource(), "js-console");
|
||||
ClientRepresentation client = clientResource.toRepresentation();
|
||||
client.setImplicitFlowEnabled(true);
|
||||
|
@ -373,4 +373,9 @@ public abstract class AbstractJSConsoleExampleAdapterTest extends AbstractExampl
|
|||
logInAndInit(flow, "user");
|
||||
}
|
||||
|
||||
private void assertResponseError(String errorDescription) {
|
||||
jsConsoleTestAppPage.showErrorResponse();
|
||||
assertTrue(jsConsoleTestAppPage.getOutputElement().getText().contains(errorDescription));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -118,7 +118,7 @@ public abstract class AbstractSAMLExampleAdapterTest extends AbstractExampleAdap
|
|||
waitUntilElement(By.xpath("//body")).text().contains("Welcome to the Employee Tool,");
|
||||
|
||||
samlRedirectSigExamplePage.logout();
|
||||
waitUntilElement(By.xpath("//body")).text().contains("Logged out.");
|
||||
URLAssert.assertCurrentUrlStartsWith(testRealmSAMLRedirectLoginPage);
|
||||
|
||||
samlRedirectSigExamplePage.navigateTo();
|
||||
URLAssert.assertCurrentUrlStartsWith(testRealmSAMLRedirectLoginPage);
|
||||
|
|
|
@ -21,6 +21,7 @@ import org.jboss.arquillian.container.test.api.Deployment;
|
|||
import org.jboss.arquillian.graphene.page.Page;
|
||||
import org.jboss.arquillian.test.api.ArquillianResource;
|
||||
import org.jboss.shrinkwrap.api.spec.WebArchive;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.admin.client.resource.AuthorizationResource;
|
||||
import org.keycloak.admin.client.resource.ClientResource;
|
||||
|
@ -47,10 +48,8 @@ import java.io.IOException;
|
|||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.function.Consumer;
|
||||
import java.util.function.Predicate;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
|
@ -74,6 +73,17 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
@Page
|
||||
private PhotozClientAuthzTestApp clientPage;
|
||||
|
||||
@Override
|
||||
public void setDefaultPageUriParameters() {
|
||||
super.setDefaultPageUriParameters();
|
||||
testRealmPage.setAuthRealm(REALM_NAME);
|
||||
}
|
||||
|
||||
@Before
|
||||
public void beforePhotozExampleAdapterTest() {
|
||||
deleteAllCookiesForClientPage();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addAdapterTestRealms(List<RealmRepresentation> testRealms) {
|
||||
RealmRepresentation realm = loadRealm(new File(TEST_APPS_HOME_DIR + "/photoz/photoz-realm.json"));
|
||||
|
@ -104,7 +114,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
try {
|
||||
this.deployer.deploy(RESOURCE_SERVER_ID);
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
loginToClientPage("alice", "alice");
|
||||
this.clientPage.createAlbum("Alice Family Album");
|
||||
|
||||
List<ResourceRepresentation> resources = getAuthorizationResource().resources().resources();
|
||||
|
@ -123,10 +133,10 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
public void testOnlyOwnerCanDeleteAlbum() throws Exception {
|
||||
try {
|
||||
this.deployer.deploy(RESOURCE_SERVER_ID);
|
||||
this.clientPage.login("alice", "alice");
|
||||
loginToClientPage("alice", "alice");
|
||||
this.clientPage.createAlbum("Alice-Family-Album");
|
||||
|
||||
this.clientPage.login("admin", "admin");
|
||||
loginToClientPage("admin", "admin");
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
|
||||
List<ResourceRepresentation> resources = getAuthorizationResource().resources().resources();
|
||||
|
@ -139,7 +149,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
}
|
||||
}
|
||||
|
||||
this.clientPage.login("admin", "admin");
|
||||
loginToClientPage("admin", "admin");
|
||||
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
this.clientPage.deleteAlbum("Alice-Family-Album");
|
||||
|
@ -169,7 +179,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
try {
|
||||
this.deployer.deploy(RESOURCE_SERVER_ID);
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
loginToClientPage("alice", "alice");
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
assertTrue(this.clientPage.wasDenied());
|
||||
} finally {
|
||||
|
@ -182,7 +192,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
try {
|
||||
this.deployer.deploy(RESOURCE_SERVER_ID);
|
||||
|
||||
this.clientPage.login("admin", "admin");
|
||||
loginToClientPage("admin", "admin");
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
|
@ -206,10 +216,10 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
try {
|
||||
this.deployer.deploy(RESOURCE_SERVER_ID);
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
loginToClientPage("alice", "alice");
|
||||
this.clientPage.createAlbum("Alice Family Album");
|
||||
|
||||
this.clientPage.login("admin", "admin");
|
||||
loginToClientPage("admin", "admin");
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
|
@ -269,10 +279,10 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
try {
|
||||
this.deployer.deploy(RESOURCE_SERVER_ID);
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
loginToClientPage("alice", "alice");
|
||||
this.clientPage.createAlbum("Alice Family Album");
|
||||
|
||||
this.clientPage.login("admin", "admin");
|
||||
loginToClientPage("admin", "admin");
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
|
@ -288,10 +298,10 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
}
|
||||
}
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
loginToClientPage("alice", "alice");
|
||||
this.clientPage.createAlbum("Alice Family Album");
|
||||
|
||||
this.clientPage.login("admin", "admin");
|
||||
loginToClientPage("admin", "admin");
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
this.clientPage.viewAlbum("Alice Family Album");
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
@ -324,7 +334,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
try {
|
||||
this.deployer.deploy(RESOURCE_SERVER_ID);
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
loginToClientPage("alice", "alice");
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
UsersResource usersResource = realmsResouce().realm(REALM_NAME).users();
|
||||
|
@ -347,10 +357,10 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
|
||||
roleResource.update(roleRepresentation);
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
loginToClientPage("alice", "alice");
|
||||
assertTrue(this.clientPage.wasDenied());
|
||||
|
||||
this.clientPage.loginWithScopes("alice", "alice", RESOURCE_SERVER_ID + "/manage-albums");
|
||||
loginToClientPage("alice", "alice", RESOURCE_SERVER_ID + "/manage-albums");
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
} finally {
|
||||
this.deployer.undeploy(RESOURCE_SERVER_ID);
|
||||
|
@ -362,7 +372,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
try {
|
||||
this.deployer.deploy(RESOURCE_SERVER_ID);
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
loginToClientPage("alice", "alice");
|
||||
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
|
@ -386,7 +396,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
|
||||
manageAlbumRole.update(roleRepresentation);
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
loginToClientPage("alice", "alice");
|
||||
assertTrue(this.clientPage.wasDenied());
|
||||
|
||||
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
|
||||
|
@ -405,7 +415,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
}
|
||||
}
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
loginToClientPage("alice", "alice");
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
} finally {
|
||||
this.deployer.undeploy(RESOURCE_SERVER_ID);
|
||||
|
@ -417,7 +427,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
try {
|
||||
this.deployer.deploy(RESOURCE_SERVER_ID);
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
loginToClientPage("alice", "alice");
|
||||
String resourceName = "My Resource Instance";
|
||||
this.clientPage.createAlbum(resourceName);
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
@ -431,7 +441,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
|
||||
this.clientPage.createAlbum(resourceName);
|
||||
|
||||
this.clientPage.login("admin", "admin");
|
||||
loginToClientPage("admin", "admin");
|
||||
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
this.clientPage.viewAlbum(resourceName);
|
||||
|
@ -441,7 +451,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
this.clientPage.deleteAlbum(resourceName);
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
loginToClientPage("alice", "alice");
|
||||
this.clientPage.createAlbum(resourceName);
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
|
@ -466,7 +476,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
}
|
||||
});
|
||||
|
||||
this.clientPage.login("admin", "admin");
|
||||
loginToClientPage("admin", "admin");
|
||||
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
this.clientPage.viewAlbum(resourceName);
|
||||
|
@ -476,7 +486,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
this.clientPage.deleteAlbum(resourceName);
|
||||
assertTrue(this.clientPage.wasDenied());
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
loginToClientPage("alice", "alice");
|
||||
this.clientPage.deleteAlbum(resourceName);
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
|
@ -493,7 +503,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
try {
|
||||
this.deployer.deploy(RESOURCE_SERVER_ID);
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
loginToClientPage("alice", "alice");
|
||||
|
||||
String resourceName = "My Resource Instance";
|
||||
this.clientPage.createAlbum(resourceName);
|
||||
|
@ -508,7 +518,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
|
||||
this.clientPage.createAlbum(resourceName);
|
||||
|
||||
this.clientPage.login("admin", "admin");
|
||||
loginToClientPage("admin", "admin");
|
||||
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
this.clientPage.viewAlbum(resourceName);
|
||||
|
@ -518,7 +528,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
this.clientPage.deleteAlbum(resourceName);
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
loginToClientPage("alice", "alice");
|
||||
this.clientPage.createAlbum(resourceName);
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
|
||||
|
@ -544,7 +554,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
}
|
||||
});
|
||||
|
||||
this.clientPage.login("admin", "admin");
|
||||
loginToClientPage("admin", "admin");
|
||||
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
this.clientPage.viewAlbum(resourceName);
|
||||
|
@ -561,7 +571,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
}
|
||||
});
|
||||
|
||||
this.clientPage.login("admin", "admin");
|
||||
loginToClientPage("admin", "admin");
|
||||
|
||||
this.clientPage.navigateToAdminAlbum();
|
||||
this.clientPage.viewAlbum(resourceName);
|
||||
|
@ -571,7 +581,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
this.clientPage.deleteAlbum(resourceName);
|
||||
assertTrue(this.clientPage.wasDenied());
|
||||
|
||||
this.clientPage.login("alice", "alice");
|
||||
loginToClientPage("alice", "alice");
|
||||
this.clientPage.deleteAlbum(resourceName);
|
||||
assertFalse(this.clientPage.wasDenied());
|
||||
List<ResourceRepresentation> resources = resourcesResource.resources();
|
||||
|
@ -601,4 +611,17 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
|
|||
ClientRepresentation resourceServer = clients.findByClientId(clientId).get(0);
|
||||
return clients.get(resourceServer.getId());
|
||||
}
|
||||
|
||||
private void deleteAllCookiesForClientPage() {
|
||||
clientPage.navigateTo();
|
||||
driver.manage().deleteAllCookies();
|
||||
}
|
||||
|
||||
private void loginToClientPage(String username, String password, String... scopes) {
|
||||
// We need to log out by deleting cookies because the log out button sometimes doesn't work in PhantomJS
|
||||
deleteAllCookiesForClientPage();
|
||||
deleteAllCookiesForTestRealm();
|
||||
clientPage.navigateTo();
|
||||
clientPage.login(username, password, scopes);
|
||||
}
|
||||
}
|
|
@ -21,6 +21,7 @@ import org.jboss.arquillian.container.test.api.Deployment;
|
|||
import org.jboss.arquillian.graphene.page.Page;
|
||||
import org.jboss.shrinkwrap.api.spec.WebArchive;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Before;
|
||||
import org.junit.Ignore;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.OAuth2Constants;
|
||||
|
@ -118,6 +119,13 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
|
|||
return servletDeployment(TokenMinTTLPage.DEPLOYMENT_NAME, AdapterActionsFilter.class, AbstractShowTokensServlet.class, TokenMinTTLServlet.class, ErrorServlet.class);
|
||||
}
|
||||
|
||||
@Before
|
||||
public void beforeDemoServletsAdapterTest() {
|
||||
// Delete all cookies from token-min-ttl page to be sure we are logged out
|
||||
tokenMinTTLPage.navigateTo();
|
||||
driver.manage().deleteAllCookies();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testCustomerPortalWithSubsystemSettings() {
|
||||
customerPortalSubsystem.navigateTo();
|
||||
|
|
|
@ -21,6 +21,7 @@ import org.jboss.arquillian.test.api.ArquillianResource;
|
|||
import org.junit.Test;
|
||||
import org.keycloak.admin.client.resource.AttackDetectionResource;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.testsuite.util.AdminEventPaths;
|
||||
import org.keycloak.testsuite.util.OAuthClient;
|
||||
|
@ -67,13 +68,13 @@ public class AttackDetectionResourceTest extends AbstractAdminTest {
|
|||
assertBruteForce(detection.bruteForceUserStatus("nosuchuser"), 0, false, false);
|
||||
|
||||
detection.clearBruteForceForUser(findUser("test-user@localhost").getId());
|
||||
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.attackDetectionClearBruteForceForUserPath(findUser("test-user@localhost").getId()));
|
||||
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.attackDetectionClearBruteForceForUserPath(findUser("test-user@localhost").getId()), ResourceType.USER_LOGIN_FAILURE);
|
||||
|
||||
assertBruteForce(detection.bruteForceUserStatus(findUser("test-user@localhost").getId()), 0, false, false);
|
||||
assertBruteForce(detection.bruteForceUserStatus(findUser("test-user2").getId()), 2, true, true);
|
||||
|
||||
detection.clearAllBruteForce();
|
||||
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.attackDetectionClearAllBruteForcePath());
|
||||
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.attackDetectionClearAllBruteForcePath(), ResourceType.USER_LOGIN_FAILURE);
|
||||
|
||||
assertBruteForce(detection.bruteForceUserStatus(findUser("test-user@localhost").getId()), 0, false, false);
|
||||
assertBruteForce(detection.bruteForceUserStatus(findUser("test-user2").getId()), 0, false, false);
|
||||
|
|
|
@ -24,6 +24,7 @@ import org.keycloak.admin.client.resource.ProtocolMappersResource;
|
|||
import org.keycloak.admin.client.resource.RoleMappingResource;
|
||||
import org.keycloak.common.util.Time;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.AccountRoles;
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.protocol.oidc.OIDCLoginProtocolFactory;
|
||||
|
@ -77,7 +78,7 @@ public class ClientTest extends AbstractAdminTest {
|
|||
response.close();
|
||||
String id = ApiUtil.getCreatedId(response);
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(id), rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(id), rep, ResourceType.CLIENT);
|
||||
|
||||
rep.setId(id);
|
||||
|
||||
|
@ -98,7 +99,7 @@ public class ClientTest extends AbstractAdminTest {
|
|||
|
||||
realm.clients().get(id).remove();
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientResourcePath(id));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientResourcePath(id), ResourceType.CLIENT);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -128,7 +129,7 @@ public class ClientTest extends AbstractAdminTest {
|
|||
OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("password", "test-user@localhost", "password");
|
||||
assertEquals(200, response.getStatusCode());
|
||||
|
||||
OAuthClient.AuthorizationCodeResponse codeResponse = oauth.doLogin("test-user@localhost", "password");
|
||||
OAuthClient.AuthorizationEndpointResponse codeResponse = oauth.doLogin("test-user@localhost", "password");
|
||||
|
||||
OAuthClient.AccessTokenResponse response2 = oauth.doAccessTokenRequest(codeResponse.getCode(), "password");
|
||||
assertEquals(200, response2.getStatusCode());
|
||||
|
@ -151,19 +152,19 @@ public class ClientTest extends AbstractAdminTest {
|
|||
RoleRepresentation role = new RoleRepresentation("test", "test", false);
|
||||
realm.clients().get(id).roles().create(role);
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(id, "test"), role);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(id, "test"), role, ResourceType.CLIENT_ROLE);
|
||||
|
||||
ClientRepresentation foundClientRep = realm.clients().get(id).toRepresentation();
|
||||
foundClientRep.setDefaultRoles(new String[]{"test"});
|
||||
realm.clients().get(id).update(foundClientRep);
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientResourcePath(id), rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientResourcePath(id), rep, ResourceType.CLIENT);
|
||||
|
||||
assertArrayEquals(new String[]{"test"}, realm.clients().get(id).toRepresentation().getDefaultRoles());
|
||||
|
||||
realm.clients().get(id).roles().deleteRole("test");
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientRoleResourcePath(id, "test"));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientRoleResourcePath(id, "test"), ResourceType.CLIENT_ROLE);
|
||||
|
||||
assertNull(realm.clients().get(id).toRepresentation().getDefaultRoles());
|
||||
}
|
||||
|
@ -187,7 +188,7 @@ public class ClientTest extends AbstractAdminTest {
|
|||
|
||||
realm.clients().get(client.getId()).update(newClient);
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientResourcePath(client.getId()), newClient);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientResourcePath(client.getId()), newClient, ResourceType.CLIENT);
|
||||
|
||||
ClientRepresentation storedClient = realm.clients().get(client.getId()).toRepresentation();
|
||||
|
||||
|
@ -197,7 +198,7 @@ public class ClientTest extends AbstractAdminTest {
|
|||
|
||||
realm.clients().get(client.getId()).update(newClient);
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientResourcePath(client.getId()), newClient);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientResourcePath(client.getId()), newClient, ResourceType.CLIENT);
|
||||
|
||||
storedClient = realm.clients().get(client.getId()).toRepresentation();
|
||||
assertClient(client, storedClient);
|
||||
|
@ -223,7 +224,7 @@ public class ClientTest extends AbstractAdminTest {
|
|||
PushNotBeforeAction pushNotBefore = testingClient.testApp().getAdminPushNotBefore();
|
||||
assertEquals(client.getNotBefore().intValue(), pushNotBefore.getNotBefore());
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.clientPushRevocationPath(id));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.clientPushRevocationPath(id), ResourceType.CLIENT);
|
||||
}
|
||||
|
||||
private ClientRepresentation createAppClient() {
|
||||
|
@ -242,7 +243,7 @@ public class ClientTest extends AbstractAdminTest {
|
|||
String id = ApiUtil.getCreatedId(response);
|
||||
response.close();
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(id), client);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(id), client, ResourceType.CLIENT);
|
||||
|
||||
client.setId(id);
|
||||
return client;
|
||||
|
@ -259,14 +260,14 @@ public class ClientTest extends AbstractAdminTest {
