Merge pull request #2786 from stianst/master
KEYCLOAK-2865 Extend coverage of client admin endpoints
This commit is contained in:
commit
f4d751c839
12 changed files with 227 additions and 41 deletions
|
@ -113,7 +113,8 @@ public interface ClientResource {
|
||||||
|
|
||||||
@POST
|
@POST
|
||||||
@Path("push-revocation")
|
@Path("push-revocation")
|
||||||
public void pushRevocation();
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
void pushRevocation();
|
||||||
|
|
||||||
@Path("/scope-mappings")
|
@Path("/scope-mappings")
|
||||||
public RoleMappingResource getScopeMappings();
|
public RoleMappingResource getScopeMappings();
|
||||||
|
@ -138,6 +139,7 @@ public interface ClientResource {
|
||||||
|
|
||||||
@Path("test-nodes-available")
|
@Path("test-nodes-available")
|
||||||
@GET
|
@GET
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
GlobalRequestResult testNodesAvailable();
|
GlobalRequestResult testNodesAvailable();
|
||||||
|
|
||||||
}
|
}
|
|
@ -324,6 +324,7 @@ public class ClientResource {
|
||||||
*/
|
*/
|
||||||
@Path("push-revocation")
|
@Path("push-revocation")
|
||||||
@POST
|
@POST
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
public GlobalRequestResult pushRevocation() {
|
public GlobalRequestResult pushRevocation() {
|
||||||
auth.requireManage();
|
auth.requireManage();
|
||||||
|
|
||||||
|
@ -522,6 +523,7 @@ public class ClientResource {
|
||||||
@Path("test-nodes-available")
|
@Path("test-nodes-available")
|
||||||
@GET
|
@GET
|
||||||
@NoCache
|
@NoCache
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
public GlobalRequestResult testNodesAvailable() {
|
public GlobalRequestResult testNodesAvailable() {
|
||||||
auth.requireManage();
|
auth.requireManage();
|
||||||
|
|
||||||
|
|
|
@ -22,6 +22,7 @@ import org.keycloak.jose.jws.JWSInputException;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.representations.adapters.action.LogoutAction;
|
import org.keycloak.representations.adapters.action.LogoutAction;
|
||||||
import org.keycloak.representations.adapters.action.PushNotBeforeAction;
|
import org.keycloak.representations.adapters.action.PushNotBeforeAction;
|
||||||
|
import org.keycloak.representations.adapters.action.TestAvailabilityAction;
|
||||||
import org.keycloak.services.resource.RealmResourceProvider;
|
import org.keycloak.services.resource.RealmResourceProvider;
|
||||||
import org.keycloak.services.resources.RealmsResource;
|
import org.keycloak.services.resources.RealmsResource;
|
||||||
import org.keycloak.testsuite.events.EventsListenerProvider;
|
import org.keycloak.testsuite.events.EventsListenerProvider;
|
||||||
|
@ -48,12 +49,15 @@ public class TestApplicationResourceProvider implements RealmResourceProvider {
|
||||||
|
|
||||||
private final BlockingQueue<LogoutAction> adminLogoutActions;
|
private final BlockingQueue<LogoutAction> adminLogoutActions;
|
||||||
private final BlockingQueue<PushNotBeforeAction> adminPushNotBeforeActions;
|
private final BlockingQueue<PushNotBeforeAction> adminPushNotBeforeActions;
|
||||||
|
private final BlockingQueue<TestAvailabilityAction> adminTestAvailabilityAction;
|
||||||
|
|
||||||
public TestApplicationResourceProvider(KeycloakSession session, BlockingQueue<LogoutAction> adminLogoutActions,
|
public TestApplicationResourceProvider(KeycloakSession session, BlockingQueue<LogoutAction> adminLogoutActions,
|
||||||
BlockingQueue<PushNotBeforeAction> adminPushNotBeforeActions) {
|
BlockingQueue<PushNotBeforeAction> adminPushNotBeforeActions,
|
||||||
|
BlockingQueue<TestAvailabilityAction> adminTestAvailabilityAction) {
|
||||||
this.session = session;
|
this.session = session;
|
||||||
this.adminLogoutActions = adminLogoutActions;
