keycloak-memoizeit
Changes
testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java 290(+0 -290)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ApiUtil.java 7(+7 -0)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/AbstractCompositeKeycloakTest.java 37(+37 -0)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeImportRoleTest.java 69(+20 -49)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java 348(+348 -0)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ClientBuilder.java 5(+5 -0)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/RealmBuilder.java 35(+30 -5)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/RoleBuilder.java 50(+50 -0)
Details
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ApiUtil.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ApiUtil.java
index f0a37ad..dca666f 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ApiUtil.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ApiUtil.java
@@ -110,6 +110,13 @@ public class ApiUtil {
if (ur.size() == 1) {
user = ur.get(0);
}
+
+ if (ur.size() > 1) { // try to be more specific
+ for (UserRepresentation rep : ur) {
+ if (rep.getUsername().equalsIgnoreCase(username)) return rep;
+ }
+ }
+
return user;
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/AbstractCompositeKeycloakTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/AbstractCompositeKeycloakTest.java
new file mode 100644
index 0000000..ca546a8
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/AbstractCompositeKeycloakTest.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.keycloak.testsuite.composites;
+
+import org.keycloak.admin.client.resource.RealmResource;
+import org.keycloak.testsuite.AbstractKeycloakTest;
+import org.keycloak.testsuite.admin.ApiUtil;
+
+/**
+ *
+ * @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
+ */
+public abstract class AbstractCompositeKeycloakTest extends AbstractKeycloakTest {
+
+ protected RealmResource testRealm() {
+ return adminClient.realm("test");
+ }
+
+ protected String getUserId(String username) {
+ return ApiUtil.findUserByUsername(testRealm(), username).getId();
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
new file mode 100755
index 0000000..a43aae8
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
@@ -0,0 +1,348 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.testsuite.composites;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.keycloak.OAuth2Constants;
+import org.keycloak.representations.AccessToken;
+import org.keycloak.testsuite.pages.LoginPage;
+
+import java.util.Collections;
+import java.util.LinkedList;
+import java.util.List;
+import org.jboss.arquillian.graphene.page.Page;
+import org.junit.Before;
+import org.keycloak.admin.client.resource.ClientResource;
+import org.keycloak.admin.client.resource.RoleResource;
+import org.keycloak.admin.client.resource.UserResource;
+import org.keycloak.common.enums.SslRequired;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.representations.idm.RoleRepresentation;
+import org.keycloak.testsuite.admin.ApiUtil;
+import org.keycloak.testsuite.util.ClientBuilder;
+import org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse;
+import org.keycloak.testsuite.util.RealmBuilder;
+import org.keycloak.testsuite.util.RoleBuilder;
+import org.keycloak.testsuite.util.RolesBuilder;
+import org.keycloak.testsuite.util.UserBuilder;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ * @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
+ */
+public class CompositeRoleTest extends AbstractCompositeKeycloakTest {
+
+ @Override
+ public void addTestRealms(List<RealmRepresentation> testRealms) {
