[KEYCLOAK-5015] - HAL integration tests

This commit is contained in:
Pedro Igor 2017-08-22 12:23:52 -03:00
parent d5ae6bf77a
commit 287a86938e
4 changed files with 259 additions and 1 deletions

View file

@ -0,0 +1,81 @@
/*
* Copyright 2017 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.pages;
import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
import org.jboss.arquillian.graphene.page.Page;
import org.keycloak.testsuite.adapter.page.AppServerContextRoot;
import org.keycloak.testsuite.auth.page.login.OIDCLogin;
import org.keycloak.testsuite.util.URLUtils;
import org.keycloak.testsuite.util.WaitUtils;
import org.openqa.selenium.WebElement;
import org.openqa.selenium.support.FindBy;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
public class AppServerWelcomePage extends AppServerContextRoot {
@Page
protected OIDCLogin loginPage;
@FindBy(xpath = "//a[text() = 'Access Control']")
private WebElement accessControlLink;
@FindBy(xpath = "//a[text() = 'Manage user profile']")
private WebElement manageProfileLink;
@FindBy(xpath = "//div[text() = 'Logout']")
private WebElement logoutLink;
@Override
public boolean isCurrent() {
return driver.getPageSource().contains("Access Control");
}
public void navigateToConsole() {
WaitUtils.pause(2000);
URLUtils.navigateToUri(driver, getInjectedUrl().toString() + "/console", true);
waitForPageToLoad(driver);
}
public void login(String username, String password) {
loginPage.form().waitForLoginButtonPresent();
loginPage.form().login(username, password);
waitForPageToLoad(driver);
}
public void navigateToAccessControl() {
accessControlLink.click();
waitForPageToLoad(driver);
}
public void navigateManageProfile() {
manageProfileLink.click();
waitForPageToLoad(driver);
}
public void logout() {
logoutLink.click();
waitForPageToLoad(driver);
}
public boolean isLoginPage() {
return loginPage.isCurrent();
}
}

View file

@ -0,0 +1,68 @@
{
"realm": "jboss-infra",
"enabled": true,
"sslRequired": "external",
"privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
"publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"requiredCredentials": [
"password"
],
"users": [
{
"username": "admin",
"enabled": true,
"email": "admin@admin.com",
"firstName": "Admin",
"lastName": "Istrator",
"credentials": [
{
"type": "password",
"value": "admin"
}
],
"realmRoles": [
"Administrator"
],
"clientRoles": {
"realm-management": [
"realm-admin"
],
"account": [
"manage-account"
]
}
}
],
"roles": {
"realm": [
{
"name": "Administrator",
"description": "Administrator privileges"
}
]
},
"clients": [
{
"clientId": "wildfly-console",
"enabled": true,
"adminUrl": "http://localhost:10190",
"baseUrl": "http://localhost:10190",
"publicClient": true,
"redirectUris": [
"http://localhost:10190/*"
],
"webOrigins": ["http://localhost:10190"]
},
{
"clientId": "wildfly-management",
"secret": "secret",
"enabled": true,
"baseUrl": "/photoz-restful-api",
"publicClient": false,
"redirectUris": [
"/photoz-restful-api/*"
],
"webOrigins" : ["*"]
}
]
}

View file

@ -42,7 +42,7 @@
<groupId>org.wildfly.core</groupId>
<artifactId>wildfly-cli</artifactId>
<scope>test</scope>
<version>2.2.0.Final</version>
<version>3.0.0.Beta30</version>
</dependency>
</dependencies>

View file

@ -0,0 +1,109 @@
/*
* Copyright 2017 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.adapter.example.authorization;
import static org.junit.Assert.assertTrue;
import static org.keycloak.testsuite.util.IOUtil.loadRealm;
import java.util.List;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.adapter.AbstractAdapterTest;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.AppServerWelcomePage;
import org.keycloak.testsuite.util.WaitUtils;
import org.wildfly.extras.creaper.core.ManagementClient;
import org.wildfly.extras.creaper.core.online.OnlineManagementClient;
import org.wildfly.extras.creaper.core.online.OnlineOptions;
/**
*
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
@AppServerContainer("app-server-wildfly")
//@AdapterLibsLocationProperty("adapter.libs.wildfly")
public class WildflyManagementProtectionTest extends AbstractAdapterTest {
@Page
protected AppServerWelcomePage appServerWelcomePage;
@Page
protected AccountUpdateProfilePage accountUpdateProfilePage;
@Override
public void addAdapterTestRealms(List<RealmRepresentation> testRealms) {
testRealms.add(loadRealm("/wildfly-integration/wildfly-management-realm.json"));
}
@Before
public void beforeAuthTest() {
super.beforeAuthTest();
try {
OnlineManagementClient clientWorkerNodeClient = ManagementClient.online(OnlineOptions
.standalone()
.hostAndPort("localhost", 10190)
.build());
// Create a realm for both wildfly console and mgmt interface
clientWorkerNodeClient.execute("/subsystem=keycloak/realm=jboss-infra:add(auth-server-url=http://localhost:8180/auth,realm-public-key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB)");
// Create a secure-deployment in order to protect mgmt interface
clientWorkerNodeClient.execute("/subsystem=keycloak/secure-deployment=wildfly-management:add(realm=jboss-infra,resource=wildfly-management,principal-attribute=preferred_username,bearer-only=true,ssl-required=EXTERNAL)");
// Protect HTTP mgmt interface with Keycloak adapter
clientWorkerNodeClient.execute("/core-service=management/management-interface=http-interface:undefine-attribute(name=security-realm)");
clientWorkerNodeClient.execute("/subsystem=elytron/http-authentication-factory=keycloak-mgmt-http-authentication:add(security-domain=KeycloakDomain,http-server-mechanism-factory=wildfly-management,mechanism-configurations=[{mechanism-name=KEYCLOAK,mechanism-realm-configurations=[{realm-name=KeycloakOIDCRealm,realm-mapper=keycloak-oidc-realm-mapper}]}])");
clientWorkerNodeClient.execute("/core-service=management/management-interface=http-interface:write-attribute(name=http-authentication-factory,value=keycloak-mgmt-http-authentication)");
clientWorkerNodeClient.execute("/core-service=management/management-interface=http-interface:write-attribute(name=http-upgrade, value={enabled=true, sasl-authentication-factory=management-sasl-authentication})");
// Enable RBAC where roles are obtained from the identity
clientWorkerNodeClient.execute("/core-service=management/access=authorization:write-attribute(name=provider,value=rbac)");
clientWorkerNodeClient.execute("/core-service=management/access=authorization:write-attribute(name=use-identity-roles,value=true)");
// Create a secure-server in order to publish the wildfly console configuration via mgmt interface
clientWorkerNodeClient.execute("/subsystem=keycloak/secure-server=wildfly-console:add(realm=jboss-infra,resource=wildfly-console,public-client=true)");
// reload
clientWorkerNodeClient.execute("reload");
} catch (Exception cause) {
throw new RuntimeException("Failed to configure app server", cause);
}
}
@Test
public void testLogin() throws InterruptedException {
appServerWelcomePage.navigateToConsole();
appServerWelcomePage.login("admin", "admin");
WaitUtils.pause(2000);
assertTrue(appServerWelcomePage.isCurrent());
}
@Test
public void testUserCanAccessAccountService() throws InterruptedException {
appServerWelcomePage.navigateToConsole();
appServerWelcomePage.login("admin", "admin");
WaitUtils.pause(2000);
appServerWelcomePage.navigateToAccessControl();
appServerWelcomePage.navigateManageProfile();
assertTrue(accountUpdateProfilePage.isCurrent());
}
}