keycloak-aplcache
Changes
core/src/main/java/org/keycloak/representations/idm/RequiredActionProviderRepresentation.java 146(+73 -73)
Details
diff --git a/core/src/main/java/org/keycloak/representations/idm/RequiredActionProviderRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/RequiredActionProviderRepresentation.java
index e145818..d94fe5b 100755
--- a/core/src/main/java/org/keycloak/representations/idm/RequiredActionProviderRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/RequiredActionProviderRepresentation.java
@@ -1,73 +1,73 @@
-package org.keycloak.representations.idm;
-
-import java.util.HashMap;
-import java.util.Map;
-
-/**
-* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
-* @version $Revision: 1 $
-*/
-public class RequiredActionProviderRepresentation {
-
- private String alias;
- private String name;
- private String providerId;
- private boolean enabled;
- private boolean defaultAction;
- private Map<String, String> config = new HashMap<String, String>();
-
-
- public String getAlias() {
- return alias;
- }
-
- public void setAlias(String alias) {
- this.alias = alias;
- }
-
- /**
- * Used for display purposes. Probably should clean this code up and make alias and name the same, but
- * the old code references an Enum and the admin console creates a "friendly" name for each enum.
- *
- * @return
- */
- public String getName() {
- return name;
- }
-
- public void setName(String name) {
- this.name = name;
- }
-
- public boolean isEnabled() {
- return enabled;
- }
-
- public void setEnabled(boolean enabled) {
- this.enabled = enabled;
- }
-
- public boolean isDefaultAction() {
- return defaultAction;
- }
-
- public void setDefaultAction(boolean defaultAction) {
- this.defaultAction = defaultAction;
- }
-
- public String getProviderId() {
- return providerId;
- }
-
- public void setProviderId(String providerId) {
- this.providerId = providerId;
- }
-
- public Map<String, String> getConfig() {
- return config;
- }
-
- public void setConfig(Map<String, String> config) {
- this.config = config;
- }
-}
+package org.keycloak.representations.idm;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+* @version $Revision: 1 $
+*/
+public class RequiredActionProviderRepresentation {
+
+ private String alias;
+ private String name;
+ private String providerId;
+ private boolean enabled;
+ private boolean defaultAction;
+ private Map<String, String> config = new HashMap<String, String>();
+
+
+ public String getAlias() {
+ return alias;
+ }
+
+ public void setAlias(String alias) {
+ this.alias = alias;
+ }
+
+ /**
+ * Used for display purposes. Probably should clean this code up and make alias and name the same, but
+ * the old code references an Enum and the admin console creates a "friendly" name for each enum.
+ *
+ * @return
+ */
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public boolean isEnabled() {
+ return enabled;
+ }
+
+ public void setEnabled(boolean enabled) {
+ this.enabled = enabled;
+ }
+
+ public boolean isDefaultAction() {
+ return defaultAction;
+ }
+
+ public void setDefaultAction(boolean defaultAction) {
+ this.defaultAction = defaultAction;
+ }
+
+ public String getProviderId() {
+ return providerId;
+ }
+
+ public void setProviderId(String providerId) {
+ this.providerId = providerId;
+ }
+
+ public Map<String, String> getConfig() {
+ return config;
+ }
+
+ public void setConfig(Map<String, String> config) {
+ this.config = config;
+ }
+}
diff --git a/services/src/main/java/org/keycloak/utils/CredentialHelper.java b/services/src/main/java/org/keycloak/utils/CredentialHelper.java
index c40656b..9b3af31 100755
--- a/services/src/main/java/org/keycloak/utils/CredentialHelper.java
+++ b/services/src/main/java/org/keycloak/utils/CredentialHelper.java
@@ -1,58 +1,58 @@
-package org.keycloak.utils;
-
-import org.keycloak.authentication.Authenticator;
-import org.keycloak.authentication.AuthenticatorFactory;
-import org.keycloak.authentication.ConfigurableAuthenticatorFactory;
-import org.keycloak.authentication.FormAction;
-import org.keycloak.authentication.FormActionFactory;
-import org.keycloak.authentication.authenticators.OTPFormAuthenticatorFactory;
-import org.keycloak.authentication.authenticators.SpnegoAuthenticatorFactory;
-import org.keycloak.authentication.authenticators.UsernamePasswordFormFactory;
-import org.keycloak.models.AuthenticationExecutionModel;
-import org.keycloak.models.AuthenticationFlowModel;
-import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.RealmModel;
-import org.keycloak.models.UserCredentialModel;
-import org.keycloak.models.utils.DefaultAuthenticationFlows;
-import org.keycloak.representations.idm.CredentialRepresentation;
-
-/**
- * used to set an execution a state based on type.
