keycloak-aplcache
Changes
testsuite/integration-arquillian/test-apps/servlet-authz/keycloak.-permissive-authz-service.json 15(+15 -0)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPermissiveModeAdapterTest.java 52(+52 -0)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletAuthzAdapterTest.java 254(+53 -201)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletAuthzFunctionalAdapterTest.java 208(+208 -0)
testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/example/authorization/EAP6PermissiveModeAdapterTest.java 30(+30 -0)
testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/example/authorization/EAP6ServletAuthzAdapterTest.java 2(+1 -1)
Details
diff --git a/testsuite/integration-arquillian/test-apps/servlet-authz/keycloak.-permissive-authz-service.json b/testsuite/integration-arquillian/test-apps/servlet-authz/keycloak.-permissive-authz-service.json
new file mode 100644
index 0000000..89c92f2
--- /dev/null
+++ b/testsuite/integration-arquillian/test-apps/servlet-authz/keycloak.-permissive-authz-service.json
@@ -0,0 +1,15 @@
+{
+ "realm": "servlet-authz",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "auth-server-url" : "http://localhost:8180/auth",
+ "ssl-required" : "external",
+ "resource" : "servlet-authz-app",
+ "public-client" : false,
+ "credentials": {
+ "secret": "secret"
+ },
+ "policy-enforcer": {
+ "enforcement-mode" : "PERMISSIVE",
+ "on-deny-redirect-to" : "/servlet-authz-app/accessDenied.jsp"
+ }
+}
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPermissiveModeAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPermissiveModeAdapterTest.java
new file mode 100644
index 0000000..7159635
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPermissiveModeAdapterTest.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.testsuite.adapter.example.authorization;
+
+import static org.junit.Assert.assertTrue;
+
+import java.io.File;
+import java.io.IOException;
+
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.junit.Test;
+
+/**
+ * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
+ */
+public abstract class AbstractPermissiveModeAdapterTest extends AbstractServletAuthzAdapterTest {
+
+ @Deployment(name = RESOURCE_SERVER_ID, managed = false)
+ public static WebArchive deployment() throws IOException {
+ return exampleDeployment(RESOURCE_SERVER_ID)
+ .addAsWebInfResource(new File(TEST_APPS_HOME_DIR + "/servlet-authz-app/servlet-authz-realm.json"), "keycloak.-permissive-authz-service.json");
+ }
+
+ @Test
+ public void testCanAccessWhenPermissive() throws Exception {
+ performTests(() -> {
+ login("jdoe", "jdoe");
+ driver.navigate().to(getResourceServerUrl() + "/enforcing/resource");
+ assertTrue(driver.getTitle().equals("Error"));
+ assertTrue(driver.getPageSource().contains("Not Found"));
+
+ driver.navigate().to(getResourceServerUrl() + "/protected/admin");
+ assertTrue(wasDenied());
+ });
+ }
+
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletAuthzAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletAuthzAdapterTest.java
index de1a2de..d61b077 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletAuthzAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletAuthzAdapterTest.java
@@ -17,7 +17,6 @@
package org.keycloak.testsuite.adapter.example.authorization;
import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
import static org.keycloak.testsuite.util.IOUtil.loadJson;
import static org.keycloak.testsuite.util.IOUtil.loadRealm;
import static org.keycloak.testsuite.util.WaitUtils.pause;
@@ -25,35 +24,24 @@ import static org.keycloak.testsuite.util.WaitUtils.pause;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
-import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
-import java.util.Arrays;
-import java.util.HashMap;
import java.util.List;
import org.jboss.arquillian.container.test.api.Deployer;
-import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.test.api.ArquillianResource;
-import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.BeforeClass;
-import org.junit.Test;