+ RealmBuilder realmBuilder = RealmBuilder.create()
+ .name("test")
+ .publicKey("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB")
+ .privateKey("MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=")
+ .ssoSessionIdleTimeout(3000)
+ .accessTokenLifespan(10000)
+ .ssoSessionMaxLifespan(10000)
+ .accessCodeLifespanUserAction(1000)
+ .accessCodeLifespan(1000)
+ .sslRequired(SslRequired.EXTERNAL.toString());
+
+
+ RoleRepresentation realmRole1 = RoleBuilder.create().name("REALM_ROLE_1").build();
+ RoleRepresentation realmComposite1 = RoleBuilder.create()
+ .name("REALM_COMPOSITE_1")
+ .composite()
+ .realmComposite(realmRole1)
+ .build();
+
+ RolesBuilder roles = RolesBuilder.create()
+ .realmRole(realmRole1)
+ .realmRole(RoleBuilder.create().name("REALM_ROLE_2").build())
+ .realmRole(RoleBuilder.create().name("REALM_ROLE_3").build())
+ .realmRole(realmComposite1);
+ realmBuilder.roles(roles);
+
+ UserBuilder realmCompositeUser = UserBuilder.create()
+ .username("REALM_COMPOSITE_1_USER")
+ .enabled(true)
+ .password("password")
+ .addRoles(realmComposite1.getName());
+ realmBuilder.user(realmCompositeUser);
+
+ UserBuilder realmRole1User = UserBuilder.create()
+ .username("REALM_ROLE_1_USER")
+ .enabled(true)
+ .password("password")
+ .addRoles(realmRole1.getName());
+ realmBuilder.user(realmRole1User);
+
+ ClientBuilder realmComposite1Application = ClientBuilder.create()
+ .clientId("REALM_COMPOSITE_1_APPLICATION")
+ .name("REALM_COMPOSITE_1_APPLICATION")
+ .fullScopeEnabled(Boolean.FALSE)
+ // addScopeMapping(realmComposite1)
+ .redirectUris("http://localhost:8180/auth/realms/master/app/*")
+ .baseUrl("http://localhost:8180/auth/realms/master/app/auth")
+ .adminUrl("http://localhost:8180/auth/realms/master/app/logout")
+ .secret("password");
+ realmBuilder.client(realmComposite1Application);
+
+ ClientBuilder realmRole1Application = ClientBuilder.create()
+ .clientId("REALM_ROLE_1_APPLICATION")
+ .name("REALM_ROLE_1_APPLICATION")
+ .fullScopeEnabled(Boolean.FALSE)
+ // addScopeMapping(realmRole1)
+ .redirectUris("http://localhost:8180/auth/realms/master/app/*")
+ .baseUrl("http://localhost:8180/auth/realms/master/app/auth")
+ .adminUrl("http://localhost:8180/auth/realms/master/app/logout")
+ .secret("password");
+ realmBuilder.client(realmRole1Application);
+
+ ClientBuilder appRoleApplication = ClientBuilder.create()
+ .clientId("APP_ROLE_APPLICATION")
+ .name("APP_ROLE_APPLICATION")
+ .fullScopeEnabled(Boolean.FALSE)
+ .redirectUris("http://localhost:8180/auth/realms/master/app/*")
+ .baseUrl("http://localhost:8180/auth/realms/master/app/auth")
+ .adminUrl("http://localhost:8180/auth/realms/master/app/logout")
+ .defaultRoles("APP_ROLE_1", "APP_ROLE_2")
+ .secret("password");
+ realmBuilder.client(appRoleApplication);
+
+ UserBuilder realmAppCompositeUser = UserBuilder.create()
+ .username("REALM_APP_COMPOSITE_USER")
+ .password("password");
+ realmBuilder.user(realmAppCompositeUser);
+
+ UserBuilder realmAppRoleUser = UserBuilder.create()
+ .username("REALM_APP_ROLE_USER")
+ .password("password")
+ .addRoles("APP_ROLE_2");
+ realmBuilder.user(realmAppRoleUser);
+
+ ClientBuilder appCompositeApplication = ClientBuilder.create()
+ .clientId("APP_COMPOSITE_APPLICATION")
+ .name("APP_COMPOSITE_APPLICATION")
+ .fullScopeEnabled(Boolean.FALSE)
+ //.scopeMapping(appRole2)
+ .defaultRoles("APP_COMPOSITE_ROLE")
+ .redirectUris("http://localhost:8180/auth/realms/master/app/*")
+ .baseUrl("http://localhost:8180/auth/realms/master/app/auth")
+ .adminUrl("http://localhost:8180/auth/realms/master/app/logout")
+ .secret("password");
+ realmBuilder.client(appCompositeApplication);
