Example 16 with ClientScopeRepresentation
use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.
the class DynamicScopesRARParseTest method generatedAuthorizationRequestsShouldMatchDefaultScopes.
@Test
public void generatedAuthorizationRequestsShouldMatchDefaultScopes() {
ClientResource testApp = ApiUtil.findClientByClientId(testRealm(), "test-app");
List<ClientScopeRepresentation> defScopes = testApp.getDefaultClientScopes();
oauth.openLoginForm();
oauth.scope("openid");
oauth.doLogin("rar-test", "password");
events.expectLogin().user(userId).assertEvent();
AuthorizationRequestContextHolder contextHolder = fetchAuthorizationRequestContextHolder(userId);
List<AuthorizationRequestContextHolder.AuthorizationRequestHolder> authorizationRequestHolders = contextHolder.getAuthorizationRequestHolders().stream().filter(authorizationRequestHolder -> authorizationRequestHolder.getSource().equals(AuthorizationRequestSource.SCOPE)).collect(Collectors.toList());
assertEquals(defScopes.size(), authorizationRequestHolders.size());
assertEquals(defScopes.stream().map(ClientScopeRepresentation::getName).collect(Collectors.toSet()), authorizationRequestHolders.stream().map(authorizationRequestHolder -> authorizationRequestHolder.getAuthorizationDetails().getScopeNameFromCustomData()).collect(Collectors.toSet()));
Assert.assertTrue(authorizationRequestHolders.stream().map(AuthorizationRequestContextHolder.AuthorizationRequestHolder::getAuthorizationDetails).allMatch(rep -> rep.getType().equalsIgnoreCase(AuthorizationDetailsJSONRepresentation.STATIC_SCOPE_RAR_TYPE)));
}
Also used :
ClientScopeModel(org.keycloak.models.ClientScopeModel)
Profile(org.keycloak.common.Profile)
AuthorizationDetailsJSONRepresentation(org.keycloak.representations.AuthorizationDetailsJSONRepresentation)
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
Test(org.junit.Test)
HashMap(java.util.HashMap)
Collectors(java.util.stream.Collectors)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
List(java.util.List)
Ignore(org.junit.Ignore)
EnableFeature(org.keycloak.testsuite.arquillian.annotation.EnableFeature)
Response(javax.ws.rs.core.Response)
AuthorizationRequestSource(org.keycloak.rar.AuthorizationRequestSource)
OIDCLoginProtocol(org.keycloak.protocol.oidc.OIDCLoginProtocol)
Optional(java.util.Optional)
Assert(org.junit.Assert)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
Assert.assertEquals(org.junit.Assert.assertEquals)
ApiUtil(org.keycloak.testsuite.admin.ApiUtil)
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
Test(org.junit.Test)
Example 17 with ClientScopeRepresentation
use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.
the class OIDCDynamicScopeTest method createDynamicScope.
private Response createDynamicScope(String scopeName) {
ClientScopeRepresentation clientScope = new ClientScopeRepresentation();
clientScope.setName(scopeName);
clientScope.setAttributes(new HashMap<String, String>() {
{
put(ClientScopeModel.IS_DYNAMIC_SCOPE, "true");
put(ClientScopeModel.DYNAMIC_SCOPE_REGEXP, String.format("%1s:*", scopeName));
}
});
clientScope.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
return testRealm().clientScopes().create(clientScope);
}
Also used :
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
Example 18 with ClientScopeRepresentation
use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.
the class OIDCScopeTest method testClientDisplayedOnConsentScreenWithEmptyConsentText.