import org.keycloak.admin.client.resource.AuthorizationResource;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.ClientsResource;
-import org.keycloak.admin.client.resource.RealmResource;
-import org.keycloak.admin.client.resource.UserResource;
-import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
-import org.keycloak.representations.idm.RoleRepresentation;
-import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
+import org.keycloak.representations.idm.authorization.UserPolicyRepresentation;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest;
import org.keycloak.testsuite.util.WaitUtils;
-import org.keycloak.util.JsonSerialization;
import org.openqa.selenium.By;
import org.openqa.selenium.WebElement;
@@ -62,8 +50,8 @@ import org.openqa.selenium.WebElement;
*/
public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAdapterTest {
- private static final String REALM_NAME = "servlet-authz";
- private static final String RESOURCE_SERVER_ID = "servlet-authz-app";
+ protected static final String REALM_NAME = "servlet-authz";
+ protected static final String RESOURCE_SERVER_ID = "servlet-authz-app";
@BeforeClass
public static void enabled() { ProfileAssume.assumePreview(); }
@@ -77,184 +65,13 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda
loadRealm(new File(TEST_APPS_HOME_DIR + "/servlet-authz-app/servlet-authz-realm.json")));
}
- @Deployment(name = RESOURCE_SERVER_ID, managed = false)
- public static WebArchive deployment() throws IOException {
- return exampleDeployment(RESOURCE_SERVER_ID);
+ protected void performTests(ExceptionRunnable assertion) {
+ performTests(() -> importResourceServerSettings(), assertion);
}
- @Test
- public void testRegularUserPermissions() throws Exception {
- performTests(() -> {
- login("alice", "alice");
- assertFalse(wasDenied());
- assertTrue(hasLink("User Premium"));
- assertTrue(hasLink("Administration"));
- assertTrue(hasText("urn:servlet-authz:page:main:actionForUser"));
- assertFalse(hasText("urn:servlet-authz:page:main:actionForAdmin"));
- assertFalse(hasText("urn:servlet-authz:page:main:actionForPremiumUser"));
-
- navigateToDynamicMenuPage();
- assertTrue(hasText("Do user thing"));
- assertFalse(hasText("Do user premium thing"));
- assertFalse(hasText("Do administration thing"));
-
- navigateToUserPremiumPage();
- assertTrue(wasDenied());
-
- navigateToAdminPage();
- assertTrue(wasDenied());
- });
- }
-
- @Test
- public void testUserPremiumPermissions() throws Exception {
- performTests(() -> {
- login("jdoe", "jdoe");
- assertFalse(wasDenied());
- assertTrue(hasLink("User Premium"));
- assertTrue(hasLink("Administration"));
- assertTrue(hasText("urn:servlet-authz:page:main:actionForUser"));
- assertTrue(hasText("urn:servlet-authz:page:main:actionForPremiumUser"));
- assertFalse(hasText("urn:servlet-authz:page:main:actionForAdmin"));
-
- navigateToDynamicMenuPage();
- assertTrue(hasText("Do user thing"));
- assertTrue(hasText("Do user premium thing"));
- assertFalse(hasText("Do administration thing"));
-
- navigateToUserPremiumPage();
- assertFalse(wasDenied());
-
- navigateToAdminPage();
- assertTrue(wasDenied());
- });
- }
-
- @Test
- public void testAdminPermissions() throws Exception {
- performTests(() -> {
- login("admin", "admin");
- assertFalse(wasDenied());
- assertTrue(hasLink("User Premium"));
- assertTrue(hasLink("Administration"));
- assertTrue(hasText("urn:servlet-authz:page:main:actionForUser"));
- assertTrue(hasText("urn:servlet-authz:page:main:actionForAdmin"));
- assertFalse(hasText("urn:servlet-authz:page:main:actionForPremiumUser"));
-
- navigateToDynamicMenuPage();
- assertTrue(hasText("Do user thing"));
- assertTrue(hasText("Do administration thing"));
- assertFalse(hasText("Do user premium thing"));
-
- navigateToUserPremiumPage();
- assertTrue(wasDenied());
-
- navigateToAdminPage();
- assertFalse(wasDenied());
- });
- }
-
- @Test
- public void testGrantPremiumAccessToUser() throws Exception {
- performTests(() -> {
- login("alice", "alice");
- assertFalse(wasDenied());