+
+ UserBuilder appCompositeUser = UserBuilder.create()
+ .username("APP_COMPOSITE_USER")
+ .password("password")
+ .addRoles("REALM_COMPOSITE_1");
+ realmBuilder.user(appCompositeUser);
+
+ testRealms.add(realmBuilder.build());
+ }
+
+ @Before
+ public void addScopeMappings() {
+ addRealmLevelScopeMapping("REALM_COMPOSITE_1_APPLICATION", "REALM_COMPOSITE_1");
+ addRealmLevelScopeMapping("REALM_ROLE_1_APPLICATION", "REALM_ROLE_1");
+ addClientLevelScopeMapping("APP_COMPOSITE_APPLICATION", "APP_ROLE_APPLICATION", "APP_ROLE_2");
+ }
+
+ private void addRealmLevelScopeMapping(String clientId, String roleName) {
+ ClientResource client = ApiUtil.findClientByClientId(testRealm(), clientId);
+ RoleRepresentation role = testRealm().roles().get(roleName).toRepresentation();
+ client.getScopeMappings().realmLevel().add(Collections.singletonList(role));
+ }
+
+ private void addClientLevelScopeMapping(String targetClientId, String sourceClientId, String roleName) {
+ ClientResource targetClient = ApiUtil.findClientByClientId(testRealm(), targetClientId);
+ ClientResource sourceClient = ApiUtil.findClientByClientId(testRealm(), sourceClientId);
+ RoleRepresentation role = sourceClient.roles().get(roleName).toRepresentation();
+ targetClient.getScopeMappings().clientLevel(sourceClient.toRepresentation().getId()).add(Collections.singletonList(role));
+ }
+
+ @Before
+ public void createRealmAppCompositeRole() {
+ ClientResource appRoleApplication = ApiUtil.findClientByClientId(testRealm(), "APP_ROLE_APPLICATION");
+ RoleResource appRole1 = appRoleApplication.roles().get("APP_ROLE_1");
+
+ RoleBuilder realmAppCompositeRole = RoleBuilder.create()
+ .name("REALM_APP_COMPOSITE_ROLE");
+
+ testRealm().roles().create(realmAppCompositeRole.build());
+ String id = testRealm().roles().get("REALM_APP_COMPOSITE_ROLE").toRepresentation().getId();
+ testRealm().rolesById().addComposites(id, Collections.singletonList(appRole1.toRepresentation()));
+ }
+
+ @Before
+ public void addRealmAppCompositeToUsers() {
+ UserResource userRsc = ApiUtil.findUserByUsernameId(testRealm(), "REALM_APP_COMPOSITE_USER");
+ RoleRepresentation realmAppCompositeRole = testRealm().roles().get("REALM_APP_COMPOSITE_ROLE").toRepresentation();
+ userRsc.roles().realmLevel().add(Collections.singletonList(realmAppCompositeRole));
+ }
+
+ @Before
+ public void addRealmAppCompositeToUser2() {
+ UserResource userRsc = ApiUtil.findUserByUsernameId(testRealm(), "APP_COMPOSITE_USER");
+ RoleRepresentation realmAppCompositeRole = testRealm().roles().get("REALM_APP_COMPOSITE_ROLE").toRepresentation();
+ userRsc.roles().realmLevel().add(Collections.singletonList(realmAppCompositeRole));
+ }
+
+ @Before
+ public void addCompositeRolesToAppCompositeRoleInAppCompositeApplication() {
+ ClientResource appCompositeApplication = ApiUtil.findClientByClientId(testRealm(), "APP_COMPOSITE_APPLICATION");
+ RoleResource appCompositeRole = appCompositeApplication.roles().get("APP_COMPOSITE_ROLE");
+
+ List<RoleRepresentation> toAdd = new LinkedList<>();
+ toAdd.add(testRealm().roles().get("REALM_ROLE_1").toRepresentation());
+ toAdd.add(testRealm().roles().get("REALM_ROLE_2").toRepresentation());
+ toAdd.add(testRealm().roles().get("REALM_ROLE_3").toRepresentation());
+
+ ClientResource appRolesApplication = ApiUtil.findClientByClientId(testRealm(), "APP_ROLE_APPLICATION");
+ RoleRepresentation appRole1 = appRolesApplication.roles().get("APP_ROLE_1").toRepresentation();
+ toAdd.add(appRole1);
+
+ appCompositeRole.addComposites(toAdd);
+ }
+
+ @Page
+ protected LoginPage loginPage;
+
+ @Test
+ public void testAppCompositeUser() throws Exception {
