diff --git a/docs/modules/onecx-permission-svc/pages/onecx-permission-svc-docs.adoc b/docs/modules/onecx-permission-svc/pages/onecx-permission-svc-docs.adoc
index 8df4947..9d9488e 100644
--- a/docs/modules/onecx-permission-svc/pages/onecx-permission-svc-docs.adoc
+++ b/docs/modules/onecx-permission-svc/pages/onecx-permission-svc-docs.adoc
@@ -11,6 +11,10 @@ include::onecx-permission-svc-attributes.adoc[opts=optional]
quarkus.datasource.db-kind=postgresql
quarkus.datasource.jdbc.max-size=30
quarkus.datasource.jdbc.min-size=10
+quarkus.http.auth.permission.health.paths=/q/*
+quarkus.http.auth.permission.health.policy=permit
+quarkus.http.auth.permission.default.paths=/*
+quarkus.http.auth.permission.default.policy=authenticated
quarkus.native.resources.includes=import/template.json
quarkus.hibernate-orm.database.generation=validate
quarkus.hibernate-orm.multitenant=DISCRIMINATOR
@@ -57,12 +61,13 @@ app:
repository: "onecx/onecx-permission-svc"
db:
enabled: true
-
-----
-
-vc"
- db:
- enabled: true
+ operator:
+ keycloak:
+ client:
+ enabled: true
+ spec:
+ kcConfig:
+ defaultClientScopes: [ ocx-tn:read ]
----
diff --git a/docs/modules/onecx-permission-svc/pages/onecx-permission-svc-extensions.adoc b/docs/modules/onecx-permission-svc/pages/onecx-permission-svc-extensions.adoc
index ebaae52..99f52aa 100644
--- a/docs/modules/onecx-permission-svc/pages/onecx-permission-svc-extensions.adoc
+++ b/docs/modules/onecx-permission-svc/pages/onecx-permission-svc-extensions.adoc
@@ -12,157 +12,158 @@ h| Version
| https://onecx.github.io/docs/onecx-quarkus/current/onecx-quarkus/onecx-core.html[Link]
|
-| 0.20.0
+| 0.22.0
| onecx-tenant
| https://onecx.github.io/docs/onecx-quarkus/current/onecx-quarkus/onecx-tenant.html[Link]
-| https://github.com/onecx/onecx-quarkus/blob/0.20.0/docs/modules/onecx-quarkus/pages/includes/onecx-tenant.adoc[Link]
-| 0.20.0
+| https://github.com/onecx/onecx-quarkus/blob/0.22.0/docs/modules/onecx-quarkus/pages/includes/onecx-tenant.adoc[Link]
+| 0.22.0
| tkit-quarkus-data-import
| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-data-import.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-data-import.adoc[Link]
-| 2.25.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-data-import.adoc[Link]
+| 2.27.0
| tkit-quarkus-rest-context
| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-rest-context.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest-context.adoc[Link]
-| 2.25.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest-context.adoc[Link]
+| 2.27.0
| tkit-quarkus-jpa-tenant
| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-jpa-tenant.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-jpa-tenant.adoc[Link]
-| 2.25.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-jpa-tenant.adoc[Link]
+| 2.27.0
| tkit-quarkus-jpa
| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-jpa.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-jpa.adoc[Link]
-| 2.25.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-jpa.adoc[Link]
+| 2.27.0
| tkit-quarkus-log-cdi
| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-cdi.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link]
-| 2.25.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link]
+| 2.27.0
| tkit-quarkus-log-rs
| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-rs.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link]
-| 2.25.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link]
+| 2.27.0
| tkit-quarkus-log-json
| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-json.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link]
-| 2.25.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link]
+| 2.27.0
| tkit-quarkus-rest
| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-rest.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest.adoc[Link]
-| 2.25.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest.adoc[Link]
+| 2.27.0
| quarkus-arc
| https://quarkus.io/guides/cdi-reference[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-arc.adoc[Link]
-| 3.11.1
+| 3.12.0
| quarkus-liquibase
| https://quarkus.io/guides/liquibase[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-liquibase.adoc[Link]
-| 3.11.1
+| 3.12.0
| quarkus-smallrye-health
| https://quarkus.io/guides/smallrye-health[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-smallrye-health.adoc[Link]
-| 3.11.1
+| 3.12.0
| quarkus-micrometer-registry-prometheus
| https://quarkus.io/guides/telemetry-micrometer[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-micrometer-registry-prometheus.adoc[Link]
-| 3.11.1
+| 3.12.0
| quarkus-hibernate-orm
| https://quarkus.io/guides/hibernate-orm[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-hibernate-orm.adoc[Link]
-| 3.11.1
+| 3.12.0
| quarkus-rest
| https://quarkus.io/guides/rest[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-rest.adoc[Link]
-| 3.11.1
+| 3.12.0
| quarkus-rest-jackson
| https://quarkus.io/guides/rest-json[Link]
|
-| 3.11.1
+| 3.12.0
| quarkus-jdbc-postgresql
| https://quarkus.io/guides/datasource[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-jdbc-postgresql.adoc[Link]
-| 3.11.1
+| 3.12.0
| quarkus-smallrye-openapi
| https://quarkus.io/guides/openapi-swaggerui[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-smallrye-openapi.adoc[Link]
-| 3.11.1
+| 3.12.0
| quarkus-hibernate-validator
| https://quarkus.io/guides/validation[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-hibernate-validator.adoc[Link]
-| 3.11.1
+| 3.12.0
| quarkus-opentelemetry
| https://quarkus.io/guides/opentelemetry[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-opentelemetry.adoc[Link]
-| 3.11.1
+| 3.12.0
| quarkus-oidc
| https://quarkus.io/guides/security-oidc-bearer-token-authentication-tutorial[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-oidc.adoc[Link]
-| 3.11.1
+| 3.12.0
+
+| tkit-quarkus-security
+
+| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-security.html[Link]
+| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-security.adoc[Link]
+| 2.27.0
| quarkus-container-image-docker
| https://quarkus.io/guides/container-image[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-container-image-docker.adoc[Link]
-| 3.11.1
+| 3.12.0
-| quarkus-smallrye-context-propagation
+| onecx-security
|
|
-| 3.11.1
-
-
-|===.adoc[Link]
-| 3.9.4
-
+| 0.22.0
| quarkus-smallrye-context-propagation
|
|
-| 3.9.4
+| 3.12.0
|===
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 45014ea..43a2d65 100644
--- a/pom.xml
+++ b/pom.xml
@@ -7,7 +7,7 @@
org.tkit.onecx
onecx-quarkus3-parent
- 0.53.0
+ 0.54.0
onecx-permission-svc
@@ -55,6 +55,10 @@
org.tkit.quarkus.lib
tkit-quarkus-rest
+
+ org.tkit.onecx.quarkus
+ onecx-security
+
@@ -150,6 +154,11 @@
quarkus-test-keycloak-server
test
+
+ org.tkit.quarkus.lib
+ tkit-quarkus-security-test
+ test
+
@@ -167,6 +176,7 @@
false
true
quarkus
+ onecx-scopes=true
/
false
diff --git a/src/main/docker/Dockerfile.jvm b/src/main/docker/Dockerfile.jvm
index e768fd7..3f351f3 100644
--- a/src/main/docker/Dockerfile.jvm
+++ b/src/main/docker/Dockerfile.jvm
@@ -1,4 +1,4 @@
-FROM ghcr.io/onecx/docker-quarkus-jvm:0.7.0
+FROM ghcr.io/onecx/docker-quarkus-jvm:0.8.0
COPY --chown=185 target/quarkus-app/lib/ /deployments/lib/
COPY --chown=185 target/quarkus-app/*.jar /deployments/
diff --git a/src/main/docker/Dockerfile.native b/src/main/docker/Dockerfile.native
index 41637be..d89de71 100644
--- a/src/main/docker/Dockerfile.native
+++ b/src/main/docker/Dockerfile.native
@@ -1,3 +1,3 @@
-FROM ghcr.io/onecx/docker-quarkus-native:0.5.0
+FROM ghcr.io/onecx/docker-quarkus-native:0.6.0
COPY --chown=1001:root target/*-runner /work/application
diff --git a/src/main/openapi/onecx-permission-di-template.yaml b/src/main/openapi/onecx-permission-di-template.yaml
index 666e87d..7f749a0 100644
--- a/src/main/openapi/onecx-permission-di-template.yaml
+++ b/src/main/openapi/onecx-permission-di-template.yaml
@@ -8,6 +8,8 @@ servers:
paths:
/import/permission:
post:
+ security:
+ - oauth2: [ ocx-pm:write ]
operationId: importPermission
requestBody:
content:
@@ -18,6 +20,14 @@ paths:
200:
description: ok
components:
+ securitySchemes:
+ oauth2:
+ type: oauth2
+ flows:
+ clientCredentials:
+ tokenUrl: https://oauth.simple.api/token
+ scopes:
+ ocx-pm:write: Grants write access
schemas:
TemplateImport:
type: object
diff --git a/src/main/openapi/onecx-permission-exim-v1-openapi.yaml b/src/main/openapi/onecx-permission-exim-v1-openapi.yaml
index 0e8fc87..7e1b4b3 100644
--- a/src/main/openapi/onecx-permission-exim-v1-openapi.yaml
+++ b/src/main/openapi/onecx-permission-exim-v1-openapi.yaml
@@ -10,6 +10,8 @@ tags:
paths:
/exim/v1/assignments/operator:
post:
+ security:
+ - oauth2: [ ocx-pm:write ]
tags:
- permissionExportImport
description: Operator import assignments
@@ -36,6 +38,15 @@ paths:
schema:
$ref: '#/components/schemas/EximProblemDetailResponse'
components:
+ securitySchemes:
+ oauth2:
+ type: oauth2
+ flows:
+ clientCredentials:
+ tokenUrl: https://oauth.simple.api/token
+ scopes:
+ ocx-pm:read: Grants read access
+ ocx-pm:write: Grants write access
schemas:
AssignmentSnapshot:
type: object
diff --git a/src/main/openapi/onecx-permission-internal-openapi.yaml b/src/main/openapi/onecx-permission-internal-openapi.yaml
index 53f6b53..3100cde 100644
--- a/src/main/openapi/onecx-permission-internal-openapi.yaml
+++ b/src/main/openapi/onecx-permission-internal-openapi.yaml
@@ -13,6 +13,8 @@ tags:
paths:
/internal/assignments/search:
post:
+ security:
+ - oauth2: [ ocx-pm:all, ocx-pm:read ]
tags:
- assignmentInternal
description: Search for assignments
@@ -40,6 +42,8 @@ paths:
$ref: '#/components/schemas/ProblemDetailResponse'
/internal/assignments:
post:
+ security:
+ - oauth2: [ ocx-pm:all, ocx-pm:write ]
tags:
- assignmentInternal
description: Create new assignment
@@ -73,6 +77,8 @@ paths:
$ref: '#/components/schemas/ProblemDetailResponse'
/internal/assignments/grant/{roleId}:
post:
+ security:
+ - oauth2: [ ocx-pm:all, ocx-pm:write ]
tags:
- assignmentInternal
description: Create new assignments for role
@@ -90,6 +96,8 @@ paths:
description: Data not found
/internal/assignments/grant/{roleId}/product:
post:
+ security:
+ - oauth2: [ ocx-pm:all, ocx-pm:write ]
tags:
- assignmentInternal
description: Create new assignments for role and product
@@ -119,6 +127,8 @@ paths:
$ref: '#/components/schemas/ProblemDetailResponse'
/internal/assignments/grant/{roleId}/products:
post:
+ security:
+ - oauth2: [ ocx-pm:all, ocx-pm:write ]
tags:
- assignmentInternal
description: Create new assignments for role and products
@@ -148,6 +158,8 @@ paths:
$ref: '#/components/schemas/ProblemDetailResponse'
/internal/assignments/revoke/{roleId}:
post:
+ security:
+ - oauth2: [ ocx-pm:all, ocx-pm:write ]
tags:
- assignmentInternal
description: Revoke assignments by roleId
@@ -165,6 +177,8 @@ paths:
description: Data not found
/internal/assignments/revoke/{roleId}/product:
post:
+ security:
+ - oauth2: [ ocx-pm:all, ocx-pm:write ]
tags:
- assignmentInternal
description: Revoke assignments for role and product
@@ -194,6 +208,8 @@ paths:
$ref: '#/components/schemas/ProblemDetailResponse'
/internal/assignments/revoke/{roleId}/products:
post:
+ security:
+ - oauth2: [ ocx-pm:all, ocx-pm:write ]
tags:
- assignmentInternal
description: Revoke assignments for role and products
@@ -223,6 +239,8 @@ paths:
$ref: '#/components/schemas/ProblemDetailResponse'
/internal/assignments/{id}:
get:
+ security:
+ - oauth2: [ ocx-pm:all, ocx-pm:read ]
tags:
- assignmentInternal
description: Get assignment
@@ -243,6 +261,8 @@ paths:
404:
description: Assignment not found
delete:
+ security:
+ - oauth2: [ ocx-pm:all, ocx-pm:delete ]
tags:
- assignmentInternal
description: Delete assignment
@@ -258,6 +278,8 @@ paths:
description: Assignment deleted
/internal/assignments/me:
post:
+ security:
+ - oauth2: [ ocx-pm:all, ocx-pm:read ]
tags:
- assignmentInternal
operationId: getUserAssignments
@@ -282,6 +304,8 @@ paths:
$ref: '#/components/schemas/ProblemDetailResponse'
/internal/roles:
post:
+ security:
+ - oauth2: [ ocx-pm:all, ocx-pm:write ]
tags:
- roleInternal
description: Create new role
@@ -313,6 +337,8 @@ paths:
$ref: '#/components/schemas/ProblemDetailResponse'
/internal/roles/{id}:
get:
+ security:
+ - oauth2: [ ocx-pm:all, ocx-pm:read ]
tags:
- roleInternal
description: Return role by ID
@@ -333,6 +359,8 @@ paths:
404:
description: Role not found
put:
+ security:
+ - oauth2: [ ocx-pm:all, ocx-pm:write ]
tags:
- roleInternal
description: Update role by ID
@@ -365,6 +393,8 @@ paths:
404:
description: Role not found
delete:
+ security:
+ - oauth2: [ ocx-pm:all, ocx-pm:delete ]
tags:
- roleInternal
description: Delete role by ID
@@ -380,6 +410,8 @@ paths:
description: Role deleted
/internal/roles/search:
post:
+ security:
+ - oauth2: [ ocx-pm:all, ocx-pm:read ]
tags:
- roleInternal
description: Search for roles
@@ -405,6 +437,8 @@ paths:
$ref: '#/components/schemas/ProblemDetailResponse'
/internal/roles/me:
post:
+ security:
+ - oauth2: [ ocx-pm:all, ocx-pm:read ]
tags:
- roleInternal
operationId: getUserRoles
@@ -429,6 +463,8 @@ paths:
$ref: '#/components/schemas/ProblemDetailResponse'
/internal/permissions:
post:
+ security:
+ - oauth2: [ ocx-pm:all, ocx-pm:write ]
tags:
- permissionInternal
description: Create permission
@@ -460,6 +496,8 @@ paths:
$ref: '#/components/schemas/ProblemDetailResponse'
/internal/permissions/{id}:
get:
+ security:
+ - oauth2: [ ocx-pm:all, ocx-pm:read ]
tags:
- permissionInternal
description: Get permission
@@ -480,6 +518,8 @@ paths:
404:
description: Permission not found
delete:
+ security:
+ - oauth2: [ ocx-pm:all, ocx-pm:delete ]
tags:
- permissionInternal
description: Delete permission
@@ -494,6 +534,8 @@ paths:
204:
description: Permission deleted
put:
+ security:
+ - oauth2: [ ocx-pm:all, ocx-pm:write ]
tags:
- permissionInternal
description: Update permission by ID
@@ -527,6 +569,8 @@ paths:
description: Permission not found
/internal/permissions/search:
post:
+ security:
+ - oauth2: [ ocx-pm:all, ocx-pm:read ]
tags:
- permissionInternal
description: Search for permissions
@@ -552,6 +596,8 @@ paths:
$ref: '#/components/schemas/ProblemDetailResponse'
/internal/permissions/me:
post:
+ security:
+ - oauth2: [ ocx-pm:all, ocx-pm:read ]
tags:
- permissionInternal
operationId: getUsersPermissions
@@ -576,6 +622,8 @@ paths:
$ref: '#/components/schemas/ProblemDetailResponse'
/internal/applications/search:
post:
+ security:
+ - oauth2: [ ocx-pm:all, ocx-pm:read ]
tags:
- applicationInternal
description: Search for applications
@@ -600,6 +648,17 @@ paths:
schema:
$ref: '#/components/schemas/ProblemDetailResponse'
components:
+ securitySchemes:
+ oauth2:
+ type: oauth2
+ flows:
+ clientCredentials:
+ tokenUrl: https://oauth.simple.api/token
+ scopes:
+ ocx-pm:all: Grants access to all operations
+ ocx-pm:read: Grants read access
+ ocx-pm:write: Grants write access
+ ocx-pm:delete: Grants access to delete operations
schemas:
PermissionRequest:
type: object
diff --git a/src/main/openapi/onecx-permission-operator-v1.yaml b/src/main/openapi/onecx-permission-operator-v1.yaml
index 3c01108..13ac7e6 100644
--- a/src/main/openapi/onecx-permission-operator-v1.yaml
+++ b/src/main/openapi/onecx-permission-operator-v1.yaml
@@ -10,6 +10,8 @@ tags:
paths:
/operator/v1/{productName}/{appId}:
put:
+ security:
+ - oauth2: [ ocx-pm:write ]
tags:
- permissionOperator
description: Creates or updates permission for application.
@@ -43,6 +45,14 @@ paths:
schema:
$ref: '#/components/schemas/ProblemDetailResponse'
components:
+ securitySchemes:
+ oauth2:
+ type: oauth2
+ flows:
+ clientCredentials:
+ tokenUrl: https://oauth.simple.api/token
+ scopes:
+ ocx-pm:write: Grants write access
schemas:
PermissionRequest:
type: object
diff --git a/src/main/openapi/onecx-permission-v1.yaml b/src/main/openapi/onecx-permission-v1.yaml
index 68142e2..b3eb9b7 100644
--- a/src/main/openapi/onecx-permission-v1.yaml
+++ b/src/main/openapi/onecx-permission-v1.yaml
@@ -10,6 +10,8 @@ tags:
paths:
/v1/permissions/user/{productName}/{appId}:
post:
+ security:
+ - oauth2: [ ocx-pm:read ]
tags:
- permission
description: Get permissions of the product application for the user
@@ -47,6 +49,14 @@ paths:
schema:
$ref: '#/components/schemas/ProblemDetailResponse'
components:
+ securitySchemes:
+ oauth2:
+ type: oauth2
+ flows:
+ clientCredentials:
+ tokenUrl: https://oauth.simple.api/token
+ scopes:
+ ocx-pm:read: Grants read access
schemas:
PermissionRequest:
type: object
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index a3c7270..263051c 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -4,6 +4,11 @@ quarkus.datasource.db-kind=postgresql
quarkus.datasource.jdbc.max-size=30
quarkus.datasource.jdbc.min-size=10
+quarkus.http.auth.permission.health.paths=/q/*
+quarkus.http.auth.permission.health.policy=permit
+quarkus.http.auth.permission.default.paths=/*
+quarkus.http.auth.permission.default.policy=authenticated
+
quarkus.native.resources.includes=import/template.json
quarkus.hibernate-orm.database.generation=validate
quarkus.hibernate-orm.multitenant=DISCRIMINATOR
@@ -39,6 +44,8 @@ tkit.dataimport.configurations.template.stop-at-error=true
# TEST
quarkus.test.integration-test-profile=test
+quarkus.test.enable-callbacks-for-integration-tests=true
+
%test.onecx.permission.token.verified=true
%test.onecx.permission.token.claim.path=groups
%test.tkit.rs.context.tenant-id.enabled=true
diff --git a/src/test/java/org/tkit/onecx/permission/rs/exim/v1/controllers/PermissionExportImportV1Test.java b/src/test/java/org/tkit/onecx/permission/rs/exim/v1/controllers/PermissionExportImportV1Test.java
index 245f6f6..6f1dcf2 100644
--- a/src/test/java/org/tkit/onecx/permission/rs/exim/v1/controllers/PermissionExportImportV1Test.java
+++ b/src/test/java/org/tkit/onecx/permission/rs/exim/v1/controllers/PermissionExportImportV1Test.java
@@ -4,6 +4,7 @@
import static jakarta.ws.rs.core.MediaType.APPLICATION_JSON;
import static org.assertj.core.api.Assertions.assertThat;
import static org.jboss.resteasy.reactive.RestResponse.Status.*;
+import static org.tkit.quarkus.security.test.SecurityTestUtils.getKeycloakClientToken;
import java.util.HashMap;
import java.util.List;
@@ -12,6 +13,7 @@
import org.junit.jupiter.api.Test;
import org.tkit.onecx.permission.rs.exim.v1.mappers.EximExceptionMapperV1;
import org.tkit.onecx.permission.test.AbstractTest;
+import org.tkit.quarkus.security.test.GenerateKeycloakClient;
import org.tkit.quarkus.test.WithDBData;
import gen.org.tkit.onecx.permission.rs.exim.v1.model.AssignmentSnapshotDTOV1;
@@ -22,6 +24,7 @@
@QuarkusTest
@TestHTTPEndpoint(PermissionExportImportV1.class)
@WithDBData(value = "data/test-exim-v1.xml", deleteBeforeInsert = true, deleteAfterTest = true, rinseAndRepeat = true)
+@GenerateKeycloakClient(clientName = "testClient", scopes = { "ocx-pm:read", "ocx-pm:write" })
class PermissionExportImportV1Test extends AbstractTest {
@Test
@@ -30,6 +33,7 @@ void operatorImportNullProductTest() {
.putAssignmentsItem("test1", null);
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(request)
.post()
@@ -45,6 +49,7 @@ void operatorImportNullAppTest() {
.putAssignmentsItem("test1", map);
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(request)
.post()
@@ -62,6 +67,7 @@ void operatorImportTest() {
"k2", Map.of("o2", List.of("a3", "a2")))));
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(request)
.post()
@@ -77,6 +83,7 @@ void operatorImportMissingDataTest() {
Map.of("rr1", Map.of("r", List.of("a1", "a2")), "n1", Map.of("r", List.of("a1", "a2")))));
var dto = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(request)
.post()
@@ -96,6 +103,7 @@ void operatorImportMissingDataTest() {
void operatorImportEmptyBodyTest() {
var dto = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.post()
.then().log().all()
diff --git a/src/test/java/org/tkit/onecx/permission/rs/external/v1/PermissionRestControllerTenantTest.java b/src/test/java/org/tkit/onecx/permission/rs/external/v1/PermissionRestControllerTenantTest.java
index caa0827..7bc913e 100644
--- a/src/test/java/org/tkit/onecx/permission/rs/external/v1/PermissionRestControllerTenantTest.java
+++ b/src/test/java/org/tkit/onecx/permission/rs/external/v1/PermissionRestControllerTenantTest.java
@@ -4,12 +4,14 @@
import static jakarta.ws.rs.core.MediaType.APPLICATION_JSON;
import static org.assertj.core.api.Assertions.assertThat;
import static org.jboss.resteasy.reactive.RestResponse.Status.*;
+import static org.tkit.quarkus.security.test.SecurityTestUtils.getKeycloakClientToken;
import java.util.List;
import org.junit.jupiter.api.Test;
import org.tkit.onecx.permission.rs.external.v1.controllers.PermissionRestController;
import org.tkit.onecx.permission.test.AbstractTest;
+import org.tkit.quarkus.security.test.GenerateKeycloakClient;
import org.tkit.quarkus.test.WithDBData;
import gen.org.tkit.onecx.permission.rs.external.v1.model.*;
@@ -19,6 +21,7 @@
@QuarkusTest
@TestHTTPEndpoint(PermissionRestController.class)
@WithDBData(value = "data/test-v1.xml", deleteBeforeInsert = true, deleteAfterTest = true, rinseAndRepeat = true)
+@GenerateKeycloakClient(clientName = "testClient", scopes = { "ocx-pm:read" })
class PermissionRestControllerTenantTest extends AbstractTest {
@Test
@@ -28,6 +31,7 @@ void getApplicationPermissionsTest() {
var idToken = createToken("org1", List.of("n3-100"));
var dto = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.header(APM_HEADER_PARAM, idToken)
.body(new PermissionRequestDTOV1().token(accessToken))
diff --git a/src/test/java/org/tkit/onecx/permission/rs/external/v1/PermissionRestControllerTest.java b/src/test/java/org/tkit/onecx/permission/rs/external/v1/PermissionRestControllerTest.java
index aae0fc4..495c8b8 100644
--- a/src/test/java/org/tkit/onecx/permission/rs/external/v1/PermissionRestControllerTest.java
+++ b/src/test/java/org/tkit/onecx/permission/rs/external/v1/PermissionRestControllerTest.java
@@ -4,6 +4,7 @@
import static jakarta.ws.rs.core.MediaType.APPLICATION_JSON;
import static org.assertj.core.api.Assertions.assertThat;
import static org.jboss.resteasy.reactive.RestResponse.Status.*;
+import static org.tkit.quarkus.security.test.SecurityTestUtils.getKeycloakClientToken;
import java.util.stream.Stream;
@@ -14,6 +15,7 @@
import org.tkit.onecx.permission.rs.external.v1.controllers.PermissionRestController;
import org.tkit.onecx.permission.rs.internal.mappers.ExceptionMapper;
import org.tkit.onecx.permission.test.AbstractTest;
+import org.tkit.quarkus.security.test.GenerateKeycloakClient;
import org.tkit.quarkus.test.WithDBData;
import gen.org.tkit.onecx.permission.rs.external.v1.model.*;
@@ -23,6 +25,7 @@
@QuarkusTest
@TestHTTPEndpoint(PermissionRestController.class)
@WithDBData(value = "data/test-v1.xml", deleteBeforeInsert = true, deleteAfterTest = true, rinseAndRepeat = true)
+@GenerateKeycloakClient(clientName = "testClient", scopes = { "ocx-pm:read" })
class PermissionRestControllerTest extends AbstractTest {
@Test
@@ -32,6 +35,7 @@ void getApplicationPermissionsTest() {
var accessToken = createAccessTokenBearer(USER_ALICE);
var dto = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(new PermissionRequestDTOV1().token(accessToken))
.pathParam("productName", "test1")
@@ -50,6 +54,7 @@ void getApplicationPermissionsTest() {
accessToken = createAccessToken(USER_ALICE);
dto = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(new PermissionRequestDTOV1().token(accessToken))
.pathParam("productName", "test1")
@@ -76,6 +81,7 @@ private static Stream badRequestData() {
void getApplicationPermissionsNoBodyTest(String productName, String appId, String check) {
var exception = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.pathParam("productName", productName)
.pathParam("appId", appId)
@@ -95,6 +101,7 @@ void getApplicationPermissionsNoBodyTest(String productName, String appId, Strin
void getApplicationPermissionsWrongTongTest() {
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(new PermissionRequestDTOV1().token("this-is-not-token"))
.pathParam("productName", "test1")
diff --git a/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/ApplicationRestControllerTest.java b/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/ApplicationRestControllerTest.java
index b227506..823c174 100644
--- a/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/ApplicationRestControllerTest.java
+++ b/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/ApplicationRestControllerTest.java
@@ -5,10 +5,12 @@
import static org.assertj.core.api.Assertions.assertThat;
import static org.jboss.resteasy.reactive.RestResponse.Status.BAD_REQUEST;
import static org.jboss.resteasy.reactive.RestResponse.Status.OK;
+import static org.tkit.quarkus.security.test.SecurityTestUtils.getKeycloakClientToken;
import org.junit.jupiter.api.Test;
import org.tkit.onecx.permission.rs.internal.mappers.ExceptionMapper;
import org.tkit.onecx.permission.test.AbstractTest;
+import org.tkit.quarkus.security.test.GenerateKeycloakClient;
import org.tkit.quarkus.test.WithDBData;
import gen.org.tkit.onecx.permission.rs.internal.model.*;
@@ -18,6 +20,7 @@
@QuarkusTest
@TestHTTPEndpoint(ApplicationRestController.class)
@WithDBData(value = "data/test-internal.xml", deleteBeforeInsert = true, deleteAfterTest = true, rinseAndRepeat = true)
+@GenerateKeycloakClient(clientName = "testClient", scopes = { "ocx-pm:read", "ocx-pm:write", "ocx-pm:delete", "ocx-pm:all" })
class ApplicationRestControllerTest extends AbstractTest {
@Test
@@ -25,6 +28,7 @@ void searchTest() {
var criteria = new ApplicationSearchCriteriaDTO();
var data = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(criteria)
.post()
@@ -41,6 +45,7 @@ void searchTest() {
criteria.setAppId(" ");
data = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(criteria)
.post()
@@ -62,6 +67,7 @@ void searchCriteriaTest() {
criteria.setName("app1*");
var data = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(criteria)
.post()
@@ -80,6 +86,7 @@ void searchCriteriaTest() {
@Test
void searchNoBodyTest() {
var exception = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.post()
.then()
diff --git a/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/AssignmentRestControllerExtendTest.java b/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/AssignmentRestControllerExtendTest.java
index 2d667fd..3567cce 100644
--- a/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/AssignmentRestControllerExtendTest.java
+++ b/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/AssignmentRestControllerExtendTest.java
@@ -3,9 +3,11 @@
import static io.restassured.RestAssured.given;
import static jakarta.ws.rs.core.MediaType.APPLICATION_JSON;
import static org.jboss.resteasy.reactive.RestResponse.Status.*;
+import static org.tkit.quarkus.security.test.SecurityTestUtils.getKeycloakClientToken;
import org.junit.jupiter.api.Test;
import org.tkit.onecx.permission.test.AbstractTest;
+import org.tkit.quarkus.security.test.GenerateKeycloakClient;
import org.tkit.quarkus.test.WithDBData;
import io.quarkus.test.common.http.TestHTTPEndpoint;
@@ -14,12 +16,14 @@
@QuarkusTest
@TestHTTPEndpoint(AssignmentRestController.class)
@WithDBData(value = "data/test-internal-no-permission.xml", deleteBeforeInsert = true, deleteAfterTest = true, rinseAndRepeat = true)
+@GenerateKeycloakClient(clientName = "testClient", scopes = { "ocx-pm:read", "ocx-pm:write", "ocx-pm:delete", "ocx-pm:all" })
class AssignmentRestControllerExtendTest extends AbstractTest {
@Test
void grantAssignmentByRole() {
// create role assignment
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.post("/grant/role1")
@@ -27,6 +31,7 @@ void grantAssignmentByRole() {
.statusCode(NOT_FOUND.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.post("/grant/r14")
diff --git a/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/AssignmentRestControllerTest.java b/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/AssignmentRestControllerTest.java
index 5aae45c..56fab61 100644
--- a/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/AssignmentRestControllerTest.java
+++ b/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/AssignmentRestControllerTest.java
@@ -6,6 +6,7 @@
import static org.assertj.core.api.Assertions.from;
import static org.jboss.resteasy.reactive.RestResponse.Status.*;
import static org.jboss.resteasy.reactive.RestResponse.Status.BAD_REQUEST;
+import static org.tkit.quarkus.security.test.SecurityTestUtils.getKeycloakClientToken;
import java.util.List;
@@ -14,6 +15,7 @@
import org.junit.jupiter.api.Test;
import org.tkit.onecx.permission.rs.internal.mappers.ExceptionMapper;
import org.tkit.onecx.permission.test.AbstractTest;
+import org.tkit.quarkus.security.test.GenerateKeycloakClient;
import org.tkit.quarkus.test.WithDBData;
import gen.org.tkit.onecx.permission.rs.internal.model.*;
@@ -23,6 +25,7 @@
@QuarkusTest
@TestHTTPEndpoint(AssignmentRestController.class)
@WithDBData(value = "data/test-internal.xml", deleteBeforeInsert = true, deleteAfterTest = true, rinseAndRepeat = true)
+@GenerateKeycloakClient(clientName = "testClient", scopes = { "ocx-pm:read", "ocx-pm:write", "ocx-pm:delete", "ocx-pm:all" })
class AssignmentRestControllerTest extends AbstractTest {
@Test
@@ -33,6 +36,7 @@ void createAssignment() {
requestDTO.setRoleId("r11");
var uri = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(requestDTO)
@@ -42,6 +46,7 @@ void createAssignment() {
.extract().header(HttpHeaders.LOCATION);
var dto = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.get(uri)
.then()
@@ -55,6 +60,7 @@ void createAssignment() {
// create Role without body
var exception = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.post()
@@ -70,7 +76,8 @@ void createAssignment() {
requestDTO.setPermissionId("p13");
requestDTO.setRoleId("r13");
- exception = given().when()
+ exception = given()
+ .auth().oauth2(getKeycloakClientToken("testClient")).when()
.contentType(APPLICATION_JSON)
.body(requestDTO)
.post()
@@ -92,6 +99,7 @@ void createAssignmentWrong() {
requestDTO.setRoleId("r11");
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(requestDTO)
@@ -103,6 +111,7 @@ void createAssignmentWrong() {
requestDTO.setRoleId("does-not-exists");
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(requestDTO)
@@ -114,6 +123,7 @@ void createAssignmentWrong() {
@Test
void getNotFoundAssignment() {
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.get("does-not-exists")
.then()
@@ -125,6 +135,7 @@ void searchAssignmentTest() {
var criteria = new AssignmentSearchCriteriaDTO();
var data = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(criteria)
.post("/search")
@@ -141,6 +152,7 @@ void searchAssignmentTest() {
criteria.setAppIds(List.of(" "));
data = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(criteria)
.post("/search")
@@ -159,6 +171,7 @@ void searchAssignmentTest() {
criteria2.setAppIds(List.of("app1"));
data = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(criteria2)
.post("/search")
@@ -177,6 +190,7 @@ void searchAssignmentTest() {
multipleAppIdsCriteria.appIds(List.of("app1", "app2", ""));
var multipleAppIdsResult = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(multipleAppIdsCriteria)
.post("/search")
@@ -197,6 +211,7 @@ void deleteAssignmentTest() {
// delete Assignment
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.delete("DELETE_1")
.then()
@@ -204,6 +219,7 @@ void deleteAssignmentTest() {
// check Assignment
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.get("a11")
.then()
@@ -211,6 +227,7 @@ void deleteAssignmentTest() {
// check if Assignment does not exist
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.delete("a11")
.then()
@@ -218,6 +235,7 @@ void deleteAssignmentTest() {
// check Assignment
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.get("a11")
.then()
@@ -225,6 +243,7 @@ void deleteAssignmentTest() {
// try to delete mandatory assignment
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.delete("a13")
.then()
@@ -232,6 +251,7 @@ void deleteAssignmentTest() {
// check Assignment
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.get("a13")
.then()
@@ -242,6 +262,7 @@ void deleteAssignmentTest() {
void grantAssignmentByRole() {
// create role assignment
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.post("/grant/role1")
@@ -249,6 +270,7 @@ void grantAssignmentByRole() {
.statusCode(NOT_FOUND.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.post("/grant/r14")
@@ -256,6 +278,7 @@ void grantAssignmentByRole() {
.statusCode(CREATED.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.post("/grant/r14")
@@ -264,6 +287,7 @@ void grantAssignmentByRole() {
var idToken = createToken("org1", List.of("n3-100"));
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.header(APM_HEADER_PARAM, idToken)
.contentType(APPLICATION_JSON)
@@ -277,6 +301,7 @@ void grantAssignmentByRoleProduct() {
// create role assignment
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.post("/grant/role1/product")
@@ -284,6 +309,7 @@ void grantAssignmentByRoleProduct() {
.statusCode(BAD_REQUEST.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(new CreateRoleProductAssignmentRequestDTO())
@@ -292,6 +318,7 @@ void grantAssignmentByRoleProduct() {
.statusCode(BAD_REQUEST.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(new CreateRoleProductAssignmentRequestDTO().productName(null).appId(null))
@@ -300,6 +327,7 @@ void grantAssignmentByRoleProduct() {
.statusCode(BAD_REQUEST.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(new CreateRoleProductAssignmentRequestDTO()
@@ -309,6 +337,7 @@ void grantAssignmentByRoleProduct() {
.statusCode(NOT_FOUND.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(new CreateRoleProductAssignmentRequestDTO()
@@ -318,6 +347,7 @@ void grantAssignmentByRoleProduct() {
.statusCode(NOT_FOUND.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(new CreateRoleProductAssignmentRequestDTO()
@@ -327,6 +357,7 @@ void grantAssignmentByRoleProduct() {
.statusCode(CREATED.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(new CreateRoleProductAssignmentRequestDTO()
@@ -342,6 +373,7 @@ void grantAssignmentByRoleProducts() {
// create role assignment
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.post("/grant/role1/products")
@@ -349,6 +381,7 @@ void grantAssignmentByRoleProducts() {
.statusCode(BAD_REQUEST.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(new CreateRoleProductsAssignmentRequestDTO())
@@ -357,6 +390,7 @@ void grantAssignmentByRoleProducts() {
.statusCode(BAD_REQUEST.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(new CreateRoleProductsAssignmentRequestDTO().productNames(List.of()))
@@ -365,6 +399,7 @@ void grantAssignmentByRoleProducts() {
.statusCode(BAD_REQUEST.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(new CreateRoleProductsAssignmentRequestDTO()
@@ -374,6 +409,7 @@ void grantAssignmentByRoleProducts() {
.statusCode(NOT_FOUND.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(new CreateRoleProductsAssignmentRequestDTO()
@@ -383,6 +419,7 @@ void grantAssignmentByRoleProducts() {
.statusCode(NOT_FOUND.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(new CreateRoleProductsAssignmentRequestDTO()
@@ -392,6 +429,7 @@ void grantAssignmentByRoleProducts() {
.statusCode(CREATED.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(new CreateRoleProductsAssignmentRequestDTO()
@@ -401,6 +439,7 @@ void grantAssignmentByRoleProducts() {
.statusCode(CREATED.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(new CreateRoleProductsAssignmentRequestDTO()
@@ -415,6 +454,7 @@ void grantAssignmentByRoleProducts() {
void revokeAssignmentByRole() {
// revoke role assignment
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.post("/revoke/role1")
@@ -422,6 +462,7 @@ void revokeAssignmentByRole() {
.statusCode(NOT_FOUND.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.post("/revoke/r14")
@@ -430,6 +471,7 @@ void revokeAssignmentByRole() {
var idToken = createToken("org1", List.of("n3-100"));
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.header(APM_HEADER_PARAM, idToken)
.contentType(APPLICATION_JSON)
@@ -443,6 +485,7 @@ void revokeAssignmentByRoleProduct() {
// revoke role assignment
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.post("/revoke/role1/product")
@@ -450,6 +493,7 @@ void revokeAssignmentByRoleProduct() {
.statusCode(BAD_REQUEST.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(new RevokeRoleProductAssignmentRequestDTO())
@@ -458,6 +502,7 @@ void revokeAssignmentByRoleProduct() {
.statusCode(BAD_REQUEST.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(new RevokeRoleProductAssignmentRequestDTO().productName(null).appId(null))
@@ -466,6 +511,7 @@ void revokeAssignmentByRoleProduct() {
.statusCode(BAD_REQUEST.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(new RevokeRoleProductAssignmentRequestDTO()
@@ -475,6 +521,7 @@ void revokeAssignmentByRoleProduct() {
.statusCode(NOT_FOUND.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(new RevokeRoleProductAssignmentRequestDTO()
@@ -484,6 +531,7 @@ void revokeAssignmentByRoleProduct() {
.statusCode(NOT_FOUND.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(new RevokeRoleProductAssignmentRequestDTO()
@@ -493,6 +541,7 @@ void revokeAssignmentByRoleProduct() {
.statusCode(NO_CONTENT.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(new RevokeRoleProductAssignmentRequestDTO()
@@ -508,6 +557,7 @@ void revokeAssignmentByRoleProducts() {
// create role assignment
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.post("/revoke/role1/products")
@@ -515,6 +565,7 @@ void revokeAssignmentByRoleProducts() {
.statusCode(BAD_REQUEST.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(new RevokeRoleProductsAssignmentRequestDTO())
@@ -523,6 +574,7 @@ void revokeAssignmentByRoleProducts() {
.statusCode(BAD_REQUEST.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(new RevokeRoleProductsAssignmentRequestDTO().productNames(List.of()))
@@ -531,6 +583,7 @@ void revokeAssignmentByRoleProducts() {
.statusCode(BAD_REQUEST.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(new RevokeRoleProductsAssignmentRequestDTO()
@@ -540,6 +593,7 @@ void revokeAssignmentByRoleProducts() {
.statusCode(NOT_FOUND.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(new RevokeRoleProductsAssignmentRequestDTO()
@@ -549,6 +603,7 @@ void revokeAssignmentByRoleProducts() {
.statusCode(NOT_FOUND.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(new RevokeRoleProductsAssignmentRequestDTO()
@@ -558,6 +613,7 @@ void revokeAssignmentByRoleProducts() {
.statusCode(NO_CONTENT.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(new RevokeRoleProductsAssignmentRequestDTO()
@@ -567,6 +623,7 @@ void revokeAssignmentByRoleProducts() {
.statusCode(NO_CONTENT.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(new RevokeRoleProductsAssignmentRequestDTO()
@@ -584,6 +641,7 @@ void getUsersAssignmentsTest() {
var accessToken = createAccessTokenBearer(USER_ALICE);
var dto = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(new AssignmentRequestDTO().token(accessToken).pageNumber(0).pageSize(10))
.post("/me")
diff --git a/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/PermissionRestControllerExceptionTest.java b/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/PermissionRestControllerExceptionTest.java
index 4cd16bf..aa908e4 100644
--- a/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/PermissionRestControllerExceptionTest.java
+++ b/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/PermissionRestControllerExceptionTest.java
@@ -4,6 +4,7 @@
import static jakarta.ws.rs.core.MediaType.APPLICATION_JSON;
import static org.jboss.resteasy.reactive.RestResponse.Status.INTERNAL_SERVER_ERROR;
import static org.mockito.ArgumentMatchers.any;
+import static org.tkit.quarkus.security.test.SecurityTestUtils.getKeycloakClientToken;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
@@ -11,6 +12,7 @@
import org.tkit.onecx.permission.domain.daos.PermissionDAO;
import org.tkit.onecx.permission.test.AbstractTest;
import org.tkit.quarkus.jpa.exceptions.DAOException;
+import org.tkit.quarkus.security.test.GenerateKeycloakClient;
import gen.org.tkit.onecx.permission.rs.internal.model.PermissionSearchCriteriaDTO;
import io.quarkus.test.InjectMock;
@@ -19,6 +21,7 @@
@QuarkusTest
@TestHTTPEndpoint(PermissionRestController.class)
+@GenerateKeycloakClient(clientName = "testClient", scopes = { "ocx-pm:read", "ocx-pm:write", "ocx-pm:delete", "ocx-pm:all" })
class PermissionRestControllerExceptionTest extends AbstractTest {
@InjectMock
@@ -36,6 +39,7 @@ void beforeAll() {
void exceptionTest() {
var criteria = new PermissionSearchCriteriaDTO();
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(criteria)
.post("/search")
@@ -43,6 +47,7 @@ void exceptionTest() {
.statusCode(INTERNAL_SERVER_ERROR.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(criteria)
.post("/search")
diff --git a/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/PermissionRestControllerTest.java b/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/PermissionRestControllerTest.java
index b698d46..de988b2 100644
--- a/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/PermissionRestControllerTest.java
+++ b/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/PermissionRestControllerTest.java
@@ -4,6 +4,7 @@
import static jakarta.ws.rs.core.MediaType.APPLICATION_JSON;
import static org.assertj.core.api.Assertions.assertThat;
import static org.jboss.resteasy.reactive.RestResponse.Status.*;
+import static org.tkit.quarkus.security.test.SecurityTestUtils.getKeycloakClientToken;
import java.util.List;
@@ -12,6 +13,7 @@
import org.tkit.onecx.permission.domain.models.Permission;
import org.tkit.onecx.permission.rs.internal.mappers.ExceptionMapper;
import org.tkit.onecx.permission.test.AbstractTest;
+import org.tkit.quarkus.security.test.GenerateKeycloakClient;
import org.tkit.quarkus.test.WithDBData;
import gen.org.tkit.onecx.permission.rs.internal.model.*;
@@ -21,6 +23,7 @@
@QuarkusTest
@TestHTTPEndpoint(PermissionRestController.class)
@WithDBData(value = "data/test-internal.xml", deleteBeforeInsert = true, deleteAfterTest = true, rinseAndRepeat = true)
+@GenerateKeycloakClient(clientName = "testClient", scopes = { "ocx-pm:read", "ocx-pm:write", "ocx-pm:delete", "ocx-pm:all" })
class PermissionRestControllerTest extends AbstractTest {
@Test
@@ -28,6 +31,7 @@ void searchTest() {
var criteria = new PermissionSearchCriteriaDTO();
var data = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(criteria)
.post("/search")
@@ -44,6 +48,7 @@ void searchTest() {
criteria.setAppId(" ");
data = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(criteria)
.post("/search")
@@ -64,6 +69,7 @@ void searchCriteriaTest() {
criteria.setAppId("app1");
var data = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(criteria)
.post("/search")
@@ -80,6 +86,7 @@ void searchCriteriaTest() {
var productNamesCriteria = new PermissionSearchCriteriaDTO();
productNamesCriteria.setProductNames(List.of("test1"));
var output = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(productNamesCriteria)
.post("/search")
@@ -98,6 +105,7 @@ void searchCriteriaTest() {
@Test
void searchNoBodyTest() {
var exception = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.post("/search")
.then()
@@ -119,6 +127,7 @@ void createPermissionTest() {
criteria.setAction("SEARCH");
var data = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(criteria)
.post()
@@ -128,6 +137,7 @@ void createPermissionTest() {
assertThat(data).isNotNull();
var exception = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.post()
.then()
@@ -143,12 +153,14 @@ void createPermissionTest() {
void deletePermissionTest() {
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.delete("p14")
.then()
.statusCode(NO_CONTENT.getStatusCode());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.delete("p_Not_Exist")
.then()
@@ -156,6 +168,7 @@ void deletePermissionTest() {
//try to delete mandatory permission
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.delete("p13")
.then()
@@ -163,6 +176,7 @@ void deletePermissionTest() {
// should still exist
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.get("p13")
.then()
@@ -174,6 +188,7 @@ void deletePermissionTest() {
void deletePermissionWithAssignmentByDifferentTenantTest() {
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.delete("p23")
.then()
@@ -189,6 +204,7 @@ void updatePermissionTest() {
criteria.setModificationCount(0);
var output = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(criteria)
.put("p14")
@@ -202,6 +218,7 @@ void updatePermissionTest() {
Assertions.assertEquals(criteria.getAction(), output.getAction());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.put("p14")
.then()
@@ -211,6 +228,7 @@ void updatePermissionTest() {
.as(ProblemDetailResponseDTO.class);
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(criteria)
.put("p_NOT_EXISTS")
@@ -222,6 +240,7 @@ void updatePermissionTest() {
void getPermissionTest() {
var output = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.get("p14")
.then()
@@ -236,6 +255,7 @@ void getPermissionTest() {
Assertions.assertEquals("test1", output.getProductName());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.get("p_NOT_EXIST")
.then()
@@ -249,6 +269,7 @@ void getUsersPermissionsTest() {
var accessToken = createAccessTokenBearer(USER_ALICE);
var dto = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(new PermissionRequestDTO().token(accessToken).pageNumber(0).pageSize(10))
.post("/me")
diff --git a/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/RoleRestControllerTest.java b/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/RoleRestControllerTest.java
index bcbbf06..85ad8a7 100644
--- a/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/RoleRestControllerTest.java
+++ b/src/test/java/org/tkit/onecx/permission/rs/internal/controllers/RoleRestControllerTest.java
@@ -5,6 +5,7 @@
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.from;
import static org.jboss.resteasy.reactive.RestResponse.Status.*;
+import static org.tkit.quarkus.security.test.SecurityTestUtils.getKeycloakClientToken;
import jakarta.ws.rs.core.HttpHeaders;
@@ -12,6 +13,7 @@
import org.junit.jupiter.api.Test;
import org.tkit.onecx.permission.rs.internal.mappers.ExceptionMapper;
import org.tkit.onecx.permission.test.AbstractTest;
+import org.tkit.quarkus.security.test.GenerateKeycloakClient;
import org.tkit.quarkus.test.WithDBData;
import gen.org.tkit.onecx.permission.rs.internal.model.*;
@@ -21,6 +23,7 @@
@QuarkusTest
@TestHTTPEndpoint(RoleRestController.class)
@WithDBData(value = "data/test-internal.xml", deleteBeforeInsert = true, deleteAfterTest = true, rinseAndRepeat = true)
+@GenerateKeycloakClient(clientName = "testClient", scopes = { "ocx-pm:read", "ocx-pm:write", "ocx-pm:delete", "ocx-pm:all" })
class RoleRestControllerTest extends AbstractTest {
@Test
@@ -32,6 +35,7 @@ void createNewRoleTest() {
requestDTO.setDescription("description");
var uri = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.body(requestDTO)
@@ -40,6 +44,7 @@ void createNewRoleTest() {
.extract().header(HttpHeaders.LOCATION);
var dto = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.get(uri)
.then()
@@ -53,6 +58,7 @@ void createNewRoleTest() {
// create Role without body
var exception = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(APPLICATION_JSON)
.post()
@@ -67,7 +73,8 @@ void createNewRoleTest() {
requestDTO = new CreateRoleRequestDTO();
requestDTO.setName("n1");
- exception = given().when()
+ exception = given()
+ .auth().oauth2(getKeycloakClientToken("testClient")).when()
.contentType(APPLICATION_JSON)
.body(requestDTO)
.post()
@@ -85,6 +92,7 @@ void deleteRoleWithAssignmentsTest() {
// delete Role in portal
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.delete("r13")
.then()
@@ -97,6 +105,7 @@ void deleteRoleWithMandatoryAssignmentsTest() {
// keep role and assignment
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.delete("r14")
.then()
@@ -109,18 +118,21 @@ void deleteRoleTest() {
// delete Role
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.delete("DELETE_1")
.then().statusCode(NO_CONTENT.getStatusCode());
// check if Role exists
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.get("DELETE_1")
.then().statusCode(NOT_FOUND.getStatusCode());
// delete Role in portal
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.delete("r11")
.then()
@@ -128,6 +140,7 @@ void deleteRoleTest() {
// delete mandatory Role
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.delete("r13")
.then()
@@ -135,6 +148,7 @@ void deleteRoleTest() {
//check if role still exists
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.get("r13")
.then().statusCode(OK.getStatusCode());
@@ -145,6 +159,7 @@ void deleteRoleTest() {
void getRoleByIdTest() {
var dto = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.get("r12")
.then().statusCode(OK.getStatusCode())
@@ -157,11 +172,13 @@ void getRoleByIdTest() {
assertThat(dto.getId()).isEqualTo("r12");
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.get("___")
.then().statusCode(NOT_FOUND.getStatusCode());
dto = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.get("r11")
.then().statusCode(OK.getStatusCode())
@@ -180,6 +197,7 @@ void searchRolesTest() {
var criteria = new RoleSearchCriteriaDTO();
var data = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(criteria)
.post("/search")
@@ -196,6 +214,7 @@ void searchRolesTest() {
criteria.setName(" ");
criteria.setDescription(" ");
data = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(criteria)
.post("/search")
@@ -213,6 +232,7 @@ void searchRolesTest() {
criteria.setDescription("d1");
data = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(criteria)
.post("/search")
@@ -232,7 +252,8 @@ void searchRolesTest() {
void updateRoleTest() {
// download Role
- var dto = given().contentType(APPLICATION_JSON)
+ var dto = given()
+ .auth().oauth2(getKeycloakClientToken("testClient")).contentType(APPLICATION_JSON)
.when()
.get("r11")
.then().statusCode(OK.getStatusCode())
@@ -247,6 +268,7 @@ void updateRoleTest() {
requestDto.setDescription("description-update");
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(requestDto)
.when()
@@ -255,6 +277,7 @@ void updateRoleTest() {
// update Role
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(requestDto)
.when()
@@ -264,6 +287,7 @@ void updateRoleTest() {
// update Role with old modificationCount
var exception = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(requestDto)
.when()
@@ -279,7 +303,8 @@ void updateRoleTest() {
exception.getDetail());
// download Role
- dto = given().contentType(APPLICATION_JSON)
+ dto = given()
+ .auth().oauth2(getKeycloakClientToken("testClient")).contentType(APPLICATION_JSON)
.when()
.get("r11")
.then().statusCode(OK.getStatusCode())
@@ -296,7 +321,8 @@ void updateRoleTest() {
void updateRoleWithExistingNameTest() {
// download Role
- var d = given().contentType(APPLICATION_JSON)
+ var d = given()
+ .auth().oauth2(getKeycloakClientToken("testClient")).contentType(APPLICATION_JSON)
.when()
.get("r11")
.then().statusCode(OK.getStatusCode())
@@ -310,6 +336,7 @@ void updateRoleWithExistingNameTest() {
dto.setDescription("description");
var exception = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.when()
.body(dto)
@@ -332,6 +359,7 @@ void updateRoleWithExistingNameTest() {
void updateRoleWithoutBodyTest() {
var exception = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.when()
.pathParam("id", "update_create_new")
@@ -355,6 +383,7 @@ void getUserRolesTest() {
var accessToken = createAccessTokenBearer(USER_ALICE);
var dto = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(new RoleRequestDTO().token(accessToken).pageNumber(0).pageSize(10))
.post("/me")
diff --git a/src/test/java/org/tkit/onecx/permission/rs/operator/v1/controllers/OperatorRestControllerTest.java b/src/test/java/org/tkit/onecx/permission/rs/operator/v1/controllers/OperatorRestControllerTest.java
index 3f429c2..81291fd 100644
--- a/src/test/java/org/tkit/onecx/permission/rs/operator/v1/controllers/OperatorRestControllerTest.java
+++ b/src/test/java/org/tkit/onecx/permission/rs/operator/v1/controllers/OperatorRestControllerTest.java
@@ -5,12 +5,14 @@
import static org.assertj.core.api.Assertions.assertThat;
import static org.jboss.resteasy.reactive.RestResponse.Status.BAD_REQUEST;
import static org.jboss.resteasy.reactive.RestResponse.Status.OK;
+import static org.tkit.quarkus.security.test.SecurityTestUtils.getKeycloakClientToken;
import java.util.List;
import org.junit.jupiter.api.Test;
import org.tkit.onecx.permission.rs.operator.v1.mappers.ExceptionMapper;
import org.tkit.onecx.permission.test.AbstractTest;
+import org.tkit.quarkus.security.test.GenerateKeycloakClient;
import org.tkit.quarkus.test.WithDBData;
import gen.org.tkit.onecx.permission.rs.operator.v1.model.PermissionDTOV1;
@@ -22,11 +24,13 @@
@QuarkusTest
@TestHTTPEndpoint(OperatorRestController.class)
@WithDBData(value = "data/test-operator-v1.xml", deleteBeforeInsert = true, deleteAfterTest = true, rinseAndRepeat = true)
+@GenerateKeycloakClient(clientName = "testClient", scopes = { "ocx-pm:write" })
class OperatorRestControllerTest extends AbstractTest {
@Test
void requestNoBodyTest() {
var exception = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.pathParam("productName", "test1")
.pathParam("appId", "app1")
@@ -48,6 +52,7 @@ void requestEmptyListTest() {
request.setPermissions(List.of());
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(request)
.pathParam("productName", "test1")
@@ -67,6 +72,7 @@ void requestWrongPermissionTest() {
request.setPermissions(List.of(per));
var exception = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(request)
.pathParam("productName", "test1")
@@ -93,6 +99,7 @@ void requestPermissionTest() {
request.setPermissions(List.of(per1, per2));
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(request)
.pathParam("productName", "test1")
@@ -112,6 +119,7 @@ void requestDuplicatePermissionTest() {
request.setPermissions(List.of(per1, per2));
var exception = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(request)
.pathParam("productName", "test1")
diff --git a/src/test/java/org/tkit/onecx/permission/test/SecurityTest.java b/src/test/java/org/tkit/onecx/permission/test/SecurityTest.java
new file mode 100644
index 0000000..4af41c4
--- /dev/null
+++ b/src/test/java/org/tkit/onecx/permission/test/SecurityTest.java
@@ -0,0 +1,19 @@
+package org.tkit.onecx.permission.test;
+
+import java.util.List;
+
+import org.tkit.quarkus.security.test.AbstractSecurityTest;
+import org.tkit.quarkus.security.test.SecurityTestConfig;
+
+import io.quarkus.test.junit.QuarkusTest;
+
+@QuarkusTest
+public class SecurityTest extends AbstractSecurityTest {
+ @Override
+ public SecurityTestConfig getConfig() {
+ SecurityTestConfig config = new SecurityTestConfig();
+ config.addConfig("read", "/internal/permissions/id", 404, List.of("ocx-pm:read"), "get");
+ config.addConfig("write", "/internal/permissions", 400, List.of("ocx-pm:write"), "post");
+ return config;
+ }
+}
diff --git a/src/test/java/org/tkit/onecx/permission/test/SecurityTestIT.java b/src/test/java/org/tkit/onecx/permission/test/SecurityTestIT.java
new file mode 100644
index 0000000..288cfa7
--- /dev/null
+++ b/src/test/java/org/tkit/onecx/permission/test/SecurityTestIT.java
@@ -0,0 +1,7 @@
+package org.tkit.onecx.permission.test;
+
+import io.quarkus.test.junit.QuarkusIntegrationTest;
+
+@QuarkusIntegrationTest
+public class SecurityTestIT extends SecurityTest {
+}