|
this.adminLogoutActions = adminLogoutActions;
|
||||||
this.adminPushNotBeforeActions = adminPushNotBeforeActions;
|
this.adminPushNotBeforeActions = adminPushNotBeforeActions;
|
||||||
|
this.adminTestAvailabilityAction = adminTestAvailabilityAction;
|
||||||
}
|
}
|
||||||
|
|
||||||
@POST
|
@POST
|
||||||
|
@ -70,6 +74,13 @@ public class TestApplicationResourceProvider implements RealmResourceProvider {
|
||||||
adminPushNotBeforeActions.add(new JWSInput(data).readJsonContent(PushNotBeforeAction.class));
|
adminPushNotBeforeActions.add(new JWSInput(data).readJsonContent(PushNotBeforeAction.class));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@POST
|
||||||
|
@Consumes(MediaType.TEXT_PLAIN)
|
||||||
|
@Path("/admin/k_test_available")
|
||||||
|
public void testAvailable(String data) throws JWSInputException {
|
||||||
|
adminTestAvailabilityAction.add(new JWSInput(data).readJsonContent(TestAvailabilityAction.class));
|
||||||
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@Path("/poll-admin-logout")
|
@Path("/poll-admin-logout")
|
||||||
|
@ -84,6 +95,13 @@ public class TestApplicationResourceProvider implements RealmResourceProvider {
|
||||||
return adminPushNotBeforeActions.poll(10, TimeUnit.SECONDS);
|
return adminPushNotBeforeActions.poll(10, TimeUnit.SECONDS);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@GET
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
@Path("/poll-test-available")
|
||||||
|
public TestAvailabilityAction getTestAvailable() throws InterruptedException {
|
||||||
|
return adminTestAvailabilityAction.poll(10, TimeUnit.SECONDS);
|
||||||
|
}
|
||||||
|
|
||||||
@POST
|
@POST
|
||||||
@Path("/clear-admin-actions")
|
@Path("/clear-admin-actions")
|
||||||
public Response clearAdminActions() {
|
public Response clearAdminActions() {
|
||||||
|
|
|
@ -24,6 +24,7 @@ import org.keycloak.models.KeycloakSessionFactory;
|
||||||
import org.keycloak.representations.adapters.action.AdminAction;
|
import org.keycloak.representations.adapters.action.AdminAction;
|
||||||
import org.keycloak.representations.adapters.action.LogoutAction;
|
import org.keycloak.representations.adapters.action.LogoutAction;
|
||||||
import org.keycloak.representations.adapters.action.PushNotBeforeAction;
|
import org.keycloak.representations.adapters.action.PushNotBeforeAction;
|
||||||
|
import org.keycloak.representations.adapters.action.TestAvailabilityAction;
|
||||||
import org.keycloak.services.resource.RealmResourceProvider;
|
import org.keycloak.services.resource.RealmResourceProvider;
|
||||||
import org.keycloak.services.resource.RealmResourceProviderFactory;
|
import org.keycloak.services.resource.RealmResourceProviderFactory;
|
||||||
|
|
||||||
|
@ -37,10 +38,11 @@ public class TestApplicationResourceProviderFactory implements RealmResourceProv
|
||||||
|
|
||||||
private BlockingQueue<LogoutAction> adminLogoutActions = new LinkedBlockingDeque<>();
|
private BlockingQueue<LogoutAction> adminLogoutActions = new LinkedBlockingDeque<>();
|
||||||
private BlockingQueue<PushNotBeforeAction> pushNotBeforeActions = new LinkedBlockingDeque<>();
|
private BlockingQueue<PushNotBeforeAction> pushNotBeforeActions = new LinkedBlockingDeque<>();
|
||||||
|
private BlockingQueue<TestAvailabilityAction> testAvailabilityActions = new LinkedBlockingDeque<>();
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public RealmResourceProvider create(KeycloakSession session) {
|
public RealmResourceProvider create(KeycloakSession session) {
|
||||||
return new TestApplicationResourceProvider(session, adminLogoutActions, pushNotBeforeActions);
|
