[KEYCLOAK-5015] - HAL integration tests
This commit is contained in:
parent
d5ae6bf77a
commit
287a86938e
4 changed files with 259 additions and 1 deletions
|
@ -0,0 +1,81 @@
|
|||
/*
|
||||
* Copyright 2017 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.keycloak.testsuite.pages;
|
||||
|
||||
import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
|
||||
|
||||
import org.jboss.arquillian.graphene.page.Page;
|
||||
import org.keycloak.testsuite.adapter.page.AppServerContextRoot;
|
||||
import org.keycloak.testsuite.auth.page.login.OIDCLogin;
|
||||
import org.keycloak.testsuite.util.URLUtils;
|
||||
import org.keycloak.testsuite.util.WaitUtils;
|
||||
import org.openqa.selenium.WebElement;
|
||||
import org.openqa.selenium.support.FindBy;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
|
||||
*/
|
||||
public class AppServerWelcomePage extends AppServerContextRoot {
|
||||
|
||||
@Page
|
||||
protected OIDCLogin loginPage;
|
||||
|
||||
@FindBy(xpath = "//a[text() = 'Access Control']")
|
||||
private WebElement accessControlLink;
|
||||
|
||||
@FindBy(xpath = "//a[text() = 'Manage user profile']")
|
||||
private WebElement manageProfileLink;
|
||||
|
||||
@FindBy(xpath = "//div[text() = 'Logout']")
|
||||
private WebElement logoutLink;
|
||||
|
||||
@Override
|
||||
public boolean isCurrent() {
|
||||
return driver.getPageSource().contains("Access Control");
|
||||
}
|
||||
|
||||
public void navigateToConsole() {
|
||||
WaitUtils.pause(2000);
|
||||
URLUtils.navigateToUri(driver, getInjectedUrl().toString() + "/console", true);
|
||||
waitForPageToLoad(driver);
|
||||
}
|
||||
|
||||
public void login(String username, String password) {
|
||||
loginPage.form().waitForLoginButtonPresent();
|
||||
loginPage.form().login(username, password);
|
||||
waitForPageToLoad(driver);
|
||||
}
|
||||
|
||||
public void navigateToAccessControl() {
|
||||
accessControlLink.click();
|
||||
waitForPageToLoad(driver);
|
||||
}
|
||||
|
||||
public void navigateManageProfile() {
|
||||
manageProfileLink.click();
|
||||
waitForPageToLoad(driver);
|
||||
}
|
||||
|
||||
public void logout() {
|
||||
logoutLink.click();
|
||||
waitForPageToLoad(driver);
|
||||
}
|
||||
|
||||
public boolean isLoginPage() {
|
||||
return loginPage.isCurrent();
|
||||
}
|
||||
}
|
|
@ -0,0 +1,68 @@
|
|||
{
|
||||
"realm": "jboss-infra",
|
||||
"enabled": true,
|
||||
"sslRequired": "external",
|
||||
"privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
|
||||
"publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||
"requiredCredentials": [
|
||||
"password"
|
||||
],
|
||||
"users": [
|
||||
{
|
||||
"username": "admin",
|
||||
"enabled": true,
|
||||
"email": "admin@admin.com",
|
||||
"firstName": "Admin",
|
||||
"lastName": "Istrator",
|
||||
"credentials": [
|
||||
{
|
||||
"type": "password",
|
||||
"value": "admin"
|
||||
}
|
||||
],
|
||||
"realmRoles": [
|
||||
"Administrator"
|
||||
],
|
||||
"clientRoles": {
|
||||
"realm-management": [
|
||||
"realm-admin"
|
||||
],
|
||||
"account": [
|
||||
"manage-account"
|
||||
]
|
||||
}
|
||||
}
|
||||
],
|
||||
"roles": {
|
||||
"realm": [
|
||||
{
|
||||
"name": "Administrator",
|
||||
"description": "Administrator privileges"
|
||||
}
|
||||
]
|
||||
},
|
||||
"clients": [
|
||||
{
|
||||
"clientId": "wildfly-console",
|
||||
"enabled": true,
|
||||
"adminUrl": "http://localhost:10190",
|
||||
"baseUrl": "http://localhost:10190",
|
||||
"publicClient": true,
|
||||
"redirectUris": [
|
||||
"http://localhost:10190/*"
|
||||
],
|
||||
"webOrigins": ["http://localhost:10190"]
|
||||
},
|
||||
{
|
||||
"clientId": "wildfly-management",
|
||||
"secret": "secret",
|
||||
"enabled": true,
|
||||
"baseUrl": "/photoz-restful-api",
|
||||
"publicClient": false,
|
||||
"redirectUris": [
|
||||