+ oauth.realm("test");
+ oauth.clientId("APP_COMPOSITE_APPLICATION");
+ oauth.doLogin("APP_COMPOSITE_USER", "password");
+
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
+ AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
+
+ Assert.assertEquals(200, response.getStatusCode());
+
+ Assert.assertEquals("bearer", response.getTokenType());
+
+ AccessToken token = oauth.verifyToken(response.getAccessToken());
+
+ Assert.assertEquals(getUserId("APP_COMPOSITE_USER"), token.getSubject());
+
+ Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size());
+ Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
+ Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
+ Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
+
+ AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
+ Assert.assertEquals(200, refreshResponse.getStatusCode());
+ }
+
+
+ @Test
+ public void testRealmAppCompositeUser() throws Exception {
+ oauth.realm("test");
+ oauth.clientId("APP_ROLE_APPLICATION");
+ oauth.doLogin("REALM_APP_COMPOSITE_USER", "password");
+
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
+ AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
+
+ Assert.assertEquals(200, response.getStatusCode());
+
+ Assert.assertEquals("bearer", response.getTokenType());
+
+ AccessToken token = oauth.verifyToken(response.getAccessToken());
+
+ Assert.assertEquals(getUserId("REALM_APP_COMPOSITE_USER"), token.getSubject());
+
+ Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size());
+ Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
+
+ AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
+ Assert.assertEquals(200, refreshResponse.getStatusCode());
+ }
+
+ @Test
+ public void testRealmOnlyWithUserCompositeAppComposite() throws Exception {
+ oauth.realm("test");
+ oauth.clientId("REALM_COMPOSITE_1_APPLICATION");
+ oauth.doLogin("REALM_COMPOSITE_1_USER", "password");
+
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
+ AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
+
+ Assert.assertEquals(200, response.getStatusCode());
+
+ Assert.assertEquals("bearer", response.getTokenType());
+
+ AccessToken token = oauth.verifyToken(response.getAccessToken());
+
+ Assert.assertEquals(getUserId("REALM_COMPOSITE_1_USER"), token.getSubject());
+
+ Assert.assertEquals(2, token.getRealmAccess().getRoles().size());
+ Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_COMPOSITE_1"));
+ Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
+
+ AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
+ Assert.assertEquals(200, refreshResponse.getStatusCode());
+ }
+
+ @Test
+ public void testRealmOnlyWithUserCompositeAppRole() throws Exception {
+ oauth.realm("test");
+ oauth.clientId("REALM_ROLE_1_APPLICATION");
+ oauth.doLogin("REALM_COMPOSITE_1_USER", "password");
+
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
+ AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
+
+ Assert.assertEquals(200, response.getStatusCode());
+
+ Assert.assertEquals("bearer", response.getTokenType());
+
+ AccessToken token = oauth.verifyToken(response.getAccessToken());
+
+ Assert.assertEquals(getUserId("REALM_COMPOSITE_1_USER"), token.getSubject());
+
+ Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
+ Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
+
+ AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
+ Assert.assertEquals(200, refreshResponse.getStatusCode());
+ }
+
+ @Test
+ public void testRealmOnlyWithUserRoleAppComposite() throws Exception {
+ oauth.realm("test");
+ oauth.clientId("REALM_COMPOSITE_1_APPLICATION");
+ oauth.doLogin("REALM_ROLE_1_USER", "password");
+