return new TestApplicationResourceProvider(session, adminLogoutActions, pushNotBeforeActions, testAvailabilityActions);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -19,6 +19,7 @@ package org.keycloak.testsuite.client.resources;
|
||||||
|
|
||||||
import org.keycloak.representations.adapters.action.LogoutAction;
|
import org.keycloak.representations.adapters.action.LogoutAction;
|
||||||
import org.keycloak.representations.adapters.action.PushNotBeforeAction;
|
import org.keycloak.representations.adapters.action.PushNotBeforeAction;
|
||||||
|
import org.keycloak.representations.adapters.action.TestAvailabilityAction;
|
||||||
|
|
||||||
import javax.ws.rs.GET;
|
import javax.ws.rs.GET;
|
||||||
import javax.ws.rs.POST;
|
import javax.ws.rs.POST;
|
||||||
|
@ -43,6 +44,11 @@ public interface TestApplicationResource {
|
||||||
@Path("/poll-admin-not-before")
|
@Path("/poll-admin-not-before")
|
||||||
PushNotBeforeAction getAdminPushNotBefore();
|
PushNotBeforeAction getAdminPushNotBefore();
|
||||||
|
|
||||||
|
@GET
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
@Path("/poll-test-available")
|
||||||
|
TestAvailabilityAction getTestAvailable();
|
||||||
|
|
||||||
@POST
|
@POST
|
||||||
@Path("/clear-admin-actions")
|
@Path("/clear-admin-actions")
|
||||||
Response clearAdminActions();
|
Response clearAdminActions();
|
||||||
|
|
|
@ -72,17 +72,17 @@ public class OAuthClient {
|
||||||
|
|
||||||
private String baseUrl = AUTH_SERVER_ROOT;
|
private String baseUrl = AUTH_SERVER_ROOT;
|
||||||
|
|
||||||
private String realm = "test";
|
private String realm;
|
||||||
|
|
||||||
private String clientId = "test-app";
|
private String clientId;
|
||||||
|
|
||||||
private String redirectUri = APP_ROOT + "/auth";
|
private String redirectUri;
|
||||||
|
|
||||||
private String state = "mystate";
|
private String state;
|
||||||
|
|
||||||
private String scope;
|
private String scope;
|
||||||
|
|
||||||
private String uiLocales = null;
|
private String uiLocales;
|
||||||
|
|
||||||
private String clientSessionState;
|
private String clientSessionState;
|
||||||
|
|
||||||
|
@ -90,12 +90,19 @@ public class OAuthClient {
|
||||||
|
|
||||||
private Map<String, PublicKey> publicKeys = new HashMap<>();
|
private Map<String, PublicKey> publicKeys = new HashMap<>();
|
||||||
|
|
||||||
public void setAdminClient(Keycloak adminClient) {
|
public void init(Keycloak adminClient, WebDriver driver) {
|
||||||
this.adminClient = adminClient;
|
this.adminClient = adminClient;
|
||||||
}
|
|
||||||
|
|
||||||
public void setDriver(WebDriver driver) {
|
|
||||||
this.driver = driver;
|
this.driver = driver;
|
||||||
|
|
||||||
|
baseUrl = AUTH_SERVER_ROOT;
|
||||||
|
realm = "test";
|
||||||
|
clientId = "test-app";
|
||||||
|
redirectUri = APP_ROOT + "/auth";
|
||||||
|
state = "mystate";
|
||||||
|
scope = null;
|
||||||
|
uiLocales = null;
|
||||||
|
clientSessionState = null;
|
||||||
|
clientSessionHost = null;
|
||||||
}
|
}
|
||||||
|
|
||||||
public AuthorizationCodeResponse doLogin(String username, String password) {
|
public AuthorizationCodeResponse doLogin(String username, String password) {
|
||||||
|
|
|
@ -151,8 +151,7 @@ public abstract class AbstractKeycloakTest {
|
||||||
|
|
||||||
importTestRealms();
|
importTestRealms();
|
||||||
|
|
||||||
oauth.setAdminClient(adminClient);
|
oauth.init(adminClient, driver);
|
||||||
oauth.setDriver(driver);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@After
|
@After
|
||||||
|
|
|
@ -18,21 +18,37 @@
|
||||||
package org.keycloak.testsuite.admin;
|
package org.keycloak.testsuite.admin;
|
||||||
|
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
import org.keycloak.OAuth2Constants;
|
||||||