|
|||
realm.clients().get(id).registerNode(Collections.singletonMap("node", myhost));
|
||||
realm.clients().get(id).registerNode(Collections.singletonMap("node", "invalid"));
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientNodePath(id, myhost));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientNodePath(id, "invalid"));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientNodePath(id, myhost), ResourceType.CLUSTER_NODE);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientNodePath(id, "invalid"), ResourceType.CLUSTER_NODE);
|
||||
|
||||
GlobalRequestResult result = realm.clients().get(id).testNodesAvailable();
|
||||
assertEquals(1, result.getSuccessRequests().size());
|
||||
assertEquals(1, result.getFailedRequests().size());
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.clientTestNodesAvailablePath(id), result);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.clientTestNodesAvailablePath(id), result, ResourceType.CLUSTER_NODE);
|
||||
|
||||
TestAvailabilityAction testAvailable = testingClient.testApp().getTestAvailable();
|
||||
assertEquals("test-app", testAvailable.getResource());
|
||||
|
@ -275,7 +276,7 @@ public class ClientTest extends AbstractAdminTest {
|
|||
|
||||
realm.clients().get(id).unregisterNode("invalid");
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientNodePath(id, "invalid"));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientNodePath(id, "invalid"), ResourceType.CLUSTER_NODE);
|
||||
|
||||
assertEquals(1, realm.clients().get(id).toRepresentation().getRegisteredNodes().size());
|
||||
}
|
||||
|
@ -338,24 +339,24 @@ public class ClientTest extends AbstractAdminTest {
|
|||
realm.roles().create(roleRep1);
|
||||
realm.roles().create(roleRep2);
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role1"), roleRep1);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role2"), roleRep2);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role1"), roleRep1, ResourceType.REALM_ROLE);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role2"), roleRep2, ResourceType.REALM_ROLE);
|
||||
|
||||
roleRep1 = realm.roles().get("role1").toRepresentation();
|
||||
roleRep2 = realm.roles().get("role2").toRepresentation();
|
||||
|
||||
realm.roles().get("role1").addComposites(Collections.singletonList(roleRep2));
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourceCompositesPath("role1"), Collections.singletonList(roleRep2));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourceCompositesPath("role1"), Collections.singletonList(roleRep2), ResourceType.REALM_ROLE);
|
||||
|
||||
String accountMgmtId = realm.clients().findByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID).get(0).getId();
|
||||
RoleRepresentation viewAccountRoleRep = realm.clients().get(accountMgmtId).roles().get(AccountRoles.VIEW_PROFILE).toRepresentation();
|
||||
|
||||
scopesResource.realmLevel().add(Collections.singletonList(roleRep1));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientScopeMappingsRealmLevelPath(id), Collections.singletonList(roleRep1));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientScopeMappingsRealmLevelPath(id), Collections.singletonList(roleRep1), ResourceType.REALM_SCOPE_MAPPING);
|
||||
|
||||
scopesResource.clientLevel(accountMgmtId).add(Collections.singletonList(viewAccountRoleRep));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientScopeMappingsClientLevelPath(id, accountMgmtId), Collections.singletonList(viewAccountRoleRep));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientScopeMappingsClientLevelPath(id, accountMgmtId), Collections.singletonList(viewAccountRoleRep), ResourceType.CLIENT_SCOPE_MAPPING);
|
||||
|
||||
Assert.assertNames(scopesResource.realmLevel().listAll(), "role1");
|
||||
Assert.assertNames(scopesResource.realmLevel().listEffective(), "role1", "role2");
|
||||
|
@ -369,10 +370,10 @@ public class ClientTest extends AbstractAdminTest {
|
|||
Assert.assertNames(scopesResource.getAll().getClientMappings().get(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID).getMappings(), AccountRoles.VIEW_PROFILE);
|
||||
|
||||
scopesResource.realmLevel().remove(Collections.singletonList(roleRep1));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientScopeMappingsRealmLevelPath(id), Collections.singletonList(roleRep1));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientScopeMappingsRealmLevelPath(id), Collections.singletonList(roleRep1), ResourceType.REALM_SCOPE_MAPPING);
|
||||
|
||||
scopesResource.clientLevel(accountMgmtId).remove(Collections.singletonList(viewAccountRoleRep));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientScopeMappingsClientLevelPath(id, accountMgmtId), Collections.singletonList(viewAccountRoleRep));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientScopeMappingsClientLevelPath(id, accountMgmtId), Collections.singletonList(viewAccountRoleRep), ResourceType.CLIENT_SCOPE_MAPPING);
|
||||
|
||||
Assert.assertNames(scopesResource.realmLevel().listAll());
|
||||
Assert.assertNames(scopesResource.realmLevel().listEffective());
|
||||
|
@ -414,7 +415,7 @@ public class ClientTest extends AbstractAdminTest {
|
|||
fooMapperId = location.substring(location.lastIndexOf("/") + 1);
|
||||
response.close();
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(clientDbId, fooMapperId), fooMapper);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(clientDbId, fooMapperId), fooMapper, ResourceType.PROTOCOL_MAPPER);
|
||||
|
||||
fooMapper = mappersResource.getMapperById(fooMapperId);
|
||||
assertEquals(fooMapper.getName(), "foo");
|
||||
|
@ -423,14 +424,14 @@ public class ClientTest extends AbstractAdminTest {
|
|||
fooMapper.setProtocolMapper("foo-mapper-updated");
|
||||
mappersResource.update(fooMapperId, fooMapper);
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientProtocolMapperPath(clientDbId, fooMapperId), fooMapper);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientProtocolMapperPath(clientDbId, fooMapperId), fooMapper, ResourceType.PROTOCOL_MAPPER);
|
||||
|
||||
fooMapper = mappersResource.getMapperById(fooMapperId);
|
||||
assertEquals(fooMapper.getProtocolMapper(), "foo-mapper-updated");
|
||||
|
||||
// Remove foo mapper
|
||||
mappersResource.delete(fooMapperId);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientProtocolMapperPath(clientDbId, fooMapperId));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientProtocolMapperPath(clientDbId, fooMapperId), ResourceType.PROTOCOL_MAPPER);
|
||||
try {
|
||||
mappersResource.getMapperById(fooMapperId);
|
||||
fail("Not expected to find deleted mapper");
|
||||
|
|
|
@ -26,6 +26,7 @@ import org.keycloak.dom.saml.v2.metadata.IndexedEndpointType;
|
|||
import org.keycloak.dom.saml.v2.metadata.KeyTypes;
|
||||
import org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
|
||||
import org.keycloak.representations.idm.IdentityProviderMapperTypeRepresentation;
|
||||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||
|
@ -122,7 +123,7 @@ public class IdentityProviderTest extends AbstractAdminTest {
|
|||
representation.getConfig().put("clientId", "changedClientId");
|
||||
|
||||
identityProviderResource.update(representation);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.identityProviderPath("update-identity-provider"), representation);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.identityProviderPath("update-identity-provider"), representation, ResourceType.IDENTITY_PROVIDER);
|
||||
|
||||
identityProviderResource = realm.identityProviders().get(representation.getInternalId());
|
||||
|
||||
|
@ -150,7 +151,7 @@ public class IdentityProviderTest extends AbstractAdminTest {
|
|||
assertNotNull(representation);
|
||||
|
||||
identityProviderResource.remove();
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.identityProviderPath("remove-identity-provider"));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.identityProviderPath("remove-identity-provider"), ResourceType.IDENTITY_PROVIDER);
|
||||
|
||||
try {
|
||||
realm.identityProviders().get("remove-identity-provider").toRepresentation();
|
||||
|
@ -165,7 +166,7 @@ public class IdentityProviderTest extends AbstractAdminTest {
|
|||
Assert.assertNotNull(ApiUtil.getCreatedId(response));
|
||||
response.close();
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.identityProviderPath(idpRep.getAlias()), idpRep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.identityProviderPath(idpRep.getAlias()), idpRep, ResourceType.IDENTITY_PROVIDER);
|
||||
}
|
||||
|
||||
private IdentityProviderRepresentation createRep(String id, String providerId) {
|
||||
|
@ -320,7 +321,7 @@ public class IdentityProviderTest extends AbstractAdminTest {
|
|||
String id = ApiUtil.getCreatedId(response);
|
||||
Assert.assertNotNull(id);
|
||||
response.close();
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.identityProviderMapperPath("google", id), mapper);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.identityProviderMapperPath("google", id), mapper, ResourceType.IDENTITY_PROVIDER_MAPPER);
|
||||
|
||||
// list mappers
|
||||
List<IdentityProviderMapperRepresentation> mappers = provider.getMappers();
|
||||
|
@ -337,7 +338,7 @@ public class IdentityProviderTest extends AbstractAdminTest {
|
|||
// update mapper
|
||||
mapper.getConfig().put("role", "master-realm.manage-realm");
|
||||
provider.update(id, mapper);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.identityProviderMapperPath("google", id), mapper);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.identityProviderMapperPath("google", id), mapper, ResourceType.IDENTITY_PROVIDER_MAPPER);
|
||||
|
||||
mapper = provider.getMapperById(id);
|
||||
Assert.assertNotNull("mapperById not null", mapper);
|
||||
|
@ -345,7 +346,7 @@ public class IdentityProviderTest extends AbstractAdminTest {
|
|||
|
||||
// delete mapper
|
||||
provider.delete(id);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.identityProviderMapperPath("google", id));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.identityProviderMapperPath("google", id), ResourceType.IDENTITY_PROVIDER_MAPPER);
|
||||
try {
|
||||
provider.getMapperById(id);
|
||||
Assert.fail("Should fail with NotFoundException");
|
||||
|
|
|
@ -22,6 +22,7 @@ import org.junit.Test;
|
|||
import org.keycloak.admin.client.resource.ClientInitialAccessResource;
|
||||
import org.keycloak.common.util.Time;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.representations.idm.ClientInitialAccessCreatePresentation;
|
||||
import org.keycloak.representations.idm.ClientInitialAccessPresentation;
|
||||
import org.keycloak.testsuite.util.AdminEventPaths;
|
||||
|
@ -54,7 +55,7 @@ public class InitialAccessTokenResourceTest extends AbstractAdminTest {
|
|||
int time = Time.currentTime();
|
||||
|
||||
ClientInitialAccessPresentation response = resource.create(rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientInitialAccessPath(response.getId()), rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientInitialAccessPath(response.getId()), rep, ResourceType.CLIENT_INITIAL_ACCESS_MODEL);
|
||||
|
||||
assertNotNull(response.getId());
|
||||
assertEquals(new Integer(2), response.getCount());
|
||||
|
@ -65,12 +66,12 @@ public class InitialAccessTokenResourceTest extends AbstractAdminTest {
|
|||
|
||||
rep.setCount(3);
|
||||
response = resource.create(rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientInitialAccessPath(response.getId()), rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientInitialAccessPath(response.getId()), rep, ResourceType.CLIENT_INITIAL_ACCESS_MODEL);
|
||||
|
||||
rep.setCount(4);
|
||||
response = resource.create(rep);
|
||||
String lastId = response.getId();
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientInitialAccessPath(lastId), rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientInitialAccessPath(lastId), rep, ResourceType.CLIENT_INITIAL_ACCESS_MODEL);
|
||||
|
||||
List<ClientInitialAccessPresentation> list = resource.list();
|
||||
assertEquals(3, list.size());
|
||||
|
@ -80,7 +81,7 @@ public class InitialAccessTokenResourceTest extends AbstractAdminTest {
|
|||
|
||||
// Delete last and assert it was deleted
|
||||
resource.delete(lastId);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientInitialAccessPath(lastId));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientInitialAccessPath(lastId), ResourceType.CLIENT_INITIAL_ACCESS_MODEL);
|
||||
|
||||
list = resource.list();
|
||||
assertEquals(2, list.size());
|
||||
|
|
|
@ -21,6 +21,7 @@ import org.junit.Before;
|
|||
import org.junit.Test;
|
||||
import org.keycloak.admin.client.resource.RoleByIdResource;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
import org.keycloak.testsuite.Assert;
|
||||
import org.keycloak.testsuite.util.AdminEventPaths;
|
||||
|
@ -86,7 +87,7 @@ public class RoleByIdResourceTest extends AbstractAdminTest {
|
|||
role.setDescription("Role A New");
|
||||
|
||||
resource.updateRole(ids.get("role-a"), role);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.roleByIdResourcePath(ids.get("role-a")), role);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.roleByIdResourcePath(ids.get("role-a")), role, ResourceType.REALM_ROLE);
|
||||
|
||||
role = resource.getRole(ids.get("role-a"));
|
||||
|
||||
|
@ -100,7 +101,7 @@ public class RoleByIdResourceTest extends AbstractAdminTest {
|
|||
public void deleteRole() {
|
||||
assertNotNull(resource.getRole(ids.get("role-a")));
|
||||
resource.deleteRole(ids.get("role-a"));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.roleByIdResourcePath(ids.get("role-a")));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.roleByIdResourcePath(ids.get("role-a")), ResourceType.REALM_ROLE);
|
||||
|
||||
try {
|
||||
resource.getRole(ids.get("role-a"));
|
||||
|
@ -119,7 +120,7 @@ public class RoleByIdResourceTest extends AbstractAdminTest {
|
|||
l.add(RoleBuilder.create().id(ids.get("role-c")).build());
|
||||
resource.addComposites(ids.get("role-a"), l);
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleByIdResourceCompositesPath(ids.get("role-a")), l);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleByIdResourceCompositesPath(ids.get("role-a")), l, ResourceType.REALM_ROLE);
|
||||
|
||||
Set<RoleRepresentation> composites = resource.getRoleComposites(ids.get("role-a"));
|
||||
|
||||
|
@ -133,7 +134,7 @@ public class RoleByIdResourceTest extends AbstractAdminTest {
|
|||
Assert.assertNames(clientComposites, "role-c");
|
||||
|
||||
resource.deleteComposites(ids.get("role-a"), l);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.roleByIdResourceCompositesPath(ids.get("role-a")), l);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.roleByIdResourceCompositesPath(ids.get("role-a")), l, ResourceType.REALM_ROLE);
|
||||
|
||||
assertFalse(resource.getRole(ids.get("role-a")).isComposite());
|
||||
assertEquals(0, resource.getRoleComposites(ids.get("role-a")).size());
|
||||
|
|
|
@ -57,6 +57,22 @@ public class UserFederationLdapConnectionTest extends AbstractAdminTest {
|
|||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testLdapConnectionsSsl() {
|
||||
|
||||
Response response = realm.testLDAPConnection(LDAPConnectionTestManager.TEST_CONNECTION, "ldaps://localhost:10636", "foo", "bar", "false");
|
||||
assertStatus(response, 204);
|
||||
|
||||
response = realm.testLDAPConnection(LDAPConnectionTestManager.TEST_CONNECTION, "ldaps://localhostt:10636", "foo", "bar", "false");
|
||||
assertStatus(response, 400);
|
||||
|
||||
response = realm.testLDAPConnection(LDAPConnectionTestManager.TEST_AUTHENTICATION, "ldaps://localhost:10636", "foo", "bar", "false");
|
||||
assertStatus(response, 400);
|
||||
|
||||
response = realm.testLDAPConnection(LDAPConnectionTestManager.TEST_AUTHENTICATION, "ldaps://localhost:10636", "uid=admin,ou=system", "secret", "true");
|
||||
assertStatus(response, 204);
|
||||
}
|
||||
|
||||
private void assertStatus(Response response, int status) {
|
||||
Assert.assertEquals(status, response.getStatus());
|
||||
response.close();
|
||||
|
|
|
@ -33,6 +33,7 @@ import org.junit.Before;
|
|||
import org.junit.Test;
|
||||
import org.keycloak.admin.client.resource.UserFederationProviderResource;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.federation.ldap.mappers.UserAttributeLDAPFederationMapper;
|
||||
import org.keycloak.federation.ldap.mappers.UserAttributeLDAPFederationMapperFactory;
|
||||
import org.keycloak.federation.ldap.mappers.membership.role.RoleLDAPFederationMapperFactory;
|
||||
|
@ -65,7 +66,7 @@ public class UserFederationMapperTest extends AbstractAdminTest {
|
|||
Response resp = realm.userFederation().create(ldapRep);
|
||||
this.ldapProviderId = ApiUtil.getCreatedId(resp);
|
||||
resp.close();
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userFederationResourcePath(this.ldapProviderId), ldapRep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userFederationResourcePath(this.ldapProviderId), ldapRep, ResourceType.USER_FEDERATION_PROVIDER);
|
||||
|
||||
UserFederationProviderRepresentation dummyRep = UserFederationProviderBuilder.create()
|
||||
.displayName("dummy-1")
|
||||
|
@ -75,16 +76,16 @@ public class UserFederationMapperTest extends AbstractAdminTest {
|
|||
resp = realm.userFederation().create(dummyRep);
|
||||
this.dummyProviderId = ApiUtil.getCreatedId(resp);
|
||||
resp.close();
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userFederationResourcePath(this.dummyProviderId), dummyRep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userFederationResourcePath(this.dummyProviderId), dummyRep, ResourceType.USER_FEDERATION_PROVIDER);
|
||||
}
|
||||
|
||||
@After
|
||||
public void cleanFederationProviders() {
|
||||
realm.userFederation().get(ldapProviderId).remove();
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userFederationResourcePath(ldapProviderId));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userFederationResourcePath(ldapProviderId), ResourceType.USER_FEDERATION_PROVIDER);
|
||||
|
||||
realm.userFederation().get(dummyProviderId).remove();
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userFederationResourcePath(dummyProviderId));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userFederationResourcePath(dummyProviderId), ResourceType.USER_FEDERATION_PROVIDER);
|
||||
}
|
||||
|
||||
|
||||
|
@ -169,14 +170,14 @@ public class UserFederationMapperTest extends AbstractAdminTest {
|
|||
mapperRep.getConfig().put(UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, "email-updated");
|
||||
mapperRep.getConfig().put(UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, "mail-updated");
|
||||
ldapProviderResource().updateMapper(mapperId, mapperRep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userFederationMapperResourcePath(ldapProviderId, mapperId), mapperRep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userFederationMapperResourcePath(ldapProviderId, mapperId), mapperRep, ResourceType.USER_FEDERATION_MAPPER);
|
||||
|
||||
mapperRep = ldapProviderResource().getMapperById(mapperId);
|
||||
assertMapper(mapperRep, mapperId, "email-mapper", UserAttributeLDAPFederationMapperFactory.PROVIDER_ID, UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, "email-updated", UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, "mail-updated");
|
||||
|
||||
// Test removed successfully
|
||||
ldapProviderResource().removeMapper(mapperId);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userFederationMapperResourcePath(ldapProviderId, mapperId));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userFederationMapperResourcePath(ldapProviderId, mapperId), ResourceType.USER_FEDERATION_MAPPER);
|
||||
|
||||
try {
|
||||
ldapProviderResource().getMapperById(mapperId);
|
||||
|
@ -192,7 +193,7 @@ public class UserFederationMapperTest extends AbstractAdminTest {
|
|||
response.close();
|
||||
String mapperId = ApiUtil.getCreatedId(response);
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userFederationMapperResourcePath(userFederationProviderId , mapperId), mapper);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userFederationMapperResourcePath(userFederationProviderId , mapperId), mapper, ResourceType.USER_FEDERATION_MAPPER);
|
||||
|
||||
return mapperId;
|
||||
}
|
||||
|
@ -227,7 +228,7 @@ public class UserFederationMapperTest extends AbstractAdminTest {
|
|||
|
||||
// Remove role mapper and assert not found anymore
|
||||
ldapProviderResource().removeMapper(roleMapperId);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userFederationMapperResourcePath(ldapProviderId, roleMapperId));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userFederationMapperResourcePath(ldapProviderId, roleMapperId), ResourceType.USER_FEDERATION_MAPPER);
|
||||
|
||||
mappers = ldapProviderResource().getMappers();
|
||||
Assert.assertNull(findMapperByName(mappers, "role-mapper"));
|
||||
|
@ -257,14 +258,14 @@ public class UserFederationMapperTest extends AbstractAdminTest {
|
|||
|
||||
Map<String, Object> eventRep = new HashMap<>();
|
||||
eventRep.put("action", "fedToKeycloak");
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userFederationMapperResourcePath(ldapProviderId, mapperId) + "/sync", eventRep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userFederationMapperResourcePath(ldapProviderId, mapperId) + "/sync", eventRep, ResourceType.USER_FEDERATION_PROVIDER);
|
||||
|
||||
// Try keycloak to fed
|
||||
result = ldapProviderResource().syncMapperData(mapperId, "keycloakToFed");
|
||||
Assert.assertEquals("dummyKeycloakToFedSuccess mapper=some-dummy", result.getStatus());
|
||||
|
||||
eventRep.put("action", "keycloakToFed");
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userFederationMapperResourcePath(ldapProviderId, mapperId) + "/sync");
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userFederationMapperResourcePath(ldapProviderId, mapperId) + "/sync", ResourceType.USER_FEDERATION_PROVIDER);
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -30,6 +30,7 @@ import org.junit.Test;
|
|||
import org.keycloak.admin.client.resource.UserFederationProvidersResource;
|
||||
import org.keycloak.common.constants.KerberosConstants;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.AuthenticationExecutionModel;
|
||||
import org.keycloak.models.LDAPConstants;
|
||||
import org.keycloak.provider.ProviderConfigProperty;
|
||||
|
@ -209,7 +210,7 @@ public class UserFederationTest extends AbstractAdminTest {
|
|||
// Change filter to be valid
|
||||
ldapRep.getConfig().put(LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "(dc=something2)");
|
||||
userFederation().get(id).update(ldapRep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userFederationResourcePath(id), ldapRep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userFederationResourcePath(id), ldapRep, ResourceType.USER_FEDERATION_PROVIDER);
|
||||
|
||||
// Assert updated successfully
|
||||
ldapRep = userFederation().get(id).toRepresentation();
|
||||
|
@ -219,7 +220,7 @@ public class UserFederationTest extends AbstractAdminTest {
|
|||
// Assert update displayName
|
||||
ldapRep.setDisplayName("ldap2");
|
||||
userFederation().get(id).update(ldapRep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userFederationResourcePath(id), ldapRep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userFederationResourcePath(id), ldapRep, ResourceType.USER_FEDERATION_PROVIDER);
|
||||
|
||||
assertFederationProvider(userFederation().get(id).toRepresentation(), id, "ldap2", "ldap", 2, -1, -1, -1, LDAPConstants.BIND_DN, "cn=manager-updated", LDAPConstants.BIND_CREDENTIAL, "password",
|
||||
LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "(dc=something2)");
|
||||
|
@ -253,12 +254,12 @@ public class UserFederationTest extends AbstractAdminTest {
|
|||
// Switch kerberos authenticator to DISABLED
|
||||
kerberosExecution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED.toString());
|
||||
realm.flows().updateExecutions("browser", kerberosExecution);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution, ResourceType.AUTH_EXECUTION);
|
||||
|
||||
// update LDAP provider with kerberos
|
||||
ldapRep = userFederation().get(id).toRepresentation();
|
||||
userFederation().get(id).update(ldapRep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userFederationResourcePath(id), ldapRep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userFederationResourcePath(id), ldapRep, ResourceType.USER_FEDERATION_PROVIDER);
|
||||
|
||||
// Assert kerberos authenticator ALTERNATIVE
|
||||
kerberosExecution = findKerberosExecution();
|
||||
|
@ -267,7 +268,7 @@ public class UserFederationTest extends AbstractAdminTest {
|
|||
// Cleanup
|
||||
kerberosExecution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED.toString());
|
||||
realm.flows().updateExecutions("browser", kerberosExecution);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution, ResourceType.AUTH_EXECUTION);
|
||||
removeUserFederationProvider(id);
|
||||
}
|
||||
|
||||
|
@ -277,7 +278,7 @@ public class UserFederationTest extends AbstractAdminTest {
|
|||
AuthenticationExecutionInfoRepresentation kerberosExecution = findKerberosExecution();
|
||||
kerberosExecution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED.toString());
|
||||
realm.flows().updateExecutions("browser", kerberosExecution);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution, ResourceType.AUTH_EXECUTION);
|
||||
|
||||
// create LDAP provider with kerberos
|
||||
UserFederationProviderRepresentation ldapRep = UserFederationProviderBuilder.create()
|
||||
|
@ -295,7 +296,7 @@ public class UserFederationTest extends AbstractAdminTest {
|
|||
// update LDAP provider with kerberos
|
||||
ldapRep = userFederation().get(id).toRepresentation();
|
||||
userFederation().get(id).update(ldapRep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userFederationResourcePath(id), ldapRep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userFederationResourcePath(id), ldapRep, ResourceType.USER_FEDERATION_PROVIDER);
|
||||
|
||||
// Assert kerberos authenticator still REQUIRED
|
||||
kerberosExecution = findKerberosExecution();
|
||||
|
@ -304,7 +305,7 @@ public class UserFederationTest extends AbstractAdminTest {
|
|||
// Cleanup
|
||||
kerberosExecution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED.toString());
|
||||
realm.flows().updateExecutions("browser", kerberosExecution);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution, ResourceType.AUTH_EXECUTION);
|
||||
removeUserFederationProvider(id);
|
||||
|
||||
}
|
||||
|
@ -342,7 +343,7 @@ public class UserFederationTest extends AbstractAdminTest {
|
|||
|
||||
Map<String, Object> eventRep = new HashMap<>();
|
||||
eventRep.put("action", "triggerFullSync");
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userFederationResourcePath(id1) + "/sync", eventRep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userFederationResourcePath(id1) + "/sync", eventRep, ResourceType.USER_FEDERATION_PROVIDER);
|
||||
|
||||
int fullSyncTime = userFederation().get(id1).toRepresentation().getLastSync();
|
||||
Assert.assertTrue(fullSyncTime > 0);
|
||||
|
@ -352,7 +353,7 @@ public class UserFederationTest extends AbstractAdminTest {
|
|||
syncResult = userFederation().get(id1).syncUsers("triggerChangedUsersSync");
|
||||
|
||||
eventRep.put("action", "triggerChangedUsersSync");
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userFederationResourcePath(id1) + "/sync", eventRep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userFederationResourcePath(id1) + "/sync", eventRep, ResourceType.USER_FEDERATION_PROVIDER);
|
||||
|
||||
Assert.assertEquals("0 imported users, 0 updated users", syncResult.getStatus());
|
||||
int changedSyncTime = userFederation().get(id1).toRepresentation().getLastSync();
|
||||
|
@ -370,13 +371,13 @@ public class UserFederationTest extends AbstractAdminTest {
|
|||
resp.close();
|
||||
String federationProviderId = ApiUtil.getCreatedId(resp);
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userFederationResourcePath(federationProviderId), rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userFederationResourcePath(federationProviderId), rep, ResourceType.USER_FEDERATION_PROVIDER);
|
||||
return federationProviderId;
|
||||
}
|
||||
|
||||
private void removeUserFederationProvider(String id) {
|
||||
userFederation().get(id).remove();
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userFederationResourcePath(id));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userFederationResourcePath(id), ResourceType.USER_FEDERATION_PROVIDER);
|
||||
}
|
||||
|
||||
private void assertFederationProvider(UserFederationProviderRepresentation rep, String id, String displayName, String providerName,
|
||||
|
|
|
@ -29,6 +29,7 @@ import org.keycloak.admin.client.resource.RealmResource;
|
|||
import org.keycloak.admin.client.resource.RoleMappingResource;
|
||||
import org.keycloak.admin.client.resource.UserResource;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||
|
@ -111,13 +112,13 @@ public class UserTest extends AbstractAdminTest {
|
|||
String createdId = ApiUtil.getCreatedId(response);
|
||||
response.close();
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(createdId), userRep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(createdId), userRep, ResourceType.USER);
|
||||
return createdId;
|
||||
}
|
||||
|
||||
private void updateUser(UserResource user, UserRepresentation userRep) {
|
||||
user.update(userRep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userResourcePath(userRep.getId()), userRep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userResourcePath(userRep.getId()), userRep, ResourceType.USER);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -277,7 +278,7 @@ public class UserTest extends AbstractAdminTest {
|
|||
Response response = realm.users().delete( userId );
|
||||
assertEquals(204, response.getStatus());
|
||||
response.close();
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userResourcePath(userId));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userResourcePath(userId), ResourceType.USER);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -326,7 +327,7 @@ public class UserTest extends AbstractAdminTest {
|
|||
link.setUserName("social-username");
|
||||
Response response = user.addFederatedIdentity("social-provider-id", link);
|
||||
assertEquals(204, response.getStatus());
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userFederatedIdentityLink(id, "social-provider-id"), link);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userFederatedIdentityLink(id, "social-provider-id"), link, ResourceType.USER);
|
||||
|
||||
// Verify social link is here
|
||||
user = realm.users().get(id);
|
||||
|
@ -339,7 +340,7 @@ public class UserTest extends AbstractAdminTest {
|
|||
|
||||
// Remove social link now
|
||||
user.removeFederatedIdentity("social-provider-id");
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userFederatedIdentityLink(id, "social-provider-id"));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userFederatedIdentityLink(id, "social-provider-id"), ResourceType.USER);
|
||||
assertEquals(0, user.getFederatedIdentity().size());
|
||||
|
||||
removeSampleIdentityProvider();
|
||||
|
@ -354,14 +355,14 @@ public class UserTest extends AbstractAdminTest {
|
|||
rep.setProviderId("social-provider-type");
|
||||
|
||||
realm.identityProviders().create(rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.identityProviderPath(rep.getAlias()), rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.identityProviderPath(rep.getAlias()), rep, ResourceType.IDENTITY_PROVIDER);
|
||||
}
|
||||
|
||||
private void removeSampleIdentityProvider() {
|
||||
IdentityProviderResource resource = realm.identityProviders().get("social-provider-id");
|
||||
Assert.assertNotNull(resource);
|
||||
resource.remove();
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.identityProviderPath("social-provider-id"));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.identityProviderPath("social-provider-id"), ResourceType.IDENTITY_PROVIDER);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -519,7 +520,7 @@ public class UserTest extends AbstractAdminTest {
|
|||
List<String> actions = new LinkedList<>();
|
||||
actions.add(UserModel.RequiredAction.UPDATE_PASSWORD.name());
|
||||
user.executeActionsEmail("account", actions);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResourcePath(id) + "/execute-actions-email");
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResourcePath(id) + "/execute-actions-email", ResourceType.USER);
|
||||
|
||||
Assert.assertEquals(1, greenMail.getReceivedMessages().length);
|
||||
|
||||
|
@ -587,7 +588,7 @@ public class UserTest extends AbstractAdminTest {
|
|||
}
|
||||
|
||||
user.sendVerifyEmail();
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResourcePath(id) + "/send-verify-email");
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResourcePath(id) + "/send-verify-email", ResourceType.USER);
|
||||
|
||||
Assert.assertEquals(1, greenMail.getReceivedMessages().length);
|
||||
|
||||
|
@ -626,13 +627,13 @@ public class UserTest extends AbstractAdminTest {
|
|||
rep.setFirstName("Firstname");
|
||||
|
||||
user.update(rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userResourcePath(id), rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userResourcePath(id), rep, ResourceType.USER);
|
||||
|
||||
rep = new UserRepresentation();
|
||||
rep.setLastName("Lastname");
|
||||
|
||||
user.update(rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userResourcePath(id), rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userResourcePath(id), rep, ResourceType.USER);
|
||||
|
||||
rep = realm.users().get(id).toRepresentation();
|
||||
|
||||
|
@ -709,7 +710,7 @@ public class UserTest extends AbstractAdminTest {
|
|||
cred.setTemporary(false);
|
||||
|
||||
realm.users().get(userId).resetPassword(cred);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResetPasswordPath(userId));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResetPasswordPath(userId), ResourceType.USER);
|
||||
|
||||
String accountUrl = RealmsResource.accountUrl(UriBuilder.fromUri(getAuthServerRoot())).build(REALM_NAME).toString();
|
||||
|
||||
|
@ -746,7 +747,7 @@ public class UserTest extends AbstractAdminTest {
|
|||
RequiredActionProviderRepresentation updatePasswordReqAction = realm.flows().getRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString());
|
||||
updatePasswordReqAction.setDefaultAction(true);
|
||||
realm.flows().updateRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString(), updatePasswordReqAction);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authRequiredActionPath(UserModel.RequiredAction.UPDATE_PASSWORD.toString()), updatePasswordReqAction);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authRequiredActionPath(UserModel.RequiredAction.UPDATE_PASSWORD.toString()), updatePasswordReqAction, ResourceType.REQUIRED_ACTION);
|
||||
|
||||
// Create user
|
||||
String userId = createUser("user1", "user1@localhost");
|
||||
|
@ -759,7 +760,7 @@ public class UserTest extends AbstractAdminTest {
|
|||
updatePasswordReqAction = realm.flows().getRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString());
|
||||
updatePasswordReqAction.setDefaultAction(true);
|
||||
realm.flows().updateRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString(), updatePasswordReqAction);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authRequiredActionPath(UserModel.RequiredAction.UPDATE_PASSWORD.toString()), updatePasswordReqAction);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authRequiredActionPath(UserModel.RequiredAction.UPDATE_PASSWORD.toString()), updatePasswordReqAction, ResourceType.REQUIRED_ACTION);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -800,16 +801,16 @@ public class UserTest extends AbstractAdminTest {
|
|||
l.add(realm.roles().get("realm-role").toRepresentation());
|
||||
l.add(realm.roles().get("realm-composite").toRepresentation());
|
||||
roles.realmLevel().add(l);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userRealmRoleMappingsPath(userId), l);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userRealmRoleMappingsPath(userId), l, ResourceType.REALM_ROLE_MAPPING);
|
||||
|
||||
// Add client roles
|
||||
List<RoleRepresentation> list = Collections.singletonList(realm.clients().get(clientUuid).roles().get("client-role").toRepresentation());
|
||||
roles.clientLevel(clientUuid).add(list);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userClientRoleMappingsPath(userId, clientUuid), list);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userClientRoleMappingsPath(userId, clientUuid), list, ResourceType.CLIENT_ROLE_MAPPING);
|
||||
|
||||
list = Collections.singletonList(realm.clients().get(clientUuid).roles().get("client-composite").toRepresentation());
|
||||
roles.clientLevel(clientUuid).add(list);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userClientRoleMappingsPath(userId, clientUuid), list);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userClientRoleMappingsPath(userId, clientUuid), ResourceType.CLIENT_ROLE_MAPPING);
|
||||
|
||||
// List realm roles
|
||||
assertNames(roles.realmLevel().listAll(), "realm-role", "realm-composite", "user", "offline_access", Constants.AUTHZ_UMA_AUTHORIZATION);
|
||||
|
@ -831,14 +832,14 @@ public class UserTest extends AbstractAdminTest {
|
|||
// Remove realm role
|
||||
RoleRepresentation realmRoleRep = realm.roles().get("realm-role").toRepresentation();
|
||||
roles.realmLevel().remove(Collections.singletonList(realmRoleRep));
|
||||
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.userRealmRoleMappingsPath(userId), Collections.singletonList(realmRoleRep));
|
||||
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.userRealmRoleMappingsPath(userId), Collections.singletonList(realmRoleRep), ResourceType.REALM_ROLE_MAPPING);
|
||||
|
||||
assertNames(roles.realmLevel().listAll(), "realm-composite", "user", "offline_access", Constants.AUTHZ_UMA_AUTHORIZATION);
|
||||
|
||||
// Remove client role
|
||||
RoleRepresentation clientRoleRep = realm.clients().get(clientUuid).roles().get("client-role").toRepresentation();
|
||||
roles.clientLevel(clientUuid).remove(Collections.singletonList(clientRoleRep));
|
||||
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.userClientRoleMappingsPath(userId, clientUuid), Collections.singletonList(clientRoleRep));
|
||||
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.userClientRoleMappingsPath(userId, clientUuid), Collections.singletonList(clientRoleRep), ResourceType.CLIENT_ROLE_MAPPING);
|
||||
|
||||
