keycloak-uncached
Changes
server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/DecisionPermissionCollector.java 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AbstractAuthorizationTest.java 10(+5 -5)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AggregatePolicyManagementTest.java 27(+15 -12)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ClientPolicyManagementTest.java 49(+26 -23)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/GenericPolicyManagementTest.java 28(+15 -13)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/GroupPolicyManagementTest.java 36(+20 -16)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/JSPolicyManagementTest.java 27(+15 -12)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerClaimsTest.java 11(+6 -5)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ResourceManagementTest.java 15(+8 -7)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ResourcePermissionManagementTest.java 35(+19 -16)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/RolePolicyManagementTest.java 46(+26 -20)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/RulesPolicyManagementTest.java 28(+16 -12)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ScopePermissionManagementTest.java 18(+10 -8)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/TimePolicyManagementTest.java 28(+16 -12)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/UserPolicyManagementTest.java 64(+35 -29)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AuthorizationTest.java 6(+3 -3)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/ConflictingScopePermissionTest.java 6(+3 -3)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/EntitlementAPITest.java 125(+97 -28)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/GroupNamePolicyTest.java 14(+3 -11)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/GroupPathPolicyTest.java 11(+3 -8)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PermissionClaimTest.java 17(+13 -4)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/RolePolicyTest.java 13(+3 -10)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UmaDiscoveryDocumentTest.java 26(+14 -12)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UmaGrantTypeTest.java 9(+3 -6)
Details
diff --git a/server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/DecisionPermissionCollector.java b/server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/DecisionPermissionCollector.java
index 560769d..5755aa6 100644
--- a/server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/DecisionPermissionCollector.java
+++ b/server-spi-private/src/main/java/org/keycloak/authorization/policy/evaluation/DecisionPermissionCollector.java
@@ -78,7 +78,7 @@ public class DecisionPermissionCollector extends AbstractDecisionCollector {
grantedScopes.add(scope);
// we need to grant any scope granted by a permission in case it is not explicitly
// associated with the resource. For instance, resources inheriting scopes from parent resources.
- if (!resource.getScopes().contains(scope)) {
+ if (resource != null && !resource.getScopes().contains(scope)) {
deniedScopes.remove(scope);
}
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AbstractAuthorizationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AbstractAuthorizationTest.java
index 622f1f9..8520e7d 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AbstractAuthorizationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AbstractAuthorizationTest.java
@@ -107,13 +107,13 @@ public abstract class AbstractAuthorizationTest extends AbstractClientTest {
ResourceScopesResource resources = getClientResource().authorization().scopes();
- Response response = resources.create(newScope);
+ try (Response response = resources.create(newScope)) {
+ assertEquals(Response.Status.CREATED.getStatusCode(), response.getStatus());
- assertEquals(Response.Status.CREATED.getStatusCode(), response.getStatus());
+ ScopeRepresentation stored = response.readEntity(ScopeRepresentation.class);
- ScopeRepresentation stored = response.readEntity(ScopeRepresentation.class);
-
- return resources.scope(stored.getId());
+ return resources.scope(stored.getId());
+ }
}
private RealmBuilder createTestRealm() {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AggregatePolicyManagementTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AggregatePolicyManagementTest.java
index 230b4ee..32da9c9 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AggregatePolicyManagementTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AggregatePolicyManagementTest.java
@@ -86,27 +86,30 @@ public class AggregatePolicyManagementTest extends AbstractPolicyManagementTest
representation.addPolicy("Only Marta Policy");
AggregatePoliciesResource policies = authorization.policies().aggregate();
- Response response = policies.create(representation);
- AggregatePolicyRepresentation created = response.readEntity(AggregatePolicyRepresentation.class);
- policies.findById(created.getId()).remove();
+ try (Response response = policies.create(representation)) {
+ AggregatePolicyRepresentation created = response.readEntity(AggregatePolicyRepresentation.class);
- AggregatePolicyResource removed = policies.findById(created.getId());
+ policies.findById(created.getId()).remove();
- try {
- removed.toRepresentation();
- fail("Policy not removed");
- } catch (NotFoundException ignore) {
+ AggregatePolicyResource removed = policies.findById(created.getId());
+ try {
+ removed.toRepresentation();
+ fail("Policy not removed");
+ } catch (NotFoundException ignore) {
+
+ }
}
}
private void assertCreated(AuthorizationResource authorization, AggregatePolicyRepresentation representation) {
AggregatePoliciesResource permissions = authorization.policies().aggregate();
- Response response = permissions.create(representation);
- AggregatePolicyRepresentation created = response.readEntity(AggregatePolicyRepresentation.class);
- AggregatePolicyResource permission = permissions.findById(created.getId());
- assertRepresentation(representation, permission);
+ try (Response response = permissions.create(representation)) {
+ AggregatePolicyRepresentation created = response.readEntity(AggregatePolicyRepresentation.class);
+ AggregatePolicyResource permission = permissions.findById(created.getId());
+ assertRepresentation(representation, permission);
+ }
}
private void assertRepresentation(AggregatePolicyRepresentation representation, AggregatePolicyResource policy) {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ClientPolicyManagementTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ClientPolicyManagementTest.java
index 0671bfb..a7f86e4 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ClientPolicyManagementTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ClientPolicyManagementTest.java
@@ -115,19 +115,20 @@ public class ClientPolicyManagementTest extends AbstractPolicyManagementTest {
representation.addClient("Client A");
ClientPoliciesResource policies = authorization.policies().client();
- Response response = policies.create(representation);
- ClientPolicyRepresentation created = response.readEntity(ClientPolicyRepresentation.class);
- response.close();
- policies.findById(created.getId()).remove();
+ try (Response response = policies.create(representation)) {
+ ClientPolicyRepresentation created = response.readEntity(ClientPolicyRepresentation.class);
- ClientPolicyResource removed = policies.findById(created.getId());
+ policies.findById(created.getId()).remove();
- try {
- removed.toRepresentation();
- fail("Permission not removed");
- } catch (NotFoundException ignore) {
+ ClientPolicyResource removed = policies.findById(created.getId());
+
+ try {
+ removed.toRepresentation();
+ fail("Permission not removed");
+ } catch (NotFoundException ignore) {
+ }
}
}
@@ -185,28 +186,30 @@ public class ClientPolicyManagementTest extends AbstractPolicyManagementTest {
representation.addClient("Client A");
ClientPoliciesResource policies = authorization.policies().client();
- Response response = policies.create(representation);
- ClientPolicyRepresentation created = response.readEntity(ClientPolicyRepresentation.class);
- response.close();
- PolicyResource policy = authorization.policies().policy(created.getId());
- PolicyRepresentation genericConfig = policy.toRepresentation();
+ try (Response response = policies.create(representation)) {
+ ClientPolicyRepresentation created = response.readEntity(ClientPolicyRepresentation.class);
- assertNotNull(genericConfig.getConfig());
- assertNotNull(genericConfig.getConfig().get("clients"));
+ PolicyResource policy = authorization.policies().policy(created.getId());
+ PolicyRepresentation genericConfig = policy.toRepresentation();
- ClientRepresentation user = getRealm().clients().findByClientId("Client A").get(0);
+ assertNotNull(genericConfig.getConfig());
+ assertNotNull(genericConfig.getConfig().get("clients"));
- assertTrue(genericConfig.getConfig().get("clients").contains(user.getId()));
+ ClientRepresentation user = getRealm().clients().findByClientId("Client A").get(0);
+