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
+ AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
+
+ Assert.assertEquals(200, response.getStatusCode());
+
+ Assert.assertEquals("bearer", response.getTokenType());
+
+ AccessToken token = oauth.verifyToken(response.getAccessToken());
+
+ Assert.assertEquals(getUserId("REALM_ROLE_1_USER"), token.getSubject());
+
+ Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
+ Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
+
+ AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
+ Assert.assertEquals(200, refreshResponse.getStatusCode());
+ }
+
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ClientBuilder.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ClientBuilder.java
index b98877d..febf487 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ClientBuilder.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ClientBuilder.java
@@ -59,6 +59,11 @@ public class ClientBuilder {
return this;
}
+ public ClientBuilder defaultRoles(String... roles) {
+ rep.setDefaultRoles(roles);
+ return this;
+ }
+
public ClientBuilder serviceAccount() {
rep.setServiceAccountsEnabled(true);
return this;
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/RealmBuilder.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/RealmBuilder.java
index 445cc14..b01ba5e 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/RealmBuilder.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/RealmBuilder.java
@@ -21,15 +21,11 @@ import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.events.EventsListenerProviderFactory;
-import sun.security.krb5.Realm;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.Map;
-
-import static org.keycloak.testsuite.util.MailServerConfiguration.FROM;
-import static org.keycloak.testsuite.util.MailServerConfiguration.HOST;
-import static org.keycloak.testsuite.util.MailServerConfiguration.PORT;
+import org.keycloak.representations.idm.RolesRepresentation;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@@ -67,6 +63,15 @@ public class RealmBuilder {
return this;
}
+ public RealmBuilder roles(RolesBuilder roles) {
+ return roles(roles.build());
+ }
+
+ public RealmBuilder roles(RolesRepresentation roles) {
+ rep.setRoles(roles);
+ return this;
+ }
+
public RealmBuilder testMail() {
Map<String, String> config = new HashMap<>();
config.put("from", MailServerConfiguration.FROM);
@@ -159,6 +164,26 @@ public class RealmBuilder {
return this;
}
+ public RealmBuilder ssoSessionMaxLifespan(int ssoSessionMaxLifespan) {
+ rep.setSsoSessionMaxLifespan(ssoSessionMaxLifespan);
+ return this;
+ }
+
+ public RealmBuilder accessCodeLifespanUserAction(int accessCodeLifespanUserAction) {
+ rep.setAccessCodeLifespanUserAction(accessCodeLifespanUserAction);
+ return this;
+ }
+
+ public RealmBuilder accessCodeLifespan(int accessCodeLifespan) {
+ rep.setAccessCodeLifespan(accessCodeLifespan);
+ return this;
+ }
+
+ public RealmBuilder sslRequired(String sslRequired) {
+ rep.setSslRequired(sslRequired);
+ return this;
+ }
+
public RealmBuilder ssoSessionIdleTimeout(int sessionIdleTimeout) {
rep.setSsoSessionIdleTimeout(sessionIdleTimeout);
return this;
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/RoleBuilder.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/RoleBuilder.java
index caaf4df..84f38b9 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/RoleBuilder.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/RoleBuilder.java
@@ -17,7 +17,12 @@
package org.keycloak.testsuite.util;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.LinkedList;
+import java.util.List;
import org.keycloak.representations.idm.RoleRepresentation;
+import org.keycloak.representations.idm.RoleRepresentation.Composites;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@@ -53,6 +58,51 @@ public class RoleBuilder {
return this;
}
+ public RoleBuilder composite() {
+ rep.setComposite(true);
+ return this;
+ }
+
+ private void checkCompositesNull() {
+ if (rep.getComposites() == null) {
+ rep.setComposites(new Composites());
+ }
+ }
+
+ public RoleBuilder realmComposite(RoleRepresentation role) {
+ return realmComposite(role.getName());
+ }
+
+ public RoleBuilder realmComposite(String compositeRole) {
+ checkCompositesNull();
+
+ if (rep.getComposites().getRealm() == null) {
+ rep.getComposites().setRealm(new HashSet<String>());
+ }
+
+ rep.getComposites().getRealm().add(compositeRole);
+ return this;
+ }
+
+ public RoleBuilder clientComposite(String client, RoleRepresentation compositeRole) {
+ return clientComposite(client, compositeRole.getName());
+ }
+
+ public RoleBuilder clientComposite(String client, String compositeRole) {
+ checkCompositesNull();
+
+ if (rep.getComposites().getClient() == null) {
+ rep.getComposites().setClient(new HashMap<String, List<String>>());
+ }
+
+ if (rep.getComposites().getClient().get(client) == null) {
+ rep.getComposites().getClient().put(client, new LinkedList<String>());
+ }
+
+ rep.getComposites().getClient().get(client).add(compositeRole);
+ return this;
+ }
+
public RoleRepresentation build() {
return rep;
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/RolesBuilder.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/RolesBuilder.java
new file mode 100644
index 0000000..75bd6a0
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/RolesBuilder.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.keycloak.testsuite.util;
+
+import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
+import org.keycloak.representations.idm.RoleRepresentation;
+import org.keycloak.representations.idm.RolesRepresentation;
+
+/**
+ *
+ * @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
+ */
+public class RolesBuilder {
+
+ private RolesRepresentation rep;
+
+ public static RolesBuilder create() {
+ return new RolesBuilder();
+ }
+
+ private RolesBuilder() {
+ rep = new RolesRepresentation();
+ }
+
+ public RolesBuilder realmRole(RoleRepresentation role) {
+ if (rep.getRealm() == null) {
+ rep.setRealm(new LinkedList<RoleRepresentation>());
+ }
+
+ rep.getRealm().add(role);
+ return this;
+ }
+
+ public RolesBuilder clientRole(String client, RoleRepresentation role) {
+ if (rep.getClient() == null) {
+ rep.setClient(new HashMap<String, List<RoleRepresentation>>());
+ }
+
+ List<RoleRepresentation> clientList = rep.getClient().get(client);
+ if (clientList == null) {
+ rep.getClient().put(client, new LinkedList<RoleRepresentation>());
+ }
+
+ rep.getClient().get(client).add(role);
+ return this;
+ }
+
+ public RolesRepresentation build() {
+ return rep;
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/testcomposite.json b/testsuite/integration-arquillian/tests/base/src/test/resources/testcomposite.json
new file mode 100644
index 0000000..e7819e6
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/testcomposite.json
@@ -0,0 +1,203 @@
+{
+ "id": "test",
+ "realm": "test",
+ "enabled": true,
+ "accessTokenLifespan": 600,
+ "accessCodeLifespan": 600,
+ "accessCodeLifespanUserAction": 600,
+ "sslRequired": "external",
+ "registrationAllowed": true,
+ "resetPasswordAllowed": true,
+ "requiredCredentials": [ "password" ],
+ "smtpServer": {
+ "from": "auto@keycloak.org",
+ "host": "localhost",
+ "port":"3025"
+ },
+ "users" : [
+ {
+ "username" : "REALM_COMPOSITE_1_USER",