// KEYCLOAK-7855
@Test
public void testClientDisplayedOnConsentScreenWithEmptyConsentText() throws Exception {
// Add "displayOnConsentScreen" to client
ClientResource thirdParty = ApiUtil.findClientByClientId(testRealm(), "third-party");
ClientRepresentation thirdPartyRep = thirdParty.toRepresentation();
thirdPartyRep.getAttributes().put(ClientScopeModel.DISPLAY_ON_CONSENT_SCREEN, "true");
thirdPartyRep.getAttributes().put(ClientScopeModel.CONSENT_SCREEN_TEXT, "");
thirdParty.update(thirdPartyRep);
// Change consent text on profile scope
ClientScopeResource profileScope = ApiUtil.findClientScopeByName(testRealm(), OAuth2Constants.SCOPE_PROFILE);
ClientScopeRepresentation profileScopeRep = profileScope.toRepresentation();
profileScopeRep.getAttributes().put(ClientScopeModel.CONSENT_SCREEN_TEXT, " ");
profileScope.update(profileScopeRep);
// Login. ConsentTexts are empty for the client and for the "profile" scope, so it should fallback to name/clientId
oauth.clientId("third-party");
oauth.doLoginGrant("john", "password");
grantPage.assertCurrent();
grantPage.assertGrants("profile", OAuthGrantPage.EMAIL_CONSENT_TEXT, OAuthGrantPage.ROLES_CONSENT_TEXT, "third-party");
grantPage.accept();
// Revert
profileScopeRep.getAttributes().put(ClientScopeModel.CONSENT_SCREEN_TEXT, OIDCLoginProtocolFactory.PROFILE_SCOPE_CONSENT_TEXT);
profileScope.update(profileScopeRep);
thirdPartyRep.getAttributes().put(ClientScopeModel.DISPLAY_ON_CONSENT_SCREEN, "false");
thirdParty.update(thirdPartyRep);
}
Also used :
ClientScopeResource(org.keycloak.admin.client.resource.ClientScopeResource)
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
Test(org.junit.Test)
Example 19 with ClientScopeRepresentation
use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.
the class OIDCScopeTest method testTwoRefreshTokensWithDifferentScopes.
// KEYCLOAK-6170
@Test
public void testTwoRefreshTokensWithDifferentScopes() {
// Add 2 client scopes. Each with scope to 1 realm role
ClientScopeRepresentation clientScope1 = new ClientScopeRepresentation();
clientScope1.setName("scope-role-1");
clientScope1.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
Response response = testRealm().clientScopes().create(clientScope1);
String scope1Id = ApiUtil.getCreatedId(response);
getCleanup().addClientScopeId(scope1Id);
response.close();
ClientScopeRepresentation clientScope2 = new ClientScopeRepresentation();
clientScope2.setName("scope-role-2");
clientScope2.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
response = testRealm().clientScopes().create(clientScope2);
String scope2Id = ApiUtil.getCreatedId(response);
getCleanup().addClientScopeId(scope2Id);
response.close();
RoleRepresentation role1 = testRealm().roles().get("role-1").toRepresentation();
testRealm().clientScopes().get(scope1Id).getScopeMappings().realmLevel().add(Arrays.asList(role1));
RoleRepresentation role2 = testRealm().roles().get("role-2").toRepresentation();
testRealm().clientScopes().get(scope2Id).getScopeMappings().realmLevel().add(Arrays.asList(role2));
// Add client scopes to our client. Disable fullScopeAllowed
ClientResource testApp = ApiUtil.findClientByClientId(testRealm(), "test-app");
ClientRepresentation testAppRep = testApp.toRepresentation();
testAppRep.setFullScopeAllowed(false);
testApp.update(testAppRep);
testApp.addOptionalClientScope(scope1Id);
testApp.addOptionalClientScope(scope2Id);
// Login with scope-role-1. Save refresh token
oauth.scope("scope-role-1");
oauth.doLogin("john", "password");
EventRepresentation loginEvent = events.expectLogin().user(userId).assertEvent();
Tokens tokens1 = sendTokenRequest(loginEvent, userId, "openid email profile scope-role-1", "test-app");
Assert.assertTrue(tokens1.accessToken.getRealmAccess().isUserInRole("role-1"));
Assert.assertFalse(tokens1.accessToken.getRealmAccess().isUserInRole("role-2"));
// SSO login with scope-role-2. Save refresh token
oauth.scope("scope-role-2");
oauth.openLoginForm();
loginEvent = events.expectLogin().user(userId).removeDetail(Details.USERNAME).client("test-app").assertEvent();
Tokens tokens2 = sendTokenRequest(loginEvent, userId, "openid email profile scope-role-2", "test-app");
Assert.assertFalse(tokens2.accessToken.getRealmAccess().isUserInRole("role-1"));
Assert.assertTrue(tokens2.accessToken.getRealmAccess().isUserInRole("role-2"));
// Ensure I can refresh refreshToken1. Just role1 is present
OAuthClient.AccessTokenResponse refreshResponse1 = oauth.doRefreshTokenRequest(tokens1.refreshToken, "password");
Assert.assertEquals(200, refreshResponse1.getStatusCode());
AccessToken accessToken1 = oauth.verifyToken(refreshResponse1.getAccessToken());
Assert.assertTrue(accessToken1.getRealmAccess().isUserInRole("role-1"));
Assert.assertFalse(accessToken1.getRealmAccess().isUserInRole("role-2"));
// Ensure I can refresh refreshToken2. Just role2 is present
OAuthClient.AccessTokenResponse refreshResponse2 = oauth.doRefreshTokenRequest(tokens2.refreshToken, "password");
Assert.assertEquals(200, refreshResponse2.getStatusCode());
AccessToken accessToken2 = oauth.verifyToken(refreshResponse2.getAccessToken());
Assert.assertFalse(accessToken2.getRealmAccess().isUserInRole("role-1"));
Assert.assertTrue(accessToken2.getRealmAccess().isUserInRole("role-2"));
// Revert
testAppRep.setFullScopeAllowed(true);
testApp.update(testAppRep);
testApp.removeOptionalClientScope(scope1Id);
testApp.removeOptionalClientScope(scope2Id);
}
Also used :
Response(javax.ws.rs.core.Response)
RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
AccessToken(org.keycloak.representations.AccessToken)
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
EventRepresentation(org.keycloak.representations.idm.EventRepresentation)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
Test(org.junit.Test)
Example 20 with ClientScopeRepresentation
use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.
the class FineGrainAdminUnitTest method testRestEvaluation.
@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testRestEvaluation() throws Exception {
testingClient.server().run(FineGrainAdminUnitTest::setupPolices);
testingClient.server().run(FineGrainAdminUnitTest::setupUsers);
UserRepresentation user1 = adminClient.realm(TEST).users().search("user1").get(0);
UserRepresentation anotherAdmin = adminClient.realm(TEST).users().search("anotherAdmin").get(0);
UserRepresentation groupMember = adminClient.realm(TEST).users().search("groupMember").get(0);
RoleRepresentation realmRole = adminClient.realm(TEST).roles().get("realm-role").toRepresentation();
List<RoleRepresentation> realmRoleSet = new LinkedList<>();
realmRoleSet.add(realmRole);
RoleRepresentation realmRole2 = adminClient.realm(TEST).roles().get("realm-role2").toRepresentation();
List<RoleRepresentation> realmRole2Set = new LinkedList<>();
realmRole2Set.add(realmRole2);
ClientRepresentation client = adminClient.realm(TEST).clients().findByClientId(CLIENT_NAME).get(0);
ClientScopeRepresentation scope = adminClient.realm(TEST).clientScopes().findAll().get(0);
RoleRepresentation clientRole = adminClient.realm(TEST).clients().get(client.getId()).roles().get("client-role").toRepresentation();
List<RoleRepresentation> clientRoleSet = new LinkedList<>();
clientRoleSet.add(clientRole);
// test configure client
{
try (Keycloak realmClient = AdminClientUtil.createAdminClient(suiteContext.isAdapterCompatTesting(), TEST, "clientConfigurer", "password", Constants.ADMIN_CLI_CLIENT_ID, null)) {
client.setAdminUrl("http://nowhere");
realmClient.realm(TEST).clients().get(client.getId()).update(client);
client.setFullScopeAllowed(true);
try {
realmClient.realm(TEST).clients().get(client.getId()).update(client);
Assert.fail("should fail with forbidden exception");
} catch (ClientErrorException e) {
Assert.assertEquals(403, e.getResponse().getStatus());
}
client.setFullScopeAllowed(false);
realmClient.realm(TEST).clients().get(client.getId()).update(client);
try {
realmClient.realm(TEST).clients().get(client.getId()).addDefaultClientScope(scope.getId());
Assert.fail("should fail with forbidden exception");
} catch (ClientErrorException e) {
Assert.assertEquals(403, e.getResponse().getStatus());
}
try {
realmClient.realm(TEST).clients().get(client.getId()).getScopeMappings().realmLevel().add(realmRoleSet);
Assert.fail("should fail with forbidden exception");
} catch (ClientErrorException e) {
Assert.assertEquals(403, e.getResponse().getStatus());
}
}
}
// test illegal impersonation
if (!IMPERSONATION_DISABLED) {
Keycloak realmClient = AdminClientUtil.createAdminClient(suiteContext.isAdapterCompatTesting(), TEST, "nomap-admin", "password", Constants.ADMIN_CLI_CLIENT_ID, null);
try {
realmClient.realm(TEST).users().get(user1.getId()).impersonate();
// just in case of cookie settings
realmClient.close();
realmClient = AdminClientUtil.createAdminClient(suiteContext.isAdapterCompatTesting(), TEST, "nomap-admin", "password", Constants.ADMIN_CLI_CLIENT_ID, null);
try {
realmClient.realm(TEST).users().get(anotherAdmin.getId()).impersonate();
Assert.fail("should fail with forbidden exception");
} catch (ClientErrorException e) {
Assert.assertEquals(403, e.getResponse().getStatus());
}
} finally {
realmClient.close();
}
}
{
try (Keycloak realmClient = AdminClientUtil.createAdminClient(suiteContext.isAdapterCompatTesting(), TEST, "authorized", "password", Constants.ADMIN_CLI_CLIENT_ID, null)) {
realmClient.realm(TEST).users().get(user1.getId()).roles().realmLevel().add(realmRoleSet);
List<RoleRepresentation> roles = adminClient.realm(TEST).users().get(user1.getId()).roles().realmLevel().listAll();
Assert.assertTrue(roles.stream().anyMatch((r) -> {
return r.getName().equals("realm-role");
}));
realmClient.realm(TEST).users().get(user1.getId()).roles().realmLevel().remove(realmRoleSet);
roles = adminClient.realm(TEST).users().get(user1.getId()).roles().realmLevel().listAll();
Assert.assertTrue(roles.stream().noneMatch((r) -> {
return r.getName().equals("realm-role");
}));
realmClient.realm(TEST).users().get(user1.getId()).roles().clientLevel(client.getId()).add(clientRoleSet);
roles = adminClient.realm(TEST).users().get(user1.getId()).roles().clientLevel(client.getId()).listAll();
Assert.assertTrue(roles.stream().anyMatch((r) -> {
return r.getName().equals("client-role");
}));
realmClient.realm(TEST).users().get(user1.getId()).roles().clientLevel(client.getId()).remove(clientRoleSet);
roles = adminClient.realm(TEST).users().get(user1.getId()).roles().clientLevel(client.getId()).listAll();
Assert.assertTrue(roles.stream().noneMatch((r) -> {
return r.getName().equals("client-role");
}));
}
}
{
try (Keycloak realmClient = AdminClientUtil.createAdminClient(suiteContext.isAdapterCompatTesting(), TEST, "authorizedComposite", "password", Constants.ADMIN_CLI_CLIENT_ID, null)) {
realmClient.realm(TEST).users().get(user1.getId()).roles().realmLevel().add(realmRoleSet);
List<RoleRepresentation> roles = adminClient.realm(TEST).users().get(user1.getId()).roles().realmLevel().listAll();
Assert.assertTrue(roles.stream().anyMatch((r) -> {
return r.getName().equals("realm-role");
}));
realmClient.realm(TEST).users().get(user1.getId()).roles().realmLevel().remove(realmRoleSet);
roles = adminClient.realm(TEST).users().get(user1.getId()).roles().realmLevel().listAll();
Assert.assertTrue(roles.stream().noneMatch((r) -> {
return r.getName().equals("realm-role");
}));
realmClient.realm(TEST).users().get(user1.getId()).roles().clientLevel(client.getId()).add(clientRoleSet);
roles = adminClient.realm(TEST).users().get(user1.getId()).roles().clientLevel(client.getId()).listAll();
Assert.assertTrue(roles.stream().anyMatch((r) -> {
return r.getName().equals("client-role");
}));
realmClient.realm(TEST).users().get(user1.getId()).roles().clientLevel(client.getId()).remove(clientRoleSet);
roles = adminClient.realm(TEST).users().get(user1.getId()).roles().clientLevel(client.getId()).listAll();
Assert.assertTrue(roles.stream().noneMatch((r) -> {
return r.getName().equals("client-role");
}));
}
}
{
try (Keycloak realmClient = AdminClientUtil.createAdminClient(suiteContext.isAdapterCompatTesting(), TEST, "unauthorized", "password", Constants.ADMIN_CLI_CLIENT_ID, null)) {
