keycloak-aplcache
Changes
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/PhotozClientAuthzTestApp.java 5(+4 -1)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractDefaultAuthzConfigAdapterTest.java 25(+11 -14)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java 236(+196 -40)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletAuthzAdapterTest.java 39(+16 -23)
testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/authorization/WildflyDefaultAuthzConfigAdapterTest.java 2(+1 -1)
Details
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/PhotozClientAuthzTestApp.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/PhotozClientAuthzTestApp.java
index 4721737..0e07157 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/PhotozClientAuthzTestApp.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/PhotozClientAuthzTestApp.java
@@ -50,7 +50,10 @@ public class PhotozClientAuthzTestApp extends AbstractPageWithInjectedUrl {
protected ConsentPage consentPage;
public void createAlbum(String name) {
- this.driver.findElement(By.id("create-album")).click();
+ navigateTo();
+ By id = By.id("create-album");
+ WaitUtils.waitUntilElement(id);
+ this.driver.findElement(id).click();
Form.setInputValue(this.driver.findElement(By.id("album.name")), name);
this.driver.findElement(By.id("save-album")).click();
pause(500);
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractDefaultAuthzConfigAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractDefaultAuthzConfigAdapterTest.java
index 82b3ec4..4666674 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractDefaultAuthzConfigAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractDefaultAuthzConfigAdapterTest.java
@@ -59,31 +59,28 @@ public abstract class AbstractDefaultAuthzConfigAdapterTest extends AbstractExam
@Test
public void testDefaultAuthzConfig() throws Exception {
- configureAuthorizationServices();
- deploy();
- navigateToResourceServer();
- login();
+ try {
+ this.deployer.deploy(RESOURCE_SERVER_ID);
+ configureAuthorizationServices();
- assertTrue(this.driver.getPageSource().contains("Your permissions are"));
- assertTrue(this.driver.getPageSource().contains("Default Resource"));
- }
+ login();
- private void login() {
- this.loginPage.form().login("alice", "alice");
+ assertTrue(this.driver.getPageSource().contains("Your permissions are"));
+ assertTrue(this.driver.getPageSource().contains("Default Resource"));
+ } finally {
+ this.deployer.undeploy(RESOURCE_SERVER_ID);
+ }
}
- private void navigateToResourceServer() throws MalformedURLException {
+ private void login() throws MalformedURLException {
this.driver.navigate().to(getResourceServerUrl());
+ this.loginPage.form().login("alice", "alice");
}
private URL getResourceServerUrl() throws MalformedURLException {
return this.appServerContextRootPage.getUriBuilder().path(RESOURCE_SERVER_ID).build().toURL();
}
- private void deploy() {
- this.deployer.deploy(RESOURCE_SERVER_ID);
- }
-
private void configureAuthorizationServices() {
ClientsResource clients = realmsResouce().realm(REALM_NAME).clients();
ClientRepresentation client = clients.findByClientId(RESOURCE_SERVER_ID).get(0);
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java
index 28662fa..9a0fb26 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java
@@ -25,6 +25,7 @@ import org.junit.Test;
import org.keycloak.admin.client.resource.AuthorizationResource;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.ClientsResource;
+import org.keycloak.admin.client.resource.ResourcesResource;
import org.keycloak.admin.client.resource.RoleResource;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.admin.client.resource.UsersResource;
@@ -43,6 +44,10 @@ import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.function.Consumer;
@@ -95,7 +100,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
}
@Test
- public void testCreateDeleteAlbum() throws Exception {
+ public void testUserCanCreateAndDeleteAlbum() throws Exception {
try {
this.deployer.deploy(RESOURCE_SERVER_ID);
@@ -103,13 +108,11 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
this.clientPage.createAlbum("Alice Family Album");
List<ResourceRepresentation> resources = getAuthorizationResource().resources().resources();
-
assertFalse(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
this.clientPage.deleteAlbum("Alice Family Album");
resources = getAuthorizationResource().resources().resources();
-
assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
} finally {
this.deployer.undeploy(RESOURCE_SERVER_ID);
@@ -122,11 +125,11 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
this.deployer.deploy(RESOURCE_SERVER_ID);
this.clientPage.login("alice", "alice");
this.clientPage.createAlbum("Alice-Family-Album");
+
this.clientPage.login("admin", "admin");
this.clientPage.navigateToAdminAlbum();
List<ResourceRepresentation> resources = getAuthorizationResource().resources().resources();
-
assertFalse(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
@@ -137,11 +140,11 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
}
this.clientPage.login("admin", "admin");
+
this.clientPage.navigateToAdminAlbum();
this.clientPage.deleteAlbum("Alice-Family-Album");
-
+ assertTrue(this.clientPage.wasDenied());
resources = getAuthorizationResource().resources().resources();
-
assertFalse(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
@@ -153,9 +156,8 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
this.clientPage.navigateToAdminAlbum();
this.clientPage.deleteAlbum("Alice-Family-Album");
-
+ assertFalse(this.clientPage.wasDenied());
resources = getAuthorizationResource().resources().resources();
-
assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
} finally {
this.deployer.undeploy(RESOURCE_SERVER_ID);
@@ -166,9 +168,9 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
public void testRegularUserCanNotAccessAdminResources() throws Exception {
try {
this.deployer.deploy(RESOURCE_SERVER_ID);
+
this.clientPage.login("alice", "alice");
this.clientPage.navigateToAdminAlbum();
-
assertTrue(this.clientPage.wasDenied());
} finally {
this.deployer.undeploy(RESOURCE_SERVER_ID);
@@ -179,9 +181,9 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
public void testAdminOnlyFromSpecificAddress() throws Exception {
try {
this.deployer.deploy(RESOURCE_SERVER_ID);
+
this.clientPage.login("admin", "admin");
this.clientPage.navigateToAdminAlbum();
-
assertFalse(this.clientPage.wasDenied());
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
@@ -193,7 +195,6 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
}
this.clientPage.navigateToAdminAlbum();
-
assertTrue(this.clientPage.wasDenied());
} finally {
this.deployer.undeploy(RESOURCE_SERVER_ID);
@@ -204,16 +205,15 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
public void testAdminWithoutPermissionsToTypedResource() throws Exception {
try {
this.deployer.deploy(RESOURCE_SERVER_ID);
+
this.clientPage.login("alice", "alice");
this.clientPage.createAlbum("Alice Family Album");
this.clientPage.login("admin", "admin");
this.clientPage.navigateToAdminAlbum();
-
assertFalse(this.clientPage.wasDenied());
this.clientPage.viewAlbum("Alice Family Album");
-
assertFalse(this.clientPage.wasDenied());
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
@@ -242,7 +242,6 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
this.clientPage.navigateToAdminAlbum();
this.clientPage.viewAlbum("Alice Family Album");
-
assertTrue(this.clientPage.wasDenied());
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
@@ -254,14 +253,11 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
this.clientPage.navigateToAdminAlbum();
this.clientPage.viewAlbum("Alice Family Album");
-
assertFalse(this.clientPage.wasDenied());
this.clientPage.navigateToAdminAlbum();
this.clientPage.deleteAlbum("Alice Family Album");
-
List<ResourceRepresentation> resources = getAuthorizationResource().resources().resources();
-
assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
} finally {
this.deployer.undeploy(RESOURCE_SERVER_ID);
@@ -269,23 +265,20 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
}
@Test
- public void testAdminWithoutPermissionsToDeleteScopePermission() throws Exception {
+ public void testAdminWithoutPermissionsToDeleteAlbum() throws Exception {
try {
this.deployer.deploy(RESOURCE_SERVER_ID);
+
this.clientPage.login("alice", "alice");
this.clientPage.createAlbum("Alice Family Album");
this.clientPage.login("admin", "admin");
this.clientPage.navigateToAdminAlbum();
-
assertFalse(this.clientPage.wasDenied());
this.clientPage.deleteAlbum("Alice Family Album");
-
assertFalse(this.clientPage.wasDenied());
-
List<ResourceRepresentation> resources = getAuthorizationResource().resources().resources();
-
assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
@@ -301,14 +294,11 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
this.clientPage.login("admin", "admin");