assertNames(roles.clientLevel(clientUuid).listAll(), "client-composite");
|
||||
}
|
||||
|
@ -847,14 +848,14 @@ public class UserTest extends AbstractAdminTest {
|
|||
RealmRepresentation rep = realm.toRepresentation();
|
||||
rep.setEditUsernameAllowed(true);
|
||||
realm.update(rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM);
|
||||
}
|
||||
|
||||
private void enableBruteForce() {
|
||||
RealmRepresentation rep = realm.toRepresentation();
|
||||
rep.setBruteForceProtected(true);
|
||||
realm.update(rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -23,6 +23,7 @@ import org.junit.Rule;
|
|||
import org.keycloak.admin.client.resource.AuthenticationManagementResource;
|
||||
import org.keycloak.admin.client.resource.RealmResource;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation;
|
||||
import org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation;
|
||||
import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
|
||||
|
@ -196,6 +197,6 @@ public abstract class AbstractAuthenticationTest extends AbstractKeycloakTest {
|
|||
Response response = authMgmtResource.createFlow(flowRep);
|
||||
org.keycloak.testsuite.Assert.assertEquals(201, response.getStatus());
|
||||
response.close();
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AssertAdminEvents.isExpectedPrefixFollowedByUuid(AdminEventPaths.authFlowsPath()), flowRep);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AssertAdminEvents.isExpectedPrefixFollowedByUuid(AdminEventPaths.authFlowsPath()), flowRep, ResourceType.AUTH_FLOW);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -29,6 +29,7 @@ import org.junit.Test;
|
|||
import org.keycloak.authentication.authenticators.broker.IdpCreateUserIfUniqueAuthenticator;
|
||||
import org.keycloak.authentication.authenticators.broker.IdpCreateUserIfUniqueAuthenticatorFactory;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation;
|
||||
import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
|
||||
import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
|
||||
|
@ -52,7 +53,7 @@ public class AuthenticatorConfigTest extends AbstractAuthenticationTest {
|
|||
HashMap<String, String> params = new HashMap<>();
|
||||
params.put("provider", IdpCreateUserIfUniqueAuthenticatorFactory.PROVIDER_ID);
|
||||
authMgmtResource.addExecution("firstBrokerLogin2", params);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionPath("firstBrokerLogin2"), params);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionPath("firstBrokerLogin2"), params, ResourceType.AUTH_EXECUTION);
|
||||
|
||||
List<AuthenticationExecutionInfoRepresentation> executionReps = authMgmtResource.getExecutions("firstBrokerLogin2");
|
||||
AuthenticationExecutionInfoRepresentation exec = findExecutionByProvider(IdpCreateUserIfUniqueAuthenticatorFactory.PROVIDER_ID, executionReps);
|
||||
|
@ -79,7 +80,7 @@ public class AuthenticatorConfigTest extends AbstractAuthenticationTest {
|
|||
|
||||
// Cleanup
|
||||
authMgmtResource.removeAuthenticatorConfig(cfgId);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionConfigPath(cfgId));
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionConfigPath(cfgId), ResourceType.AUTHENTICATOR_CONFIG);
|
||||
}
|
||||
|
||||
|
||||
|
@ -105,7 +106,7 @@ public class AuthenticatorConfigTest extends AbstractAuthenticationTest {
|
|||
cfgRep.setAlias("foo2");
|
||||
cfgRep.getConfig().put("configKey2", "configValue2");
|
||||
authMgmtResource.updateAuthenticatorConfig(cfgRep.getId(), cfgRep);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authExecutionConfigPath(cfgId), cfgRep);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authExecutionConfigPath(cfgId), cfgRep, ResourceType.AUTHENTICATOR_CONFIG);
|
||||
|
||||
// Assert updated
|
||||
cfgRep = authMgmtResource.getAuthenticatorConfig(cfgRep.getId());
|
||||
|
@ -137,7 +138,7 @@ public class AuthenticatorConfigTest extends AbstractAuthenticationTest {
|
|||
|
||||
// Test remove our config
|
||||
authMgmtResource.removeAuthenticatorConfig(cfgId);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionConfigPath(cfgId));
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionConfigPath(cfgId), ResourceType.AUTHENTICATOR_CONFIG);
|
||||
|
||||
// Assert config not found
|
||||
try {
|
||||
|
@ -159,7 +160,7 @@ public class AuthenticatorConfigTest extends AbstractAuthenticationTest {
|
|||
Assert.assertEquals(201, resp.getStatus());
|
||||
String cfgId = ApiUtil.getCreatedId(resp);
|
||||
Assert.assertNotNull(cfgId);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionConfigPath(executionId), cfg);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionConfigPath(executionId), cfg, ResourceType.AUTH_EXECUTION);
|
||||
return cfgId;
|
||||
}
|
||||
|
||||
|
|
|
@ -22,6 +22,7 @@ import org.junit.Test;
|
|||
import org.keycloak.authentication.AuthenticationFlow;
|
||||
import org.keycloak.authentication.authenticators.client.ClientIdAndSecretAuthenticator;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation;
|
||||
import org.keycloak.representations.idm.AuthenticationExecutionRepresentation;
|
||||
import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
|
||||
|
@ -64,7 +65,7 @@ public class ExecutionTest extends AbstractAuthenticationTest {
|
|||
// copy built-in flow so we get a new editable flow
|
||||
params.put("newName", "Copy-of-browser");
|
||||
Response response = authMgmtResource.copy("browser", params);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authCopyFlowPath("browser"), params);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authCopyFlowPath("browser"), params, ResourceType.AUTH_FLOW);
|
||||
try {
|
||||
Assert.assertEquals("Copy flow", 201, response.getStatus());
|
||||
} finally {
|
||||
|
@ -83,7 +84,7 @@ public class ExecutionTest extends AbstractAuthenticationTest {
|
|||
// add execution - should succeed
|
||||
params.put("provider", "idp-review-profile");
|
||||
authMgmtResource.addExecution("Copy-of-browser", params);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionPath("Copy-of-browser"), params);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionPath("Copy-of-browser"), params, ResourceType.AUTH_EXECUTION);
|
||||
|
||||
// check execution was added
|
||||
List<AuthenticationExecutionInfoRepresentation> executionReps = authMgmtResource.getExecutions("Copy-of-browser");
|
||||
|
@ -97,7 +98,7 @@ public class ExecutionTest extends AbstractAuthenticationTest {
|
|||
|
||||
// remove execution
|
||||
authMgmtResource.removeExecution(exec.getId());
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionPath(exec.getId()));
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionPath(exec.getId()), ResourceType.AUTH_EXECUTION);
|
||||
|
||||
// check execution was removed
|
||||
executionReps = authMgmtResource.getExecutions("Copy-of-browser");
|
||||
|
@ -108,7 +109,7 @@ public class ExecutionTest extends AbstractAuthenticationTest {
|
|||
|
||||
// delete auth-cookie
|
||||
authMgmtResource.removeExecution(authCookieExec.getId());
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionPath(authCookieExec.getId()));
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionPath(authCookieExec.getId()), ResourceType.AUTH_EXECUTION);
|
||||
|
||||
AuthenticationExecutionRepresentation rep = new AuthenticationExecutionRepresentation();
|
||||
rep.setPriority(10);
|
||||
|
@ -149,7 +150,7 @@ public class ExecutionTest extends AbstractAuthenticationTest {
|
|||
|
||||
// add execution - should succeed
|
||||
response = authMgmtResource.addExecution(rep);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AssertAdminEvents.isExpectedPrefixFollowedByUuid(AdminEventPaths.authMgmtBasePath() + "/executions"), rep);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AssertAdminEvents.isExpectedPrefixFollowedByUuid(AdminEventPaths.authMgmtBasePath() + "/executions"), rep, ResourceType.AUTH_EXECUTION);
|
||||
try {
|
||||
Assert.assertEquals("added execution", 201, response.getStatus());
|
||||
} finally {
|
||||
|
@ -178,7 +179,7 @@ public class ExecutionTest extends AbstractAuthenticationTest {
|
|||
// switch from DISABLED to ALTERNATIVE
|
||||
exec.setRequirement(DISABLED);
|
||||
authMgmtResource.updateExecutions("browser", exec);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), exec);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), exec, ResourceType.AUTH_EXECUTION);
|
||||
|
||||
// make sure the change is visible
|
||||
executionReps = authMgmtResource.getExecutions("browser");
|
||||
|
@ -198,7 +199,7 @@ public class ExecutionTest extends AbstractAuthenticationTest {
|
|||
Map<String, String> executionData = new HashMap<>();
|
||||
executionData.put("provider", ClientIdAndSecretAuthenticator.PROVIDER_ID);
|
||||
authMgmtResource.addExecution("new-client-flow", executionData);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionPath("new-client-flow"), executionData);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionPath("new-client-flow"), executionData, ResourceType.AUTH_EXECUTION);
|
||||
|
||||
// Check executions of not-existent flow - SHOULD FAIL
|
||||
try {
|
||||
|
@ -234,7 +235,7 @@ public class ExecutionTest extends AbstractAuthenticationTest {
|
|||
// Update success
|
||||
executionRep.setRequirement(ALTERNATIVE);
|
||||
authMgmtResource.updateExecutions("new-client-flow", executionRep);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("new-client-flow"), executionRep);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("new-client-flow"), executionRep, ResourceType.AUTH_EXECUTION);
|
||||
|
||||
// Check updated
|
||||
executionRep = findExecutionByProvider(ClientIdAndSecretAuthenticator.PROVIDER_ID, authMgmtResource.getExecutions("new-client-flow"));
|
||||
|
@ -250,10 +251,10 @@ public class ExecutionTest extends AbstractAuthenticationTest {
|
|||
|
||||
// Successfuly remove execution and flow
|
||||
authMgmtResource.removeExecution(executionRep.getId());
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionPath(executionRep.getId()));
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionPath(executionRep.getId()), ResourceType.AUTH_EXECUTION);
|
||||
|
||||
AuthenticationFlowRepresentation rep = findFlowByAlias("new-client-flow", authMgmtResource.getFlows());
|
||||
authMgmtResource.deleteFlow(rep.getId());
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authFlowPath(rep.getId()));
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authFlowPath(rep.getId()), ResourceType.AUTH_FLOW);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -20,6 +20,7 @@ package org.keycloak.testsuite.admin.authentication;
|
|||
import org.junit.Assert;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation;
|
||||
import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
|
||||
import org.keycloak.testsuite.util.AdminEventPaths;
|
||||
|
@ -119,7 +120,7 @@ public class FlowTest extends AbstractAuthenticationTest {
|
|||
// Successfully add flow
|
||||
data.put("alias", "SomeFlow");
|
||||
authMgmtResource.addExecutionFlow("browser-2", data);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionFlowPath("browser-2"), data);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionFlowPath("browser-2"), data, ResourceType.AUTH_EXECUTION_FLOW);
|
||||
|
||||
// check that new flow is returned in a children list
|
||||
flows = authMgmtResource.getFlows();
|
||||
|
@ -141,7 +142,7 @@ public class FlowTest extends AbstractAuthenticationTest {
|
|||
|
||||
// delete non-built-in flow
|
||||
authMgmtResource.deleteFlow(found.getId());
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authFlowPath(found.getId()));
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authFlowPath(found.getId()), ResourceType.AUTH_FLOW);
|
||||
|
||||
// check the deleted flow is no longer returned
|
||||
flows = authMgmtResource.getFlows();
|
||||
|
@ -184,7 +185,7 @@ public class FlowTest extends AbstractAuthenticationTest {
|
|||
// copy that should succeed
|
||||
params.put("newName", "Copy of browser");
|
||||
response = authMgmtResource.copy("browser", params);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authCopyFlowPath("browser"), params);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authCopyFlowPath("browser"), params, ResourceType.AUTH_FLOW);
|
||||
try {
|
||||
Assert.assertEquals("Copy flow", 201, response.getStatus());
|
||||
} finally {
|
||||
|
@ -219,7 +220,7 @@ public class FlowTest extends AbstractAuthenticationTest {
|
|||
Response response = authMgmtResource.copy("browser", params);
|
||||
Assert.assertEquals(201, response.getStatus());
|
||||
response.close();
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authCopyFlowPath("browser"), params);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authCopyFlowPath("browser"), params, ResourceType.AUTH_FLOW);
|
||||
|
||||
params = new HashMap<>();
|
||||
params.put("alias", "child");
|
||||
|
@ -228,7 +229,7 @@ public class FlowTest extends AbstractAuthenticationTest {
|
|||
params.put("type", "basic-flow");
|
||||
|
||||
authMgmtResource.addExecutionFlow("parent", params);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionFlowPath("parent"), params);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionFlowPath("parent"), params, ResourceType.AUTH_EXECUTION_FLOW);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -26,6 +26,7 @@ import javax.ws.rs.core.Response;
|
|||
import org.junit.Assert;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
|
||||
import org.keycloak.testsuite.util.AdminEventPaths;
|
||||
|
||||
|
@ -47,7 +48,7 @@ public class RegistrationFlowTest extends AbstractAuthenticationTest {
|
|||
data.put("description", "registrationForm2 flow");
|
||||
data.put("provider", "registration-page-form");
|
||||
authMgmtResource.addExecutionFlow("registration2", data);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionFlowPath("registration2"), data);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionFlowPath("registration2"), data, ResourceType.AUTH_EXECUTION_FLOW);
|
||||
|
||||
// Should fail to add execution under top level flow
|
||||
Map<String, String> data2 = new HashMap<>();
|
||||
|
@ -62,7 +63,7 @@ public class RegistrationFlowTest extends AbstractAuthenticationTest {
|
|||
|
||||
// Should success to add execution under form flow
|
||||
authMgmtResource.addExecution("registrationForm2", data2);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionPath("registrationForm2"), data2);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionPath("registrationForm2"), data2, ResourceType.AUTH_EXECUTION);
|
||||
}
|
||||
|
||||
// TODO: More type-safety instead of passing generic maps
|
||||
|
|
|
@ -20,6 +20,7 @@ package org.keycloak.testsuite.admin.authentication;
|
|||
import org.junit.Assert;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.representations.idm.RequiredActionProviderRepresentation;
|
||||
import org.keycloak.representations.idm.RequiredActionProviderSimpleRepresentation;
|
||||
import org.keycloak.testsuite.actions.DummyRequiredActionFactory;
|
||||
|
@ -61,7 +62,7 @@ public class RequiredActionsTest extends AbstractAuthenticationTest {
|
|||
|
||||
forUpdate.setConfig(Collections.<String, String>emptyMap());
|
||||
authMgmtResource.updateRequiredAction(forUpdate.getAlias(), forUpdate);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authRequiredActionPath(forUpdate.getAlias()));
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authRequiredActionPath(forUpdate.getAlias()), ResourceType.REQUIRED_ACTION);
|
||||
|
||||
result = authMgmtResource.getRequiredActions();
|
||||
RequiredActionProviderRepresentation updated = findRequiredActionByAlias(forUpdate.getAlias(), result);
|
||||
|
@ -81,7 +82,7 @@ public class RequiredActionsTest extends AbstractAuthenticationTest {
|
|||
|
||||
// Register it
|
||||
authMgmtResource.registerRequiredAction(action);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authMgmtBasePath() + "/register-required-action", action);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authMgmtBasePath() + "/register-required-action", action, ResourceType.REQUIRED_ACTION);
|
||||
|
||||
// Try to find not-existent action - should fail
|
||||
try {
|
||||
|
@ -107,7 +108,7 @@ public class RequiredActionsTest extends AbstractAuthenticationTest {
|
|||
// Update (set it as defaultAction)
|
||||
rep.setDefaultAction(true);
|
||||
authMgmtResource.updateRequiredAction(DummyRequiredActionFactory.PROVIDER_ID, rep);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authRequiredActionPath(rep.getAlias()), rep);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authRequiredActionPath(rep.getAlias()), rep, ResourceType.REQUIRED_ACTION);
|
||||
compareRequiredAction(rep, newRequiredAction(DummyRequiredActionFactory.PROVIDER_ID, "Dummy Action",
|
||||
true, true, Collections.emptyMap()));
|
||||
|
||||
|
@ -121,7 +122,7 @@ public class RequiredActionsTest extends AbstractAuthenticationTest {
|
|||
|
||||
// Remove success
|
||||
authMgmtResource.removeRequiredAction(DummyRequiredActionFactory.PROVIDER_ID);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authRequiredActionPath(rep.getAlias()));
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authRequiredActionPath(rep.getAlias()), ResourceType.REQUIRED_ACTION);
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -20,6 +20,7 @@ package org.keycloak.testsuite.admin.authentication;
|
|||
import org.junit.Assert;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation;
|
||||
import org.keycloak.testsuite.util.AdminEventPaths;
|
||||
|
||||
|
@ -41,7 +42,7 @@ public class ShiftExecutionTest extends AbstractAuthenticationTest {
|
|||
HashMap<String, String> params = new HashMap<>();
|
||||
params.put("newName", "Copy of browser");
|
||||
Response response = authMgmtResource.copy("browser", params);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authCopyFlowPath("browser"), params);
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authCopyFlowPath("browser"), params, ResourceType.AUTH_FLOW);
|
||||
try {
|
||||
Assert.assertEquals("Copy flow", 201, response.getStatus());
|
||||
} finally {
|
||||
|
@ -64,7 +65,7 @@ public class ShiftExecutionTest extends AbstractAuthenticationTest {
|
|||
|
||||
// shift last execution up
|
||||
authMgmtResource.raisePriority(last.getId());
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authRaiseExecutionPath(last.getId()));
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authRaiseExecutionPath(last.getId()), ResourceType.AUTH_EXECUTION);
|
||||
|
||||
List<AuthenticationExecutionInfoRepresentation> executions2 = authMgmtResource.getExecutions("Copy of browser");
|
||||
|
||||
|
@ -84,7 +85,7 @@ public class ShiftExecutionTest extends AbstractAuthenticationTest {
|
|||
|
||||
// shift one before last down
|
||||
authMgmtResource.lowerPriority(oneButLast2.getId());
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authLowerExecutionPath(oneButLast2.getId()));
|
||||
assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authLowerExecutionPath(oneButLast2.getId()), ResourceType.AUTH_EXECUTION);
|
||||
|
||||
executions2 = authMgmtResource.getExecutions("Copy of browser");
|
||||
|
||||
|
|
|
@ -25,6 +25,7 @@ import org.junit.Before;
|
|||
import org.junit.Rule;
|
||||
import org.keycloak.admin.client.resource.ClientResource;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
|