import org.keycloak.admin.client.resource.ClientResource;
|
import org.keycloak.admin.client.resource.ClientResource;
|
||||||
import org.keycloak.admin.client.resource.ProtocolMappersResource;
|
import org.keycloak.admin.client.resource.ProtocolMappersResource;
|
||||||
|
import org.keycloak.admin.client.resource.RoleMappingResource;
|
||||||
|
import org.keycloak.common.util.Time;
|
||||||
|
import org.keycloak.models.AccountRoles;
|
||||||
import org.keycloak.models.Constants;
|
import org.keycloak.models.Constants;
|
||||||
import org.keycloak.protocol.oidc.OIDCLoginProtocolFactory;
|
import org.keycloak.protocol.oidc.OIDCLoginProtocolFactory;
|
||||||
|
import org.keycloak.representations.adapters.action.GlobalRequestResult;
|
||||||
|
import org.keycloak.representations.adapters.action.PushNotBeforeAction;
|
||||||
|
import org.keycloak.representations.adapters.action.TestAvailabilityAction;
|
||||||
import org.keycloak.representations.idm.*;
|
import org.keycloak.representations.idm.*;
|
||||||
|
|
||||||
import javax.ws.rs.NotFoundException;
|
import javax.ws.rs.NotFoundException;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.util.Collections;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
|
import org.keycloak.services.resources.admin.ScopeMappedResource;
|
||||||
import org.keycloak.testsuite.Assert;
|
import org.keycloak.testsuite.Assert;
|
||||||
|
import org.keycloak.testsuite.util.ClientBuilder;
|
||||||
|
import org.keycloak.testsuite.util.CredentialBuilder;
|
||||||
import org.keycloak.testsuite.util.OAuthClient;
|
import org.keycloak.testsuite.util.OAuthClient;
|
||||||
|
import org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse;
|
||||||
|
import org.keycloak.testsuite.util.RoleBuilder;
|
||||||
|
import org.keycloak.testsuite.util.UserBuilder;
|
||||||
|
|
||||||
import static org.junit.Assert.assertArrayEquals;
|
import static org.junit.Assert.assertArrayEquals;
|
||||||
import static org.junit.Assert.assertEquals;
|
import static org.junit.Assert.assertEquals;
|
||||||
|
@ -174,6 +190,154 @@ public class ClientTest extends AbstractAdminTest {
|
||||||
assertClient(client, storedClient);
|
assertClient(client, storedClient);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void serviceAccount() {
|
||||||
|
Response response = realm.clients().create(ClientBuilder.create().clientId("serviceClient").serviceAccount().build());
|
||||||
|
String id = ApiUtil.getCreatedId(response);
|
||||||
|
UserRepresentation userRep = realm.clients().get(id).getServiceAccountUser();
|
||||||
|
assertEquals("service-account-serviceclient", userRep.getUsername());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void pushRevocation() {
|
||||||
|
testingClient.testApp().clearAdminActions();
|
||||||
|
|
||||||
|
String redirectUri = oauth.getRedirectUri().replace("/master/", "/" + REALM_NAME + "/");
|
||||||
|
|
||||||
|
ClientRepresentation client = new ClientRepresentation();
|
||||||
|
client.setClientId("test-app");
|
||||||
|
client.setAdminUrl(suiteContext.getAuthServerInfo().getContextRoot() + "/auth/realms/master/app/admin");
|
||||||
|
client.setRedirectUris(Collections.singletonList(redirectUri));
|
||||||
|
client.setSecret("secret");
|
||||||
|
|
||||||
|
int notBefore = Time.currentTime() - 60;
|
||||||
|
|
||||||
|
client.setNotBefore(notBefore);
|
||||||
|
Response response = realm.clients().create(client);
|
||||||
|
String id = ApiUtil.getCreatedId(response);
|
||||||
|
response.close();
|
||||||
|
|
||||||
|
realm.clients().get(id).pushRevocation();
|
||||||
|
|
||||||
|
PushNotBeforeAction pushNotBefore = testingClient.testApp().getAdminPushNotBefore();
|
||||||
|
assertEquals(notBefore, pushNotBefore.getNotBefore());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void nodes() {
|
||||||
|
testingClient.testApp().clearAdminActions();
|
||||||
|
|
||||||
|
String redirectUri = oauth.getRedirectUri().replace("/master/", "/" + REALM_NAME + "/");
|
||||||
|
|
||||||
|
ClientRepresentation client = new ClientRepresentation();
|
||||||
|
client.setClientId("test-app");
|
||||||
|
client.setAdminUrl(suiteContext.getAuthServerInfo().getContextRoot() + "/auth/realms/master/app/admin");
|
||||||
|
client.setRedirectUris(Collections.singletonList(redirectUri));
|
||||||
|
client.setSecret("secret");
|
||||||
|
|
||||||
|
Response response = realm.clients().create(client);
|
||||||
|
String id = ApiUtil.getCreatedId(response);
|
||||||
|
response.close();
|
||||||
|
|
||||||
|
realm.clients().get(id).registerNode(Collections.singletonMap("node", suiteContext.getAuthServerInfo().getContextRoot().getHost()));
|
||||||
|
realm.clients().get(id).registerNode(Collections.singletonMap("node", "invalid"));
|
||||||
|
|
||||||
|
GlobalRequestResult result = realm.clients().get(id).testNodesAvailable();
|
||||||
|
assertEquals(1, result.getSuccessRequests().size());
|
||||||
|
assertEquals(1, result.getFailedRequests().size());
|
||||||
|
|
||||||
|
TestAvailabilityAction testAvailable = testingClient.testApp().getTestAvailable();
|
||||||
|
assertEquals("test-app", testAvailable.getResource());
|
||||||
|
|
||||||
|
assertEquals(2, realm.clients().get(id).toRepresentation().getRegisteredNodes().size());
|
||||||
|
|
||||||
|
realm.clients().get(id).unregisterNode("invalid");
|
||||||
|
|
||||||
|
assertEquals(1, realm.clients().get(id).toRepresentation().getRegisteredNodes().size());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void offlineUserSessions() throws IOException {
|
||||||
|
String redirectUri = oauth.getRedirectUri().replace("/master/", "/" + REALM_NAME + "/");
|
||||||
|
|
||||||
|
ClientRepresentation client = new ClientRepresentation();
|
||||||
|
client.setClientId("test-app");
|
||||||
|
client.setAdminUrl(suiteContext.getAuthServerInfo().getContextRoot() + "/auth/realms/master/app/admin");
|
||||||
|
client.setRedirectUris(Collections.singletonList(redirectUri));
|
||||||
|
client.setSecret("secret");
|
||||||
|
|
||||||
|
Response response = realm.clients().create(client);
|
||||||
|
String id = ApiUtil.getCreatedId(response);
|
||||||
|
response.close();
|
||||||
|
|
||||||
|
response = realm.users().create(UserBuilder.create().username("testuser").build());
|
||||||
|
String userId = ApiUtil.getCreatedId(response);
|
||||||
|
response.close();
|
||||||
|
|
||||||
|
realm.users().get(userId).resetPassword(CredentialBuilder.create().password("password").build());
|
||||||
|
|
||||||
|
Map<String, Long> offlineSessionCount = realm.clients().get(id).getOfflineSessionCount();
|
||||||
|
assertEquals(new Long(0), offlineSessionCount.get("count"));
|
||||||
|
|
||||||
|
oauth.realm(REALM_NAME);
|
||||||
|
oauth.redirectUri(redirectUri);
|
||||||
|
oauth.scope(OAuth2Constants.OFFLINE_ACCESS);
|
||||||
|
oauth.doLogin("testuser", "password");
|
||||||
|
AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get("code"), "secret");
|
||||||
|
assertEquals(200, accessTokenResponse.getStatusCode());
|
||||||
|
|
||||||
|
offlineSessionCount = realm.clients().get(id).getOfflineSessionCount();
|
||||||
|
assertEquals(new Long(1), offlineSessionCount.get("count"));
|
||||||
|
|
||||||
|
List<UserSessionRepresentation> offlineUserSessions = realm.clients().get(id).getOfflineUserSessions(0, 100);
|
||||||
|
assertEquals(1, offlineUserSessions.size());
|
||||||
|
assertEquals("testuser", offlineUserSessions.get(0).getUsername());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void scopes() {
