[KEYCLOAK-8289] - Remove authorization services from product preview …

…profile

common/src/main/java/org/keycloak/common/Profile.java

@@ -34,7 +34,7 @@ public class Profile {
 
     public enum Feature {
         ACCOUNT2,
-        AUTHORIZATION,
+        ADMIN_FINE_GRAINED_AUTHZ,
         DOCKER,
         IMPERSONATION,
         OPENSHIFT_INTEGRATION,
@@ -54,7 +54,7 @@ private enum ProductValue {
     }
 
     private enum ProfileValue {
-        PRODUCT(Feature.AUTHORIZATION, Feature.SCRIPTS, Feature.DOCKER, Feature.ACCOUNT2, Feature.TOKEN_EXCHANGE),
+        PRODUCT(Feature.ADMIN_FINE_GRAINED_AUTHZ, Feature.SCRIPTS, Feature.DOCKER, Feature.ACCOUNT2, Feature.TOKEN_EXCHANGE),
         PREVIEW(Feature.ACCOUNT2),
         COMMUNITY(Feature.DOCKER, Feature.ACCOUNT2);
 

server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java

@@ -547,13 +547,11 @@ public static ClientRepresentation toRepresentation(ClientModel clientModel, Key
             rep.setProtocolMappers(mappings);
         }
 
-        if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
-            AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
-            ResourceServer resourceServer = authorization.getStoreFactory().getResourceServerStore().findById(clientModel.getId());
+        AuthorizationProvider authorization = session.getProvider(AuthorizationProvider.class);
+        ResourceServer resourceServer = authorization.getStoreFactory().getResourceServerStore().findById(clientModel.getId());
 
-            if (resourceServer != null) {
-                rep.setAuthorizationServicesEnabled(true);
-            }
+        if (resourceServer != null) {
+            rep.setAuthorizationServicesEnabled(true);
         }
 
         return rep;

services/src/main/java/org/keycloak/services/resources/RealmsResource.java

@@ -257,8 +257,6 @@ public Response getWellKnown(final @PathParam("realm") String name,
 
     @Path("{realm}/authz")
     public Object getAuthorizationService(@PathParam("realm") String name) {
-        ProfileHelper.requireFeature(Profile.Feature.AUTHORIZATION);
-
         init(name);
         AuthorizationProvider authorization = this.session.getProvider(AuthorizationProvider.class);
         AuthorizationService service = new AuthorizationService(authorization);

services/src/main/java/org/keycloak/services/resources/account/AccountConsole.java

@@ -109,7 +109,7 @@ public Response getMainPage() throws URISyntaxException, IOException, FreeMarker
 
             EventStoreProvider eventStore = session.getProvider(EventStoreProvider.class);
             map.put("isEventsEnabled", eventStore != null && realm.isEventsEnabled());
-            map.put("isAuthorizationEnabled", Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION));
+            map.put("isAuthorizationEnabled", true);
 
             FreeMarkerUtil freeMarkerUtil = new FreeMarkerUtil();
             String result = freeMarkerUtil.processTemplate(map, "index.ftl", theme);

services/src/main/java/org/keycloak/services/resources/account/AccountFormService.java

@@ -172,7 +172,7 @@ public void init() {
             account.setUser(auth.getUser());
         }
 
-        account.setFeatures(realm.isIdentityFederationEnabled(), eventStore != null && realm.isEventsEnabled(), true, Profile.isFeatureEnabled(Feature.AUTHORIZATION));
+        account.setFeatures(realm.isIdentityFederationEnabled(), eventStore != null && realm.isEventsEnabled(), true, true);
     }
 
     public static UriBuilder accountServiceBaseUrl(UriInfo uriInfo) {

services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java

@@ -606,8 +606,6 @@ public GlobalRequestResult testNodesAvailable() {
 
     @Path("/authz")
     public AuthorizationService authorization() {
-        ProfileHelper.requireFeature(Profile.Feature.AUTHORIZATION);
-
         AuthorizationService resource = new AuthorizationService(this.session, this.client, this.auth, adminEvent);
 
         ResteasyProviderFactory.getInstance().injectProperties(resource);
@@ -691,12 +689,10 @@ private void updateClientFromRep(ClientRepresentation rep, ClientModel client, K
     }
 
     private void updateAuthorizationSettings(ClientRepresentation rep) {
-        if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
-            if (TRUE.equals(rep.getAuthorizationServicesEnabled())) {
-                authorization().enable(false);
-            } else {
-                authorization().disable();
-            }
+        if (TRUE.equals(rep.getAuthorizationServicesEnabled())) {
+            authorization().enable(false);
+        } else {
+            authorization().disable();
         }
     }
 }

services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java

@@ -177,17 +177,15 @@ public Response createClient(final ClientRepresentation rep) {
 
             adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri(), clientModel.getId()).representation(rep).success();
 
-            if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
-                if (TRUE.equals(rep.getAuthorizationServicesEnabled())) {
-                    AuthorizationService authorizationService = getAuthorizationService(clientModel);
+            if (TRUE.equals(rep.getAuthorizationServicesEnabled())) {
+                AuthorizationService authorizationService = getAuthorizationService(clientModel);
 
-                    authorizationService.enable(true);
+                authorizationService.enable(true);
 
-                    ResourceServerRepresentation authorizationSettings = rep.getAuthorizationSettings();
+                ResourceServerRepresentation authorizationSettings = rep.getAuthorizationSettings();
 
-                    if (authorizationSettings != null) {
-                        authorizationService.resourceServer().importSettings(authorizationSettings);
-                    }
+                if (authorizationSettings != null) {
+                    authorizationService.resourceServer().importSettings(authorizationSettings);
                 }
             }
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractBaseServletAuthzAdapterTest.java

@@ -55,9 +55,6 @@ public abstract class AbstractBaseServletAuthzAdapterTest extends AbstractExampl
     protected static final String REALM_NAME = "servlet-authz";
     protected static final String RESOURCE_SERVER_ID = "servlet-authz-app";
 
-    @BeforeClass
-    public static void enabled() { ProfileAssume.assumePreview(); }
-
     @ArquillianResource
     private Deployer deployer;
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java

@@ -122,9 +122,6 @@ public void setDefaultPageUriParameters() {
         testRealmPage.setAuthRealm(REALM_NAME);
     }
 
-    @BeforeClass
-    public static void enabled() { ProfileAssume.assumePreview(); }
-
     @Before
     public void beforePhotozExampleAdapterTest() throws Exception {
         DroneUtils.addWebDriver(jsDriver);

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/DefaultAuthzConfigAdapterTest.java

@@ -57,9 +57,6 @@ public class DefaultAuthzConfigAdapterTest extends AbstractExampleAdapterTest {
     private static final String REALM_NAME = "hello-world-authz";
     private static final String RESOURCE_SERVER_ID = "hello-world-authz-service";
 
-    @BeforeClass
-    public static void enabled() { ProfileAssume.assumePreview(); }
-
     @ArquillianResource
     private Deployer deployer;
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/ServletPolicyEnforcerTest.java

@@ -63,9 +63,6 @@ public class ServletPolicyEnforcerTest extends AbstractExampleAdapterTest {
     protected static final String REALM_NAME = "servlet-policy-enforcer-authz";
     protected static final String RESOURCE_SERVER_ID = "servlet-policy-enforcer";
 
-    @BeforeClass
-    public static void enabled() { ProfileAssume.assumePreview(); }
-
     @ArquillianResource
     private Deployer deployer;
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AuthzCleanupTest.java

@@ -50,11 +50,6 @@
  */
 public class AuthzCleanupTest extends AbstractKeycloakTest {
 
-    @BeforeClass
-    public static void enabled() {
-        ProfileAssume.assumePreview();
-    }
-
     @Deployment
     public static WebArchive deploy() {
         return RunOnServerDeployment.create();

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java

@@ -809,8 +809,6 @@ public void invoke(RealmResource realm) {
 
     @Test
     public void clientAuthorization() {
-        ProfileAssume.assumePreview();
-
         ClientRepresentation newClient = new ClientRepresentation();
         newClient.setClientId("foo-authz");
         adminClient.realms().realm(REALM_NAME).clients().create(newClient);

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/InstallationTest.java

@@ -128,8 +128,6 @@ public void testOidcBearerOnlyJsonWithAudienceClientScope() {
 
     @Test
     public void testOidcBearerOnlyWithAuthzJson() {
-        ProfileAssume.assumePreview();
-
         oidcBearerOnlyClientWithAuthzId = createOidcBearerOnlyClientWithAuthz(OIDC_NAME_BEARER_ONLY_WITH_AUTHZ_NAME);
         oidcBearerOnlyClientWithAuthz = findClientResource(OIDC_NAME_BEARER_ONLY_WITH_AUTHZ_NAME);
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AbstractAuthorizationTest.java

@@ -57,11 +57,6 @@ protected String getRealmId() {
         return "authz-test";
     }
 
-    @BeforeClass
-    public static void enabled() {
-        ProfileAssume.assumePreview();
-    }
-
     @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
         testRealms.add(createTestRealm().build());

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AbstractPolicyManagementTest.java

@@ -52,11 +52,6 @@
  */
 public abstract class AbstractPolicyManagementTest extends AbstractKeycloakTest {
 
-    @BeforeClass
-    public static void enabled() {
-        ProfileAssume.assumePreview();
-    }
-
     @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
         testRealms.add(createTestRealm().build());

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ClaimInformationPointProviderTest.java

@@ -75,7 +75,6 @@ public class ClaimInformationPointProviderTest extends AbstractKeycloakTest {
 
     @BeforeClass
     public static void onBeforeClass() {
-        ProfileAssume.assumePreview();
         httpService = Undertow.builder().addHttpListener(8989, "localhost").setHandler(exchange -> {
             if (exchange.isInIoThread()) {
                 try {

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/EnforcerConfigTest.java

@@ -40,9 +40,6 @@
  */
 public class EnforcerConfigTest extends AbstractKeycloakTest {
 
-    @BeforeClass
-    public static void enabled() { ProfileAssume.assumePreview(); }
-
     @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
         RealmRepresentation realm = loadRealm(getClass().getResourceAsStream("/authorization-test/test-authz-realm.json"));

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerClaimsTest.java

@@ -82,11 +82,6 @@ public class PolicyEnforcerClaimsTest extends AbstractKeycloakTest {
 
     protected static final String REALM_NAME = "authz-test";
 
-    @BeforeClass
-    public static void onBeforeClass() {
-        ProfileAssume.assumePreview();
-    }
-
     @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
         testRealms.add(RealmBuilder.create().name(REALM_NAME)

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/PolicyEnforcerTest.java

@@ -86,11 +86,6 @@ public class PolicyEnforcerTest extends AbstractKeycloakTest {
 
     protected static final String REALM_NAME = "authz-test";
 
-    @BeforeClass
-    public static void onBeforeClass() {
-        ProfileAssume.assumePreview();
-    }
-
     @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
         testRealms.add(RealmBuilder.create().name(REALM_NAME)

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AbstractAuthzTest.java

@@ -12,11 +12,6 @@
  */
 public abstract class AbstractAuthzTest extends AbstractKeycloakTest {
 
-    @BeforeClass
-    public static void enabled() {
-        ProfileAssume.assumePreview();
-    }
-
     protected AccessToken toAccessToken(String rpt) {
         AccessToken accessToken;
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/InvalidationCrossDCTest.java

@@ -182,8 +182,6 @@ public void userInvalidationTest() throws Exception {
 
     @Test
     public void authzResourceInvalidationTest() throws Exception {
-        ProfileAssume.assumePreview();
-
         enableDcOnLoadBalancer(DC.FIRST);
         enableDcOnLoadBalancer(DC.SECOND);
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/exportimport/ExportImportUtil.java

@@ -384,9 +384,7 @@ public static void assertDataImportedInRealm(Keycloak adminClient, KeycloakTesti
         Assert.assertNotNull(linked);
         Assert.assertEquals("my-service-user", linked.getUsername());
 
-        if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
-            assertAuthorizationSettings(realmRsc);
-        }
+        assertAuthorizationSettings(realmRsc);
     }
 
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ScriptAuthenticatorTest.java

@@ -64,11 +64,6 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
 
     public static final String EXECUTION_ID = "scriptAuth";
 
-    @BeforeClass
-    public static void enabled() {
-        ProfileAssume.assumePreview();
-    }
-
     @Override
     public void configureTestRealm(RealmRepresentation testRealm) {
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/AbstractMigrationTest.java

@@ -355,8 +355,6 @@ protected void testDroolsToRulesPolicyTypeMigration() {
     }
 
     private void testResourceWithMultipleUris() {
-        ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
-
         ClientsResource clients = migrationRealm.clients();
         ClientRepresentation clientRepresentation = clients.findByClientId("authz-servlet").get(0);
         ResourceRepresentation resource = clients.get(clientRepresentation.getId()).authorization().resources().findByName("Protected Resource").get(0);

testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authorization/AbstractAuthorizationSettingsTest.java

@@ -43,11 +43,6 @@ public abstract class AbstractAuthorizationSettingsTest extends AbstractClientTe
 
     protected ClientRepresentation newClient;
 
-    @BeforeClass
-    public static void enabled() {
-        ProfileAssume.assumePreview();
-    }
-
     @Before
     public void configureTest() {
         this.newClient = createResourceServer();