+ assertTrue(genericConfig.getConfig().get("clients").contains(user.getId()));
+ }
}
private void assertCreated(AuthorizationResource authorization, ClientPolicyRepresentation representation) {
ClientPoliciesResource permissions = authorization.policies().client();
- Response response = permissions.create(representation);
- ClientPolicyRepresentation created = response.readEntity(ClientPolicyRepresentation.class);
- response.close();
- ClientPolicyResource permission = permissions.findById(created.getId());
- assertRepresentation(representation, permission);
+
+ try (Response response = permissions.create(representation)) {
+ ClientPolicyRepresentation created = response.readEntity(ClientPolicyRepresentation.class);
+ ClientPolicyResource permission = permissions.findById(created.getId());
+ assertRepresentation(representation, permission);
+ }
}
private void assertRepresentation(ClientPolicyRepresentation representation, ClientPolicyResource permission) {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/GenericPolicyManagementTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/GenericPolicyManagementTest.java
index f1ef32e..745e5a7 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/GenericPolicyManagementTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/GenericPolicyManagementTest.java
@@ -189,13 +189,14 @@ public class GenericPolicyManagementTest extends AbstractAuthorizationTest {
newPolicy.setConfig(config);
PoliciesResource policies = getClientResource().authorization().policies();
- Response response = policies.create(newPolicy);
- assertEquals(Response.Status.CREATED.getStatusCode(), response.getStatus());
+ try (Response response = policies.create(newPolicy)) {
+ assertEquals(Response.Status.CREATED.getStatusCode(), response.getStatus());
- PolicyRepresentation stored = response.readEntity(PolicyRepresentation.class);
+ PolicyRepresentation stored = response.readEntity(PolicyRepresentation.class);
- return policies.policy(stored.getId());
+ return policies.policy(stored.getId());
+ }
}
private ResourceResource createResource(String name) {
@@ -205,13 +206,13 @@ public class GenericPolicyManagementTest extends AbstractAuthorizationTest {
ResourcesResource resources = getClientResource().authorization().resources();
- Response response = resources.create(newResource);
-
- assertEquals(Response.Status.CREATED.getStatusCode(), response.getStatus());
+ try (Response response = resources.create(newResource)) {
+ assertEquals(Response.Status.CREATED.getStatusCode(), response.getStatus());
- ResourceRepresentation stored = response.readEntity(ResourceRepresentation.class);
+ ResourceRepresentation stored = response.readEntity(ResourceRepresentation.class);
- return resources.resource(stored.getId());
+ return resources.resource(stored.getId());
+ }
}
private ResourceScopeResource createScope(String name) {
@@ -221,13 +222,14 @@ public class GenericPolicyManagementTest extends AbstractAuthorizationTest {
ResourceScopesResource scopes = getClientResource().authorization().scopes();
- Response response = scopes.create(newScope);
+ try (Response response = scopes.create(newScope)) {
- assertEquals(Response.Status.CREATED.getStatusCode(), response.getStatus());
+ assertEquals(Response.Status.CREATED.getStatusCode(), response.getStatus());
- ScopeRepresentation stored = response.readEntity(ScopeRepresentation.class);
+ ScopeRepresentation stored = response.readEntity(ScopeRepresentation.class);
- return scopes.scope(stored.getId());
+ return scopes.scope(stored.getId());
+ }
}
private String buildConfigOption(String... values) {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/GroupPolicyManagementTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/GroupPolicyManagementTest.java
index fc1cc33..eb54564 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/GroupPolicyManagementTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/GroupPolicyManagementTest.java
@@ -145,18 +145,20 @@ public class GroupPolicyManagementTest extends AbstractPolicyManagementTest {
representation.addGroupPath("Group F");
GroupPoliciesResource policies = authorization.policies().group();
- Response response = policies.create(representation);
- GroupPolicyRepresentation created = response.readEntity(GroupPolicyRepresentation.class);
- policies.findById(created.getId()).remove();
+ try (Response response = policies.create(representation)) {
+ GroupPolicyRepresentation created = response.readEntity(GroupPolicyRepresentation.class);
- GroupPolicyResource removed = policies.findById(created.getId());
+ policies.findById(created.getId()).remove();
- try {
- removed.toRepresentation();
- fail("Permission not removed");
- } catch (NotFoundException ignore) {
+ GroupPolicyResource removed = policies.findById(created.getId());
+ try {
+ removed.toRepresentation();
+ fail("Permission not removed");
+ } catch (NotFoundException ignore) {
+
+ }
}
}
@@ -183,18 +185,20 @@ public class GroupPolicyManagementTest extends AbstractPolicyManagementTest {
representation.addGroupPath("/Group A");
GroupPoliciesResource policies = authorization.policies().group();
- Response response = policies.create(representation);
- GroupPolicyRepresentation created = response.readEntity(GroupPolicyRepresentation.class);
- PolicyResource policy = authorization.policies().policy(created.getId());
- PolicyRepresentation genericConfig = policy.toRepresentation();
+ try (Response response = policies.create(representation)) {
+ GroupPolicyRepresentation created = response.readEntity(GroupPolicyRepresentation.class);
- assertNotNull(genericConfig.getConfig());
- assertNotNull(genericConfig.getConfig().get("groups"));
+ PolicyResource policy = authorization.policies().policy(created.getId());
+ PolicyRepresentation genericConfig = policy.toRepresentation();
- GroupRepresentation group = getRealm().groups().groups().stream().filter(groupRepresentation -> groupRepresentation.getName().equals("Group A")).findFirst().get();
+ assertNotNull(genericConfig.getConfig());
+ assertNotNull(genericConfig.getConfig().get("groups"));
- assertTrue(genericConfig.getConfig().get("groups").contains(group.getId()));
+ GroupRepresentation group = getRealm().groups().groups().stream().filter(groupRepresentation -> groupRepresentation.getName().equals("Group A")).findFirst().get();
+
+ assertTrue(genericConfig.getConfig().get("groups").contains(group.getId()));
+ }
}
private void assertCreated(AuthorizationResource authorization, GroupPolicyRepresentation representation) {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/JSPolicyManagementTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/JSPolicyManagementTest.java
index f6aefd7..bec418d 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/JSPolicyManagementTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/JSPolicyManagementTest.java
@@ -86,27 +86,30 @@ public class JSPolicyManagementTest extends AbstractPolicyManagementTest {
representation.setCode("$evaluation.grant()");
JSPoliciesResource policies = authorization.policies().js();
- Response response = policies.create(representation);
- JSPolicyRepresentation created = response.readEntity(JSPolicyRepresentation.class);
+ try (Response response = policies.create(representation)) {
+ JSPolicyRepresentation created = response.readEntity(JSPolicyRepresentation.class);
- policies.findById(created.getId()).remove();
+ policies.findById(created.getId()).remove();
- JSPolicyResource removed = policies.findById(created.getId());
+ JSPolicyResource removed = policies.findById(created.getId());
- try {
- removed.toRepresentation();
- fail("Permission not removed");
- } catch (NotFoundException ignore) {
+ try {
+ removed.toRepresentation();
+ fail("Permission not removed");
+ } catch (NotFoundException ignore) {
+ }
}
}
private void assertCreated(AuthorizationResource authorization, JSPolicyRepresentation representation) {
JSPoliciesResource permissions = authorization.policies().js();
- Response response = permissions.create(representation);
- JSPolicyRepresentation created = response.readEntity(JSPolicyRepresentation.class);
- JSPolicyResource permission = permissions.findById(created.getId());
- assertRepresentation(representation, permission);
+
+ try (Response response = permissions.create(representation)) {
+ JSPolicyRepresentation created = response.readEntity(JSPolicyRepresentation.class);
+ JSPolicyResource permission = permissions.findById(created.getId());
+ assertRepresentation(representation, permission);
+ }
}
private void assertRepresentation(JSPolicyRepresentation representation, JSPolicyResource permission) {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerClaimsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerClaimsTest.java
index 0c2267e..c89a06f 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerClaimsTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerClaimsTest.java
@@ -333,7 +333,7 @@ public class PolicyEnforcerClaimsTest extends AbstractKeycloakTest {
policy.setCode(code.toString());
- clientResource.authorization().policies().js().create(policy);