- *
- * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
- * @version $Revision: 1 $
- */
-public class CredentialHelper {
-
- public static void setRequiredCredential(KeycloakSession session, String type, RealmModel realm) {
- AuthenticationExecutionModel.Requirement requirement = AuthenticationExecutionModel.Requirement.REQUIRED;
- authenticationRequirement(session, realm, type, requirement);
- }
-
- public static void setAlternativeCredential(KeycloakSession session, String type, RealmModel realm) {
- AuthenticationExecutionModel.Requirement requirement = AuthenticationExecutionModel.Requirement.ALTERNATIVE;
- authenticationRequirement(session, realm, type, requirement);
- }
-
- public static void authenticationRequirement(KeycloakSession session, RealmModel realm, String type, AuthenticationExecutionModel.Requirement requirement) {
- for (AuthenticationFlowModel flow : realm.getAuthenticationFlows()) {
- for (AuthenticationExecutionModel execution : realm.getAuthenticationExecutions(flow.getId())) {
- String providerId = execution.getAuthenticator();
- ConfigurableAuthenticatorFactory factory = getConfigurableAuthenticatorFactory(session, providerId);
- if (factory == null) continue;
- if (type.equals(factory.getReferenceCategory())) {
- execution.setRequirement(requirement);
- realm.updateAuthenticatorExecution(execution);
- }
- }
- }
- }
-
- public static ConfigurableAuthenticatorFactory getConfigurableAuthenticatorFactory(KeycloakSession session, String providerId) {
- ConfigurableAuthenticatorFactory factory = (AuthenticatorFactory)session.getKeycloakSessionFactory().getProviderFactory(Authenticator.class, providerId);
- if (factory == null) {
- factory = (FormActionFactory)session.getKeycloakSessionFactory().getProviderFactory(FormAction.class, providerId);
- }
- return factory;
- }
-}
+package org.keycloak.utils;
+
+import org.keycloak.authentication.Authenticator;
+import org.keycloak.authentication.AuthenticatorFactory;
+import org.keycloak.authentication.ConfigurableAuthenticatorFactory;
+import org.keycloak.authentication.FormAction;
+import org.keycloak.authentication.FormActionFactory;
+import org.keycloak.authentication.authenticators.OTPFormAuthenticatorFactory;
+import org.keycloak.authentication.authenticators.SpnegoAuthenticatorFactory;
+import org.keycloak.authentication.authenticators.UsernamePasswordFormFactory;
+import org.keycloak.models.AuthenticationExecutionModel;
+import org.keycloak.models.AuthenticationFlowModel;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserCredentialModel;
+import org.keycloak.models.utils.DefaultAuthenticationFlows;
+import org.keycloak.representations.idm.CredentialRepresentation;
+
+/**
+ * used to set an execution a state based on type.
+ *
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class CredentialHelper {
+
+ public static void setRequiredCredential(KeycloakSession session, String type, RealmModel realm) {
+ AuthenticationExecutionModel.Requirement requirement = AuthenticationExecutionModel.Requirement.REQUIRED;
+ authenticationRequirement(session, realm, type, requirement);
+ }
+
+ public static void setAlternativeCredential(KeycloakSession session, String type, RealmModel realm) {
+ AuthenticationExecutionModel.Requirement requirement = AuthenticationExecutionModel.Requirement.ALTERNATIVE;
+ authenticationRequirement(session, realm, type, requirement);
+ }
+
+ public static void authenticationRequirement(KeycloakSession session, RealmModel realm, String type, AuthenticationExecutionModel.Requirement requirement) {
+ for (AuthenticationFlowModel flow : realm.getAuthenticationFlows()) {
+ for (AuthenticationExecutionModel execution : realm.getAuthenticationExecutions(flow.getId())) {
+ String providerId = execution.getAuthenticator();
+ ConfigurableAuthenticatorFactory factory = getConfigurableAuthenticatorFactory(session, providerId);
+ if (factory == null) continue;
+ if (type.equals(factory.getReferenceCategory())) {
+ execution.setRequirement(requirement);
+ realm.updateAuthenticatorExecution(execution);
+ }
+ }
+ }
+ }
+
+ public static ConfigurableAuthenticatorFactory getConfigurableAuthenticatorFactory(KeycloakSession session, String providerId) {
+ ConfigurableAuthenticatorFactory factory = (AuthenticatorFactory)session.getKeycloakSessionFactory().getProviderFactory(Authenticator.class, providerId);
+ if (factory == null) {
+ factory = (FormActionFactory)session.getKeycloakSessionFactory().getProviderFactory(FormAction.class, providerId);
+ }
+ return factory;
+ }
+}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java
index 56adc89..c448a92 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java
@@ -1,223 +1,223 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2012, Red Hat, Inc., and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.keycloak.testsuite.actions;
-
-import org.junit.Assert;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.keycloak.authentication.requiredactions.UpdateTotp;
-import org.keycloak.events.Details;
-import org.keycloak.events.Event;
-import org.keycloak.events.EventType;
-import org.keycloak.models.RealmModel;
-import org.keycloak.models.RequiredActionProviderModel;
-import org.keycloak.models.UserModel;
-import org.keycloak.models.utils.TimeBasedOTP;
-import org.keycloak.representations.idm.CredentialRepresentation;
-import org.keycloak.services.managers.RealmManager;
-import org.keycloak.testsuite.AssertEvents;
-import org.keycloak.testsuite.OAuthClient;
-import org.keycloak.testsuite.pages.AccountTotpPage;
-import org.keycloak.testsuite.pages.AppPage;
-import org.keycloak.testsuite.pages.AppPage.RequestType;
-import org.keycloak.testsuite.pages.LoginConfigTotpPage;
-import org.keycloak.testsuite.pages.LoginPage;
