keycloak-uncached
Changes
testsuite/integration-arquillian/test-apps/photoz/photoz-html5-client/src/main/webapp/index.html 1(+1 -0)
testsuite/integration-arquillian/test-apps/photoz/photoz-html5-client/src/main/webapp/js/app.js 2(+2 -0)
testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/album/AlbumService.java 59(+32 -27)
testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/entity/Album.java 15(+13 -2)
testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/entity/Photo.java 3(+2 -1)
testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/unsecured/UnsecuredService.java 54(+54 -0)
testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/util/TransactionInterceptor.java 2(+1 -1)
testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/resources/META-INF/persistence.xml 4(+2 -2)
testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/webapp/WEB-INF/beans.xml 0(+0 -0)
testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/webapp/WEB-INF/web.xml 70(+38 -32)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/PhotozClientAuthzTestApp.java 168(+123 -45)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java 889(+392 -497)
Details
diff --git a/testsuite/integration-arquillian/test-apps/photoz/photoz-html5-client/src/main/webapp/index.html b/testsuite/integration-arquillian/test-apps/photoz/photoz-html5-client/src/main/webapp/index.html
index 692e05d..a66fcdc 100755
--- a/testsuite/integration-arquillian/test-apps/photoz/photoz-html5-client/src/main/webapp/index.html
+++ b/testsuite/integration-arquillian/test-apps/photoz/photoz-html5-client/src/main/webapp/index.html
@@ -31,6 +31,7 @@
<div id="content" ng-view/>
</div>
+<div style="display: none;" id="bearer"></div>
<pre style="background-color: #ddd; border: 1px solid #ccc; padding: 10px;" id="output"></pre>
</body>
diff --git a/testsuite/integration-arquillian/test-apps/photoz/photoz-html5-client/src/main/webapp/js/app.js b/testsuite/integration-arquillian/test-apps/photoz/photoz-html5-client/src/main/webapp/js/app.js
index 3d2ed43..f6df2cb 100755
--- a/testsuite/integration-arquillian/test-apps/photoz/photoz-html5-client/src/main/webapp/js/app.js
+++ b/testsuite/integration-arquillian/test-apps/photoz/photoz-html5-client/src/main/webapp/js/app.js
@@ -166,8 +166,10 @@ module.factory('authInterceptor', function ($q, $injector, $timeout, Identity) {
if (Identity.authorization && Identity.authorization.rpt && request.url.indexOf('/authorize') == -1) {
retries = 0;
request.headers.Authorization = 'Bearer ' + Identity.authorization.rpt;
+ document.getElementById("bearer").innerHTML = 'rpt: Bearer ' + Identity.authorization.rpt;
} else {
request.headers.Authorization = 'Bearer ' + Identity.authc.token;
+ document.getElementById("bearer").innerHTML = 'authc: Bearer ' + Identity.authc.token;
}
return request;
},
diff --git a/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/album/AlbumService.java b/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/album/AlbumService.java
index 9070416..94feb72 100644
--- a/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/album/AlbumService.java
+++ b/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/album/AlbumService.java
@@ -3,19 +3,14 @@ package org.keycloak.example.photoz.album;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.authorization.client.AuthzClient;
import org.keycloak.authorization.client.ClientAuthorizationContext;
-import org.keycloak.authorization.client.Configuration;
import org.keycloak.authorization.client.representation.ResourceRepresentation;
import org.keycloak.authorization.client.representation.ScopeRepresentation;
import org.keycloak.authorization.client.resource.ProtectionResource;
-import org.keycloak.example.photoz.ErrorResponse;
import org.keycloak.example.photoz.entity.Album;
import org.keycloak.example.photoz.util.Transaction;
-import org.keycloak.representations.adapters.config.AdapterConfig;
-import org.keycloak.util.JsonSerialization;
import javax.inject.Inject;
import javax.persistence.EntityManager;
-import javax.persistence.Query;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
@@ -28,16 +23,16 @@ import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
-import java.security.Principal;
import java.util.HashSet;
import java.util.List;
-import java.util.Set;
+import javax.ws.rs.core.HttpHeaders;
+import org.jboss.logging.Logger;
@Path("/album")
@Transaction
public class AlbumService {
- private static volatile long nextId = 0;
+ private final Logger log = Logger.getLogger(AlbumService.class);
public static final String SCOPE_ALBUM_VIEW = "album:view";
public static final String SCOPE_ALBUM_DELETE = "album:delete";
@@ -50,33 +45,35 @@ public class AlbumService {
@POST
@Consumes("application/json")
- public Response create(Album newAlbum, @QueryParam("user") String username) {
- newAlbum.setId(++nextId);
-
- if (username == null) {
- username = request.getUserPrincipal().getName();
+ public Response create(Album newAlbum, @QueryParam("user") String invalidUser, @Context HttpHeaders headers) {
+ printAuthHeaders(headers);
+
+ String userId = request.getUserPrincipal().getName();
+
+ if (invalidUser != null) {
+ userId = invalidUser;
}
+
+ newAlbum.setUserId(userId);
- newAlbum.setUserId(username);
- Query queryDuplicatedAlbum = this.entityManager.createQuery("from Album where name = :name and userId = :userId");
-
- queryDuplicatedAlbum.setParameter("name", newAlbum.getName());
- queryDuplicatedAlbum.setParameter("userId", username);
-
- if (!queryDuplicatedAlbum.getResultList().isEmpty()) {
- throw new ErrorResponse("Name [" + newAlbum.getName() + "] already taken. Choose another one.", Status.CONFLICT);
+ log.debug("PERSISTING " + newAlbum);
+ entityManager.persist(newAlbum);
+ try {
+ createProtectedResource(newAlbum);
+ } catch (RuntimeException e) {
+ log.debug("ERROR " + e);
+ entityManager.remove(newAlbum);
+ throw e;
}
- this.entityManager.persist(newAlbum);
-
- createProtectedResource(newAlbum);
-
return Response.ok(newAlbum).build();
}
@Path("{id}")
@DELETE
- public Response delete(@PathParam("id") String id) {
+ public Response delete(@PathParam("id") String id, @Context HttpHeaders headers) {
+ printAuthHeaders(headers);
+
Album album = this.entityManager.find(Album.class, Long.valueOf(id));
try {
@@ -113,6 +110,7 @@ public class AlbumService {
}
private void createProtectedResource(Album album) {
+ log.debug("Creating ProtectedResource for " + album);
try {
HashSet<ScopeRepresentation> scopes = new HashSet<>();
@@ -145,7 +143,7 @@ public class AlbumService {
}
protection.resource().delete(search.get(0).getId());
- } catch (Exception e) {
+ } catch (RuntimeException e) {
throw new RuntimeException("Could not search protected resource.", e);
}
}
@@ -161,4 +159,11 @@ public class AlbumService {
private KeycloakSecurityContext getKeycloakSecurityContext() {
return KeycloakSecurityContext.class.cast(request.getAttribute(KeycloakSecurityContext.class.getName()));
}
+
+ private void printAuthHeaders(HttpHeaders headers) {
+ log.debug("-----------------Authorization headers--------------------------");
+ for (String authHeader : headers.getRequestHeader(HttpHeaders.AUTHORIZATION)) {
+ log.debug(authHeader);
+ }
+ }
}
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/entity/Album.java b/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/entity/Album.java
index f887e2a..6eadcbf 100644
--- a/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/entity/Album.java
+++ b/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/entity/Album.java
@@ -17,24 +17,30 @@
*/
package org.keycloak.example.photoz.entity;
+import java.io.Serializable;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.OneToMany;
-import javax.persistence.GenerationType;
import javax.persistence.Transient;
import java.util.ArrayList;
import java.util.List;
+import javax.persistence.Table;
+import javax.persistence.UniqueConstraint;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
@Entity
-public class Album {
+@Table(uniqueConstraints = {
+ @UniqueConstraint(columnNames = {"name", "userId"})
+})
+public class Album implements Serializable {
@Id
+ @GeneratedValue
private Long id;
@Column(nullable = false)
@@ -88,4 +94,9 @@ public class Album {
public void setUserManaged(boolean userManaged) {
this.userManaged = userManaged;
}
+
+ @Override
+ public String toString() {
+ return "Album{" + "id=" + id + ", name=" + name + ", userId=" + userId + '}';
+ }
}
diff --git a/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/entity/Photo.java b/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/entity/Photo.java
index 08b7495..1161807 100644
--- a/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/entity/Photo.java
+++ b/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/entity/Photo.java
@@ -17,6 +17,7 @@
*/
package org.keycloak.example.photoz.entity;
+import java.io.Serializable;
import javax.persistence.Basic;
import javax.persistence.Column;