+ clientResource.authorization().policies().js().create(policy).close();
createResource(clientResource, "Bank Account", "/api/bank/account/{id}/withdrawal", "withdrawal");
@@ -343,7 +343,7 @@ public class PolicyEnforcerClaimsTest extends AbstractKeycloakTest {
permission.addScope("withdrawal");
permission.addPolicy(policy.getName());
- clientResource.authorization().permissions().scope().create(permission);
+ clientResource.authorization().permissions().scope().create(permission).close();
}
}
@@ -362,11 +362,12 @@ public class PolicyEnforcerClaimsTest extends AbstractKeycloakTest {
representation.setUri(uri);
representation.setScopes(Arrays.asList(scopes).stream().map(ScopeRepresentation::new).collect(Collectors.toSet()));
- javax.ws.rs.core.Response response = clientResource.authorization().resources().create(representation);
+ try (javax.ws.rs.core.Response response = clientResource.authorization().resources().create(representation)) {
- representation.setId(response.readEntity(ResourceRepresentation.class).getId());
+ representation.setId(response.readEntity(ResourceRepresentation.class).getId());
- return representation;
+ return representation;
+ }
}
private ClientResource getClientResource(String name) {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ResourceManagementTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ResourceManagementTest.java
index 5b8384a..d6459a0 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ResourceManagementTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ResourceManagementTest.java
@@ -250,17 +250,18 @@ public class ResourceManagementTest extends AbstractAuthorizationTest {
protected ResourceRepresentation doCreateResource(ResourceRepresentation newResource) {
ResourcesResource resources = getClientResource().authorization().resources();
- Response response = resources.create(newResource);
+ try (Response response = resources.create(newResource)) {
- int status = response.getStatus();
+ int status = response.getStatus();
- if (status != Response.Status.CREATED.getStatusCode()) {
- throw new RuntimeException(new HttpResponseException("Error", status, "", null));
- }
+ if (status != Response.Status.CREATED.getStatusCode()) {
+ throw new RuntimeException(new HttpResponseException("Error", status, "", null));
+ }
- ResourceRepresentation stored = response.readEntity(ResourceRepresentation.class);
+ ResourceRepresentation stored = response.readEntity(ResourceRepresentation.class);
- return resources.resource(stored.getId()).toRepresentation();
+ return resources.resource(stored.getId()).toRepresentation();
+ }
}
protected ResourceRepresentation doUpdateResource(ResourceRepresentation resource) {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ResourcePermissionManagementTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ResourcePermissionManagementTest.java
index 71ef5e8..b93832e 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ResourcePermissionManagementTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ResourcePermissionManagementTest.java
@@ -114,18 +114,20 @@ public class ResourcePermissionManagementTest extends AbstractPolicyManagementTe
representation.addPolicy("Only Marta Policy");
ResourcePermissionsResource permissions = authorization.permissions().resource();
- Response response = permissions.create(representation);
- ResourcePermissionRepresentation created = response.readEntity(ResourcePermissionRepresentation.class);
- permissions.findById(created.getId()).remove();
+ try (Response response = permissions.create(representation)) {
+ ResourcePermissionRepresentation created = response.readEntity(ResourcePermissionRepresentation.class);
- ResourcePermissionResource removed = permissions.findById(created.getId());
+ permissions.findById(created.getId()).remove();
- try {
- removed.toRepresentation();
- fail("Permission not removed");
- } catch (NotFoundException ignore) {
+ ResourcePermissionResource removed = permissions.findById(created.getId());
+ try {
+ removed.toRepresentation();
+ fail("Permission not removed");
+ } catch (NotFoundException ignore) {
+
+ }
}
}
@@ -140,23 +142,24 @@ public class ResourcePermissionManagementTest extends AbstractPolicyManagementTe
ResourcePermissionsResource permissions = authorization.permissions().resource();
- permissions.create(permission1);
+ permissions.create(permission1).close();
ResourcePermissionRepresentation permission2 = new ResourcePermissionRepresentation();
permission2.setName(permission1.getName());
- Response response = permissions.create(permission2);
-
- assertEquals(Response.Status.CONFLICT.getStatusCode(), response.getStatus());
+ try (Response response = permissions.create(permission2)) {
+ assertEquals(Response.Status.CONFLICT.getStatusCode(), response.getStatus());
+ }
}
private void assertCreated(AuthorizationResource authorization, ResourcePermissionRepresentation representation) {
ResourcePermissionsResource permissions = authorization.permissions().resource();
- Response response = permissions.create(representation);
- ResourcePermissionRepresentation created = response.readEntity(ResourcePermissionRepresentation.class);
- ResourcePermissionResource permission = permissions.findById(created.getId());
- assertRepresentation(representation, permission);
+ try (Response response = permissions.create(representation)) {
+ ResourcePermissionRepresentation created = response.readEntity(ResourcePermissionRepresentation.class);
+ ResourcePermissionResource permission = permissions.findById(created.getId());
+ assertRepresentation(representation, permission);
+ }
}
private void assertRepresentation(ResourcePermissionRepresentation representation, ResourcePermissionResource permission) {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/RolePolicyManagementTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/RolePolicyManagementTest.java
index f066c71..a5e03e4 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/RolePolicyManagementTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/RolePolicyManagementTest.java
@@ -147,18 +147,20 @@ public class RolePolicyManagementTest extends AbstractPolicyManagementTest {
representation.addRole("Role A", false);
RolePoliciesResource policies = authorization.policies().role();
- Response response = policies.create(representation);
- RolePolicyRepresentation created = response.readEntity(RolePolicyRepresentation.class);
- policies.findById(created.getId()).remove();
+ try (Response response = policies.create(representation)) {
+ RolePolicyRepresentation created = response.readEntity(RolePolicyRepresentation.class);
- RolePolicyResource removed = policies.findById(created.getId());
+ policies.findById(created.getId()).remove();
- try {
- removed.toRepresentation();
- fail("Permission not removed");
- } catch (NotFoundException ignore) {
+ RolePolicyResource removed = policies.findById(created.getId());
+ try {
+ removed.toRepresentation();
+ fail("Permission not removed");
+ } catch (NotFoundException ignore) {
+
+ }
}
}
@@ -171,26 +173,30 @@ public class RolePolicyManagementTest extends AbstractPolicyManagementTest {
representation.addRole("Role A", false);
RolePoliciesResource policies = authorization.policies().role();
- Response response = policies.create(representation);
- RolePolicyRepresentation created = response.readEntity(RolePolicyRepresentation.class);
- PolicyResource policy = authorization.policies().policy(created.getId());
- PolicyRepresentation genericConfig = policy.toRepresentation();
+ try (Response response = policies.create(representation)) {
+ RolePolicyRepresentation created = response.readEntity(RolePolicyRepresentation.class);
- assertNotNull(genericConfig.getConfig());
- assertNotNull(genericConfig.getConfig().get("roles"));
+ PolicyResource policy = authorization.policies().policy(created.getId());
+ PolicyRepresentation genericConfig = policy.toRepresentation();
- RoleRepresentation role = getRealm().roles().get("Role A").toRepresentation();
+ assertNotNull(genericConfig.getConfig());
+ assertNotNull(genericConfig.getConfig().get("roles"));
- assertTrue(genericConfig.getConfig().get("roles").contains(role.getId()));
+ RoleRepresentation role = getRealm().roles().get("Role A").toRepresentation();
+
+ assertTrue(genericConfig.getConfig().get("roles").contains(role.getId()));
+ }
}
private void assertCreated(AuthorizationResource authorization, RolePolicyRepresentation representation) {
RolePoliciesResource permissions = authorization.policies().role();
- Response response = permissions.create(representation);
- RolePolicyRepresentation created = response.readEntity(RolePolicyRepresentation.class);
- RolePolicyResource permission = permissions.findById(created.getId());
- assertRepresentation(representation, permission);
+
+ try (Response response = permissions.create(representation)) {
+ RolePolicyRepresentation created = response.readEntity(RolePolicyRepresentation.class);
+ RolePolicyResource permission = permissions.findById(created.getId());
+ assertRepresentation(representation, permission);
+ }
}