@ -97,7 +98,7 @@ public abstract class AbstractClientTest extends AbstractAuthTest {
|
|||
resp.close();
|
||||
String id = ApiUtil.getCreatedId(resp);
|
||||
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientResourcePath(id), clientRep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientResourcePath(id), clientRep, ResourceType.CLIENT);
|
||||
|
||||
return id;
|
||||
}
|
||||
|
@ -105,7 +106,7 @@ public abstract class AbstractClientTest extends AbstractAuthTest {
|
|||
protected void removeClient(String clientDbId) {
|
||||
testRealmResource().clients().get(clientDbId).remove();
|
||||
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientResourcePath(clientDbId));
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientResourcePath(clientDbId), ResourceType.CLIENT);
|
||||
}
|
||||
|
||||
protected ClientRepresentation findClientRepresentation(String name) {
|
||||
|
|
|
@ -27,6 +27,7 @@ import java.util.Map;
|
|||
import com.fasterxml.jackson.core.type.TypeReference;
|
||||
import org.keycloak.admin.client.resource.ProtocolMappersResource;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.representations.idm.AdminEventRepresentation;
|
||||
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
|
||||
import org.keycloak.testsuite.Assert;
|
||||
|
@ -109,7 +110,7 @@ public abstract class AbstractProtocolMapperTest extends AbstractClientTest {
|
|||
// This is used by admin console to add builtin mappers
|
||||
resource.createMapper(mappersToAdd);
|
||||
|
||||
AdminEventRepresentation adminEvent = assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, adminEventPath + "/add-models");
|
||||
AdminEventRepresentation adminEvent = assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, adminEventPath + "/add-models", ResourceType.PROTOCOL_MAPPER);
|
||||
try {
|
||||
List<ProtocolMapperRepresentation> eventMappers = JsonSerialization.readValue(new ByteArrayInputStream(adminEvent.getRepresentation().getBytes()), new TypeReference<List<ProtocolMapperRepresentation>>() {
|
||||
});
|
||||
|
|
|
@ -25,6 +25,7 @@ import org.junit.Test;
|
|||
import org.keycloak.admin.client.resource.ClientResource;
|
||||
import org.keycloak.admin.client.resource.ProtocolMappersResource;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
|
||||
import org.keycloak.testsuite.Assert;
|
||||
import org.keycloak.testsuite.admin.ApiUtil;
|
||||
|
@ -97,7 +98,7 @@ public class ClientProtocolMapperTest extends AbstractProtocolMapperTest {
|
|||
Response resp = samlMappersRsc.createMapper(rep);
|
||||
resp.close();
|
||||
String createdId = ApiUtil.getCreatedId(resp);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(samlClientId, createdId), rep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(samlClientId, createdId), rep, ResourceType.PROTOCOL_MAPPER);
|
||||
|
||||
assertEquals(totalMappers + 1, samlMappersRsc.getMappers().size());
|
||||
assertEquals(totalSamlMappers + 1, samlMappersRsc.getMappersPerProtocol("saml").size());
|
||||
|
@ -121,7 +122,7 @@ public class ClientProtocolMapperTest extends AbstractProtocolMapperTest {
|
|||
Response resp = oidcMappersRsc.createMapper(rep);
|
||||
resp.close();
|
||||
String createdId = ApiUtil.getCreatedId(resp);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(oidcClientId, createdId), rep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(oidcClientId, createdId), rep, ResourceType.PROTOCOL_MAPPER);
|
||||
|
||||
assertEquals(totalMappers + 1, oidcMappersRsc.getMappers().size());
|
||||
assertEquals(totalOidcMappers + 1, oidcMappersRsc.getMappersPerProtocol("openid-connect").size());
|
||||
|
@ -138,13 +139,13 @@ public class ClientProtocolMapperTest extends AbstractProtocolMapperTest {
|
|||
Response resp = samlMappersRsc.createMapper(rep);
|
||||
resp.close();
|
||||
String createdId = ApiUtil.getCreatedId(resp);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(samlClientId, createdId), rep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(samlClientId, createdId), rep, ResourceType.PROTOCOL_MAPPER);
|
||||
|
||||
rep.getConfig().put("role", "account.manage-account");
|
||||
rep.setId(createdId);
|
||||
rep.setConsentRequired(false);
|
||||
samlMappersRsc.update(createdId, rep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientProtocolMapperPath(samlClientId, createdId), rep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientProtocolMapperPath(samlClientId, createdId), rep, ResourceType.PROTOCOL_MAPPER);
|
||||
|
||||
ProtocolMapperRepresentation updated = samlMappersRsc.getMapperById(createdId);
|
||||
assertEqualMappers(rep, updated);
|
||||
|
@ -157,13 +158,13 @@ public class ClientProtocolMapperTest extends AbstractProtocolMapperTest {
|
|||
Response resp = oidcMappersRsc.createMapper(rep);
|
||||
resp.close();
|
||||
String createdId = ApiUtil.getCreatedId(resp);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(oidcClientId, createdId), rep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(oidcClientId, createdId), rep, ResourceType.PROTOCOL_MAPPER);
|
||||
|
||||
rep.getConfig().put("role", "myotherrole");
|
||||
rep.setId(createdId);
|
||||
rep.setConsentRequired(false);
|
||||
oidcMappersRsc.update(createdId, rep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientProtocolMapperPath(oidcClientId, createdId), rep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientProtocolMapperPath(oidcClientId, createdId), rep, ResourceType.PROTOCOL_MAPPER);
|
||||
|
||||
ProtocolMapperRepresentation updated = oidcMappersRsc.getMapperById(createdId);
|
||||
assertEqualMappers(rep, updated);
|
||||
|
@ -176,10 +177,10 @@ public class ClientProtocolMapperTest extends AbstractProtocolMapperTest {
|
|||
Response resp = samlMappersRsc.createMapper(rep);
|
||||
resp.close();
|
||||
String createdId = ApiUtil.getCreatedId(resp);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(samlClientId, createdId), rep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(samlClientId, createdId), rep, ResourceType.PROTOCOL_MAPPER);
|
||||
|
||||
samlMappersRsc.delete(createdId);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientProtocolMapperPath(samlClientId, createdId));
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientProtocolMapperPath(samlClientId, createdId), ResourceType.PROTOCOL_MAPPER);
|
||||
|
||||
try {
|
||||
samlMappersRsc.getMapperById(createdId);
|
||||
|
@ -196,10 +197,10 @@ public class ClientProtocolMapperTest extends AbstractProtocolMapperTest {
|
|||
Response resp = oidcMappersRsc.createMapper(rep);
|
||||
resp.close();
|
||||
String createdId = ApiUtil.getCreatedId(resp);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(oidcClientId, createdId), rep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(oidcClientId, createdId), rep, ResourceType.PROTOCOL_MAPPER);
|
||||
|
||||
oidcMappersRsc.delete(createdId);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientProtocolMapperPath(oidcClientId, createdId));
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientProtocolMapperPath(oidcClientId, createdId), ResourceType.PROTOCOL_MAPPER);
|
||||
|
||||
try {
|
||||
oidcMappersRsc.getMapperById(createdId);
|
||||
|
|
|
@ -23,6 +23,7 @@ import org.junit.Test;
|
|||
import org.keycloak.admin.client.resource.ClientResource;
|
||||
import org.keycloak.admin.client.resource.RolesResource;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
import org.keycloak.testsuite.Assert;
|
||||
import org.keycloak.testsuite.util.AdminEventPaths;
|
||||
|
@ -75,7 +76,7 @@ public class ClientRolesTest extends AbstractClientTest {
|
|||
public void testAddRole() {
|
||||
RoleRepresentation role1 = makeRole("role1");
|
||||
rolesRsc.create(role1);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientDbId, "role1"), role1);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientDbId, "role1"), role1, ResourceType.CLIENT_ROLE);
|
||||
assertTrue(hasRole(rolesRsc, "role1"));
|
||||
}
|
||||
|
||||
|
@ -83,10 +84,10 @@ public class ClientRolesTest extends AbstractClientTest {
|
|||
public void testRemoveRole() {
|
||||
RoleRepresentation role2 = makeRole("role2");
|
||||
rolesRsc.create(role2);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientDbId, "role2"), role2);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientDbId, "role2"), role2, ResourceType.CLIENT_ROLE);
|
||||
|
||||
rolesRsc.deleteRole("role2");
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientRoleResourcePath(clientDbId, "role2"));
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientRoleResourcePath(clientDbId, "role2"), ResourceType.CLIENT_ROLE);
|
||||
|
||||
assertFalse(hasRole(rolesRsc, "role2"));
|
||||
}
|
||||
|
@ -95,24 +96,24 @@ public class ClientRolesTest extends AbstractClientTest {
|
|||
public void testComposites() {
|
||||
RoleRepresentation roleA = makeRole("role-a");
|
||||
rolesRsc.create(roleA);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientDbId, "role-a"), roleA);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientDbId, "role-a"), roleA, ResourceType.CLIENT_ROLE);
|
||||
|
||||
assertFalse(rolesRsc.get("role-a").toRepresentation().isComposite());
|
||||
assertEquals(0, rolesRsc.get("role-a").getRoleComposites().size());
|
||||
|
||||
RoleRepresentation roleB = makeRole("role-b");
|
||||
rolesRsc.create(roleB);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientDbId, "role-b"), roleB);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientDbId, "role-b"), roleB, ResourceType.CLIENT_ROLE);
|
||||
|
||||
RoleRepresentation roleC = makeRole("role-c");
|
||||
testRealmResource().roles().create(roleC);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.roleResourcePath("role-c"), roleC);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.roleResourcePath("role-c"), roleC, ResourceType.REALM_ROLE);
|
||||
|
||||
List<RoleRepresentation> l = new LinkedList<>();
|
||||
l.add(rolesRsc.get("role-b").toRepresentation());
|
||||
l.add(testRealmResource().roles().get("role-c").toRepresentation());
|
||||
rolesRsc.get("role-a").addComposites(l);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourceCompositesPath(clientDbId, "role-a"), l);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientRoleResourceCompositesPath(clientDbId, "role-a"), l, ResourceType.CLIENT_ROLE);
|
||||
|
||||
Set<RoleRepresentation> composites = rolesRsc.get("role-a").getRoleComposites();
|
||||
|
||||
|
@ -126,7 +127,7 @@ public class ClientRolesTest extends AbstractClientTest {
|
|||
Assert.assertNames(clientComposites, "role-b");
|
||||
|
||||
rolesRsc.get("role-a").deleteComposites(l);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientRoleResourceCompositesPath(clientDbId, "role-a"), l);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientRoleResourceCompositesPath(clientDbId, "role-a"), l, ResourceType.CLIENT_ROLE);
|
||||
|
||||
assertFalse(rolesRsc.get("role-a").toRepresentation().isComposite());
|
||||
assertEquals(0, rolesRsc.get("role-a").getRoleComposites().size());
|
||||
|
|
|
@ -29,6 +29,7 @@ import org.junit.runners.MethodSorters;
|
|||
import org.keycloak.admin.client.resource.ClientTemplatesResource;
|
||||
import org.keycloak.admin.client.resource.ProtocolMappersResource;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
||||
import org.keycloak.protocol.saml.SamlProtocol;
|
||||
import org.keycloak.representations.idm.ClientTemplateRepresentation;
|
||||
|
@ -100,7 +101,7 @@ public class ClientTemplateProtocolMapperTest extends AbstractProtocolMapperTest
|
|||
resp.close();
|
||||
String createdId = ApiUtil.getCreatedId(resp);
|
||||
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateProtocolMapperPath(samlClientTemplateId, createdId), rep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateProtocolMapperPath(samlClientTemplateId, createdId), rep, ResourceType.PROTOCOL_MAPPER);
|
||||
|
||||
assertEquals(totalMappers + 1, samlMappersRsc.getMappers().size());
|
||||
assertEquals(totalSamlMappers + 1, samlMappersRsc.getMappersPerProtocol("saml").size());
|
||||
|
@ -125,7 +126,7 @@ public class ClientTemplateProtocolMapperTest extends AbstractProtocolMapperTest
|
|||
resp.close();
|
||||
String createdId = ApiUtil.getCreatedId(resp);
|
||||
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateProtocolMapperPath(oidcClientTemplateId, createdId), rep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateProtocolMapperPath(oidcClientTemplateId, createdId), rep, ResourceType.PROTOCOL_MAPPER);
|
||||
|
||||
assertEquals(totalMappers + 1, oidcMappersRsc.getMappers().size());
|
||||
assertEquals(totalOidcMappers + 1, oidcMappersRsc.getMappersPerProtocol("openid-connect").size());
|
||||
|
@ -141,13 +142,13 @@ public class ClientTemplateProtocolMapperTest extends AbstractProtocolMapperTest
|
|||
Response resp = samlMappersRsc.createMapper(rep);
|
||||
resp.close();
|
||||
String createdId = ApiUtil.getCreatedId(resp);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateProtocolMapperPath(samlClientTemplateId, createdId), rep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateProtocolMapperPath(samlClientTemplateId, createdId), rep, ResourceType.PROTOCOL_MAPPER);
|
||||
|
||||
rep.getConfig().put("role", "account.manage-account");
|
||||
rep.setId(createdId);
|
||||
rep.setConsentRequired(false);
|
||||
samlMappersRsc.update(createdId, rep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientTemplateProtocolMapperPath(samlClientTemplateId, createdId), rep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientTemplateProtocolMapperPath(samlClientTemplateId, createdId), rep, ResourceType.PROTOCOL_MAPPER);
|
||||
|
||||
ProtocolMapperRepresentation updated = samlMappersRsc.getMapperById(createdId);
|
||||
assertEqualMappers(rep, updated);
|
||||
|
@ -160,13 +161,13 @@ public class ClientTemplateProtocolMapperTest extends AbstractProtocolMapperTest
|
|||
Response resp = oidcMappersRsc.createMapper(rep);
|
||||
resp.close();
|
||||
String createdId = ApiUtil.getCreatedId(resp);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateProtocolMapperPath(oidcClientTemplateId, createdId), rep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateProtocolMapperPath(oidcClientTemplateId, createdId), rep, ResourceType.PROTOCOL_MAPPER);
|
||||
|
||||
rep.getConfig().put("role", "myotherrole");
|
||||
rep.setId(createdId);
|
||||
rep.setConsentRequired(false);
|
||||
oidcMappersRsc.update(createdId, rep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientTemplateProtocolMapperPath(oidcClientTemplateId, createdId), rep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientTemplateProtocolMapperPath(oidcClientTemplateId, createdId), rep, ResourceType.PROTOCOL_MAPPER);
|
||||
|
||||
ProtocolMapperRepresentation updated = oidcMappersRsc.getMapperById(createdId);
|
||||
assertEqualMappers(rep, updated);
|
||||
|
@ -179,10 +180,10 @@ public class ClientTemplateProtocolMapperTest extends AbstractProtocolMapperTest
|
|||
Response resp = samlMappersRsc.createMapper(rep);
|
||||
resp.close();
|
||||
String createdId = ApiUtil.getCreatedId(resp);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateProtocolMapperPath(samlClientTemplateId, createdId), rep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateProtocolMapperPath(samlClientTemplateId, createdId), rep, ResourceType.PROTOCOL_MAPPER);
|
||||
|
||||
samlMappersRsc.delete(createdId);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateProtocolMapperPath(samlClientTemplateId, createdId));
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateProtocolMapperPath(samlClientTemplateId, createdId), ResourceType.PROTOCOL_MAPPER);
|
||||
|
||||
try {
|
||||
samlMappersRsc.getMapperById(createdId);
|
||||
|
@ -199,10 +200,10 @@ public class ClientTemplateProtocolMapperTest extends AbstractProtocolMapperTest
|
|||
Response resp = oidcMappersRsc.createMapper(rep);
|
||||
resp.close();
|
||||
String createdId = ApiUtil.getCreatedId(resp);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateProtocolMapperPath(oidcClientTemplateId, createdId), rep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateProtocolMapperPath(oidcClientTemplateId, createdId), rep, ResourceType.PROTOCOL_MAPPER);
|
||||
|
||||
oidcMappersRsc.delete(createdId);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateProtocolMapperPath(oidcClientTemplateId, createdId));
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateProtocolMapperPath(oidcClientTemplateId, createdId), ResourceType.PROTOCOL_MAPPER);
|
||||
|
||||
try {
|
||||
oidcMappersRsc.getMapperById(createdId);
|
||||
|
@ -227,13 +228,13 @@ public class ClientTemplateProtocolMapperTest extends AbstractProtocolMapperTest
|
|||
resp.close();
|
||||
String templateId = ApiUtil.getCreatedId(resp);
|
||||
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateResourcePath(templateId), rep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateResourcePath(templateId), rep, ResourceType.CLIENT_TEMPLATE);
|
||||
|
||||
return templateId;
|
||||
}
|
||||
|
||||
private void removeTemplate(String templateId) {
|
||||
clientTemplates().get(templateId).remove();
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateResourcePath(templateId));
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateResourcePath(templateId), ResourceType.CLIENT_TEMPLATE);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -32,6 +32,7 @@ import org.junit.Test;
|
|||
import org.keycloak.admin.client.resource.ClientTemplatesResource;
|
||||
import org.keycloak.admin.client.resource.RoleMappingResource;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.AccountRoles;
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
||||
|
@ -137,7 +138,7 @@ public class ClientTemplateTest extends AbstractClientTest {
|
|||
|
||||
clientTemplates().get(template1Id).update(templateRep);
|
||||
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientTemplateResourcePath(template1Id), templateRep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientTemplateResourcePath(template1Id), templateRep, ResourceType.CLIENT_TEMPLATE);
|
||||
|
||||
// Assert updated attributes
|
||||
templateRep = clientTemplates().get(template1Id).toRepresentation();
|
||||
|
@ -161,7 +162,7 @@ public class ClientTemplateTest extends AbstractClientTest {
|
|||
|
||||
// Add role2 as composite to role1
|
||||
testRealmResource().roles().get("role1").addComposites(Collections.singletonList(roleRep2));
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.roleResourceCompositesPath("role1"), Collections.singletonList(roleRep2));
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.roleResourceCompositesPath("role1"), Collections.singletonList(roleRep2), ResourceType.REALM_ROLE);
|
||||
|
||||
// create client template
|
||||
ClientTemplateRepresentation templateRep = new ClientTemplateRepresentation();
|
||||
|
@ -175,10 +176,10 @@ public class ClientTemplateTest extends AbstractClientTest {
|
|||
RoleMappingResource scopesResource = clientTemplates().get(templateId).getScopeMappings();
|
||||
|
||||
scopesResource.realmLevel().add(Collections.singletonList(roleRep1));
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateScopeMappingsRealmLevelPath(templateId), Collections.singletonList(roleRep1));
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateScopeMappingsRealmLevelPath(templateId), Collections.singletonList(roleRep1), ResourceType.REALM_SCOPE_MAPPING);
|
||||
|
||||
scopesResource.clientLevel(accountMgmtId).add(Collections.singletonList(viewAccountRoleRep));