|
||||||
|
Response response = realm.clients().create(ClientBuilder.create().clientId("client").fullScopeEnabled(false).build());
|
||||||
|
String id = ApiUtil.getCreatedId(response);
|
||||||
|
response.close();
|
||||||
|
|
||||||
|
RoleMappingResource scopesResource = realm.clients().get(id).getScopeMappings();
|
||||||
|
|
||||||
|
realm.roles().create(RoleBuilder.create().name("role1").build());
|
||||||
|
realm.roles().create(RoleBuilder.create().name("role2").build());
|
||||||
|
|
||||||
|
RoleRepresentation roleRep1 = realm.roles().get("role1").toRepresentation();
|
||||||
|
RoleRepresentation roleRep2 = realm.roles().get("role2").toRepresentation();
|
||||||
|
|
||||||
|
realm.roles().get("role1").addComposites(Collections.singletonList(roleRep2));
|
||||||
|
|
||||||
|
String accountMgmtId = realm.clients().findByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID).get(0).getId();
|
||||||
|
RoleRepresentation viewAccountRoleRep = realm.clients().get(accountMgmtId).roles().get(AccountRoles.VIEW_PROFILE).toRepresentation();
|
||||||
|
|
||||||
|
scopesResource.realmLevel().add(Collections.singletonList(roleRep1));
|
||||||
|
scopesResource.clientLevel(accountMgmtId).add(Collections.singletonList(viewAccountRoleRep));
|
||||||
|
|
||||||
|
Assert.assertNames(scopesResource.realmLevel().listAll(), "role1");
|
||||||
|
Assert.assertNames(scopesResource.realmLevel().listEffective(), "role1", "role2");
|
||||||
|
Assert.assertNames(scopesResource.realmLevel().listAvailable(), "offline_access");
|
||||||
|
|
||||||
|
Assert.assertNames(scopesResource.clientLevel(accountMgmtId).listAll(), AccountRoles.VIEW_PROFILE);
|
||||||
|
Assert.assertNames(scopesResource.clientLevel(accountMgmtId).listEffective(), AccountRoles.VIEW_PROFILE);
|
||||||
|
Assert.assertNames(scopesResource.clientLevel(accountMgmtId).listAvailable(), AccountRoles.MANAGE_ACCOUNT);
|
||||||
|
|
||||||
|
Assert.assertNames(scopesResource.getAll().getRealmMappings(), "role1");
|
||||||
|
Assert.assertNames(scopesResource.getAll().getClientMappings().get(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID).getMappings(), AccountRoles.VIEW_PROFILE);
|
||||||
|
|
||||||
|
scopesResource.realmLevel().remove(Collections.singletonList(roleRep1));
|
||||||
|
scopesResource.clientLevel(accountMgmtId).remove(Collections.singletonList(viewAccountRoleRep));
|
||||||
|
|
||||||
|
Assert.assertNames(scopesResource.realmLevel().listAll());
|
||||||
|
Assert.assertNames(scopesResource.realmLevel().listEffective());
|
||||||
|
Assert.assertNames(scopesResource.realmLevel().listAvailable(), "offline_access", "role1", "role2");
|
||||||
|
Assert.assertNames(scopesResource.clientLevel(accountMgmtId).listAll());
|
||||||
|
Assert.assertNames(scopesResource.clientLevel(accountMgmtId).listAvailable(), AccountRoles.VIEW_PROFILE, AccountRoles.MANAGE_ACCOUNT);
|
||||||
|
Assert.assertNames(scopesResource.clientLevel(accountMgmtId).listEffective());
|
||||||
|
}
|
||||||
|
|
||||||
public static void protocolMappersTest(ProtocolMappersResource mappersResource) {
|
public static void protocolMappersTest(ProtocolMappersResource mappersResource) {
|
||||||
// assert default mappers found
|
// assert default mappers found
|
||||||
List<ProtocolMapperRepresentation> protocolMappers = mappersResource.getMappers();
|
List<ProtocolMapperRepresentation> protocolMappers = mappersResource.getMappers();
|
||||||
|
|
|
@ -91,28 +91,4 @@ public class ClientTest extends AbstractClientTest {
|
||||||
assertEqualClients(rep, gotById);
|
assertEqualClients(rep, gotById);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* DEPRECATED?
