keycloak-uncached
Changes
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/resource/TestCacheResource.java 7(+7 -0)
Details
diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/resource/TestCacheResource.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/resource/TestCacheResource.java
index be531aa..b6f0b81 100644
--- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/resource/TestCacheResource.java
+++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/resource/TestCacheResource.java
@@ -20,6 +20,7 @@ package org.keycloak.testsuite.rest.resource;
import java.util.Set;
import java.util.stream.Collectors;
+import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
@@ -70,4 +71,10 @@ public class TestCacheResource {
return cache.size();
}
+ @GET
+ @Path("/clear")
+ @Consumes(MediaType.TEXT_PLAIN)
+ public void clear() {
+ cache.clear();
+ }
}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingCacheResource.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingCacheResource.java
index 946d0f5..4561c99 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingCacheResource.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingCacheResource.java
@@ -19,6 +19,7 @@ package org.keycloak.testsuite.client.resources;
import java.util.Set;
+import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
@@ -48,4 +49,8 @@ public interface TestingCacheResource {
@Produces(MediaType.APPLICATION_JSON)
int size();
+ @GET
+ @Path("/clear")
+ @Consumes(MediaType.TEXT_PLAIN)
+ void clear();
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ExportAuthorizationSettingsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ExportAuthorizationSettingsTest.java
new file mode 100644
index 0000000..6f5e65e
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ExportAuthorizationSettingsTest.java
@@ -0,0 +1,187 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.testsuite.admin.client.authorization;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.Status;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.keycloak.admin.client.resource.AuthorizationResource;
+import org.keycloak.admin.client.resource.ClientResource;
+import org.keycloak.representations.idm.ClientRepresentation;
+import org.keycloak.representations.idm.RoleRepresentation;
+import org.keycloak.representations.idm.authorization.PolicyRepresentation;
+import org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation;
+import org.keycloak.representations.idm.authorization.ResourceRepresentation;
+import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
+import org.keycloak.testsuite.Assert;
+import org.keycloak.testsuite.util.ClientBuilder;
+
+/**
+ *
+ * @author <a href="mailto:vramik@redhat.com">Vlasta Ramik</a>
+ */
+public class ExportAuthorizationSettingsTest extends AbstractAuthorizationTest {
+
+ //KEYCLOAK-4341
+ @Test
+ public void testResourceBasedPermission() throws Exception {
+ String permissionName = "resource-based-permission";
+
+ ClientResource clientResource = getClientResource();
+
+ enableAuthorizationServices();
+ AuthorizationResource authorizationResource = clientResource.authorization();
+
+ //get Default Resource
+ List<ResourceRepresentation> resources = authorizationResource.resources().findByName("Default Resource");
+ Assert.assertTrue(resources.size() == 1);
+ ResourceRepresentation resource = resources.get(0);
+
+ //get Default Policy
+ PolicyRepresentation policy = authorizationResource.policies().findByName("Default Policy");
+
+ //create Resource-based permission and add default policy/resource
+ ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
+ permission.setName(permissionName);
+ permission.addPolicy(policy.getId());
+ permission.addResource(resource.getId());
+ Response create = authorizationResource.permissions().resource().create(permission);
+ try {
+ Assert.assertEquals(Status.CREATED, create.getStatusInfo());
+ } finally {
+ create.close();
+ }
+
+ //export authorization settings
+ ResourceServerRepresentation exportSettings = authorizationResource.exportSettings();
+
+ //check exported settings contains both resources/applyPolicies
+ boolean found = false;
+ for (PolicyRepresentation p : exportSettings.getPolicies()) {
+ if (p.getName().equals(permissionName)) {
+ found = true;
+ Assert.assertEquals("[\"Default Resource\"]", p.getConfig().get("resources"));
+ Assert.assertEquals("[\"Default Policy\"]", p.getConfig().get("applyPolicies"));
+ }
+ }
+ Assert.assertTrue("Permission \"role-based-permission\" was not found.", found);
+ }
+
+ //KEYCLOAK-4340
+ @Test
+ public void testRoleBasedPolicy() {
+ ClientResource clientResource = getClientResource();
+
+ enableAuthorizationServices();
+ AuthorizationResource authorizationResource = clientResource.authorization();
+
+ ClientRepresentation account = testRealmResource().clients().findByClientId("account").get(0);
+ RoleRepresentation role = testRealmResource().clients().get(account.getId()).roles().get("view-profile").toRepresentation();
+
+ PolicyRepresentation policy = new PolicyRepresentation();
+ policy.setName("role-based-policy");
+ policy.setType("role");
+ Map<String, String> config = new HashMap<>();
+ config.put("roles", "[{\"id\":\"" + role.getId() +"\"}]");
+ policy.setConfig(config);
+ Response create = authorizationResource.policies().create(policy);
+ try {
+ Assert.assertEquals(Status.CREATED, create.getStatusInfo());
+ } finally {
+ create.close();
+ }
+
+ //this call was messing up with DB, see KEYCLOAK-4340
+ authorizationResource.exportSettings();
+
+ //this call failed with NPE
+ authorizationResource.exportSettings();
+ }
+
+
+ //KEYCLOAK-4983
+ @Test
+ @Ignore
+ public void testRoleBasedPolicyWithMultipleRoles() {
+ ClientResource clientResource = getClientResource();
+
+ enableAuthorizationServices();
+ AuthorizationResource authorizationResource = clientResource.authorization();
+
+ testRealmResource().clients().create(ClientBuilder.create().clientId("test-client-1").defaultRoles("client-role").build()).close();
+ testRealmResource().clients().create(ClientBuilder.create().clientId("test-client-2").defaultRoles("client-role").build()).close();
+
+ ClientRepresentation client1 = getClientByClientId("test-client-1");
+ ClientRepresentation client2 = getClientByClientId("test-client-2");
+
+ RoleRepresentation role1 = testRealmResource().clients().get(client1.getId()).roles().get("client-role").toRepresentation();
+ RoleRepresentation role2 = testRealmResource().clients().get(client2.getId()).roles().get("client-role").toRepresentation();
+
+ PolicyRepresentation policy = new PolicyRepresentation();
+ policy.setName("role-based-policy");
+ policy.setType("role");
+ Map<String, String> config = new HashMap<>();
+ config.put("roles", "[{\"id\":\"" + role1.getId() +"\"},{\"id\":\"" + role2.getId() +"\"}]");
+ policy.setConfig(config);
+ Response create = authorizationResource.policies().create(policy);
+ try {
+ Assert.assertEquals(Status.CREATED, create.getStatusInfo());
+ } finally {
+ create.close();
+ }
+
+ //export authorization settings
+ ResourceServerRepresentation exportSettings = authorizationResource.exportSettings();
+
+ //delete test-resource-server client
+ testRealmResource().clients().get(clientResource.toRepresentation().getId()).remove();
+
+ //clear cache
+ testRealmResource().clearRealmCache();
+ //workaround for the fact that clearing realm cache doesn't clear authz cache
+ testingClient.testing("test").cache("authorization").clear();
+
+ //create new client
+ ClientRepresentation client = ClientBuilder.create()
+ .clientId(RESOURCE_SERVER_CLIENT_ID)
+ .authorizationServicesEnabled(true)
+ .serviceAccountsEnabled(true)
+ .build();
+ testRealmResource().clients().create(client).close();
+
+ //import exported settings
+ AuthorizationResource authorization = testRealmResource().clients().get(getClientByClientId(RESOURCE_SERVER_CLIENT_ID).getId()).authorization();
+ authorization.importSettings(exportSettings);
+
+ //check imported settings - TODO
+ PolicyRepresentation result = authorization.policies().findByName("role-based-policy");
+ Map<String, String> config1 = result.getConfig();
+ ResourceServerRepresentation settings = authorization.getSettings();
+ System.out.println("");
+ }
+
+ private ClientRepresentation getClientByClientId(String clientId) {
+ List<ClientRepresentation> findByClientId = testRealmResource().clients().findByClientId(clientId);
+ Assert.assertTrue(findByClientId.size() == 1);
+ return findByClientId.get(0);
+ }
+}
\ No newline at end of file