import javax.persistence.Entity;
@@ -30,7 +31,7 @@ import javax.persistence.ManyToOne;
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
@Entity
-public class Photo {
+public class Photo implements Serializable {
@Id
@GeneratedValue
diff --git a/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/unsecured/UnsecuredService.java b/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/unsecured/UnsecuredService.java
new file mode 100644
index 0000000..ff07d37
--- /dev/null
+++ b/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/unsecured/UnsecuredService.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2018 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.example.photoz.unsecured;
+
+
+import javax.inject.Inject;
+import javax.persistence.EntityManager;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.GET;
+import org.jboss.logging.Logger;
+
+/**
+ * Service used to ensure there is clean DB before test
+ *
+ * @author <a href="mailto:vramik@redhat.com">Vlastislav Ramik</a>
+ */
+@Path("/unsecured/clean")
+public class UnsecuredService {
+
+ private final Logger log = Logger.getLogger(UnsecuredService.class);
+
+ @Inject
+ private EntityManager entityManager;
+
+ @GET
+ @Produces("application/json")
+ public Response cleanAll() {
+ int deletedAlbums = entityManager.createQuery("delete from Album").executeUpdate();
+ int deletedPhotos = entityManager.createQuery("delete from Photo").executeUpdate();
+
+ if (deletedAlbums != 0 || deletedPhotos != 0) {
+ log.warnf("Database was not empty. Deleted {0} Albums, {1} Photos", deletedAlbums, deletedPhotos);
+ } else {
+ log.debug("Database was clean before test");
+ }
+ return Response.ok().build();
+ }
+}
diff --git a/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/util/TransactionInterceptor.java b/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/util/TransactionInterceptor.java
index 36d35f3..be60248 100644
--- a/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/util/TransactionInterceptor.java
+++ b/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/java/org/keycloak/example/photoz/util/TransactionInterceptor.java
@@ -35,7 +35,7 @@ public class TransactionInterceptor {
private Instance<EntityManager> entityManager;
@AroundInvoke
- public Object aroundInvoke(InvocationContext context) {
+ public Object aroundInvoke(InvocationContext context) throws Exception {
EntityManager entityManager = this.entityManager.get();
EntityTransaction transaction = entityManager.getTransaction();
diff --git a/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/resources/META-INF/persistence.xml b/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/resources/META-INF/persistence.xml
index 8b6d226..369d821 100644
--- a/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/resources/META-INF/persistence.xml
+++ b/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/resources/META-INF/persistence.xml
@@ -15,8 +15,8 @@
<property name="hibernate.connection.driver_class" value="org.h2.Driver" />
<property name="hibernate.connection.url" value="jdbc:h2:mem:test-keycloak-photoz-example" />
<property name="hibernate.connection.user" value="sa" />
- <property name="hibernate.flushMode" value="FLUSH_AUTO" />
- <property name="hibernate.hbm2ddl.auto" value="update" />
+ <property name="hibernate.flushMode" value="COMMIT" />
+ <property name="hibernate.hbm2ddl.auto" value="create-drop" />
<property name="hibernate.show_sql" value="false" />
</properties>
</persistence-unit>
diff --git a/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/webapp/WEB-INF/web.xml b/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/webapp/WEB-INF/web.xml
index 34cf6bd..508bc72 100644
--- a/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/webapp/WEB-INF/web.xml
+++ b/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api/src/main/webapp/WEB-INF/web.xml
@@ -1,41 +1,47 @@
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
- version="3.0">
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
- <module-name>photoz-restful-api</module-name>
+ <module-name>photoz-restful-api</module-name>
- <security-constraint>
- <web-resource-collection>
- <web-resource-name>All Resources</web-resource-name>
- <url-pattern>/*</url-pattern>
- </web-resource-collection>
- <auth-constraint>
- <role-name>user</role-name>
- </auth-constraint>
- </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>All Resources</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
- <security-constraint>
- <web-resource-collection>
- <web-resource-name>All Resources</web-resource-name>
- <url-pattern>/*</url-pattern>
- </web-resource-collection>
- <auth-constraint>
- <role-name>admin</role-name>
- </auth-constraint>
- </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>All Resources</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>admin</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Unsecured</web-resource-name>
+ <url-pattern>/unsecured/*</url-pattern>
+ </web-resource-collection>
+ </security-constraint>
- <login-config>
- <auth-method>KEYCLOAK</auth-method>
- <realm-name>photoz</realm-name>
- </login-config>
+ <login-config>
+ <auth-method>KEYCLOAK</auth-method>
+ <realm-name>photoz</realm-name>
+ </login-config>
- <security-role>
- <role-name>admin</role-name>
- </security-role>
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
- <security-role>
- <role-name>user</role-name>
- </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
</web-app>
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/PhotozClientAuthzTestApp.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/PhotozClientAuthzTestApp.java
index 1f61268..f87d481 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/PhotozClientAuthzTestApp.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/PhotozClientAuthzTestApp.java
@@ -27,10 +27,11 @@ import org.keycloak.testsuite.util.URLUtils;
import org.openqa.selenium.By;
import org.openqa.selenium.WebElement;
import org.openqa.selenium.support.FindBy;
-import org.openqa.selenium.support.ui.Select;
import java.net.URL;
+import static org.hamcrest.Matchers.containsString;
+import static org.junit.Assert.assertThat;
import static org.keycloak.testsuite.util.WaitUtils.pause;
import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement;
@@ -82,12 +83,26 @@ public class PhotozClientAuthzTestApp extends AbstractPageWithInjectedUrl {
}
public void createAlbum(String name, String buttonId) {
+ log.debugf("Creating album {0} with buttonId: {1}", name, buttonId);
navigateTo();
- this.driver.findElement(By.id("create-album")).click();
- Form.setInputValue(this.driver.findElement(By.id("album.name")), name);
+ WebElement createAlbum = driver.findElement(By.id("create-album"));
+ waitUntilElement(createAlbum).is().clickable();
+ createAlbum.click();
+ WebElement albumNameInput = driver.findElement(By.id("album.name"));
+ waitUntilElement(albumNameInput).is().present();
+ Form.setInputValue(albumNameInput, name);
pause(200); // We need to wait a bit for the form to "accept" the input (otherwise it registers the input as empty)
- this.driver.findElement(By.id(buttonId)).click();
+ waitUntilElement(albumNameInput).attribute(Form.VALUE).contains(name);
+ WebElement button = driver.findElement(By.id(buttonId));
+ waitUntilElement(button).is().clickable();
+ button.click();
pause(WAIT_AFTER_OPERATION);
+ if (buttonId.equals("save-album-invalid")) {
+ waitForPageToLoad();
+ assertThat(driver.getPageSource(), containsString("Could not register protected resource."));
+ } else {
+ waitUntilElement(albumNameInput).is().not().present();
+ }
}
public void createAlbumWithInvalidUser(String name) {
@@ -99,32 +114,51 @@ public class PhotozClientAuthzTestApp extends AbstractPageWithInjectedUrl {
return this.url;
}
- public void deleteAlbum(String name) {
- driver.findElements(By.xpath("//a[text()='" + name + "']/following-sibling::a[text()='X']")).forEach(WebElement::click);
+ public void deleteAlbum(String name, boolean shouldBeDenied) {
+ log.debugf("Deleting album {0}", name);
+ WebElement delete = driver.findElement(By.id("delete-" + name));
+ waitUntilElement(delete).is().clickable();
+ delete.click();
pause(WAIT_AFTER_OPERATION);
+ if (shouldBeDenied) {
+ waitForDenial();
+ } else {
+ waitUntilElement(delete).is().not().present();
+ }
}
- public void navigateToAdminAlbum() {
+ public void navigateToAdminAlbum(boolean shouldBeDenied) {
+ log.debug("Navigating to Admin Album");
URLUtils.navigateToUri(toString() + "/#/admin/album", true);
+
driver.navigate().refresh(); // This is sometimes necessary for loading the new policy settings
waitForPageToLoad();
pause(WAIT_AFTER_OPERATION);
+ if (shouldBeDenied) {
+ waitForDenial();
+ } else {
+ waitUntilElement(output).text().equalTo("");
+ }
}
public void logOut() {
- waitUntilElement(signOutButton); // Sometimes doesn't work in PhantomJS!
+ waitUntilElement(signOutButton).is().clickable(); // Sometimes doesn't work in PhantomJS!