|
|
||||||
@Test
|
|
||||||
public void testAllowedOrigins() {
|
|
||||||
createOidcClient("originsClient");
|
|
||||||
ClientResource client = findClientResource("originsClient");
|
|
||||||
java.util.Set<String> origins = client.getAllowedOrigins();
|
|
||||||
assertEquals(1, origins.size());
|
|
||||||
assertTrue(origins.contains("foo/*"));
|
|
||||||
|
|
||||||
origins.add("bar/*");
|
|
||||||
client.updateAllowedOrigins(origins); //<-- STACK OVERFLOW
|
|
||||||
origins = client.getAllowedOrigins();
|
|
||||||
assertEquals(2, origins.size());
|
|
||||||
assertTrue(origins.contains("foo/*"));
|
|
||||||
assertTrue(origins.contains("bar/*"));
|
|
||||||
|
|
||||||
java.util.Set<String> toRemove = new java.util.HashSet<>();
|
|
||||||
toRemove.add("bar/*");
|
|
||||||
client.removeAllowedOrigins(origins);
|
|
||||||
origins = client.getAllowedOrigins();
|
|
||||||
assertEquals(1, origins.size());
|
|
||||||
assertTrue(origins.contains("foo/*"));
|
|
||||||
} */
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -113,8 +113,7 @@ public class SSOTest extends TestRealmKeycloakTest {
|
||||||
try {
|
try {
|
||||||
//OAuthClient oauth2 = new OAuthClient(driver2);
|
//OAuthClient oauth2 = new OAuthClient(driver2);
|
||||||
OAuthClient oauth2 = new OAuthClient();
|
OAuthClient oauth2 = new OAuthClient();
|
||||||
oauth2.setDriver(driver2);
|
oauth2.init(adminClient, driver2);
|
||||||
oauth2.setAdminClient(adminClient);
|
|
||||||
|
|
||||||
oauth2.state("mystate");
|
oauth2.state("mystate");
|
||||||
oauth2.doLogin("test-user@localhost", "password");
|
oauth2.doLogin("test-user@localhost", "password");
|
||||||
|
|
|
@ -95,7 +95,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
|
||||||
.clientId("client2")
|
.clientId("client2")
|
||||||
.directAccessGrants()
|
.directAccessGrants()
|
||||||
.serviceAccountsEnabled(true)
|
.serviceAccountsEnabled(true)
|
||||||
.redirectUris(oauth.getRedirectUri())
|
.redirectUris(OAuthClient.APP_ROOT + "/auth")
|
||||||
.attribute(JWTClientAuthenticator.CERTIFICATE_ATTR, "MIICnTCCAYUCBgFPPQDGxTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdjbGllbnQxMB4XDTE1MDgxNzE4NTAwNVoXDTI1MDgxNzE4NTE0NVowEjEQMA4GA1UEAwwHY2xpZW50MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMw3PaBffWxgS2PYSDDBp6As+cNvv9kt2C4f/RDAGmvSIHPFev9kuQiKs3Oaws3ZsV4JG3qHEuYgnh9W4vfe3DwNwtD1bjL5FYBhPBFTw0lAQECYxaBHnkjHwUKp957FqdSPPICm3LjmTcEdlH+9dpp9xHCMbbiNiWDzWI1xSxC8Fs2d0hwz1sd+Q4QeTBPIBWcPM+ICZtNG5MN+ORfayu4X+Me5d0tXG2fQO//rAevk1i5IFjKZuOjTwyKB5SJIY4b8QTeg0g/50IU7Ht00Pxw6CK02dHS+FvXHasZlD3ckomqCDjStTBWdhJo5dST0CbOqalkkpLlCCbGA1yEQRsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAUIMeJ+EAo8eNpCG/nXImacjrKakbFnZYBGD/gqeTGaZynkX+jgBSructTHR83zSH+yELEhsAy+3BfK4EEihp+PEcRnK2fASVkHste8AQ7rlzC+HGGirlwrVhWCdizNUCGK80DE537IZ7nmZw6LFG9P5/Q2MvCsOCYjRUvMkukq6TdXBXR9tETwZ+0gpSfsOxjj0ZF7ftTRUSzx4rFfcbM9fRNdVizdOuKGc8HJPA5lLOxV6CyaYIvi3y5RlQI1OHeS34lE4w9CNPRFa/vdxXvN7ClyzA0HMFNWxBN7pC/Ht/FbhSvaAagJBHg+vCrcY5C26Oli7lAglf/zZrwUPs0w==")