-
- navigateToUserPremiumPage();
- assertTrue(wasDenied());
-
- for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
- if ("Premium Resource Permission".equals(policy.getName())) {
- policy.getConfig().put("applyPolicies", "[\"Any User Policy\"]");
- getAuthorizationResource().policies().policy(policy.getId()).update(policy);
- }
- }
-
- login("alice", "alice");
-
- navigateToUserPremiumPage();
- assertFalse(wasDenied());
-
- for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
- if ("Premium Resource Permission".equals(policy.getName())) {
- policy.getConfig().put("applyPolicies", "[\"Only Premium User Policy\"]");
- getAuthorizationResource().policies().policy(policy.getId()).update(policy);
- }
- }
-
- login("alice", "alice");
-
- navigateToUserPremiumPage();
- assertTrue(wasDenied());
-
- PolicyRepresentation onlyAlicePolicy = new PolicyRepresentation();
-
- onlyAlicePolicy.setName("Temporary Premium Access Policy");
- onlyAlicePolicy.setType("user");
- HashMap<String, String> config = new HashMap<>();
- UsersResource usersResource = realmsResouce().realm(REALM_NAME).users();
- List<UserRepresentation> users = usersResource.search("alice", null, null, null, null, null);
-
- assertFalse(users.isEmpty());
-
- config.put("users", JsonSerialization.writeValueAsString(Arrays.asList(users.get(0).getId())));
-
- onlyAlicePolicy.setConfig(config);
- getAuthorizationResource().policies().create(onlyAlicePolicy);
-
- for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
- if ("Premium Resource Permission".equals(policy.getName())) {
- policy.getConfig().put("applyPolicies", "[\"Temporary Premium Access Policy\"]");
- getAuthorizationResource().policies().policy(policy.getId()).update(policy);
- }
- }
-
- login("alice", "alice");
-
- navigateToUserPremiumPage();
- assertFalse(wasDenied());
- });
- }
-
- @Test
- public void testGrantAdministrativePermissions() throws Exception {
- performTests(() -> {
- login("jdoe", "jdoe");
-
- navigateToAdminPage();
- assertTrue(wasDenied());
-
- RealmResource realmResource = realmsResouce().realm(REALM_NAME);
- UsersResource usersResource = realmResource.users();
- List<UserRepresentation> users = usersResource.search("jdoe", null, null, null, null, null);
-
- assertFalse(users.isEmpty());
-
- UserResource userResource = usersResource.get(users.get(0).getId());
-
- RoleRepresentation adminRole = realmResource.roles().get("admin").toRepresentation();
- userResource.roles().realmLevel().add(Arrays.asList(adminRole));
-
- login("jdoe", "jdoe");
-
- navigateToAdminPage();
- assertFalse(wasDenied());
- });
- }
-
- //KEYCLOAK-3830
- @Test
- public void testAccessPublicResource() throws Exception {
- performTests(() -> {
- driver.navigate().to(getResourceServerUrl() + "/public-html.html");
- WaitUtils.waitForPageToLoad(driver);
- assertTrue(hasText("This is public resource that should be accessible without login."));
- });
- }
-
- private void performTests(TestRunnable assertion) {
+ protected void performTests(ExceptionRunnable beforeDeploy, ExceptionRunnable assertion) {
try {
- importResourceServerSettings();
+ beforeDeploy.run();
deployer.deploy(RESOURCE_SERVER_ID);
assertion.run();
} catch (FileNotFoundException cause) {
@@ -266,11 +83,11 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda
}
}
- private boolean hasLink(String text) {
+ protected boolean hasLink(String text) {
return getLink(text) != null;
}
- private boolean hasText(String text) {
+ protected boolean hasText(String text) {
return this.driver.getPageSource().contains(text);
}
@@ -278,11 +95,11 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda
return this.driver.findElement(By.xpath("//a[text() = '" + text + "']"));
}
- private void importResourceServerSettings() throws FileNotFoundException {
+ protected void importResourceServerSettings() throws FileNotFoundException {
getAuthorizationResource().importSettings(loadJson(new FileInputStream(new File(TEST_APPS_HOME_DIR + "/servlet-authz-app/servlet-authz-app-authz-service.json")), ResourceServerRepresentation.class));
}
- private AuthorizationResource getAuthorizationResource() {
+ protected AuthorizationResource getAuthorizationResource() {
return getClientResource(RESOURCE_SERVER_ID).authorization();
}
@@ -300,7 +117,7 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda
pause(500);
}
- private void login(String username, String password) {
+ protected void login(String username, String password) {
try {
navigateTo();
Thread.sleep(2000);
@@ -323,11 +140,11 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda
WaitUtils.waitUntilElement(By.xpath("//a[text() = 'Dynamic Menu']"));
}
- private boolean wasDenied() {
+ protected boolean wasDenied() {
return this.driver.getPageSource().contains("You can not access this resource.");
}
- private URL getResourceServerUrl() {
+ protected URL getResourceServerUrl() {
try {
return new URL(this.appServerContextRootPage + "/" + RESOURCE_SERVER_ID);
} catch (MalformedURLException e) {
@@ -335,22 +152,57 @@ public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAda
}
}
- private void navigateToDynamicMenuPage() {
+ protected void navigateToDynamicMenuPage() {
navigateTo();
getLink("Dynamic Menu").click();
}
- private void navigateToUserPremiumPage() {
+ protected void navigateToUserPremiumPage() {
navigateTo();
getLink("User Premium").click();
}
- private void navigateToAdminPage() {
+ protected void navigateToAdminPage() {
navigateTo();
getLink("Administration").click();
}
- private interface TestRunnable {
+ protected void updatePermissionPolicies(String permissionName, String... policyNames) {
+ for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
+ if (permissionName.equalsIgnoreCase(policy.getName())) {
+ StringBuilder policies = new StringBuilder("[");
+
+ for (String policyName : policyNames) {
+ if (policies.length() > 1) {
+ policies.append(",");
+ }
+ policies.append("\"").append(policyName).append("\"");
+
+ }
+
+ policies.append("]");
+
+ policy.getConfig().put("applyPolicies", policies.toString());
+ getAuthorizationResource().policies().policy(policy.getId()).update(policy);
+ }
+ }
+ }
+
+ protected void createUserPolicy(String name, String... userNames) {
+ UserPolicyRepresentation policy = new UserPolicyRepresentation();
+
+ policy.setName(name);
+
+ for (String userName : userNames) {
+ policy.addUser(userName);
+ }
+
+ assertFalse(policy.getUsers().isEmpty());
+
+ getAuthorizationResource().policies().users().create(policy);
+ }
+
+ protected interface ExceptionRunnable {
void run() throws Exception;
}
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletAuthzFunctionalAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletAuthzFunctionalAdapterTest.java
new file mode 100644
index 0000000..3aef537
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractServletAuthzFunctionalAdapterTest.java
@@ -0,0 +1,208 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.testsuite.adapter.example.authorization;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.List;
+
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.junit.Test;
+import org.keycloak.admin.client.resource.ClientsResource;
+import org.keycloak.admin.client.resource.RealmResource;
+import org.keycloak.admin.client.resource.ResourcesResource;
+import org.keycloak.admin.client.resource.UserResource;
+import org.keycloak.admin.client.resource.UsersResource;
+import org.keycloak.representations.idm.ClientRepresentation;
+import org.keycloak.representations.idm.RoleRepresentation;
+import org.keycloak.representations.idm.UserRepresentation;
+import org.keycloak.representations.idm.authorization.ResourceRepresentation;
+import org.keycloak.testsuite.util.WaitUtils;
+
+/**
+ * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
+ */
+public abstract class AbstractServletAuthzFunctionalAdapterTest extends AbstractServletAuthzAdapterTest {
+
+ @Deployment(name = RESOURCE_SERVER_ID, managed = false)
+ public static WebArchive deployment() throws IOException {
+ return exampleDeployment(RESOURCE_SERVER_ID);
+ }
+
+ @Test
+ public void testCanNotAccessWhenEnforcing() throws Exception {
+ performTests(() -> {
+ importResourceServerSettings();
+ ResourcesResource resources = getAuthorizationResource().resources();
+ ResourceRepresentation resource = resources.findByName("Protected Resource").get(0);
+
+ resource.setUri("/index.jsp");
+
+ resources.resource(resource.getId()).update(resource);
+ }, () -> {
+ login("jdoe", "jdoe");
+ driver.navigate().to(getResourceServerUrl().toString() + "/enforcing/resource");
+ assertTrue(wasDenied());
+ });
+ }
+
+ @Test
+ public void testRegularUserPermissions() throws Exception {
+ performTests(() -> {
+ login("alice", "alice");
+ assertFalse(wasDenied());
+ assertTrue(hasLink("User Premium"));
+ assertTrue(hasLink("Administration"));
+ assertTrue(hasText("urn:servlet-authz:page:main:actionForUser"));
+ assertFalse(hasText("urn:servlet-authz:page:main:actionForAdmin"));
+ assertFalse(hasText("urn:servlet-authz:page:main:actionForPremiumUser"));
+
+ navigateToDynamicMenuPage();
+ assertTrue(hasText("Do user thing"));
+ assertFalse(hasText("Do user premium thing"));
+ assertFalse(hasText("Do administration thing"));
+
+ navigateToUserPremiumPage();
+ assertTrue(wasDenied());
+
+ navigateToAdminPage();
+ assertTrue(wasDenied());
+ });
+ }
+
+ @Test
+ public void testUserPremiumPermissions() throws Exception {
+ performTests(() -> {
+ login("jdoe", "jdoe");
+ assertFalse(wasDenied());
+ assertTrue(hasLink("User Premium"));
+ assertTrue(hasLink("Administration"));
+ assertTrue(hasText("urn:servlet-authz:page:main:actionForUser"));
+ assertTrue(hasText("urn:servlet-authz:page:main:actionForPremiumUser"));
+ assertFalse(hasText("urn:servlet-authz:page:main:actionForAdmin"));
+
+ navigateToDynamicMenuPage();
+ assertTrue(hasText("Do user thing"));
+ assertTrue(hasText("Do user premium thing"));
+ assertFalse(hasText("Do administration thing"));
+
+ navigateToUserPremiumPage();
+ assertFalse(wasDenied());
+
+ navigateToAdminPage();
+ assertTrue(wasDenied());
+ });
+ }
+
+ @Test
+ public void testAdminPermissions() throws Exception {
+ performTests(() -> {
+ login("admin", "admin");
+ assertFalse(wasDenied());
+ assertTrue(hasLink("User Premium"));
+ assertTrue(hasLink("Administration"));
+ assertTrue(hasText("urn:servlet-authz:page:main:actionForUser"));
+ assertTrue(hasText("urn:servlet-authz:page:main:actionForAdmin"));
+ assertFalse(hasText("urn:servlet-authz:page:main:actionForPremiumUser"));
+
+ navigateToDynamicMenuPage();
+ assertTrue(hasText("Do user thing"));
+ assertTrue(hasText("Do administration thing"));
+ assertFalse(hasText("Do user premium thing"));
+
+ navigateToUserPremiumPage();
+ assertTrue(wasDenied());
+
+ navigateToAdminPage();
+ assertFalse(wasDenied());
+ });
+ }
+
+ @Test
+ public void testGrantPremiumAccessToUser() throws Exception {
+ performTests(() -> {
+ login("alice", "alice");
+ assertFalse(wasDenied());
+
+ navigateToUserPremiumPage();
+ assertTrue(wasDenied());
+
+ updatePermissionPolicies("Premium Resource Permission", "Any User Policy");
+
+ login("alice", "alice");
+
+ navigateToUserPremiumPage();
+ assertFalse(wasDenied());
+
+ updatePermissionPolicies("Premium Resource Permission", "Only Premium User Policy");
+
+ login("alice", "alice");
+
+ navigateToUserPremiumPage();
+ assertTrue(wasDenied());
+
+ createUserPolicy("Temporary Premium Access Policy", "alice");
+
+ updatePermissionPolicies("Premium Resource Permission", "Temporary Premium Access Policy");
+
+ login("alice", "alice");
+
+ navigateToUserPremiumPage();
+ assertFalse(wasDenied());
+ });
+ }
+
+ @Test
+ public void testGrantAdministrativePermissions() throws Exception {
+ performTests(() -> {
+ login("jdoe", "jdoe");
+
+ navigateToAdminPage();
+ assertTrue(wasDenied());
+
+ RealmResource realmResource = realmsResouce().realm(REALM_NAME);
+ UsersResource usersResource = realmResource.users();
+ List<UserRepresentation> users = usersResource.search("jdoe", null, null, null, null, null);
+
+ assertFalse(users.isEmpty());
+
+ UserResource userResource = usersResource.get(users.get(0).getId());
+
+ RoleRepresentation adminRole = realmResource.roles().get("admin").toRepresentation();
+ userResource.roles().realmLevel().add(Arrays.asList(adminRole));
+
+ login("jdoe", "jdoe");
+
+ navigateToAdminPage();
+ assertFalse(wasDenied());
+ });
+ }
+
+ //KEYCLOAK-3830
+ @Test
+ public void testAccessPublicResource() throws Exception {
+ performTests(() -> {
+ driver.navigate().to(getResourceServerUrl() + "/public-html.html");
+ WaitUtils.waitForPageToLoad(driver);
+ assertTrue(hasText("This is public resource that should be accessible without login."));
+ });
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/example/authorization/EAP6PermissiveModeAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/example/authorization/EAP6PermissiveModeAdapterTest.java
new file mode 100644
index 0000000..c300b51
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/example/authorization/EAP6PermissiveModeAdapterTest.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.testsuite.adapter.example.authorization;
+
+import org.jboss.arquillian.container.test.api.RunAsClient;
+import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
+
+/**
+ *
+ * @author tkyjovsk
+ */
+@RunAsClient
+@AppServerContainer("app-server-eap6")
+public class EAP6PermissiveModeAdapterTest extends AbstractPermissiveModeAdapterTest {
+
+}
diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/example/authorization/EAP6ServletAuthzAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/example/authorization/EAP6ServletAuthzAdapterTest.java
index 5833b29..f7ac21a 100644
--- a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/example/authorization/EAP6ServletAuthzAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/example/authorization/EAP6ServletAuthzAdapterTest.java
@@ -25,6 +25,6 @@ import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
*/
@RunAsClient
@AppServerContainer("app-server-eap6")
-public class EAP6ServletAuthzAdapterTest extends AbstractServletAuthzAdapterTest {
+public class EAP6ServletAuthzAdapterTest extends AbstractServletAuthzFunctionalAdapterTest {
}
diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/authorization/WildflyPermissiveModeAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/authorization/WildflyPermissiveModeAdapterTest.java
new file mode 100644
index 0000000..8c6e0d3
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/authorization/WildflyPermissiveModeAdapterTest.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.testsuite.adapter.example.authorization;
+
+import org.jboss.arquillian.container.test.api.RunAsClient;
+import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
+
+/**
+ *
+ * @author tkyjovsk
+ */
+@RunAsClient
+@AppServerContainer("app-server-wildfly")
+//@AdapterLibsLocationProperty("adapter.libs.wildfly")
+public class WildflyPermissiveModeAdapterTest extends AbstractPermissiveModeAdapterTest {
+
+}
diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/authorization/WildflyServletAuthzAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/authorization/WildflyServletAuthzAdapterTest.java
index 6ff0e1f..13a444f 100644
--- a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/authorization/WildflyServletAuthzAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/authorization/WildflyServletAuthzAdapterTest.java
@@ -17,7 +17,6 @@
package org.keycloak.testsuite.adapter.example.authorization;
import org.jboss.arquillian.container.test.api.RunAsClient;
-import org.keycloak.testsuite.adapter.example.authorization.AbstractServletAuthzAdapterTest;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
/**
@@ -27,6 +26,6 @@ import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
@RunAsClient
@AppServerContainer("app-server-wildfly")
//@AdapterLibsLocationProperty("adapter.libs.wildfly")
-public class WildflyServletAuthzAdapterTest extends AbstractServletAuthzAdapterTest {
+public class WildflyServletAuthzAdapterTest extends AbstractServletAuthzFunctionalAdapterTest {
}