keycloak-uncached
Changes
testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/servlet-policy-enforcer-authz-realm.json 15(+15 -0)
Details
diff --git a/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/servlet-policy-enforcer-authz-realm.json b/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/servlet-policy-enforcer-authz-realm.json
index cef6f00..a5299bf 100644
--- a/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/servlet-policy-enforcer-authz-realm.json
+++ b/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/servlet-policy-enforcer-authz-realm.json
@@ -115,6 +115,11 @@
{
"name": "Pattern 11",
"typedScopes": []
+ },
+ {
+ "name": "Pattern 12",
+ "uri": "/realm_uri",
+ "typedScopes": []
}
],
"policies": [
@@ -256,6 +261,16 @@
"resources": "[\"Pattern 11\"]",
"applyPolicies": "[\"Default Policy\"]"
}
+ },
+ {
+ "name": "Pattern 12 Permission",
+ "type": "resource",
+ "logic": "POSITIVE",
+ "decisionStrategy": "UNANIMOUS",
+ "config": {
+ "resources": "[\"Pattern 12\"]",
+ "applyPolicies": "[\"Default Policy\"]"
+ }
}
],
"scopes": []
diff --git a/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/src/main/webapp/WEB-INF/keycloak.json b/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/src/main/webapp/WEB-INF/keycloak.json
index d8742d3..1dfcd7b 100644
--- a/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/src/main/webapp/WEB-INF/keycloak.json
+++ b/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/src/main/webapp/WEB-INF/keycloak.json
@@ -56,6 +56,10 @@
{
"name": "Pattern 11",
"path": "/api/{version}/{resource}"
+ },
+ {
+ "name": "Pattern 12",
+ "path": "/keycloak_json_uri"
}
]
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletPolicyEnforcerTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletPolicyEnforcerTest.java
index aaeee4f..2661185 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletPolicyEnforcerTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletPolicyEnforcerTest.java
@@ -290,12 +290,14 @@ public abstract class AbstractServletPolicyEnforcerTest extends AbstractExampleA
login("alice", "alice");
navigateTo("/resource/a/i/b/c/d/e");
+ assertFalse(wasDenied());
navigateTo("/resource/a/i/b/c/");
assertFalse(wasDenied());
updatePermissionPolicies("Pattern 10 Permission", "Deny Policy");
login("alice", "alice");
navigateTo("/resource/a/i/b/c/d/e");
+ assertTrue(wasDenied());
navigateTo("/resource/a/i/b/c/d");
assertTrue(wasDenied());
@@ -350,6 +352,34 @@ public abstract class AbstractServletPolicyEnforcerTest extends AbstractExampleA
});
}
+ @Test
+ public void testPriorityOfURIForResource() {
+ performTests(() -> {
+ login("alice", "alice");
+ navigateTo("/realm_uri");
+ assertTrue(wasDenied());
+ navigateTo("/keycloak_json_uri");
+ assertFalse(wasDenied());
+
+ updatePermissionPolicies("Pattern 12 Permission", "Deny Policy");
+
+ login("alice", "alice");
+ navigateTo("/realm_uri");
+ assertTrue(wasDenied());
+ navigateTo("/keycloak_json_uri");
+ assertTrue(wasDenied());
+
+ updatePermissionPolicies("Pattern 12 Permission", "Default Policy");
+
+ login("alice", "alice");
+ navigateTo("/realm_uri");
+ assertTrue(wasDenied());
+ navigateTo("/keycloak_json_uri");
+ assertFalse(wasDenied());
+ });
+ }
+
+
private void navigateTo(String path) {
this.driver.navigate().to(getResourceServerUrl() + path);
}