private void assertRepresentation(RolePolicyRepresentation representation, RolePolicyResource permission) {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/RulesPolicyManagementTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/RulesPolicyManagementTest.java
index c863514..dfdcbfc 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/RulesPolicyManagementTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/RulesPolicyManagementTest.java
@@ -77,18 +77,20 @@ public class RulesPolicyManagementTest extends AbstractPolicyManagementTest {
RulePolicyRepresentation representation = createDefaultRepresentation("Delete Rule Policy");
RulePoliciesResource policies = authorization.policies().rule();
- Response response = policies.create(representation);
- RulePolicyRepresentation created = response.readEntity(RulePolicyRepresentation.class);
- policies.findById(created.getId()).remove();
+ try (Response response = policies.create(representation)) {
+ RulePolicyRepresentation created = response.readEntity(RulePolicyRepresentation.class);
- RulePolicyResource removed = policies.findById(created.getId());
+ policies.findById(created.getId()).remove();
- try {
- removed.toRepresentation();
- fail("Policy not removed");
- } catch (NotFoundException ignore) {
+ RulePolicyResource removed = policies.findById(created.getId());
+ try {
+ removed.toRepresentation();
+ fail("Policy not removed");
+ } catch (NotFoundException ignore) {
+
+ }
}
}
@@ -112,10 +114,12 @@ public class RulesPolicyManagementTest extends AbstractPolicyManagementTest {
private void assertCreated(AuthorizationResource authorization, RulePolicyRepresentation representation) {
RulePoliciesResource permissions = authorization.policies().rule();
- Response response = permissions.create(representation);
- RulePolicyRepresentation created = response.readEntity(RulePolicyRepresentation.class);
- RulePolicyResource permission = permissions.findById(created.getId());
- assertRepresentation(representation, permission);
+
+ try (Response response = permissions.create(representation)) {
+ RulePolicyRepresentation created = response.readEntity(RulePolicyRepresentation.class);
+ RulePolicyResource permission = permissions.findById(created.getId());
+ assertRepresentation(representation, permission);
+ }
}
private void assertRepresentation(RulePolicyRepresentation expected, RulePolicyResource policy) {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ScopePermissionManagementTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ScopePermissionManagementTest.java
index 5db4817..c667f96 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ScopePermissionManagementTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ScopePermissionManagementTest.java
@@ -134,23 +134,25 @@ public class ScopePermissionManagementTest extends AbstractPolicyManagementTest
ScopePermissionsResource permissions = authorization.permissions().scope();
- permissions.create(permission1);
+ permissions.create(permission1).close();
ScopePermissionRepresentation permission2 = new ScopePermissionRepresentation();
permission2.setName(permission1.getName());
- Response response = permissions.create(permission2);
-
- assertEquals(Response.Status.CONFLICT.getStatusCode(), response.getStatus());
+ try (Response response = permissions.create(permission2)) {
+ assertEquals(Response.Status.CONFLICT.getStatusCode(), response.getStatus());
+ }
}
private void assertCreated(AuthorizationResource authorization, ScopePermissionRepresentation representation) {
ScopePermissionsResource permissions = authorization.permissions().scope();
- Response response = permissions.create(representation);
- ScopePermissionRepresentation created = response.readEntity(ScopePermissionRepresentation.class);
- ScopePermissionResource permission = permissions.findById(created.getId());
- assertRepresentation(representation, permission);
+
+ try (Response response = permissions.create(representation)) {
+ ScopePermissionRepresentation created = response.readEntity(ScopePermissionRepresentation.class);
+ ScopePermissionResource permission = permissions.findById(created.getId());
+ assertRepresentation(representation, permission);
+ }
}
private void assertRepresentation(ScopePermissionRepresentation representation, ScopePermissionResource permission) {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/TimePolicyManagementTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/TimePolicyManagementTest.java
index 6095363..0ddb3e4 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/TimePolicyManagementTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/TimePolicyManagementTest.java
@@ -101,18 +101,20 @@ public class TimePolicyManagementTest extends AbstractPolicyManagementTest {
AuthorizationResource authorization = getClient().authorization();
TimePolicyRepresentation representation = createRepresentation("Test Delete Policy");
TimePoliciesResource policies = authorization.policies().time();
- Response response = policies.create(representation);
- TimePolicyRepresentation created = response.readEntity(TimePolicyRepresentation.class);
- policies.findById(created.getId()).remove();
+ try (Response response = policies.create(representation)) {
+ TimePolicyRepresentation created = response.readEntity(TimePolicyRepresentation.class);
- TimePolicyResource removed = policies.findById(created.getId());
+ policies.findById(created.getId()).remove();
- try {
- removed.toRepresentation();
- fail("Permission not removed");
- } catch (NotFoundException ignore) {
+ TimePolicyResource removed = policies.findById(created.getId());
+ try {
+ removed.toRepresentation();
+ fail("Permission not removed");
+ } catch (NotFoundException ignore) {
+
+ }
}
}
@@ -140,10 +142,12 @@ public class TimePolicyManagementTest extends AbstractPolicyManagementTest {
private void assertCreated(AuthorizationResource authorization, TimePolicyRepresentation representation) {
TimePoliciesResource permissions = authorization.policies().time();
- Response response = permissions.create(representation);
- TimePolicyRepresentation created = response.readEntity(TimePolicyRepresentation.class);
- TimePolicyResource permission = permissions.findById(created.getId());
- assertRepresentation(representation, permission);
+
+ try (Response response = permissions.create(representation)) {
+ TimePolicyRepresentation created = response.readEntity(TimePolicyRepresentation.class);
+ TimePolicyResource permission = permissions.findById(created.getId());
+ assertRepresentation(representation, permission);
+ }
}
private void assertRepresentation(TimePolicyRepresentation representation, TimePolicyResource permission) {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/UserPolicyManagementTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/UserPolicyManagementTest.java
index 9a7e9d3..007f60b 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/UserPolicyManagementTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/UserPolicyManagementTest.java
@@ -118,18 +118,20 @@ public class UserPolicyManagementTest extends AbstractPolicyManagementTest {
representation.addUser("User A");
UserPoliciesResource policies = authorization.policies().user();
- Response response = policies.create(representation);
- UserPolicyRepresentation created = response.readEntity(UserPolicyRepresentation.class);
- policies.findById(created.getId()).remove();
+ try (Response response = policies.create(representation)) {
+ UserPolicyRepresentation created = response.readEntity(UserPolicyRepresentation.class);
- UserPolicyResource removed = policies.findById(created.getId());
+ policies.findById(created.getId()).remove();
- try {
- removed.toRepresentation();
- fail("Permission not removed");
- } catch (NotFoundException ignore) {
+ UserPolicyResource removed = policies.findById(created.getId());
+
+ try {
+ removed.toRepresentation();
+ fail("Permission not removed");
+ } catch (NotFoundException ignore) {
+ }
}
}
@@ -186,18 +188,20 @@ public class UserPolicyManagementTest extends AbstractPolicyManagementTest {
representation.addUser("User A");
UserPoliciesResource policies = authorization.policies().user();
- Response response = policies.create(representation);
- UserPolicyRepresentation created = response.readEntity(UserPolicyRepresentation.class);
- PolicyResource policy = authorization.policies().policy(created.getId());
- PolicyRepresentation genericConfig = policy.toRepresentation();
+ try (Response response = policies.create(representation)) {
+ UserPolicyRepresentation created = response.readEntity(UserPolicyRepresentation.class);
+
+ PolicyResource policy = authorization.policies().policy(created.getId());
+ PolicyRepresentation genericConfig = policy.toRepresentation();
- assertNotNull(genericConfig.getConfig());
- assertNotNull(genericConfig.getConfig().get("users"));
+ assertNotNull(genericConfig.getConfig());
+ assertNotNull(genericConfig.getConfig().get("users"));
- UserRepresentation user = getRealm().users().search("User A").get(0);
+ UserRepresentation user = getRealm().users().search("User A").get(0);
