Prosoft Git

keycloak-aplcache

[KEYCLOAK-5095] - Adding tests

9/13/2017 10:37:52 AM
Pedro Igor

Pedro Igor

Commit: 8b2d47d

Tree: 7180e46

Parents: cdb3c15

Changes

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AbstractAuthzTest.java 15(+15 -0)

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AuthorizationAPITest.java 26(+24 -2)

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/EntitlementAPITest.java 41(+25 -16)

Details

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AbstractAuthzTest.java 15(+15 -0) 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AbstractAuthzTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AbstractAuthzTest.java
index 00917cd..02d1865 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AbstractAuthzTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AbstractAuthzTest.java
@@ -1,6 +1,10 @@
 package org.keycloak.testsuite.authz;
 
 import org.junit.BeforeClass;
+import org.keycloak.authorization.client.representation.EntitlementResponse;
+import org.keycloak.jose.jws.JWSInput;
+import org.keycloak.jose.jws.JWSInputException;
+import org.keycloak.representations.AccessToken;
 import org.keycloak.testsuite.AbstractKeycloakTest;
 import org.keycloak.testsuite.ProfileAssume;
 
@@ -13,4 +17,15 @@ public abstract class AbstractAuthzTest extends AbstractKeycloakTest {
     public static void enabled() {
         ProfileAssume.assumePreview();
     }
+
+    protected AccessToken toAccessToken(String rpt) {
+        AccessToken accessToken;
+
+        try {
+            accessToken = new JWSInput(rpt).readJsonContent(AccessToken.class);
+        } catch (JWSInputException cause) {
+            throw new RuntimeException("Failed to deserialize RPT", cause);
+        }
+        return accessToken;
+    }
 }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/EntitlementAPITest.java 41(+25 -16) 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/EntitlementAPITest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/EntitlementAPITest.java
index 2145c6f..c0a8868 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/EntitlementAPITest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/EntitlementAPITest.java
@@ -41,6 +41,7 @@ import org.keycloak.authorization.client.representation.EntitlementResponse;
 import org.keycloak.authorization.client.representation.PermissionRequest;
 import org.keycloak.jose.jws.JWSInput;
 import org.keycloak.jose.jws.JWSInputException;
+import org.keycloak.protocol.oidc.utils.OIDCResponseType;
 import org.keycloak.representations.AccessToken;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.authorization.JSPolicyRepresentation;
@@ -49,6 +50,7 @@ import org.keycloak.representations.idm.authorization.ResourcePermissionRepresen
 import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 import org.keycloak.testsuite.AbstractKeycloakTest;
 import org.keycloak.testsuite.util.ClientBuilder;
+import org.keycloak.testsuite.util.OAuthClient;
 import org.keycloak.testsuite.util.RealmBuilder;
 import org.keycloak.testsuite.util.RoleBuilder;
 import org.keycloak.testsuite.util.RolesBuilder;
@@ -74,6 +76,11 @@ public class EntitlementAPITest extends AbstractAuthzTest {
                     .redirectUris("http://localhost/resource-server-test")
                     .defaultRoles("uma_protection")
                     .directAccessGrants())
+                .client(ClientBuilder.create().clientId("test-client")
+                    .secret("secret")
+                    .authorizationServicesEnabled(true)
+                    .redirectUris("http://localhost/test-client")
+                    .directAccessGrants())
                 .build());
     }
 
@@ -155,7 +162,7 @@ public class EntitlementAPITest extends AbstractAuthzTest {
         request.setMetadata(metadata);
 
         EntitlementResponse response = getAuthzClient().entitlement(authzClient.obtainAccessToken("marta", "password").getToken()).get("resource-server-test", request);
-        AccessToken rpt = toAccessToken(response);
+        AccessToken rpt = toAccessToken(response.getRpt());
 
         List<Permission> permissions = rpt.getAuthorization().getPermissions();
 
@@ -175,7 +182,7 @@ public class EntitlementAPITest extends AbstractAuthzTest {
         request.setRpt(response.getRpt());
 
         response = getAuthzClient().entitlement(authzClient.obtainAccessToken("marta", "password").getToken()).get("resource-server-test", request);
-        rpt = toAccessToken(response);
+        rpt = toAccessToken(response.getRpt());
 
         permissions = rpt.getAuthorization().getPermissions();
 
@@ -199,7 +206,7 @@ public class EntitlementAPITest extends AbstractAuthzTest {
         request.setRpt(response.getRpt());
 
         response = getAuthzClient().entitlement(authzClient.obtainAccessToken("marta", "password").getToken()).get("resource-server-test", request);
-        rpt = toAccessToken(response);
+        rpt = toAccessToken(response.getRpt());
 
         permissions = rpt.getAuthorization().getPermissions();
 
@@ -222,7 +229,7 @@ public class EntitlementAPITest extends AbstractAuthzTest {
         request.setRpt(response.getRpt());
 
         response = getAuthzClient().entitlement(authzClient.obtainAccessToken("marta", "password").getToken()).get("resource-server-test", request);
-        rpt = toAccessToken(response);
+        rpt = toAccessToken(response.getRpt());
 
         permissions = rpt.getAuthorization().getPermissions();
 
@@ -234,8 +241,21 @@ public class EntitlementAPITest extends AbstractAuthzTest {
         assertEquals("Resource 12", permissions.get(4).getResourceSetName());
     }
 
+    @Test
+    public void testResourceServerAsAudience() throws Exception {
+        EntitlementRequest request = new EntitlementRequest();
+
+        request.addPermission(new PermissionRequest("Resource 1"));
+
+        String accessToken = new OAuthClient().realm("authz-test").clientId("test-client").doGrantAccessTokenRequest("secret", "marta", "password").getAccessToken();
+        EntitlementResponse response = getAuthzClient().entitlement(accessToken).get("resource-server-test", request);
+        AccessToken rpt = toAccessToken(response.getRpt());
+
+        assertEquals("resource-server-test", rpt.getAudience()[0]);
+    }
+
     private void assertResponse(AuthorizationRequestMetadata metadata, Supplier<EntitlementResponse> responseSupplier) {
-        AccessToken.Authorization authorization = toAccessToken(responseSupplier.get()).getAuthorization();
+        AccessToken.Authorization authorization = toAccessToken(responseSupplier.get().getRpt()).getAuthorization();
 
         List<Permission> permissions = authorization.getPermissions();
 
@@ -251,17 +271,6 @@ public class EntitlementAPITest extends AbstractAuthzTest {
         }
     }
 
-    private AccessToken toAccessToken(EntitlementResponse response) {
-        AccessToken accessToken;
-
-        try {
-            accessToken = new JWSInput(response.getRpt()).readJsonContent(AccessToken.class);
-        } catch (JWSInputException cause) {
-            throw new RuntimeException("Failed to deserialize RPT", cause);
-        }
-        return accessToken;
-    }
-
     private RealmResource getRealm() throws Exception {
         return adminClient.realm("authz-test");
     }

Bonobo Git Server (6.3.0.632) © 2015 Jakub Chodounský · Official Page · Github