|
.attribute(JWTClientAuthenticator.CERTIFICATE_ATTR, "MIICnTCCAYUCBgFPPQDGxTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdjbGllbnQxMB4XDTE1MDgxNzE4NTAwNVoXDTI1MDgxNzE4NTE0NVowEjEQMA4GA1UEAwwHY2xpZW50MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMw3PaBffWxgS2PYSDDBp6As+cNvv9kt2C4f/RDAGmvSIHPFev9kuQiKs3Oaws3ZsV4JG3qHEuYgnh9W4vfe3DwNwtD1bjL5FYBhPBFTw0lAQECYxaBHnkjHwUKp957FqdSPPICm3LjmTcEdlH+9dpp9xHCMbbiNiWDzWI1xSxC8Fs2d0hwz1sd+Q4QeTBPIBWcPM+ICZtNG5MN+ORfayu4X+Me5d0tXG2fQO//rAevk1i5IFjKZuOjTwyKB5SJIY4b8QTeg0g/50IU7Ht00Pxw6CK02dHS+FvXHasZlD3ckomqCDjStTBWdhJo5dST0CbOqalkkpLlCCbGA1yEQRsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAUIMeJ+EAo8eNpCG/nXImacjrKakbFnZYBGD/gqeTGaZynkX+jgBSructTHR83zSH+yELEhsAy+3BfK4EEihp+PEcRnK2fASVkHste8AQ7rlzC+HGGirlwrVhWCdizNUCGK80DE537IZ7nmZw6LFG9P5/Q2MvCsOCYjRUvMkukq6TdXBXR9tETwZ+0gpSfsOxjj0ZF7ftTRUSzx4rFfcbM9fRNdVizdOuKGc8HJPA5lLOxV6CyaYIvi3y5RlQI1OHeS34lE4w9CNPRFa/vdxXvN7ClyzA0HMFNWxBN7pC/Ht/FbhSvaAagJBHg+vCrcY5C26Oli7lAglf/zZrwUPs0w==")
|
||||||
.authenticatorType(JWTClientAuthenticator.PROVIDER_ID)
|
.authenticatorType(JWTClientAuthenticator.PROVIDER_ID)
|
||||||
.build();
|
.build();
|
||||||
|
|
|
@ -17,6 +17,7 @@
|
||||||
|
|
||||||
package org.keycloak.testsuite.util;
|
package org.keycloak.testsuite.util;
|
||||||
|
|
||||||
|
import org.keycloak.dom.saml.v2.ac.BooleanType;
|
||||||
import org.keycloak.representations.idm.ClientRepresentation;
|
import org.keycloak.representations.idm.ClientRepresentation;
|
||||||
|
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
|
@ -58,11 +59,21 @@ public class ClientBuilder {
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public ClientBuilder serviceAccount() {
|
||||||
|
rep.setServiceAccountsEnabled(true);
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
public ClientBuilder directAccessGrants() {
|
public ClientBuilder directAccessGrants() {
|
||||||
rep.setDirectAccessGrantsEnabled(true);
|
rep.setDirectAccessGrantsEnabled(true);
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public ClientBuilder fullScopeEnabled(Boolean fullScopeEnabled) {
|
||||||
|
rep.setFullScopeAllowed(fullScopeEnabled);
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
public ClientBuilder secret(String secret) {
|
public ClientBuilder secret(String secret) {
|
||||||
rep.setSecret(secret);
|
rep.setSecret(secret);
|
||||||
return this;
|
return this;
|
||||||
|
|
Loading…
Reference in a new issue