- assertTrue(genericConfig.getConfig().get("users").contains(user.getId()));
+ assertTrue(genericConfig.getConfig().get("users").contains(user.getId()));
+ }
}
@Test
@@ -219,33 +223,35 @@ public class UserPolicyManagementTest extends AbstractPolicyManagementTest {
policy.setConfig(config);
- Response response = authorization.policies().create(policy);
- assertEquals(Response.Status.INTERNAL_SERVER_ERROR, response.getStatusInfo());
- response.close();
+ try (Response response = authorization.policies().create(policy)) {
+ assertEquals(Response.Status.INTERNAL_SERVER_ERROR, response.getStatusInfo());
+ }
config.put("users", "");
policy.setConfig(config);
- response = authorization.policies().create(policy);
- assertEquals(Response.Status.INTERNAL_SERVER_ERROR, response.getStatusInfo());
- response.close();
+ try (Response response = authorization.policies().create(policy)) {
+ assertEquals(Response.Status.INTERNAL_SERVER_ERROR, response.getStatusInfo());
+ }
config.clear();
policy.setConfig(config);
- response = authorization.policies().create(policy);
- assertEquals(Response.Status.INTERNAL_SERVER_ERROR, response.getStatusInfo());
- response.close();
+ try (Response response = authorization.policies().create(policy)) {
+ assertEquals(Response.Status.INTERNAL_SERVER_ERROR, response.getStatusInfo());
+ }
}
private void assertCreated(AuthorizationResource authorization, UserPolicyRepresentation representation) {
UserPoliciesResource permissions = authorization.policies().user();
- Response response = permissions.create(representation);
- UserPolicyRepresentation created = response.readEntity(UserPolicyRepresentation.class);
- UserPolicyResource permission = permissions.findById(created.getId());
- assertRepresentation(representation, permission);
+
+ try (Response response = permissions.create(representation)) {
+ UserPolicyRepresentation created = response.readEntity(UserPolicyRepresentation.class);
+ UserPolicyResource permission = permissions.findById(created.getId());
+ assertRepresentation(representation, permission);
+ }
}
private void assertRepresentation(UserPolicyRepresentation representation, UserPolicyResource permission) {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AuthorizationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AuthorizationTest.java
index 748aa74..f994337 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AuthorizationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AuthorizationTest.java
@@ -183,9 +183,9 @@ public class AuthorizationTest extends AbstractAuthzTest {
permission.addResource(resource.getId());
permission.addPolicy(policies);
- Response response = getClient().authorization().permissions().resource().create(permission);
-
- assertEquals(201, response.getStatus());
+ try (Response response = getClient().authorization().permissions().resource().create(permission)) {
+ assertEquals(201, response.getStatus());
+ }
}
@NotNull
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/ConflictingScopePermissionTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/ConflictingScopePermissionTest.java
index b130b8c..529bb5b 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/ConflictingScopePermissionTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/ConflictingScopePermissionTest.java
@@ -274,7 +274,7 @@ public class ConflictingScopePermissionTest extends AbstractAuthzTest {
representation.setConfig(config);
- client.authorization().policies().create(representation);
+ client.authorization().policies().create(representation).close();
}
private void createResourcePermission(String name, String resourceName, List<String> policies, ClientResource client) throws IOException {
@@ -284,7 +284,7 @@ public class ConflictingScopePermissionTest extends AbstractAuthzTest {
representation.addResource(resourceName);
representation.addPolicy(policies.toArray(new String[policies.size()]));
- client.authorization().permissions().resource().create(representation);
+ client.authorization().permissions().resource().create(representation).close();
}
private void createScopePermission(String name, String resourceName, List<String> scopes, List<String> policies, ClientResource client) throws IOException {
@@ -300,7 +300,7 @@ public class ConflictingScopePermissionTest extends AbstractAuthzTest {
representation.addScope(scopes.toArray(new String[scopes.size()]));
representation.addPolicy(policies.toArray(new String[policies.size()]));
- authorization.permissions().scope().create(representation);
+ authorization.permissions().scope().create(representation).close();
}
private AuthzClient getAuthzClient() {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/EntitlementAPITest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/EntitlementAPITest.java
index 13a0922..27b3d41 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/EntitlementAPITest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/EntitlementAPITest.java
@@ -24,6 +24,7 @@ import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
+import javax.ws.rs.core.Response;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
@@ -36,8 +37,6 @@ import java.util.Set;
import java.util.function.Supplier;
import org.apache.http.client.HttpClient;
-import org.apache.http.impl.client.BasicCookieStore;
-import org.apache.http.impl.client.DefaultHttpRequestRetryHandler;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.hamcrest.Matchers;
@@ -80,9 +79,9 @@ import org.keycloak.representations.idm.authorization.PermissionTicketRepresenta
import org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation;
+import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.representations.idm.authorization.UserPolicyRepresentation;
import org.keycloak.testsuite.util.ClientBuilder;
-import org.keycloak.testsuite.util.ContainerAssume;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.RoleBuilder;
@@ -407,7 +406,9 @@ public class EntitlementAPITest extends AbstractAuthzTest {
resource.setOwner("marta");
resource.setOwnerManagedAccess(true);
- resource = authorization.resources().create(resource).readEntity(ResourceRepresentation.class);
+ try (Response response = authorization.resources().create(resource)) {
+ resource = response.readEntity(ResourceRepresentation.class);
+ }
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
@@ -415,7 +416,7 @@ public class EntitlementAPITest extends AbstractAuthzTest {
permission.addResource(resource.getId());
permission.addPolicy(policy.getName());
- authorization.permissions().resource().create(permission);
+ authorization.permissions().resource().create(permission).close();
assertTrue(hasPermission("marta", "password", resource.getId()));
assertFalse(hasPermission("kolo", "password", resource.getId()));
@@ -543,7 +544,7 @@ public class EntitlementAPITest extends AbstractAuthzTest {
resource.setName("Sensors");
resource.addScope("sensors:view", "sensors:update", "sensors:delete");
- resource = authorization.resources().create(resource).readEntity(ResourceRepresentation.class);
+ authorization.resources().create(resource).close();
ScopePermissionRepresentation permission = new ScopePermissionRepresentation();
@@ -551,7 +552,7 @@ public class EntitlementAPITest extends AbstractAuthzTest {
permission.addScope("sensors:view");
permission.addPolicy(policy.getName());
- authorization.permissions().scope().create(permission);
+ authorization.permissions().scope().create(permission).close();
String accessToken = new OAuthClient().realm("authz-test").clientId(RESOURCE_SERVER_TEST).doGrantAccessTokenRequest("secret", "kolo", "password").getAccessToken();
AuthzClient authzClient = getAuthzClient(AUTHZ_CLIENT_CONFIG);
@@ -585,7 +586,9 @@ public class EntitlementAPITest extends AbstractAuthzTest {
resource.setName(KeycloakModelUtils.generateId());
resource.addScope("sensors:view", "sensors:update", "sensors:delete");
- resource = authorization.resources().create(resource).readEntity(ResourceRepresentation.class);
+ try (Response response = authorization.resources().create(resource)) {
+ resource = response.readEntity(ResourceRepresentation.class);
+ }
ScopePermissionRepresentation permission = new ScopePermissionRepresentation();
@@ -593,7 +596,7 @@ public class EntitlementAPITest extends AbstractAuthzTest {
permission.addScope("sensors:view");
permission.addPolicy(policy.getName());
- authorization.permissions().scope().create(permission);
+ authorization.permissions().scope().create(permission).close();
String accessToken = new OAuthClient().realm("authz-test").clientId(RESOURCE_SERVER_TEST).doGrantAccessTokenRequest("secret", "kolo", "password").getAccessToken();
AuthzClient authzClient = getAuthzClient(AUTHZ_CLIENT_CONFIG);
@@ -640,14 +643,18 @@ public class EntitlementAPITest extends AbstractAuthzTest {
resource.setName(KeycloakModelUtils.generateId());
resource.addScope("sensors:view", "sensors:update", "sensors:delete");
- resourceIds.add(authorization.resources().create(resource).readEntity(ResourceRepresentation.class).getId());
+ try (Response response = authorization.resources().create(resource)) {