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateScopeMappingsClientLevelPath(templateId, accountMgmtId), Collections.singletonList(viewAccountRoleRep));
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateScopeMappingsClientLevelPath(templateId, accountMgmtId), Collections.singletonList(viewAccountRoleRep), ResourceType.CLIENT_SCOPE_MAPPING);
|
||||
|
||||
// test that scopes are available (also through composite role)
|
||||
List<RoleRepresentation> allRealm = scopesResource.realmLevel().listAll();
|
||||
|
@ -197,10 +198,10 @@ public class ClientTemplateTest extends AbstractClientTest {
|
|||
|
||||
// remove scopes
|
||||
scopesResource.realmLevel().remove(Collections.singletonList(roleRep1));
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateScopeMappingsRealmLevelPath(templateId), Collections.singletonList(roleRep1));
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateScopeMappingsRealmLevelPath(templateId), Collections.singletonList(roleRep1), ResourceType.REALM_SCOPE_MAPPING);
|
||||
|
||||
scopesResource.clientLevel(accountMgmtId).remove(Collections.singletonList(viewAccountRoleRep));
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateScopeMappingsClientLevelPath(templateId, accountMgmtId), Collections.singletonList(viewAccountRoleRep));
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateScopeMappingsClientLevelPath(templateId, accountMgmtId), Collections.singletonList(viewAccountRoleRep), ResourceType.CLIENT_SCOPE_MAPPING);
|
||||
|
||||
// assert scopes are removed
|
||||
allRealm = scopesResource.realmLevel().listAll();
|
||||
|
@ -255,7 +256,7 @@ public class ClientTemplateTest extends AbstractClientTest {
|
|||
|
||||
// Add realm role to scopes of clientTemplate
|
||||
clientTemplates().get(templateId).getScopeMappings().realmLevel().add(Collections.singletonList(roleRep));
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateScopeMappingsRealmLevelPath(templateId), Collections.singletonList(roleRep));
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateScopeMappingsRealmLevelPath(templateId), Collections.singletonList(roleRep), ResourceType.REALM_SCOPE_MAPPING);
|
||||
|
||||
List<RoleRepresentation> roleReps = clientTemplates().get(templateId).getScopeMappings().realmLevel().listAll();
|
||||
Assert.assertEquals(1, roleReps.size());
|
||||
|
@ -263,7 +264,7 @@ public class ClientTemplateTest extends AbstractClientTest {
|
|||
|
||||
// Remove realm role
|
||||
testRealmResource().roles().deleteRole("foo-role");
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.roleResourcePath("foo-role"));
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.roleResourcePath("foo-role"), ResourceType.REALM_ROLE);
|
||||
|
||||
// Get scope mappings
|
||||
roleReps = clientTemplates().get(templateId).getScopeMappings().realmLevel().listAll();
|
||||
|
@ -278,7 +279,7 @@ public class ClientTemplateTest extends AbstractClientTest {
|
|||
roleRep.setName(roleName);
|
||||
testRealmResource().roles().create(roleRep);
|
||||
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.roleResourcePath(roleName), roleRep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.roleResourcePath(roleName), roleRep, ResourceType.REALM_ROLE);
|
||||
|
||||
return testRealmResource().roles().get(roleName).toRepresentation();
|
||||
}
|
||||
|
@ -329,14 +330,14 @@ public class ClientTemplateTest extends AbstractClientTest {
|
|||
resp.close();
|
||||
String templateId = ApiUtil.getCreatedId(resp);
|
||||
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateResourcePath(templateId), templateRep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientTemplateResourcePath(templateId), templateRep, ResourceType.CLIENT_TEMPLATE);
|
||||
|
||||
return templateId;
|
||||
}
|
||||
|
||||
private void removeTemplate(String templateId) {
|
||||
clientTemplates().get(templateId).remove();
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateResourcePath(templateId));
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientTemplateResourcePath(templateId), ResourceType.CLIENT_TEMPLATE);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -19,13 +19,12 @@ package org.keycloak.testsuite.admin.client;
|
|||
|
||||
import java.util.List;
|
||||
|
||||
import org.junit.Rule;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.admin.client.resource.ClientResource;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.testsuite.util.AdminEventPaths;
|
||||
import org.keycloak.testsuite.util.AssertAdminEvents;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
|
@ -66,7 +65,7 @@ public class ClientTest extends AbstractClientTest {
|
|||
clientRsc.remove();
|
||||
assertNull(findClientResource("deleteMe"));
|
||||
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientResourcePath(clientDbId));
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientResourcePath(clientDbId), ResourceType.CLIENT);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -87,7 +86,7 @@ public class ClientTest extends AbstractClientTest {
|
|||
ClientRepresentation expectedClientRep = new ClientRepresentation();
|
||||
expectedClientRep.setClientId("updateMe");
|
||||
expectedClientRep.setName("iWasUpdated");
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientResourcePath(clientRep.getId()), expectedClientRep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientResourcePath(clientRep.getId()), expectedClientRep, ResourceType.CLIENT);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
@ -22,6 +22,7 @@ import org.junit.Before;
|
|||
import org.junit.Test;
|
||||
import org.keycloak.admin.client.resource.ClientAttributeCertificateResource;
|
||||
import org.keycloak.admin.client.resource.ClientResource;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||
import org.keycloak.representations.KeyStoreConfig;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
|
@ -70,7 +71,7 @@ public class CredentialsTest extends AbstractClientTest {
|
|||
|
||||
CredentialRepresentation secretRep = new CredentialRepresentation();
|
||||
secretRep.setType(CredentialRepresentation.SECRET);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.ACTION, AdminEventPaths.clientGenerateSecretPath(accountClientDbId), secretRep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.ACTION, AdminEventPaths.clientGenerateSecretPath(accountClientDbId), secretRep, ResourceType.CLIENT);
|
||||
|
||||
assertNotNull(oldCredential);
|
||||
assertNotNull(newCredential);
|
||||
|
@ -91,7 +92,7 @@ public class CredentialsTest extends AbstractClientTest {
|
|||
ClientRepresentation testedRep = new ClientRepresentation();
|
||||
testedRep.setClientId(rep.getClientId());
|
||||
testedRep.setRegistrationAccessToken(newToken);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.ACTION, AdminEventPaths.clientRegenerateRegistrationAccessTokenPath(accountClientDbId), testedRep);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.ACTION, AdminEventPaths.clientRegenerateRegistrationAccessTokenPath(accountClientDbId), testedRep, ResourceType.CLIENT);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -102,7 +103,7 @@ public class CredentialsTest extends AbstractClientTest {
|
|||
assertEquals(cert.getCertificate(), certFromGet.getCertificate());
|
||||
assertEquals(cert.getPrivateKey(), certFromGet.getPrivateKey());
|
||||
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.ACTION, AdminEventPaths.clientCertificateGenerateSecretPath(accountClientDbId, "jwt.credential"), cert);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.ACTION, AdminEventPaths.clientCertificateGenerateSecretPath(accountClientDbId, "jwt.credential"), cert, ResourceType.CLIENT);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
@ -23,6 +23,7 @@ import org.junit.Before;
|
|||
import org.junit.Test;
|
||||
import org.keycloak.admin.client.resource.ClientResource;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.representations.idm.UserSessionRepresentation;
|
||||
import org.keycloak.testsuite.auth.page.account.AccountManagement;
|
||||
|
@ -47,8 +48,8 @@ public class SessionTest extends AbstractClientTest {
|
|||
if (!testUserCreated) {
|
||||
createTestUserWithAdminClient();
|
||||
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.userResourcePath(testUser.getId()));
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.ACTION, AdminEventPaths.userResetPasswordPath(testUser.getId()));
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.userResourcePath(testUser.getId()), ResourceType.USER);
|
||||
assertAdminEvents.assertEvent(getRealmId(), OperationType.ACTION, AdminEventPaths.userResetPasswordPath(testUser.getId()), ResourceType.USER);
|
||||
}
|
||||
testUserCreated = true;
|
||||
}
|
||||
|
|
|
@ -27,6 +27,7 @@ import org.junit.Test;
|
|||
import org.keycloak.admin.client.Keycloak;
|
||||
import org.keycloak.admin.client.resource.RealmResource;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.AdminRoles;
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||
|
@ -136,6 +137,7 @@ public class AdminEventAuthDetailsTest extends AbstractAuthTest {
|
|||
.realmId(realmUuid)
|
||||
.operationType(OperationType.UPDATE)
|
||||
.resourcePath(AdminEventPaths.userResourcePath(appUserId))
|
||||
.resourceType(ResourceType.USER)
|
||||
.representation(rep)
|
||||
.authDetails(expectedRealmId, expectedClientUuid, expectedUserId)
|
||||
.assertEvent();
|
||||
|
|
|
@ -23,6 +23,7 @@ import org.junit.Test;
|
|||
import org.keycloak.admin.client.resource.RealmResource;
|
||||
import org.keycloak.admin.client.resource.RoleMappingResource;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.models.RoleModel;
|
||||
import org.keycloak.representations.AccessToken;
|
||||
|
@ -105,13 +106,13 @@ public class GroupTest extends AbstractGroupTest {
|
|||
Response response = realm.clients().create(client);
|
||||
response.close();
|
||||
String clientUuid = ApiUtil.getCreatedId(response);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.clientResourcePath(clientUuid), client);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.clientResourcePath(clientUuid), client, ResourceType.CLIENT);
|
||||
client = realm.clients().findByClientId("foo").get(0);
|
||||
|
||||
RoleRepresentation role = new RoleRepresentation();
|
||||
role.setName("foo-role");
|
||||
realm.clients().get(client.getId()).roles().create(role);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientUuid, "foo-role"), role);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientUuid, "foo-role"), role, ResourceType.CLIENT_ROLE);
|
||||
role = realm.clients().get(client.getId()).roles().get("foo-role").toRepresentation();
|
||||
|
||||
GroupRepresentation group = new GroupRepresentation();
|
||||
|
@ -121,10 +122,10 @@ public class GroupTest extends AbstractGroupTest {
|
|||
List<RoleRepresentation> list = new LinkedList<>();
|
||||
list.add(role);
|
||||
realm.groups().group(group.getId()).roles().clientLevel(client.getId()).add(list);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientUuid), list);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientUuid), list, ResourceType.CLIENT_ROLE_MAPPING);
|
||||
|
||||
realm.clients().get(client.getId()).remove();
|
||||
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.clientResourcePath(clientUuid));
|
||||
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.clientResourcePath(clientUuid), ResourceType.CLIENT);
|
||||
}
|
||||
|
||||
private GroupRepresentation createGroup(RealmResource realm, GroupRepresentation group) {
|
||||
|
@ -132,7 +133,7 @@ public class GroupTest extends AbstractGroupTest {
|
|||
String groupId = ApiUtil.getCreatedId(response);
|
||||
response.close();
|
||||
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupPath(groupId), group);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupPath(groupId), group, ResourceType.GROUP);
|
||||
|
||||
// Set ID to the original rep
|
||||
group.setId(groupId);
|
||||
|
@ -171,13 +172,13 @@ public class GroupTest extends AbstractGroupTest {
|
|||
List<RoleRepresentation> roles = new LinkedList<>();
|
||||
roles.add(topRole);
|
||||
realm.groups().group(topGroup.getId()).roles().realmLevel().add(roles);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(topGroup.getId()), roles);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(topGroup.getId()), roles, ResourceType.REALM_ROLE_MAPPING);
|
||||
|
||||
GroupRepresentation level2Group = new GroupRepresentation();
|
||||
level2Group.setName("level2");
|
||||
Response response = realm.groups().group(topGroup.getId()).subGroup(level2Group);
|
||||
response.close();
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupSubgroupsPath(topGroup.getId()), level2Group);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupSubgroupsPath(topGroup.getId()), level2Group, ResourceType.GROUP);
|
||||
|
||||
URI location = response.getLocation();
|
||||
final String level2Id = ApiUtil.getCreatedId(response);
|
||||
|
@ -198,20 +199,20 @@ public class GroupTest extends AbstractGroupTest {
|
|||
roles.clear();
|
||||
roles.add(level2Role);
|
||||
realm.groups().group(level2Group.getId()).roles().realmLevel().add(roles);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(level2Group.getId()), roles);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(level2Group.getId()), roles, ResourceType.REALM_ROLE_MAPPING);
|
||||
|
||||
GroupRepresentation level3Group = new GroupRepresentation();
|
||||
level3Group.setName("level3");
|
||||
response = realm.groups().group(level2Group.getId()).subGroup(level3Group);
|
||||
response.close();
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupSubgroupsPath(level2Group.getId()), level3Group);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupSubgroupsPath(level2Group.getId()), level3Group, ResourceType.GROUP);
|
||||
|
||||
level3Group = realm.getGroupByPath("/top/level2/level3");
|
||||
Assert.assertNotNull(level3Group);
|
||||
roles.clear();
|
||||
roles.add(level3Role);
|
||||
realm.groups().group(level3Group.getId()).roles().realmLevel().add(roles);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(level3Group.getId()), roles);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(level3Group.getId()), roles, ResourceType.REALM_ROLE_MAPPING);
|
||||
|
||||
topGroup = realm.getGroupByPath("/top");
|
||||
assertEquals(1, topGroup.getRealmRoles().size());
|
||||
|
@ -231,7 +232,7 @@ public class GroupTest extends AbstractGroupTest {
|
|||
|
||||
UserRepresentation user = realm.users().search("direct-login", -1, -1).get(0);
|
||||
realm.users().get(user.getId()).joinGroup(level3Group.getId());
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userGroupPath(user.getId(), level3Group.getId()));
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userGroupPath(user.getId(), level3Group.getId()), ResourceType.GROUP_MEMBERSHIP);
|
||||
|
||||
List<GroupRepresentation> membership = realm.users().get(user.getId()).groups();
|
||||
assertEquals(1, membership.size());
|
||||
|
@ -243,7 +244,7 @@ public class GroupTest extends AbstractGroupTest {
|
|||
assertTrue(token.getRealmAccess().getRoles().contains("level3Role"));
|
||||
|
||||
realm.addDefaultGroup(level3Group.getId());
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.defaultGroupPath(level3Group.getId()));
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.defaultGroupPath(level3Group.getId()), ResourceType.GROUP);
|
||||
|
||||
List<GroupRepresentation> defaultGroups = realm.getDefaultGroups();
|
||||
assertEquals(1, defaultGroups.size());
|
||||
|
@ -255,20 +256,20 @@ public class GroupTest extends AbstractGroupTest {
|
|||
response = realm.users().create(newUser);
|
||||
String userId = ApiUtil.getCreatedId(response);
|
||||
response.close();
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userResourcePath(userId), newUser);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userResourcePath(userId), newUser, ResourceType.USER);
|
||||
|
||||
membership = realm.users().get(userId).groups();
|
||||
assertEquals(1, membership.size());
|
||||
assertEquals("level3", membership.get(0).getName());
|
||||
|
||||
realm.removeDefaultGroup(level3Group.getId());
|
||||
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.defaultGroupPath(level3Group.getId()));
|
||||
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.defaultGroupPath(level3Group.getId()), ResourceType.GROUP);
|
||||
|
||||
defaultGroups = realm.getDefaultGroups();
|
||||
assertEquals(0, defaultGroups.size());
|
||||
|
||||
realm.groups().group(topGroup.getId()).remove();
|
||||
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupPath(topGroup.getId()));
|
||||
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupPath(topGroup.getId()), ResourceType.GROUP);
|
||||
|
||||
try {
|
||||
realm.getGroupByPath("/top/level2/level3");
|
||||
|
@ -320,7 +321,7 @@ public class GroupTest extends AbstractGroupTest {
|
|||
group.getAttributes().put("attr3", Collections.singletonList("attrval2"));
|
||||
|
||||
realm.groups().group(group.getId()).update(group);
|
||||
assertAdminEvents.assertEvent("test", OperationType.UPDATE, AdminEventPaths.groupPath(group.getId()), group);
|
||||
assertAdminEvents.assertEvent("test", OperationType.UPDATE, AdminEventPaths.groupPath(group.getId()), group, ResourceType.GROUP);
|
||||
|
||||
group = realm.getGroupByPath("/group-new");
|
||||
|
||||
|
@ -341,27 +342,27 @@ public class GroupTest extends AbstractGroupTest {
|
|||
Response response = realm.users().create(UserBuilder.create().username("user-a").build());
|
||||
String userAId = ApiUtil.getCreatedId(response);
|
||||
response.close();
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userResourcePath(userAId));
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userResourcePath(userAId), ResourceType.USER);
|
||||
|
||||
response = realm.users().create(UserBuilder.create().username("user-b").build());
|
||||
String userBId = ApiUtil.getCreatedId(response);
|
||||
response.close();
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userResourcePath(userBId));
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userResourcePath(userBId), ResourceType.USER);
|
||||
|
||||
realm.users().get(userAId).joinGroup(groupId);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userGroupPath(userAId, groupId), group);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userGroupPath(userAId, groupId), group, ResourceType.GROUP_MEMBERSHIP);
|
||||
|
||||
List<UserRepresentation> members = realm.groups().group(groupId).members(0, 10);
|
||||
assertNames(members, "user-a");
|
||||
|
||||
realm.users().get(userBId).joinGroup(groupId);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userGroupPath(userBId, groupId), group);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.userGroupPath(userBId, groupId), group, ResourceType.GROUP_MEMBERSHIP);
|
||||
|
||||
members = realm.groups().group(groupId).members(0, 10);
|
||||
assertNames(members, "user-a", "user-b");
|
||||
|
||||
realm.users().get(userAId).leaveGroup(groupId);
|
||||
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.userGroupPath(userAId, groupId), group);
|
||||
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.userGroupPath(userAId, groupId), group, ResourceType.GROUP_MEMBERSHIP);
|
||||
|
||||
members = realm.groups().group(groupId).members(0, 10);
|
||||
assertNames(members, "user-b");
|
||||
|
@ -419,15 +420,15 @@ public class GroupTest extends AbstractGroupTest {