-import org.keycloak.testsuite.pages.LoginTotpPage;
-import org.keycloak.testsuite.pages.RegisterPage;
-import org.keycloak.testsuite.rule.KeycloakRule;
-import org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup;
-import org.keycloak.testsuite.rule.WebResource;
-import org.keycloak.testsuite.rule.WebRule;
-import org.keycloak.utils.CredentialHelper;
-import org.openqa.selenium.WebDriver;
-
-/**
- * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
- */
-public class RequiredActionTotpSetupTest {
-
- @ClassRule
- public static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakSetup() {
-
- @Override
- public void config(RealmManager manager, RealmModel defaultRealm, RealmModel appRealm) {
- CredentialHelper.setRequiredCredential(manager.getSession(), CredentialRepresentation.TOTP, appRealm);
- //appRealm.addRequiredCredential(CredentialRepresentation.TOTP);
- RequiredActionProviderModel requiredAction = appRealm.getRequiredActionProviderByAlias(UserModel.RequiredAction.CONFIGURE_TOTP.name());
- requiredAction.setDefaultAction(true);
- appRealm.updateRequiredActionProvider(requiredAction);
- appRealm.setResetPasswordAllowed(true);
- }
-
- });
-
- @Rule
- public AssertEvents events = new AssertEvents(keycloakRule);
-
- @Rule
- public WebRule webRule = new WebRule(this);
-
- @WebResource
- protected WebDriver driver;
-
- @WebResource
- protected AppPage appPage;
-
- @WebResource
- protected LoginPage loginPage;
-
- @WebResource
- protected LoginTotpPage loginTotpPage;
-
- @WebResource
- protected LoginConfigTotpPage totpPage;
-
- @WebResource
- protected AccountTotpPage accountTotpPage;
-
- @WebResource
- protected OAuthClient oauth;
-
- @WebResource
- protected RegisterPage registerPage;
-
- protected TimeBasedOTP totp = new TimeBasedOTP();
-
- @Test
- public void setupTotpRegister() {
- loginPage.open();
- loginPage.clickRegister();
- registerPage.register("firstName", "lastName", "email@mail.com", "setupTotp", "password", "password");
-
- String userId = events.expectRegister("setupTotp", "email@mail.com").assertEvent().getUserId();
-
- totpPage.assertCurrent();
-
- totpPage.configure(totp.generate(totpPage.getTotpSecret()));
-
- String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setuptotp").assertEvent().getSessionId();
-
- Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
-
- events.expectLogin().user(userId).session(sessionId).detail(Details.USERNAME, "setuptotp").assertEvent();
- }
-
- @Test
- public void setupTotpExisting() {
- loginPage.open();
- loginPage.login("test-user@localhost", "password");
-
- totpPage.assertCurrent();
-
- String totpSecret = totpPage.getTotpSecret();
-
- totpPage.configure(totp.generate(totpSecret));
-
- String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).assertEvent().getSessionId();
-
- Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
-
- Event loginEvent = events.expectLogin().session(sessionId).assertEvent();
-
- oauth.openLogout();
-
- events.expectLogout(loginEvent.getSessionId()).assertEvent();
-
- loginPage.open();
- loginPage.login("test-user@localhost", "password");
- String src = driver.getPageSource();
- loginTotpPage.login(totp.generate(totpSecret));
-
- Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
-
- events.expectLogin().assertEvent();
- }
-
- @Test
- public void setupTotpRegisteredAfterTotpRemoval() {
- // Register new user
- loginPage.open();
- loginPage.clickRegister();
- registerPage.register("firstName2", "lastName2", "email2@mail.com", "setupTotp2", "password2", "password2");
-
- String userId = events.expectRegister("setupTotp2", "email2@mail.com").assertEvent().getUserId();
-
- // Configure totp
- totpPage.assertCurrent();
-
- String totpCode = totpPage.getTotpSecret();
- totpPage.configure(totp.generate(totpCode));
-
- // After totp config, user should be on the app page
- Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
-
- events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent();
-
- Event loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent();
-
- // Logout
- oauth.openLogout();
- events.expectLogout(loginEvent.getSessionId()).user(userId).assertEvent();
-
- // Try to login after logout
- loginPage.open();
- loginPage.login("setupTotp2", "password2");
-
- // Totp is already configured, thus one-time password is needed, login page should be loaded
- Assert.assertTrue(loginPage.isCurrent());
- Assert.assertFalse(totpPage.isCurrent());
-
- // Login with one-time password
- loginTotpPage.login(totp.generate(totpCode));
-
- loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent();
-
- // Open account page
- accountTotpPage.open();
- accountTotpPage.assertCurrent();
-
- // Remove google authentificator
- accountTotpPage.removeTotp();
-
- events.expectAccount(EventType.REMOVE_TOTP).user(userId).assertEvent();
-
- // Logout
- oauth.openLogout();
- events.expectLogout(loginEvent.getSessionId()).user(userId).assertEvent();
-
- // Try to login
- loginPage.open();
- loginPage.login("setupTotp2", "password2");
-
- // Since the authentificator was removed, it has to be set up again
- totpPage.assertCurrent();
- totpPage.configure(totp.generate(totpPage.getTotpSecret()));
-
- String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent().getSessionId();
-
- Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
-
- events.expectLogin().user(userId).session(sessionId).detail(Details.USERNAME, "setuptotp2").assertEvent();
- }
-
-}
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2012, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.keycloak.testsuite.actions;
+
+import org.junit.Assert;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.keycloak.authentication.requiredactions.UpdateTotp;
+import org.keycloak.events.Details;
+import org.keycloak.events.Event;
+import org.keycloak.events.EventType;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.RequiredActionProviderModel;
+import org.keycloak.models.UserModel;
+import org.keycloak.models.utils.TimeBasedOTP;
+import org.keycloak.representations.idm.CredentialRepresentation;
+import org.keycloak.services.managers.RealmManager;
+import org.keycloak.testsuite.AssertEvents;
+import org.keycloak.testsuite.OAuthClient;
+import org.keycloak.testsuite.pages.AccountTotpPage;
+import org.keycloak.testsuite.pages.AppPage;
+import org.keycloak.testsuite.pages.AppPage.RequestType;
+import org.keycloak.testsuite.pages.LoginConfigTotpPage;
+import org.keycloak.testsuite.pages.LoginPage;
+import org.keycloak.testsuite.pages.LoginTotpPage;
+import org.keycloak.testsuite.pages.RegisterPage;
+import org.keycloak.testsuite.rule.KeycloakRule;
+import org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup;
+import org.keycloak.testsuite.rule.WebResource;
+import org.keycloak.testsuite.rule.WebRule;
+import org.keycloak.utils.CredentialHelper;
+import org.openqa.selenium.WebDriver;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+public class RequiredActionTotpSetupTest {
+
+ @ClassRule
+ public static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakSetup() {
+
+ @Override
+ public void config(RealmManager manager, RealmModel defaultRealm, RealmModel appRealm) {
+ CredentialHelper.setRequiredCredential(manager.getSession(), CredentialRepresentation.TOTP, appRealm);
+ //appRealm.addRequiredCredential(CredentialRepresentation.TOTP);
+ RequiredActionProviderModel requiredAction = appRealm.getRequiredActionProviderByAlias(UserModel.RequiredAction.CONFIGURE_TOTP.name());
+ requiredAction.setDefaultAction(true);
+ appRealm.updateRequiredActionProvider(requiredAction);
+ appRealm.setResetPasswordAllowed(true);
+ }
+
+ });
+
+ @Rule
+ public AssertEvents events = new AssertEvents(keycloakRule);
+
+ @Rule
+ public WebRule webRule = new WebRule(this);
+
+ @WebResource
+ protected WebDriver driver;
+
+ @WebResource
+ protected AppPage appPage;
+
+ @WebResource
+ protected LoginPage loginPage;
+
+ @WebResource
+ protected LoginTotpPage loginTotpPage;
+
+ @WebResource
+ protected LoginConfigTotpPage totpPage;
+
+ @WebResource
+ protected AccountTotpPage accountTotpPage;
+
+ @WebResource
+ protected OAuthClient oauth;
+
+ @WebResource
+ protected RegisterPage registerPage;
+
+ protected TimeBasedOTP totp = new TimeBasedOTP();
+
+ @Test
+ public void setupTotpRegister() {
+ loginPage.open();
+ loginPage.clickRegister();
+ registerPage.register("firstName", "lastName", "email@mail.com", "setupTotp", "password", "password");
+
+ String userId = events.expectRegister("setupTotp", "email@mail.com").assertEvent().getUserId();
+
+ totpPage.assertCurrent();
+
+ totpPage.configure(totp.generate(totpPage.getTotpSecret()));
+
+ String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setuptotp").assertEvent().getSessionId();
+
+ Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
+
+ events.expectLogin().user(userId).session(sessionId).detail(Details.USERNAME, "setuptotp").assertEvent();
+ }
+
+ @Test
+ public void setupTotpExisting() {
+ loginPage.open();
+ loginPage.login("test-user@localhost", "password");
+
+ totpPage.assertCurrent();
+
+ String totpSecret = totpPage.getTotpSecret();
+
+ totpPage.configure(totp.generate(totpSecret));
+
+ String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).assertEvent().getSessionId();
+
+ Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
+
+ Event loginEvent = events.expectLogin().session(sessionId).assertEvent();
+
+ oauth.openLogout();
+
+ events.expectLogout(loginEvent.getSessionId()).assertEvent();
+
+ loginPage.open();
+ loginPage.login("test-user@localhost", "password");
+ String src = driver.getPageSource();
+ loginTotpPage.login(totp.generate(totpSecret));
+
+ Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
+
+ events.expectLogin().assertEvent();
+ }
+
+ @Test
+ public void setupTotpRegisteredAfterTotpRemoval() {
+ // Register new user
+ loginPage.open();
+ loginPage.clickRegister();
+ registerPage.register("firstName2", "lastName2", "email2@mail.com", "setupTotp2", "password2", "password2");
+
+ String userId = events.expectRegister("setupTotp2", "email2@mail.com").assertEvent().getUserId();
+
+ // Configure totp
+ totpPage.assertCurrent();
+
+ String totpCode = totpPage.getTotpSecret();
+ totpPage.configure(totp.generate(totpCode));
+
+ // After totp config, user should be on the app page
+ Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
+
+ events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent();
+
+ Event loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent();
+
+ // Logout
+ oauth.openLogout();
+ events.expectLogout(loginEvent.getSessionId()).user(userId).assertEvent();
+
+ // Try to login after logout
+ loginPage.open();
+ loginPage.login("setupTotp2", "password2");
+
+ // Totp is already configured, thus one-time password is needed, login page should be loaded
+ Assert.assertTrue(loginPage.isCurrent());
+ Assert.assertFalse(totpPage.isCurrent());
+
+ // Login with one-time password
+ loginTotpPage.login(totp.generate(totpCode));
+
+ loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent();
+
+ // Open account page
+ accountTotpPage.open();
+ accountTotpPage.assertCurrent();
+
+ // Remove google authentificator
+ accountTotpPage.removeTotp();
+
+ events.expectAccount(EventType.REMOVE_TOTP).user(userId).assertEvent();
+
+ // Logout
+ oauth.openLogout();
+ events.expectLogout(loginEvent.getSessionId()).user(userId).assertEvent();
+
+ // Try to login
+ loginPage.open();
+ loginPage.login("setupTotp2", "password2");
+
+ // Since the authentificator was removed, it has to be set up again
+ totpPage.assertCurrent();
+ totpPage.configure(totp.generate(totpPage.getTotpSecret()));
+
+ String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent().getSessionId();
+
+ Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
+
+ events.expectLogin().user(userId).session(sessionId).detail(Details.USERNAME, "setuptotp2").assertEvent();
+ }
+
+}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
index bf47e0c..7178f1d 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
@@ -1,296 +1,296 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2012, Red Hat, Inc., and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.keycloak.testsuite.composites;
-
-import org.junit.Assert;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.keycloak.OAuth2Constants;
-import org.keycloak.enums.SslRequired;
-import org.keycloak.models.ClientModel;
-import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.RealmModel;
-import org.keycloak.models.RoleModel;
-import org.keycloak.models.UserCredentialModel;
-import org.keycloak.models.UserModel;
-import org.keycloak.models.utils.KeycloakModelUtils;
-import org.keycloak.representations.AccessToken;
-import org.keycloak.services.managers.ClientManager;
-import org.keycloak.services.managers.RealmManager;
-import org.keycloak.testsuite.ApplicationServlet;
-import org.keycloak.testsuite.OAuthClient;
-import org.keycloak.testsuite.OAuthClient.AccessTokenResponse;
-import org.keycloak.testsuite.pages.LoginPage;
-import org.keycloak.testsuite.rule.AbstractKeycloakRule;
-import org.keycloak.testsuite.rule.WebResource;
-import org.keycloak.testsuite.rule.WebRule;
-import org.openqa.selenium.WebDriver;
-
-import java.security.PublicKey;
-
-/**
- * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
- */
-public class CompositeRoleTest {
-
- public static PublicKey realmPublicKey;
- @ClassRule
- public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule(){
- @Override
- protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
- RealmModel realm = manager.createRealm("test");
- KeycloakModelUtils.generateRealmKeys(realm);
- realmPublicKey = realm.getPublicKey();
- realm.setSsoSessionIdleTimeout(3000);
- realm.setAccessTokenLifespan(10000);
- realm.setSsoSessionMaxLifespan(10000);
- realm.setAccessCodeLifespanUserAction(1000);
- realm.setAccessCodeLifespan(1000);
- realm.setSslRequired(SslRequired.EXTERNAL);
- realm.setEnabled(true);
- realm.addRequiredCredential(UserCredentialModel.PASSWORD);
- final RoleModel realmRole1 = realm.addRole("REALM_ROLE_1");
- final RoleModel realmRole2 = realm.addRole("REALM_ROLE_2");
- final RoleModel realmRole3 = realm.addRole("REALM_ROLE_3");
- final RoleModel realmComposite1 = realm.addRole("REALM_COMPOSITE_1");
- realmComposite1.addCompositeRole(realmRole1);
-
- final UserModel realmComposite1User = session.users().addUser(realm, "REALM_COMPOSITE_1_USER");
- realmComposite1User.setEnabled(true);
- realmComposite1User.updateCredential(UserCredentialModel.password("password"));
- realmComposite1User.grantRole(realmComposite1);
-
- final UserModel realmRole1User = session.users().addUser(realm, "REALM_ROLE_1_USER");
- realmRole1User.setEnabled(true);
- realmRole1User.updateCredential(UserCredentialModel.password("password"));
- realmRole1User.grantRole(realmRole1);
-
- final ClientModel realmComposite1Application = new ClientManager(manager).createClient(realm, "REALM_COMPOSITE_1_APPLICATION");
- realmComposite1Application.setFullScopeAllowed(false);
- realmComposite1Application.setEnabled(true);
- realmComposite1Application.addScopeMapping(realmComposite1);
- realmComposite1Application.addRedirectUri("http://localhost:8081/app/*");
- realmComposite1Application.setBaseUrl("http://localhost:8081/app");
- realmComposite1Application.setManagementUrl("http://localhost:8081/app/logout");
- realmComposite1Application.setSecret("password");
-
- final ClientModel realmRole1Application = new ClientManager(manager).createClient(realm, "REALM_ROLE_1_APPLICATION");
- realmRole1Application.setFullScopeAllowed(false);
- realmRole1Application.setEnabled(true);
- realmRole1Application.addScopeMapping(realmRole1);
- realmRole1Application.addRedirectUri("http://localhost:8081/app/*");
- realmRole1Application.setBaseUrl("http://localhost:8081/app");
- realmRole1Application.setManagementUrl("http://localhost:8081/app/logout");
- realmRole1Application.setSecret("password");
-
-
- final ClientModel appRoleApplication = new ClientManager(manager).createClient(realm, "APP_ROLE_APPLICATION");
- appRoleApplication.setFullScopeAllowed(false);
- appRoleApplication.setEnabled(true);
- appRoleApplication.addRedirectUri("http://localhost:8081/app/*");
- appRoleApplication.setBaseUrl("http://localhost:8081/app");
- appRoleApplication.setManagementUrl("http://localhost:8081/app/logout");
- appRoleApplication.setSecret("password");
- final RoleModel appRole1 = appRoleApplication.addRole("APP_ROLE_1");
- final RoleModel appRole2 = appRoleApplication.addRole("APP_ROLE_2");
-
- final RoleModel realmAppCompositeRole = realm.addRole("REALM_APP_COMPOSITE_ROLE");
- realmAppCompositeRole.addCompositeRole(appRole1);
-
- final UserModel realmAppCompositeUser = session.users().addUser(realm, "REALM_APP_COMPOSITE_USER");
- realmAppCompositeUser.setEnabled(true);
- realmAppCompositeUser.updateCredential(UserCredentialModel.password("password"));
- realmAppCompositeUser.grantRole(realmAppCompositeRole);
-
- final UserModel realmAppRoleUser = session.users().addUser(realm, "REALM_APP_ROLE_USER");
- realmAppRoleUser.setEnabled(true);
- realmAppRoleUser.updateCredential(UserCredentialModel.password("password"));
- realmAppRoleUser.grantRole(appRole2);
-
- final ClientModel appCompositeApplication = new ClientManager(manager).createClient(realm, "APP_COMPOSITE_APPLICATION");
- appCompositeApplication.setFullScopeAllowed(false);
- appCompositeApplication.setEnabled(true);
- appCompositeApplication.addRedirectUri("http://localhost:8081/app/*");
- appCompositeApplication.setBaseUrl("http://localhost:8081/app");
- appCompositeApplication.setManagementUrl("http://localhost:8081/app/logout");
- appCompositeApplication.setSecret("password");
- final RoleModel appCompositeRole = appCompositeApplication.addRole("APP_COMPOSITE_ROLE");
- appCompositeApplication.addScopeMapping(appRole2);
- appCompositeRole.addCompositeRole(realmRole1);
- appCompositeRole.addCompositeRole(realmRole2);
- appCompositeRole.addCompositeRole(realmRole3);
- appCompositeRole.addCompositeRole(appRole1);
-
- final UserModel appCompositeUser = session.users().addUser(realm, "APP_COMPOSITE_USER");
- appCompositeUser.setEnabled(true);
- appCompositeUser.updateCredential(UserCredentialModel.password("password"));
- appCompositeUser.grantRole(realmAppCompositeRole);
- appCompositeUser.grantRole(realmComposite1);
-
- deployServlet("app", "/app", ApplicationServlet.class);
-
- }
- };
-
- @Rule
- public WebRule webRule = new WebRule(this);
-
- @WebResource
- protected WebDriver driver;
-
- @WebResource
- protected OAuthClient oauth;
-
- @WebResource
- protected LoginPage loginPage;
-
- @Test
- public void testAppCompositeUser() throws Exception {
- oauth.realm("test");
- oauth.realmPublicKey(realmPublicKey);
- oauth.clientId("APP_COMPOSITE_APPLICATION");
- oauth.doLogin("APP_COMPOSITE_USER", "password");
-
- String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
- AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
-
- Assert.assertEquals(200, response.getStatusCode());
-
- Assert.assertEquals("bearer", response.getTokenType());
-
- AccessToken token = oauth.verifyToken(response.getAccessToken());
-
- Assert.assertEquals(keycloakRule.getUser("test", "APP_COMPOSITE_USER").getId(), token.getSubject());
-
- Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size());
- Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
- Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
- Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
-
- AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
- Assert.assertEquals(200, refreshResponse.getStatusCode());
- }
-
-
- @Test
- public void testRealmAppCompositeUser() throws Exception {
- oauth.realm("test");
- oauth.realmPublicKey(realmPublicKey);
- oauth.clientId("APP_ROLE_APPLICATION");
- oauth.doLogin("REALM_APP_COMPOSITE_USER", "password");
-
- String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
- AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
-
- Assert.assertEquals(200, response.getStatusCode());
-
- Assert.assertEquals("bearer", response.getTokenType());
-
- AccessToken token = oauth.verifyToken(response.getAccessToken());
-
- Assert.assertEquals(keycloakRule.getUser("test", "REALM_APP_COMPOSITE_USER").getId(), token.getSubject());
-
- Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size());
- Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
-
- AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
- Assert.assertEquals(200, refreshResponse.getStatusCode());
- }
-
- @Test
- public void testRealmOnlyWithUserCompositeAppComposite() throws Exception {
- oauth.realm("test");
- oauth.realmPublicKey(realmPublicKey);
- oauth.clientId("REALM_COMPOSITE_1_APPLICATION");
- oauth.doLogin("REALM_COMPOSITE_1_USER", "password");
-
- String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
- AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
-
- Assert.assertEquals(200, response.getStatusCode());
-
- Assert.assertEquals("bearer", response.getTokenType());
-
- AccessToken token = oauth.verifyToken(response.getAccessToken());
-
- Assert.assertEquals(keycloakRule.getUser("test", "REALM_COMPOSITE_1_USER").getId(), token.getSubject());
-
- Assert.assertEquals(2, token.getRealmAccess().getRoles().size());
- Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_COMPOSITE_1"));
- Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
-
- AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
- Assert.assertEquals(200, refreshResponse.getStatusCode());
- }
-
- @Test
- public void testRealmOnlyWithUserCompositeAppRole() throws Exception {
- oauth.realm("test");
- oauth.realmPublicKey(realmPublicKey);
- oauth.clientId("REALM_ROLE_1_APPLICATION");
- oauth.doLogin("REALM_COMPOSITE_1_USER", "password");
-
- String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
- AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
-
- Assert.assertEquals(200, response.getStatusCode());
-
- Assert.assertEquals("bearer", response.getTokenType());
-
- AccessToken token = oauth.verifyToken(response.getAccessToken());
-
- Assert.assertEquals(keycloakRule.getUser("test", "REALM_COMPOSITE_1_USER").getId(), token.getSubject());
-
- Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
- Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
-
- AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
- Assert.assertEquals(200, refreshResponse.getStatusCode());
- }
-
- @Test
- public void testRealmOnlyWithUserRoleAppComposite() throws Exception {
- oauth.realm("test");
- oauth.realmPublicKey(realmPublicKey);
- oauth.clientId("REALM_COMPOSITE_1_APPLICATION");
- oauth.doLogin("REALM_ROLE_1_USER", "password");
-
- String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
- AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
-
- Assert.assertEquals(200, response.getStatusCode());
-
- Assert.assertEquals("bearer", response.getTokenType());
-
- AccessToken token = oauth.verifyToken(response.getAccessToken());
-
- Assert.assertEquals(keycloakRule.getUser("test", "REALM_ROLE_1_USER").getId(), token.getSubject());
-
- Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
- Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
-
- AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
- Assert.assertEquals(200, refreshResponse.getStatusCode());
- }
-
-}
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2012, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.keycloak.testsuite.composites;
+
+import org.junit.Assert;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.keycloak.OAuth2Constants;
+import org.keycloak.enums.SslRequired;
+import org.keycloak.models.ClientModel;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.RoleModel;
+import org.keycloak.models.UserCredentialModel;
+import org.keycloak.models.UserModel;
+import org.keycloak.models.utils.KeycloakModelUtils;
+import org.keycloak.representations.AccessToken;
+import org.keycloak.services.managers.ClientManager;
+import org.keycloak.services.managers.RealmManager;
+import org.keycloak.testsuite.ApplicationServlet;
+import org.keycloak.testsuite.OAuthClient;
+import org.keycloak.testsuite.OAuthClient.AccessTokenResponse;
+import org.keycloak.testsuite.pages.LoginPage;
+import org.keycloak.testsuite.rule.AbstractKeycloakRule;
+import org.keycloak.testsuite.rule.WebResource;
+import org.keycloak.testsuite.rule.WebRule;
+import org.openqa.selenium.WebDriver;
+
+import java.security.PublicKey;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+public class CompositeRoleTest {
+
+ public static PublicKey realmPublicKey;
+ @ClassRule
+ public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule(){
+ @Override
+ protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
+ RealmModel realm = manager.createRealm("test");
+ KeycloakModelUtils.generateRealmKeys(realm);
+ realmPublicKey = realm.getPublicKey();
+ realm.setSsoSessionIdleTimeout(3000);
+ realm.setAccessTokenLifespan(10000);
+ realm.setSsoSessionMaxLifespan(10000);
+ realm.setAccessCodeLifespanUserAction(1000);
+ realm.setAccessCodeLifespan(1000);
+ realm.setSslRequired(SslRequired.EXTERNAL);
+ realm.setEnabled(true);
+ realm.addRequiredCredential(UserCredentialModel.PASSWORD);
+ final RoleModel realmRole1 = realm.addRole("REALM_ROLE_1");
+ final RoleModel realmRole2 = realm.addRole("REALM_ROLE_2");
+ final RoleModel realmRole3 = realm.addRole("REALM_ROLE_3");
+ final RoleModel realmComposite1 = realm.addRole("REALM_COMPOSITE_1");
+ realmComposite1.addCompositeRole(realmRole1);
+
+ final UserModel realmComposite1User = session.users().addUser(realm, "REALM_COMPOSITE_1_USER");
+ realmComposite1User.setEnabled(true);
+ realmComposite1User.updateCredential(UserCredentialModel.password("password"));
+ realmComposite1User.grantRole(realmComposite1);
+
+ final UserModel realmRole1User = session.users().addUser(realm, "REALM_ROLE_1_USER");
+ realmRole1User.setEnabled(true);
+ realmRole1User.updateCredential(UserCredentialModel.password("password"));
+ realmRole1User.grantRole(realmRole1);
+
+ final ClientModel realmComposite1Application = new ClientManager(manager).createClient(realm, "REALM_COMPOSITE_1_APPLICATION");
+ realmComposite1Application.setFullScopeAllowed(false);
+ realmComposite1Application.setEnabled(true);
+ realmComposite1Application.addScopeMapping(realmComposite1);
+ realmComposite1Application.addRedirectUri("http://localhost:8081/app/*");
+ realmComposite1Application.setBaseUrl("http://localhost:8081/app");
+ realmComposite1Application.setManagementUrl("http://localhost:8081/app/logout");
+ realmComposite1Application.setSecret("password");
+
+ final ClientModel realmRole1Application = new ClientManager(manager).createClient(realm, "REALM_ROLE_1_APPLICATION");
+ realmRole1Application.setFullScopeAllowed(false);
+ realmRole1Application.setEnabled(true);
+ realmRole1Application.addScopeMapping(realmRole1);
+ realmRole1Application.addRedirectUri("http://localhost:8081/app/*");
+ realmRole1Application.setBaseUrl("http://localhost:8081/app");
+ realmRole1Application.setManagementUrl("http://localhost:8081/app/logout");
+ realmRole1Application.setSecret("password");
+
+
+ final ClientModel appRoleApplication = new ClientManager(manager).createClient(realm, "APP_ROLE_APPLICATION");
+ appRoleApplication.setFullScopeAllowed(false);
+ appRoleApplication.setEnabled(true);
+ appRoleApplication.addRedirectUri("http://localhost:8081/app/*");
+ appRoleApplication.setBaseUrl("http://localhost:8081/app");
+ appRoleApplication.setManagementUrl("http://localhost:8081/app/logout");
+ appRoleApplication.setSecret("password");
+ final RoleModel appRole1 = appRoleApplication.addRole("APP_ROLE_1");
+ final RoleModel appRole2 = appRoleApplication.addRole("APP_ROLE_2");
+
+ final RoleModel realmAppCompositeRole = realm.addRole("REALM_APP_COMPOSITE_ROLE");
+ realmAppCompositeRole.addCompositeRole(appRole1);
+
+ final UserModel realmAppCompositeUser = session.users().addUser(realm, "REALM_APP_COMPOSITE_USER");
+ realmAppCompositeUser.setEnabled(true);
+ realmAppCompositeUser.updateCredential(UserCredentialModel.password("password"));
+ realmAppCompositeUser.grantRole(realmAppCompositeRole);
+
+ final UserModel realmAppRoleUser = session.users().addUser(realm, "REALM_APP_ROLE_USER");
+ realmAppRoleUser.setEnabled(true);
+ realmAppRoleUser.updateCredential(UserCredentialModel.password("password"));
+ realmAppRoleUser.grantRole(appRole2);
+
+ final ClientModel appCompositeApplication = new ClientManager(manager).createClient(realm, "APP_COMPOSITE_APPLICATION");
+ appCompositeApplication.setFullScopeAllowed(false);
+ appCompositeApplication.setEnabled(true);
+ appCompositeApplication.addRedirectUri("http://localhost:8081/app/*");
+ appCompositeApplication.setBaseUrl("http://localhost:8081/app");
+ appCompositeApplication.setManagementUrl("http://localhost:8081/app/logout");
+ appCompositeApplication.setSecret("password");
+ final RoleModel appCompositeRole = appCompositeApplication.addRole("APP_COMPOSITE_ROLE");
+ appCompositeApplication.addScopeMapping(appRole2);
+ appCompositeRole.addCompositeRole(realmRole1);
+ appCompositeRole.addCompositeRole(realmRole2);
+ appCompositeRole.addCompositeRole(realmRole3);
+ appCompositeRole.addCompositeRole(appRole1);
+
+ final UserModel appCompositeUser = session.users().addUser(realm, "APP_COMPOSITE_USER");
+ appCompositeUser.setEnabled(true);
+ appCompositeUser.updateCredential(UserCredentialModel.password("password"));
+ appCompositeUser.grantRole(realmAppCompositeRole);
+ appCompositeUser.grantRole(realmComposite1);
+
+ deployServlet("app", "/app", ApplicationServlet.class);
+
+ }
+ };
+
+ @Rule
+ public WebRule webRule = new WebRule(this);
+
+ @WebResource
+ protected WebDriver driver;
+
+ @WebResource
+ protected OAuthClient oauth;
+
+ @WebResource
+ protected LoginPage loginPage;
+
+ @Test
+ public void testAppCompositeUser() throws Exception {
+ oauth.realm("test");
+ oauth.realmPublicKey(realmPublicKey);
+ oauth.clientId("APP_COMPOSITE_APPLICATION");
+ oauth.doLogin("APP_COMPOSITE_USER", "password");
+
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
+ AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
+
+ Assert.assertEquals(200, response.getStatusCode());
+
+ Assert.assertEquals("bearer", response.getTokenType());
+
+ AccessToken token = oauth.verifyToken(response.getAccessToken());
+
+ Assert.assertEquals(keycloakRule.getUser("test", "APP_COMPOSITE_USER").getId(), token.getSubject());
+
+ Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size());
+ Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
+ Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
+ Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
+
+ AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
+ Assert.assertEquals(200, refreshResponse.getStatusCode());
+ }
+
+
+ @Test
+ public void testRealmAppCompositeUser() throws Exception {
+ oauth.realm("test");
+ oauth.realmPublicKey(realmPublicKey);
+ oauth.clientId("APP_ROLE_APPLICATION");
+ oauth.doLogin("REALM_APP_COMPOSITE_USER", "password");
+
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
+ AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
+
+ Assert.assertEquals(200, response.getStatusCode());
+
+ Assert.assertEquals("bearer", response.getTokenType());
+
+ AccessToken token = oauth.verifyToken(response.getAccessToken());
+
+ Assert.assertEquals(keycloakRule.getUser("test", "REALM_APP_COMPOSITE_USER").getId(), token.getSubject());
+
+ Assert.assertEquals(1, token.getResourceAccess("APP_ROLE_APPLICATION").getRoles().size());
+ Assert.assertTrue(token.getResourceAccess("APP_ROLE_APPLICATION").isUserInRole("APP_ROLE_1"));
+
+ AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
+ Assert.assertEquals(200, refreshResponse.getStatusCode());
+ }
+
+ @Test
+ public void testRealmOnlyWithUserCompositeAppComposite() throws Exception {
+ oauth.realm("test");
+ oauth.realmPublicKey(realmPublicKey);
+ oauth.clientId("REALM_COMPOSITE_1_APPLICATION");
+ oauth.doLogin("REALM_COMPOSITE_1_USER", "password");
+
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
+ AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
+
+ Assert.assertEquals(200, response.getStatusCode());
+
+ Assert.assertEquals("bearer", response.getTokenType());
+
+ AccessToken token = oauth.verifyToken(response.getAccessToken());
+
+ Assert.assertEquals(keycloakRule.getUser("test", "REALM_COMPOSITE_1_USER").getId(), token.getSubject());
+
+ Assert.assertEquals(2, token.getRealmAccess().getRoles().size());
+ Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_COMPOSITE_1"));
+ Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
+
+ AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
+ Assert.assertEquals(200, refreshResponse.getStatusCode());
+ }
+
+ @Test
+ public void testRealmOnlyWithUserCompositeAppRole() throws Exception {
+ oauth.realm("test");
+ oauth.realmPublicKey(realmPublicKey);
+ oauth.clientId("REALM_ROLE_1_APPLICATION");
+ oauth.doLogin("REALM_COMPOSITE_1_USER", "password");
+
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
+ AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
+
+ Assert.assertEquals(200, response.getStatusCode());
+
+ Assert.assertEquals("bearer", response.getTokenType());
+
+ AccessToken token = oauth.verifyToken(response.getAccessToken());
+
+ Assert.assertEquals(keycloakRule.getUser("test", "REALM_COMPOSITE_1_USER").getId(), token.getSubject());
+
+ Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
+ Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
+
+ AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
+ Assert.assertEquals(200, refreshResponse.getStatusCode());
+ }
+
+ @Test
+ public void testRealmOnlyWithUserRoleAppComposite() throws Exception {
+ oauth.realm("test");
+ oauth.realmPublicKey(realmPublicKey);
+ oauth.clientId("REALM_COMPOSITE_1_APPLICATION");
+ oauth.doLogin("REALM_ROLE_1_USER", "password");
+
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
+ AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
+
+ Assert.assertEquals(200, response.getStatusCode());
+
+ Assert.assertEquals("bearer", response.getTokenType());
+
+ AccessToken token = oauth.verifyToken(response.getAccessToken());
+
+ Assert.assertEquals(keycloakRule.getUser("test", "REALM_ROLE_1_USER").getId(), token.getSubject());
+
+ Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
+ Assert.assertTrue(token.getRealmAccess().isUserInRole("REALM_ROLE_1"));
+
+ AccessTokenResponse refreshResponse = oauth.doRefreshTokenRequest(response.getRefreshToken(), "password");
+ Assert.assertEquals(200, refreshResponse.getStatusCode());
+ }
+
+}