+ resourceIds.add(response.readEntity(ResourceRepresentation.class).getId());
+ }
resource = new ResourceRepresentation();
resource.setName(KeycloakModelUtils.generateId());
resource.addScope("sensors:view", "sensors:update");
- resourceIds.add(authorization.resources().create(resource).readEntity(ResourceRepresentation.class).getId());
+ try (Response response = authorization.resources().create(resource)) {
+ resourceIds.add(response.readEntity(ResourceRepresentation.class).getId());
+ }
ScopePermissionRepresentation permission = new ScopePermissionRepresentation();
@@ -655,7 +662,7 @@ public class EntitlementAPITest extends AbstractAuthzTest {
permission.addScope("sensors:view", "sensors:update");
permission.addPolicy(policy.getName());
- authorization.permissions().scope().create(permission);
+ authorization.permissions().scope().create(permission).close();
String accessToken = new OAuthClient().realm("authz-test").clientId(RESOURCE_SERVER_TEST).doGrantAccessTokenRequest("secret", "kolo", "password").getAccessToken();
AuthzClient authzClient = getAuthzClient(AUTHZ_CLIENT_CONFIG);
@@ -718,6 +725,46 @@ public class EntitlementAPITest extends AbstractAuthzTest {
}
@Test
+ public void testObtainAllEntitlementsForScopeWithDeny() throws Exception {
+ ClientResource client = getClient(getRealm(), RESOURCE_SERVER_TEST);
+ AuthorizationResource authorization = client.authorization();
+
+ JSPolicyRepresentation policy = new JSPolicyRepresentation();
+
+ policy.setName(KeycloakModelUtils.generateId());
+ policy.setCode("$evaluation.grant();");
+
+ authorization.policies().js().create(policy).close();
+
+ authorization.scopes().create(new ScopeRepresentation("sensors:view")).close();
+
+ ScopePermissionRepresentation permission = new ScopePermissionRepresentation();
+
+ permission.setName(KeycloakModelUtils.generateId());
+ permission.addScope("sensors:view");
+ permission.addPolicy(policy.getName());
+
+ authorization.permissions().scope().create(permission).close();
+
+ String accessToken = new OAuthClient().realm("authz-test").clientId(RESOURCE_SERVER_TEST).doGrantAccessTokenRequest("secret", "kolo", "password").getAccessToken();
+ AuthzClient authzClient = getAuthzClient(AUTHZ_CLIENT_CONFIG);
+ AuthorizationRequest request = new AuthorizationRequest();
+
+ request.addPermission(null, "sensors:view");
+
+ AuthorizationResponse response = authzClient.authorization(accessToken).authorize(request);
+ assertNotNull(response.getToken());
+ Collection<Permission> permissions = toAccessToken(response.getToken()).getAuthorization().getPermissions();
+ assertEquals(1, permissions.size());
+
+ for (Permission grantedPermission : permissions) {
+ assertNull(grantedPermission.getResourceId());
+ assertEquals(1, grantedPermission.getScopes().size());
+ assertTrue(grantedPermission.getScopes().containsAll(Arrays.asList("sensors:view")));
+ }
+ }
+
+ @Test
public void testObtainAllEntitlementsForResource() throws Exception {
ClientResource client = getClient(getRealm(), RESOURCE_SERVER_TEST);
AuthorizationResource authorization = client.authorization();
@@ -734,7 +781,9 @@ public class EntitlementAPITest extends AbstractAuthzTest {
resource.setName(KeycloakModelUtils.generateId());
resource.addScope("scope:view", "scope:update", "scope:delete");
- resource = authorization.resources().create(resource).readEntity(ResourceRepresentation.class);
+ try (Response response = authorization.resources().create(resource)) {
+ resource = response.readEntity(ResourceRepresentation.class);
+ }
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
@@ -742,7 +791,7 @@ public class EntitlementAPITest extends AbstractAuthzTest {
permission.addResource(resource.getId());
permission.addPolicy(policy.getName());
- authorization.permissions().resource().create(permission);
+ authorization.permissions().resource().create(permission).close();
String accessToken = new OAuthClient().realm("authz-test").clientId(RESOURCE_SERVER_TEST).doGrantAccessTokenRequest("secret", "kolo", "password").getAccessToken();
AuthzClient authzClient = getAuthzClient(AUTHZ_CLIENT_CONFIG);
@@ -806,7 +855,9 @@ public class EntitlementAPITest extends AbstractAuthzTest {
typedResource.setName(KeycloakModelUtils.generateId());
typedResource.addScope("read", "update");
- typedResource = authorization.resources().create(typedResource).readEntity(ResourceRepresentation.class);
+ try (Response response = authorization.resources().create(typedResource)) {
+ typedResource = response.readEntity(ResourceRepresentation.class);
+ }
ResourcePermissionRepresentation typedResourcePermission = new ResourcePermissionRepresentation();
@@ -814,7 +865,9 @@ public class EntitlementAPITest extends AbstractAuthzTest {
typedResourcePermission.setResourceType("resource");
typedResourcePermission.addPolicy(onlyOwnerPolicy.getName());
- typedResourcePermission = authorization.permissions().resource().create(typedResourcePermission).readEntity(ResourcePermissionRepresentation.class);
+ try (Response response = authorization.permissions().resource().create(typedResourcePermission)) {
+ typedResourcePermission = response.readEntity(ResourcePermissionRepresentation.class);
+ }
ResourceRepresentation martaResource = new ResourceRepresentation();
@@ -823,7 +876,9 @@ public class EntitlementAPITest extends AbstractAuthzTest {
martaResource.addScope("read", "update");
martaResource.setOwner("marta");
- martaResource = authorization.resources().create(martaResource).readEntity(ResourceRepresentation.class);
+ try (Response response = authorization.resources().create(martaResource)) {
+ martaResource = response.readEntity(ResourceRepresentation.class);
+ }
String accessToken = new OAuthClient().realm("authz-test").clientId(RESOURCE_SERVER_TEST).doGrantAccessTokenRequest("secret", "marta", "password").getAccessToken();
AuthzClient authzClient = getAuthzClient(AUTHZ_CLIENT_CONFIG);
@@ -864,7 +919,7 @@ public class EntitlementAPITest extends AbstractAuthzTest {
onlyKoloPolicy.setName(KeycloakModelUtils.generateId());
onlyKoloPolicy.addUser("kolo");
- authorization.policies().user().create(onlyKoloPolicy);
+ authorization.policies().user().create(onlyKoloPolicy).close();
ResourcePermissionRepresentation martaResourcePermission = new ResourcePermissionRepresentation();
@@ -872,7 +927,9 @@ public class EntitlementAPITest extends AbstractAuthzTest {
martaResourcePermission.addResource(martaResource.getId());
martaResourcePermission.addPolicy(onlyKoloPolicy.getName());
- martaResourcePermission = authorization.permissions().resource().create(martaResourcePermission).readEntity(ResourcePermissionRepresentation.class);
+ try (Response response1 = authorization.permissions().resource().create(martaResourcePermission)) {
+ martaResourcePermission = response1.readEntity(ResourcePermissionRepresentation.class);
+ }
response = authzClient.authorization(accessToken).authorize(request);
assertNotNull(response.getToken());
@@ -911,7 +968,9 @@ public class EntitlementAPITest extends AbstractAuthzTest {
martaResourceUpdatePermission.addScope("update");
martaResourceUpdatePermission.addPolicy(onlyOwnerPolicy.getName());
- martaResourceUpdatePermission = authorization.permissions().scope().create(martaResourceUpdatePermission).readEntity(ScopePermissionRepresentation.class);
+ try (Response response1 = authorization.permissions().scope().create(martaResourceUpdatePermission)) {
+ martaResourceUpdatePermission = response1.readEntity(ScopePermissionRepresentation.class);
+ }
// now kolo can only read, but not update
response = authzClient.authorization(accessToken).authorize(request);
@@ -1034,7 +1093,9 @@ public class EntitlementAPITest extends AbstractAuthzTest {
typedResource.setType("resource");
typedResource.setName(KeycloakModelUtils.generateId());
- typedResource = authorization.resources().create(typedResource).readEntity(ResourceRepresentation.class);
+ try (Response response = authorization.resources().create(typedResource)) {
+ typedResource = response.readEntity(ResourceRepresentation.class);
+ }
ResourceRepresentation userResource = new ResourceRepresentation();
@@ -1045,7 +1106,9 @@ public class EntitlementAPITest extends AbstractAuthzTest {
attributes.put("visibility", Arrays.asList("private"));
userResource.setAttributes(attributes);
- userResource = authorization.resources().create(userResource).readEntity(ResourceRepresentation.class);
+ try (Response response = authorization.resources().create(userResource)) {
+ userResource = response.readEntity(ResourceRepresentation.class);
+ }
ResourcePermissionRepresentation typedResourcePermission = new ResourcePermissionRepresentation();
@@ -1053,7 +1116,9 @@ public class EntitlementAPITest extends AbstractAuthzTest {
typedResourcePermission.setResourceType("resource");
typedResourcePermission.addPolicy(onlyPublicResourcesPolicy.getName());
- typedResourcePermission = authorization.permissions().resource().create(typedResourcePermission).readEntity(ResourcePermissionRepresentation.class);
+ try (Response response = authorization.permissions().resource().create(typedResourcePermission)) {