signOutButton.click();
pause(WAIT_AFTER_OPERATION);
}
public void requestEntitlement() {
+ waitUntilElement(entitlement).is().clickable();
entitlement.click();
+ waitForPageToLoad();
pause(WAIT_AFTER_OPERATION);
pause(WAIT_AFTER_OPERATION);
}
public void requestEntitlements() {
+ waitUntilElement(entitlements).is().clickable();
entitlements.click();
+ waitForPageToLoad();
pause(WAIT_AFTER_OPERATION);
pause(WAIT_AFTER_OPERATION);
}
@@ -168,7 +202,8 @@ public class PhotozClientAuthzTestApp extends AbstractPageWithInjectedUrl {
}
this.loginPage.form().login(username, password);
-
+ waitForPageToLoad();//guess
+
// simple check if we are at the consent page, if so just click 'Yes'
if (this.consentPage.isCurrent()) {
consentPage.confirm();
@@ -177,12 +212,8 @@ public class PhotozClientAuthzTestApp extends AbstractPageWithInjectedUrl {
pause(WAIT_AFTER_OPERATION);
}
- public boolean wasDenied() {
- return this.driver.findElement(By.id("output")).getText().contains("You can not access");
- }
-
- public void viewAlbum(String name) throws InterruptedException {
- viewAlbum(name, true);
+ private void waitForDenial() {
+ waitUntilElement(output).text().contains("You can not access");
}
public void viewAllAlbums() {
@@ -190,83 +221,130 @@ public class PhotozClientAuthzTestApp extends AbstractPageWithInjectedUrl {
pause(WAIT_AFTER_OPERATION);
}
- public void viewAlbum(String name, boolean refresh) throws InterruptedException {
- this.driver.findElement(By.xpath("//a[text() = '" + name + "']")).click();
+ public void viewAlbum(String name, boolean shouldBeDenied) {
+ WebElement viewalbum = driver.findElement(By.xpath("//a[text() = '" + name + "']"));
+ waitUntilElement(viewalbum).is().clickable();
+ viewalbum.click();
+ waitForPageToLoad();
+ if (shouldBeDenied) waitForDenial();
+ driver.navigate().refresh(); // This is sometimes necessary for loading the new policy settings
waitForPageToLoad();
- if (refresh) {
- driver.navigate().refresh(); // This is sometimes necessary for loading the new policy settings
- }
pause(WAIT_AFTER_OPERATION);
}
- public void accountPage() throws InterruptedException {
+ public void accountPage() {
navigateTo();
- this.driver.findElement(By.id("my-account")).click();
+ WebElement myAccount = driver.findElement(By.id("my-account"));
+ waitUntilElement(myAccount).is().clickable();
+ myAccount.click();
+ waitForPageToLoad();
pause(WAIT_AFTER_OPERATION);
}
- public void accountMyResources() throws InterruptedException {
+ public void accountMyResources() {
accountPage();
- this.driver.findElement(By.xpath("//a[text() = 'My Resources']")).click();
+ WebElement myResources = driver.findElement(By.xpath("//a[text() = 'My Resources']"));
+ waitUntilElement(myResources).is().clickable();
+ myResources.click();
waitForPageToLoad();
pause(WAIT_AFTER_OPERATION);
}
- public void accountMyResource(String name) throws InterruptedException {
+ public void accountMyResource(String name) {
accountMyResources();
- this.driver.findElement(By.id("detail-" + name)).click();
+ WebElement myResource = driver.findElement(By.id("detail-" + name));
+ waitUntilElement(myResource).is().clickable();
+ myResource.click();
waitForPageToLoad();
pause(WAIT_AFTER_OPERATION);
}
- public void accountGrantResource(String name, String requester) throws InterruptedException {
+ public void accountGrantResource(String name, String requester) {
accountMyResources();
- this.driver.findElement(By.id("grant-" + name + "-" + requester)).click();
+ WebElement grantResource = driver.findElement(By.id("grant-" + name + "-" + requester));
+ waitUntilElement(grantResource).is().clickable();
+ grantResource.click();
waitForPageToLoad();
+ pause(WAIT_AFTER_OPERATION);
}
- public void accountGrantRemoveScope(String name, String requester, String scope) throws InterruptedException {
+ public void accountGrantRemoveScope(String name, String requester, String scope) {
accountMyResources();
- this.driver.findElement(By.id("grant-remove-scope-" + name + "-" + requester + "-" + scope)).click();
+ WebElement grantRemoveScope = driver.findElement(By.id("grant-remove-scope-" + name + "-" + requester + "-" + scope));
+ waitUntilElement(grantRemoveScope).is().clickable();
+ grantRemoveScope.click();
waitForPageToLoad();
+ pause(WAIT_AFTER_OPERATION);
}
- public void accountRevokeResource(String name, String requester) throws InterruptedException {
+ public void accountRevokeResource(String name, String requester) {
accountMyResource(name);
- this.driver.findElement(By.id("revoke-" + name + "-" + requester)).click();
+ WebElement revokeResource = driver.findElement(By.id("revoke-" + name + "-" + requester));
+ waitUntilElement(revokeResource).is().clickable();
+ revokeResource.click();
waitForPageToLoad();
+ pause(WAIT_AFTER_OPERATION);
}
- public void accountShareResource(String name, String user) throws InterruptedException {
+ public void accountShareResource(String name, String user) {
accountMyResource(name);
- this.driver.findElement(By.id("user_id")).sendKeys(user);
- this.driver.findElement(By.id("share-button")).click();
+ WebElement userIdInput = driver.findElement(By.id("user_id"));
+ Form.setInputValue(userIdInput, user);
+ pause(200); // We need to wait a bit for the form to "accept" the input (otherwise it registers the input as empty)
+ waitUntilElement(userIdInput).attribute(Form.VALUE).contains(user);
+
+ WebElement shareButton = driver.findElement(By.id("share-button"));
+ waitUntilElement(shareButton).is().clickable();
+ shareButton.click();
waitForPageToLoad();
+ pause(WAIT_AFTER_OPERATION);
}
- public void accountShareRemoveScope(String name, String user, String scope) throws InterruptedException {
+ public void accountShareRemoveScope(String name, String user, String scope) {
accountMyResource(name);
- this.driver.findElement(By.id("user_id")).sendKeys(user);
- this.driver.findElement(By.id("share-remove-scope-" + name + "-" + scope)).click();
- this.driver.findElement(By.id("share-button")).click();
+
+ WebElement userIdInput = driver.findElement(By.id("user_id"));
+ Form.setInputValue(userIdInput, user);
+ pause(200); // We need to wait a bit for the form to "accept" the input (otherwise it registers the input as empty)
+ waitUntilElement(userIdInput).attribute(Form.VALUE).contains(user);
+
+ WebElement shareRemoveScope = driver.findElement(By.id("share-remove-scope-" + name + "-" + scope));
+ waitUntilElement(shareRemoveScope).is().clickable();
+ shareRemoveScope.click();
waitForPageToLoad();
+
+ WebElement shareButton = driver.findElement(By.id("share-button"));
+ waitUntilElement(shareButton).is().clickable();
+ shareButton.click();
+
+ waitForPageToLoad();
+ pause(WAIT_AFTER_OPERATION);
}
- public void accountDenyResource(String name) throws InterruptedException {
+ public void accountDenyResource(String name) {
accountMyResource(name);
- this.driver.findElement(By.xpath("//a[text() = 'Deny']")).click();
+ WebElement denyLink = driver.findElement(By.linkText("Deny"));
+ waitUntilElement(denyLink).is().clickable();
+ denyLink.click();
waitForPageToLoad();
+ pause(WAIT_AFTER_OPERATION);
}
- public void requestResourceProtectedAnyScope() throws InterruptedException {
+ public void requestResourceProtectedAnyScope(boolean shouldBeDenied) {
navigateTo();
- this.driver.findElement(By.id("requestPathWithAnyProtectedScope")).click();
+ WebElement requestPathWithAnyProtectedScope = driver.findElement(By.id("requestPathWithAnyProtectedScope"));
+ waitUntilElement(requestPathWithAnyProtectedScope).is().clickable();
+ requestPathWithAnyProtectedScope.click();
+ if (shouldBeDenied) waitForDenial();
pause(WAIT_AFTER_OPERATION);
}
- public void requestResourceProtectedAllScope() throws InterruptedException {
+ public void requestResourceProtectedAllScope(boolean shouldBeDenied) {
navigateTo();
- this.driver.findElement(By.id("requestPathWithAllProtectedScope")).click();
+ WebElement requestPathWithAllProtectedScope = driver.findElement(By.id("requestPathWithAllProtectedScope"));
+ waitUntilElement(requestPathWithAllProtectedScope).is().clickable();
+ requestPathWithAllProtectedScope.click();
+ if (shouldBeDenied) waitForDenial();
pause(WAIT_AFTER_OPERATION);
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java
index a7cded4..4cc9d4a 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java
@@ -16,7 +16,11 @@
*/
package org.keycloak.testsuite.adapter.example.authorization;
+import static org.hamcrest.Matchers.empty;
+import static org.hamcrest.Matchers.is;
+import static org.hamcrest.Matchers.not;
import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;
import static org.keycloak.testsuite.util.IOUtil.loadJson;
import static org.keycloak.testsuite.util.IOUtil.loadRealm;
@@ -31,14 +35,18 @@ import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import java.util.function.Predicate;
import java.util.stream.Collectors;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.client.LaxRedirectStrategy;
import org.jboss.arquillian.container.test.api.Deployer;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.junit.After;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
@@ -68,7 +76,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
private static final String REALM_NAME = "photoz";
private static final String RESOURCE_SERVER_ID = "photoz-restful-api";
- private static int TOKEN_LIFESPAN_LEEWAY = 3; // seconds
+ private static final int TOKEN_LIFESPAN_LEEWAY = 3; // seconds
@ArquillianResource
private Deployer deployer;
@@ -86,8 +94,19 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
public static void enabled() { ProfileAssume.assumePreview(); }
@Before
- public void beforePhotozExampleAdapterTest() throws FileNotFoundException {
+ public void beforePhotozExampleAdapterTest() throws Exception {
deleteAllCookiesForClientPage();
+ this.deployer.deploy(RESOURCE_SERVER_ID);
+
+ try (CloseableHttpClient httpClient = HttpClientBuilder.create().setRedirectStrategy(new LaxRedirectStrategy()).build()) {
+ HttpGet request = new HttpGet(clientPage.toString() + "/unsecured/clean");
+ httpClient.execute(request).close();
+ }
+ }
+
+ @After
+ public void afterPhotozExampleAdapterTest() {
+ this.deployer.undeploy(RESOURCE_SERVER_ID);
}
@Override
@@ -115,655 +134,530 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
importResourceServerSettings();
}
+ private List<ResourceRepresentation> getResourcesOfUser(String username) throws FileNotFoundException {
+ return getAuthorizationResource().resources().resources().stream().filter(resource -> resource.getOwner().getName().equals(username)).collect(Collectors.toList());
+ }
+
+ private void printUpdatedPolicies() throws FileNotFoundException {
+ log.debug("Check updated policies");
+ for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
+ log.debugf("Policy: {0}", policy.getName());
+ for (String key : policy.getConfig().keySet()) {
+ log.debugf("-- key: {0}, value: {1}", key, policy.getConfig().get(key));
+ }
+ }
+ log.debug("------------------------------");
+ }
+
@Test
public void testUserCanCreateAndDeleteAlbum() throws Exception {
- try {
- this.deployer.deploy(RESOURCE_SERVER_ID);
-
- loginToClientPage("alice", "alice");
- this.clientPage.createAlbum("Alice Family Album");
+ loginToClientPage("alice", "alice");
- List<ResourceRepresentation> resources = getAuthorizationResource().resources().resources();
- assertFalse(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
+ clientPage.createAlbum("Alice Family Album");
+ log.debug("Check if alice has resources stored");
+ assertThat(getResourcesOfUser("alice"), is(not(empty())));
- this.clientPage.deleteAlbum("Alice Family Album");
-
- resources = getAuthorizationResource().resources().resources();
- assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
- } finally {
- this.deployer.undeploy(RESOURCE_SERVER_ID);
- }
+ clientPage.deleteAlbum("Alice Family Album", false);
+ log.debug("Check if alice has resources deleted");
+ assertThat(getResourcesOfUser("alice"), is(empty()));
}
@Test
public void createAlbumWithInvalidUser() throws Exception {
- try {
- this.deployer.deploy(RESOURCE_SERVER_ID);
+ loginToClientPage("alice", "alice");
- loginToClientPage("alice", "alice");
+ clientPage.createAlbumWithInvalidUser("Alice Family Album");
- clientPage.createAlbumWithInvalidUser("Alice Family Album");
-
- waitUntilElement(clientPage.getOutput()).text().not().contains("Request was successful");
- waitUntilElement(clientPage.getOutput()).text().contains("Could not register protected resource");
- } finally {
- this.deployer.undeploy(RESOURCE_SERVER_ID);
- }
+ log.debug("Check if the album was not created.");
+ waitUntilElement(clientPage.getOutput()).text().not().contains("Request was successful");
+ waitUntilElement(clientPage.getOutput()).text().contains("Could not register protected resource");
}
@Test
public void testOnlyOwnerCanDeleteAlbum() throws Exception {
- try {
- this.deployer.deploy(RESOURCE_SERVER_ID);
- loginToClientPage("alice", "alice");
- this.clientPage.createAlbum("Alice-Family-Album");
+ loginToClientPage("alice", "alice");
+ clientPage.createAlbum("Alice-Family-Album");
- loginToClientPage("admin", "admin");
- this.clientPage.navigateToAdminAlbum();
+ loginToClientPage("admin", "admin");
+ clientPage.navigateToAdminAlbum(false);
- List<ResourceRepresentation> resources = getAuthorizationResource().resources().resources();
- assertFalse(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
+ log.debug("Check if alice has resources stored");
+ assertThat(getResourcesOfUser("alice"), is(not(empty())));
- for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
- if ("Delete Album Permission".equals(policy.getName())) {
- policy.getConfig().put("applyPolicies", "[\"Only Owner Policy\"]");
- getAuthorizationResource().policies().policy(policy.getId()).update(policy);
- }
+ log.debug("Adding applyPolicies \"Only Owner Policy\" to \"Delete Album Permission\" policies.");
+ for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
+ if ("Delete Album Permission".equals(policy.getName())) {
+ policy.getConfig().put("applyPolicies", "[\"Only Owner Policy\"]");
+ getAuthorizationResource().policies().policy(policy.getId()).update(policy);
}
+ }
+ printUpdatedPolicies();
- loginToClientPage("admin", "admin");
+ loginToClientPage("admin", "admin");
- this.clientPage.navigateToAdminAlbum();
- this.clientPage.deleteAlbum("Alice-Family-Album");
- assertTrue(this.clientPage.wasDenied());
- resources = getAuthorizationResource().resources().resources();
- assertFalse(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
+ clientPage.navigateToAdminAlbum(false);
+ clientPage.deleteAlbum("Alice-Family-Album", true);
+
+ log.debug("Check if alice has resources stored");
+ assertThat(getResourcesOfUser("alice"), is(not(empty())));
- for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
- if ("Delete Album Permission".equals(policy.getName())) {
- policy.getConfig().put("applyPolicies", "[\"Only Owner and Administrators Policy\"]");
- getAuthorizationResource().policies().policy(policy.getId()).update(policy);
- }
+ log.debug("Adding applyPolicies \"Only Owner and Administrators Policy\" to \"Delete Album Permission\" policies.");
+ for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
+ if ("Delete Album Permission".equals(policy.getName())) {
+ policy.getConfig().put("applyPolicies", "[\"Only Owner and Administrators Policy\"]");
+ getAuthorizationResource().policies().policy(policy.getId()).update(policy);
}
-
- this.clientPage.navigateToAdminAlbum();
- this.clientPage.deleteAlbum("Alice-Family-Album");
- assertFalse(this.clientPage.wasDenied());
- resources = getAuthorizationResource().resources().resources();
- assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
- } finally {
- this.deployer.undeploy(RESOURCE_SERVER_ID);
}
- }
+ printUpdatedPolicies();
+ clientPage.navigateToAdminAlbum(false);
+ clientPage.deleteAlbum("Alice-Family-Album", false);
+
+ log.debug("Check if alice has resources deleted");
+ assertThat(getResourcesOfUser("alice"), is(empty()));
+ }
+
+
@Test
public void testRegularUserCanNotAccessAdminResources() throws Exception {
- try {
- this.deployer.deploy(RESOURCE_SERVER_ID);
-
- loginToClientPage("alice", "alice");
- this.clientPage.navigateToAdminAlbum();
- assertTrue(this.clientPage.wasDenied());
- } finally {
- this.deployer.undeploy(RESOURCE_SERVER_ID);
- }
+ loginToClientPage("alice", "alice");
+ clientPage.navigateToAdminAlbum(true);
}
@Test
public void testAdminOnlyFromSpecificAddress() throws Exception {
- try {
- this.deployer.deploy(RESOURCE_SERVER_ID);
-
- loginToClientPage("admin", "admin");
- this.clientPage.navigateToAdminAlbum();
- assertFalse(this.clientPage.wasDenied());
-
- for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
- if ("Only From a Specific Client Address".equals(policy.getName())) {
- String code = policy.getConfig().get("code");
- policy.getConfig().put("code", code.replaceAll("127.0.0.1", "127.3.3.3"));
- getAuthorizationResource().policies().policy(policy.getId()).update(policy);
- }
+ loginToClientPage("admin", "admin");
+ clientPage.navigateToAdminAlbum(false);
+
+ log.debug("Changing codes \"127.0.0.1\" to \"127.3.3.3\" of \"Only From a Specific Client Address\" policies.");
+ for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
+ if ("Only From a Specific Client Address".equals(policy.getName())) {
+ String code = policy.getConfig().get("code");
+ policy.getConfig().put("code", code.replaceAll("127.0.0.1", "127.3.3.3"));
+ getAuthorizationResource().policies().policy(policy.getId()).update(policy);
}
-
- this.clientPage.navigateToAdminAlbum();
- assertTrue(this.clientPage.wasDenied());
- } finally {
- this.deployer.undeploy(RESOURCE_SERVER_ID);
}
+ printUpdatedPolicies();
+
+ clientPage.navigateToAdminAlbum(true);
}
@Test
public void testAdminWithoutPermissionsToTypedResource() throws Exception {
- try {
- this.deployer.deploy(RESOURCE_SERVER_ID);
-
- loginToClientPage("alice", "alice");
- this.clientPage.createAlbum("Alice Family Album");
+ loginToClientPage("alice", "alice");
+ clientPage.createAlbum("Alice Family Album");
+
+ loginToClientPage("admin", "admin");
+ clientPage.navigateToAdminAlbum(false);
+
+ clientPage.viewAlbum("Alice Family Album", false);
+
+ for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
+ if ("Album Resource Permission".equals(policy.getName())) {
+ policy.getConfig().put("applyPolicies", "[\"Any User Policy\"]");
+ getAuthorizationResource().policies().policy(policy.getId()).update(policy);
+ }
+ if ("Any User Policy".equals(policy.getName())) {
+ ClientResource resourceServerClient = getClientResource(RESOURCE_SERVER_ID);
+ RoleResource manageAlbumRole = resourceServerClient.roles().get("manage-albums");
+ RoleRepresentation roleRepresentation = manageAlbumRole.toRepresentation();
+ List<Map> roles = JsonSerialization.readValue(policy.getConfig().get("roles"), List.class);
- loginToClientPage("admin", "admin");
- this.clientPage.navigateToAdminAlbum();
- assertFalse(this.clientPage.wasDenied());
+ roles = roles.stream().filter((Map map) -> !map.get("id").equals(roleRepresentation.getId())).collect(Collectors.toList());
- this.clientPage.viewAlbum("Alice Family Album");
- assertFalse(this.clientPage.wasDenied());
+ policy.getConfig().put("roles", JsonSerialization.writeValueAsString(roles));
- for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
- if ("Album Resource Permission".equals(policy.getName())) {
- policy.getConfig().put("applyPolicies", "[\"Any User Policy\"]");
- getAuthorizationResource().policies().policy(policy.getId()).update(policy);
- }
- if ("Any User Policy".equals(policy.getName())) {
- ClientResource resourceServerClient = getClientResource(RESOURCE_SERVER_ID);
- RoleResource manageAlbumRole = resourceServerClient.roles().get("manage-albums");
- RoleRepresentation roleRepresentation = manageAlbumRole.toRepresentation();
- List<Map> roles = JsonSerialization.readValue(policy.getConfig().get("roles"), List.class);
-
- roles = roles.stream().filter(new Predicate<Map>() {
- @Override
- public boolean test(Map map) {
- return !map.get("id").equals(roleRepresentation.getId());
- }
- }).collect(Collectors.toList());
-
- policy.getConfig().put("roles", JsonSerialization.writeValueAsString(roles));
-
- getAuthorizationResource().policies().policy(policy.getId()).update(policy);
- }
+ getAuthorizationResource().policies().policy(policy.getId()).update(policy);
}
+ }
+ printUpdatedPolicies();
- this.clientPage.navigateToAdminAlbum();
- this.clientPage.viewAlbum("Alice Family Album");
- assertTrue(this.clientPage.wasDenied());
+ clientPage.navigateToAdminAlbum(false);
+ clientPage.viewAlbum("Alice Family Album", true);
- for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
- if ("Album Resource Permission".equals(policy.getName())) {
- policy.getConfig().put("applyPolicies", "[\"Any User Policy\", \"Administration Policy\"]");
- getAuthorizationResource().policies().policy(policy.getId()).update(policy);
- }
+ for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
+ if ("Album Resource Permission".equals(policy.getName())) {
+ policy.getConfig().put("applyPolicies", "[\"Any User Policy\", \"Administration Policy\"]");
+ getAuthorizationResource().policies().policy(policy.getId()).update(policy);
}
+ }
+ printUpdatedPolicies();
- this.clientPage.navigateToAdminAlbum();
- this.clientPage.viewAlbum("Alice Family Album");
- assertFalse(this.clientPage.wasDenied());
+ clientPage.navigateToAdminAlbum(false);
+ clientPage.viewAlbum("Alice Family Album", false);
- this.clientPage.navigateToAdminAlbum();
- this.clientPage.deleteAlbum("Alice Family Album");
- List<ResourceRepresentation> resources = getAuthorizationResource().resources().resources();
- assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
- } finally {
- this.deployer.undeploy(RESOURCE_SERVER_ID);
- }
+ clientPage.navigateToAdminAlbum(false);
+ clientPage.deleteAlbum("Alice Family Album", false);
+ assertThat(getResourcesOfUser("alice"), is(empty()));
}
@Test
public void testAdminWithoutPermissionsToDeleteAlbum() throws Exception {
- try {
- this.deployer.deploy(RESOURCE_SERVER_ID);
-
- loginToClientPage("alice", "alice");
- this.clientPage.createAlbum("Alice Family Album");
-
- loginToClientPage("admin", "admin");
- this.clientPage.navigateToAdminAlbum();
- assertFalse(this.clientPage.wasDenied());
-
- this.clientPage.deleteAlbum("Alice Family Album");
- assertFalse(this.clientPage.wasDenied());
- List<ResourceRepresentation> resources = getAuthorizationResource().resources().resources();
- assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
-
- for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
- if ("Delete Album Permission".equals(policy.getName())) {
- policy.getConfig().put("applyPolicies", "[\"Only Owner Policy\"]");
- getAuthorizationResource().policies().policy(policy.getId()).update(policy);
- }
+ loginToClientPage("alice", "alice");
+ clientPage.createAlbum("Alice Family Album");
+
+ loginToClientPage("admin", "admin");
+ clientPage.navigateToAdminAlbum(false);
+
+ clientPage.deleteAlbum("Alice Family Album", false);
+ assertThat(getResourcesOfUser("alice"), is(empty()));
+
+ for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
+ if ("Delete Album Permission".equals(policy.getName())) {
+ policy.getConfig().put("applyPolicies", "[\"Only Owner Policy\"]");
+ getAuthorizationResource().policies().policy(policy.getId()).update(policy);
}
+ }
+ printUpdatedPolicies();
- loginToClientPage("alice", "alice");
- this.clientPage.createAlbum("Alice Family Album");
+ loginToClientPage("alice", "alice");
+ clientPage.createAlbum("Alice Family Album");
- loginToClientPage("admin", "admin");
- this.clientPage.navigateToAdminAlbum();
- this.clientPage.viewAlbum("Alice Family Album");
- assertFalse(this.clientPage.wasDenied());
- resources = getAuthorizationResource().resources().resources();
- assertFalse(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
+ loginToClientPage("admin", "admin");
+ clientPage.navigateToAdminAlbum(false);
+ clientPage.viewAlbum("Alice Family Album", false);
+ assertThat(getResourcesOfUser("alice"), is(not(empty())));
- this.clientPage.navigateToAdminAlbum();
- this.clientPage.deleteAlbum("Alice Family Album");
- assertTrue(this.clientPage.wasDenied());
+ clientPage.navigateToAdminAlbum(false);
+ clientPage.deleteAlbum("Alice Family Album", true);
- for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
- if ("Delete Album Permission".equals(policy.getName())) {
- policy.getConfig().put("applyPolicies", "[\"Only Owner and Administrators Policy\"]");
- getAuthorizationResource().policies().policy(policy.getId()).update(policy);
- }
+ for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
+ if ("Delete Album Permission".equals(policy.getName())) {
+ policy.getConfig().put("applyPolicies", "[\"Only Owner and Administrators Policy\"]");
+ getAuthorizationResource().policies().policy(policy.getId()).update(policy);
}
-
- this.clientPage.navigateToAdminAlbum();
- this.clientPage.deleteAlbum("Alice Family Album");
- assertFalse(this.clientPage.wasDenied());
- resources = getAuthorizationResource().resources().resources();
- assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
- } finally {
- this.deployer.undeploy(RESOURCE_SERVER_ID);
}
+ printUpdatedPolicies();
+
+ clientPage.navigateToAdminAlbum(false);
+ clientPage.deleteAlbum("Alice Family Album", false);
+ assertThat(getResourcesOfUser("alice"), is(empty()));
}
@Test
public void testClientRoleRepresentingUserConsent() throws Exception {
- try {
- this.deployer.deploy(RESOURCE_SERVER_ID);
-
- loginToClientPage("alice", "alice");
- assertFalse(this.clientPage.wasDenied());
- this.clientPage.createAlbum("Alice Family Album");
- this.clientPage.viewAlbum("Alice Family Album");
- assertFalse(this.clientPage.wasDenied());
+ loginToClientPage("alice", "alice");
+ clientPage.createAlbum("Alice Family Album");
+ clientPage.viewAlbum("Alice Family Album", false);
- UsersResource usersResource = realmsResouce().realm(REALM_NAME).users();
- List<UserRepresentation> users = usersResource.search("alice", null, null, null, null, null);
+ UsersResource usersResource = realmsResouce().realm(REALM_NAME).users();
+ List<UserRepresentation> users = usersResource.search("alice", null, null, null, null, null);
- assertFalse(users.isEmpty());
+ assertFalse(users.isEmpty());
- UserRepresentation userRepresentation = users.get(0);
- UserResource userResource = usersResource.get(userRepresentation.getId());
+ UserRepresentation userRepresentation = users.get(0);
+ UserResource userResource = usersResource.get(userRepresentation.getId());
- ClientResource html5ClientApp = getClientResource("photoz-html5-client");
+ ClientResource html5ClientApp = getClientResource("photoz-html5-client");
- userResource.revokeConsent(html5ClientApp.toRepresentation().getClientId());
+ userResource.revokeConsent(html5ClientApp.toRepresentation().getClientId());
- ClientResource resourceServerClient = getClientResource(RESOURCE_SERVER_ID);
- RoleResource roleResource = resourceServerClient.roles().get("manage-albums");
- RoleRepresentation roleRepresentation = roleResource.toRepresentation();
+ ClientResource resourceServerClient = getClientResource(RESOURCE_SERVER_ID);
+ RoleResource roleResource = resourceServerClient.roles().get("manage-albums");
+ RoleRepresentation roleRepresentation = roleResource.toRepresentation();
- roleRepresentation.setScopeParamRequired(true);
+ roleRepresentation.setScopeParamRequired(true);
- roleResource.update(roleRepresentation);
+ roleResource.update(roleRepresentation);
- loginToClientPage("alice", "alice");
- this.clientPage.viewAlbum("Alice Family Album");
- assertTrue(this.clientPage.wasDenied());
+ loginToClientPage("alice", "alice");
+ clientPage.viewAlbum("Alice Family Album", true);
- loginToClientPage("alice", "alice", RESOURCE_SERVER_ID + "/manage-albums");
- this.clientPage.viewAlbum("Alice Family Album", false);
- assertFalse(this.clientPage.wasDenied());
- } finally {
- this.deployer.undeploy(RESOURCE_SERVER_ID);
- }
+ loginToClientPage("alice", "alice", RESOURCE_SERVER_ID + "/manage-albums");
+ clientPage.viewAlbum("Alice Family Album", false);
}
@Test
public void testClientRoleNotRequired() throws Exception {
- try {
- this.deployer.deploy(RESOURCE_SERVER_ID);
-
- loginToClientPage("alice", "alice");
+ loginToClientPage("alice", "alice");
- assertFalse(this.clientPage.wasDenied());
+ clientPage.createAlbum("Alice Family Album");
+ clientPage.viewAlbum("Alice Family Album", false);
- this.clientPage.createAlbum("Alice Family Album");
- this.clientPage.viewAlbum("Alice Family Album");
- assertFalse(this.clientPage.wasDenied());
+ UsersResource usersResource = realmsResouce().realm(REALM_NAME).users();
+ List<UserRepresentation> users = usersResource.search("alice", null, null, null, null, null);
- UsersResource usersResource = realmsResouce().realm(REALM_NAME).users();
- List<UserRepresentation> users = usersResource.search("alice", null, null, null, null, null);
+ assertFalse(users.isEmpty());
- assertFalse(users.isEmpty());
+ UserRepresentation userRepresentation = users.get(0);
+ UserResource userResource = usersResource.get(userRepresentation.getId());
- UserRepresentation userRepresentation = users.get(0);
- UserResource userResource = usersResource.get(userRepresentation.getId());
+ ClientResource html5ClientApp = getClientResource("photoz-html5-client");
- ClientResource html5ClientApp = getClientResource("photoz-html5-client");
+ userResource.revokeConsent(html5ClientApp.toRepresentation().getClientId());
- userResource.revokeConsent(html5ClientApp.toRepresentation().getClientId());
+ ClientResource resourceServerClient = getClientResource(RESOURCE_SERVER_ID);
+ RoleResource manageAlbumRole = resourceServerClient.roles().get("manage-albums");
+ RoleRepresentation roleRepresentation = manageAlbumRole.toRepresentation();
- ClientResource resourceServerClient = getClientResource(RESOURCE_SERVER_ID);
- RoleResource manageAlbumRole = resourceServerClient.roles().get("manage-albums");
- RoleRepresentation roleRepresentation = manageAlbumRole.toRepresentation();
+ roleRepresentation.setScopeParamRequired(true);
- roleRepresentation.setScopeParamRequired(true);
+ manageAlbumRole.update(roleRepresentation);
- manageAlbumRole.update(roleRepresentation);
+ loginToClientPage("alice", "alice");
+ clientPage.viewAlbum("Alice Family Album", true);
- loginToClientPage("alice", "alice");
- this.clientPage.viewAlbum("Alice Family Album");
- assertTrue(this.clientPage.wasDenied());
+ for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
+ if ("Any User Policy".equals(policy.getName())) {
+ List<Map> roles = JsonSerialization.readValue(policy.getConfig().get("roles"), List.class);
- for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
- if ("Any User Policy".equals(policy.getName())) {
- List<Map> roles = JsonSerialization.readValue(policy.getConfig().get("roles"), List.class);
-
- roles.forEach(role -> {
- String roleId = (String) role.get("id");
- if (roleId.equals(manageAlbumRole.toRepresentation().getId())) {
- role.put("required", false);
- }
- });
+ roles.forEach(role -> {
+ String roleId = (String) role.get("id");
+ if (roleId.equals(manageAlbumRole.toRepresentation().getId())) {
+ role.put("required", false);
+ }
+ });
- policy.getConfig().put("roles", JsonSerialization.writeValueAsString(roles));
- getAuthorizationResource().policies().policy(policy.getId()).update(policy);
- }
+ policy.getConfig().put("roles", JsonSerialization.writeValueAsString(roles));
+ getAuthorizationResource().policies().policy(policy.getId()).update(policy);
}
-
- loginToClientPage("alice", "alice");
- this.clientPage.viewAlbum("Alice Family Album");
- assertFalse(this.clientPage.wasDenied());
- } finally {
- this.deployer.undeploy(RESOURCE_SERVER_ID);
}
+ printUpdatedPolicies();
+
+ loginToClientPage("alice", "alice");
+ clientPage.viewAlbum("Alice Family Album", false);
}
@Test
public void testOverridePermissionFromResourceParent() throws Exception {
- try {
- this.deployer.deploy(RESOURCE_SERVER_ID);
-
- loginToClientPage("alice", "alice");
- String resourceName = "My Resource Instance";
- this.clientPage.createAlbum(resourceName);
- assertFalse(this.clientPage.wasDenied());
+ loginToClientPage("alice", "alice");
+ String resourceName = "My Resource Instance";
+ clientPage.createAlbum(resourceName);
- this.clientPage.viewAlbum(resourceName);
- assertFalse(this.clientPage.wasDenied());
+ clientPage.viewAlbum(resourceName, false);
- this.clientPage.navigateTo();
- this.clientPage.deleteAlbum(resourceName);
- assertFalse(this.clientPage.wasDenied());
+ clientPage.navigateTo();
+ clientPage.deleteAlbum(resourceName, false);
- this.clientPage.createAlbum(resourceName);
+ clientPage.createAlbum(resourceName);
- this.clientPage.logOut();
- loginToClientPage("admin", "admin");
+ clientPage.logOut();
+ loginToClientPage("admin", "admin");
- this.clientPage.navigateToAdminAlbum();
- this.clientPage.viewAlbum(resourceName);
- assertFalse(this.clientPage.wasDenied());
+ clientPage.navigateToAdminAlbum(false);
+ clientPage.viewAlbum(resourceName, false);
- this.clientPage.navigateToAdminAlbum();;
- this.clientPage.deleteAlbum(resourceName);
- assertFalse(this.clientPage.wasDenied());
+ clientPage.navigateToAdminAlbum(false);
+ clientPage.deleteAlbum(resourceName, false);
- loginToClientPage("alice", "alice");
- this.clientPage.createAlbum(resourceName);
- assertFalse(this.clientPage.wasDenied());
+ loginToClientPage("alice", "alice");
+ clientPage.createAlbum(resourceName);
- getAuthorizationResource().resources().resources().forEach(resource -> {
- if (resource.getName().equals(resourceName)) {
- try {
- PolicyRepresentation resourceInstancePermission = new PolicyRepresentation();
+ getAuthorizationResource().resources().resources().forEach(resource -> {
+ if (resource.getName().equals(resourceName)) {
+ try {
+ PolicyRepresentation resourceInstancePermission = new PolicyRepresentation();
- resourceInstancePermission.setName(resourceName + "Permission");
- resourceInstancePermission.setType("resource");
+ resourceInstancePermission.setName(resourceName + "Permission");
+ resourceInstancePermission.setType("resource");
- Map<String, String> config = new HashMap<>();
+ Map<String, String> config = new HashMap<>();
- config.put("resources", JsonSerialization.writeValueAsString(Arrays.asList(resource.getId())));
- config.put("applyPolicies", JsonSerialization.writeValueAsString(Arrays.asList("Only Owner Policy")));
+ config.put("resources", JsonSerialization.writeValueAsString(Arrays.asList(resource.getId())));
+ config.put("applyPolicies", JsonSerialization.writeValueAsString(Arrays.asList("Only Owner Policy")));
- resourceInstancePermission.setConfig(config);
