KEYCLOAK-6783 Add authentication into cross-dc testing
This commit is contained in:
Hynek Mlnarik
Hynek Mlnařík
parent
05dcc6e3af
commit
190771ddf1
8 changed files with 132 additions and 3 deletions
|
|
@ -139,4 +139,8 @@ echo *** Enable debug logging ***
|
|||
echo *** Update undertow subsystem ***
|
||||
/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true)
|
||||
|
||||
echo *** Update keycloak-server subsystem, infinispan remoteStoreSecurity ***
|
||||
/subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:map-put(name=properties,key=remoteStoreSecurityEnabled,value=${keycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled:true})
|
||||
|
||||
|
||||
echo **** End ****
|
||||
|
|
|
|||
|
|
@ -0,0 +1,90 @@
|
|||
<!--
|
||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
~ and other contributors as indicated by the @author tags.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
|
||||
xmlns:xalan="http://xml.apache.org/xalan"
|
||||
version="2.0"
|
||||
exclude-result-prefixes="xalan #all">
|
||||
|
||||
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
|
||||
<xsl:strip-space elements="*"/>
|
||||
|
||||
<xsl:variable name="nsCacheServer" select="'urn:infinispan:server:core:'"/>
|
||||
<xsl:variable name="nsDomain" select="'urn:jboss:domain:'"/>
|
||||
<xsl:variable name="nsEndpoint" select="'urn:infinispan:server:endpoint:'"/>
|
||||
|
||||
<!-- Configuration of infinispan caches in infinispan-subsystem -->
|
||||
<xsl:template match="//*[local-name()='subsystem' and starts-with(namespace-uri(), $nsCacheServer)]
|
||||
/*[local-name()='cache-container' and starts-with(namespace-uri(), $nsCacheServer) and @name='clustered']">
|
||||
<xsl:copy>
|
||||
<xsl:apply-templates select="@*" />
|
||||
|
||||
<security>
|
||||
<authorization>
|
||||
<identity-role-mapper/>
|
||||
<role name="___script_manager" permissions="ALL"/>
|
||||
</authorization>
|
||||
</security>
|
||||
|
||||
<xsl:apply-templates select="node()" />
|
||||
|
||||
</xsl:copy>
|
||||
</xsl:template>
|
||||
|
||||
<!-- Add "authentication" into HotRod connector configuration -->
|
||||
<xsl:template match="//*[local-name()='subsystem' and starts-with(namespace-uri(), $nsEndpoint)]
|
||||
/*[local-name()='hotrod-connector' and starts-with(namespace-uri(), $nsEndpoint) and @cache-container='clustered']">
|
||||
<xsl:copy>
|
||||
<xsl:apply-templates select="@* | node()" />
|
||||
|
||||
<authentication security-realm="AllowScriptManager">
|
||||
<sasl mechanisms="DIGEST-MD5" qop="auth" server-name="keycloak-jdg-server">
|
||||
<policy>
|
||||
<no-anonymous value="false" />
|
||||
</policy>
|
||||
</sasl>
|
||||
</authentication>
|
||||
</xsl:copy>
|
||||
</xsl:template>
|
||||
|
||||
<!-- Add "AllowScriptManager" security-realm -->
|
||||
<xsl:template match="//*[local-name()='management' and starts-with(namespace-uri(), $nsDomain)]
|
||||
/*[local-name()='security-realms' and starts-with(namespace-uri(), $nsDomain)]">
|
||||
<xsl:copy>
|
||||
<xsl:apply-templates select="@* | node()" />
|
||||
|
||||
<xsl:element name="security-realm" namespace="{namespace-uri()}">
|
||||
<xsl:attribute name="name">AllowScriptManager</xsl:attribute>
|
||||
<xsl:element name="authentication" namespace="{namespace-uri()}">
|
||||
<xsl:element name="users" namespace="{namespace-uri()}">
|
||||
<xsl:element name="user" namespace="{namespace-uri()}">
|
||||
<xsl:attribute name="username">___script_manager</xsl:attribute>
|
||||
<xsl:element name="password" namespace="{namespace-uri()}">not-so-secret-password</xsl:element>
|
||||
</xsl:element>
|
||||
</xsl:element>
|
||||
</xsl:element>
|
||||
</xsl:element>
|
||||
</xsl:copy>
|
||||
</xsl:template>
|
||||
|
||||
<xsl:template match="@*|node()">
|
||||
<xsl:copy>
|
||||
<xsl:apply-templates select="@*|node()" />
|
||||
</xsl:copy>
|
||||
</xsl:template>
|
||||
|
||||
</xsl:stylesheet>
|
||||
|
|
@ -34,10 +34,11 @@
|
|||
<cache.server.container>cache-server-${cache.server}</cache.server.container>
|
||||
<cache.server.home>${containers.home}/${cache.server.container}</cache.server.home>
|
||||
|
||||
<cache.server.jboss.cache-authorization-disabled>true</cache.server.jboss.cache-authorization-disabled>
|
||||
<cache.server.jboss.groupId>org.infinispan.server</cache.server.jboss.groupId>
|
||||
<cache.server.jboss.artifactId>infinispan-server</cache.server.jboss.artifactId>
|
||||
<cache.server.jboss.version>${infinispan.version}</cache.server.jboss.version>
|
||||
<cache.server.jboss.unpacked.folder.name>${cache.server.jboss.artifactId}-${infinispan.version}</cache.server.jboss.unpacked.folder.name>
|
||||
<cache.server.jboss.unpacked.folder.name>${cache.server.jboss.artifactId}-${cache.server.jboss.version}</cache.server.jboss.unpacked.folder.name>
|
||||
|
||||
<cache.server.worker.io-threads>${cache.default.worker.io-threads}</cache.server.worker.io-threads>
|
||||
<cache.server.worker.task-max-threads>${cache.default.worker.task-max-threads}</cache.server.worker.task-max-threads>
|
||||
|
|
|
|||
|
|
@ -34,6 +34,7 @@
|
|||
<cache.server.container>cache-server-${cache.server}</cache.server.container>
|
||||
<cache.server.home>${containers.home}/${cache.server.container}</cache.server.home>
|
||||
|
||||
<cache.server.jboss.cache-authorization-disabled>false</cache.server.jboss.cache-authorization-disabled>
|
||||
<cache.server.jboss.groupId>org.infinispan.server</cache.server.jboss.groupId>
|
||||
<cache.server.jboss.artifactId>infinispan-server</cache.server.jboss.artifactId>
|
||||
<cache.server.jboss.version>${jdg.version}</cache.server.jboss.version>
|
||||
|
|
|
|||
|
|
@ -33,6 +33,7 @@
|
|||
<common.resources>${project.parent.basedir}/common</common.resources>
|
||||
<assembly.xml>${project.parent.basedir}/assembly.xml</assembly.xml>
|
||||
<cache.server.jboss.home>${containers.home}/${cache.server.jboss.unpacked.folder.name}</cache.server.jboss.home>
|
||||
<cache.server.jboss.cache-authorization-disabled>true</cache.server.jboss.cache-authorization-disabled>
|
||||
<security.xslt>security.xsl</security.xslt>
|
||||
</properties>
|
||||
|
||||
|
|
@ -59,6 +60,7 @@
|
|||
<rules>
|
||||
<requireProperty>
|
||||
<property>cache.server</property>
|
||||
<property>cache.server.jboss.cache-authorization-enabled</property>
|
||||
<property>cache.server.jboss.groupId</property>
|
||||
<property>cache.server.jboss.artifactId</property>
|
||||
<property>cache.server.jboss.version</property>
|
||||
|
|
@ -164,6 +166,29 @@
|
|||
</configuration>
|
||||
</execution>
|
||||
|
||||
<execution>
|
||||
<id>configure-keycloak-authorization</id>
|
||||
<phase>process-test-resources</phase>
|
||||
<goals>
|
||||
<goal>transform</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<skip>${cache.server.jboss.cache-authorization-disabled}</skip>
|
||||
<transformationSets>
|
||||
<!-- Configure authorization in files clustered-__dc__.xml -->
|
||||
<transformationSet>
|
||||
<dir>${cache.server.jboss.home}/standalone/configuration</dir>
|
||||
<includes>
|
||||
<include>clustered-1.xml</include>
|
||||
<include>clustered-2.xml</include>
|
||||
</includes>
|
||||
<stylesheet>${common.resources}/cache-authorization.xsl</stylesheet>
|
||||
<outputDir>${cache.server.jboss.home}/standalone/configuration</outputDir>
|
||||
</transformationSet>
|
||||
</transformationSets>
|
||||
</configuration>
|
||||
</execution>
|
||||
|
||||
<execution>
|
||||
<id>io-worker-threads</id>
|
||||
<phase>process-resources</phase>
|
||||
|
|
|
|||
|
|
@ -377,10 +377,10 @@ public abstract class AbstractCrossDCTest extends AbstractTestRealmKeycloakTest
|
|||
File dir = new File(cleanServerBaseDir);
|
||||
if (dir.exists()) {
|
||||
try {
|
||||
FileUtils.cleanDirectory(dir);
|
||||
dir.renameTo(new File(dir.getParentFile(), dir.getName() + "--" + System.currentTimeMillis()));
|
||||
|
||||
File deploymentsDir = new File(dir, "deployments");
|
||||
deploymentsDir.mkdir();
|
||||
FileUtils.forceMkdir(deploymentsDir);
|
||||
} catch (IOException ioe) {
|
||||
throw new RuntimeException("Failed to clean directory: " + cleanServerBaseDir, ioe);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -384,6 +384,7 @@
|
|||
-Djboss.node.name=auth-server-${node.name}-cross-dc-0_1
|
||||
-Dauth.server.truststore=${auth.server.truststore}
|
||||
-Dauth.server.truststore.password=${auth.server.truststore.password}
|
||||
-Dkeycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled=${keycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled}
|
||||
</property>
|
||||
<property name="javaVmArguments">
|
||||
-Djava.net.preferIPv4Stack=true
|
||||
|
|
@ -409,6 +410,7 @@
|
|||
-Djboss.node.name=auth-server-${node.name}-cross-dc-0_2-manual
|
||||
-Dauth.server.truststore=${auth.server.truststore}
|
||||
-Dauth.server.truststore.password=${auth.server.truststore.password}
|
||||
-Dkeycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled=${keycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled}
|
||||
</property>
|
||||
<property name="javaVmArguments">
|
||||
-Djava.net.preferIPv4Stack=true
|
||||
|
|
@ -435,6 +437,7 @@
|
|||
-Djboss.node.name=auth-server-${node.name}-cross-dc-1_1
|
||||
-Dauth.server.truststore=${auth.server.truststore}
|
||||
-Dauth.server.truststore.password=${auth.server.truststore.password}
|
||||
-Dkeycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled=${keycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled}
|
||||
</property>
|
||||
<property name="javaVmArguments">
|
||||
-Djava.net.preferIPv4Stack=true
|
||||
|
|
@ -460,6 +463,7 @@
|
|||
-Djboss.node.name=auth-server-${node.name}-cross-dc-1_2-manual
|
||||
-Dauth.server.truststore=${auth.server.truststore}
|
||||
-Dauth.server.truststore.password=${auth.server.truststore.password}
|
||||
-Dkeycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled=${keycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled}
|
||||
</property>
|
||||
<property name="javaVmArguments">
|
||||
-Djava.net.preferIPv4Stack=true
|
||||
|
|
|
|||
|
|
@ -608,6 +608,8 @@
|
|||
<auth.server.crossdc11.home>${auth.server.crossdc11.home}</auth.server.crossdc11.home>
|
||||
<auth.server.crossdc12.home>${auth.server.crossdc12.home}</auth.server.crossdc12.home>
|
||||
|
||||
<keycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled>${keycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled}</keycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled>
|
||||
|
||||
<!--8101-->
|
||||
<auth.server.crossdc01.port.offset>21</auth.server.crossdc01.port.offset>
|
||||
<!--8102-->
|
||||
|
|
@ -658,6 +660,7 @@
|
|||
<cache.server.jboss>true</cache.server.jboss>
|
||||
<cache.server.config.dir>${cache.server.home}/standalone/configuration</cache.server.config.dir>
|
||||
<keycloak.testsuite.logging.pattern>%d{HH:mm:ss,SSS} [%t] %-5p [%c{1.}] %m%n</keycloak.testsuite.logging.pattern>
|
||||
<keycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled>false</keycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled>
|
||||
</properties>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
|
|
@ -730,6 +733,7 @@
|
|||
<cache.server.jboss>true</cache.server.jboss>
|
||||
<cache.server.config.dir>${cache.server.home}/standalone/configuration</cache.server.config.dir>
|
||||
<keycloak.testsuite.logging.pattern>%d{HH:mm:ss,SSS} [%t] %-5p [%c{1.}] %m%n</keycloak.testsuite.logging.pattern>
|
||||
<keycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled>true</keycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled>
|
||||
</properties>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
|
|
|
|||
Loading…
Reference in a new issue