keycloak-uncached
Changes
authz/policy/drools/src/main/java/org/keycloak/authorization/policy/provider/drools/DroolsPolicyProviderFactory.java 12(+8 -4)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/GenericPolicyManagementTest.java 10(+9 -1)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/RulesPolicyManagementTest.java 6(+5 -1)
Details
diff --git a/authz/policy/drools/src/main/java/org/keycloak/authorization/policy/provider/drools/DroolsPolicyProviderFactory.java b/authz/policy/drools/src/main/java/org/keycloak/authorization/policy/provider/drools/DroolsPolicyProviderFactory.java
index 1bb6efd..0d4da97 100644
--- a/authz/policy/drools/src/main/java/org/keycloak/authorization/policy/provider/drools/DroolsPolicyProviderFactory.java
+++ b/authz/policy/drools/src/main/java/org/keycloak/authorization/policy/provider/drools/DroolsPolicyProviderFactory.java
@@ -11,18 +11,19 @@ import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.policy.provider.PolicyProvider;
import org.keycloak.authorization.policy.provider.PolicyProviderAdminService;
import org.keycloak.authorization.policy.provider.PolicyProviderFactory;
+import org.keycloak.common.Profile;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
+import org.keycloak.provider.EnvironmentDependentProviderFactory;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.RulePolicyRepresentation;
import org.kie.api.KieServices;
-import org.kie.api.KieServices.Factory;
import org.kie.api.runtime.KieContainer;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
-public class DroolsPolicyProviderFactory implements PolicyProviderFactory<RulePolicyRepresentation> {
+public class DroolsPolicyProviderFactory implements PolicyProviderFactory<RulePolicyRepresentation>, EnvironmentDependentProviderFactory {
private KieServices ks;
private final Map<String, DroolsPolicy> containers = Collections.synchronizedMap(new HashMap<>());
@@ -123,7 +124,6 @@ public class DroolsPolicyProviderFactory implements PolicyProviderFactory<RulePo
}
private void updateConfig(Policy policy, RulePolicyRepresentation representation) {
-
policy.putConfig("mavenArtifactGroupId", representation.getArtifactGroupId());
policy.putConfig("mavenArtifactId", representation.getArtifactId());
policy.putConfig("mavenArtifactVersion", representation.getArtifactVersion());
@@ -131,7 +131,6 @@ public class DroolsPolicyProviderFactory implements PolicyProviderFactory<RulePo
policy.putConfig("scannerPeriodUnit", representation.getScannerPeriodUnit());
policy.putConfig("sessionName", representation.getSessionName());
policy.putConfig("moduleName", representation.getModuleName());
-
}
void update(Policy policy) {
@@ -150,4 +149,9 @@ public class DroolsPolicyProviderFactory implements PolicyProviderFactory<RulePo
KieContainer getKieContainer(String groupId, String artifactId, String version) {
return this.ks.newKieContainer(this.ks.newReleaseId(groupId, artifactId, version));
}
+
+ @Override
+ public boolean isSupported() {
+ return Profile.isFeatureEnabled(Profile.Feature.AUTHZ_DROOLS_POLICY);
+ }
}
diff --git a/common/src/main/java/org/keycloak/common/Profile.java b/common/src/main/java/org/keycloak/common/Profile.java
index e7a2a23..50bda6f 100755
--- a/common/src/main/java/org/keycloak/common/Profile.java
+++ b/common/src/main/java/org/keycloak/common/Profile.java
@@ -49,7 +49,8 @@ public class Profile {
IMPERSONATION(Type.DEFAULT),
OPENSHIFT_INTEGRATION(Type.DEFAULT),
SCRIPTS(Type.PREVIEW),
- TOKEN_EXCHANGE(Type.PREVIEW);
+ TOKEN_EXCHANGE(Type.PREVIEW),
+ AUTHZ_DROOLS_POLICY(Type.PREVIEW);;
private Type type;
diff --git a/common/src/test/java/org/keycloak/common/ProfileTest.java b/common/src/test/java/org/keycloak/common/ProfileTest.java
index 827e08e..d18def6 100644
--- a/common/src/test/java/org/keycloak/common/ProfileTest.java
+++ b/common/src/test/java/org/keycloak/common/ProfileTest.java
@@ -22,8 +22,8 @@ public class ProfileTest {
@Test
public void checkDefaults() {
Assert.assertEquals("community", Profile.getName());
- assertEquals(Profile.getDisabledFeatures(), Profile.Feature.ACCOUNT2, Profile.Feature.ACCOUNT_API, Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.DOCKER, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE);
- assertEquals(Profile.getPreviewFeatures(), Profile.Feature.ACCOUNT_API, Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE);
+ assertEquals(Profile.getDisabledFeatures(), Profile.Feature.ACCOUNT2, Profile.Feature.ACCOUNT_API, Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.DOCKER, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE, Profile.Feature.AUTHZ_DROOLS_POLICY);
+ assertEquals(Profile.getPreviewFeatures(), Profile.Feature.ACCOUNT_API, Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE, Profile.Feature.AUTHZ_DROOLS_POLICY);
assertEquals(Profile.getExperimentalFeatures(), Profile.Feature.ACCOUNT2);
}
diff --git a/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java b/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java
index a90b44b..7135403 100644
--- a/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java
+++ b/services/src/main/java/org/keycloak/authorization/admin/PolicyService.java
@@ -319,13 +319,6 @@ public class PolicyService {
return authorization.getProviderFactory(policyType);
}
- private void findAssociatedPolicies(Policy policy, List<Policy> policies) {
- policy.getAssociatedPolicies().forEach(associated -> {
- policies.add(associated);
- findAssociatedPolicies(associated, policies);
- });
- }
-
private void audit(AbstractPolicyRepresentation resource, String id, OperationType operation, KeycloakSession session) {
if (authorization.getRealm().isAdminEventsEnabled()) {
if (id != null) {
diff --git a/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api-authz-service.json b/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api-authz-service.json
index ffb7126..7453506 100644
--- a/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api-authz-service.json
+++ b/testsuite/integration-arquillian/test-apps/photoz/photoz-restful-api-authz-service.json
@@ -55,18 +55,11 @@
{
"name": "Only Owner Policy",
"description": "Defines that only the resource owner is allowed to do something",
- "type": "rules",
+ "type": "js",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
- "mavenArtifactVersion": "2.5.0.Final-SNAPSHOT",
- "mavenArtifactId": "photoz-authz-policy",
- "sessionName": "MainOwnerSession",
- "mavenArtifactGroupId": "org.keycloak.testsuite",
- "moduleName": "PhotozAuthzOwnerPolicy",
- "applyPolicies": "[]",
- "scannerPeriod": "1",
- "scannerPeriodUnit": "Hours"
+ "code": "var permission = $evaluation.getPermission();\nvar identity = $evaluation.getContext().getIdentity();\nvar resource = permission.getResource();\nif (resource) {\nif (resource.getOwner().equals(identity.getId())) {\n$evaluation.grant();\n}}"
}
},
{
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/GenericPolicyManagementTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/GenericPolicyManagementTest.java
index 322492d..f1ef32e 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/GenericPolicyManagementTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/GenericPolicyManagementTest.java
@@ -26,6 +26,7 @@ import org.keycloak.admin.client.resource.ResourceResource;
import org.keycloak.admin.client.resource.ResourceScopeResource;
import org.keycloak.admin.client.resource.ResourceScopesResource;
import org.keycloak.admin.client.resource.ResourcesResource;
+import org.keycloak.common.Profile;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic;
import org.keycloak.representations.idm.authorization.PolicyProviderRepresentation;
@@ -34,6 +35,7 @@ import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import javax.ws.rs.core.Response;
+import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
@@ -142,7 +144,13 @@ public class GenericPolicyManagementTest extends AbstractAuthorizationTest {
.policyProviders().stream().map(PolicyProviderRepresentation::getType).collect(Collectors.toList());
assertFalse(providers.isEmpty());
- assertTrue(providers.containsAll(Arrays.asList(EXPECTED_BUILTIN_POLICY_PROVIDERS)));
+ List expected = new ArrayList(Arrays.asList(EXPECTED_BUILTIN_POLICY_PROVIDERS));
+
+ if (!Profile.isFeatureEnabled(Profile.Feature.AUTHZ_DROOLS_POLICY)) {
+ expected.remove("rules");
+ }
+
+ assertTrue(providers.containsAll(expected));
}
private PolicyResource createTestingPolicy() {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/RulesPolicyManagementTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/RulesPolicyManagementTest.java
index a784566..c863514 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/RulesPolicyManagementTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/RulesPolicyManagementTest.java
@@ -28,10 +28,11 @@ import org.junit.Test;
import org.keycloak.admin.client.resource.AuthorizationResource;
import org.keycloak.admin.client.resource.RulePoliciesResource;
import org.keycloak.admin.client.resource.RulePolicyResource;
-import org.keycloak.common.Version;
+import org.keycloak.common.Profile;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic;
import org.keycloak.representations.idm.authorization.RulePolicyRepresentation;
+import org.keycloak.testsuite.ProfileAssume;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
@@ -40,11 +41,13 @@ public class RulesPolicyManagementTest extends AbstractPolicyManagementTest {
@Test
public void testCreate() {
+ ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHZ_DROOLS_POLICY);
assertCreated(getClient().authorization(), createDefaultRepresentation("Rule Policy"));
}
@Test
public void testUpdate() {
+ ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHZ_DROOLS_POLICY);
AuthorizationResource authorization = getClient().authorization();
RulePolicyRepresentation representation = createDefaultRepresentation("Update Rule Policy");
@@ -69,6 +72,7 @@ public class RulesPolicyManagementTest extends AbstractPolicyManagementTest {
@Test
public void testDelete() {
+ ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHZ_DROOLS_POLICY);
AuthorizationResource authorization = getClient().authorization();
RulePolicyRepresentation representation = createDefaultRepresentation("Delete Rule Policy");
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/import-authorization-unordered-settings.json b/testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/import-authorization-unordered-settings.json
index 5bc4976..61dcbe2 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/import-authorization-unordered-settings.json
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/authorization-test/import-authorization-unordered-settings.json
@@ -54,17 +54,11 @@
{
"name": "Only Owner Policy",
"description": "Defines that only the resource owner is allowed to do something",
- "type": "rules",
+ "type": "js",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
- "mavenArtifactVersion": "${project.version}",
- "mavenArtifactId": "photoz-authz-policy",
- "sessionName": "MainOwnerSession",
- "mavenArtifactGroupId": "org.keycloak.testsuite",
- "moduleName": "PhotozAuthzOwnerPolicy",
- "scannerPeriod": "1",
- "scannerPeriodUnit": "Hours"
+ "code": "var permission = $evaluation.getPermission();\nvar identity = $evaluation.getContext().getIdentity();\nvar resource = permission.getResource();\nif (resource) {\nif (resource.getOwner().equals(identity.getId())) {\n$evaluation.grant();\n}}"
}
},
{
diff --git a/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/RulePolicyManagementTest.java b/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/RulePolicyManagementTest.java
index 0e6501f..d7b160a 100644
--- a/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/RulePolicyManagementTest.java
+++ b/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/RulePolicyManagementTest.java
@@ -20,9 +20,11 @@ import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
import org.junit.Test;
+import org.keycloak.common.Profile;
import org.keycloak.common.Version;
import org.keycloak.representations.idm.authorization.Logic;
import org.keycloak.representations.idm.authorization.RulePolicyRepresentation;
+import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.console.page.clients.authorization.policy.RulePolicy;
/**
@@ -31,7 +33,8 @@ import org.keycloak.testsuite.console.page.clients.authorization.policy.RulePoli
public class RulePolicyManagementTest extends AbstractAuthorizationSettingsTest {
@Test
- public void testUpdate() throws InterruptedException {
+ public void testUpdate() {
+ ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHZ_DROOLS_POLICY);
authorizationPage.navigateTo();
RulePolicyRepresentation expected = createDefaultRepresentation("Test Rule Policy");
@@ -59,7 +62,8 @@ public class RulePolicyManagementTest extends AbstractAuthorizationSettingsTest
}
@Test
- public void testDelete() throws InterruptedException {
+ public void testDelete() {
+ ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHZ_DROOLS_POLICY);
authorizationPage.navigateTo();
RulePolicyRepresentation expected =createDefaultRepresentation("Delete Rule Policy");
@@ -72,7 +76,8 @@ public class RulePolicyManagementTest extends AbstractAuthorizationSettingsTest
}
@Test
- public void testDeleteFromList() throws InterruptedException {
+ public void testDeleteFromList() {
+ ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHZ_DROOLS_POLICY);
authorizationPage.navigateTo();
RulePolicyRepresentation expected =createDefaultRepresentation("Delete Rule Policy");