- getAuthorizationResource().policies().create(resourceInstancePermission);
- } catch (Exception e) {
- throw new RuntimeException("Error creating policy.", e);
- }
+ resourceInstancePermission.setConfig(config);
+ getAuthorizationResource().policies().create(resourceInstancePermission);
+ } catch (IOException e) {
+ throw new RuntimeException("Error creating policy.", e);
}
- });
+ }
+ });
+ printUpdatedPolicies();
- loginToClientPage("admin", "admin");
+ loginToClientPage("admin", "admin");
- this.clientPage.navigateToAdminAlbum();
- this.clientPage.viewAlbum(resourceName);
- assertTrue(this.clientPage.wasDenied());
+ clientPage.navigateToAdminAlbum(false);
+ clientPage.viewAlbum(resourceName, true);
- this.clientPage.navigateToAdminAlbum();
- this.clientPage.deleteAlbum(resourceName);
- assertTrue(this.clientPage.wasDenied());
+ clientPage.navigateToAdminAlbum(false);
+ clientPage.deleteAlbum(resourceName, true);
- loginToClientPage("alice", "alice");
- this.clientPage.deleteAlbum(resourceName);
- assertFalse(this.clientPage.wasDenied());
+ loginToClientPage("alice", "alice");
+ clientPage.deleteAlbum(resourceName, false);
- ResourcesResource resourcesResource = getAuthorizationResource().resources();
- List<ResourceRepresentation> resources = resourcesResource.resources();
- assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
- } finally {
- this.deployer.undeploy(RESOURCE_SERVER_ID);
- }
+ assertThat(getResourcesOfUser("alice"), is(empty()));
}
@Test
public void testInheritPermissionFromResourceParent() throws Exception {
- try {
- this.deployer.deploy(RESOURCE_SERVER_ID);
-
- loginToClientPage("alice", "alice");
+ loginToClientPage("alice", "alice");
- String resourceName = "My Resource Instance";
- this.clientPage.createAlbum(resourceName);
- assertFalse(this.clientPage.wasDenied());
+ String resourceName = "My Resource Instance";
+ clientPage.createAlbum(resourceName);
- this.clientPage.viewAlbum(resourceName);
- assertFalse(this.clientPage.wasDenied());
+ clientPage.viewAlbum(resourceName, false);
- this.clientPage.navigateTo();
- this.clientPage.deleteAlbum(resourceName);
- assertFalse(this.clientPage.wasDenied());
+ clientPage.navigateTo();
+ clientPage.deleteAlbum(resourceName, false);
- this.clientPage.createAlbum(resourceName);
+ clientPage.createAlbum(resourceName);
- loginToClientPage("admin", "admin");
+ loginToClientPage("admin", "admin");
- this.clientPage.navigateToAdminAlbum();
- this.clientPage.viewAlbum(resourceName);
- assertFalse(this.clientPage.wasDenied());
+ clientPage.navigateToAdminAlbum(false);
+ clientPage.viewAlbum(resourceName, false);
- this.clientPage.navigateToAdminAlbum();;
- this.clientPage.deleteAlbum(resourceName);
- assertFalse(this.clientPage.wasDenied());
+ clientPage.navigateToAdminAlbum(false);
+ clientPage.deleteAlbum(resourceName, false);
- loginToClientPage("alice", "alice");
- this.clientPage.createAlbum(resourceName);
- assertFalse(this.clientPage.wasDenied());
+ loginToClientPage("alice", "alice");
+ clientPage.createAlbum(resourceName);
- ResourcesResource resourcesResource = getAuthorizationResource().resources();
- resourcesResource.resources().forEach(resource -> {
- if (resource.getName().equals(resourceName)) {
- try {
- PolicyRepresentation resourceInstancePermission = new PolicyRepresentation();
+ ResourcesResource resourcesResource = getAuthorizationResource().resources();
+ resourcesResource.resources().forEach(resource -> {
+ if (resource.getName().equals(resourceName)) {
+ try {
+ PolicyRepresentation resourceInstancePermission = new PolicyRepresentation();
- resourceInstancePermission.setName(resourceName + "Permission");
- resourceInstancePermission.setType("resource");
+ resourceInstancePermission.setName(resourceName + "Permission");
+ resourceInstancePermission.setType("resource");
- Map<String, String> config = new HashMap<>();
+ Map<String, String> config = new HashMap<>();
- config.put("resources", JsonSerialization.writeValueAsString(Arrays.asList(resource.getId())));
- config.put("applyPolicies", JsonSerialization.writeValueAsString(Arrays.asList("Only Owner Policy")));
+ config.put("resources", JsonSerialization.writeValueAsString(Arrays.asList(resource.getId())));
+ config.put("applyPolicies", JsonSerialization.writeValueAsString(Arrays.asList("Only Owner Policy")));
- resourceInstancePermission.setConfig(config);
- getAuthorizationResource().policies().create(resourceInstancePermission);
- } catch (Exception e) {
- throw new RuntimeException("Error creating policy.", e);
- }
+ resourceInstancePermission.setConfig(config);
+ getAuthorizationResource().policies().create(resourceInstancePermission);
+ } catch (IOException e) {
+ throw new RuntimeException("Error creating policy.", e);
}
- });
+ }
+ });
- loginToClientPage("admin", "admin");
+ loginToClientPage("admin", "admin");
- this.clientPage.navigateToAdminAlbum();
- this.clientPage.viewAlbum(resourceName);
- assertTrue(this.clientPage.wasDenied());
+ clientPage.navigateToAdminAlbum(false);
+ clientPage.viewAlbum(resourceName, true);
- this.clientPage.navigateToAdminAlbum();
- this.clientPage.deleteAlbum(resourceName);
- assertTrue(this.clientPage.wasDenied());
+ clientPage.navigateToAdminAlbum(false);
+ clientPage.deleteAlbum(resourceName, true);
- resourcesResource.resources().forEach(resource -> {
- if (resource.getName().equals(resourceName)) {
- resource.setScopes(resource.getScopes().stream().filter(scope -> !scope.getName().equals("album:view")).collect(Collectors.toSet()));
- resourcesResource.resource(resource.getId()).update(resource);
- }
- });
+ resourcesResource.resources().forEach(resource -> {
+ if (resource.getName().equals(resourceName)) {
+ resource.setScopes(resource.getScopes().stream().filter(scope -> !scope.getName().equals("album:view")).collect(Collectors.toSet()));
+ resourcesResource.resource(resource.getId()).update(resource);
+ }
+ });
- loginToClientPage("admin", "admin");
+ loginToClientPage("admin", "admin");
- this.clientPage.navigateToAdminAlbum();
- this.clientPage.viewAlbum(resourceName);
- assertFalse(this.clientPage.wasDenied());
+ clientPage.navigateToAdminAlbum(false);
+ clientPage.viewAlbum(resourceName, false);
- this.clientPage.navigateToAdminAlbum();
- this.clientPage.deleteAlbum(resourceName);
- assertTrue(this.clientPage.wasDenied());
+ clientPage.navigateToAdminAlbum(false);
+ clientPage.deleteAlbum(resourceName, true);
- loginToClientPage("alice", "alice");
- this.clientPage.deleteAlbum(resourceName);
- assertFalse(this.clientPage.wasDenied());
- List<ResourceRepresentation> resources = resourcesResource.resources();
- assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
+ loginToClientPage("alice", "alice");
+ clientPage.deleteAlbum(resourceName, false);
+ List<ResourceRepresentation> resources = resourcesResource.resources();
+ assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
- resourcesResource.resources().forEach(resource -> {
- if (resource.getName().equals(resourceName)) {
- resource.setScopes(Collections.emptySet());
- resourcesResource.resource(resource.getId()).update(resource);
- }
- });
- } finally {
- this.deployer.undeploy(RESOURCE_SERVER_ID);
- }
+ resourcesResource.resources().forEach(resource -> {
+ if (resource.getName().equals(resourceName)) {
+ resource.setScopes(Collections.emptySet());
+ resourcesResource.resource(resource.getId()).update(resource);
+ }
+ });
}
//KEYCLOAK-3777
@Test
public void testEntitlementRequest() throws Exception {
- try {
- this.deployer.deploy(RESOURCE_SERVER_ID);
-
- clientPage.navigateTo();
- loginToClientPage("admin", "admin");
-
- clientPage.requestEntitlements();
- assertTrue(driver.getPageSource().contains("admin:manage"));
-
- clientPage.requestEntitlement();
- String pageSource = driver.getPageSource();
- assertTrue(pageSource.contains("album:view"));
- assertTrue(pageSource.contains("album:delete"));
- } finally {
- this.deployer.undeploy(RESOURCE_SERVER_ID);
- }
+ clientPage.navigateTo();
+ loginToClientPage("admin", "admin");
+
+ clientPage.requestEntitlements();
+ assertTrue(driver.getPageSource().contains("admin:manage"));
+
+ clientPage.requestEntitlement();
+ String pageSource = driver.getPageSource();
+ assertTrue(pageSource.contains("album:view"));
+ assertTrue(pageSource.contains("album:delete"));
}
@Test
public void testResourceProtectedWithAnyScope() throws Exception {
- try {
- this.deployer.deploy(RESOURCE_SERVER_ID);
- loginToClientPage("alice", "alice");
- this.clientPage.requestResourceProtectedAllScope();
- assertTrue(this.clientPage.wasDenied());
- this.clientPage.requestResourceProtectedAnyScope();
- assertFalse(this.clientPage.wasDenied());
- } finally {
- this.deployer.undeploy(RESOURCE_SERVER_ID);
- }
+ loginToClientPage("alice", "alice");