|
|||
l.add(realm.roles().get("realm-role").toRepresentation());
|
||||
l.add(realm.roles().get("realm-composite").toRepresentation());
|
||||
roles.realmLevel().add(l);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(group.getId()), l);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesRealmRolesPath(group.getId()), l, ResourceType.REALM_ROLE_MAPPING);
|
||||
|
||||
// Add client roles
|
||||
RoleRepresentation clientRole = realm.clients().get(clientId).roles().get("client-role").toRepresentation();
|
||||
RoleRepresentation clientComposite = realm.clients().get(clientId).roles().get("client-composite").toRepresentation();
|
||||
roles.clientLevel(clientId).add(Collections.singletonList(clientRole));
|
||||
roles.clientLevel(clientId).add(Collections.singletonList(clientComposite));
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientRole));
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientComposite));
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientRole), ResourceType.CLIENT_ROLE_MAPPING);
|
||||
assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientComposite), ResourceType.CLIENT_ROLE_MAPPING);
|
||||
|
||||
// List realm roles
|
||||
assertNames(roles.realmLevel().listAll(), "realm-role", "realm-composite");
|
||||
|
@ -448,13 +449,13 @@ public class GroupTest extends AbstractGroupTest {
|
|||
// Remove realm role
|
||||
RoleRepresentation realmRoleRep = realm.roles().get("realm-role").toRepresentation();
|
||||
roles.realmLevel().remove(Collections.singletonList(realmRoleRep));
|
||||
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupRolesRealmRolesPath(group.getId()), Collections.singletonList(realmRoleRep));
|
||||
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupRolesRealmRolesPath(group.getId()), Collections.singletonList(realmRoleRep), ResourceType.REALM_ROLE_MAPPING);
|
||||
assertNames(roles.realmLevel().listAll(), "realm-composite");
|
||||
|
||||
// Remove client role
|
||||
RoleRepresentation clientRoleRep = realm.clients().get(clientId).roles().get("client-role").toRepresentation();
|
||||
roles.clientLevel(clientId).remove(Collections.singletonList(clientRoleRep));
|
||||
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientRoleRep));
|
||||
assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientId), Collections.singletonList(clientRoleRep), ResourceType.CLIENT_ROLE_MAPPING);
|
||||
assertNames(roles.clientLevel(clientId).listAll(), "client-composite");
|
||||
}
|
||||
|
||||
|
|
|
@ -21,6 +21,7 @@ import org.junit.Before;
|
|||
import org.junit.Test;
|
||||
import org.keycloak.admin.client.resource.RolesResource;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
import org.keycloak.testsuite.Assert;
|
||||
|
@ -78,11 +79,11 @@ public class RealmRolesTest extends AbstractAdminTest {
|
|||
|
||||
resource = adminClient.realm(REALM_NAME).roles();
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role-a"), roleA);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role-b"), roleB);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role-a"), roleA, ResourceType.REALM_ROLE);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role-b"), roleB, ResourceType.REALM_ROLE);
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(clientUuid), clientRep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientUuid, "role-c"), roleC);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(clientUuid), clientRep, ResourceType.CLIENT);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientUuid, "role-c"), roleC, ResourceType.CLIENT_ROLE);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -102,7 +103,7 @@ public class RealmRolesTest extends AbstractAdminTest {
|
|||
role.setDescription("Role A New");
|
||||
|
||||
resource.get("role-a").update(role);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.roleResourcePath("role-a"), role);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.roleResourcePath("role-a"), role, ResourceType.REALM_ROLE);
|
||||
|
||||
role = resource.get("role-a-new").toRepresentation();
|
||||
|
||||
|
@ -116,7 +117,7 @@ public class RealmRolesTest extends AbstractAdminTest {
|
|||
public void deleteRole() {
|
||||
assertNotNull(resource.get("role-a"));
|
||||
resource.deleteRole("role-a");
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.roleResourcePath("role-a"));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.roleResourcePath("role-a"), ResourceType.REALM_ROLE);
|
||||
|
||||
try {
|
||||
resource.get("role-a").toRepresentation();
|
||||
|
@ -136,7 +137,7 @@ public class RealmRolesTest extends AbstractAdminTest {
|
|||
l.add(RoleBuilder.create().id(ids.get("role-c")).build());
|
||||
resource.get("role-a").addComposites(l);
|
||||
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourceCompositesPath("role-a"), l);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourceCompositesPath("role-a"), l, ResourceType.REALM_ROLE);
|
||||
|
||||
Set<RoleRepresentation> composites = resource.get("role-a").getRoleComposites();
|
||||
|
||||
|
@ -150,7 +151,7 @@ public class RealmRolesTest extends AbstractAdminTest {
|
|||
Assert.assertNames(clientComposites, "role-c");
|
||||
|
||||
resource.get("role-a").deleteComposites(l);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.roleResourceCompositesPath("role-a"), l);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.roleResourceCompositesPath("role-a"), l, ResourceType.REALM_ROLE);
|
||||
|
||||
assertFalse(resource.get("role-a").toRepresentation().isComposite());
|
||||
assertEquals(0, resource.get("role-a").getRoleComposites().size());
|
||||
|
|
|
@ -27,6 +27,7 @@ import org.keycloak.admin.client.resource.ServerInfoResource;
|
|||
import org.keycloak.common.util.StreamUtil;
|
||||
import org.keycloak.common.util.Time;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.representations.adapters.action.GlobalRequestResult;
|
||||
import org.keycloak.representations.adapters.action.PushNotBeforeAction;
|
||||
|
@ -213,7 +214,7 @@ public class RealmTest extends AbstractAdminTest {
|
|||
rep.setEditUsernameAllowed(true);
|
||||
|
||||
realm.update(rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM);
|
||||
|
||||
rep = realm.toRepresentation();
|
||||
|
||||
|
@ -230,7 +231,7 @@ public class RealmTest extends AbstractAdminTest {
|
|||
rep.setEditUsernameAllowed(false);
|
||||
|
||||
realm.update(rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM);
|
||||
|
||||
rep = realm.toRepresentation();
|
||||
assertEquals(Boolean.FALSE, rep.isRegistrationAllowed());
|
||||
|
@ -246,7 +247,7 @@ public class RealmTest extends AbstractAdminTest {
|
|||
rep.setSupportedLocales(new HashSet<>(Arrays.asList("en", "de")));
|
||||
|
||||
realm.update(rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM);
|
||||
|
||||
rep = realm.toRepresentation();
|
||||
|
||||
|
@ -258,7 +259,7 @@ public class RealmTest extends AbstractAdminTest {
|
|||
rep.setEditUsernameAllowed(false);
|
||||
|
||||
realm.update(rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM);
|
||||
|
||||
rep = realm.toRepresentation();
|
||||
assertEquals(Boolean.FALSE, rep.isEditUsernameAllowed());
|
||||
|
@ -282,7 +283,7 @@ public class RealmTest extends AbstractAdminTest {
|
|||
public void deleteDefaultRole() {
|
||||
RoleRepresentation role = new RoleRepresentation("test", "test", false);
|
||||
realm.roles().create(role);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("test"), role);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("test"), role, ResourceType.REALM_ROLE);
|
||||
|
||||
assertNotNull(realm.roles().get("test").toRepresentation());
|
||||
|
||||
|
@ -291,10 +292,10 @@ public class RealmTest extends AbstractAdminTest {
|
|||
rep.getDefaultRoles().add("test");
|
||||
|
||||
realm.update(rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM);
|
||||
|
||||
realm.roles().deleteRole("test");
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.roleResourcePath("test"));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.roleResourcePath("test"), ResourceType.REALM_ROLE);
|
||||
|
||||
try {
|
||||
realm.roles().get("testsadfsadf").toRepresentation();
|
||||
|
@ -425,7 +426,7 @@ public class RealmTest extends AbstractAdminTest {
|
|||
|
||||
rep.setPublicKey(PUBLIC_KEY);
|
||||
realm.update(rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM);
|
||||
|
||||
assertEquals(PUBLIC_KEY, rep.getPublicKey());
|
||||
|
||||
|
@ -460,7 +461,7 @@ public class RealmTest extends AbstractAdminTest {
|
|||
rep.setPublicKey(publicKey2048);
|
||||
|
||||
realm.update(rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM);
|
||||
|
||||
Assert.assertEquals(publicKey2048, realm.toRepresentation().getPublicKey());
|
||||
|
||||
|
@ -470,7 +471,7 @@ public class RealmTest extends AbstractAdminTest {
|
|||
rep.setPublicKey(publicKey4096);
|
||||
|
||||
realm.update(rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM);
|
||||
|
||||
Assert.assertEquals(publicKey4096, realm.toRepresentation().getPublicKey());
|
||||
}
|
||||
|
@ -481,7 +482,7 @@ public class RealmTest extends AbstractAdminTest {
|
|||
rep.setCertificate(CERTIFICATE);
|
||||
|
||||
realm.update(rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM);
|
||||
|
||||
assertEquals(CERTIFICATE, rep.getCertificate());
|
||||
|
||||
|
@ -489,7 +490,7 @@ public class RealmTest extends AbstractAdminTest {
|
|||
rep.setCertificate(certificate);
|
||||
|
||||
realm.update(rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM);
|
||||
|
||||
assertEquals(certificate, realm.toRepresentation().getCertificate());
|
||||
|
||||
|
@ -520,7 +521,7 @@ public class RealmTest extends AbstractAdminTest {
|
|||
assertTrue(testingClient.testing().isCached("realms", realmRep.getId()));
|
||||
|
||||
realm.clearRealmCache();
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, "clear-realm-cache");
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, "clear-realm-cache", ResourceType.REALM);
|
||||
|
||||
assertFalse(testingClient.testing().isCached("realms", realmRep.getId()));
|
||||
}
|
||||
|
@ -532,14 +533,14 @@ public class RealmTest extends AbstractAdminTest {
|
|||
Response response = realm.users().create(user);
|
||||
String userId = ApiUtil.getCreatedId(response);
|
||||
response.close();
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(userId), user);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(userId), user, ResourceType.USER);
|
||||
|
||||
realm.users().get(userId).toRepresentation();
|
||||
|
||||
assertTrue(testingClient.testing().isCached("users", userId));
|
||||
|
||||
realm.clearUserCache();
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, "clear-user-cache");
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, "clear-user-cache", ResourceType.REALM);
|
||||
|
||||
assertFalse(testingClient.testing().isCached("users", userId));
|
||||
}
|
||||
|
@ -553,10 +554,10 @@ public class RealmTest extends AbstractAdminTest {
|
|||
RealmRepresentation rep = realm.toRepresentation();
|
||||
rep.setNotBefore(time);
|
||||
realm.update(rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM);
|
||||
|
||||
GlobalRequestResult globalRequestResult = realm.pushRevocation();
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, "push-revocation", globalRequestResult);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, "push-revocation", globalRequestResult, ResourceType.REALM);
|
||||
|
||||
assertEquals(1, globalRequestResult.getSuccessRequests().size());
|
||||
assertEquals("http://localhost:8180/auth/realms/master/app/admin", globalRequestResult.getSuccessRequests().get(0));
|
||||
|
@ -573,15 +574,15 @@ public class RealmTest extends AbstractAdminTest {
|
|||
Response response = realm.users().create(UserBuilder.create().username("user").build());
|
||||
String userId = ApiUtil.getCreatedId(response);
|
||||
response.close();
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(userId));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(userId), ResourceType.USER);
|
||||
|
||||
realm.users().get(userId).resetPassword(CredentialBuilder.create().password("password").build());
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResetPasswordPath(userId));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResetPasswordPath(userId), ResourceType.USER);
|
||||
|
||||
oauth.doLogin("user", "password");
|
||||
|
||||
GlobalRequestResult globalRequestResult = realm.logoutAll();
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, "logout-all", globalRequestResult);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, "logout-all", globalRequestResult, ResourceType.REALM);
|
||||
|
||||
assertEquals(1, globalRequestResult.getSuccessRequests().size());
|
||||
assertEquals("http://localhost:8180/auth/realms/master/app/admin", globalRequestResult.getSuccessRequests().get(0));
|
||||
|
@ -602,7 +603,7 @@ public class RealmTest extends AbstractAdminTest {
|
|||
assertNotNull(event);
|
||||
|
||||
realm.deleteSession(event.getSessionId());
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.deleteSessionPath(event.getSessionId()));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.deleteSessionPath(event.getSessionId()), ResourceType.USER_SESSION);
|
||||
try {
|
||||
realm.deleteSession(event.getSessionId());
|
||||
fail("Expected 404");
|
||||
|
@ -649,7 +650,7 @@ public class RealmTest extends AbstractAdminTest {
|
|||
Response resp = realm.clients().create(client);
|
||||
String clientDbId = ApiUtil.getCreatedId(resp);
|
||||
resp.close();
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(clientDbId), client);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(clientDbId), client, ResourceType.CLIENT);
|
||||
|
||||
oauth.realm(REALM_NAME);
|
||||
oauth.redirectUri(redirectUri);
|
||||
|
@ -658,10 +659,10 @@ public class RealmTest extends AbstractAdminTest {
|
|||
Response response = realm.users().create(userRep);
|
||||
String userId = ApiUtil.getCreatedId(response);
|
||||
response.close();
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(userId), userRep);
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(userId), userRep, ResourceType.USER);
|
||||
|
||||
realm.users().get(userId).resetPassword(CredentialBuilder.create().password("password").build());
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResetPasswordPath(userId));
|
||||
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResetPasswordPath(userId), ResourceType.USER);
|
||||
|
||||
testingClient.testApp().clearAdminActions();
|
||||
}
|
||||
|
|
|
@ -78,7 +78,7 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest {
|
|||
public void authorizationRequest() throws IOException {
|
||||
oauth.state("OpenIdConnect.AuthenticationProperties=2302984sdlk");
|
||||
|
||||
OAuthClient.AuthorizationCodeResponse response = oauth.doLogin("test-user@localhost", "password");
|
||||
OAuthClient.AuthorizationEndpointResponse response = oauth.doLogin("test-user@localhost", "password");
|
||||
|
||||
Assert.assertTrue(response.isRedirected());
|
||||
Assert.assertNotNull(response.getCode());
|
||||
|
@ -116,7 +116,7 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest {
|
|||
|
||||
oauth.state("mystate");
|
||||
|
||||
OAuthClient.AuthorizationCodeResponse response = oauth.doLogin("test-user@localhost", "password");
|
||||
OAuthClient.AuthorizationEndpointResponse response = oauth.doLogin("test-user@localhost", "password");
|
||||
|
||||
Assert.assertTrue(response.isRedirected());
|
||||
Assert.assertNotNull(response.getCode());
|
||||
|
@ -131,7 +131,7 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest {
|
|||
public void authorizationRequestNoState() throws IOException {
|
||||
oauth.state(null);
|
||||
|
||||
OAuthClient.AuthorizationCodeResponse response = oauth.doLogin("test-user@localhost", "password");
|
||||
OAuthClient.AuthorizationEndpointResponse response = oauth.doLogin("test-user@localhost", "password");
|
||||
|
||||
Assert.assertTrue(response.isRedirected());
|
||||
Assert.assertNotNull(response.getCode());
|
||||
|
@ -150,7 +150,7 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest {
|
|||
UriBuilder b = UriBuilder.fromUri(oauth.getLoginFormUrl());
|
||||
driver.navigate().to(b.build().toURL());
|
||||
|
||||
OAuthClient.AuthorizationCodeResponse errorResponse = new OAuthClient.AuthorizationCodeResponse(oauth, true);
|
||||
OAuthClient.AuthorizationEndpointResponse errorResponse = new OAuthClient.AuthorizationEndpointResponse(oauth, true);
|
||||
Assert.assertTrue(errorResponse.isRedirected());
|
||||
Assert.assertEquals(errorResponse.getError(), OAuthErrorException.UNSUPPORTED_RESPONSE_TYPE);
|
||||
Assert.assertEquals(errorResponse.getErrorDescription(), "Client is not allowed to initiate browser login with given response_type. Implicit flow is disabled for the client.");
|
||||
|
@ -164,7 +164,7 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest {
|
|||
UriBuilder b = UriBuilder.fromUri(oauth.getLoginFormUrl());
|
||||
driver.navigate().to(b.build().toURL());
|
||||
|
||||
OAuthClient.AuthorizationCodeResponse errorResponse = new OAuthClient.AuthorizationCodeResponse(oauth);
|
||||
OAuthClient.AuthorizationEndpointResponse errorResponse = new OAuthClient.AuthorizationEndpointResponse(oauth);
|
||||
Assert.assertTrue(errorResponse.isRedirected());
|
||||
Assert.assertEquals(errorResponse.getError(), OAuthErrorException.INVALID_REQUEST);
|
||||
|
||||
|
@ -177,7 +177,7 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest {
|
|||
UriBuilder b = UriBuilder.fromUri(oauth.getLoginFormUrl());
|
||||
driver.navigate().to(b.build().toURL());
|
||||
|
||||
OAuthClient.AuthorizationCodeResponse errorResponse = new OAuthClient.AuthorizationCodeResponse(oauth);
|
||||
OAuthClient.AuthorizationEndpointResponse errorResponse = new OAuthClient.AuthorizationEndpointResponse(oauth);
|
||||
Assert.assertTrue(errorResponse.isRedirected());
|
||||
Assert.assertEquals(errorResponse.getError(), OAuthErrorException.UNSUPPORTED_RESPONSE_TYPE);
|
||||
|
||||
|
|
|
@ -154,7 +154,7 @@ public class OAuthRedirectUriTest extends AbstractKeycloakTest {
|
|||
@Test
|
||||
public void testValid() throws IOException {
|
||||
oauth.redirectUri(APP_ROOT + "/auth");
|
||||
OAuthClient.AuthorizationCodeResponse response = oauth.doLogin("test-user@localhost", "password");
|
||||
OAuthClient.AuthorizationEndpointResponse response = oauth.doLogin("test-user@localhost", "password");
|
||||
|
||||
Assert.assertNotNull(response.getCode());
|
||||
URL url = new URL(driver.getCurrentUrl());
|
||||
|
@ -175,7 +175,7 @@ public class OAuthRedirectUriTest extends AbstractKeycloakTest {
|
|||
@Test
|
||||
public void testWithParams() throws IOException {
|
||||
oauth.redirectUri(APP_ROOT + "/auth?key=value");
|
||||
OAuthClient.AuthorizationCodeResponse response = oauth.doLogin("test-user@localhost", "password");
|
||||
OAuthClient.AuthorizationEndpointResponse response = oauth.doLogin("test-user@localhost", "password");
|
||||
|
||||
Assert.assertNotNull(response.getCode());
|
||||
URL url = new URL(driver.getCurrentUrl());
|
||||
|
|
|
@ -47,7 +47,7 @@ import static org.junit.Assert.assertFalse;
|
|||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
/**
|
||||
* Test for supporting advanced parameters of OIDC specs (max_age, nonce, prompt, ...)
|
||||
* Test for supporting advanced parameters of OIDC specs (max_age, prompt, ...)
