[KEYCLOAK-5015] - HAL integration tests

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AppServerWelcomePage.java

@@ -0,0 +1,81 @@
+/*
+ * Copyright 2017 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.testsuite.pages;
+
+import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
+
+import org.jboss.arquillian.graphene.page.Page;
+import org.keycloak.testsuite.adapter.page.AppServerContextRoot;
+import org.keycloak.testsuite.auth.page.login.OIDCLogin;
+import org.keycloak.testsuite.util.URLUtils;
+import org.keycloak.testsuite.util.WaitUtils;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.FindBy;
+
+/**
+ * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
+ */
+public class AppServerWelcomePage extends AppServerContextRoot {
+
+    @Page
+    protected OIDCLogin loginPage;
+
+    @FindBy(xpath = "//a[text() = 'Access Control']")
+    private WebElement accessControlLink;
+
+    @FindBy(xpath = "//a[text() = 'Manage user profile']")
+    private WebElement manageProfileLink;
+
+    @FindBy(xpath = "//div[text() = 'Logout']")
+    private WebElement logoutLink;
+
+    @Override
+    public boolean isCurrent() {
+        return driver.getPageSource().contains("Access Control");
+    }
+
+    public void navigateToConsole() {
+        WaitUtils.pause(2000);
+        URLUtils.navigateToUri(driver, getInjectedUrl().toString() + "/console", true);
+        waitForPageToLoad(driver);
+    }
+
+    public void login(String username, String password) {
+        loginPage.form().waitForLoginButtonPresent();
+        loginPage.form().login(username, password);
+        waitForPageToLoad(driver);
+    }
+
+    public void navigateToAccessControl() {
+        accessControlLink.click();
+        waitForPageToLoad(driver);
+    }
+
+    public void navigateManageProfile() {
+        manageProfileLink.click();
+        waitForPageToLoad(driver);
+    }
+
+    public void logout() {
+        logoutLink.click();
+        waitForPageToLoad(driver);
+    }
+
+    public boolean isLoginPage() {
+        return loginPage.isCurrent();
+    }
+}

testsuite/integration-arquillian/tests/base/src/test/resources/wildfly-integration/wildfly-management-realm.json

@@ -0,0 +1,68 @@
+{
+  "realm": "jboss-infra",
+  "enabled": true,
+  "sslRequired": "external",
+  "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
+  "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+  "requiredCredentials": [
+    "password"
+  ],
+  "users": [
+    {
+      "username": "admin",
+      "enabled": true,
+      "email": "admin@admin.com",
+      "firstName": "Admin",
+      "lastName": "Istrator",
+      "credentials": [
+        {
+          "type": "password",
+          "value": "admin"
+        }
+      ],
+      "realmRoles": [
+        "Administrator"
+      ],
+      "clientRoles": {
+        "realm-management": [
+          "realm-admin"
+        ],
+        "account": [
+          "manage-account"
+        ]
+      }
+    }
+  ],
+  "roles": {
+    "realm": [
+      {
+        "name": "Administrator",
+        "description": "Administrator privileges"
+      }
+    ]
+  },
+  "clients": [
+    {
+      "clientId": "wildfly-console",
+      "enabled": true,
+      "adminUrl": "http://localhost:10190",
+      "baseUrl": "http://localhost:10190",
+      "publicClient": true,
+      "redirectUris": [
+        "http://localhost:10190/*"
+      ],
+      "webOrigins": ["http://localhost:10190"]
+    },
+    {
+      "clientId": "wildfly-management",
+      "secret": "secret",
+      "enabled": true,
+      "baseUrl": "/photoz-restful-api",
+      "publicClient": false,
+      "redirectUris": [
+        "/photoz-restful-api/*"
+      ],
+      "webOrigins" : ["*"]
+    }
+  ]
+}

testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/pom.xml

@@ -42,7 +42,7 @@
             <groupId>org.wildfly.core</groupId>
             <artifactId>wildfly-cli</artifactId>
             <scope>test</scope>
-            <version>2.2.0.Final</version>
+            <version>3.0.0.Beta30</version>
         </dependency>
     </dependencies>    
 

testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/example/authorization/WildflyManagementProtectionTest.java

@@ -0,0 +1,109 @@
+/*
+ * Copyright 2017 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.testsuite.adapter.example.authorization;
+
+import static org.junit.Assert.assertTrue;
+import static org.keycloak.testsuite.util.IOUtil.loadRealm;
+
+import java.util.List;
+
+import org.jboss.arquillian.graphene.page.Page;
+import org.junit.Before;
+import org.junit.Test;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.testsuite.adapter.AbstractAdapterTest;
+import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
+import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
+import org.keycloak.testsuite.pages.AppServerWelcomePage;
+import org.keycloak.testsuite.util.WaitUtils;
+import org.wildfly.extras.creaper.core.ManagementClient;
+import org.wildfly.extras.creaper.core.online.OnlineManagementClient;
+import org.wildfly.extras.creaper.core.online.OnlineOptions;
+
+/**
+ *
+ * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
+ */
+@AppServerContainer("app-server-wildfly")
+//@AdapterLibsLocationProperty("adapter.libs.wildfly")
+public class WildflyManagementProtectionTest extends AbstractAdapterTest {
+
+    @Page
+    protected AppServerWelcomePage appServerWelcomePage;
+
+    @Page
+    protected AccountUpdateProfilePage accountUpdateProfilePage;
+
+    @Override
+    public void addAdapterTestRealms(List<RealmRepresentation> testRealms) {
+        testRealms.add(loadRealm("/wildfly-integration/wildfly-management-realm.json"));
+    }
+
+    @Before
+    public void beforeAuthTest() {
+        super.beforeAuthTest();
+
+        try {
+            OnlineManagementClient clientWorkerNodeClient = ManagementClient.online(OnlineOptions
+                    .standalone()
+                    .hostAndPort("localhost", 10190)
+                    .build());
+
+            // Create a realm for both wildfly console and mgmt interface
+            clientWorkerNodeClient.execute("/subsystem=keycloak/realm=jboss-infra:add(auth-server-url=http://localhost:8180/auth,realm-public-key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB)");
+
+            // Create a secure-deployment in order to protect mgmt interface
+            clientWorkerNodeClient.execute("/subsystem=keycloak/secure-deployment=wildfly-management:add(realm=jboss-infra,resource=wildfly-management,principal-attribute=preferred_username,bearer-only=true,ssl-required=EXTERNAL)");
+
+            // Protect HTTP mgmt interface with Keycloak adapter
+            clientWorkerNodeClient.execute("/core-service=management/management-interface=http-interface:undefine-attribute(name=security-realm)");
+            clientWorkerNodeClient.execute("/subsystem=elytron/http-authentication-factory=keycloak-mgmt-http-authentication:add(security-domain=KeycloakDomain,http-server-mechanism-factory=wildfly-management,mechanism-configurations=[{mechanism-name=KEYCLOAK,mechanism-realm-configurations=[{realm-name=KeycloakOIDCRealm,realm-mapper=keycloak-oidc-realm-mapper}]}])");
+            clientWorkerNodeClient.execute("/core-service=management/management-interface=http-interface:write-attribute(name=http-authentication-factory,value=keycloak-mgmt-http-authentication)");
+            clientWorkerNodeClient.execute("/core-service=management/management-interface=http-interface:write-attribute(name=http-upgrade, value={enabled=true, sasl-authentication-factory=management-sasl-authentication})");
+
+            // Enable RBAC where roles are obtained from the identity
+            clientWorkerNodeClient.execute("/core-service=management/access=authorization:write-attribute(name=provider,value=rbac)");
+            clientWorkerNodeClient.execute("/core-service=management/access=authorization:write-attribute(name=use-identity-roles,value=true)");
+
+            // Create a secure-server in order to publish the wildfly console configuration via mgmt interface
+            clientWorkerNodeClient.execute("/subsystem=keycloak/secure-server=wildfly-console:add(realm=jboss-infra,resource=wildfly-console,public-client=true)");
+
+            // reload
+            clientWorkerNodeClient.execute("reload");
+        } catch (Exception cause) {
+            throw new RuntimeException("Failed to configure app server", cause);
+        }
+    }
+
+    @Test
+    public void testLogin() throws InterruptedException {
+        appServerWelcomePage.navigateToConsole();
+        appServerWelcomePage.login("admin", "admin");
+        WaitUtils.pause(2000);
+        assertTrue(appServerWelcomePage.isCurrent());
+    }
+
+    @Test
+    public void testUserCanAccessAccountService() throws InterruptedException {
+        appServerWelcomePage.navigateToConsole();
+        appServerWelcomePage.login("admin", "admin");
+        WaitUtils.pause(2000);
+        appServerWelcomePage.navigateToAccessControl();
+        appServerWelcomePage.navigateManageProfile();
+        assertTrue(accountUpdateProfilePage.isCurrent());
+    }
+}