+ typedResourcePermission = response.readEntity(ResourcePermissionRepresentation.class);
+ }
// marta can access any public resource
AuthzClient authzClient = getAuthzClient(AUTHZ_CLIENT_CONFIG);
@@ -1110,7 +1175,7 @@ public class EntitlementAPITest extends AbstractAuthzTest {
createPermission.addScope("create");
createPermission.addPolicy(onlyPublicResourcesPolicy.getName());
- authorization.permissions().scope().create(createPermission);
+ authorization.permissions().scope().create(createPermission).close();
response = authzClient.authorization("marta", "password").authorize(request);
assertNotNull(response.getToken());
@@ -1190,7 +1255,9 @@ public class EntitlementAPITest extends AbstractAuthzTest {
resource.setName("Sensors");
resource.addScope("sensors:view", "sensors:update", "sensors:delete");
- resource = authorization.resources().create(resource).readEntity(ResourceRepresentation.class);
+ try (Response response = authorization.resources().create(resource)) {
+ resource = response.readEntity(ResourceRepresentation.class);
+ }
ScopePermissionRepresentation permission = new ScopePermissionRepresentation();
@@ -1198,7 +1265,7 @@ public class EntitlementAPITest extends AbstractAuthzTest {
permission.addScope("sensors:view");
permission.addPolicy(policy.getName());
- authorization.permissions().scope().create(permission);
+ authorization.permissions().scope().create(permission).close();
String accessToken = new OAuthClient().realm("authz-test").clientId(RESOURCE_SERVER_TEST).scope("offline_access").doGrantAccessTokenRequest("secret", "offlineuser", "password").getAccessToken();
AuthzClient authzClient = getAuthzClient(AUTHZ_CLIENT_CONFIG);
@@ -1254,7 +1321,9 @@ public class EntitlementAPITest extends AbstractAuthzTest {
resource.setName("Sensors");
- resource = authorization.resources().create(resource).readEntity(ResourceRepresentation.class);
+ try (Response response = authorization.resources().create(resource)) {
+ resource = response.readEntity(ResourceRepresentation.class);
+ }
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
@@ -1262,7 +1331,7 @@ public class EntitlementAPITest extends AbstractAuthzTest {
permission.addResource(resource.getName());
permission.addPolicy(policy.getName());
- authorization.permissions().resource().create(permission);
+ authorization.permissions().resource().create(permission).close();
oauth.realm("authz-test");
oauth.clientId(PUBLIC_TEST_CLIENT);
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/GroupNamePolicyTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/GroupNamePolicyTest.java
index 3668877..82cc445 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/GroupNamePolicyTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/GroupNamePolicyTest.java
@@ -28,8 +28,6 @@ import java.util.function.Function;
import java.util.function.Predicate;
import java.util.stream.Collectors;
-import javax.ws.rs.core.Response;
-
import org.junit.Before;
import org.junit.Test;
import org.keycloak.admin.client.resource.AuthorizationResource;
@@ -38,7 +36,6 @@ import org.keycloak.admin.client.resource.ClientsResource;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.authorization.client.AuthorizationDeniedException;
import org.keycloak.authorization.client.AuthzClient;
-import org.keycloak.authorization.client.Configuration;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.mappers.GroupMembershipMapper;
import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
@@ -52,14 +49,12 @@ import org.keycloak.representations.idm.authorization.GroupPolicyRepresentation;
import org.keycloak.representations.idm.authorization.PermissionRequest;
import org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
-import org.keycloak.testsuite.util.AdminClientUtil;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.GroupBuilder;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.RoleBuilder;
import org.keycloak.testsuite.util.RolesBuilder;
import org.keycloak.testsuite.util.UserBuilder;
-import org.keycloak.util.JsonSerialization;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
@@ -197,8 +192,7 @@ public class GroupNamePolicyTest extends AbstractAuthzTest {
policy.setGroupsClaim("groups");
policy.addGroupPath(groupPath, extendChildren);
- Response response = getClient().authorization().policies().group().create(policy);
- response.close();
+ getClient().authorization().policies().group().create(policy).close();
}
private void createResourcePermission(String name, String resource, String... policies) {
@@ -208,16 +202,14 @@ public class GroupNamePolicyTest extends AbstractAuthzTest {
permission.addResource(resource);
permission.addPolicy(policies);
- Response response = getClient().authorization().permissions().resource().create(permission);
- response.close();
+ getClient().authorization().permissions().resource().create(permission).close();
}
private void createResource(String name) {
AuthorizationResource authorization = getClient().authorization();
ResourceRepresentation resource = new ResourceRepresentation(name);
- Response response = authorization.resources().create(resource);
- response.close();
+ authorization.resources().create(resource).close();
}
private RealmResource getRealm() {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/GroupPathPolicyTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/GroupPathPolicyTest.java
index 25bdcdf..b801789 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/GroupPathPolicyTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/GroupPathPolicyTest.java
@@ -28,8 +28,6 @@ import java.util.function.Function;
import java.util.function.Predicate;
import java.util.stream.Collectors;
-import javax.ws.rs.core.Response;
-
import org.junit.Before;
import org.junit.Test;
import org.keycloak.admin.client.resource.AuthorizationResource;
@@ -181,8 +179,7 @@ public class GroupPathPolicyTest extends AbstractAuthzTest {
policy.setGroupsClaim("groups");
policy.addGroupPath(groupPath, extendChildren);
- Response response = getClient().authorization().policies().group().create(policy);
- response.close();
+ getClient().authorization().policies().group().create(policy).close();
}
private void createResourcePermission(String name, String resource, String... policies) {
@@ -192,16 +189,14 @@ public class GroupPathPolicyTest extends AbstractAuthzTest {
permission.addResource(resource);
permission.addPolicy(policies);
- Response response = getClient().authorization().permissions().resource().create(permission);
- response.close();
+ getClient().authorization().permissions().resource().create(permission).close();
}
private void createResource(String name) {
AuthorizationResource authorization = getClient().authorization();
ResourceRepresentation resource = new ResourceRepresentation(name);
- Response response = authorization.resources().create(resource);
- response.close();
+ authorization.resources().create(resource).close();
}
private RealmResource getRealm() {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PermissionClaimTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PermissionClaimTest.java
index 5b21bb5..65b1f96 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PermissionClaimTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/PermissionClaimTest.java
@@ -22,6 +22,7 @@ import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
+import javax.ws.rs.core.Response;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
@@ -247,7 +248,9 @@ public class PermissionClaimTest extends AbstractAuthzTest {
updatePermission.addScope("update");
updatePermission.addPolicy(claimCPolicy.getName());
- updatePermission = authorization.permissions().scope().create(updatePermission).readEntity(ScopePermissionRepresentation.class);
+ try (Response response = authorization.permissions().scope().create(updatePermission)) {
+ updatePermission = response.readEntity(ScopePermissionRepresentation.class);
+ }
AuthzClient authzClient = getAuthzClient();
AuthorizationRequest request = new AuthorizationRequest();
@@ -320,7 +323,9 @@ public class PermissionClaimTest extends AbstractAuthzTest {
updatePermission.addResource(resourceA.getName());
updatePermission.addPolicy(claimCPolicy.getName());
- updatePermission = authorization.permissions().resource().create(updatePermission).readEntity(ResourcePermissionRepresentation.class);
+ try (Response response = authorization.permissions().resource().create(updatePermission)) {
+ updatePermission = response.readEntity(ResourcePermissionRepresentation.class);
+ }
AuthzClient authzClient = getAuthzClient();
AuthorizationResponse response = authzClient.authorization("marta", "password").authorize();
@@ -357,7 +362,9 @@ public class PermissionClaimTest extends AbstractAuthzTest {
resourceInstance.setType(resourceA.getType());
resourceInstance.setOwner("marta");
- resourceInstance = authorization.resources().create(resourceInstance).readEntity(ResourceRepresentation.class);
+ try (Response response1 = authorization.resources().create(resourceInstance)) {
+ resourceInstance = response1.readEntity(ResourceRepresentation.class);
+ }
AuthorizationRequest request = new AuthorizationRequest();