realmClient.realm(TEST).users().get(user1.getId()).roles().realmLevel().add(realmRoleSet);
Assert.fail("should fail with forbidden exception");
} catch (ClientErrorException e) {
Assert.assertEquals(403, e.getResponse().getStatus());
}
}
{
try (Keycloak realmClient = AdminClientUtil.createAdminClient(suiteContext.isAdapterCompatTesting(), TEST, "unauthorizedMapper", "password", Constants.ADMIN_CLI_CLIENT_ID, null)) {
realmClient.realm(TEST).users().get(user1.getId()).roles().realmLevel().add(realmRoleSet);
Assert.fail("should fail with forbidden exception");
} catch (ClientErrorException e) {
Assert.assertEquals(403, e.getResponse().getStatus());
}
}
{
try (Keycloak realmClient = AdminClientUtil.createAdminClient(suiteContext.isAdapterCompatTesting(), TEST, "groupManager", "password", Constants.ADMIN_CLI_CLIENT_ID, null)) {
realmClient.realm(TEST).users().get(groupMember.getId()).roles().clientLevel(client.getId()).add(clientRoleSet);
List<RoleRepresentation> roles = realmClient.realm(TEST).users().get(groupMember.getId()).roles().clientLevel(client.getId()).listAll();
Assert.assertTrue(roles.stream().anyMatch((r) -> {
return r.getName().equals("client-role");
}));
realmClient.realm(TEST).users().get(groupMember.getId()).roles().clientLevel(client.getId()).remove(clientRoleSet);
roles = realmClient.realm(TEST).users().get(groupMember.getId()).roles().realmLevel().listAvailable();
Assert.assertEquals(1, roles.size());
realmClient.realm(TEST).users().get(groupMember.getId()).roles().realmLevel().add(realmRoleSet);
realmClient.realm(TEST).users().get(groupMember.getId()).roles().realmLevel().remove(realmRoleSet);
try {
realmClient.realm(TEST).users().get(groupMember.getId()).roles().realmLevel().add(realmRole2Set);
Assert.fail("should fail with forbidden exception");
} catch (ClientErrorException e) {
Assert.assertEquals(403, e.getResponse().getStatus());
}
try {
realmClient.realm(TEST).users().get(user1.getId()).roles().realmLevel().add(realmRoleSet);
Assert.fail("should fail with forbidden exception");
} catch (ClientErrorException e) {
Assert.assertEquals(403, e.getResponse().getStatus());
}
}
}
// test client.mapRoles
{
try (Keycloak realmClient = AdminClientUtil.createAdminClient(suiteContext.isAdapterCompatTesting(), TEST, "clientMapper", "password", Constants.ADMIN_CLI_CLIENT_ID, null)) {
List<RoleRepresentation> roles = realmClient.realm(TEST).users().get(user1.getId()).roles().clientLevel(client.getId()).listAll();
Assert.assertTrue(roles.isEmpty());
realmClient.realm(TEST).users().get(user1.getId()).roles().clientLevel(client.getId()).add(clientRoleSet);
roles = realmClient.realm(TEST).users().get(user1.getId()).roles().clientLevel(client.getId()).listAll();
Assert.assertTrue(roles.stream().anyMatch((r) -> {
return r.getName().equals("client-role");
}));
roles = realmClient.realm(TEST).users().get(user1.getId()).roles().realmLevel().listAvailable();
Assert.assertTrue(roles.isEmpty());
try {
realmClient.realm(TEST).users().get(user1.getId()).roles().realmLevel().add(realmRoleSet);
Assert.fail("should fail with forbidden exception");
} catch (ClientErrorException e) {
Assert.assertEquals(403, e.getResponse().getStatus());
}
}
}
// KEYCLOAK-5878
{
try (Keycloak realmClient = AdminClientUtil.createAdminClient(suiteContext.isAdapterCompatTesting(), TEST, "groupViewer", "password", Constants.ADMIN_CLI_CLIENT_ID, null)) {
// Should only return the list of users that belong to "top" group
List<UserRepresentation> queryUsers = realmClient.realm(TEST).users().list();
Assert.assertEquals(queryUsers.size(), 1);
Assert.assertEquals("groupmember", queryUsers.get(0).getUsername());
for (UserRepresentation user : queryUsers) {
System.out.println(user.getUsername());
}
}
}
// KEYCLOAK-11261 : user creation via fine grain admin
{
try (Keycloak realmClient = AdminClientUtil.createAdminClient(suiteContext.isAdapterCompatTesting(), TEST, "noMapperGroupManager", "password", Constants.ADMIN_CLI_CLIENT_ID, null)) {
// Should only return the list of users that belong to "top" group
