Merge pull request #878 from patriot1burke/master
adapter testsuite port
This commit is contained in:
commit
2195c35c70
112 changed files with 3726 additions and 1184 deletions
|
@ -209,9 +209,9 @@ public abstract class AbstractKeycloakJettyAuthenticator extends LoginAuthentica
|
||||||
if (!mandatory)
|
if (!mandatory)
|
||||||
return new DeferredAuthentication(this);
|
return new DeferredAuthentication(this);
|
||||||
AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment);
|
AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment);
|
||||||
|
|
||||||
nodesRegistrationManagement.tryRegister(deployment);
|
nodesRegistrationManagement.tryRegister(deployment);
|
||||||
|
|
||||||
|
tokenStore.checkCurrentToken();
|
||||||
AbstractJettyRequestAuthenticator authenticator = createRequestAuthenticator(request, facade, deployment, tokenStore);
|
AbstractJettyRequestAuthenticator authenticator = createRequestAuthenticator(request, facade, deployment, tokenStore);
|
||||||
AuthOutcome outcome = authenticator.authenticate();
|
AuthOutcome outcome = authenticator.authenticate();
|
||||||
if (outcome == AuthOutcome.AUTHENTICATED) {
|
if (outcome == AuthOutcome.AUTHENTICATED) {
|
||||||
|
|
|
@ -48,6 +48,7 @@ public class JettySessionTokenStore implements AdapterTokenStore {
|
||||||
|
|
||||||
// Refresh failed, so user is already logged out from keycloak. Cleanup and expire our session
|
// Refresh failed, so user is already logged out from keycloak. Cleanup and expire our session
|
||||||
request.getSession().removeAttribute(KeycloakSecurityContext.class.getName());
|
request.getSession().removeAttribute(KeycloakSecurityContext.class.getName());
|
||||||
|
request.getSession().invalidate();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -39,6 +39,7 @@ public class CatalinaRequestAuthenticator extends RequestAuthenticator {
|
||||||
super(facade, deployment, tokenStore, request.getConnector().getRedirectPort());
|
super(facade, deployment, tokenStore, request.getConnector().getRedirectPort());
|
||||||
this.valve = valve;
|
this.valve = valve;
|
||||||
this.request = request;
|
this.request = request;
|
||||||
|
this.principalFactory = principalFactory;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -95,246 +95,40 @@ public class AdapterTest {
|
||||||
deployApplication("product-portal", "/product-portal", ProductServlet.class, url.getPath(), "user");
|
deployApplication("product-portal", "/product-portal", ProductServlet.class, url.getPath(), "user");
|
||||||
|
|
||||||
// Test that replacing system properties works for adapters
|
// Test that replacing system properties works for adapters
|
||||||
|
System.setProperty("app.server.base.url", "http://localhost:8081");
|
||||||
System.setProperty("my.host.name", "localhost");
|
System.setProperty("my.host.name", "localhost");
|
||||||
url = getClass().getResource("/adapter-test/session-keycloak.json");
|
url = getClass().getResource("/adapter-test/session-keycloak.json");
|
||||||
deployApplication("session-portal", "/session-portal", SessionServlet.class, url.getPath(), "user");
|
deployApplication("session-portal", "/session-portal", SessionServlet.class, url.getPath(), "user");
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
private static String createToken() {
|
|
||||||
KeycloakSession session = keycloakRule.startSession();
|
|
||||||
try {
|
|
||||||
RealmManager manager = new RealmManager(session);
|
|
||||||
|
|
||||||
RealmModel adminRealm = manager.getRealm(Config.getAdminRealm());
|
|
||||||
ApplicationModel adminConsole = adminRealm.getApplicationByName(Constants.ADMIN_CONSOLE_APPLICATION);
|
|
||||||
TokenManager tm = new TokenManager();
|
|
||||||
UserModel admin = session.users().getUserByUsername("admin", adminRealm);
|
|
||||||
UserSessionModel userSession = session.sessions().createUserSession(adminRealm, admin, "admin", null, "form", false);
|
|
||||||
AccessToken token = tm.createClientAccessToken(TokenManager.getAccess(null, adminConsole, admin), adminRealm, adminConsole, admin, userSession);
|
|
||||||
return tm.encodeToken(adminRealm, token);
|
|
||||||
} finally {
|
|
||||||
keycloakRule.stopSession(session, true);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@Rule
|
@Rule
|
||||||
public WebRule webRule = new WebRule(this);
|
public AdapterTestStrategy testStrategy = new AdapterTestStrategy("http://localhost:8081/auth", "http://localhost:8081", keycloakRule);
|
||||||
|
|
||||||
@WebResource
|
|
||||||
protected WebDriver driver;
|
|
||||||
|
|
||||||
@WebResource
|
|
||||||
protected OAuthClient oauth;
|
|
||||||
|
|
||||||
@WebResource
|
|
||||||
protected LoginPage loginPage;
|
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testLoginSSOAndLogout() throws Exception {
|
public void testLoginSSOAndLogout() throws Exception {
|
||||||
// test login to customer-portal which does a bearer request to customer-db
|
testStrategy.testLoginSSOAndLogout();
|
||||||
driver.navigate().to("http://localhost:8081/customer-portal");
|
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
loginPage.login("bburke@redhat.com", "password");
|
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
|
||||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/customer-portal");
|
|
||||||
String pageSource = driver.getPageSource();
|
|
||||||
System.out.println(pageSource);
|
|
||||||
Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
|
|
||||||
|
|
||||||
// test SSO
|
|
||||||
driver.navigate().to("http://localhost:8081/product-portal");
|
|
||||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/product-portal");
|
|
||||||
pageSource = driver.getPageSource();
|
|
||||||
System.out.println(pageSource);
|
|
||||||
Assert.assertTrue(pageSource.contains("iPhone") && pageSource.contains("iPad"));
|
|
||||||
|
|
||||||
// View stats
|
|
||||||
String adminToken = createToken();
|
|
||||||
|
|
||||||
Client client = ClientBuilder.newClient();
|
|
||||||
UriBuilder authBase = UriBuilder.fromUri("http://localhost:8081/auth");
|
|
||||||
WebTarget adminTarget = client.target(AdminRoot.realmsUrl(authBase)).path("demo");
|
|
||||||
Map<String, Integer> stats = adminTarget.path("application-session-stats").request()
|
|
||||||
.header(HttpHeaders.AUTHORIZATION, "Bearer " + adminToken)
|
|
||||||
.get(new GenericType<Map<String, Integer>>() {
|
|
||||||
});
|
|
||||||
Integer custSessionsCount = stats.get("customer-portal");
|
|
||||||
Assert.assertNotNull(custSessionsCount);
|
|
||||||
Assert.assertTrue(1 == custSessionsCount);
|
|
||||||
Integer prodStatsCount = stats.get("product-portal");
|
|
||||||
Assert.assertNotNull(prodStatsCount);
|
|
||||||
Assert.assertTrue(1 == prodStatsCount);
|
|
||||||
|
|
||||||
client.close();
|
|
||||||
|
|
||||||
|
|
||||||
// test logout
|
|
||||||
|
|
||||||
String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
|
|
||||||
.queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8081/customer-portal").build("demo").toString();
|
|
||||||
driver.navigate().to(logoutUri);
|
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
driver.navigate().to("http://localhost:8081/product-portal");
|
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
driver.navigate().to("http://localhost:8081/customer-portal");
|
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testServletRequestLogout() throws Exception {
|
public void testServletRequestLogout() throws Exception {
|
||||||
// test login to customer-portal which does a bearer request to customer-db
|
testStrategy.testServletRequestLogout();
|
||||||
driver.navigate().to("http://localhost:8081/customer-portal");
|
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
loginPage.login("bburke@redhat.com", "password");
|
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
|
||||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/customer-portal");
|
|
||||||
String pageSource = driver.getPageSource();
|
|
||||||
System.out.println(pageSource);
|
|
||||||
Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
|
|
||||||
|
|
||||||
// test SSO
|
|
||||||
driver.navigate().to("http://localhost:8081/product-portal");
|
|
||||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/product-portal");
|
|
||||||
pageSource = driver.getPageSource();
|
|
||||||
System.out.println(pageSource);
|
|
||||||
Assert.assertTrue(pageSource.contains("iPhone") && pageSource.contains("iPad"));
|
|
||||||
|
|
||||||
// back
|
|
||||||
driver.navigate().to("http://localhost:8081/customer-portal");
|
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
|
||||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/customer-portal");
|
|
||||||
pageSource = driver.getPageSource();
|
|
||||||
System.out.println(pageSource);
|
|
||||||
Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
|
|
||||||
// test logout
|
|
||||||
|
|
||||||
driver.navigate().to("http://localhost:8081/customer-portal/logout");
|
|
||||||
Assert.assertTrue(driver.getPageSource().contains("servlet logout ok"));
|
|
||||||
|
|
||||||
|
|
||||||
driver.navigate().to("http://localhost:8081/customer-portal");
|
|
||||||
String currentUrl = driver.getCurrentUrl();
|
|
||||||
Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
|
|
||||||
driver.navigate().to("http://localhost:8081/product-portal");
|
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testLoginSSOIdle() throws Exception {
|
public void testLoginSSOIdle() throws Exception {
|
||||||
// test login to customer-portal which does a bearer request to customer-db
|
testStrategy.testLoginSSOIdle();
|
||||||
driver.navigate().to("http://localhost:8081/customer-portal");
|
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
loginPage.login("bburke@redhat.com", "password");
|
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
|
||||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/customer-portal");
|
|
||||||
String pageSource = driver.getPageSource();
|
|
||||||
System.out.println(pageSource);
|
|
||||||
Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
|
|
||||||
|
|
||||||
KeycloakSession session = keycloakRule.startSession();
|
|
||||||
RealmModel realm = session.realms().getRealmByName("demo");
|
|
||||||
int originalIdle = realm.getSsoSessionIdleTimeout();
|
|
||||||
realm.setSsoSessionIdleTimeout(1);
|
|
||||||
session.getTransaction().commit();
|
|
||||||
session.close();
|
|
||||||
|
|
||||||
Thread.sleep(2000);
|
|
||||||
|
|
||||||
|
|
||||||
// test SSO
|
|
||||||
driver.navigate().to("http://localhost:8081/product-portal");
|
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
|
|
||||||
session = keycloakRule.startSession();
|
|
||||||
realm = session.realms().getRealmByName("demo");
|
|
||||||
realm.setSsoSessionIdleTimeout(originalIdle);
|
|
||||||
session.getTransaction().commit();
|
|
||||||
session.close();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testLoginSSOIdleRemoveExpiredUserSessions() throws Exception {
|
public void testLoginSSOIdleRemoveExpiredUserSessions() throws Exception {
|
||||||
// test login to customer-portal which does a bearer request to customer-db
|
testStrategy.testLoginSSOIdleRemoveExpiredUserSessions();
|
||||||
driver.navigate().to("http://localhost:8081/customer-portal");
|
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
loginPage.login("bburke@redhat.com", "password");
|
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
|
||||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/customer-portal");
|
|
||||||
String pageSource = driver.getPageSource();
|
|
||||||
System.out.println(pageSource);
|
|
||||||
Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
|
|
||||||
|
|
||||||
KeycloakSession session = keycloakRule.startSession();
|
|
||||||
RealmModel realm = session.realms().getRealmByName("demo");
|
|
||||||
int originalIdle = realm.getSsoSessionIdleTimeout();
|
|
||||||
realm.setSsoSessionIdleTimeout(1);
|
|
||||||
session.getTransaction().commit();
|
|
||||||
session.close();
|
|
||||||
|
|
||||||
Thread.sleep(2000);
|
|
||||||
|
|
||||||
session = keycloakRule.startSession();
|
|
||||||
realm = session.realms().getRealmByName("demo");
|
|
||||||
session.sessions().removeExpiredUserSessions(realm);
|
|
||||||
session.getTransaction().commit();
|
|
||||||
session.close();
|
|
||||||
|
|
||||||
// test SSO
|
|
||||||
driver.navigate().to("http://localhost:8081/product-portal");
|
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
|
|
||||||
session = keycloakRule.startSession();
|
|
||||||
realm = session.realms().getRealmByName("demo");
|
|
||||||
// need to cleanup so other tests don't fail, so invalidate http sessions on remote clients.
|
|
||||||
UserModel user = session.users().getUserByUsername("bburke@redhat.com", realm);
|
|
||||||
new ResourceAdminManager().logoutUser(null, realm, user, session);
|
|
||||||
realm.setSsoSessionIdleTimeout(originalIdle);
|
|
||||||
session.getTransaction().commit();
|
|
||||||
session.close();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testLoginSSOMax() throws Exception {
|
public void testLoginSSOMax() throws Exception {
|
||||||
// test login to customer-portal which does a bearer request to customer-db
|
testStrategy.testLoginSSOMax();
|
||||||
driver.navigate().to("http://localhost:8081/customer-portal");
|
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
loginPage.login("bburke@redhat.com", "password");
|
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
|
||||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/customer-portal");
|
|
||||||
String pageSource = driver.getPageSource();
|
|
||||||
System.out.println(pageSource);
|
|
||||||
Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
|
|
||||||
|
|
||||||
KeycloakSession session = keycloakRule.startSession();
|
|
||||||
RealmModel realm = session.realms().getRealmByName("demo");
|
|
||||||
int original = realm.getSsoSessionMaxLifespan();
|
|
||||||
realm.setSsoSessionMaxLifespan(1);
|
|
||||||
session.getTransaction().commit();
|
|
||||||
session.close();
|
|
||||||
|
|
||||||
Thread.sleep(2000);
|
|
||||||
|
|
||||||
|
|
||||||
// test SSO
|
|
||||||
driver.navigate().to("http://localhost:8081/product-portal");
|
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
|
|
||||||
session = keycloakRule.startSession();
|
|
||||||
realm = session.realms().getRealmByName("demo");
|
|
||||||
realm.setSsoSessionMaxLifespan(original);
|
|
||||||
session.getTransaction().commit();
|
|
||||||
session.close();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -343,16 +137,7 @@ public class AdapterTest {
|
||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
public void testNullBearerToken() throws Exception {
|
public void testNullBearerToken() throws Exception {
|
||||||
Client client = ClientBuilder.newClient();
|
testStrategy.testNullBearerToken();
|
||||||
WebTarget target = client.target("http://localhost:8081/customer-db");
|
|
||||||
Response response = target.request().get();
|
|
||||||
Assert.assertEquals(401, response.getStatus());
|
|
||||||
response.close();
|
|
||||||
response = target.request().header(HttpHeaders.AUTHORIZATION, "Bearer null").get();
|
|
||||||
Assert.assertEquals(401, response.getStatus());
|
|
||||||
response.close();
|
|
||||||
client.close();
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -361,67 +146,17 @@ public class AdapterTest {
|
||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
public void testBadUser() throws Exception {
|
public void testBadUser() throws Exception {
|
||||||
Client client = ClientBuilder.newClient();
|
testStrategy.testBadUser();
|
||||||
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
|
||||||
URI uri = OpenIDConnectService.grantAccessTokenUrl(builder).build("demo");
|
|
||||||
WebTarget target = client.target(uri);
|
|
||||||
String header = BasicAuthHelper.createHeader("customer-portal", "password");
|
|
||||||
Form form = new Form();
|
|
||||||
form.param("username", "monkey@redhat.com")
|
|
||||||
.param("password", "password");
|
|
||||||
Response response = target.request()
|
|
||||||
.header(HttpHeaders.AUTHORIZATION, header)
|
|
||||||
.post(Entity.form(form));
|
|
||||||
Assert.assertEquals(400, response.getStatus());
|
|
||||||
response.close();
|
|
||||||
client.close();
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testVersion() throws Exception {
|
public void testVersion() throws Exception {
|
||||||
Client client = ClientBuilder.newClient();
|
testStrategy.testVersion();
|
||||||
WebTarget target = client.target(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT).path("version");
|
|
||||||
Version version = target.request().get(Version.class);
|
|
||||||
Assert.assertNotNull(version);
|
|
||||||
Assert.assertNotNull(version.getVersion());
|
|
||||||
Assert.assertNotNull(version.getBuildTime());
|
|
||||||
Assert.assertNotEquals(version.getVersion(), Version.UNKNOWN);
|
|
||||||
Assert.assertNotEquals(version.getBuildTime(), Version.UNKNOWN);
|
|
||||||
|
|
||||||
Version version2 = client.target("http://localhost:8081/secure-portal").path(AdapterConstants.K_VERSION).request().get(Version.class);
|
|
||||||
Assert.assertNotNull(version2);
|
|
||||||
Assert.assertNotNull(version2.getVersion());
|
|
||||||
Assert.assertNotNull(version2.getBuildTime());
|
|
||||||
Assert.assertEquals(version.getVersion(), version2.getVersion());
|
|
||||||
Assert.assertEquals(version.getBuildTime(), version2.getBuildTime());
|
|
||||||
client.close();
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testAuthenticated() throws Exception {
|
public void testAuthenticated() throws Exception {
|
||||||
// test login to customer-portal which does a bearer request to customer-db
|
testStrategy.testAuthenticated();
|
||||||
driver.navigate().to("http://localhost:8081/secure-portal");
|
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
loginPage.login("bburke@redhat.com", "password");
|
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
|
||||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/secure-portal");
|
|
||||||
String pageSource = driver.getPageSource();
|
|
||||||
System.out.println(pageSource);
|
|
||||||
Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
|
|
||||||
|
|
||||||
// test logout
|
|
||||||
|
|
||||||
String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
|
|
||||||
.queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8081/secure-portal").build("demo").toString();
|
|
||||||
driver.navigate().to(logoutUri);
|
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
driver.navigate().to("http://localhost:8081/secure-portal");
|
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -431,37 +166,7 @@ public class AdapterTest {
|
||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
public void testSingleSessionInvalidated() throws Throwable {
|
public void testSingleSessionInvalidated() throws Throwable {
|
||||||
AdapterTest browser1 = this;
|
testStrategy.testSingleSessionInvalidated();
|
||||||
AdapterTest browser2 = new AdapterTest();
|
|
||||||
|
|
||||||
loginAndCheckSession(browser1.driver, browser1.loginPage);
|
|
||||||
|
|
||||||
// Open browser2
|
|
||||||
browser2.webRule.before();
|
|
||||||
try {
|
|
||||||
loginAndCheckSession(browser2.driver, browser2.loginPage);
|
|
||||||
|
|
||||||
// Logout in browser1
|
|
||||||
String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
|
|
||||||
.queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8081/session-portal").build("demo").toString();
|
|
||||||
browser1.driver.navigate().to(logoutUri);
|
|
||||||
Assert.assertTrue(browser1.driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
|
|
||||||
// Assert that I am logged out in browser1
|
|
||||||
browser1.driver.navigate().to("http://localhost:8081/session-portal");
|
|
||||||
Assert.assertTrue(browser1.driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
|
|
||||||
// Assert that I am still logged in browser2 and same session is still preserved
|
|
||||||
browser2.driver.navigate().to("http://localhost:8081/session-portal");
|
|
||||||
Assert.assertEquals(browser2.driver.getCurrentUrl(), "http://localhost:8081/session-portal");
|
|
||||||
String pageSource = browser2.driver.getPageSource();
|
|
||||||
Assert.assertTrue(pageSource.contains("Counter=3"));
|
|
||||||
|
|
||||||
browser2.driver.navigate().to(logoutUri);
|
|
||||||
Assert.assertTrue(browser2.driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
} finally {
|
|
||||||
browser2.webRule.after();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -469,65 +174,7 @@ public class AdapterTest {
|
||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
public void testSessionInvalidatedAfterFailedRefresh() throws Throwable {
|
public void testSessionInvalidatedAfterFailedRefresh() throws Throwable {
|
||||||
final AtomicInteger origTokenLifespan = new AtomicInteger();
|
testStrategy.testSessionInvalidatedAfterFailedRefresh();
|
||||||
|
|
||||||
// Delete adminUrl and set short accessTokenLifespan
|
|
||||||
keycloakRule.update(new KeycloakRule.KeycloakSetup() {
|
|
||||||
@Override
|
|
||||||
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel demoRealm) {
|
|
||||||
ApplicationModel sessionPortal = demoRealm.getApplicationByName("session-portal");
|
|
||||||
sessionPortal.setManagementUrl(null);
|
|
||||||
|
|
||||||
origTokenLifespan.set(demoRealm.getAccessTokenLifespan());
|
|
||||||
demoRealm.setAccessTokenLifespan(1);
|
|
||||||
}
|
|
||||||
}, "demo");
|
|
||||||
|
|
||||||
// Login
|
|
||||||
loginAndCheckSession(driver, loginPage);
|
|
||||||
|
|
||||||
// Logout
|
|
||||||
String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
|
|
||||||
.queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8081/session-portal").build("demo").toString();
|
|
||||||
driver.navigate().to(logoutUri);
|
|
||||||
|
|
||||||
// Wait until accessToken is expired
|
|
||||||
Thread.sleep(2000);
|
|
||||||
|
|
||||||
// Assert that http session was invalidated
|
|
||||||
driver.navigate().to("http://localhost:8081/session-portal");
|
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
loginPage.login("bburke@redhat.com", "password");
|
|
||||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/session-portal");
|
|
||||||
String pageSource = driver.getPageSource();
|
|
||||||
Assert.assertTrue(pageSource.contains("Counter=1"));
|
|
||||||
|
|
||||||
keycloakRule.update(new KeycloakRule.KeycloakSetup() {
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel demoRealm) {
|
|
||||||
ApplicationModel sessionPortal = demoRealm.getApplicationByName("session-portal");
|
|
||||||
sessionPortal.setManagementUrl("http://localhost:8081/session-portal");
|
|
||||||
|
|
||||||
demoRealm.setAccessTokenLifespan(origTokenLifespan.get());
|
|
||||||
}
|
|
||||||
|
|
||||||
}, "demo");
|
|
||||||
}
|
|
||||||
|
|
||||||
private static void loginAndCheckSession(WebDriver driver, LoginPage loginPage) {
|
|
||||||
driver.navigate().to("http://localhost:8081/session-portal");
|
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
loginPage.login("bburke@redhat.com", "password");
|
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
|
||||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/session-portal");
|
|
||||||
String pageSource = driver.getPageSource();
|
|
||||||
Assert.assertTrue(pageSource.contains("Counter=1"));
|
|
||||||
|
|
||||||
// Counter increased now
|
|
||||||
driver.navigate().to("http://localhost:8081/session-portal");
|
|
||||||
pageSource = driver.getPageSource();
|
|
||||||
Assert.assertTrue(pageSource.contains("Counter=2"));
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,537 @@
|
||||||
|
/*
|
||||||
|
* JBoss, Home of Professional Open Source.
|
||||||
|
* Copyright 2012, Red Hat, Inc., and individual contributors
|
||||||
|
* as indicated by the @author tags. See the copyright.txt file in the
|
||||||
|
* distribution for a full listing of individual contributors.
|
||||||
|
*
|
||||||
|
* This is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU Lesser General Public License as
|
||||||
|
* published by the Free Software Foundation; either version 2.1 of
|
||||||
|
* the License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This software is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
* Lesser General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Lesser General Public
|
||||||
|
* License along with this software; if not, write to the Free
|
||||||
|
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
|
||||||
|
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
|
||||||
|
*/
|
||||||
|
package org.keycloak.testsuite.adapter;
|
||||||
|
|
||||||
|
import org.junit.Assert;
|
||||||
|
import org.junit.Rule;
|
||||||
|
import org.junit.Test;
|
||||||
|
import org.junit.rules.ExternalResource;
|
||||||
|
import org.keycloak.Config;
|
||||||
|
import org.keycloak.OAuth2Constants;
|
||||||
|
import org.keycloak.Version;
|
||||||
|
import org.keycloak.constants.AdapterConstants;
|
||||||
|
import org.keycloak.models.ApplicationModel;
|
||||||
|
import org.keycloak.models.Constants;
|
||||||
|
import org.keycloak.models.KeycloakSession;
|
||||||
|
import org.keycloak.models.RealmModel;
|
||||||
|
import org.keycloak.models.UserModel;
|
||||||
|
import org.keycloak.models.UserSessionModel;
|
||||||
|
import org.keycloak.protocol.oidc.OpenIDConnectService;
|
||||||
|
import org.keycloak.protocol.oidc.TokenManager;
|
||||||
|
import org.keycloak.representations.AccessToken;
|
||||||
|
import org.keycloak.services.managers.RealmManager;
|
||||||
|
import org.keycloak.services.managers.ResourceAdminManager;
|
||||||
|
import org.keycloak.services.resources.admin.AdminRoot;
|
||||||
|
import org.keycloak.testsuite.OAuthClient;
|
||||||
|
import org.keycloak.testsuite.pages.LoginPage;
|
||||||
|
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
|
||||||
|
import org.keycloak.testsuite.rule.KeycloakRule;
|
||||||
|
import org.keycloak.testsuite.rule.WebResource;
|
||||||
|
import org.keycloak.testsuite.rule.WebRule;
|
||||||
|
import org.keycloak.util.BasicAuthHelper;
|
||||||
|
import org.openqa.selenium.WebDriver;
|
||||||
|
|
||||||
|
import javax.ws.rs.client.Client;
|
||||||
|
import javax.ws.rs.client.ClientBuilder;
|
||||||
|
import javax.ws.rs.client.Entity;
|
||||||
|
import javax.ws.rs.client.WebTarget;
|
||||||
|
import javax.ws.rs.core.Form;
|
||||||
|
import javax.ws.rs.core.GenericType;
|
||||||
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
|
import javax.ws.rs.core.Response;
|
||||||
|
import javax.ws.rs.core.UriBuilder;
|
||||||
|
import java.net.URI;
|
||||||
|
import java.util.Map;
|
||||||
|
import java.util.concurrent.atomic.AtomicInteger;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Tests Undertow Adapter
|
||||||
|
*
|
||||||
|
* @author <a href="mailto:bburke@redhat.com">Bill Burke</a>
|
||||||
|
*/
|
||||||
|
public class AdapterTestStrategy extends ExternalResource {
|
||||||
|
|
||||||
|
protected String AUTH_SERVER_URL = "http://localhost:8081/auth";
|
||||||
|
protected String APP_SERVER_BASE_URL = "http://localhost:8081";
|
||||||
|
protected AbstractKeycloakRule keycloakRule;
|
||||||
|
// some servlet containers redirect to root + "/" if you visit root context
|
||||||
|
protected String slash = "";
|
||||||
|
|
||||||
|
public WebRule webRule = new WebRule(this);
|
||||||
|
|
||||||
|
@WebResource
|
||||||
|
protected WebDriver driver;
|
||||||
|
|
||||||
|
@WebResource
|
||||||
|
protected OAuthClient oauth;
|
||||||
|
|
||||||
|
@WebResource
|
||||||
|
protected LoginPage loginPage;
|
||||||
|
|
||||||
|
protected String LOGIN_URL = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri(AUTH_SERVER_URL)).build("demo").toString();
|
||||||
|
|
||||||
|
public AdapterTestStrategy(String AUTH_SERVER_URL, String APP_SERVER_BASE_URL, AbstractKeycloakRule keycloakRule) {
|
||||||
|
this.AUTH_SERVER_URL = AUTH_SERVER_URL;
|
||||||
|
this.APP_SERVER_BASE_URL = APP_SERVER_BASE_URL;
|
||||||
|
this.keycloakRule = keycloakRule;
|
||||||
|
}
|
||||||
|
|
||||||
|
public AdapterTestStrategy(String AUTH_SERVER_URL, String APP_SERVER_BASE_URL, AbstractKeycloakRule keycloakRule, boolean addSlash) {
|
||||||
|
this.AUTH_SERVER_URL = AUTH_SERVER_URL;
|
||||||
|
this.APP_SERVER_BASE_URL = APP_SERVER_BASE_URL;
|
||||||
|
this.keycloakRule = keycloakRule;
|
||||||
|
// some servlet containers redirect to root + "/" if you visit root context
|
||||||
|
if (addSlash) slash = "/";
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void before() throws Throwable {
|
||||||
|
super.before();
|
||||||
|
webRule.before();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void after() {
|
||||||
|
super.after();
|
||||||
|
webRule.after();
|
||||||
|
}
|
||||||
|
|
||||||
|
protected String createAdminToken() {
|
||||||
|
KeycloakSession session = keycloakRule.startSession();
|
||||||
|
try {
|
||||||
|
RealmManager manager = new RealmManager(session);
|
||||||
|
|
||||||
|
RealmModel adminRealm = manager.getRealm(Config.getAdminRealm());
|
||||||
|
ApplicationModel adminConsole = adminRealm.getApplicationByName(Constants.ADMIN_CONSOLE_APPLICATION);
|
||||||
|
TokenManager tm = new TokenManager();
|
||||||
|
UserModel admin = session.users().getUserByUsername("admin", adminRealm);
|
||||||
|
UserSessionModel userSession = session.sessions().createUserSession(adminRealm, admin, "admin", null, "form", false);
|
||||||
|
AccessToken token = tm.createClientAccessToken(TokenManager.getAccess(null, adminConsole, admin), adminRealm, adminConsole, admin, userSession);
|
||||||
|
return tm.encodeToken(adminRealm, token);
|
||||||
|
} finally {
|
||||||
|
keycloakRule.stopSession(session, true);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testLoginSSOAndLogout() throws Exception {
|
||||||
|
// test login to customer-portal which does a bearer request to customer-db
|
||||||
|
driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
|
||||||
|
System.out.println("Current url: " + driver.getCurrentUrl());
|
||||||
|
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
||||||
|
loginPage.login("bburke@redhat.com", "password");
|
||||||
|
System.out.println("Current url: " + driver.getCurrentUrl());
|
||||||
|
Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/customer-portal" + slash);
|
||||||
|
String pageSource = driver.getPageSource();
|
||||||
|
System.out.println(pageSource);
|
||||||
|
Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
|
||||||
|
|
||||||
|
// test SSO
|
||||||
|
driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
|
||||||
|
Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/product-portal" + slash);
|
||||||
|
pageSource = driver.getPageSource();
|
||||||
|
System.out.println(pageSource);
|
||||||
|
Assert.assertTrue(pageSource.contains("iPhone") && pageSource.contains("iPad"));
|
||||||
|
|
||||||
|
// View stats
|
||||||
|
String adminToken = createAdminToken();
|
||||||
|
|
||||||
|
Client client = ClientBuilder.newClient();
|
||||||
|
UriBuilder authBase = UriBuilder.fromUri(AUTH_SERVER_URL);
|
||||||
|
WebTarget adminTarget = client.target(AdminRoot.realmsUrl(authBase)).path("demo");
|
||||||
|
Map<String, Integer> stats = adminTarget.path("application-session-stats").request()
|
||||||
|
.header(HttpHeaders.AUTHORIZATION, "Bearer " + adminToken)
|
||||||
|
.get(new GenericType<Map<String, Integer>>() {
|
||||||
|
});
|
||||||
|
Integer custSessionsCount = stats.get("customer-portal");
|
||||||
|
Assert.assertNotNull(custSessionsCount);
|
||||||
|
Assert.assertTrue(1 == custSessionsCount);
|
||||||
|
Integer prodStatsCount = stats.get("product-portal");
|
||||||
|
Assert.assertNotNull(prodStatsCount);
|
||||||
|
Assert.assertTrue(1 == prodStatsCount);
|
||||||
|
|
||||||
|
client.close();
|
||||||
|
|
||||||
|
|
||||||
|
// test logout
|
||||||
|
|
||||||
|
String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
|
||||||
|
.queryParam(OAuth2Constants.REDIRECT_URI, APP_SERVER_BASE_URL + "/customer-portal").build("demo").toString();
|
||||||
|
driver.navigate().to(logoutUri);
|
||||||
|
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
||||||
|
driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
|
||||||
|
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
||||||
|
driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
|
||||||
|
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testServletRequestLogout() throws Exception {
|
||||||
|
// test login to customer-portal which does a bearer request to customer-db
|
||||||
|
driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
|
||||||
|
System.out.println("Current url: " + driver.getCurrentUrl());
|
||||||
|
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
||||||
|
loginPage.login("bburke@redhat.com", "password");
|
||||||
|
System.out.println("Current url: " + driver.getCurrentUrl());
|
||||||
|
Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/customer-portal" + slash);
|
||||||
|
String pageSource = driver.getPageSource();
|
||||||
|
System.out.println(pageSource);
|
||||||
|
Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
|
||||||
|
|
||||||
|
// test SSO
|
||||||
|
driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
|
||||||
|
Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/product-portal" + slash);
|
||||||
|
pageSource = driver.getPageSource();
|
||||||
|
System.out.println(pageSource);
|
||||||
|
Assert.assertTrue(pageSource.contains("iPhone") && pageSource.contains("iPad"));
|
||||||
|
|
||||||
|
// back
|
||||||
|
driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
|
||||||
|
System.out.println("Current url: " + driver.getCurrentUrl());
|
||||||
|
Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/customer-portal" + slash);
|
||||||
|
pageSource = driver.getPageSource();
|
||||||
|
System.out.println(pageSource);
|
||||||
|
Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
|
||||||
|
// test logout
|
||||||
|
|
||||||
|
driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal/logout");
|
||||||
|
Assert.assertTrue(driver.getPageSource().contains("servlet logout ok"));
|
||||||
|
|
||||||
|
|
||||||
|
driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
|
||||||
|
String currentUrl = driver.getCurrentUrl();
|
||||||
|
Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
|
||||||
|
driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
|
||||||
|
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testLoginSSOIdle() throws Exception {
|
||||||
|
// test login to customer-portal which does a bearer request to customer-db
|
||||||
|
driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
|
||||||
|
System.out.println("Current url: " + driver.getCurrentUrl());
|
||||||
|
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
||||||
|
loginPage.login("bburke@redhat.com", "password");
|
||||||
|
System.out.println("Current url: " + driver.getCurrentUrl());
|
||||||
|
Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/customer-portal" + slash);
|
||||||
|
String pageSource = driver.getPageSource();
|
||||||
|
System.out.println(pageSource);
|
||||||
|
Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
|
||||||
|
|
||||||
|
KeycloakSession session = keycloakRule.startSession();
|
||||||
|
RealmModel realm = session.realms().getRealmByName("demo");
|
||||||
|
int originalIdle = realm.getSsoSessionIdleTimeout();
|
||||||
|
realm.setSsoSessionIdleTimeout(1);
|
||||||
|
session.getTransaction().commit();
|
||||||
|
session.close();
|
||||||
|
|
||||||
|
Thread.sleep(2000);
|
||||||
|
|
||||||
|
|
||||||
|
// test SSO
|
||||||
|
driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
|
||||||
|
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
||||||
|
|
||||||
|
session = keycloakRule.startSession();
|
||||||
|
realm = session.realms().getRealmByName("demo");
|
||||||
|
realm.setSsoSessionIdleTimeout(originalIdle);
|
||||||
|
session.getTransaction().commit();
|
||||||
|
session.close();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testLoginSSOIdleRemoveExpiredUserSessions() throws Exception {
|
||||||
|
// test login to customer-portal which does a bearer request to customer-db
|
||||||
|
driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
|
||||||
|
System.out.println("Current url: " + driver.getCurrentUrl());
|
||||||
|
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
||||||
|
loginPage.login("bburke@redhat.com", "password");
|
||||||
|
System.out.println("Current url: " + driver.getCurrentUrl());
|
||||||
|
Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/customer-portal" + slash);
|
||||||
|
String pageSource = driver.getPageSource();
|
||||||
|
System.out.println(pageSource);
|
||||||
|
Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
|
||||||
|
|
||||||
|
KeycloakSession session = keycloakRule.startSession();
|
||||||
|
RealmModel realm = session.realms().getRealmByName("demo");
|
||||||
|
int originalIdle = realm.getSsoSessionIdleTimeout();
|
||||||
|
realm.setSsoSessionIdleTimeout(1);
|
||||||
|
session.getTransaction().commit();
|
||||||
|
session.close();
|
||||||
|
|
||||||
|
Thread.sleep(2000);
|
||||||
|
|
||||||
|
session = keycloakRule.startSession();
|
||||||
|
realm = session.realms().getRealmByName("demo");
|
||||||
|
session.sessions().removeExpiredUserSessions(realm);
|
||||||
|
session.getTransaction().commit();
|
||||||
|
session.close();
|
||||||
|
|
||||||
|
// test SSO
|
||||||
|
driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
|
||||||
|
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
||||||
|
|
||||||
|
session = keycloakRule.startSession();
|
||||||
|
realm = session.realms().getRealmByName("demo");
|
||||||
|
// need to cleanup so other tests don't fail, so invalidate http sessions on remote clients.
|
||||||
|
UserModel user = session.users().getUserByUsername("bburke@redhat.com", realm);
|
||||||
|
new ResourceAdminManager().logoutUser(null, realm, user, session);
|
||||||
|
realm.setSsoSessionIdleTimeout(originalIdle);
|
||||||
|
session.getTransaction().commit();
|
||||||
|
session.close();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testLoginSSOMax() throws Exception {
|
||||||
|
// test login to customer-portal which does a bearer request to customer-db
|
||||||
|
driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
|
||||||
|
System.out.println("Current url: " + driver.getCurrentUrl());
|
||||||
|
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
||||||
|
loginPage.login("bburke@redhat.com", "password");
|
||||||
|
System.out.println("Current url: " + driver.getCurrentUrl());
|
||||||
|
Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/customer-portal" + slash);
|
||||||
|
String pageSource = driver.getPageSource();
|
||||||
|
System.out.println(pageSource);
|
||||||
|
Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
|
||||||
|
|
||||||
|
KeycloakSession session = keycloakRule.startSession();
|
||||||
|
RealmModel realm = session.realms().getRealmByName("demo");
|
||||||
|
int original = realm.getSsoSessionMaxLifespan();
|
||||||
|
realm.setSsoSessionMaxLifespan(1);
|
||||||
|
session.getTransaction().commit();
|
||||||
|
session.close();
|
||||||
|
|
||||||
|
Thread.sleep(2000);
|
||||||
|
|
||||||
|
|
||||||
|
// test SSO
|
||||||
|
driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
|
||||||
|
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
||||||
|
|
||||||
|
session = keycloakRule.startSession();
|
||||||
|
realm = session.realms().getRealmByName("demo");
|
||||||
|
realm.setSsoSessionMaxLifespan(original);
|
||||||
|
session.getTransaction().commit();
|
||||||
|
session.close();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-518
|
||||||
|
* @throws Exception
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testNullBearerToken() throws Exception {
|
||||||
|
Client client = ClientBuilder.newClient();
|
||||||
|
WebTarget target = client.target(APP_SERVER_BASE_URL + "/customer-db/");
|
||||||
|
Response response = target.request().get();
|
||||||
|
Assert.assertEquals(401, response.getStatus());
|
||||||
|
response.close();
|
||||||
|
response = target.request().header(HttpHeaders.AUTHORIZATION, "Bearer null").get();
|
||||||
|
Assert.assertEquals(401, response.getStatus());
|
||||||
|
response.close();
|
||||||
|
client.close();
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-518
|
||||||
|
* @throws Exception
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testBadUser() throws Exception {
|
||||||
|
Client client = ClientBuilder.newClient();
|
||||||
|
UriBuilder builder = UriBuilder.fromUri(AUTH_SERVER_URL);
|
||||||
|
URI uri = OpenIDConnectService.grantAccessTokenUrl(builder).build("demo");
|
||||||
|
WebTarget target = client.target(uri);
|
||||||
|
String header = BasicAuthHelper.createHeader("customer-portal", "password");
|
||||||
|
Form form = new Form();
|
||||||
|
form.param("username", "monkey@redhat.com")
|
||||||
|
.param("password", "password");
|
||||||
|
Response response = target.request()
|
||||||
|
.header(HttpHeaders.AUTHORIZATION, header)
|
||||||
|
.post(Entity.form(form));
|
||||||
|
Assert.assertEquals(400, response.getStatus());
|
||||||
|
response.close();
|
||||||
|
client.close();
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testVersion() throws Exception {
|
||||||
|
Client client = ClientBuilder.newClient();
|
||||||
|
WebTarget target = client.target(AUTH_SERVER_URL).path("version");
|
||||||
|
Version version = target.request().get(Version.class);
|
||||||
|
Assert.assertNotNull(version);
|
||||||
|
Assert.assertNotNull(version.getVersion());
|
||||||
|
Assert.assertNotNull(version.getBuildTime());
|
||||||
|
Assert.assertNotEquals(version.getVersion(), Version.UNKNOWN);
|
||||||
|
Assert.assertNotEquals(version.getBuildTime(), Version.UNKNOWN);
|
||||||
|
|
||||||
|
Version version2 = client.target(APP_SERVER_BASE_URL + "/secure-portal").path(AdapterConstants.K_VERSION).request().get(Version.class);
|
||||||
|
Assert.assertNotNull(version2);
|
||||||
|
Assert.assertNotNull(version2.getVersion());
|
||||||
|
Assert.assertNotNull(version2.getBuildTime());
|
||||||
|
Assert.assertEquals(version.getVersion(), version2.getVersion());
|
||||||
|
Assert.assertEquals(version.getBuildTime(), version2.getBuildTime());
|
||||||
|
client.close();
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testAuthenticated() throws Exception {
|
||||||
|
// test login to customer-portal which does a bearer request to customer-db
|
||||||
|
driver.navigate().to(APP_SERVER_BASE_URL + "/secure-portal");
|
||||||
|
System.out.println("Current url: " + driver.getCurrentUrl());
|
||||||
|
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
||||||
|
loginPage.login("bburke@redhat.com", "password");
|
||||||
|
System.out.println("Current url: " + driver.getCurrentUrl());
|
||||||
|
Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/secure-portal" + slash);
|
||||||
|
String pageSource = driver.getPageSource();
|
||||||
|
System.out.println(pageSource);
|
||||||
|
Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
|
||||||
|
|
||||||
|
// test logout
|
||||||
|
|
||||||
|
String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
|
||||||
|
.queryParam(OAuth2Constants.REDIRECT_URI, APP_SERVER_BASE_URL + "/secure-portal").build("demo").toString();
|
||||||
|
driver.navigate().to(logoutUri);
|
||||||
|
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
||||||
|
driver.navigate().to(APP_SERVER_BASE_URL + "/secure-portal");
|
||||||
|
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-732
|
||||||
|
*
|
||||||
|
* @throws Throwable
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testSingleSessionInvalidated() throws Throwable {
|
||||||
|
AdapterTestStrategy browser1 = this;
|
||||||
|
AdapterTestStrategy browser2 = new AdapterTestStrategy(AUTH_SERVER_URL, APP_SERVER_BASE_URL, keycloakRule);
|
||||||
|
|
||||||
|
loginAndCheckSession(browser1.driver, browser1.loginPage);
|
||||||
|
|
||||||
|
// Open browser2
|
||||||
|
browser2.webRule.before();
|
||||||
|
try {
|
||||||
|
loginAndCheckSession(browser2.driver, browser2.loginPage);
|
||||||
|
|
||||||
|
// Logout in browser1
|
||||||
|
String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
|
||||||
|
.queryParam(OAuth2Constants.REDIRECT_URI, APP_SERVER_BASE_URL + "/session-portal").build("demo").toString();
|
||||||
|
browser1.driver.navigate().to(logoutUri);
|
||||||
|
Assert.assertTrue(browser1.driver.getCurrentUrl().startsWith(LOGIN_URL));
|
||||||
|
|
||||||
|
// Assert that I am logged out in browser1
|
||||||
|
browser1.driver.navigate().to(APP_SERVER_BASE_URL + "/session-portal");
|
||||||
|
Assert.assertTrue(browser1.driver.getCurrentUrl().startsWith(LOGIN_URL));
|
||||||
|
|
||||||
|
// Assert that I am still logged in browser2 and same session is still preserved
|
||||||
|
browser2.driver.navigate().to(APP_SERVER_BASE_URL + "/session-portal");
|
||||||
|
Assert.assertEquals(browser2.driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/session-portal" + slash);
|
||||||
|
String pageSource = browser2.driver.getPageSource();
|
||||||
|
Assert.assertTrue(pageSource.contains("Counter=3"));
|
||||||
|
|
||||||
|
browser2.driver.navigate().to(logoutUri);
|
||||||
|
Assert.assertTrue(browser2.driver.getCurrentUrl().startsWith(LOGIN_URL));
|
||||||
|
} finally {
|
||||||
|
browser2.webRule.after();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-741
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testSessionInvalidatedAfterFailedRefresh() throws Throwable {
|
||||||
|
final AtomicInteger origTokenLifespan = new AtomicInteger();
|
||||||
|
|
||||||
|
// Delete adminUrl and set short accessTokenLifespan
|
||||||
|
keycloakRule.update(new KeycloakRule.KeycloakSetup() {
|
||||||
|
@Override
|
||||||
|
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel demoRealm) {
|
||||||
|
ApplicationModel sessionPortal = demoRealm.getApplicationByName("session-portal");
|
||||||
|
sessionPortal.setManagementUrl(null);
|
||||||
|
|
||||||
|
origTokenLifespan.set(demoRealm.getAccessTokenLifespan());
|
||||||
|
demoRealm.setAccessTokenLifespan(1);
|
||||||
|
}
|
||||||
|
}, "demo");
|
||||||
|
|
||||||
|
// Login
|
||||||
|
loginAndCheckSession(driver, loginPage);
|
||||||
|
|
||||||
|
// Logout
|
||||||
|
String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
|
||||||
|
.queryParam(OAuth2Constants.REDIRECT_URI, APP_SERVER_BASE_URL + "/session-portal").build("demo").toString();
|
||||||
|
driver.navigate().to(logoutUri);
|
||||||
|
|
||||||
|
// Wait until accessToken is expired
|
||||||
|
Thread.sleep(2000);
|
||||||
|
|
||||||
|
// Assert that http session was invalidated
|
||||||
|
driver.navigate().to(APP_SERVER_BASE_URL + "/session-portal");
|
||||||
|
String currentUrl = driver.getCurrentUrl();
|
||||||
|
Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
|
||||||
|
loginPage.login("bburke@redhat.com", "password");
|
||||||
|
Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/session-portal" + slash);
|
||||||
|
String pageSource = driver.getPageSource();
|
||||||
|
Assert.assertTrue(pageSource.contains("Counter=1"));
|
||||||
|
|
||||||
|
keycloakRule.update(new KeycloakRule.KeycloakSetup() {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel demoRealm) {
|
||||||
|
ApplicationModel sessionPortal = demoRealm.getApplicationByName("session-portal");
|
||||||
|
sessionPortal.setManagementUrl(APP_SERVER_BASE_URL + "/session-portal");
|
||||||
|
|
||||||
|
demoRealm.setAccessTokenLifespan(origTokenLifespan.get());
|
||||||
|
}
|
||||||
|
|
||||||
|
}, "demo");
|
||||||
|
}
|
||||||
|
|
||||||
|
protected void loginAndCheckSession(WebDriver driver, LoginPage loginPage) {
|
||||||
|
driver.navigate().to(APP_SERVER_BASE_URL + "/session-portal");
|
||||||
|
String currentUrl = driver.getCurrentUrl();
|
||||||
|
Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
|
||||||
|
loginPage.login("bburke@redhat.com", "password");
|
||||||
|
System.out.println("Current url: " + driver.getCurrentUrl());
|
||||||
|
Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/session-portal" + slash);
|
||||||
|
String pageSource = driver.getPageSource();
|
||||||
|
Assert.assertTrue(pageSource.contains("Counter=1"));
|
||||||
|
|
||||||
|
// Counter increased now
|
||||||
|
driver.navigate().to(APP_SERVER_BASE_URL + "/session-portal");
|
||||||
|
pageSource = driver.getPageSource();
|
||||||
|
Assert.assertTrue(pageSource.contains("Counter=2"));
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -39,7 +39,8 @@ public class CustomerServlet extends HttpServlet {
|
||||||
Client client = ClientBuilder.newClient();
|
Client client = ClientBuilder.newClient();
|
||||||
|
|
||||||
try {
|
try {
|
||||||
WebTarget target = client.target("http://localhost:8081/customer-db");
|
String appBase = System.getProperty("app.server.base.url", "http://localhost:8081");
|
||||||
|
WebTarget target = client.target(appBase + "/customer-db/");
|
||||||
Response response = target.request().get();
|
Response response = target.request().get();
|
||||||
Assert.assertEquals(401, response.getStatus());
|
Assert.assertEquals(401, response.getStatus());
|
||||||
response.close();
|
response.close();
|
||||||
|
|
|
@ -46,6 +46,7 @@ import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.protocol.oidc.OpenIDConnectService;
|
import org.keycloak.protocol.oidc.OpenIDConnectService;
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
|
import org.keycloak.testsuite.adapter.AdapterTestStrategy;
|
||||||
import org.keycloak.testsuite.pages.LoginPage;
|
import org.keycloak.testsuite.pages.LoginPage;
|
||||||
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
|
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
|
||||||
import org.keycloak.testsuite.rule.WebResource;
|
import org.keycloak.testsuite.rule.WebResource;
|
||||||
|
@ -58,109 +59,48 @@ import javax.servlet.http.HttpServlet;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
import javax.ws.rs.core.UriBuilder;
|
import javax.ws.rs.core.UriBuilder;
|
||||||
|
import java.io.File;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.OutputStream;
|
import java.io.OutputStream;
|
||||||
|
import java.net.URL;
|
||||||
import java.security.Principal;
|
import java.security.Principal;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||||
*/
|
*/
|
||||||
public class Jetty9Test {
|
public class Jetty9Test {
|
||||||
static String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
|
|
||||||
.queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8080/customer-portal").build("demo").toString();
|
|
||||||
|
|
||||||
@ClassRule
|
@ClassRule
|
||||||
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
|
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
|
||||||
@Override
|
@Override
|
||||||
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
|
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
|
||||||
RealmRepresentation representation = KeycloakServer.loadJson(getClass().getResourceAsStream("/jetty-test/demorealm.json"), RealmRepresentation.class);
|
RealmRepresentation representation = KeycloakServer.loadJson(getClass().getResourceAsStream("/adapter-test/demorealm.json"), RealmRepresentation.class);
|
||||||
RealmModel realm = manager.importRealm(representation);
|
RealmModel realm = manager.importRealm(representation);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
public static class SendUsernameServlet extends HttpServlet {
|
|
||||||
@Override
|
|
||||||
protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
|
|
||||||
if (req.getPathInfo().endsWith("logout")) {
|
|
||||||
req.logout();
|
|
||||||
resp.setContentType("text/plain");
|
|
||||||
OutputStream stream = resp.getOutputStream();
|
|
||||||
stream.write("logout".getBytes());
|
|
||||||
return;
|
|
||||||
|
|
||||||
}
|
|
||||||
resp.setContentType("text/plain");
|
|
||||||
OutputStream stream = resp.getOutputStream();
|
|
||||||
Principal principal = req.getUserPrincipal();
|
|
||||||
if (principal == null) {
|
|
||||||
stream.write("null".getBytes());
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
String name = principal.getName();
|
|
||||||
stream.write(name.getBytes());
|
|
||||||
stream.write("\n".getBytes());
|
|
||||||
KeycloakSecurityContext context = (KeycloakSecurityContext)req.getAttribute(KeycloakSecurityContext.class.getName());
|
|
||||||
stream.write(context.getIdToken().getName().getBytes());
|
|
||||||
stream.write("\n".getBytes());
|
|
||||||
stream.write(logoutUri.getBytes());
|
|
||||||
|
|
||||||
}
|
|
||||||
@Override
|
|
||||||
protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
|
|
||||||
doGet(req, resp);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public static Server server = null;
|
public static Server server = null;
|
||||||
protected static WebAppContext appContext = null;
|
|
||||||
|
|
||||||
|
|
||||||
protected static void deploySP() throws Exception {
|
|
||||||
appContext = new WebAppContext();
|
|
||||||
appContext.setResourceBase(Jetty9Test.class.getClassLoader().getResource("jetty-test/webapp").toExternalForm());
|
|
||||||
appContext.setContextPath("/customer-portal");
|
|
||||||
appContext.setParentLoaderPriority(true);
|
|
||||||
|
|
||||||
appContext.addServlet(new ServletHolder(new SendUsernameServlet()), "/*");
|
|
||||||
|
|
||||||
|
|
||||||
ConstraintSecurityHandler securityHandler = formHandler();
|
|
||||||
|
|
||||||
AbstractKeycloakJettyAuthenticator authenticator = new KeycloakJettyAuthenticator();
|
|
||||||
securityHandler.setAuthenticator(authenticator);
|
|
||||||
|
|
||||||
appContext.setSecurityHandler(securityHandler);
|
|
||||||
}
|
|
||||||
|
|
||||||
private static ConstraintSecurityHandler formHandler() {
|
|
||||||
Constraint constraint = new Constraint();
|
|
||||||
constraint.setName(Constraint.__FORM_AUTH);
|
|
||||||
;
|
|
||||||
constraint.setRoles(new String[] { "user", "admin" });
|
|
||||||
constraint.setAuthenticate(true);
|
|
||||||
|
|
||||||
ConstraintMapping constraintMapping = new ConstraintMapping();
|
|
||||||
constraintMapping.setConstraint(constraint);
|
|
||||||
constraintMapping.setPathSpec("/*");
|
|
||||||
|
|
||||||
ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
|
|
||||||
securityHandler.setConstraintMappings(new ConstraintMapping[] { constraintMapping });
|
|
||||||
|
|
||||||
HashLoginService loginService = new HashLoginService();
|
|
||||||
securityHandler.setLoginService(loginService);
|
|
||||||
return securityHandler;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@BeforeClass
|
@BeforeClass
|
||||||
public static void initJetty() throws Exception {
|
public static void initJetty() throws Exception {
|
||||||
server = new Server(8080);
|
server = new Server(8082);
|
||||||
|
List<Handler> list = new ArrayList<Handler>();
|
||||||
|
System.setProperty("app.server.base.url", "http://localhost:8082");
|
||||||
|
System.setProperty("my.host.name", "localhost");
|
||||||
|
URL dir = Jetty9Test.class.getResource("/adapter-test/demorealm.json");
|
||||||
|
File base = new File(dir.getFile()).getParentFile();
|
||||||
|
list.add(new WebAppContext(new File(base, "customer-portal").toString(), "/customer-portal"));
|
||||||
|
list.add(new WebAppContext(new File(base, "customer-db").toString(), "/customer-db"));
|
||||||
|
list.add(new WebAppContext(new File(base, "product-portal").toString(), "/product-portal"));
|
||||||
|
list.add(new WebAppContext(new File(base, "session-portal").toString(), "/session-portal"));
|
||||||
|
list.add(new WebAppContext(new File(base, "secure-portal").toString(), "/secure-portal"));
|
||||||
|
|
||||||
|
|
||||||
deploySP();
|
|
||||||
|
|
||||||
HandlerCollection handlers = new HandlerCollection();
|
HandlerCollection handlers = new HandlerCollection();
|
||||||
handlers.setHandlers(new Handler[] { appContext });
|
handlers.setHandlers(list.toArray(new Handler[list.size()]));
|
||||||
server.setHandler(handlers);
|
server.setHandler(handlers);
|
||||||
|
|
||||||
server.start();
|
server.start();
|
||||||
|
@ -175,55 +115,73 @@ public class Jetty9Test {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Rule
|
@Rule
|
||||||
public WebRule webRule = new WebRule(this);
|
public AdapterTestStrategy testStrategy = new AdapterTestStrategy("http://localhost:8081/auth", "http://localhost:8082", keycloakRule, true);
|
||||||
@WebResource
|
|
||||||
protected WebDriver driver;
|
|
||||||
@WebResource
|
|
||||||
protected LoginPage loginPage;
|
|
||||||
|
|
||||||
public static final String LOGIN_URL = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
|
|
||||||
@Test
|
@Test
|
||||||
public void testLoginSSOAndLogout() throws Exception {
|
public void testLoginSSOAndLogout() throws Exception {
|
||||||
driver.navigate().to("http://localhost:8080/customer-portal");
|
testStrategy.testLoginSSOAndLogout();
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
}
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
loginPage.login("bburke@redhat.com", "password");
|
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
|
||||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8080/customer-portal/");
|
|
||||||
String pageSource = driver.getPageSource();
|
|
||||||
System.out.println(pageSource);
|
|
||||||
Assert.assertTrue(pageSource.contains("Bill Burke"));
|
|
||||||
|
|
||||||
// test logout
|
@Test
|
||||||
|
public void testServletRequestLogout() throws Exception {
|
||||||
String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
|
testStrategy.testServletRequestLogout();
|
||||||
.queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8080/customer-portal").build("demo").toString();
|
}
|
||||||
driver.navigate().to(logoutUri);
|
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
driver.navigate().to("http://localhost:8080/customer-portal");
|
|
||||||
String currentUrl = driver.getCurrentUrl();
|
|
||||||
Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
|
|
||||||
|
|
||||||
// test servletRequest.logout()
|
|
||||||
loginPage.login("bburke@redhat.com", "password");
|
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
|
||||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8080/customer-portal/");
|
|
||||||
pageSource = driver.getPageSource();
|
|
||||||
System.out.println(pageSource);
|
|
||||||
Assert.assertTrue(pageSource.contains("Bill Burke"));
|
|
||||||
driver.navigate().to("http://localhost:8080/customer-portal/logout");
|
|
||||||
pageSource = driver.getPageSource();
|
|
||||||
Assert.assertTrue(pageSource.contains("logout"));
|
|
||||||
driver.navigate().to("http://localhost:8080/customer-portal");
|
|
||||||
currentUrl = driver.getCurrentUrl();
|
|
||||||
Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
|
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testLoginSSOIdle() throws Exception {
|
||||||
|
testStrategy.testLoginSSOIdle();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@Ignore
|
public void testLoginSSOIdleRemoveExpiredUserSessions() throws Exception {
|
||||||
public void runit() throws Exception {
|
testStrategy.testLoginSSOIdleRemoveExpiredUserSessions();
|
||||||
Thread.sleep(10000000);
|
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
@Test
|
||||||
|
public void testLoginSSOMax() throws Exception {
|
||||||
|
testStrategy.testLoginSSOMax();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-518
|
||||||
|
* @throws Exception
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testNullBearerToken() throws Exception {
|
||||||
|
testStrategy.testNullBearerToken();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-518
|
||||||
|
* @throws Exception
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testBadUser() throws Exception {
|
||||||
|
testStrategy.testBadUser();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testVersion() throws Exception {
|
||||||
|
testStrategy.testVersion();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-732
|
||||||
|
*
|
||||||
|
* @throws Throwable
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testSingleSessionInvalidated() throws Throwable {
|
||||||
|
testStrategy.testSingleSessionInvalidated();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-741
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testSessionInvalidatedAfterFailedRefresh() throws Throwable {
|
||||||
|
testStrategy.testSessionInvalidatedAfterFailedRefresh();
|
||||||
|
|
||||||
|
}}
|
||||||
|
|
|
@ -0,0 +1,29 @@
|
||||||
|
<?xml version="1.0"?>
|
||||||
|
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
|
||||||
|
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
|
||||||
|
<Get name="securityHandler">
|
||||||
|
<Set name="authenticator">
|
||||||
|
<New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
|
||||||
|
<!--
|
||||||
|
<Set name="adapterConfig">
|
||||||
|
<New class="org.keycloak.representations.adapters.config.AdapterConfig">
|
||||||
|
<Set name="realm">tomcat</Set>
|
||||||
|
<Set name="resource">customer-portal</Set>
|
||||||
|
<Set name="authServerUrl">http://localhost:8081/auth</Set>
|
||||||
|
<Set name="sslRequired">external</Set>
|
||||||
|
<Set name="credentials">
|
||||||
|
<Map>
|
||||||
|
<Entry>
|
||||||
|
<Item>secret</Item>
|
||||||
|
<Item>password</Item>
|
||||||
|
</Entry>
|
||||||
|
</Map>
|
||||||
|
</Set>
|
||||||
|
<Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
-->
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
</Get>
|
||||||
|
</Configure>
|
|
@ -0,0 +1,9 @@
|
||||||
|
{
|
||||||
|
"realm" : "demo",
|
||||||
|
"resource" : "customer-db",
|
||||||
|
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"ssl-required" : "external",
|
||||||
|
"bearer-only" : true,
|
||||||
|
"enable-cors" : true
|
||||||
|
|
||||||
|
}
|
|
@ -7,22 +7,22 @@
|
||||||
<module-name>adapter-test</module-name>
|
<module-name>adapter-test</module-name>
|
||||||
|
|
||||||
<servlet>
|
<servlet>
|
||||||
<servlet-name>SendUsername</servlet-name>
|
<servlet-name>Servlet</servlet-name>
|
||||||
<servlet-class>org.keycloak.testsuite.TomcatTest$SendUsernameServlet</servlet-class>
|
<servlet-class>org.keycloak.testsuite.adapter.CustomerDatabaseServlet</servlet-class>
|
||||||
</servlet>
|
</servlet>
|
||||||
|
|
||||||
<servlet-mapping>
|
<servlet-mapping>
|
||||||
<servlet-name>SendUsername</servlet-name>
|
<servlet-name>Servlet</servlet-name>
|
||||||
<url-pattern>/*</url-pattern>
|
<url-pattern>/*</url-pattern>
|
||||||
</servlet-mapping>
|
</servlet-mapping>
|
||||||
|
|
||||||
<security-constraint>
|
<security-constraint>
|
||||||
<web-resource-collection>
|
<web-resource-collection>
|
||||||
<web-resource-name>Admins</web-resource-name>
|
<web-resource-name>Users</web-resource-name>
|
||||||
<url-pattern>/*</url-pattern>
|
<url-pattern>/*</url-pattern>
|
||||||
</web-resource-collection>
|
</web-resource-collection>
|
||||||
<auth-constraint>
|
<auth-constraint>
|
||||||
<role-name>admin</role-name>
|
<role-name>user</role-name>
|
||||||
</auth-constraint>
|
</auth-constraint>
|
||||||
</security-constraint>
|
</security-constraint>
|
||||||
|
|
|
@ -0,0 +1,29 @@
|
||||||
|
<?xml version="1.0"?>
|
||||||
|
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
|
||||||
|
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
|
||||||
|
<Get name="securityHandler">
|
||||||
|
<Set name="authenticator">
|
||||||
|
<New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
|
||||||
|
<!--
|
||||||
|
<Set name="adapterConfig">
|
||||||
|
<New class="org.keycloak.representations.adapters.config.AdapterConfig">
|
||||||
|
<Set name="realm">tomcat</Set>
|
||||||
|
<Set name="resource">customer-portal</Set>
|
||||||
|
<Set name="authServerUrl">http://localhost:8081/auth</Set>
|
||||||
|
<Set name="sslRequired">external</Set>
|
||||||
|
<Set name="credentials">
|
||||||
|
<Map>
|
||||||
|
<Entry>
|
||||||
|
<Item>secret</Item>
|
||||||
|
<Item>password</Item>
|
||||||
|
</Entry>
|
||||||
|
</Map>
|
||||||
|
</Set>
|
||||||
|
<Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
-->
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
</Get>
|
||||||
|
</Configure>
|
|
@ -4,6 +4,7 @@
|
||||||
"realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
"realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
"auth-server-url": "http://localhost:8081/auth",
|
"auth-server-url": "http://localhost:8081/auth",
|
||||||
"ssl-required" : "external",
|
"ssl-required" : "external",
|
||||||
|
"expose-token": true,
|
||||||
"credentials": {
|
"credentials": {
|
||||||
"secret": "password"
|
"secret": "password"
|
||||||
}
|
}
|
|
@ -7,22 +7,22 @@
|
||||||
<module-name>adapter-test</module-name>
|
<module-name>adapter-test</module-name>
|
||||||
|
|
||||||
<servlet>
|
<servlet>
|
||||||
<servlet-name>SendUsername</servlet-name>
|
<servlet-name>Servlet</servlet-name>
|
||||||
<servlet-class>org.keycloak.testsuite.Tomcat7Test$SendUsernameServlet</servlet-class>
|
<servlet-class>org.keycloak.testsuite.adapter.CustomerServlet</servlet-class>
|
||||||
</servlet>
|
</servlet>
|
||||||
|
|
||||||
<servlet-mapping>
|
<servlet-mapping>
|
||||||
<servlet-name>SendUsername</servlet-name>
|
<servlet-name>Servlet</servlet-name>
|
||||||
<url-pattern>/*</url-pattern>
|
<url-pattern>/*</url-pattern>
|
||||||
</servlet-mapping>
|
</servlet-mapping>
|
||||||
|
|
||||||
<security-constraint>
|
<security-constraint>
|
||||||
<web-resource-collection>
|
<web-resource-collection>
|
||||||
<web-resource-name>Admins</web-resource-name>
|
<web-resource-name>Users</web-resource-name>
|
||||||
<url-pattern>/*</url-pattern>
|
<url-pattern>/*</url-pattern>
|
||||||
</web-resource-collection>
|
</web-resource-collection>
|
||||||
<auth-constraint>
|
<auth-constraint>
|
||||||
<role-name>admin</role-name>
|
<role-name>user</role-name>
|
||||||
</auth-constraint>
|
</auth-constraint>
|
||||||
</security-constraint>
|
</security-constraint>
|
||||||
|
|
141
testsuite/jetty/jetty81/src/test/resources/adapter-test/demorealm.json
Executable file
141
testsuite/jetty/jetty81/src/test/resources/adapter-test/demorealm.json
Executable file
|
@ -0,0 +1,141 @@
|
||||||
|
{
|
||||||
|
"id": "demo",
|
||||||
|
"realm": "demo",
|
||||||
|
"enabled": true,
|
||||||
|
"accessTokenLifespan": 3000,
|
||||||
|
"accessCodeLifespan": 10,
|
||||||
|
"accessCodeLifespanUserAction": 6000,
|
||||||
|
"sslRequired": "external",
|
||||||
|
"registrationAllowed": false,
|
||||||
|
"social": false,
|
||||||
|
"passwordCredentialGrantAllowed": true,
|
||||||
|
"updateProfileOnInitialSocialLogin": false,
|
||||||
|
"privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
|
||||||
|
"publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"requiredCredentials": [ "password" ],
|
||||||
|
"users" : [
|
||||||
|
{
|
||||||
|
"username" : "bburke@redhat.com",
|
||||||
|
"enabled": true,
|
||||||
|
"email" : "bburke@redhat.com",
|
||||||
|
"firstName": "Bill",
|
||||||
|
"lastName": "Burke",
|
||||||
|
"credentials" : [
|
||||||
|
{ "type" : "password",
|
||||||
|
"value" : "password" }
|
||||||
|
],
|
||||||
|
"realmRoles": [ "user" ],
|
||||||
|
"applicationRoles": {
|
||||||
|
"account": [ "manage-account" ]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"roles" : {
|
||||||
|
"realm" : [
|
||||||
|
{
|
||||||
|
"name": "user",
|
||||||
|
"description": "User privileges"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "admin",
|
||||||
|
"description": "Administrator privileges"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"scopeMappings": [
|
||||||
|
{
|
||||||
|
"client": "third-party",
|
||||||
|
"roles": ["user"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"client": "customer-portal",
|
||||||
|
"roles": ["user"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"client": "product-portal",
|
||||||
|
"roles": ["user"]
|
||||||
|
}
|
||||||
|
|
||||||
|
],
|
||||||
|
"applications": [
|
||||||
|
{
|
||||||
|
"name": "customer-portal",
|
||||||
|
"enabled": true,
|
||||||
|
"adminUrl": "http://localhost:8082/customer-portal",
|
||||||
|
"baseUrl": "http://localhost:8082/customer-portal",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/customer-portal/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "customer-cookie-portal",
|
||||||
|
"enabled": true,
|
||||||
|
"baseUrl": "http://localhost:8082/customer-cookie-portal",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/customer-cookie-portal/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "customer-portal-js",
|
||||||
|
"enabled": true,
|
||||||
|
"publicClient": true,
|
||||||
|
"adminUrl": "http://localhost:8082/customer-portal-js",
|
||||||
|
"baseUrl": "http://localhost:8082/customer-portal-js",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8080/customer-portal-js/*"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "customer-portal-cli",
|
||||||
|
"enabled": true,
|
||||||
|
"publicClient": true,
|
||||||
|
"redirectUris": [
|
||||||
|
"urn:ietf:wg:oauth:2.0:oob",
|
||||||
|
"http://localhost"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "product-portal",
|
||||||
|
"enabled": true,
|
||||||
|
"adminUrl": "http://localhost:8082/product-portal",
|
||||||
|
"baseUrl": "http://localhost:8082/product-portal",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/product-portal/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "secure-portal",
|
||||||
|
"enabled": true,
|
||||||
|
"adminUrl": "http://localhost:8082/secure-portal",
|
||||||
|
"baseUrl": "http://localhost:8082/secure-portal",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/secure-portal/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "session-portal",
|
||||||
|
"enabled": true,
|
||||||
|
"adminUrl": "http://localhost:8082/session-portal",
|
||||||
|
"baseUrl": "http://localhost:8082/session-portal",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/session-portal/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"oauthClients": [
|
||||||
|
{
|
||||||
|
"name": "third-party",
|
||||||
|
"enabled": true,
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/oauth-client/*",
|
||||||
|
"http://localhost:8082/oauth-client-cdi/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,29 @@
|
||||||
|
<?xml version="1.0"?>
|
||||||
|
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
|
||||||
|
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
|
||||||
|
<Get name="securityHandler">
|
||||||
|
<Set name="authenticator">
|
||||||
|
<New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
|
||||||
|
<!--
|
||||||
|
<Set name="adapterConfig">
|
||||||
|
<New class="org.keycloak.representations.adapters.config.AdapterConfig">
|
||||||
|
<Set name="realm">tomcat</Set>
|
||||||
|
<Set name="resource">customer-portal</Set>
|
||||||
|
<Set name="authServerUrl">http://localhost:8081/auth</Set>
|
||||||
|
<Set name="sslRequired">external</Set>
|
||||||
|
<Set name="credentials">
|
||||||
|
<Map>
|
||||||
|
<Entry>
|
||||||
|
<Item>secret</Item>
|
||||||
|
<Item>password</Item>
|
||||||
|
</Entry>
|
||||||
|
</Map>
|
||||||
|
</Set>
|
||||||
|
<Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
-->
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
</Get>
|
||||||
|
</Configure>
|
|
@ -0,0 +1,10 @@
|
||||||
|
{
|
||||||
|
"realm" : "demo",
|
||||||
|
"resource" : "product-portal",
|
||||||
|
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"auth-server-url" : "http://localhost:8081/auth",
|
||||||
|
"ssl-required" : "external",
|
||||||
|
"credentials" : {
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>adapter-test</module-name>
|
||||||
|
|
||||||
|
<servlet>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<servlet-class>org.keycloak.testsuite.adapter.ProductServlet</servlet-class>
|
||||||
|
</servlet>
|
||||||
|
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
|
||||||
|
<security-constraint>
|
||||||
|
<web-resource-collection>
|
||||||
|
<web-resource-name>Users</web-resource-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</web-resource-collection>
|
||||||
|
<auth-constraint>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</auth-constraint>
|
||||||
|
</security-constraint>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>BASIC</auth-method>
|
||||||
|
<realm-name>demo</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
|
@ -0,0 +1,29 @@
|
||||||
|
<?xml version="1.0"?>
|
||||||
|
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
|
||||||
|
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
|
||||||
|
<Get name="securityHandler">
|
||||||
|
<Set name="authenticator">
|
||||||
|
<New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
|
||||||
|
<!--
|
||||||
|
<Set name="adapterConfig">
|
||||||
|
<New class="org.keycloak.representations.adapters.config.AdapterConfig">
|
||||||
|
<Set name="realm">tomcat</Set>
|
||||||
|
<Set name="resource">customer-portal</Set>
|
||||||
|
<Set name="authServerUrl">http://localhost:8081/auth</Set>
|
||||||
|
<Set name="sslRequired">external</Set>
|
||||||
|
<Set name="credentials">
|
||||||
|
<Map>
|
||||||
|
<Entry>
|
||||||
|
<Item>secret</Item>
|
||||||
|
<Item>password</Item>
|
||||||
|
</Entry>
|
||||||
|
</Map>
|
||||||
|
</Set>
|
||||||
|
<Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
-->
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
</Get>
|
||||||
|
</Configure>
|
|
@ -0,0 +1,10 @@
|
||||||
|
{
|
||||||
|
"realm" : "demo",
|
||||||
|
"resource" : "secure-portal",
|
||||||
|
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"auth-server-url" : "http://localhost:8080/auth",
|
||||||
|
"ssl-required" : "external",
|
||||||
|
"credentials" : {
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,30 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>adapter-test</module-name>
|
||||||
|
|
||||||
|
<servlet>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<servlet-class>org.keycloak.testsuite.adapter.CallAuthenticatedServlet</servlet-class>
|
||||||
|
</servlet>
|
||||||
|
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>BASIC</auth-method>
|
||||||
|
<realm-name>demo</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
|
@ -0,0 +1,29 @@
|
||||||
|
<?xml version="1.0"?>
|
||||||
|
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
|
||||||
|
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
|
||||||
|
<Get name="securityHandler">
|
||||||
|
<Set name="authenticator">
|
||||||
|
<New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
|
||||||
|
<!--
|
||||||
|
<Set name="adapterConfig">
|
||||||
|
<New class="org.keycloak.representations.adapters.config.AdapterConfig">
|
||||||
|
<Set name="realm">tomcat</Set>
|
||||||
|
<Set name="resource">customer-portal</Set>
|
||||||
|
<Set name="authServerUrl">http://localhost:8081/auth</Set>
|
||||||
|
<Set name="sslRequired">external</Set>
|
||||||
|
<Set name="credentials">
|
||||||
|
<Map>
|
||||||
|
<Entry>
|
||||||
|
<Item>secret</Item>
|
||||||
|
<Item>password</Item>
|
||||||
|
</Entry>
|
||||||
|
</Map>
|
||||||
|
</Set>
|
||||||
|
<Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
-->
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
</Get>
|
||||||
|
</Configure>
|
|
@ -0,0 +1,10 @@
|
||||||
|
{
|
||||||
|
"realm" : "demo",
|
||||||
|
"resource" : "session-portal",
|
||||||
|
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"auth-server-url" : "http://${my.host.name}:8081/auth",
|
||||||
|
"ssl-required" : "external",
|
||||||
|
"credentials" : {
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>adapter-test</module-name>
|
||||||
|
|
||||||
|
<servlet>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<servlet-class>org.keycloak.testsuite.adapter.SessionServlet</servlet-class>
|
||||||
|
</servlet>
|
||||||
|
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
|
||||||
|
<security-constraint>
|
||||||
|
<web-resource-collection>
|
||||||
|
<web-resource-name>Users</web-resource-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</web-resource-collection>
|
||||||
|
<auth-constraint>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</auth-constraint>
|
||||||
|
</security-constraint>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>BASIC</auth-method>
|
||||||
|
<realm-name>demo</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
|
@ -46,6 +46,7 @@ import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.protocol.oidc.OpenIDConnectService;
|
import org.keycloak.protocol.oidc.OpenIDConnectService;
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
|
import org.keycloak.testsuite.adapter.AdapterTestStrategy;
|
||||||
import org.keycloak.testsuite.pages.LoginPage;
|
import org.keycloak.testsuite.pages.LoginPage;
|
||||||
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
|
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
|
||||||
import org.keycloak.testsuite.rule.WebResource;
|
import org.keycloak.testsuite.rule.WebResource;
|
||||||
|
@ -58,109 +59,48 @@ import javax.servlet.http.HttpServlet;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
import javax.ws.rs.core.UriBuilder;
|
import javax.ws.rs.core.UriBuilder;
|
||||||
|
import java.io.File;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.OutputStream;
|
import java.io.OutputStream;
|
||||||
|
import java.net.URL;
|
||||||
import java.security.Principal;
|
import java.security.Principal;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||||
*/
|
*/
|
||||||
public class Jetty9Test {
|
public class Jetty9Test {
|
||||||
static String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
|
|
||||||
.queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8080/customer-portal").build("demo").toString();
|
|
||||||
|
|
||||||
@ClassRule
|
@ClassRule
|
||||||
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
|
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
|
||||||
@Override
|
@Override
|
||||||
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
|
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
|
||||||
RealmRepresentation representation = KeycloakServer.loadJson(getClass().getResourceAsStream("/jetty-test/demorealm.json"), RealmRepresentation.class);
|
RealmRepresentation representation = KeycloakServer.loadJson(getClass().getResourceAsStream("/adapter-test/demorealm.json"), RealmRepresentation.class);
|
||||||
RealmModel realm = manager.importRealm(representation);
|
RealmModel realm = manager.importRealm(representation);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
public static class SendUsernameServlet extends HttpServlet {
|
|
||||||
@Override
|
|
||||||
protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
|
|
||||||
if (req.getPathInfo().endsWith("logout")) {
|
|
||||||
req.logout();
|
|
||||||
resp.setContentType("text/plain");
|
|
||||||
OutputStream stream = resp.getOutputStream();
|
|
||||||
stream.write("logout".getBytes());
|
|
||||||
return;
|
|
||||||
|
|
||||||
}
|
|
||||||
resp.setContentType("text/plain");
|
|
||||||
OutputStream stream = resp.getOutputStream();
|
|
||||||
Principal principal = req.getUserPrincipal();
|
|
||||||
if (principal == null) {
|
|
||||||
stream.write("null".getBytes());
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
String name = principal.getName();
|
|
||||||
stream.write(name.getBytes());
|
|
||||||
stream.write("\n".getBytes());
|
|
||||||
KeycloakSecurityContext context = (KeycloakSecurityContext)req.getAttribute(KeycloakSecurityContext.class.getName());
|
|
||||||
stream.write(context.getIdToken().getName().getBytes());
|
|
||||||
stream.write("\n".getBytes());
|
|
||||||
stream.write(logoutUri.getBytes());
|
|
||||||
|
|
||||||
}
|
|
||||||
@Override
|
|
||||||
protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
|
|
||||||
doGet(req, resp);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public static Server server = null;
|
public static Server server = null;
|
||||||
protected static WebAppContext appContext = null;
|
|
||||||
|
|
||||||
|
|
||||||
protected static void deploySP() throws Exception {
|
|
||||||
appContext = new WebAppContext();
|
|
||||||
appContext.setResourceBase(Jetty9Test.class.getClassLoader().getResource("jetty-test/webapp").toExternalForm());
|
|
||||||
appContext.setContextPath("/customer-portal");
|
|
||||||
appContext.setParentLoaderPriority(true);
|
|
||||||
|
|
||||||
appContext.addServlet(new ServletHolder(new SendUsernameServlet()), "/*");
|
|
||||||
|
|
||||||
|
|
||||||
ConstraintSecurityHandler securityHandler = formHandler();
|
|
||||||
|
|
||||||
AbstractKeycloakJettyAuthenticator authenticator = new KeycloakJettyAuthenticator();
|
|
||||||
securityHandler.setAuthenticator(authenticator);
|
|
||||||
|
|
||||||
appContext.setSecurityHandler(securityHandler);
|
|
||||||
}
|
|
||||||
|
|
||||||
private static ConstraintSecurityHandler formHandler() {
|
|
||||||
Constraint constraint = new Constraint();
|
|
||||||
constraint.setName(Constraint.__FORM_AUTH);
|
|
||||||
;
|
|
||||||
constraint.setRoles(new String[] { "user", "admin" });
|
|
||||||
constraint.setAuthenticate(true);
|
|
||||||
|
|
||||||
ConstraintMapping constraintMapping = new ConstraintMapping();
|
|
||||||
constraintMapping.setConstraint(constraint);
|
|
||||||
constraintMapping.setPathSpec("/*");
|
|
||||||
|
|
||||||
ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
|
|
||||||
securityHandler.setConstraintMappings(new ConstraintMapping[] { constraintMapping });
|
|
||||||
|
|
||||||
HashLoginService loginService = new HashLoginService();
|
|
||||||
securityHandler.setLoginService(loginService);
|
|
||||||
return securityHandler;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@BeforeClass
|
@BeforeClass
|
||||||
public static void initJetty() throws Exception {
|
public static void initJetty() throws Exception {
|
||||||
server = new Server(8080);
|
server = new Server(8082);
|
||||||
|
List<Handler> list = new ArrayList<Handler>();
|
||||||
|
System.setProperty("app.server.base.url", "http://localhost:8082");
|
||||||
|
System.setProperty("my.host.name", "localhost");
|
||||||
|
URL dir = Jetty9Test.class.getResource("/adapter-test/demorealm.json");
|
||||||
|
File base = new File(dir.getFile()).getParentFile();
|
||||||
|
list.add(new WebAppContext(new File(base, "customer-portal").toString(), "/customer-portal"));
|
||||||
|
list.add(new WebAppContext(new File(base, "customer-db").toString(), "/customer-db"));
|
||||||
|
list.add(new WebAppContext(new File(base, "product-portal").toString(), "/product-portal"));
|
||||||
|
list.add(new WebAppContext(new File(base, "session-portal").toString(), "/session-portal"));
|
||||||
|
list.add(new WebAppContext(new File(base, "secure-portal").toString(), "/secure-portal"));
|
||||||
|
|
||||||
|
|
||||||
deploySP();
|
|
||||||
|
|
||||||
HandlerCollection handlers = new HandlerCollection();
|
HandlerCollection handlers = new HandlerCollection();
|
||||||
handlers.setHandlers(new Handler[] { appContext });
|
handlers.setHandlers(list.toArray(new Handler[list.size()]));
|
||||||
server.setHandler(handlers);
|
server.setHandler(handlers);
|
||||||
|
|
||||||
server.start();
|
server.start();
|
||||||
|
@ -175,55 +115,74 @@ public class Jetty9Test {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Rule
|
@Rule
|
||||||
public WebRule webRule = new WebRule(this);
|
public AdapterTestStrategy testStrategy = new AdapterTestStrategy("http://localhost:8081/auth", "http://localhost:8082", keycloakRule, true);
|
||||||
@WebResource
|
|
||||||
protected WebDriver driver;
|
|
||||||
@WebResource
|
|
||||||
protected LoginPage loginPage;
|
|
||||||
|
|
||||||
public static final String LOGIN_URL = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
|
|
||||||
@Test
|
@Test
|
||||||
public void testLoginSSOAndLogout() throws Exception {
|
public void testLoginSSOAndLogout() throws Exception {
|
||||||
driver.navigate().to("http://localhost:8080/customer-portal");
|
testStrategy.testLoginSSOAndLogout();
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
}
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
loginPage.login("bburke@redhat.com", "password");
|
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
|
||||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8080/customer-portal/");
|
|
||||||
String pageSource = driver.getPageSource();
|
|
||||||
System.out.println(pageSource);
|
|
||||||
Assert.assertTrue(pageSource.contains("Bill Burke"));
|
|
||||||
|
|
||||||
// test logout
|
@Test
|
||||||
|
public void testServletRequestLogout() throws Exception {
|
||||||
String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
|
testStrategy.testServletRequestLogout();
|
||||||
.queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8080/customer-portal").build("demo").toString();
|
}
|
||||||
driver.navigate().to(logoutUri);
|
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
driver.navigate().to("http://localhost:8080/customer-portal");
|
|
||||||
String currentUrl = driver.getCurrentUrl();
|
|
||||||
Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
|
|
||||||
|
|
||||||
// test servletRequest.logout()
|
|
||||||
loginPage.login("bburke@redhat.com", "password");
|
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
|
||||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8080/customer-portal/");
|
|
||||||
pageSource = driver.getPageSource();
|
|
||||||
System.out.println(pageSource);
|
|
||||||
Assert.assertTrue(pageSource.contains("Bill Burke"));
|
|
||||||
driver.navigate().to("http://localhost:8080/customer-portal/logout");
|
|
||||||
pageSource = driver.getPageSource();
|
|
||||||
Assert.assertTrue(pageSource.contains("logout"));
|
|
||||||
driver.navigate().to("http://localhost:8080/customer-portal");
|
|
||||||
currentUrl = driver.getCurrentUrl();
|
|
||||||
Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
|
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testLoginSSOIdle() throws Exception {
|
||||||
|
testStrategy.testLoginSSOIdle();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@Ignore
|
public void testLoginSSOIdleRemoveExpiredUserSessions() throws Exception {
|
||||||
public void runit() throws Exception {
|
testStrategy.testLoginSSOIdleRemoveExpiredUserSessions();
|
||||||
Thread.sleep(10000000);
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testLoginSSOMax() throws Exception {
|
||||||
|
testStrategy.testLoginSSOMax();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-518
|
||||||
|
* @throws Exception
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testNullBearerToken() throws Exception {
|
||||||
|
testStrategy.testNullBearerToken();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-518
|
||||||
|
* @throws Exception
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testBadUser() throws Exception {
|
||||||
|
testStrategy.testBadUser();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testVersion() throws Exception {
|
||||||
|
testStrategy.testVersion();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-732
|
||||||
|
*
|
||||||
|
* @throws Throwable
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testSingleSessionInvalidated() throws Throwable {
|
||||||
|
testStrategy.testSingleSessionInvalidated();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-741
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testSessionInvalidatedAfterFailedRefresh() throws Throwable {
|
||||||
|
testStrategy.testSessionInvalidatedAfterFailedRefresh();
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,29 @@
|
||||||
|
<?xml version="1.0"?>
|
||||||
|
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
|
||||||
|
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
|
||||||
|
<Get name="securityHandler">
|
||||||
|
<Set name="authenticator">
|
||||||
|
<New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
|
||||||
|
<!--
|
||||||
|
<Set name="adapterConfig">
|
||||||
|
<New class="org.keycloak.representations.adapters.config.AdapterConfig">
|
||||||
|
<Set name="realm">tomcat</Set>
|
||||||
|
<Set name="resource">customer-portal</Set>
|
||||||
|
<Set name="authServerUrl">http://localhost:8081/auth</Set>
|
||||||
|
<Set name="sslRequired">external</Set>
|
||||||
|
<Set name="credentials">
|
||||||
|
<Map>
|
||||||
|
<Entry>
|
||||||
|
<Item>secret</Item>
|
||||||
|
<Item>password</Item>
|
||||||
|
</Entry>
|
||||||
|
</Map>
|
||||||
|
</Set>
|
||||||
|
<Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
-->
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
</Get>
|
||||||
|
</Configure>
|
|
@ -0,0 +1,9 @@
|
||||||
|
{
|
||||||
|
"realm" : "demo",
|
||||||
|
"resource" : "customer-db",
|
||||||
|
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"ssl-required" : "external",
|
||||||
|
"bearer-only" : true,
|
||||||
|
"enable-cors" : true
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>adapter-test</module-name>
|
||||||
|
|
||||||
|
<servlet>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<servlet-class>org.keycloak.testsuite.adapter.CustomerDatabaseServlet</servlet-class>
|
||||||
|
</servlet>
|
||||||
|
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
|
||||||
|
<security-constraint>
|
||||||
|
<web-resource-collection>
|
||||||
|
<web-resource-name>Users</web-resource-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</web-resource-collection>
|
||||||
|
<auth-constraint>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</auth-constraint>
|
||||||
|
</security-constraint>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>BASIC</auth-method>
|
||||||
|
<realm-name>demo</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
|
@ -0,0 +1,29 @@
|
||||||
|
<?xml version="1.0"?>
|
||||||
|
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
|
||||||
|
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
|
||||||
|
<Get name="securityHandler">
|
||||||
|
<Set name="authenticator">
|
||||||
|
<New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
|
||||||
|
<!--
|
||||||
|
<Set name="adapterConfig">
|
||||||
|
<New class="org.keycloak.representations.adapters.config.AdapterConfig">
|
||||||
|
<Set name="realm">tomcat</Set>
|
||||||
|
<Set name="resource">customer-portal</Set>
|
||||||
|
<Set name="authServerUrl">http://localhost:8081/auth</Set>
|
||||||
|
<Set name="sslRequired">external</Set>
|
||||||
|
<Set name="credentials">
|
||||||
|
<Map>
|
||||||
|
<Entry>
|
||||||
|
<Item>secret</Item>
|
||||||
|
<Item>password</Item>
|
||||||
|
</Entry>
|
||||||
|
</Map>
|
||||||
|
</Set>
|
||||||
|
<Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
-->
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
</Get>
|
||||||
|
</Configure>
|
|
@ -4,6 +4,7 @@
|
||||||
"realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
"realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
"auth-server-url": "http://localhost:8081/auth",
|
"auth-server-url": "http://localhost:8081/auth",
|
||||||
"ssl-required" : "external",
|
"ssl-required" : "external",
|
||||||
|
"expose-token": true,
|
||||||
"credentials": {
|
"credentials": {
|
||||||
"secret": "password"
|
"secret": "password"
|
||||||
}
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>adapter-test</module-name>
|
||||||
|
|
||||||
|
<servlet>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<servlet-class>org.keycloak.testsuite.adapter.CustomerServlet</servlet-class>
|
||||||
|
</servlet>
|
||||||
|
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
|
||||||
|
<security-constraint>
|
||||||
|
<web-resource-collection>
|
||||||
|
<web-resource-name>Users</web-resource-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</web-resource-collection>
|
||||||
|
<auth-constraint>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</auth-constraint>
|
||||||
|
</security-constraint>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>BASIC</auth-method>
|
||||||
|
<realm-name>demo</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
141
testsuite/jetty/jetty91/src/test/resources/adapter-test/demorealm.json
Executable file
141
testsuite/jetty/jetty91/src/test/resources/adapter-test/demorealm.json
Executable file
|
@ -0,0 +1,141 @@
|
||||||
|
{
|
||||||
|
"id": "demo",
|
||||||
|
"realm": "demo",
|
||||||
|
"enabled": true,
|
||||||
|
"accessTokenLifespan": 3000,
|
||||||
|
"accessCodeLifespan": 10,
|
||||||
|
"accessCodeLifespanUserAction": 6000,
|
||||||
|
"sslRequired": "external",
|
||||||
|
"registrationAllowed": false,
|
||||||
|
"social": false,
|
||||||
|
"passwordCredentialGrantAllowed": true,
|
||||||
|
"updateProfileOnInitialSocialLogin": false,
|
||||||
|
"privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
|
||||||
|
"publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"requiredCredentials": [ "password" ],
|
||||||
|
"users" : [
|
||||||
|
{
|
||||||
|
"username" : "bburke@redhat.com",
|
||||||
|
"enabled": true,
|
||||||
|
"email" : "bburke@redhat.com",
|
||||||
|
"firstName": "Bill",
|
||||||
|
"lastName": "Burke",
|
||||||
|
"credentials" : [
|
||||||
|
{ "type" : "password",
|
||||||
|
"value" : "password" }
|
||||||
|
],
|
||||||
|
"realmRoles": [ "user" ],
|
||||||
|
"applicationRoles": {
|
||||||
|
"account": [ "manage-account" ]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"roles" : {
|
||||||
|
"realm" : [
|
||||||
|
{
|
||||||
|
"name": "user",
|
||||||
|
"description": "User privileges"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "admin",
|
||||||
|
"description": "Administrator privileges"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"scopeMappings": [
|
||||||
|
{
|
||||||
|
"client": "third-party",
|
||||||
|
"roles": ["user"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"client": "customer-portal",
|
||||||
|
"roles": ["user"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"client": "product-portal",
|
||||||
|
"roles": ["user"]
|
||||||
|
}
|
||||||
|
|
||||||
|
],
|
||||||
|
"applications": [
|
||||||
|
{
|
||||||
|
"name": "customer-portal",
|
||||||
|
"enabled": true,
|
||||||
|
"adminUrl": "http://localhost:8082/customer-portal",
|
||||||
|
"baseUrl": "http://localhost:8082/customer-portal",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/customer-portal/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "customer-cookie-portal",
|
||||||
|
"enabled": true,
|
||||||
|
"baseUrl": "http://localhost:8082/customer-cookie-portal",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/customer-cookie-portal/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "customer-portal-js",
|
||||||
|
"enabled": true,
|
||||||
|
"publicClient": true,
|
||||||
|
"adminUrl": "http://localhost:8082/customer-portal-js",
|
||||||
|
"baseUrl": "http://localhost:8082/customer-portal-js",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8080/customer-portal-js/*"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "customer-portal-cli",
|
||||||
|
"enabled": true,
|
||||||
|
"publicClient": true,
|
||||||
|
"redirectUris": [
|
||||||
|
"urn:ietf:wg:oauth:2.0:oob",
|
||||||
|
"http://localhost"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "product-portal",
|
||||||
|
"enabled": true,
|
||||||
|
"adminUrl": "http://localhost:8082/product-portal",
|
||||||
|
"baseUrl": "http://localhost:8082/product-portal",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/product-portal/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "secure-portal",
|
||||||
|
"enabled": true,
|
||||||
|
"adminUrl": "http://localhost:8082/secure-portal",
|
||||||
|
"baseUrl": "http://localhost:8082/secure-portal",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/secure-portal/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "session-portal",
|
||||||
|
"enabled": true,
|
||||||
|
"adminUrl": "http://localhost:8082/session-portal",
|
||||||
|
"baseUrl": "http://localhost:8082/session-portal",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/session-portal/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"oauthClients": [
|
||||||
|
{
|
||||||
|
"name": "third-party",
|
||||||
|
"enabled": true,
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/oauth-client/*",
|
||||||
|
"http://localhost:8082/oauth-client-cdi/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,29 @@
|
||||||
|
<?xml version="1.0"?>
|
||||||
|
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
|
||||||
|
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
|
||||||
|
<Get name="securityHandler">
|
||||||
|
<Set name="authenticator">
|
||||||
|
<New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
|
||||||
|
<!--
|
||||||
|
<Set name="adapterConfig">
|
||||||
|
<New class="org.keycloak.representations.adapters.config.AdapterConfig">
|
||||||
|
<Set name="realm">tomcat</Set>
|
||||||
|
<Set name="resource">customer-portal</Set>
|
||||||
|
<Set name="authServerUrl">http://localhost:8081/auth</Set>
|
||||||
|
<Set name="sslRequired">external</Set>
|
||||||
|
<Set name="credentials">
|
||||||
|
<Map>
|
||||||
|
<Entry>
|
||||||
|
<Item>secret</Item>
|
||||||
|
<Item>password</Item>
|
||||||
|
</Entry>
|
||||||
|
</Map>
|
||||||
|
</Set>
|
||||||
|
<Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
-->
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
</Get>
|
||||||
|
</Configure>
|
|
@ -0,0 +1,10 @@
|
||||||
|
{
|
||||||
|
"realm" : "demo",
|
||||||
|
"resource" : "product-portal",
|
||||||
|
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"auth-server-url" : "http://localhost:8081/auth",
|
||||||
|
"ssl-required" : "external",
|
||||||
|
"credentials" : {
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>adapter-test</module-name>
|
||||||
|
|
||||||
|
<servlet>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<servlet-class>org.keycloak.testsuite.adapter.ProductServlet</servlet-class>
|
||||||
|
</servlet>
|
||||||
|
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
|
||||||
|
<security-constraint>
|
||||||
|
<web-resource-collection>
|
||||||
|
<web-resource-name>Users</web-resource-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</web-resource-collection>
|
||||||
|
<auth-constraint>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</auth-constraint>
|
||||||
|
</security-constraint>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>BASIC</auth-method>
|
||||||
|
<realm-name>demo</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
|
@ -0,0 +1,29 @@
|
||||||
|
<?xml version="1.0"?>
|
||||||
|
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
|
||||||
|
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
|
||||||
|
<Get name="securityHandler">
|
||||||
|
<Set name="authenticator">
|
||||||
|
<New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
|
||||||
|
<!--
|
||||||
|
<Set name="adapterConfig">
|
||||||
|
<New class="org.keycloak.representations.adapters.config.AdapterConfig">
|
||||||
|
<Set name="realm">tomcat</Set>
|
||||||
|
<Set name="resource">customer-portal</Set>
|
||||||
|
<Set name="authServerUrl">http://localhost:8081/auth</Set>
|
||||||
|
<Set name="sslRequired">external</Set>
|
||||||
|
<Set name="credentials">
|
||||||
|
<Map>
|
||||||
|
<Entry>
|
||||||
|
<Item>secret</Item>
|
||||||
|
<Item>password</Item>
|
||||||
|
</Entry>
|
||||||
|
</Map>
|
||||||
|
</Set>
|
||||||
|
<Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
-->
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
</Get>
|
||||||
|
</Configure>
|
|
@ -0,0 +1,10 @@
|
||||||
|
{
|
||||||
|
"realm" : "demo",
|
||||||
|
"resource" : "secure-portal",
|
||||||
|
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"auth-server-url" : "http://localhost:8080/auth",
|
||||||
|
"ssl-required" : "external",
|
||||||
|
"credentials" : {
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,30 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>adapter-test</module-name>
|
||||||
|
|
||||||
|
<servlet>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<servlet-class>org.keycloak.testsuite.adapter.CallAuthenticatedServlet</servlet-class>
|
||||||
|
</servlet>
|
||||||
|
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>BASIC</auth-method>
|
||||||
|
<realm-name>demo</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
|
@ -0,0 +1,29 @@
|
||||||
|
<?xml version="1.0"?>
|
||||||
|
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
|
||||||
|
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
|
||||||
|
<Get name="securityHandler">
|
||||||
|
<Set name="authenticator">
|
||||||
|
<New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
|
||||||
|
<!--
|
||||||
|
<Set name="adapterConfig">
|
||||||
|
<New class="org.keycloak.representations.adapters.config.AdapterConfig">
|
||||||
|
<Set name="realm">tomcat</Set>
|
||||||
|
<Set name="resource">customer-portal</Set>
|
||||||
|
<Set name="authServerUrl">http://localhost:8081/auth</Set>
|
||||||
|
<Set name="sslRequired">external</Set>
|
||||||
|
<Set name="credentials">
|
||||||
|
<Map>
|
||||||
|
<Entry>
|
||||||
|
<Item>secret</Item>
|
||||||
|
<Item>password</Item>
|
||||||
|
</Entry>
|
||||||
|
</Map>
|
||||||
|
</Set>
|
||||||
|
<Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
-->
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
</Get>
|
||||||
|
</Configure>
|
|
@ -0,0 +1,10 @@
|
||||||
|
{
|
||||||
|
"realm" : "demo",
|
||||||
|
"resource" : "session-portal",
|
||||||
|
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"auth-server-url" : "http://${my.host.name}:8081/auth",
|
||||||
|
"ssl-required" : "external",
|
||||||
|
"credentials" : {
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>adapter-test</module-name>
|
||||||
|
|
||||||
|
<servlet>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<servlet-class>org.keycloak.testsuite.adapter.SessionServlet</servlet-class>
|
||||||
|
</servlet>
|
||||||
|
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
|
||||||
|
<security-constraint>
|
||||||
|
<web-resource-collection>
|
||||||
|
<web-resource-name>Users</web-resource-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</web-resource-collection>
|
||||||
|
<auth-constraint>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</auth-constraint>
|
||||||
|
</security-constraint>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>BASIC</auth-method>
|
||||||
|
<realm-name>demo</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
|
@ -46,6 +46,7 @@ import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.protocol.oidc.OpenIDConnectService;
|
import org.keycloak.protocol.oidc.OpenIDConnectService;
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
|
import org.keycloak.testsuite.adapter.AdapterTestStrategy;
|
||||||
import org.keycloak.testsuite.pages.LoginPage;
|
import org.keycloak.testsuite.pages.LoginPage;
|
||||||
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
|
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
|
||||||
import org.keycloak.testsuite.rule.WebResource;
|
import org.keycloak.testsuite.rule.WebResource;
|
||||||
|
@ -58,109 +59,48 @@ import javax.servlet.http.HttpServlet;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
import javax.ws.rs.core.UriBuilder;
|
import javax.ws.rs.core.UriBuilder;
|
||||||
|
import java.io.File;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.OutputStream;
|
import java.io.OutputStream;
|
||||||
|
import java.net.URL;
|
||||||
import java.security.Principal;
|
import java.security.Principal;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||||
*/
|
*/
|
||||||
public class Jetty9Test {
|
public class Jetty9Test {
|
||||||
static String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
|
|
||||||
.queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8080/customer-portal").build("demo").toString();
|
|
||||||
|
|
||||||
@ClassRule
|
@ClassRule
|
||||||
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
|
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
|
||||||
@Override
|
@Override
|
||||||
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
|
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
|
||||||
RealmRepresentation representation = KeycloakServer.loadJson(getClass().getResourceAsStream("/jetty-test/demorealm.json"), RealmRepresentation.class);
|
RealmRepresentation representation = KeycloakServer.loadJson(getClass().getResourceAsStream("/adapter-test/demorealm.json"), RealmRepresentation.class);
|
||||||
RealmModel realm = manager.importRealm(representation);
|
RealmModel realm = manager.importRealm(representation);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
public static class SendUsernameServlet extends HttpServlet {
|
|
||||||
@Override
|
|
||||||
protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
|
|
||||||
if (req.getPathInfo().endsWith("logout")) {
|
|
||||||
req.logout();
|
|
||||||
resp.setContentType("text/plain");
|
|
||||||
OutputStream stream = resp.getOutputStream();
|
|
||||||
stream.write("logout".getBytes());
|
|
||||||
return;
|
|
||||||
|
|
||||||
}
|
|
||||||
resp.setContentType("text/plain");
|
|
||||||
OutputStream stream = resp.getOutputStream();
|
|
||||||
Principal principal = req.getUserPrincipal();
|
|
||||||
if (principal == null) {
|
|
||||||
stream.write("null".getBytes());
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
String name = principal.getName();
|
|
||||||
stream.write(name.getBytes());
|
|
||||||
stream.write("\n".getBytes());
|
|
||||||
KeycloakSecurityContext context = (KeycloakSecurityContext)req.getAttribute(KeycloakSecurityContext.class.getName());
|
|
||||||
stream.write(context.getIdToken().getName().getBytes());
|
|
||||||
stream.write("\n".getBytes());
|
|
||||||
stream.write(logoutUri.getBytes());
|
|
||||||
|
|
||||||
}
|
|
||||||
@Override
|
|
||||||
protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
|
|
||||||
doGet(req, resp);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public static Server server = null;
|
public static Server server = null;
|
||||||
protected static WebAppContext appContext = null;
|
|
||||||
|
|
||||||
|
|
||||||
protected static void deploySP() throws Exception {
|
|
||||||
appContext = new WebAppContext();
|
|
||||||
appContext.setResourceBase(Jetty9Test.class.getClassLoader().getResource("jetty-test/webapp").toExternalForm());
|
|
||||||
appContext.setContextPath("/customer-portal");
|
|
||||||
appContext.setParentLoaderPriority(true);
|
|
||||||
|
|
||||||
appContext.addServlet(new ServletHolder(new SendUsernameServlet()), "/*");
|
|
||||||
|
|
||||||
|
|
||||||
ConstraintSecurityHandler securityHandler = formHandler();
|
|
||||||
|
|
||||||
AbstractKeycloakJettyAuthenticator authenticator = new KeycloakJettyAuthenticator();
|
|
||||||
securityHandler.setAuthenticator(authenticator);
|
|
||||||
|
|
||||||
appContext.setSecurityHandler(securityHandler);
|
|
||||||
}
|
|
||||||
|
|
||||||
private static ConstraintSecurityHandler formHandler() {
|
|
||||||
Constraint constraint = new Constraint();
|
|
||||||
constraint.setName(Constraint.__FORM_AUTH);
|
|
||||||
;
|
|
||||||
constraint.setRoles(new String[] { "user", "admin" });
|
|
||||||
constraint.setAuthenticate(true);
|
|
||||||
|
|
||||||
ConstraintMapping constraintMapping = new ConstraintMapping();
|
|
||||||
constraintMapping.setConstraint(constraint);
|
|
||||||
constraintMapping.setPathSpec("/*");
|
|
||||||
|
|
||||||
ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
|
|
||||||
securityHandler.setConstraintMappings(new ConstraintMapping[] { constraintMapping });
|
|
||||||
|
|
||||||
HashLoginService loginService = new HashLoginService();
|
|
||||||
securityHandler.setLoginService(loginService);
|
|
||||||
return securityHandler;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@BeforeClass
|
@BeforeClass
|
||||||
public static void initJetty() throws Exception {
|
public static void initJetty() throws Exception {
|
||||||
server = new Server(8080);
|
server = new Server(8082);
|
||||||
|
List<Handler> list = new ArrayList<Handler>();
|
||||||
|
System.setProperty("app.server.base.url", "http://localhost:8082");
|
||||||
|
System.setProperty("my.host.name", "localhost");
|
||||||
|
URL dir = Jetty9Test.class.getResource("/adapter-test/demorealm.json");
|
||||||
|
File base = new File(dir.getFile()).getParentFile();
|
||||||
|
list.add(new WebAppContext(new File(base, "customer-portal").toString(), "/customer-portal"));
|
||||||
|
list.add(new WebAppContext(new File(base, "customer-db").toString(), "/customer-db"));
|
||||||
|
list.add(new WebAppContext(new File(base, "product-portal").toString(), "/product-portal"));
|
||||||
|
list.add(new WebAppContext(new File(base, "session-portal").toString(), "/session-portal"));
|
||||||
|
list.add(new WebAppContext(new File(base, "secure-portal").toString(), "/secure-portal"));
|
||||||
|
|
||||||
|
|
||||||
deploySP();
|
|
||||||
|
|
||||||
HandlerCollection handlers = new HandlerCollection();
|
HandlerCollection handlers = new HandlerCollection();
|
||||||
handlers.setHandlers(new Handler[] { appContext });
|
handlers.setHandlers(list.toArray(new Handler[list.size()]));
|
||||||
server.setHandler(handlers);
|
server.setHandler(handlers);
|
||||||
|
|
||||||
server.start();
|
server.start();
|
||||||
|
@ -175,55 +115,74 @@ public class Jetty9Test {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Rule
|
@Rule
|
||||||
public WebRule webRule = new WebRule(this);
|
public AdapterTestStrategy testStrategy = new AdapterTestStrategy("http://localhost:8081/auth", "http://localhost:8082", keycloakRule, true);
|
||||||
@WebResource
|
|
||||||
protected WebDriver driver;
|
|
||||||
@WebResource
|
|
||||||
protected LoginPage loginPage;
|
|
||||||
|
|
||||||
public static final String LOGIN_URL = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
|
|
||||||
@Test
|
@Test
|
||||||
public void testLoginSSOAndLogout() throws Exception {
|
public void testLoginSSOAndLogout() throws Exception {
|
||||||
driver.navigate().to("http://localhost:8080/customer-portal");
|
testStrategy.testLoginSSOAndLogout();
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
}
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
loginPage.login("bburke@redhat.com", "password");
|
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
|
||||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8080/customer-portal/");
|
|
||||||
String pageSource = driver.getPageSource();
|
|
||||||
System.out.println(pageSource);
|
|
||||||
Assert.assertTrue(pageSource.contains("Bill Burke"));
|
|
||||||
|
|
||||||
// test logout
|
@Test
|
||||||
|
public void testServletRequestLogout() throws Exception {
|
||||||
String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
|
testStrategy.testServletRequestLogout();
|
||||||
.queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8080/customer-portal").build("demo").toString();
|
}
|
||||||
driver.navigate().to(logoutUri);
|
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
driver.navigate().to("http://localhost:8080/customer-portal");
|
|
||||||
String currentUrl = driver.getCurrentUrl();
|
|
||||||
Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
|
|
||||||
|
|
||||||
// test servletRequest.logout()
|
|
||||||
loginPage.login("bburke@redhat.com", "password");
|
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
|
||||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8080/customer-portal/");
|
|
||||||
pageSource = driver.getPageSource();
|
|
||||||
System.out.println(pageSource);
|
|
||||||
Assert.assertTrue(pageSource.contains("Bill Burke"));
|
|
||||||
driver.navigate().to("http://localhost:8080/customer-portal/logout");
|
|
||||||
pageSource = driver.getPageSource();
|
|
||||||
Assert.assertTrue(pageSource.contains("logout"));
|
|
||||||
driver.navigate().to("http://localhost:8080/customer-portal");
|
|
||||||
currentUrl = driver.getCurrentUrl();
|
|
||||||
Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
|
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testLoginSSOIdle() throws Exception {
|
||||||
|
testStrategy.testLoginSSOIdle();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@Ignore
|
public void testLoginSSOIdleRemoveExpiredUserSessions() throws Exception {
|
||||||
public void runit() throws Exception {
|
testStrategy.testLoginSSOIdleRemoveExpiredUserSessions();
|
||||||
Thread.sleep(10000000);
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testLoginSSOMax() throws Exception {
|
||||||
|
testStrategy.testLoginSSOMax();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-518
|
||||||
|
* @throws Exception
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testNullBearerToken() throws Exception {
|
||||||
|
testStrategy.testNullBearerToken();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-518
|
||||||
|
* @throws Exception
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testBadUser() throws Exception {
|
||||||
|
testStrategy.testBadUser();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testVersion() throws Exception {
|
||||||
|
testStrategy.testVersion();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-732
|
||||||
|
*
|
||||||
|
* @throws Throwable
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testSingleSessionInvalidated() throws Throwable {
|
||||||
|
testStrategy.testSingleSessionInvalidated();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-741
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testSessionInvalidatedAfterFailedRefresh() throws Throwable {
|
||||||
|
testStrategy.testSessionInvalidatedAfterFailedRefresh();
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,29 @@
|
||||||
|
<?xml version="1.0"?>
|
||||||
|
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
|
||||||
|
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
|
||||||
|
<Get name="securityHandler">
|
||||||
|
<Set name="authenticator">
|
||||||
|
<New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
|
||||||
|
<!--
|
||||||
|
<Set name="adapterConfig">
|
||||||
|
<New class="org.keycloak.representations.adapters.config.AdapterConfig">
|
||||||
|
<Set name="realm">tomcat</Set>
|
||||||
|
<Set name="resource">customer-portal</Set>
|
||||||
|
<Set name="authServerUrl">http://localhost:8081/auth</Set>
|
||||||
|
<Set name="sslRequired">external</Set>
|
||||||
|
<Set name="credentials">
|
||||||
|
<Map>
|
||||||
|
<Entry>
|
||||||
|
<Item>secret</Item>
|
||||||
|
<Item>password</Item>
|
||||||
|
</Entry>
|
||||||
|
</Map>
|
||||||
|
</Set>
|
||||||
|
<Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
-->
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
</Get>
|
||||||
|
</Configure>
|
|
@ -0,0 +1,9 @@
|
||||||
|
{
|
||||||
|
"realm" : "demo",
|
||||||
|
"resource" : "customer-db",
|
||||||
|
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"ssl-required" : "external",
|
||||||
|
"bearer-only" : true,
|
||||||
|
"enable-cors" : true
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>adapter-test</module-name>
|
||||||
|
|
||||||
|
<servlet>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<servlet-class>org.keycloak.testsuite.adapter.CustomerDatabaseServlet</servlet-class>
|
||||||
|
</servlet>
|
||||||
|
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
|
||||||
|
<security-constraint>
|
||||||
|
<web-resource-collection>
|
||||||
|
<web-resource-name>Users</web-resource-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</web-resource-collection>
|
||||||
|
<auth-constraint>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</auth-constraint>
|
||||||
|
</security-constraint>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>BASIC</auth-method>
|
||||||
|
<realm-name>demo</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
|
@ -0,0 +1,29 @@
|
||||||
|
<?xml version="1.0"?>
|
||||||
|
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
|
||||||
|
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
|
||||||
|
<Get name="securityHandler">
|
||||||
|
<Set name="authenticator">
|
||||||
|
<New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
|
||||||
|
<!--
|
||||||
|
<Set name="adapterConfig">
|
||||||
|
<New class="org.keycloak.representations.adapters.config.AdapterConfig">
|
||||||
|
<Set name="realm">tomcat</Set>
|
||||||
|
<Set name="resource">customer-portal</Set>
|
||||||
|
<Set name="authServerUrl">http://localhost:8081/auth</Set>
|
||||||
|
<Set name="sslRequired">external</Set>
|
||||||
|
<Set name="credentials">
|
||||||
|
<Map>
|
||||||
|
<Entry>
|
||||||
|
<Item>secret</Item>
|
||||||
|
<Item>password</Item>
|
||||||
|
</Entry>
|
||||||
|
</Map>
|
||||||
|
</Set>
|
||||||
|
<Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
-->
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
</Get>
|
||||||
|
</Configure>
|
|
@ -4,6 +4,7 @@
|
||||||
"realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
"realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
"auth-server-url": "http://localhost:8081/auth",
|
"auth-server-url": "http://localhost:8081/auth",
|
||||||
"ssl-required" : "external",
|
"ssl-required" : "external",
|
||||||
|
"expose-token": true,
|
||||||
"credentials": {
|
"credentials": {
|
||||||
"secret": "password"
|
"secret": "password"
|
||||||
}
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>adapter-test</module-name>
|
||||||
|
|
||||||
|
<servlet>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<servlet-class>org.keycloak.testsuite.adapter.CustomerServlet</servlet-class>
|
||||||
|
</servlet>
|
||||||
|
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
|
||||||
|
<security-constraint>
|
||||||
|
<web-resource-collection>
|
||||||
|
<web-resource-name>Users</web-resource-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</web-resource-collection>
|
||||||
|
<auth-constraint>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</auth-constraint>
|
||||||
|
</security-constraint>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>BASIC</auth-method>
|
||||||
|
<realm-name>demo</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
141
testsuite/jetty/jetty92/src/test/resources/adapter-test/demorealm.json
Executable file
141
testsuite/jetty/jetty92/src/test/resources/adapter-test/demorealm.json
Executable file
|
@ -0,0 +1,141 @@
|
||||||
|
{
|
||||||
|
"id": "demo",
|
||||||
|
"realm": "demo",
|
||||||
|
"enabled": true,
|
||||||
|
"accessTokenLifespan": 3000,
|
||||||
|
"accessCodeLifespan": 10,
|
||||||
|
"accessCodeLifespanUserAction": 6000,
|
||||||
|
"sslRequired": "external",
|
||||||
|
"registrationAllowed": false,
|
||||||
|
"social": false,
|
||||||
|
"passwordCredentialGrantAllowed": true,
|
||||||
|
"updateProfileOnInitialSocialLogin": false,
|
||||||
|
"privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
|
||||||
|
"publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"requiredCredentials": [ "password" ],
|
||||||
|
"users" : [
|
||||||
|
{
|
||||||
|
"username" : "bburke@redhat.com",
|
||||||
|
"enabled": true,
|
||||||
|
"email" : "bburke@redhat.com",
|
||||||
|
"firstName": "Bill",
|
||||||
|
"lastName": "Burke",
|
||||||
|
"credentials" : [
|
||||||
|
{ "type" : "password",
|
||||||
|
"value" : "password" }
|
||||||
|
],
|
||||||
|
"realmRoles": [ "user" ],
|
||||||
|
"applicationRoles": {
|
||||||
|
"account": [ "manage-account" ]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"roles" : {
|
||||||
|
"realm" : [
|
||||||
|
{
|
||||||
|
"name": "user",
|
||||||
|
"description": "User privileges"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "admin",
|
||||||
|
"description": "Administrator privileges"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"scopeMappings": [
|
||||||
|
{
|
||||||
|
"client": "third-party",
|
||||||
|
"roles": ["user"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"client": "customer-portal",
|
||||||
|
"roles": ["user"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"client": "product-portal",
|
||||||
|
"roles": ["user"]
|
||||||
|
}
|
||||||
|
|
||||||
|
],
|
||||||
|
"applications": [
|
||||||
|
{
|
||||||
|
"name": "customer-portal",
|
||||||
|
"enabled": true,
|
||||||
|
"adminUrl": "http://localhost:8082/customer-portal",
|
||||||
|
"baseUrl": "http://localhost:8082/customer-portal",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/customer-portal/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "customer-cookie-portal",
|
||||||
|
"enabled": true,
|
||||||
|
"baseUrl": "http://localhost:8082/customer-cookie-portal",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/customer-cookie-portal/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "customer-portal-js",
|
||||||
|
"enabled": true,
|
||||||
|
"publicClient": true,
|
||||||
|
"adminUrl": "http://localhost:8082/customer-portal-js",
|
||||||
|
"baseUrl": "http://localhost:8082/customer-portal-js",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8080/customer-portal-js/*"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "customer-portal-cli",
|
||||||
|
"enabled": true,
|
||||||
|
"publicClient": true,
|
||||||
|
"redirectUris": [
|
||||||
|
"urn:ietf:wg:oauth:2.0:oob",
|
||||||
|
"http://localhost"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "product-portal",
|
||||||
|
"enabled": true,
|
||||||
|
"adminUrl": "http://localhost:8082/product-portal",
|
||||||
|
"baseUrl": "http://localhost:8082/product-portal",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/product-portal/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "secure-portal",
|
||||||
|
"enabled": true,
|
||||||
|
"adminUrl": "http://localhost:8082/secure-portal",
|
||||||
|
"baseUrl": "http://localhost:8082/secure-portal",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/secure-portal/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "session-portal",
|
||||||
|
"enabled": true,
|
||||||
|
"adminUrl": "http://localhost:8082/session-portal",
|
||||||
|
"baseUrl": "http://localhost:8082/session-portal",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/session-portal/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"oauthClients": [
|
||||||
|
{
|
||||||
|
"name": "third-party",
|
||||||
|
"enabled": true,
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/oauth-client/*",
|
||||||
|
"http://localhost:8082/oauth-client-cdi/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,29 @@
|
||||||
|
<?xml version="1.0"?>
|
||||||
|
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
|
||||||
|
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
|
||||||
|
<Get name="securityHandler">
|
||||||
|
<Set name="authenticator">
|
||||||
|
<New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
|
||||||
|
<!--
|
||||||
|
<Set name="adapterConfig">
|
||||||
|
<New class="org.keycloak.representations.adapters.config.AdapterConfig">
|
||||||
|
<Set name="realm">tomcat</Set>
|
||||||
|
<Set name="resource">customer-portal</Set>
|
||||||
|
<Set name="authServerUrl">http://localhost:8081/auth</Set>
|
||||||
|
<Set name="sslRequired">external</Set>
|
||||||
|
<Set name="credentials">
|
||||||
|
<Map>
|
||||||
|
<Entry>
|
||||||
|
<Item>secret</Item>
|
||||||
|
<Item>password</Item>
|
||||||
|
</Entry>
|
||||||
|
</Map>
|
||||||
|
</Set>
|
||||||
|
<Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
-->
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
</Get>
|
||||||
|
</Configure>
|
|
@ -0,0 +1,10 @@
|
||||||
|
{
|
||||||
|
"realm" : "demo",
|
||||||
|
"resource" : "product-portal",
|
||||||
|
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"auth-server-url" : "http://localhost:8081/auth",
|
||||||
|
"ssl-required" : "external",
|
||||||
|
"credentials" : {
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>adapter-test</module-name>
|
||||||
|
|
||||||
|
<servlet>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<servlet-class>org.keycloak.testsuite.adapter.ProductServlet</servlet-class>
|
||||||
|
</servlet>
|
||||||
|
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
|
||||||
|
<security-constraint>
|
||||||
|
<web-resource-collection>
|
||||||
|
<web-resource-name>Users</web-resource-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</web-resource-collection>
|
||||||
|
<auth-constraint>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</auth-constraint>
|
||||||
|
</security-constraint>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>BASIC</auth-method>
|
||||||
|
<realm-name>demo</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
|
@ -0,0 +1,29 @@
|
||||||
|
<?xml version="1.0"?>
|
||||||
|
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
|
||||||
|
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
|
||||||
|
<Get name="securityHandler">
|
||||||
|
<Set name="authenticator">
|
||||||
|
<New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
|
||||||
|
<!--
|
||||||
|
<Set name="adapterConfig">
|
||||||
|
<New class="org.keycloak.representations.adapters.config.AdapterConfig">
|
||||||
|
<Set name="realm">tomcat</Set>
|
||||||
|
<Set name="resource">customer-portal</Set>
|
||||||
|
<Set name="authServerUrl">http://localhost:8081/auth</Set>
|
||||||
|
<Set name="sslRequired">external</Set>
|
||||||
|
<Set name="credentials">
|
||||||
|
<Map>
|
||||||
|
<Entry>
|
||||||
|
<Item>secret</Item>
|
||||||
|
<Item>password</Item>
|
||||||
|
</Entry>
|
||||||
|
</Map>
|
||||||
|
</Set>
|
||||||
|
<Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
-->
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
</Get>
|
||||||
|
</Configure>
|
|
@ -0,0 +1,10 @@
|
||||||
|
{
|
||||||
|
"realm" : "demo",
|
||||||
|
"resource" : "secure-portal",
|
||||||
|
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"auth-server-url" : "http://localhost:8080/auth",
|
||||||
|
"ssl-required" : "external",
|
||||||
|
"credentials" : {
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,30 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>adapter-test</module-name>
|
||||||
|
|
||||||
|
<servlet>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<servlet-class>org.keycloak.testsuite.adapter.CallAuthenticatedServlet</servlet-class>
|
||||||
|
</servlet>
|
||||||
|
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>BASIC</auth-method>
|
||||||
|
<realm-name>demo</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
|
@ -0,0 +1,29 @@
|
||||||
|
<?xml version="1.0"?>
|
||||||
|
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
|
||||||
|
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
|
||||||
|
<Get name="securityHandler">
|
||||||
|
<Set name="authenticator">
|
||||||
|
<New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
|
||||||
|
<!--
|
||||||
|
<Set name="adapterConfig">
|
||||||
|
<New class="org.keycloak.representations.adapters.config.AdapterConfig">
|
||||||
|
<Set name="realm">tomcat</Set>
|
||||||
|
<Set name="resource">customer-portal</Set>
|
||||||
|
<Set name="authServerUrl">http://localhost:8081/auth</Set>
|
||||||
|
<Set name="sslRequired">external</Set>
|
||||||
|
<Set name="credentials">
|
||||||
|
<Map>
|
||||||
|
<Entry>
|
||||||
|
<Item>secret</Item>
|
||||||
|
<Item>password</Item>
|
||||||
|
</Entry>
|
||||||
|
</Map>
|
||||||
|
</Set>
|
||||||
|
<Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
-->
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
</Get>
|
||||||
|
</Configure>
|
|
@ -0,0 +1,10 @@
|
||||||
|
{
|
||||||
|
"realm" : "demo",
|
||||||
|
"resource" : "session-portal",
|
||||||
|
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"auth-server-url" : "http://${my.host.name}:8081/auth",
|
||||||
|
"ssl-required" : "external",
|
||||||
|
"credentials" : {
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>adapter-test</module-name>
|
||||||
|
|
||||||
|
<servlet>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<servlet-class>org.keycloak.testsuite.adapter.SessionServlet</servlet-class>
|
||||||
|
</servlet>
|
||||||
|
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
|
||||||
|
<security-constraint>
|
||||||
|
<web-resource-collection>
|
||||||
|
<web-resource-name>Users</web-resource-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</web-resource-collection>
|
||||||
|
<auth-constraint>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</auth-constraint>
|
||||||
|
</security-constraint>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>BASIC</auth-method>
|
||||||
|
<realm-name>demo</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
|
@ -1,58 +0,0 @@
|
||||||
{
|
|
||||||
"id": "demo",
|
|
||||||
"realm": "demo",
|
|
||||||
"enabled": true,
|
|
||||||
"accessTokenLifespan": 3000,
|
|
||||||
"accessCodeLifespan": 10,
|
|
||||||
"accessCodeLifespanUserAction": 6000,
|
|
||||||
"sslRequired": "external",
|
|
||||||
"registrationAllowed": false,
|
|
||||||
"social": false,
|
|
||||||
"passwordCredentialGrantAllowed": true,
|
|
||||||
"updateProfileOnInitialSocialLogin": false,
|
|
||||||
"privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
|
|
||||||
"publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
|
||||||
"requiredCredentials": [ "password" ],
|
|
||||||
"users" : [
|
|
||||||
{
|
|
||||||
"username" : "bburke@redhat.com",
|
|
||||||
"enabled": true,
|
|
||||||
"email" : "bburke@redhat.com",
|
|
||||||
"firstName": "Bill",
|
|
||||||
"lastName": "Burke",
|
|
||||||
"credentials" : [
|
|
||||||
{ "type" : "password",
|
|
||||||
"value" : "password" }
|
|
||||||
],
|
|
||||||
"realmRoles": [ "user", "admin" ],
|
|
||||||
"applicationRoles": {
|
|
||||||
"account": [ "manage-account" ]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"roles" : {
|
|
||||||
"realm" : [
|
|
||||||
{
|
|
||||||
"name": "user",
|
|
||||||
"description": "User privileges"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "admin",
|
|
||||||
"description": "Administrator privileges"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"applications": [
|
|
||||||
{
|
|
||||||
"name": "customer-portal",
|
|
||||||
"enabled": true,
|
|
||||||
"fullScopeAllowed": true,
|
|
||||||
"adminUrl": "http://localhost:8080/customer-portal",
|
|
||||||
"baseUrl": "http://localhost:8080/customer-portal",
|
|
||||||
"redirectUris": [
|
|
||||||
"http://localhost:8080/customer-portal/*"
|
|
||||||
],
|
|
||||||
"secret": "password"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
|
@ -17,6 +17,7 @@ public class TomcatServer {
|
||||||
|
|
||||||
private static final Logger LOG = LoggerFactory.getLogger(TomcatServer.class);
|
private static final Logger LOG = LoggerFactory.getLogger(TomcatServer.class);
|
||||||
private static final boolean isInfo = LOG.isInfoEnabled();
|
private static final boolean isInfo = LOG.isInfoEnabled();
|
||||||
|
private final Host host;
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -33,20 +34,11 @@ public class TomcatServer {
|
||||||
* </Server></pre>
|
* </Server></pre>
|
||||||
* <Server> & <Service> will be created automcatically. We need to hook the remaining to an {@link Embedded} instnace
|
* <Server> & <Service> will be created automcatically. We need to hook the remaining to an {@link Embedded} instnace
|
||||||
*
|
*
|
||||||
* @param contextPath Context path for the application
|
|
||||||
* @param port Port number to be used for the embedded Tomcat server
|
* @param port Port number to be used for the embedded Tomcat server
|
||||||
* @param appBase Path to the Application files (for Maven based web apps, in general: <code>/src/main/</code>)
|
* @param appBase Path to the Application files (for Maven based web apps, in general: <code>/src/main/</code>)
|
||||||
* @param shutdownHook If true, registers a server' shutdown hook with JVM. This is useful to shutdown the server
|
|
||||||
* in erroneous cases.
|
|
||||||
* @throws Exception
|
* @throws Exception
|
||||||
*/
|
*/
|
||||||
public TomcatServer(String contextPath, int port, String appBase, boolean shutdownHook) {
|
public TomcatServer(int port, String appBase) {
|
||||||
if (contextPath == null || appBase == null || appBase.length() == 0) {
|
|
||||||
throw new IllegalArgumentException("Context path or appbase should not be null");
|
|
||||||
}
|
|
||||||
if (!contextPath.startsWith("/")) {
|
|
||||||
contextPath = "/" + contextPath;
|
|
||||||
}
|
|
||||||
|
|
||||||
this.port = port;
|
this.port = port;
|
||||||
|
|
||||||
|
@ -54,44 +46,24 @@ public class TomcatServer {
|
||||||
server.setName("TomcatEmbeddedServer");
|
server.setName("TomcatEmbeddedServer");
|
||||||
server.setCatalinaBase(TomcatTest.getBaseDirectory());
|
server.setCatalinaBase(TomcatTest.getBaseDirectory());
|
||||||
|
|
||||||
Host localHost = server.createHost("localhost", appBase);
|
host = server.createHost("localhost", appBase);
|
||||||
localHost.setAutoDeploy(false);
|
host.setAutoDeploy(false);
|
||||||
|
|
||||||
StandardContext rootContext = (StandardContext) server.createContext(contextPath, "webapp");
|
}
|
||||||
|
|
||||||
|
public void deploy(String contextPath, String appDir) {
|
||||||
|
if (contextPath == null) {
|
||||||
|
throw new IllegalArgumentException("Context path or appbase should not be null");
|
||||||
|
}
|
||||||
|
if (!contextPath.startsWith("/")) {
|
||||||
|
contextPath = "/" + contextPath;
|
||||||
|
}
|
||||||
|
StandardContext rootContext = (StandardContext) server.createContext(contextPath, appDir);
|
||||||
KeycloakAuthenticatorValve valve = new KeycloakAuthenticatorValve();
|
KeycloakAuthenticatorValve valve = new KeycloakAuthenticatorValve();
|
||||||
rootContext.addValve(valve);
|
rootContext.addValve(valve);
|
||||||
//rootContext.addLifecycleListener(valve);
|
//rootContext.addLifecycleListener(valve);
|
||||||
rootContext.setDefaultWebXml("web.xml");
|
rootContext.setDefaultWebXml("web.xml");
|
||||||
localHost.addChild(rootContext);
|
host.addChild(rootContext);
|
||||||
|
|
||||||
Engine engine = server.createEngine();
|
|
||||||
engine.setDefaultHost(localHost.getName());
|
|
||||||
engine.setName("TomcatEngine");
|
|
||||||
engine.addChild(localHost);
|
|
||||||
|
|
||||||
server.addEngine(engine);
|
|
||||||
|
|
||||||
Connector connector = server.createConnector(localHost.getName(), port, false);
|
|
||||||
server.addConnector(connector);
|
|
||||||
|
|
||||||
// register shutdown hook
|
|
||||||
if (shutdownHook) {
|
|
||||||
Runtime.getRuntime().addShutdownHook(new Thread() {
|
|
||||||
public void run() {
|
|
||||||
if (isRunning) {
|
|
||||||
if (isInfo) LOG.info("Stopping the Tomcat server, through shutdown hook");
|
|
||||||
try {
|
|
||||||
if (server != null) {
|
|
||||||
server.stop();
|
|
||||||
}
|
|
||||||
} catch (LifecycleException e) {
|
|
||||||
LOG.error("Error while stopping the Tomcat server, through shutdown hook", e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -103,6 +75,16 @@ public class TomcatServer {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Engine engine = server.createEngine();
|
||||||
|
engine.setDefaultHost(host.getName());
|
||||||
|
engine.setName("TomcatEngine");
|
||||||
|
engine.addChild(host);
|
||||||
|
|
||||||
|
server.addEngine(engine);
|
||||||
|
|
||||||
|
Connector connector = server.createConnector(host.getName(), port, false);
|
||||||
|
server.addConnector(connector);
|
||||||
|
|
||||||
if (isInfo) LOG.info("Starting the Tomcat server @ port={}", port);
|
if (isInfo) LOG.info("Starting the Tomcat server @ port={}", port);
|
||||||
|
|
||||||
server.setAwait(true);
|
server.setAwait(true);
|
||||||
|
|
|
@ -35,6 +35,7 @@ import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.protocol.oidc.OpenIDConnectService;
|
import org.keycloak.protocol.oidc.OpenIDConnectService;
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
|
import org.keycloak.testsuite.adapter.AdapterTestStrategy;
|
||||||
import org.keycloak.testsuite.pages.LoginPage;
|
import org.keycloak.testsuite.pages.LoginPage;
|
||||||
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
|
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
|
||||||
import org.keycloak.testsuite.rule.WebResource;
|
import org.keycloak.testsuite.rule.WebResource;
|
||||||
|
@ -58,51 +59,30 @@ import java.util.regex.Matcher;
|
||||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||||
*/
|
*/
|
||||||
public class TomcatTest {
|
public class TomcatTest {
|
||||||
static String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
|
|
||||||
.queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8080/customer-portal").build("demo").toString();
|
|
||||||
|
|
||||||
@ClassRule
|
@ClassRule
|
||||||
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
|
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
|
||||||
@Override
|
@Override
|
||||||
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
|
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
|
||||||
RealmRepresentation representation = KeycloakServer.loadJson(getClass().getResourceAsStream("/tomcat-test/demorealm.json"), RealmRepresentation.class);
|
RealmRepresentation representation = KeycloakServer.loadJson(getClass().getResourceAsStream("/adapter-test/demorealm.json"), RealmRepresentation.class);
|
||||||
RealmModel realm = manager.importRealm(representation);
|
RealmModel realm = manager.importRealm(representation);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
public static class SendUsernameServlet extends HttpServlet {
|
|
||||||
@Override
|
|
||||||
protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
|
|
||||||
resp.setContentType("text/plain");
|
|
||||||
OutputStream stream = resp.getOutputStream();
|
|
||||||
Principal principal = req.getUserPrincipal();
|
|
||||||
if (principal == null) {
|
|
||||||
stream.write("null".getBytes());
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
String name = principal.getName();
|
|
||||||
stream.write(name.getBytes());
|
|
||||||
stream.write("\n".getBytes());
|
|
||||||
KeycloakSecurityContext context = (KeycloakSecurityContext)req.getAttribute(KeycloakSecurityContext.class.getName());
|
|
||||||
stream.write(context.getIdToken().getName().getBytes());
|
|
||||||
stream.write("\n".getBytes());
|
|
||||||
stream.write(logoutUri.getBytes());
|
|
||||||
|
|
||||||
}
|
|
||||||
@Override
|
|
||||||
protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
|
|
||||||
doGet(req, resp);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
static TomcatServer tomcat = null;
|
static TomcatServer tomcat = null;
|
||||||
|
|
||||||
@BeforeClass
|
@BeforeClass
|
||||||
public static void initTomcat() throws Exception {
|
public static void initTomcat() throws Exception {
|
||||||
URL dir = TomcatTest.class.getResource("/tomcat-test/webapp/META-INF/context.xml");
|
URL dir = TomcatTest.class.getResource("/adapter-test/demorealm.json");
|
||||||
String baseDir = new File(dir.getFile()).getParentFile().getParentFile().getParentFile().toString();
|
String baseDir = new File(dir.getFile()).getParentFile().toString();
|
||||||
System.out.println("Tomcat basedir: " + baseDir);
|
System.out.println("Tomcat basedir: " + baseDir);
|
||||||
tomcat = new TomcatServer("/customer-portal", 8080, baseDir, false);
|
tomcat = new TomcatServer(8082, baseDir);
|
||||||
|
System.setProperty("app.server.base.url", "http://localhost:8082");
|
||||||
|
System.setProperty("my.host.name", "localhost");
|
||||||
|
tomcat.deploy("/customer-portal", "customer-portal");
|
||||||
|
tomcat.deploy("/customer-db", "customer-db");
|
||||||
|
tomcat.deploy("/product-portal", "product-portal");
|
||||||
|
tomcat.deploy("/secure-portal", "secure-portal");
|
||||||
|
tomcat.deploy("/session-portal", "session-portal");
|
||||||
|
|
||||||
|
|
||||||
tomcat.start();
|
tomcat.start();
|
||||||
|
@ -115,52 +95,77 @@ public class TomcatTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Rule
|
@Rule
|
||||||
public WebRule webRule = new WebRule(this);
|
public AdapterTestStrategy testStrategy = new AdapterTestStrategy("http://localhost:8081/auth", "http://localhost:8082", keycloakRule);
|
||||||
@WebResource
|
|
||||||
protected WebDriver driver;
|
|
||||||
@WebResource
|
|
||||||
protected LoginPage loginPage;
|
|
||||||
|
|
||||||
public static final String LOGIN_URL = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
|
|
||||||
|
|
||||||
@Ignore
|
|
||||||
@Test
|
|
||||||
public void testServer() throws Exception{
|
|
||||||
Thread.sleep(1000000000);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testLoginSSOAndLogout() throws Exception {
|
public void testLoginSSOAndLogout() throws Exception {
|
||||||
driver.navigate().to("http://localhost:8080/customer-portal");
|
testStrategy.testLoginSSOAndLogout();
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
}
|
||||||
//System.out.println(driver.getPageSource());
|
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
loginPage.login("bburke@redhat.com", "password");
|
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
|
||||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8080/customer-portal");
|
|
||||||
String pageSource = driver.getPageSource();
|
|
||||||
System.out.println(pageSource);
|
|
||||||
Assert.assertTrue(pageSource.contains("Bill Burke"));
|
|
||||||
|
|
||||||
// test logout
|
@Test
|
||||||
|
public void testServletRequestLogout() throws Exception {
|
||||||
String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
|
// can't test this. Servlet 2.5 doesn't have logout()
|
||||||
.queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8080/customer-portal").build("demo").toString();
|
//testStrategy.testServletRequestLogout();
|
||||||
driver.navigate().to(logoutUri);
|
}
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
driver.navigate().to("http://localhost:8080/customer-portal");
|
|
||||||
String currentUrl = driver.getCurrentUrl();
|
|
||||||
Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
|
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testLoginSSOIdle() throws Exception {
|
||||||
|
testStrategy.testLoginSSOIdle();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@Ignore
|
public void testLoginSSOIdleRemoveExpiredUserSessions() throws Exception {
|
||||||
public void runit() throws Exception {
|
testStrategy.testLoginSSOIdleRemoveExpiredUserSessions();
|
||||||
Thread.sleep(10000000);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testLoginSSOMax() throws Exception {
|
||||||
|
testStrategy.testLoginSSOMax();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-518
|
||||||
|
* @throws Exception
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testNullBearerToken() throws Exception {
|
||||||
|
testStrategy.testNullBearerToken();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-518
|
||||||
|
* @throws Exception
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testBadUser() throws Exception {
|
||||||
|
testStrategy.testBadUser();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testVersion() throws Exception {
|
||||||
|
testStrategy.testVersion();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-732
|
||||||
|
*
|
||||||
|
* @throws Throwable
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testSingleSessionInvalidated() throws Throwable {
|
||||||
|
testStrategy.testSingleSessionInvalidated();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-741
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testSessionInvalidatedAfterFailedRefresh() throws Throwable {
|
||||||
|
testStrategy.testSessionInvalidatedAfterFailedRefresh();
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
static String getBaseDirectory() {
|
static String getBaseDirectory() {
|
||||||
String dirPath = null;
|
String dirPath = null;
|
||||||
|
@ -176,12 +181,7 @@ public class TomcatTest {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
String absolutePath = new File(dirPath).getAbsolutePath();
|
String absolutePath = new File(dirPath).getAbsolutePath();
|
||||||
return absolutePath;
|
return absolutePath;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
{
|
||||||
|
"realm" : "demo",
|
||||||
|
"resource" : "customer-db",
|
||||||
|
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"ssl-required" : "external",
|
||||||
|
"bearer-only" : true,
|
||||||
|
"enable-cors" : true
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>adapter-test</module-name>
|
||||||
|
|
||||||
|
<servlet>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<servlet-class>org.keycloak.testsuite.adapter.CustomerDatabaseServlet</servlet-class>
|
||||||
|
</servlet>
|
||||||
|
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
|
||||||
|
<security-constraint>
|
||||||
|
<web-resource-collection>
|
||||||
|
<web-resource-name>Users</web-resource-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</web-resource-collection>
|
||||||
|
<auth-constraint>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</auth-constraint>
|
||||||
|
</security-constraint>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>BASIC</auth-method>
|
||||||
|
<realm-name>demo</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
|
@ -0,0 +1,11 @@
|
||||||
|
{
|
||||||
|
"realm": "demo",
|
||||||
|
"resource": "customer-portal",
|
||||||
|
"realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"auth-server-url": "http://localhost:8081/auth",
|
||||||
|
"ssl-required" : "external",
|
||||||
|
"expose-token": true,
|
||||||
|
"credentials": {
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>adapter-test</module-name>
|
||||||
|
|
||||||
|
<servlet>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<servlet-class>org.keycloak.testsuite.adapter.CustomerServlet</servlet-class>
|
||||||
|
</servlet>
|
||||||
|
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
|
||||||
|
<security-constraint>
|
||||||
|
<web-resource-collection>
|
||||||
|
<web-resource-name>Users</web-resource-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</web-resource-collection>
|
||||||
|
<auth-constraint>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</auth-constraint>
|
||||||
|
</security-constraint>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>BASIC</auth-method>
|
||||||
|
<realm-name>demo</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
141
testsuite/tomcat6/src/test/resources/adapter-test/demorealm.json
Executable file
141
testsuite/tomcat6/src/test/resources/adapter-test/demorealm.json
Executable file
|
@ -0,0 +1,141 @@
|
||||||
|
{
|
||||||
|
"id": "demo",
|
||||||
|
"realm": "demo",
|
||||||
|
"enabled": true,
|
||||||
|
"accessTokenLifespan": 3000,
|
||||||
|
"accessCodeLifespan": 10,
|
||||||
|
"accessCodeLifespanUserAction": 6000,
|
||||||
|
"sslRequired": "external",
|
||||||
|
"registrationAllowed": false,
|
||||||
|
"social": false,
|
||||||
|
"passwordCredentialGrantAllowed": true,
|
||||||
|
"updateProfileOnInitialSocialLogin": false,
|
||||||
|
"privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
|
||||||
|
"publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"requiredCredentials": [ "password" ],
|
||||||
|
"users" : [
|
||||||
|
{
|
||||||
|
"username" : "bburke@redhat.com",
|
||||||
|
"enabled": true,
|
||||||
|
"email" : "bburke@redhat.com",
|
||||||
|
"firstName": "Bill",
|
||||||
|
"lastName": "Burke",
|
||||||
|
"credentials" : [
|
||||||
|
{ "type" : "password",
|
||||||
|
"value" : "password" }
|
||||||
|
],
|
||||||
|
"realmRoles": [ "user" ],
|
||||||
|
"applicationRoles": {
|
||||||
|
"account": [ "manage-account" ]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"roles" : {
|
||||||
|
"realm" : [
|
||||||
|
{
|
||||||
|
"name": "user",
|
||||||
|
"description": "User privileges"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "admin",
|
||||||
|
"description": "Administrator privileges"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"scopeMappings": [
|
||||||
|
{
|
||||||
|
"client": "third-party",
|
||||||
|
"roles": ["user"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"client": "customer-portal",
|
||||||
|
"roles": ["user"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"client": "product-portal",
|
||||||
|
"roles": ["user"]
|
||||||
|
}
|
||||||
|
|
||||||
|
],
|
||||||
|
"applications": [
|
||||||
|
{
|
||||||
|
"name": "customer-portal",
|
||||||
|
"enabled": true,
|
||||||
|
"adminUrl": "http://localhost:8082/customer-portal",
|
||||||
|
"baseUrl": "http://localhost:8082/customer-portal",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/customer-portal/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "customer-cookie-portal",
|
||||||
|
"enabled": true,
|
||||||
|
"baseUrl": "http://localhost:8082/customer-cookie-portal",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/customer-cookie-portal/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "customer-portal-js",
|
||||||
|
"enabled": true,
|
||||||
|
"publicClient": true,
|
||||||
|
"adminUrl": "http://localhost:8082/customer-portal-js",
|
||||||
|
"baseUrl": "http://localhost:8082/customer-portal-js",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8080/customer-portal-js/*"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "customer-portal-cli",
|
||||||
|
"enabled": true,
|
||||||
|
"publicClient": true,
|
||||||
|
"redirectUris": [
|
||||||
|
"urn:ietf:wg:oauth:2.0:oob",
|
||||||
|
"http://localhost"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "product-portal",
|
||||||
|
"enabled": true,
|
||||||
|
"adminUrl": "http://localhost:8082/product-portal",
|
||||||
|
"baseUrl": "http://localhost:8082/product-portal",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/product-portal/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "secure-portal",
|
||||||
|
"enabled": true,
|
||||||
|
"adminUrl": "http://localhost:8082/secure-portal",
|
||||||
|
"baseUrl": "http://localhost:8082/secure-portal",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/secure-portal/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "session-portal",
|
||||||
|
"enabled": true,
|
||||||
|
"adminUrl": "http://localhost:8082/session-portal",
|
||||||
|
"baseUrl": "http://localhost:8082/session-portal",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/session-portal/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"oauthClients": [
|
||||||
|
{
|
||||||
|
"name": "third-party",
|
||||||
|
"enabled": true,
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/oauth-client/*",
|
||||||
|
"http://localhost:8082/oauth-client-cdi/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,3 @@
|
||||||
|
<Context path="/customer-portal">
|
||||||
|
<Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
|
||||||
|
</Context>
|
|
@ -0,0 +1,10 @@
|
||||||
|
{
|
||||||
|
"realm" : "demo",
|
||||||
|
"resource" : "product-portal",
|
||||||
|
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"auth-server-url" : "http://localhost:8081/auth",
|
||||||
|
"ssl-required" : "external",
|
||||||
|
"credentials" : {
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>adapter-test</module-name>
|
||||||
|
|
||||||
|
<servlet>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<servlet-class>org.keycloak.testsuite.adapter.ProductServlet</servlet-class>
|
||||||
|
</servlet>
|
||||||
|
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
|
||||||
|
<security-constraint>
|
||||||
|
<web-resource-collection>
|
||||||
|
<web-resource-name>Users</web-resource-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</web-resource-collection>
|
||||||
|
<auth-constraint>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</auth-constraint>
|
||||||
|
</security-constraint>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>BASIC</auth-method>
|
||||||
|
<realm-name>demo</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
|
@ -0,0 +1,3 @@
|
||||||
|
<Context path="/customer-portal">
|
||||||
|
<Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
|
||||||
|
</Context>
|
|
@ -0,0 +1,10 @@
|
||||||
|
{
|
||||||
|
"realm" : "demo",
|
||||||
|
"resource" : "secure-portal",
|
||||||
|
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"auth-server-url" : "http://localhost:8080/auth",
|
||||||
|
"ssl-required" : "external",
|
||||||
|
"credentials" : {
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,30 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>adapter-test</module-name>
|
||||||
|
|
||||||
|
<servlet>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<servlet-class>org.keycloak.testsuite.adapter.CallAuthenticatedServlet</servlet-class>
|
||||||
|
</servlet>
|
||||||
|
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>BASIC</auth-method>
|
||||||
|
<realm-name>demo</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
|
@ -0,0 +1,3 @@
|
||||||
|
<Context path="/customer-portal">
|
||||||
|
<Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
|
||||||
|
</Context>
|
|
@ -0,0 +1,10 @@
|
||||||
|
{
|
||||||
|
"realm" : "demo",
|
||||||
|
"resource" : "session-portal",
|
||||||
|
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"auth-server-url" : "http://${my.host.name}:8081/auth",
|
||||||
|
"ssl-required" : "external",
|
||||||
|
"credentials" : {
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>adapter-test</module-name>
|
||||||
|
|
||||||
|
<servlet>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<servlet-class>org.keycloak.testsuite.adapter.SessionServlet</servlet-class>
|
||||||
|
</servlet>
|
||||||
|
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
|
||||||
|
<security-constraint>
|
||||||
|
<web-resource-collection>
|
||||||
|
<web-resource-name>Users</web-resource-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</web-resource-collection>
|
||||||
|
<auth-constraint>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</auth-constraint>
|
||||||
|
</security-constraint>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>BASIC</auth-method>
|
||||||
|
<realm-name>demo</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
|
@ -1,58 +0,0 @@
|
||||||
{
|
|
||||||
"id": "demo",
|
|
||||||
"realm": "demo",
|
|
||||||
"enabled": true,
|
|
||||||
"accessTokenLifespan": 3000,
|
|
||||||
"accessCodeLifespan": 10,
|
|
||||||
"accessCodeLifespanUserAction": 6000,
|
|
||||||
"sslRequired": "external",
|
|
||||||
"registrationAllowed": false,
|
|
||||||
"social": false,
|
|
||||||
"passwordCredentialGrantAllowed": true,
|
|
||||||
"updateProfileOnInitialSocialLogin": false,
|
|
||||||
"privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
|
|
||||||
"publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
|
||||||
"requiredCredentials": [ "password" ],
|
|
||||||
"users" : [
|
|
||||||
{
|
|
||||||
"username" : "bburke@redhat.com",
|
|
||||||
"enabled": true,
|
|
||||||
"email" : "bburke@redhat.com",
|
|
||||||
"firstName": "Bill",
|
|
||||||
"lastName": "Burke",
|
|
||||||
"credentials" : [
|
|
||||||
{ "type" : "password",
|
|
||||||
"value" : "password" }
|
|
||||||
],
|
|
||||||
"realmRoles": [ "user", "admin" ],
|
|
||||||
"applicationRoles": {
|
|
||||||
"account": [ "manage-account" ]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"roles" : {
|
|
||||||
"realm" : [
|
|
||||||
{
|
|
||||||
"name": "user",
|
|
||||||
"description": "User privileges"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "admin",
|
|
||||||
"description": "Administrator privileges"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"applications": [
|
|
||||||
{
|
|
||||||
"name": "customer-portal",
|
|
||||||
"enabled": true,
|
|
||||||
"fullScopeAllowed": true,
|
|
||||||
"adminUrl": "http://localhost:8080/customer-portal",
|
|
||||||
"baseUrl": "http://localhost:8080/customer-portal",
|
|
||||||
"redirectUris": [
|
|
||||||
"http://localhost:8080/customer-portal/*"
|
|
||||||
],
|
|
||||||
"secret": "password"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
|
@ -36,6 +36,7 @@ import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.protocol.oidc.OpenIDConnectService;
|
import org.keycloak.protocol.oidc.OpenIDConnectService;
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
|
import org.keycloak.testsuite.adapter.AdapterTestStrategy;
|
||||||
import org.keycloak.testsuite.pages.LoginPage;
|
import org.keycloak.testsuite.pages.LoginPage;
|
||||||
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
|
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
|
||||||
import org.keycloak.testsuite.rule.WebResource;
|
import org.keycloak.testsuite.rule.WebResource;
|
||||||
|
@ -59,56 +60,33 @@ import java.util.regex.Matcher;
|
||||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||||
*/
|
*/
|
||||||
public class Tomcat7Test {
|
public class Tomcat7Test {
|
||||||
static String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
|
|
||||||
.queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8080/customer-portal").build("demo").toString();
|
|
||||||
|
|
||||||
@ClassRule
|
@ClassRule
|
||||||
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
|
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
|
||||||
@Override
|
@Override
|
||||||
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
|
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
|
||||||
RealmRepresentation representation = KeycloakServer.loadJson(getClass().getResourceAsStream("/tomcat-test/demorealm.json"), RealmRepresentation.class);
|
RealmRepresentation representation = KeycloakServer.loadJson(getClass().getResourceAsStream("/adapter-test/demorealm.json"), RealmRepresentation.class);
|
||||||
RealmModel realm = manager.importRealm(representation);
|
RealmModel realm = manager.importRealm(representation);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
public static class SendUsernameServlet extends HttpServlet {
|
|
||||||
@Override
|
|
||||||
protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
|
|
||||||
resp.setContentType("text/plain");
|
|
||||||
OutputStream stream = resp.getOutputStream();
|
|
||||||
Principal principal = req.getUserPrincipal();
|
|
||||||
if (principal == null) {
|
|
||||||
stream.write("null".getBytes());
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
String name = principal.getName();
|
|
||||||
stream.write(name.getBytes());
|
|
||||||
stream.write("\n".getBytes());
|
|
||||||
KeycloakSecurityContext context = (KeycloakSecurityContext)req.getAttribute(KeycloakSecurityContext.class.getName());
|
|
||||||
stream.write(context.getIdToken().getName().getBytes());
|
|
||||||
stream.write("\n".getBytes());
|
|
||||||
stream.write(logoutUri.getBytes());
|
|
||||||
|
|
||||||
}
|
|
||||||
@Override
|
|
||||||
protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
|
|
||||||
doGet(req, resp);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
static Tomcat tomcat = null;
|
static Tomcat tomcat = null;
|
||||||
|
|
||||||
@BeforeClass
|
@BeforeClass
|
||||||
public static void initTomcat() throws Exception {
|
public static void initTomcat() throws Exception {
|
||||||
URL dir = Tomcat7Test.class.getResource("/tomcat-test/webapp/META-INF/context.xml");
|
|
||||||
File webappDir = new File(dir.getFile()).getParentFile().getParentFile();
|
|
||||||
tomcat = new Tomcat();
|
tomcat = new Tomcat();
|
||||||
String baseDir = getBaseDirectory();
|
String baseDir = getBaseDirectory();
|
||||||
tomcat.setBaseDir(baseDir);
|
tomcat.setBaseDir(baseDir);
|
||||||
tomcat.setPort(8080);
|
tomcat.setPort(8082);
|
||||||
|
|
||||||
tomcat.addWebapp("/customer-portal", webappDir.toString());
|
System.setProperty("app.server.base.url", "http://localhost:8082");
|
||||||
System.out.println("configuring app with basedir: " + webappDir.toString());
|
System.setProperty("my.host.name", "localhost");
|
||||||
|
URL dir = Tomcat7Test.class.getResource("/adapter-test/demorealm.json");
|
||||||
|
File base = new File(dir.getFile()).getParentFile();
|
||||||
|
tomcat.addWebapp("/customer-portal", new File(base, "customer-portal").toString());
|
||||||
|
tomcat.addWebapp("/customer-db", new File(base, "customer-db").toString());
|
||||||
|
tomcat.addWebapp("/product-portal", new File(base, "product-portal").toString());
|
||||||
|
tomcat.addWebapp("/secure-portal", new File(base, "secure-portal").toString());
|
||||||
|
tomcat.addWebapp("/session-portal", new File(base, "session-portal").toString());
|
||||||
|
|
||||||
tomcat.start();
|
tomcat.start();
|
||||||
//tomcat.getServer().await();
|
//tomcat.getServer().await();
|
||||||
|
@ -121,42 +99,75 @@ public class Tomcat7Test {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Rule
|
@Rule
|
||||||
public WebRule webRule = new WebRule(this);
|
public AdapterTestStrategy testStrategy = new AdapterTestStrategy("http://localhost:8081/auth", "http://localhost:8082", keycloakRule);
|
||||||
@WebResource
|
|
||||||
protected WebDriver driver;
|
|
||||||
@WebResource
|
|
||||||
protected LoginPage loginPage;
|
|
||||||
|
|
||||||
public static final String LOGIN_URL = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
|
|
||||||
@Test
|
@Test
|
||||||
public void testLoginSSOAndLogout() throws Exception {
|
public void testLoginSSOAndLogout() throws Exception {
|
||||||
driver.navigate().to("http://localhost:8080/customer-portal");
|
testStrategy.testLoginSSOAndLogout();
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
}
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
loginPage.login("bburke@redhat.com", "password");
|
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
|
||||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8080/customer-portal");
|
|
||||||
String pageSource = driver.getPageSource();
|
|
||||||
System.out.println(pageSource);
|
|
||||||
Assert.assertTrue(pageSource.contains("Bill Burke"));
|
|
||||||
|
|
||||||
// test logout
|
@Test
|
||||||
|
public void testServletRequestLogout() throws Exception {
|
||||||
String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
|
testStrategy.testServletRequestLogout();
|
||||||
.queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8080/customer-portal").build("demo").toString();
|
}
|
||||||
driver.navigate().to(logoutUri);
|
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
driver.navigate().to("http://localhost:8080/customer-portal");
|
|
||||||
String currentUrl = driver.getCurrentUrl();
|
|
||||||
Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
|
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testLoginSSOIdle() throws Exception {
|
||||||
|
testStrategy.testLoginSSOIdle();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@Ignore
|
public void testLoginSSOIdleRemoveExpiredUserSessions() throws Exception {
|
||||||
public void runit() throws Exception {
|
testStrategy.testLoginSSOIdleRemoveExpiredUserSessions();
|
||||||
Thread.sleep(10000000);
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testLoginSSOMax() throws Exception {
|
||||||
|
testStrategy.testLoginSSOMax();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-518
|
||||||
|
* @throws Exception
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testNullBearerToken() throws Exception {
|
||||||
|
testStrategy.testNullBearerToken();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-518
|
||||||
|
* @throws Exception
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testBadUser() throws Exception {
|
||||||
|
testStrategy.testBadUser();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testVersion() throws Exception {
|
||||||
|
testStrategy.testVersion();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-732
|
||||||
|
*
|
||||||
|
* @throws Throwable
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testSingleSessionInvalidated() throws Throwable {
|
||||||
|
testStrategy.testSingleSessionInvalidated();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-741
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testSessionInvalidatedAfterFailedRefresh() throws Throwable {
|
||||||
|
testStrategy.testSessionInvalidatedAfterFailedRefresh();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
<Context path="/customer-portal">
|
||||||
|
<Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
|
||||||
|
</Context>
|
|
@ -0,0 +1,9 @@
|
||||||
|
{
|
||||||
|
"realm" : "demo",
|
||||||
|
"resource" : "customer-db",
|
||||||
|
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"ssl-required" : "external",
|
||||||
|
"bearer-only" : true,
|
||||||
|
"enable-cors" : true
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>adapter-test</module-name>
|
||||||
|
|
||||||
|
<servlet>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<servlet-class>org.keycloak.testsuite.adapter.CustomerDatabaseServlet</servlet-class>
|
||||||
|
</servlet>
|
||||||
|
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
|
||||||
|
<security-constraint>
|
||||||
|
<web-resource-collection>
|
||||||
|
<web-resource-name>Users</web-resource-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</web-resource-collection>
|
||||||
|
<auth-constraint>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</auth-constraint>
|
||||||
|
</security-constraint>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>BASIC</auth-method>
|
||||||
|
<realm-name>demo</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
|
@ -0,0 +1,3 @@
|
||||||
|
<Context path="/customer-portal">
|
||||||
|
<Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
|
||||||
|
</Context>
|
|
@ -0,0 +1,11 @@
|
||||||
|
{
|
||||||
|
"realm": "demo",
|
||||||
|
"resource": "customer-portal",
|
||||||
|
"realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"auth-server-url": "http://localhost:8081/auth",
|
||||||
|
"ssl-required" : "external",
|
||||||
|
"expose-token": true,
|
||||||
|
"credentials": {
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>adapter-test</module-name>
|
||||||
|
|
||||||
|
<servlet>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<servlet-class>org.keycloak.testsuite.adapter.CustomerServlet</servlet-class>
|
||||||
|
</servlet>
|
||||||
|
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
|
||||||
|
<security-constraint>
|
||||||
|
<web-resource-collection>
|
||||||
|
<web-resource-name>Users</web-resource-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</web-resource-collection>
|
||||||
|
<auth-constraint>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</auth-constraint>
|
||||||
|
</security-constraint>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>BASIC</auth-method>
|
||||||
|
<realm-name>demo</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
141
testsuite/tomcat7/src/test/resources/adapter-test/demorealm.json
Executable file
141
testsuite/tomcat7/src/test/resources/adapter-test/demorealm.json
Executable file
|
@ -0,0 +1,141 @@
|
||||||
|
{
|
||||||
|
"id": "demo",
|
||||||
|
"realm": "demo",
|
||||||
|
"enabled": true,
|
||||||
|
"accessTokenLifespan": 3000,
|
||||||
|
"accessCodeLifespan": 10,
|
||||||
|
"accessCodeLifespanUserAction": 6000,
|
||||||
|
"sslRequired": "external",
|
||||||
|
"registrationAllowed": false,
|
||||||
|
"social": false,
|
||||||
|
"passwordCredentialGrantAllowed": true,
|
||||||
|
"updateProfileOnInitialSocialLogin": false,
|
||||||
|
"privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
|
||||||
|
"publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"requiredCredentials": [ "password" ],
|
||||||
|
"users" : [
|
||||||
|
{
|
||||||
|
"username" : "bburke@redhat.com",
|
||||||
|
"enabled": true,
|
||||||
|
"email" : "bburke@redhat.com",
|
||||||
|
"firstName": "Bill",
|
||||||
|
"lastName": "Burke",
|
||||||
|
"credentials" : [
|
||||||
|
{ "type" : "password",
|
||||||
|
"value" : "password" }
|
||||||
|
],
|
||||||
|
"realmRoles": [ "user" ],
|
||||||
|
"applicationRoles": {
|
||||||
|
"account": [ "manage-account" ]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"roles" : {
|
||||||
|
"realm" : [
|
||||||
|
{
|
||||||
|
"name": "user",
|
||||||
|
"description": "User privileges"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "admin",
|
||||||
|
"description": "Administrator privileges"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"scopeMappings": [
|
||||||
|
{
|
||||||
|
"client": "third-party",
|
||||||
|
"roles": ["user"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"client": "customer-portal",
|
||||||
|
"roles": ["user"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"client": "product-portal",
|
||||||
|
"roles": ["user"]
|
||||||
|
}
|
||||||
|
|
||||||
|
],
|
||||||
|
"applications": [
|
||||||
|
{
|
||||||
|
"name": "customer-portal",
|
||||||
|
"enabled": true,
|
||||||
|
"adminUrl": "http://localhost:8082/customer-portal",
|
||||||
|
"baseUrl": "http://localhost:8082/customer-portal",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/customer-portal/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "customer-cookie-portal",
|
||||||
|
"enabled": true,
|
||||||
|
"baseUrl": "http://localhost:8082/customer-cookie-portal",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/customer-cookie-portal/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "customer-portal-js",
|
||||||
|
"enabled": true,
|
||||||
|
"publicClient": true,
|
||||||
|
"adminUrl": "http://localhost:8082/customer-portal-js",
|
||||||
|
"baseUrl": "http://localhost:8082/customer-portal-js",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8080/customer-portal-js/*"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "customer-portal-cli",
|
||||||
|
"enabled": true,
|
||||||
|
"publicClient": true,
|
||||||
|
"redirectUris": [
|
||||||
|
"urn:ietf:wg:oauth:2.0:oob",
|
||||||
|
"http://localhost"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "product-portal",
|
||||||
|
"enabled": true,
|
||||||
|
"adminUrl": "http://localhost:8082/product-portal",
|
||||||
|
"baseUrl": "http://localhost:8082/product-portal",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/product-portal/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "secure-portal",
|
||||||
|
"enabled": true,
|
||||||
|
"adminUrl": "http://localhost:8082/secure-portal",
|
||||||
|
"baseUrl": "http://localhost:8082/secure-portal",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/secure-portal/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "session-portal",
|
||||||
|
"enabled": true,
|
||||||
|
"adminUrl": "http://localhost:8082/session-portal",
|
||||||
|
"baseUrl": "http://localhost:8082/session-portal",
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/session-portal/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"oauthClients": [
|
||||||
|
{
|
||||||
|
"name": "third-party",
|
||||||
|
"enabled": true,
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8082/oauth-client/*",
|
||||||
|
"http://localhost:8082/oauth-client-cdi/*"
|
||||||
|
],
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,3 @@
|
||||||
|
<Context path="/customer-portal">
|
||||||
|
<Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
|
||||||
|
</Context>
|
|
@ -0,0 +1,10 @@
|
||||||
|
{
|
||||||
|
"realm" : "demo",
|
||||||
|
"resource" : "product-portal",
|
||||||
|
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"auth-server-url" : "http://localhost:8081/auth",
|
||||||
|
"ssl-required" : "external",
|
||||||
|
"credentials" : {
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>adapter-test</module-name>
|
||||||
|
|
||||||
|
<servlet>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<servlet-class>org.keycloak.testsuite.adapter.ProductServlet</servlet-class>
|
||||||
|
</servlet>
|
||||||
|
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
|
||||||
|
<security-constraint>
|
||||||
|
<web-resource-collection>
|
||||||
|
<web-resource-name>Users</web-resource-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</web-resource-collection>
|
||||||
|
<auth-constraint>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</auth-constraint>
|
||||||
|
</security-constraint>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>BASIC</auth-method>
|
||||||
|
<realm-name>demo</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
|
@ -0,0 +1,3 @@
|
||||||
|
<Context path="/customer-portal">
|
||||||
|
<Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
|
||||||
|
</Context>
|
|
@ -0,0 +1,10 @@
|
||||||
|
{
|
||||||
|
"realm" : "demo",
|
||||||
|
"resource" : "secure-portal",
|
||||||
|
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"auth-server-url" : "http://localhost:8080/auth",
|
||||||
|
"ssl-required" : "external",
|
||||||
|
"credentials" : {
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,30 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>adapter-test</module-name>
|
||||||
|
|
||||||
|
<servlet>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<servlet-class>org.keycloak.testsuite.adapter.CallAuthenticatedServlet</servlet-class>
|
||||||
|
</servlet>
|
||||||
|
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>BASIC</auth-method>
|
||||||
|
<realm-name>demo</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
|
@ -0,0 +1,3 @@
|
||||||
|
<Context path="/customer-portal">
|
||||||
|
<Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
|
||||||
|
</Context>
|
|
@ -0,0 +1,10 @@
|
||||||
|
{
|
||||||
|
"realm" : "demo",
|
||||||
|
"resource" : "session-portal",
|
||||||
|
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"auth-server-url" : "http://${my.host.name}:8081/auth",
|
||||||
|
"ssl-required" : "external",
|
||||||
|
"credentials" : {
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>adapter-test</module-name>
|
||||||
|
|
||||||
|
<servlet>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<servlet-class>org.keycloak.testsuite.adapter.SessionServlet</servlet-class>
|
||||||
|
</servlet>
|
||||||
|
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
|
||||||
|
<security-constraint>
|
||||||
|
<web-resource-collection>
|
||||||
|
<web-resource-name>Users</web-resource-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</web-resource-collection>
|
||||||
|
<auth-constraint>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</auth-constraint>
|
||||||
|
</security-constraint>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>BASIC</auth-method>
|
||||||
|
<realm-name>demo</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
|
@ -1,58 +0,0 @@
|
||||||
{
|
|
||||||
"id": "demo",
|
|
||||||
"realm": "demo",
|
|
||||||
"enabled": true,
|
|
||||||
"accessTokenLifespan": 3000,
|
|
||||||
"accessCodeLifespan": 10,
|
|
||||||
"accessCodeLifespanUserAction": 6000,
|
|
||||||
"sslRequired": "external",
|
|
||||||
"registrationAllowed": false,
|
|
||||||
"social": false,
|
|
||||||
"passwordCredentialGrantAllowed": true,
|
|
||||||
"updateProfileOnInitialSocialLogin": false,
|
|
||||||
"privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
|
|
||||||
"publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
|
||||||
"requiredCredentials": [ "password" ],
|
|
||||||
"users" : [
|
|
||||||
{
|
|
||||||
"username" : "bburke@redhat.com",
|
|
||||||
"enabled": true,
|
|
||||||
"email" : "bburke@redhat.com",
|
|
||||||
"firstName": "Bill",
|
|
||||||
"lastName": "Burke",
|
|
||||||
"credentials" : [
|
|
||||||
{ "type" : "password",
|
|
||||||
"value" : "password" }
|
|
||||||
],
|
|
||||||
"realmRoles": [ "user", "admin" ],
|
|
||||||
"applicationRoles": {
|
|
||||||
"account": [ "manage-account" ]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"roles" : {
|
|
||||||
"realm" : [
|
|
||||||
{
|
|
||||||
"name": "user",
|
|
||||||
"description": "User privileges"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "admin",
|
|
||||||
"description": "Administrator privileges"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"applications": [
|
|
||||||
{
|
|
||||||
"name": "customer-portal",
|
|
||||||
"enabled": true,
|
|
||||||
"fullScopeAllowed": true,
|
|
||||||
"adminUrl": "http://localhost:8080/customer-portal",
|
|
||||||
"baseUrl": "http://localhost:8080/customer-portal",
|
|
||||||
"redirectUris": [
|
|
||||||
"http://localhost:8080/customer-portal/*"
|
|
||||||
],
|
|
||||||
"secret": "password"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
|
@ -36,6 +36,7 @@ import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.protocol.oidc.OpenIDConnectService;
|
import org.keycloak.protocol.oidc.OpenIDConnectService;
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
|
import org.keycloak.testsuite.adapter.AdapterTestStrategy;
|
||||||
import org.keycloak.testsuite.pages.LoginPage;
|
import org.keycloak.testsuite.pages.LoginPage;
|
||||||
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
|
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
|
||||||
import org.keycloak.testsuite.rule.WebResource;
|
import org.keycloak.testsuite.rule.WebResource;
|
||||||
|
@ -59,56 +60,33 @@ import java.util.regex.Matcher;
|
||||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||||
*/
|
*/
|
||||||
public class TomcatTest {
|
public class TomcatTest {
|
||||||
static String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
|
|
||||||
.queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8080/customer-portal").build("demo").toString();
|
|
||||||
|
|
||||||
@ClassRule
|
@ClassRule
|
||||||
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
|
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
|
||||||
@Override
|
@Override
|
||||||
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
|
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
|
||||||
RealmRepresentation representation = KeycloakServer.loadJson(getClass().getResourceAsStream("/tomcat-test/demorealm.json"), RealmRepresentation.class);
|
RealmRepresentation representation = KeycloakServer.loadJson(getClass().getResourceAsStream("/adapter-test/demorealm.json"), RealmRepresentation.class);
|
||||||
RealmModel realm = manager.importRealm(representation);
|
RealmModel realm = manager.importRealm(representation);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
public static class SendUsernameServlet extends HttpServlet {
|
|
||||||
@Override
|
|
||||||
protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
|
|
||||||
resp.setContentType("text/plain");
|
|
||||||
OutputStream stream = resp.getOutputStream();
|
|
||||||
Principal principal = req.getUserPrincipal();
|
|
||||||
if (principal == null) {
|
|
||||||
stream.write("null".getBytes());
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
String name = principal.getName();
|
|
||||||
stream.write(name.getBytes());
|
|
||||||
stream.write("\n".getBytes());
|
|
||||||
KeycloakSecurityContext context = (KeycloakSecurityContext)req.getAttribute(KeycloakSecurityContext.class.getName());
|
|
||||||
stream.write(context.getIdToken().getName().getBytes());
|
|
||||||
stream.write("\n".getBytes());
|
|
||||||
stream.write(logoutUri.getBytes());
|
|
||||||
|
|
||||||
}
|
|
||||||
@Override
|
|
||||||
protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
|
|
||||||
doGet(req, resp);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
static Tomcat tomcat = null;
|
static Tomcat tomcat = null;
|
||||||
|
|
||||||
@BeforeClass
|
@BeforeClass
|
||||||
public static void initTomcat() throws Exception {
|
public static void initTomcat() throws Exception {
|
||||||
URL dir = TomcatTest.class.getResource("/tomcat-test/webapp/META-INF/context.xml");
|
|
||||||
File webappDir = new File(dir.getFile()).getParentFile().getParentFile();
|
|
||||||
tomcat = new Tomcat();
|
tomcat = new Tomcat();
|
||||||
String baseDir = getBaseDirectory();
|
String baseDir = getBaseDirectory();
|
||||||
tomcat.setBaseDir(baseDir);
|
tomcat.setBaseDir(baseDir);
|
||||||
tomcat.setPort(8080);
|
tomcat.setPort(8082);
|
||||||
|
|
||||||
tomcat.addWebapp("/customer-portal", webappDir.toString());
|
System.setProperty("app.server.base.url", "http://localhost:8082");
|
||||||
System.out.println("configuring app with basedir: " + webappDir.toString());
|
System.setProperty("my.host.name", "localhost");
|
||||||
|
URL dir = TomcatTest.class.getResource("/adapter-test/demorealm.json");
|
||||||
|
File base = new File(dir.getFile()).getParentFile();
|
||||||
|
tomcat.addWebapp("/customer-portal", new File(base, "customer-portal").toString());
|
||||||
|
tomcat.addWebapp("/customer-db", new File(base, "customer-db").toString());
|
||||||
|
tomcat.addWebapp("/product-portal", new File(base, "product-portal").toString());
|
||||||
|
tomcat.addWebapp("/secure-portal", new File(base, "secure-portal").toString());
|
||||||
|
tomcat.addWebapp("/session-portal", new File(base, "session-portal").toString());
|
||||||
|
|
||||||
tomcat.start();
|
tomcat.start();
|
||||||
//tomcat.getServer().await();
|
//tomcat.getServer().await();
|
||||||
|
@ -121,44 +99,76 @@ public class TomcatTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Rule
|
@Rule
|
||||||
public WebRule webRule = new WebRule(this);
|
public AdapterTestStrategy testStrategy = new AdapterTestStrategy("http://localhost:8081/auth", "http://localhost:8082", keycloakRule);
|
||||||
@WebResource
|
|
||||||
protected WebDriver driver;
|
|
||||||
@WebResource
|
|
||||||
protected LoginPage loginPage;
|
|
||||||
|
|
||||||
public static final String LOGIN_URL = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
|
|
||||||
@Test
|
@Test
|
||||||
public void testLoginSSOAndLogout() throws Exception {
|
public void testLoginSSOAndLogout() throws Exception {
|
||||||
driver.navigate().to("http://localhost:8080/customer-portal");
|
testStrategy.testLoginSSOAndLogout();
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
}
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
loginPage.login("bburke@redhat.com", "password");
|
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
|
||||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8080/customer-portal");
|
|
||||||
String pageSource = driver.getPageSource();
|
|
||||||
System.out.println(pageSource);
|
|
||||||
Assert.assertTrue(pageSource.contains("Bill Burke"));
|
|
||||||
|
|
||||||
// test logout
|
@Test
|
||||||
|
public void testServletRequestLogout() throws Exception {
|
||||||
String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
|
testStrategy.testServletRequestLogout();
|
||||||
.queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8080/customer-portal").build("demo").toString();
|
}
|
||||||
driver.navigate().to(logoutUri);
|
|
||||||
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
|
|
||||||
driver.navigate().to("http://localhost:8080/customer-portal");
|
|
||||||
String currentUrl = driver.getCurrentUrl();
|
|
||||||
Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
|
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testLoginSSOIdle() throws Exception {
|
||||||
|
testStrategy.testLoginSSOIdle();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@Ignore
|
public void testLoginSSOIdleRemoveExpiredUserSessions() throws Exception {
|
||||||
public void runit() throws Exception {
|
testStrategy.testLoginSSOIdleRemoveExpiredUserSessions();
|
||||||
Thread.sleep(10000000);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testLoginSSOMax() throws Exception {
|
||||||
|
testStrategy.testLoginSSOMax();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-518
|
||||||
|
* @throws Exception
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testNullBearerToken() throws Exception {
|
||||||
|
testStrategy.testNullBearerToken();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-518
|
||||||
|
* @throws Exception
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testBadUser() throws Exception {
|
||||||
|
testStrategy.testBadUser();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testVersion() throws Exception {
|
||||||
|
testStrategy.testVersion();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-732
|
||||||
|
*
|
||||||
|
* @throws Throwable
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testSingleSessionInvalidated() throws Throwable {
|
||||||
|
testStrategy.testSingleSessionInvalidated();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* KEYCLOAK-741
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testSessionInvalidatedAfterFailedRefresh() throws Throwable {
|
||||||
|
testStrategy.testSessionInvalidatedAfterFailedRefresh();
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
private static String getBaseDirectory() {
|
private static String getBaseDirectory() {
|
||||||
String dirPath = null;
|
String dirPath = null;
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
<Context path="/customer-portal">
|
||||||
|
<Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
|
||||||
|
</Context>
|
|
@ -0,0 +1,9 @@
|
||||||
|
{
|
||||||
|
"realm" : "demo",
|
||||||
|
"resource" : "customer-db",
|
||||||
|
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"ssl-required" : "external",
|
||||||
|
"bearer-only" : true,
|
||||||
|
"enable-cors" : true
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>adapter-test</module-name>
|
||||||
|
|
||||||
|
<servlet>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<servlet-class>org.keycloak.testsuite.adapter.CustomerDatabaseServlet</servlet-class>
|
||||||
|
</servlet>
|
||||||
|
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
|
||||||
|
<security-constraint>
|
||||||
|
<web-resource-collection>
|
||||||
|
<web-resource-name>Users</web-resource-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</web-resource-collection>
|
||||||
|
<auth-constraint>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</auth-constraint>
|
||||||
|
</security-constraint>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>BASIC</auth-method>
|
||||||
|
<realm-name>demo</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
|
@ -0,0 +1,3 @@
|
||||||
|
<Context path="/customer-portal">
|
||||||
|
<Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
|
||||||
|
</Context>
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue