@ -6,11 +6,11 @@ import static org.mockito.Mockito.when;
import java.util.HashMap ;
import java.util.List ;
import java.util.Map ;
import java.util.UUID ;
import java.util.stream.Collectors ;
import javax.ws.rs.core.HttpHeaders ;
import org.assertj.core.util.Maps ;
import org.junit.Test ;
import org.keycloak.models.AuthenticatedClientSessionModel ;
import org.keycloak.models.ClientModel ;
@ -31,7 +31,6 @@ import org.mockito.Mockito;
* /
public class D4ScienceContextMapperTest {
static final String CLAIM_NAME = "haandlerIdClaimNameExample" ;
static final String HEADER_VALUE = "ginostilla" ;
@Test
@ -62,31 +61,44 @@ public class D4ScienceContextMapperTest {
. collect ( Collectors . toList ( ) ) ;
assertThat ( configPropertyNames ) . containsExactly ( OIDCAttributeMapperHelper . TOKEN_CLAIM_NAME ,
OIDCAttributeMapperHelper . INCLUDE_IN_ACCESS_TOKEN ) ;
OIDCAttributeMapperHelper . INCLUDE_IN_ACCESS_TOKEN , D4ScienceContextMapper . HTTP_REQUEST_HEADER_NAME ,
D4ScienceContextMapper . NARROW_RESOURCE_ACCESS ) ;
}
@Test
public void shouldAddClaim ( ) {
public void shouldAddClaim AndNotNarrow ( ) {
final UserSessionModel session = givenUserSession ( ) ;
final KeycloakSession keycloakSession = givenKeycloakSession ( true ) ;
final AccessToken accessToken = transformAccessToken ( session , keycloakSession , true ) ;
assertThat ( accessToken . getOtherClaims ( ) . get ( CLAIM_NAME ) ) . isEqualTo ( HEADER_VALUE ) ;
final AccessToken accessToken = transformAccessToken ( session , keycloakSession , true , false ) ;
assertThat ( accessToken . getAudience ( ) [ 0 ] ) . isEqualTo ( HEADER_VALUE ) ;
assertThat ( accessToken . getResourceAccess ( ) . size ( ) ) . isEqualTo ( 2 ) ;
assertThat ( accessToken . getResourceAccess ( ) . keySet ( ) ) . contains ( HEADER_VALUE ) ;
}
@Test
public void shouldAddClaimAndNarrow ( ) {
final UserSessionModel session = givenUserSession ( ) ;
final KeycloakSession keycloakSession = givenKeycloakSession ( true ) ;
final AccessToken accessToken = transformAccessToken ( session , keycloakSession , true , true ) ;
assertThat ( accessToken . getAudience ( ) [ 0 ] ) . isEqualTo ( HEADER_VALUE ) ;
assertThat ( accessToken . getResourceAccess ( ) . size ( ) ) . isEqualTo ( 1 ) ;
assertThat ( accessToken . getResourceAccess ( ) . keySet ( ) . iterator ( ) . next ( ) ) . isEqualTo ( HEADER_VALUE ) ;
}
@Test
public void shouldNotAddClaim ( ) {
final UserSessionModel session = givenUserSession ( ) ;
final KeycloakSession keycloakSession = givenKeycloakSession ( false ) ;
final AccessToken accessToken = transformAccessToken ( session , keycloakSession , true ) ;
assertThat ( accessToken . getOtherClaims ( ) . get ( CLAIM_NAME ) ) . isNull ( ) ;
final AccessToken accessToken = transformAccessToken ( session , keycloakSession , true , false );
assertThat ( accessToken . get Audience( ) ) . isNull ( ) ;
}
@Test
public void shouldNotAddClaimAndLogWarning ( ) {
final UserSessionModel session = givenUserSession ( ) ;
final KeycloakSession keycloakSession = givenKeycloakSession ( true ) ;
final AccessToken accessToken = transformAccessToken ( session , keycloakSession , false );
assertThat ( accessToken . get OtherClaims( ) . get ( CLAIM_NAME ) ) . isNull ( ) ;
final AccessToken accessToken = transformAccessToken ( session , keycloakSession , false , false );
assertThat ( accessToken . get Audience( ) ) . isNull ( ) ;
}
private UserSessionModel givenUserSession ( ) {
@ -104,21 +116,22 @@ public class D4ScienceContextMapperTest {
when ( context . getRequestHeaders ( ) ) . thenReturn ( headers ) ;
if ( withHeader ) {
when ( headers . getHeaderString ( D4ScienceContextMapper . HEADER_NAME) ) . thenReturn ( HEADER_VALUE ) ;
when ( headers . getHeaderString ( D4ScienceContextMapper . DEFAULT_ HEADER_NAME) ) . thenReturn ( HEADER_VALUE ) ;
} else {
when ( headers . getHeaderString ( D4ScienceContextMapper . HEADER_NAME) ) . thenReturn ( "" ) ;
when ( headers . getHeaderString ( D4ScienceContextMapper . DEFAULT_ HEADER_NAME) ) . thenReturn ( "" ) ;
}
return keycloakSession ;
}
private AccessToken transformAccessToken ( UserSessionModel userSessionModel , KeycloakSession keycloakSession ,
boolean withResourceAccess ) {
boolean withResourceAccess , boolean withNarrowRA ) {
final ProtocolMapperModel mappingModel = new ProtocolMapperModel ( ) ;
mappingModel . setConfig ( createConfig ( ) ) ;
mappingModel . setConfig ( createConfig ( withNarrowRA ) ) ;
AccessToken at = new AccessToken ( ) ;
if ( withResourceAccess ) {
at . setResourceAccess ( Maps . newHashMap ( HEADER_VALUE , null ) ) ;
at . addAccess ( HEADER_VALUE ) ;
at . addAccess ( UUID . randomUUID ( ) . toString ( ) ) ;
}
return new D4ScienceContextMapper ( ) . transformAccessToken ( at , mappingModel , keycloakSession ,
@ -135,11 +148,13 @@ public class D4ScienceContextMapperTest {
return csc ;
}
private Map < String , String > createConfig ( ) {
final Map < String , String > result = new HashMap < > ( ) ;
result . put ( "access.token.claim" , "true" ) ;
result . put ( "claim.name" , CLAIM_NAME ) ;
return result ;
private Map < String , String > createConfig ( boolean narrowRA ) {
final Map < String , String > config = new HashMap < > ( ) ;
config . put ( D4ScienceContextMapper . HTTP_REQUEST_HEADER_NAME , D4ScienceContextMapper . DEFAULT_HEADER_NAME ) ;
config . put ( OIDCAttributeMapperHelper . TOKEN_CLAIM_NAME , D4ScienceContextMapper . DEFAULT_TOKEN_CLAIM ) ;
config . put ( D4ScienceContextMapper . NARROW_RESOURCE_ACCESS , Boolean . toString ( narrowRA ) ) ;
config . put ( OIDCAttributeMapperHelper . INCLUDE_IN_ACCESS_TOKEN , "true" ) ;
return config ;
}
}