List<UserRepresentation> queryUsers = realmClient.realm(TEST).users().list();
Assert.assertEquals(1, queryUsers.size());
UserRepresentation newGroupMemberWithoutGroup = createUserRepresentation("new-group-member", "new-group-member@keycloak.org", "New", "Member", true);
try {
ApiUtil.createUserWithAdminClient(realmClient.realm(TEST), newGroupMemberWithoutGroup);
Assert.fail("should fail with HTTP response code 403 Forbidden");
} catch (WebApplicationException e) {
Assert.assertEquals(403, e.getResponse().getStatus());
}
UserRepresentation newEmptyGroupList = createUserRepresentation("new-group-member", "new-group-member@keycloak.org", "New", "Member", true);
newEmptyGroupList.setGroups(Collections.emptyList());
try {
ApiUtil.createUserWithAdminClient(realmClient.realm(TEST), newEmptyGroupList);
Assert.fail("should fail with HTTP response code 403 Forbidden");
} catch (WebApplicationException e) {
Assert.assertEquals(403, e.getResponse().getStatus());
}
UserRepresentation newGroupMemberWithNonExistentGroup = createUserRepresentation("new-group-member", "new-group-member@keycloak.org", "New", "Member", Arrays.asList("wrong-group"), true);
try {
ApiUtil.createUserWithAdminClient(realmClient.realm(TEST), newGroupMemberWithNonExistentGroup);
Assert.fail("should fail with HTTP response code 403 Forbidden");
} catch (WebApplicationException e) {
Assert.assertEquals(403, e.getResponse().getStatus());
}
UserRepresentation newGroupMemberOfNotManagedGroup = createUserRepresentation("new-group-member", "new-group-member@keycloak.org", "New", "Member", Arrays.asList("restricted-group"), true);
try {
ApiUtil.createUserWithAdminClient(realmClient.realm(TEST), newGroupMemberOfNotManagedGroup);
Assert.fail("should fail with HTTP response code 403 Forbidden");
} catch (WebApplicationException e) {
Assert.assertEquals(403, e.getResponse().getStatus());
}
UserRepresentation newGroupMember = createUserRepresentation("new-group-member", "new-group-member@keycloak.org", "New", "Member", Arrays.asList("top"), true);
ApiUtil.createUserWithAdminClient(realmClient.realm(TEST), newGroupMember);
// Should only return the list of users that belong to "top" group + the new one
queryUsers = realmClient.realm(TEST).users().list();
Assert.assertEquals(2, queryUsers.size());
}
}
}
Also used :
RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation)
WebApplicationException(javax.ws.rs.WebApplicationException)
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
ClientErrorException(javax.ws.rs.ClientErrorException)
List(java.util.List)
ArrayList(java.util.ArrayList)
LinkedList(java.util.LinkedList)
Keycloak(org.keycloak.admin.client.Keycloak)
LinkedList(java.util.LinkedList)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
Test(org.junit.Test)
Aggregations
ClientScopeRepresentation (org.keycloak.representations.idm.ClientScopeRepresentation)75
Test (org.junit.Test)62
Response (javax.ws.rs.core.Response)27
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)27
ClientResource (org.keycloak.admin.client.resource.ClientResource)25
AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)16
RealmResource (org.keycloak.admin.client.resource.RealmResource)15
EnableFeature (org.keycloak.testsuite.arquillian.annotation.EnableFeature)13
ConsentRepresentation (org.keycloak.representations.account.ConsentRepresentation)11
ConsentScopeRepresentation (org.keycloak.representations.account.ConsentScopeRepresentation)11
ProtocolMapperRepresentation (org.keycloak.representations.idm.ProtocolMapperRepresentation)11
AbstractAuthenticationTest (org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)11
TokenUtil (org.keycloak.testsuite.util.TokenUtil)11
HashMap (java.util.HashMap)10
RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)10
OAuthClient (org.keycloak.testsuite.util.OAuthClient)10
List (java.util.List)8
ClientScopeResource (org.keycloak.admin.client.resource.ClientScopeResource)6
SimpleHttp (org.keycloak.broker.provider.util.SimpleHttp)6
AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)6