+ "enabled": true,
+ "email" : "test-user1@localhost",
+ "credentials" : [
+ { "type" : "password",
+ "value" : "password" }
+ ],
+ "realmRoles": [ "REALM_COMPOSITE_1" ]
+ },
+ {
+ "username" : "REALM_ROLE_1_USER",
+ "enabled": true,
+ "email" : "test-user2@localhost",
+ "credentials" : [
+ { "type" : "password",
+ "value" : "password" }
+ ],
+ "realmRoles": ["REALM_ROLE_1"]
+ },
+ {
+ "username" : "REALM_APP_COMPOSITE_USER",
+ "enabled": true,
+ "email" : "test-user3@localhost",
+ "credentials" : [
+ { "type" : "password",
+ "value" : "password" }
+ ],
+ "realmRoles": ["REALM_APP_COMPOSITE_ROLE"]
+ },
+ {
+ "username" : "REALM_APP_ROLE_USER",
+ "enabled": true,
+ "email" : "test-user4@localhost",
+ "credentials" : [
+ { "type" : "password",
+ "value" : "password" }
+ ],
+ "applicationRoles": {
+ "APP_ROLE_APPLICATION": [ "APP_ROLE_2" ]
+ }
+ },
+ {
+ "username" : "APP_COMPOSITE_USER",
+ "enabled": true,
+ "email" : "test-user5@localhost",
+ "credentials" : [
+ { "type" : "password",
+ "value" : "password" }
+ ],
+ "realmRoles": ["REALM_APP_COMPOSITE_ROLE", "REALM_COMPOSITE_1"]
+ }
+ ],
+ "oauthClients" : [
+ {
+ "name" : "third-party",
+ "enabled": true,
+ "secret": "password"
+ }
+ ],
+ "scopeMappings": [
+ {
+ "client": "REALM_COMPOSITE_1_APPLICATION",
+ "roles": ["REALM_COMPOSITE_1"]
+ },
+ {
+ "client": "REALM_ROLE_1_APPLICATION",
+ "roles": ["REALM_ROLE_1"]
+ }
+ ],
+ "applications": [
+ {
+ "name": "REALM_COMPOSITE_1_APPLICATION",
+ "enabled": true,
+ "fullScopeAllowed": false,
+ "baseUrl": "http://localhost:8180/auth/realms/master/app/auth",
+ "adminUrl": "http://localhost:8180/auth/realms/master/app/logout",
+ "redirectUris": [
+ "http://localhost:8180/auth/realms/master/app/*"
+ ],
+ "secret": "password"
+ },
+ {
+ "name": "REALM_ROLE_1_APPLICATION",
+ "fullScopeAllowed": false,
+ "enabled": true,
+ "baseUrl": "http://localhost:8180/auth/realms/master/app/auth",
+ "adminUrl": "http://localhost:8180/auth/realms/master/app/logout",
+ "redirectUris": [
+ "http://localhost:8180/auth/realms/master/app/*"
+ ],
+ "secret": "password"
+ },
+ {
+ "name": "APP_ROLE_APPLICATION",
+ "fullScopeAllowed": false,
+ "enabled": true,
+ "baseUrl": "http://localhost:8180/auth/realms/master/app/auth",
+ "adminUrl": "http://localhost:8180/auth/realms/master/app/logout",
+ "redirectUris": [
+ "http://localhost:8180/auth/realms/master/app/*"
+ ],
+ "secret": "password"
+ },
+ {
+ "name": "APP_COMPOSITE_APPLICATION",
+ "fullScopeAllowed": false,
+ "enabled": true,
+ "baseUrl": "http://localhost:8180/auth/realms/master/app/auth",
+ "adminUrl": "http://localhost:8180/auth/realms/master/app/logout",
+ "redirectUris": [
+ "http://localhost:8180/auth/realms/master/app/*"
+ ],
+ "secret": "password"
+ }
+ ],
+ "roles" : {
+ "realm" : [
+ {
+ "name": "REALM_ROLE_1"
+ },
+ {
+ "name": "REALM_ROLE_2"
+ },
+ {
+ "name": "REALM_ROLE_3"
+ },
+ {
+ "name": "REALM_COMPOSITE_1",
+ "composites": {
+ "realm": ["REALM_ROLE_1"]
+ }
+ },
+ {
+ "name": "REALM_APP_COMPOSITE_ROLE",
+ "composites": {
+ "application": {
+ "APP_ROLE_APPLICATION" :[
+ "APP_ROLE_1"
+ ]
+ }
+ }
+ }
+ ],
+ "application" : {
+ "APP_ROLE_APPLICATION" : [
+ {
+ "name": "APP_ROLE_1"
+ },
+ {
+ "name": "APP_ROLE_2"
+ }
+ ],
+ "APP_COMPOSITE_APPLICATION" : [
+ {
+ "name": "APP_COMPOSITE_ROLE",
+ "composites": {
+ "realm" : [
+ "REALM_ROLE_1",
+ "REALM_ROLE_2",
+ "REALM_ROLE_3"
+ ],
+ "application": {
+ "APP_ROLE_APPLICATION" :[
+ "APP_ROLE_1"
+ ]
+ }
+ }
+ },
+ {
+ "name": "APP_ROLE_2"
+ }
+ ]
+ }
+
+ },
+
+ "applicationScopeMappings": {
+ "APP_ROLE_APPLICATION": [
+ {
+ "client": "APP_COMPOSITE_APPLICATION",
+ "roles": ["APP_ROLE_2"]
+ }
+ ]
+ }
+}