+ clientPage.requestResourceProtectedAllScope(true);
+ clientPage.requestResourceProtectedAnyScope(false);
}
@Test
public void testRequestResourceToOwner() throws Exception {
- try {
- this.deployer.deploy(RESOURCE_SERVER_ID);
- loginToClientPage("alice", "alice");
- this.clientPage.createAlbum("Alice-Family-Album", true);
-
- loginToClientPage("jdoe", "jdoe");
- this.clientPage.viewAllAlbums();
- this.clientPage.viewAlbum("Alice-Family-Album");
- assertTrue(this.clientPage.wasDenied());
- this.clientPage.navigateTo();
- this.clientPage.viewAllAlbums();
- this.clientPage.deleteAlbum("Alice-Family-Album");
- assertTrue(this.clientPage.wasDenied());
-
- loginToClientPage("alice", "alice");
- this.clientPage.accountGrantResource("Alice-Family-Album", "jdoe");
-
- loginToClientPage("jdoe", "jdoe");
- this.clientPage.viewAllAlbums();
- this.clientPage.viewAlbum("Alice-Family-Album");
- assertFalse(this.clientPage.wasDenied());
- this.clientPage.navigateTo();
- this.clientPage.viewAllAlbums();
- this.clientPage.deleteAlbum("Alice-Family-Album");
- assertFalse(this.clientPage.wasDenied());
-
- loginToClientPage("alice", "alice");
- this.clientPage.createAlbum("Alice-Family-Album", true);
-
- loginToClientPage("jdoe", "jdoe");
- this.clientPage.viewAllAlbums();
- this.clientPage.viewAlbum("Alice-Family-Album");
- assertTrue(this.clientPage.wasDenied());
- this.clientPage.navigateTo();
- this.clientPage.viewAllAlbums();
- this.clientPage.deleteAlbum("Alice-Family-Album");
- assertTrue(this.clientPage.wasDenied());
-
- loginToClientPage("alice", "alice");
- this.clientPage.accountGrantRemoveScope("Alice-Family-Album", "jdoe", "album:delete");
- this.clientPage.accountGrantResource("Alice-Family-Album", "jdoe");
-
- loginToClientPage("jdoe", "jdoe");
- this.clientPage.viewAllAlbums();
- this.clientPage.viewAlbum("Alice-Family-Album");
- assertFalse(this.clientPage.wasDenied());
- this.clientPage.navigateTo();
- this.clientPage.viewAllAlbums();
- this.clientPage.deleteAlbum("Alice-Family-Album");
- assertTrue(this.clientPage.wasDenied());
- } finally {
- this.deployer.undeploy(RESOURCE_SERVER_ID);
- }
+ loginToClientPage("alice", "alice");
+ clientPage.createAlbum("Alice-Family-Album", true);
+
+ loginToClientPage("jdoe", "jdoe");
+ clientPage.viewAllAlbums();
+ clientPage.viewAlbum("Alice-Family-Album", true);
+ clientPage.navigateTo();
+ clientPage.viewAllAlbums();
+ clientPage.deleteAlbum("Alice-Family-Album", true);
+
+ loginToClientPage("alice", "alice");
+ clientPage.accountGrantResource("Alice-Family-Album", "jdoe");
+
+ loginToClientPage("jdoe", "jdoe");
+ clientPage.viewAllAlbums();
+ clientPage.viewAlbum("Alice-Family-Album", false);
+ clientPage.navigateTo();
+ clientPage.viewAllAlbums();
+ clientPage.deleteAlbum("Alice-Family-Album", false);
+
+ loginToClientPage("alice", "alice");
+ clientPage.createAlbum("Alice-Family-Album", true);
+
+ loginToClientPage("jdoe", "jdoe");
+ clientPage.viewAllAlbums();
+ clientPage.viewAlbum("Alice-Family-Album", true);
+ clientPage.navigateTo();
+ clientPage.viewAllAlbums();
+ clientPage.deleteAlbum("Alice-Family-Album", true);
+
+ loginToClientPage("alice", "alice");
+ clientPage.accountGrantRemoveScope("Alice-Family-Album", "jdoe", "album:delete");
+ clientPage.accountGrantResource("Alice-Family-Album", "jdoe");
+
+ loginToClientPage("jdoe", "jdoe");
+ clientPage.viewAllAlbums();
+ clientPage.viewAlbum("Alice-Family-Album", false);
+ clientPage.navigateTo();
+ clientPage.viewAllAlbums();
+ clientPage.deleteAlbum("Alice-Family-Album", true);
}
@Test
public void testOwnerSharingResource() throws Exception {
- try {
- this.deployer.deploy(RESOURCE_SERVER_ID);
- loginToClientPage("alice", "alice");
- this.clientPage.createAlbum("Alice-Family-Album", true);
- this.clientPage.accountShareResource("Alice-Family-Album", "jdoe");
-
- loginToClientPage("jdoe", "jdoe");
- this.clientPage.viewAllAlbums();
- this.clientPage.viewAlbum("Alice-Family-Album");
- assertFalse(this.clientPage.wasDenied());
- this.clientPage.navigateTo();
- this.clientPage.viewAllAlbums();
- this.clientPage.deleteAlbum("Alice-Family-Album");
- assertFalse(this.clientPage.wasDenied());
-
- loginToClientPage("alice", "alice");
- this.clientPage.createAlbum("Alice-Family-Album", true);
- this.clientPage.accountShareRemoveScope("Alice-Family-Album", "jdoe", "album:delete");
-
- loginToClientPage("jdoe", "jdoe");
- this.clientPage.viewAllAlbums();
- this.clientPage.viewAlbum("Alice-Family-Album");
- assertFalse(this.clientPage.wasDenied());
- this.clientPage.navigateTo();
- this.clientPage.viewAllAlbums();
- this.clientPage.deleteAlbum("Alice-Family-Album");
- assertTrue(this.clientPage.wasDenied());
-
- loginToClientPage("alice", "alice");
- this.clientPage.accountRevokeResource("Alice-Family-Album", "jdoe");
-
- loginToClientPage("jdoe", "jdoe");
- this.clientPage.viewAllAlbums();
- this.clientPage.viewAlbum("Alice-Family-Album");
- assertTrue(this.clientPage.wasDenied());
- } finally {
- this.deployer.undeploy(RESOURCE_SERVER_ID);
- }
+ loginToClientPage("alice", "alice");
+ clientPage.createAlbum("Alice-Family-Album", true);
+ clientPage.accountShareResource("Alice-Family-Album", "jdoe");
+
+ loginToClientPage("jdoe", "jdoe");
+ clientPage.viewAllAlbums();
+ clientPage.viewAlbum("Alice-Family-Album", false);
+ clientPage.navigateTo();
+ clientPage.viewAllAlbums();
+ clientPage.deleteAlbum("Alice-Family-Album", false);
+
+ loginToClientPage("alice", "alice");
+ clientPage.createAlbum("Alice-Family-Album", true);
+ clientPage.accountShareRemoveScope("Alice-Family-Album", "jdoe", "album:delete");
+
+ loginToClientPage("jdoe", "jdoe");
+ clientPage.viewAllAlbums();
+ clientPage.viewAlbum("Alice-Family-Album", false);
+ clientPage.navigateTo();
+ clientPage.viewAllAlbums();
+ clientPage.deleteAlbum("Alice-Family-Album", true);
+
+ loginToClientPage("alice", "alice");
+ clientPage.accountRevokeResource("Alice-Family-Album", "jdoe");
+
+ loginToClientPage("jdoe", "jdoe");
+ clientPage.viewAllAlbums();
+ clientPage.viewAlbum("Alice-Family-Album", true);
}
private void importResourceServerSettings() throws FileNotFoundException {
@@ -791,6 +685,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
}
private void loginToClientPage(String username, String password, String... scopes) throws InterruptedException {
+ log.debugf("--logging in as {0} with password: {1}; scopes: {2}", username, password, Arrays.toString(scopes));
// We need to log out by deleting cookies because the log out button sometimes doesn't work in PhantomJS
deleteAllCookiesForTestRealm();
clientPage.navigateTo();
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml
index b320fd4..e45dc60 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml
@@ -43,6 +43,10 @@
<property name="chromeArguments">${chromeArguments}</property>
</extension>
+ <extension qualifier="drone">
+ <property name="instantiationTimeoutInSeconds">${droneInstantiationTimeoutInSeconds}</property>
+ </extension>
+
<extension qualifier="graphene">
<property name="waitGuiInterval">5</property>
<property name="waitAjaxInterval">5</property>
diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/authorization/WildflyPhotozExampleAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/authorization/WildflyPhotozExampleAdapterTest.java
index f35217c..42cde44 100644
--- a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/authorization/WildflyPhotozExampleAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/authorization/WildflyPhotozExampleAdapterTest.java
@@ -16,7 +16,6 @@
*/
package org.keycloak.testsuite.adapter.example.authorization;
-import org.keycloak.testsuite.adapter.example.authorization.AbstractPhotozExampleAdapterTest;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
/**
diff --git a/testsuite/integration-arquillian/tests/pom.xml b/testsuite/integration-arquillian/tests/pom.xml
index 563d115..ea76512 100755
--- a/testsuite/integration-arquillian/tests/pom.xml
+++ b/testsuite/integration-arquillian/tests/pom.xml
@@ -102,6 +102,7 @@
<browser>htmlUnit</browser>
<webdriverDownloadBinaries>true</webdriverDownloadBinaries>
+ <droneInstantiationTimeoutInSeconds>60</droneInstantiationTimeoutInSeconds>
<github.username/>
<github.secretToken/>
<ieDriverArch/>
@@ -278,6 +279,7 @@
<js.chromeArguments>${js.chromeArguments}</js.chromeArguments>
<htmlUnitBrowserVersion>${htmlUnitBrowserVersion}</htmlUnitBrowserVersion>
<webdriverDownloadBinaries>${webdriverDownloadBinaries}</webdriverDownloadBinaries>
+ <droneInstantiationTimeoutInSeconds>${droneInstantiationTimeoutInSeconds}</droneInstantiationTimeoutInSeconds>
<github.username>${github.username}</github.username>
<github.secretToken>${github.secretToken}</github.secretToken>