|
||||
*
|
||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||
*/
|
||||
|
@ -169,7 +169,7 @@ public class OIDCAdvancedRequestParamsTest extends TestRealmKeycloakTest {
|
|||
events.assertEmpty();
|
||||
|
||||
// Assert error response was sent because not logged in
|
||||
OAuthClient.AuthorizationCodeResponse resp = new OAuthClient.AuthorizationCodeResponse(oauth);
|
||||
OAuthClient.AuthorizationEndpointResponse resp = new OAuthClient.AuthorizationEndpointResponse(oauth);
|
||||
Assert.assertNull(resp.getCode());
|
||||
Assert.assertEquals(OAuthErrorException.LOGIN_REQUIRED, resp.getError());
|
||||
|
||||
|
@ -224,7 +224,7 @@ public class OIDCAdvancedRequestParamsTest extends TestRealmKeycloakTest {
|
|||
assertTrue(appPage.isCurrent());
|
||||
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
|
||||
|
||||
OAuthClient.AuthorizationCodeResponse resp = new OAuthClient.AuthorizationCodeResponse(oauth);
|
||||
OAuthClient.AuthorizationEndpointResponse resp = new OAuthClient.AuthorizationEndpointResponse(oauth);
|
||||
Assert.assertNull(resp.getCode());
|
||||
Assert.assertEquals(OAuthErrorException.INTERACTION_REQUIRED, resp.getError());
|
||||
|
||||
|
@ -242,7 +242,7 @@ public class OIDCAdvancedRequestParamsTest extends TestRealmKeycloakTest {
|
|||
driver.navigate().to(oauth.getLoginFormUrl() + "&prompt=none");
|
||||
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
|
||||
|
||||
resp = new OAuthClient.AuthorizationCodeResponse(oauth);
|
||||
resp = new OAuthClient.AuthorizationEndpointResponse(oauth);
|
||||
Assert.assertNotNull(resp.getCode());
|
||||
Assert.assertNull(resp.getError());
|
||||
|
||||
|
@ -289,37 +289,6 @@ public class OIDCAdvancedRequestParamsTest extends TestRealmKeycloakTest {
|
|||
|
||||
}
|
||||
|
||||
|
||||
// NONCE
|
||||
|
||||
@Test
|
||||
public void nonceNotUsed() {
|
||||
driver.navigate().to(oauth.getLoginFormUrl());
|
||||
|
||||
loginPage.assertCurrent();
|
||||
loginPage.login("test-user@localhost", "password");
|
||||
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
|
||||
|
||||
EventRepresentation loginEvent = events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
|
||||
IDToken idToken = sendTokenRequestAndGetIDToken(loginEvent);
|
||||
|
||||
Assert.assertNull(idToken.getNonce());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void nonceMatches() {
|
||||
driver.navigate().to(oauth.getLoginFormUrl() + "&nonce=abcdef123456");
|
||||
|
||||
loginPage.assertCurrent();
|
||||
loginPage.login("test-user@localhost", "password");
|
||||
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
|
||||
|
||||
EventRepresentation loginEvent = events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
|
||||
IDToken idToken = sendTokenRequestAndGetIDToken(loginEvent);
|
||||
|
||||
Assert.assertEquals("abcdef123456", idToken.getNonce());
|
||||
}
|
||||
|
||||
// DISPLAY & OTHERS
|
||||
|
||||
@Test
|
||||
|
@ -346,7 +315,7 @@ public class OIDCAdvancedRequestParamsTest extends TestRealmKeycloakTest {
|
|||
assertTrue(appPage.isCurrent());
|
||||
|
||||
// Assert error response was sent because not logged in
|
||||
OAuthClient.AuthorizationCodeResponse resp = new OAuthClient.AuthorizationCodeResponse(oauth);
|
||||
OAuthClient.AuthorizationEndpointResponse resp = new OAuthClient.AuthorizationEndpointResponse(oauth);
|
||||
Assert.assertNull(resp.getCode());
|
||||
Assert.assertEquals(OAuthErrorException.REQUEST_NOT_SUPPORTED, resp.getError());
|
||||
}
|
||||
|
@ -359,7 +328,7 @@ public class OIDCAdvancedRequestParamsTest extends TestRealmKeycloakTest {
|
|||
assertTrue(appPage.isCurrent());
|
||||
|
||||
// Assert error response was sent because not logged in
|
||||
OAuthClient.AuthorizationCodeResponse resp = new OAuthClient.AuthorizationCodeResponse(oauth);
|
||||
OAuthClient.AuthorizationEndpointResponse resp = new OAuthClient.AuthorizationEndpointResponse(oauth);
|
||||
Assert.assertNull(resp.getCode());
|
||||
Assert.assertEquals(OAuthErrorException.REQUEST_URI_NOT_SUPPORTED, resp.getError());
|
||||
}
|
||||
|
|
|
@ -0,0 +1,123 @@
|
|||
/*
|
||||
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.keycloak.testsuite.oidc.resptype;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.jboss.arquillian.graphene.page.Page;
|
||||
import org.junit.Rule;
|
||||
import org.keycloak.OAuthErrorException;
|
||||
import org.keycloak.events.Details;
|
||||
import org.keycloak.representations.IDToken;
|
||||
import org.keycloak.representations.idm.EventRepresentation;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.testsuite.Assert;
|
||||
import org.keycloak.testsuite.AssertEvents;
|
||||
import org.keycloak.testsuite.TestRealmKeycloakTest;
|
||||
import org.keycloak.testsuite.admin.AbstractAdminTest;
|
||||
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
|
||||
import org.keycloak.testsuite.pages.AppPage;
|
||||
import org.keycloak.testsuite.pages.LoginPage;
|
||||
import org.keycloak.testsuite.pages.OAuthGrantPage;
|
||||
import org.keycloak.testsuite.util.OAuthClient;
|
||||
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
/**
|
||||
* Abstract test for various values of response_type
|
||||
*
|
||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||
*/
|
||||
public abstract class AbstractOIDCResponseTypeTest extends TestRealmKeycloakTest {
|
||||
|
||||
@Rule
|
||||
public AssertEvents events = new AssertEvents(this);
|
||||
|
||||
@Page
|
||||
protected AppPage appPage;
|
||||
|
||||
@Page
|
||||
protected LoginPage loginPage;
|
||||
|
||||
@Page
|
||||
protected AccountUpdateProfilePage profilePage;
|
||||
|
||||
@Page
|
||||
protected OAuthGrantPage grantPage;
|
||||
|
||||
@Override
|
||||
public void configureTestRealm(RealmRepresentation testRealm) {
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
||||
RealmRepresentation realm = AbstractAdminTest.loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class);
|
||||
testRealms.add(realm);
|
||||
}
|
||||
|
||||
|
||||
protected void nonceMatches() {
|
||||
driver.navigate().to(oauth.getLoginFormUrl() + "&nonce=abcdef123456");
|
||||
|
||||
loginPage.assertCurrent();
|
||||
loginPage.login("test-user@localhost", "password");
|
||||
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
|
||||
|
||||
EventRepresentation loginEvent = events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
|
||||
List<IDToken> idTokens = retrieveIDTokens(loginEvent);
|
||||
|
||||
for (IDToken idToken : idTokens) {
|
||||
Assert.assertEquals("abcdef123456", idToken.getNonce());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
protected void nonceNotUsed() {
|
||||
driver.navigate().to(oauth.getLoginFormUrl());
|
||||
|
||||
loginPage.assertCurrent();
|
||||
loginPage.login("test-user@localhost", "password");
|
||||
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
|
||||
|
||||
EventRepresentation loginEvent = events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
|
||||
|
||||
List<IDToken> idTokens = retrieveIDTokens(loginEvent);
|
||||
for (IDToken idToken : idTokens) {
|
||||
Assert.assertNull(idToken.getNonce());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
protected void nonceNotUsedErrorExpected() {
|
||||
driver.navigate().to(oauth.getLoginFormUrl());
|
||||
|
||||
assertFalse(loginPage.isCurrent());
|
||||
assertTrue(appPage.isCurrent());
|
||||
|
||||
// Assert error response was sent because not logged in
|
||||
OAuthClient.AuthorizationEndpointResponse resp = new OAuthClient.AuthorizationEndpointResponse(oauth);
|
||||
Assert.assertNull(resp.getCode());
|
||||
Assert.assertNull(resp.getIdToken());
|
||||
Assert.assertEquals(OAuthErrorException.INVALID_REQUEST, resp.getError());
|
||||
Assert.assertEquals("Missing parameter: nonce", resp.getErrorDescription());
|
||||
}
|
||||
|
||||
protected abstract List<IDToken> retrieveIDTokens(EventRepresentation loginEvent);
|
||||
}
|
|
@ -0,0 +1,72 @@
|
|||
/*
|
||||
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.keycloak.testsuite.oidc.resptype;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.events.Details;
|
||||
import org.keycloak.protocol.oidc.utils.OIDCResponseType;
|
||||
import org.keycloak.representations.IDToken;
|
||||
import org.keycloak.representations.idm.EventRepresentation;
|
||||
import org.keycloak.testsuite.Assert;
|
||||
import org.keycloak.testsuite.util.ClientManager;
|
||||
import org.keycloak.testsuite.util.OAuthClient;
|
||||
|
||||
/**
|
||||
* Test for response_type=code
|
||||
*
|
||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||
*/
|
||||
public class OIDCBasicResponseTypeCodeTest extends AbstractOIDCResponseTypeTest {
|
||||
|
||||
@Before
|
||||
public void clientConfiguration() {
|
||||
ClientManager.realm(adminClient.realm("test")).clientId("test-app").standardFlow(true).implicitFlow(false);
|
||||
|
||||
oauth.clientId("test-app");
|
||||
oauth.responseType(OIDCResponseType.CODE);
|
||||
}
|
||||
|
||||
|
||||
protected List<IDToken> retrieveIDTokens(EventRepresentation loginEvent) {
|
||||
Assert.assertEquals(OIDCResponseType.CODE, loginEvent.getDetails().get(Details.RESPONSE_TYPE));
|
||||
|
||||
OAuthClient.AuthorizationEndpointResponse authzResponse = new OAuthClient.AuthorizationEndpointResponse(oauth, false);
|
||||
Assert.assertNull(authzResponse.getAccessToken());
|
||||
Assert.assertNull(authzResponse.getIdToken());
|
||||
|
||||
IDToken idToken = sendTokenRequestAndGetIDToken(loginEvent);
|
||||
|
||||
return Collections.singletonList(idToken);
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void nonceNotUsed() {
|
||||
super.nonceNotUsed();
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void nonceMatches() {
|
||||
super.nonceMatches();
|
||||
}
|
||||
}
|
|
@ -0,0 +1,76 @@
|
|||
/*
|
||||
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.keycloak.testsuite.oidc.resptype;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.events.Details;
|
||||
import org.keycloak.protocol.oidc.utils.OIDCResponseType;
|
||||
import org.keycloak.representations.IDToken;
|
||||
import org.keycloak.representations.idm.EventRepresentation;
|
||||
import org.keycloak.testsuite.Assert;
|
||||
import org.keycloak.testsuite.util.ClientManager;
|
||||
import org.keycloak.testsuite.util.OAuthClient;
|
||||
|
||||
/**
|
||||
* Tests with response_type=code id_token
|
||||
*
|
||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||
*/
|
||||
public class OIDCHybridResponseTypeCodeIDTokenTest extends AbstractOIDCResponseTypeTest {
|
||||
|
||||
@Before
|
||||
public void clientConfiguration() {
|
||||
ClientManager.realm(adminClient.realm("test")).clientId("test-app").standardFlow(true).implicitFlow(true);
|
||||
|
||||
oauth.clientId("test-app");
|
||||
oauth.responseType(OIDCResponseType.CODE + " " + OIDCResponseType.ID_TOKEN);
|
||||
}
|
||||
|
||||
|
||||
protected List<IDToken> retrieveIDTokens(EventRepresentation loginEvent) {
|
||||
Assert.assertEquals(OIDCResponseType.CODE + " " + OIDCResponseType.ID_TOKEN, loginEvent.getDetails().get(Details.RESPONSE_TYPE));
|
||||
|
||||
// IDToken from the authorization response
|
||||
OAuthClient.AuthorizationEndpointResponse authzResponse = new OAuthClient.AuthorizationEndpointResponse(oauth, true);
|
||||
Assert.assertNull(authzResponse.getAccessToken());
|
||||
String idTokenStr = authzResponse.getIdToken();
|
||||
IDToken idToken = oauth.verifyIDToken(idTokenStr);
|
||||
|
||||
// IDToken exchanged for the code
|
||||
IDToken idToken2 = sendTokenRequestAndGetIDToken(loginEvent);
|
||||
|
||||
return Arrays.asList(idToken, idToken2);
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void nonceNotUsedErrorExpected() {
|
||||
super.nonceNotUsedErrorExpected();
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void nonceMatches() {
|
||||
super.nonceMatches();
|
||||
}
|
||||
}
|
|
@ -0,0 +1,72 @@
|
|||
/*
|
||||
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.keycloak.testsuite.oidc.resptype;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.events.Details;
|
||||
import org.keycloak.protocol.oidc.utils.OIDCResponseType;
|
||||
import org.keycloak.representations.IDToken;
|
||||
import org.keycloak.representations.idm.EventRepresentation;
|
||||
import org.keycloak.testsuite.Assert;
|
||||
import org.keycloak.testsuite.util.ClientManager;
|
||||
import org.keycloak.testsuite.util.OAuthClient;
|
||||
|
||||
/**
|
||||
* Tests with response_type=id_token
|
||||
*
|
||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||
*/
|
||||
public class OIDCImplicitResponseTypeIDTokenTest extends AbstractOIDCResponseTypeTest {
|
||||
|
||||
@Before
|
||||
public void clientConfiguration() {
|
||||
ClientManager.realm(adminClient.realm("test")).clientId("test-app").standardFlow(false).implicitFlow(true);
|
||||
|
||||
oauth.clientId("test-app");
|
||||
oauth.responseType(OIDCResponseType.ID_TOKEN);
|
||||
}
|
||||
|
||||
|
||||
protected List<IDToken> retrieveIDTokens(EventRepresentation loginEvent) {
|
||||
Assert.assertEquals(OIDCResponseType.ID_TOKEN, loginEvent.getDetails().get(Details.RESPONSE_TYPE));
|
||||
|
||||
OAuthClient.AuthorizationEndpointResponse authzResponse = new OAuthClient.AuthorizationEndpointResponse(oauth, true);
|
||||
Assert.assertNull(authzResponse.getAccessToken());
|
||||
String idTokenStr = authzResponse.getIdToken();
|
||||
IDToken idToken = oauth.verifyIDToken(idTokenStr);
|
||||
|
||||
return Collections.singletonList(idToken);
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void nonceNotUsedErrorExpected() {
|
||||
super.nonceNotUsedErrorExpected();
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void nonceMatches() {
|
||||
super.nonceMatches();
|
||||
}
|
||||
|
||||
}
|
|
@ -38,6 +38,7 @@ import org.junit.runners.model.Statement;
|
|||
import org.keycloak.common.util.ObjectUtil;
|
||||
import org.keycloak.common.util.reflections.Reflections;
|
||||
import org.keycloak.events.admin.OperationType;
|
||||
import org.keycloak.events.admin.ResourceType;
|
||||
import org.keycloak.jose.jws.JWSInput;
|
||||
import org.keycloak.jose.jws.JWSInputException;
|
||||
import org.keycloak.representations.AccessToken;
|
||||
|
@ -106,22 +107,23 @@ public class AssertAdminEvents implements TestRule {
|
|||
|
||||
|
||||
|
||||
public AdminEventRepresentation assertEvent(String realmId, OperationType operationType, String resourcePath) {
|
||||
return assertEvent(realmId, operationType, resourcePath, null);
|
||||
public AdminEventRepresentation assertEvent(String realmId, OperationType operationType, String resourcePath, ResourceType resourceType) {
|
||||
return assertEvent(realmId, operationType, resourcePath, null, resourceType);
|
||||
}
|
||||
|
||||
public AdminEventRepresentation assertEvent(String realmId, OperationType operationType, Matcher<String> resourcePath) {
|
||||
return assertEvent(realmId, operationType, resourcePath, null);
|
||||
public AdminEventRepresentation assertEvent(String realmId, OperationType operationType, Matcher<String> resourcePath, ResourceType resourceType) {
|
||||
return assertEvent(realmId, operationType, resourcePath, null, resourceType);
|
||||
}
|
||||
|
||||
public AdminEventRepresentation assertEvent(String realmId, OperationType operationType, String resourcePath, Object representation) {
|
||||
return assertEvent(realmId, operationType, Matchers.equalTo(resourcePath), representation);
|
||||
public AdminEventRepresentation assertEvent(String realmId, OperationType operationType, String resourcePath, Object representation, ResourceType resourceType) {
|
||||
return assertEvent(realmId, operationType, Matchers.equalTo(resourcePath), representation, resourceType);
|
||||
}
|
||||
|
||||
public AdminEventRepresentation assertEvent(String realmId, OperationType operationType, Matcher<String> resourcePath, Object representation) {
|
||||
public AdminEventRepresentation assertEvent(String realmId, OperationType operationType, Matcher<String> resourcePath, Object representation, ResourceType resourceType) {
|
||||
return expect().realmId(realmId)
|
||||
.operationType(operationType)
|
||||
.resourcePath(resourcePath)
|
||||
.resourceType(resourceType)
|
||||
.representation(representation)
|
||||
.assertEvent();
|
||||
}
|
||||
|
@ -132,6 +134,7 @@ public class AssertAdminEvents implements TestRule {
|
|||
|
||||
private AdminEventRepresentation expected = new AdminEventRepresentation();
|
||||
private Matcher<String> resourcePath;
|
||||
private ResourceType resourceType;
|
||||
private Object expectedRep;
|
||||
|
||||
public ExpectedAdminEvent realmId(String realmId) {
|
||||
|
@ -158,6 +161,11 @@ public class AssertAdminEvents implements TestRule {
|
|||
return this;
|
||||
}
|
||||
|
||||
public ExpectedAdminEvent resourceType(ResourceType resourceType){
|
||||
expected.setResourceType(resourceType.toString());
|
||||
return this;
|
||||
}
|
||||
|
||||
public ExpectedAdminEvent error(String error) {
|
||||
expected.setError(error);
|
||||
updateOperationTypeIfError();
|
||||
|
@ -191,6 +199,7 @@ public class AssertAdminEvents implements TestRule {
|
|||
public AdminEventRepresentation assertEvent(AdminEventRepresentation actual) {
|
||||
Assert.assertEquals(expected.getRealmId(), actual.getRealmId());
|
||||
Assert.assertThat(actual.getResourcePath(), resourcePath);
|
||||
Assert.assertEquals(expected.getResourceType(), actual.getResourceType());
|
||||
Assert.assertEquals(expected.getOperationType(), actual.getOperationType());
|
||||
|
||||
Assert.assertTrue(ObjectUtil.isEqualOrBothNull(expected.getError(), actual.getError()));
|
||||
|
|
|
@ -67,6 +67,20 @@ public class ClientManager {
|
|||
clientResource.update(app);
|
||||
}
|
||||
|
||||
public ClientManagerBuilder standardFlow(Boolean enable) {
|
||||
ClientRepresentation app = clientResource.toRepresentation();
|
||||
app.setStandardFlowEnabled(enable);
|
||||
clientResource.update(app);
|
||||
return this;
|
||||
}
|
||||
|
||||
public ClientManagerBuilder implicitFlow(Boolean enable) {
|
||||
ClientRepresentation app = clientResource.toRepresentation();
|
||||
app.setImplicitFlowEnabled(enable);
|
||||
clientResource.update(app);
|
||||
return this;
|
||||
}
|
||||
|
||||
public void fullScopeAllowed(boolean enable) {
|
||||
ClientRepresentation app = clientResource.toRepresentation();
|
||||
app.setFullScopeAllowed(enable);
|
||||
|
|
|
@ -56,6 +56,9 @@ log4j.logger.org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory=${
|
|||
# Enable to view hibernate statistics
|
||||
log4j.logger.org.keycloak.connections.jpa.HibernateStatsReporter=debug
|
||||
|
||||
# Enable to view ldap logging
|
||||
# log4j.logger.org.keycloak.federation.ldap=trace
|
||||
|
||||
# Enable to view kerberos/spnego logging
|
||||
# log4j.logger.org.keycloak.federation.kerberos=trace
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
<div class="row">
|
||||
<div class="col-md-10">
|
||||
<h2>${msg("editAccountHtmlTtile")}</h2>
|
||||
<h2>${msg("editAccountHtmlTitle")}</h2>
|
||||
</div>
|
||||
<div class="col-md-2 subtitle">
|
||||
<span class="subtitle"><span class="required">*</span> ${msg("requiredFields")}</span>
|
||||
|
|
|
@ -5,7 +5,7 @@ doRemove=Elimina
|
|||
doAdd=Afegeix
|
||||
doSignOut=Desconnectar
|
||||
|
||||
editAccountHtmlTtile=Edita compte
|
||||
editAccountHtmlTitle=Edita compte
|
||||
federatedIdentitiesHtmlTitle=Identitats federades
|
||||
accountLogHtmlTitle=Registre del compte
|
||||
changePasswordHtmlTitle=Canvia contrasenya
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue