Java Code Examples for org.keycloak.representations.idm.RealmRepresentation#setAccessCodeLifespan()

@Override
public void beforeBrokerTest() {
    super.beforeBrokerTest();
    // Require broker to show consent screen
    RealmResource brokeredRealm = adminClient.realm(bc.providerRealmName());
    List<ClientRepresentation> clients = brokeredRealm.clients().findByClientId("brokerapp");
    org.junit.Assert.assertEquals(1, clients.size());
    ClientRepresentation brokerApp = clients.get(0);
    brokerApp.setConsentRequired(true);
    brokeredRealm.clients().get(brokerApp.getId()).update(brokerApp);


    // Change timeouts on realm-with-broker to lower values
    RealmResource realmWithBroker = adminClient.realm(bc.consumerRealmName());
    RealmRepresentation realmRep = realmWithBroker.toRepresentation();
    realmRep.setAccessCodeLifespanLogin(30);;
    realmRep.setAccessCodeLifespan(30);
    realmRep.setAccessCodeLifespanUserAction(30);
    realmWithBroker.update(realmRep);
}
 

@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
    RealmRepresentation testRealmRep = new RealmRepresentation();
    testRealmRep.setId(TEST);
    testRealmRep.setRealm(TEST);
    testRealmRep.setEnabled(true);
    testRealmRep.setPrivateKey(REALM_PRIVATE_KEY);
    testRealmRep.setPublicKey(REALM_PUBLIC_KEY);
    testRealmRep.setAccessCodeLifespan(60); // Used as default assertion lifespan
    testRealms.add(testRealmRep);
}
 

@Test
public void testSessionInvalidatedAfterFailedRefresh() {
    RealmRepresentation testRealmRep = testRealmResource().toRepresentation();
    ClientResource sessionPortalRes = null;
    for (ClientRepresentation clientRep : testRealmResource().clients().findAll()) {
        if ("session-portal".equals(clientRep.getClientId())) {
            sessionPortalRes = testRealmResource().clients().get(clientRep.getId());
        }
    }
    assertNotNull(sessionPortalRes);
    sessionPortalRes.toRepresentation().setAdminUrl("");
    int origTokenLifespan = testRealmRep.getAccessCodeLifespan();
    testRealmRep.setAccessCodeLifespan(1);
    testRealmResource().update(testRealmRep);

    // Login
    loginAndCheckSession(testRealmLoginPage);

    // Logout
    String logoutUri = OIDCLoginProtocolService.logoutUrl(authServerPage.createUriBuilder())
            .queryParam(OAuth2Constants.REDIRECT_URI, sessionPortalPage.toString()).build("demo").toString();
    driver.navigate().to(logoutUri);

    // Assert that http session was invalidated
    sessionPortalPage.navigateTo();
    assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
    testRealmLoginPage.form().login("[email protected]", "password");
    assertCurrentUrlEquals(sessionPortalPage);
    String pageSource = driver.getPageSource();
    assertTrue(pageSource.contains("Counter=1"));

    sessionPortalRes.toRepresentation().setAdminUrl(sessionPortalPage.toString());
    testRealmRep.setAccessCodeLifespan(origTokenLifespan);
    testRealmResource().update(testRealmRep);
}
 

private static void readRealm(JsonParser p) throws IOException {

        // as soon as we encounter users, roles, clients we create a CreateRealmJob
        // TODO: if after that point in a realm we encounter realm attribute, we report a warning but continue

        boolean skip = false;
        try {
            RealmRepresentation r = new RealmRepresentation();
            JsonToken t = p.nextToken();
            outer:
            while (t != JsonToken.END_OBJECT && !skip) {

                //System.out.println(t + ", name: " + p.getCurrentName() + ", text: '" + p.getText() + "', value: " + p.getValueAsString());

                switch (p.getCurrentName()) {
                    case "realm":
                        r.setRealm(getStringValue(p));
                        skip = !started && realmSkipped(r.getRealm()) ;
                        if (skip) {
                            break outer;
                        }
                        break;
                    case "enabled":
                        r.setEnabled(getBooleanValue(p));
                        break;
                    case "accessTokenLifespan":
                        r.setAccessCodeLifespan(getIntegerValue(p));
                        break;
                    case "registrationAllowed":
                        r.setRegistrationAllowed(getBooleanValue(p));
                        break;
                    case "passwordPolicy":
                        r.setPasswordPolicy(getStringValue(p));
                        break;
                    case "sslRequired":
                        r.setSslRequired(getStringValue(p));
                        break;
                    case "users":
                        ensureRealm(r);
                        if (seekToStart()) {
                            enqueueFetchRealmRoles(r);
                            completePending();
                        }
                        readUsers(r, p);
                        break;
                    case "roles":
                        ensureRealm(r);
                        readRoles(r, p);
                        break;
                    case "clients":
                        ensureRealm(r);
                        readClients(r, p);
                        completePending();
                        if (seekToStart()) {
                            enqueueFetchMissingClients(r);
                            completePending();
                        }
                        break;
                    default: {
                        // if we don't understand the field we ignore it - but report that
                        log.warn("Realm attribute ignored: " + p.getCurrentName());
                        consumeAttribute(p);
                        continue; // skip p.nextToken() at end of loop - consumeAttribute() already did it
                    }
                }

                t = p.nextToken();
            }

            if (skip) {
                log.info("Realm skipped: " + r.getRealm());
                consumeParent(p);
            }

        } finally {
            // we wait for realm to complete
            completePending();

            // reset realm specific cache
            realmCreated = false;
            clientIdMap.clear();
            realmRoleIdMap.clear();
            clientRoleIdMap.clear();
        }
    }
 

public RealmManager accessCodeLifeSpan(Integer accessCodeLifespan) {
    RealmRepresentation realmRepresentation = realm.toRepresentation();
    realmRepresentation.setAccessCodeLifespan(accessCodeLifespan);
    realm.update(realmRepresentation);
    return this;
}
 

@Test
public void testSessionInvalidatedAfterFailedRefresh() {
    RealmResource realmResource = adminClient.realm(REALM_NAME);
    RealmRepresentation realmRep = realmResource.toRepresentation();
    ClientResource clientResource = null;
    for (ClientRepresentation clientRep : realmResource.clients().findAll()) {
        if (CLIENT_ID.equals(clientRep.getClientId())) {
            clientResource = realmResource.clients().get(clientRep.getId());
        }
    }

    assertThat(clientResource, is(notNullValue()));

    clientResource.toRepresentation().setAdminUrl("");
    int origTokenLifespan = realmRep.getAccessCodeLifespan();
    realmRep.setAccessCodeLifespan(1);
    realmResource.update(realmRep);

    // Login
    loginAndCheckSession();

    // Logout
    String logoutUri = logoutPage(SERVLET_URL);
    driver.navigate().to(logoutUri);
    waitForPageToLoad();

    // Assert that http session was invalidated
    driver.navigate().to(SERVLET_URL);
    waitForPageToLoad();

    assertCurrentUrlStartsWith(testRealmLoginPage, driver);
    testRealmLoginPage.form().login(USER_LOGIN, USER_PASSWORD);

    sessionPage.assertIsCurrent();
    assertThat(sessionPage.getCounter(), is(equalTo(0)));

    clientResource.toRepresentation().setAdminUrl(BASE_URL);
    realmRep.setAccessCodeLifespan(origTokenLifespan);
    realmResource.update(realmRep);

    driver.navigate().to(logoutUri);
    waitForPageToLoad();
}