this.clientPage.navigateToAdminAlbum();
this.clientPage.viewAlbum("Alice Family Album");
-
assertFalse(this.clientPage.wasDenied());
resources = getAuthorizationResource().resources().resources();
-
assertFalse(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
this.clientPage.navigateToAdminAlbum();
-
this.clientPage.deleteAlbum("Alice Family Album");
assertTrue(this.clientPage.wasDenied());
@@ -321,11 +311,8 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
this.clientPage.navigateToAdminAlbum();
this.clientPage.deleteAlbum("Alice Family Album");
-
assertFalse(this.clientPage.wasDenied());
-
resources = getAuthorizationResource().resources().resources();
-
assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
} finally {
this.deployer.undeploy(RESOURCE_SERVER_ID);
@@ -336,8 +323,8 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
public void testClientRoleRepresentingUserConsent() throws Exception {
try {
this.deployer.deploy(RESOURCE_SERVER_ID);
- this.clientPage.login("alice", "alice");
+ this.clientPage.login("alice", "alice");
assertFalse(this.clientPage.wasDenied());
UsersResource usersResource = realmsResouce().realm(REALM_NAME).users();
@@ -361,11 +348,9 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
roleResource.update(roleRepresentation);
this.clientPage.login("alice", "alice");
-
assertTrue(this.clientPage.wasDenied());
this.clientPage.loginWithScopes("alice", "alice", RESOURCE_SERVER_ID + "/manage-albums");
-
assertFalse(this.clientPage.wasDenied());
} finally {
this.deployer.undeploy(RESOURCE_SERVER_ID);
@@ -376,6 +361,7 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
public void testClientRoleNotRequired() throws Exception {
try {
this.deployer.deploy(RESOURCE_SERVER_ID);
+
this.clientPage.login("alice", "alice");
assertFalse(this.clientPage.wasDenied());
@@ -401,32 +387,202 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
manageAlbumRole.update(roleRepresentation);
this.clientPage.login("alice", "alice");
-
assertTrue(this.clientPage.wasDenied());
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
if ("Any User Policy".equals(policy.getName())) {
List<Map> roles = JsonSerialization.readValue(policy.getConfig().get("roles"), List.class);
- roles.forEach(new Consumer<Map>() {
- @Override
- public void accept(Map role) {
- String roleId = (String) role.get("id");
- if (roleId.equals(manageAlbumRole.toRepresentation().getId())) {
- role.put("required", false);
- }
+ roles.forEach(role -> {
+ String roleId = (String) role.get("id");
+ if (roleId.equals(manageAlbumRole.toRepresentation().getId())) {
+ role.put("required", false);
}
});
policy.getConfig().put("roles", JsonSerialization.writeValueAsString(roles));
-
getAuthorizationResource().policies().policy(policy.getId()).update(policy);
}
}
this.clientPage.login("alice", "alice");
+ assertFalse(this.clientPage.wasDenied());
+ } finally {
+ this.deployer.undeploy(RESOURCE_SERVER_ID);
+ }
+ }
+
+ @Test
+ public void testOverridePermissionFromResourceParent() throws Exception {
+ try {
+ this.deployer.deploy(RESOURCE_SERVER_ID);
+
+ this.clientPage.login("alice", "alice");
+ String resourceName = "My Resource Instance";
+ this.clientPage.createAlbum(resourceName);
+ assertFalse(this.clientPage.wasDenied());
+ this.clientPage.viewAlbum(resourceName);
assertFalse(this.clientPage.wasDenied());
+
+ this.clientPage.navigateTo();
+ this.clientPage.deleteAlbum(resourceName);
+ assertFalse(this.clientPage.wasDenied());
+
+ this.clientPage.createAlbum(resourceName);
+
+ this.clientPage.login("admin", "admin");
+
+ this.clientPage.navigateToAdminAlbum();
+ this.clientPage.viewAlbum(resourceName);
+ assertFalse(this.clientPage.wasDenied());
+
+ this.clientPage.navigateToAdminAlbum();;
+ this.clientPage.deleteAlbum(resourceName);
+ assertFalse(this.clientPage.wasDenied());
+
+ this.clientPage.login("alice", "alice");
+ this.clientPage.createAlbum(resourceName);
+ assertFalse(this.clientPage.wasDenied());
+
+ getAuthorizationResource().resources().resources().forEach(resource -> {
+ if (resource.getName().equals(resourceName)) {
+ try {
+ PolicyRepresentation resourceInstancePermission = new PolicyRepresentation();
+
+ resourceInstancePermission.setName(resourceName + "Permission");
+ resourceInstancePermission.setType("resource");
+
+ Map<String, String> config = new HashMap<>();
+
+ config.put("resources", JsonSerialization.writeValueAsString(Arrays.asList(resource.getId())));
+ config.put("applyPolicies", JsonSerialization.writeValueAsString(Arrays.asList("Only Owner Policy")));
+
+ resourceInstancePermission.setConfig(config);
+ getAuthorizationResource().policies().create(resourceInstancePermission);
+ } catch (Exception e) {
+ throw new RuntimeException("Error creating policy.", e);
+ }
+ }
+ });
+
+ this.clientPage.login("admin", "admin");
+
+ this.clientPage.navigateToAdminAlbum();
+ this.clientPage.viewAlbum(resourceName);
+ assertTrue(this.clientPage.wasDenied());
+
+ this.clientPage.navigateToAdminAlbum();
+ this.clientPage.deleteAlbum(resourceName);
+ assertTrue(this.clientPage.wasDenied());
+
+ this.clientPage.login("alice", "alice");
+ this.clientPage.deleteAlbum(resourceName);
+ assertFalse(this.clientPage.wasDenied());
+
+ ResourcesResource resourcesResource = getAuthorizationResource().resources();
+ List<ResourceRepresentation> resources = resourcesResource.resources();
+ assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
+ } finally {
+ this.deployer.undeploy(RESOURCE_SERVER_ID);
+ }
+ }
+
+ @Test
+ public void testInheritPermissionFromResourceParent() throws Exception {
+ try {
+ this.deployer.deploy(RESOURCE_SERVER_ID);
+
+ this.clientPage.login("alice", "alice");
+
+ String resourceName = "My Resource Instance";
+ this.clientPage.createAlbum(resourceName);
+ assertFalse(this.clientPage.wasDenied());
+
+ this.clientPage.viewAlbum(resourceName);
+ assertFalse(this.clientPage.wasDenied());
+
+ this.clientPage.navigateTo();
+ this.clientPage.deleteAlbum(resourceName);
+ assertFalse(this.clientPage.wasDenied());
+
+ this.clientPage.createAlbum(resourceName);
+
+ this.clientPage.login("admin", "admin");
+
+ this.clientPage.navigateToAdminAlbum();
+ this.clientPage.viewAlbum(resourceName);
+ assertFalse(this.clientPage.wasDenied());
+
+ this.clientPage.navigateToAdminAlbum();;
+ this.clientPage.deleteAlbum(resourceName);
+ assertFalse(this.clientPage.wasDenied());
+
+ this.clientPage.login("alice", "alice");
+ this.clientPage.createAlbum(resourceName);
+ assertFalse(this.clientPage.wasDenied());
+
+ ResourcesResource resourcesResource = getAuthorizationResource().resources();
+ resourcesResource.resources().forEach(resource -> {
+ if (resource.getName().equals(resourceName)) {
+ try {
+ PolicyRepresentation resourceInstancePermission = new PolicyRepresentation();
+
+ resourceInstancePermission.setName(resourceName + "Permission");
+ resourceInstancePermission.setType("resource");
+
+ Map<String, String> config = new HashMap<>();
+
+ config.put("resources", JsonSerialization.writeValueAsString(Arrays.asList(resource.getId())));
+ config.put("applyPolicies", JsonSerialization.writeValueAsString(Arrays.asList("Only Owner Policy")));
+
+ resourceInstancePermission.setConfig(config);
+ getAuthorizationResource().policies().create(resourceInstancePermission);
+ } catch (Exception e) {
+ throw new RuntimeException("Error creating policy.", e);
+ }
+ }
+ });
+
+ this.clientPage.login("admin", "admin");
+
+ this.clientPage.navigateToAdminAlbum();
+ this.clientPage.viewAlbum(resourceName);
+ assertTrue(this.clientPage.wasDenied());
+
+ this.clientPage.navigateToAdminAlbum();
+ this.clientPage.deleteAlbum(resourceName);
+ assertTrue(this.clientPage.wasDenied());
+
+ resourcesResource.resources().forEach(resource -> {
+ if (resource.getName().equals(resourceName)) {
+ resource.setScopes(resource.getScopes().stream().filter(scope -> !scope.getName().equals("urn:photoz.com:scopes:album:view")).collect(Collectors.toSet()));
+ resourcesResource.resource(resource.getId()).update(resource);
+ }
+ });
+
+ this.clientPage.login("admin", "admin");
+
+ this.clientPage.navigateToAdminAlbum();
+ this.clientPage.viewAlbum(resourceName);
+ assertFalse(this.clientPage.wasDenied());
+
+ this.clientPage.navigateToAdminAlbum();
+ this.clientPage.deleteAlbum(resourceName);
+ assertTrue(this.clientPage.wasDenied());
+
+ this.clientPage.login("alice", "alice");
+ this.clientPage.deleteAlbum(resourceName);
+ assertFalse(this.clientPage.wasDenied());
+ List<ResourceRepresentation> resources = resourcesResource.resources();
+ assertTrue(resources.stream().filter(resource -> resource.getOwner().getName().equals("alice")).collect(Collectors.toList()).isEmpty());
+
+ resourcesResource.resources().forEach(resource -> {
+ if (resource.getName().equals(resourceName)) {
+ resource.setScopes(Collections.emptySet());
+ resourcesResource.resource(resource.getId()).update(resource);
+ }
+ });
} finally {
this.deployer.undeploy(RESOURCE_SERVER_ID);
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletAuthzAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletAuthzAdapterTest.java
index 2753c5e..7f61556 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletAuthzAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletAuthzAdapterTest.java
@@ -25,7 +25,6 @@ import org.keycloak.admin.client.resource.AuthorizationResource;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.ClientsResource;
import org.keycloak.admin.client.resource.RealmResource;
-import org.keycloak.admin.client.resource.RoleResource;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.representations.idm.ClientRepresentation;
@@ -49,9 +48,6 @@ import java.net.URL;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
-import java.util.Map;
-import java.util.function.Predicate;
-import java.util.stream.Collectors;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
@@ -88,14 +84,12 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda
}
@Test
- public void testUserPermissions() throws Exception {
+ public void testRegularUserPermissions() throws Exception {
try {
this.deployer.deploy(RESOURCE_SERVER_ID);
login("alice", "alice");
-
assertFalse(wasDenied());
-
assertTrue(hasLink("User Premium"));
assertTrue(hasLink("Administration"));
assertTrue(hasText("urn:servlet-authz:page:main:actionForUser"));
@@ -103,18 +97,14 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda
assertFalse(hasText("urn:servlet-authz:page:main:actionForPremiumUser"));
navigateToDynamicMenuPage();
-
assertTrue(hasText("Do user thing"));
assertFalse(hasText("Do user premium thing"));
assertFalse(hasText("Do administration thing"));
-
navigateToUserPremiumPage();
-
assertTrue(wasDenied());
navigateToAdminPage();
-
assertTrue(wasDenied());
} finally {
this.deployer.undeploy(RESOURCE_SERVER_ID);
@@ -127,7 +117,6 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda
this.deployer.deploy(RESOURCE_SERVER_ID);
login("jdoe", "jdoe");
-
assertFalse(wasDenied());
assertTrue(hasLink("User Premium"));
assertTrue(hasLink("Administration"));
@@ -136,10 +125,15 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda
assertFalse(hasText("urn:servlet-authz:page:main:actionForAdmin"));
navigateToDynamicMenuPage();
-
assertTrue(hasText("Do user thing"));
assertTrue(hasText("Do user premium thing"));
assertFalse(hasText("Do administration thing"));
+
+ navigateToUserPremiumPage();
+ assertFalse(wasDenied());
+
+ navigateToAdminPage();
+ assertTrue(wasDenied());
} finally {
this.deployer.undeploy(RESOURCE_SERVER_ID);
}
@@ -151,9 +145,7 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda
this.deployer.deploy(RESOURCE_SERVER_ID);
login("admin", "admin");
-
assertFalse(wasDenied());
-
assertTrue(hasLink("User Premium"));
assertTrue(hasLink("Administration"));
assertTrue(hasText("urn:servlet-authz:page:main:actionForUser"));
@@ -161,26 +153,29 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda
assertFalse(hasText("urn:servlet-authz:page:main:actionForPremiumUser"));
navigateToDynamicMenuPage();
-
assertTrue(hasText("Do user thing"));
assertTrue(hasText("Do administration thing"));
assertFalse(hasText("Do user premium thing"));
+
+ navigateToUserPremiumPage();
+ assertTrue(wasDenied());
+
+ navigateToAdminPage();
+ assertFalse(wasDenied());
} finally {
this.deployer.undeploy(RESOURCE_SERVER_ID);
}
}
@Test
- public void testGrantPremiumAccess() throws Exception {
+ public void testGrantPremiumAccessToUser() throws Exception {
try {
this.deployer.deploy(RESOURCE_SERVER_ID);
login("alice", "alice");
-
assertFalse(wasDenied());
navigateToUserPremiumPage();
-
assertTrue(wasDenied());
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
@@ -193,7 +188,6 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda
login("alice", "alice");
navigateToUserPremiumPage();
-
assertFalse(wasDenied());
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
@@ -204,8 +198,8 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda
}
login("alice", "alice");
- navigateToUserPremiumPage();
+ navigateToUserPremiumPage();
assertTrue(wasDenied());
PolicyRepresentation onlyAlicePolicy = new PolicyRepresentation();
@@ -230,10 +224,9 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda
}
}
- logOut();
login("alice", "alice");
- navigateToUserPremiumPage();
+ navigateToUserPremiumPage();
assertFalse(wasDenied());
} finally {
this.deployer.undeploy(RESOURCE_SERVER_ID);