@@ -377,7 +384,9 @@ public class PermissionClaimTest extends AbstractAuthzTest {
resourceInstancePermission.addResource(resourceInstance.getId());
resourceInstancePermission.addPolicy(claimCPolicy.getName());
- resourceInstancePermission = authorization.permissions().resource().create(resourceInstancePermission).readEntity(ResourcePermissionRepresentation.class);
+ try (Response response1 = authorization.permissions().resource().create(resourceInstancePermission)) {
+ resourceInstancePermission = response1.readEntity(ResourcePermissionRepresentation.class);
+ }
response = authzClient.authorization("marta", "password").authorize(request);
assertNotNull(response.getToken());
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/RolePolicyTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/RolePolicyTest.java
index 25fc4fa..3f8e9fb 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/RolePolicyTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/RolePolicyTest.java
@@ -23,8 +23,6 @@ import java.io.IOException;
import java.util.Arrays;
import java.util.List;
-import javax.ws.rs.core.Response;
-
import org.junit.Before;
import org.junit.Test;
import org.keycloak.admin.client.resource.AuthorizationResource;
@@ -33,7 +31,6 @@ import org.keycloak.admin.client.resource.ClientsResource;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.authorization.client.AuthorizationDeniedException;
import org.keycloak.authorization.client.AuthzClient;
-import org.keycloak.authorization.client.Configuration;
import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
@@ -51,7 +48,6 @@ import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.RoleBuilder;
import org.keycloak.testsuite.util.RolesBuilder;
import org.keycloak.testsuite.util.UserBuilder;
-import org.keycloak.util.JsonSerialization;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
@@ -179,8 +175,7 @@ public class RolePolicyTest extends AbstractAuthzTest {
policy.addRole(role);
}
- Response response = getClient().authorization().policies().role().create(policy);
- response.close();
+ getClient().authorization().policies().role().create(policy).close();
}
private void createResourcePermission(String name, String resource, String... policies) {
@@ -190,16 +185,14 @@ public class RolePolicyTest extends AbstractAuthzTest {
permission.addResource(resource);
permission.addPolicy(policies);
- Response response = getClient().authorization().permissions().resource().create(permission);
- response.close();
+ getClient().authorization().permissions().resource().create(permission).close();
}
private void createResource(String name) {
AuthorizationResource authorization = getClient().authorization();
ResourceRepresentation resource = new ResourceRepresentation(name);
- Response response = authorization.resources().create(resource);
- response.close();
+ authorization.resources().create(resource).close();
}
private RealmResource getRealm() {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UmaDiscoveryDocumentTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UmaDiscoveryDocumentTest.java
index 65c7f6a..beafb88 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UmaDiscoveryDocumentTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UmaDiscoveryDocumentTest.java
@@ -56,22 +56,24 @@ public class UmaDiscoveryDocumentTest extends AbstractKeycloakTest {
URI oidcDiscoveryUri = RealmsResource.wellKnownProviderUrl(builder).build("test", UmaWellKnownProviderFactory.PROVIDER_ID);
WebTarget oidcDiscoveryTarget = client.target(oidcDiscoveryUri);
- Response response = oidcDiscoveryTarget.request().get();
+ try (Response response = oidcDiscoveryTarget.request().get()) {
+ assertEquals("no-cache, must-revalidate, no-transform, no-store", response.getHeaders().getFirst("Cache-Control"));
- assertEquals("no-cache, must-revalidate, no-transform, no-store", response.getHeaders().getFirst("Cache-Control"));
- UmaConfiguration configuration = response.readEntity(UmaConfiguration.class);
+ UmaConfiguration configuration = response.readEntity(UmaConfiguration.class);
- assertEquals(configuration.getAuthorizationEndpoint(), OIDCLoginProtocolService.authUrl(UriBuilder.fromUri(OAuthClient.AUTH_SERVER_ROOT)).build("test").toString());
- assertEquals(configuration.getTokenEndpoint(), oauth.getAccessTokenUrl());
- assertEquals(configuration.getJwksUri(), oauth.getCertsUrl("test"));
- assertEquals(configuration.getTokenIntrospectionEndpoint(), oauth.getTokenIntrospectionUrl());
- String registrationUri = UriBuilder
- .fromUri(OAuthClient.AUTH_SERVER_ROOT)
- .path(RealmsResource.class).path(RealmsResource.class, "getRealmResource").build(realmsResouce().realm("test").toRepresentation().getRealm()).toString();
+ assertEquals(configuration.getAuthorizationEndpoint(), OIDCLoginProtocolService.authUrl(UriBuilder.fromUri(OAuthClient.AUTH_SERVER_ROOT)).build("test").toString());
+ assertEquals(configuration.getTokenEndpoint(), oauth.getAccessTokenUrl());
+ assertEquals(configuration.getJwksUri(), oauth.getCertsUrl("test"));
+ assertEquals(configuration.getTokenIntrospectionEndpoint(), oauth.getTokenIntrospectionUrl());
- assertEquals(registrationUri + "/authz/protection/permission", configuration.getPermissionEndpoint().toString());
- assertEquals(registrationUri + "/authz/protection/resource_set", configuration.getResourceRegistrationEndpoint().toString());
+ String registrationUri = UriBuilder
+ .fromUri(OAuthClient.AUTH_SERVER_ROOT)
+ .path(RealmsResource.class).path(RealmsResource.class, "getRealmResource").build(realmsResouce().realm("test").toRepresentation().getRealm()).toString();
+
+ assertEquals(registrationUri + "/authz/protection/permission", configuration.getPermissionEndpoint().toString());
+ assertEquals(registrationUri + "/authz/protection/resource_set", configuration.getResourceRegistrationEndpoint().toString());
+ }
}
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UmaGrantTypeTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UmaGrantTypeTest.java
index 0aa9d6d..e7c89eb 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UmaGrantTypeTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UmaGrantTypeTest.java
@@ -79,8 +79,7 @@ public class UmaGrantTypeTest extends AbstractResourceServerTest {
policy.setName("Default Policy");
policy.setCode("$evaluation.grant();");
- Response response = authorization.policies().js().create(policy);
- response.close();
+ authorization.policies().js().create(policy).close();
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
resourceA = addResource("Resource A", "ScopeA", "ScopeB", "ScopeC");
@@ -89,16 +88,14 @@ public class UmaGrantTypeTest extends AbstractResourceServerTest {
permission.addResource(resourceA.getName());
permission.addPolicy(policy.getName());
- response = authorization.permissions().resource().create(permission);
- response.close();
+ authorization.permissions().resource().create(permission).close();
policy = new JSPolicyRepresentation();
policy.setName("Deny Policy");
policy.setCode("$evaluation.deny();");
- response = authorization.policies().js().create(policy);
- response.close();
+ authorization.policies().js().create(policy).close();
}
@Test
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UmaPermissionTicketPushedClaimsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UmaPermissionTicketPushedClaimsTest.java
index cdbd9e4..a89ee65 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UmaPermissionTicketPushedClaimsTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UmaPermissionTicketPushedClaimsTest.java
@@ -64,7 +64,7 @@ public class UmaPermissionTicketPushedClaimsTest extends AbstractResourceServerT
AuthorizationResource authorization = getClient(getRealm()).authorization();
- authorization.policies().js().create(policy);
+ authorization.policies().js().create(policy).close();
ScopePermissionRepresentation representation = new ScopePermissionRepresentation();
@@ -72,7 +72,7 @@ public class UmaPermissionTicketPushedClaimsTest extends AbstractResourceServerT
representation.addScope("withdraw");
representation.addPolicy(policy.getName());
- authorization.permissions().scope().create(representation);
+ authorization.permissions().scope().create(representation).close();
AuthzClient authzClient = getAuthzClient();
PermissionRequest permissionRequest = new PermissionRequest(resource.getId());
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedAccessTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedAccessTest.java
index 1b6b9a3..7bb8bd7 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedAccessTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedAccessTest.java
@@ -62,8 +62,7 @@ public class UserManagedAccessTest extends AbstractResourceServerTest {
policy.setName("Only Owner Policy");
policy.setCode("if ($evaluation.getContext().getIdentity().getId() == $evaluation.getPermission().getResource().getOwner()) {$evaluation.grant();}");
- Response response = authorization.policies().js().create(policy);
- response.close();
+ authorization.policies().js().create(policy).close();
}
@Test