"/photoz-restful-api/*"
|
||||
],
|
||||
"webOrigins" : ["*"]
|
||||
}
|
||||
]
|
||||
}
|
|
@ -42,7 +42,7 @@
|
|||
<groupId>org.wildfly.core</groupId>
|
||||
<artifactId>wildfly-cli</artifactId>
|
||||
<scope>test</scope>
|
||||
<version>2.2.0.Final</version>
|
||||
<version>3.0.0.Beta30</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
|
|
|
@ -0,0 +1,109 @@
|
|||
/*
|
||||
* Copyright 2017 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.keycloak.testsuite.adapter.example.authorization;
|
||||
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.keycloak.testsuite.util.IOUtil.loadRealm;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.jboss.arquillian.graphene.page.Page;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.testsuite.adapter.AbstractAdapterTest;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
|
||||
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
|
||||
import org.keycloak.testsuite.pages.AppServerWelcomePage;
|
||||
import org.keycloak.testsuite.util.WaitUtils;
|
||||
import org.wildfly.extras.creaper.core.ManagementClient;
|
||||
import org.wildfly.extras.creaper.core.online.OnlineManagementClient;
|
||||
import org.wildfly.extras.creaper.core.online.OnlineOptions;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
|
||||
*/
|
||||
@AppServerContainer("app-server-wildfly")
|
||||
//@AdapterLibsLocationProperty("adapter.libs.wildfly")
|
||||
public class WildflyManagementProtectionTest extends AbstractAdapterTest {
|
||||
|
||||
@Page
|
||||
protected AppServerWelcomePage appServerWelcomePage;
|
||||
|
||||
@Page
|
||||
protected AccountUpdateProfilePage accountUpdateProfilePage;
|
||||
|
||||
@Override
|
||||
public void addAdapterTestRealms(List<RealmRepresentation> testRealms) {
|
||||
testRealms.add(loadRealm("/wildfly-integration/wildfly-management-realm.json"));
|
||||
}
|
||||
|
||||
@Before
|
||||
public void beforeAuthTest() {
|
||||
super.beforeAuthTest();
|
||||
|
||||
try {
|
||||
OnlineManagementClient clientWorkerNodeClient = ManagementClient.online(OnlineOptions
|
||||
.standalone()
|
||||
.hostAndPort("localhost", 10190)
|
||||
.build());
|
||||
|
||||
// Create a realm for both wildfly console and mgmt interface
|
||||
clientWorkerNodeClient.execute("/subsystem=keycloak/realm=jboss-infra:add(auth-server-url=http://localhost:8180/auth,realm-public-key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB)");
|
||||
|
||||
// Create a secure-deployment in order to protect mgmt interface
|
||||
clientWorkerNodeClient.execute("/subsystem=keycloak/secure-deployment=wildfly-management:add(realm=jboss-infra,resource=wildfly-management,principal-attribute=preferred_username,bearer-only=true,ssl-required=EXTERNAL)");
|
||||
|
||||
// Protect HTTP mgmt interface with Keycloak adapter
|
||||
clientWorkerNodeClient.execute("/core-service=management/management-interface=http-interface:undefine-attribute(name=security-realm)");
|
||||
clientWorkerNodeClient.execute("/subsystem=elytron/http-authentication-factory=keycloak-mgmt-http-authentication:add(security-domain=KeycloakDomain,http-server-mechanism-factory=wildfly-management,mechanism-configurations=[{mechanism-name=KEYCLOAK,mechanism-realm-configurations=[{realm-name=KeycloakOIDCRealm,realm-mapper=keycloak-oidc-realm-mapper}]}])");
|
||||
clientWorkerNodeClient.execute("/core-service=management/management-interface=http-interface:write-attribute(name=http-authentication-factory,value=keycloak-mgmt-http-authentication)");
|
||||
clientWorkerNodeClient.execute("/core-service=management/management-interface=http-interface:write-attribute(name=http-upgrade, value={enabled=true, sasl-authentication-factory=management-sasl-authentication})");
|
||||
|
||||
// Enable RBAC where roles are obtained from the identity
|
||||
clientWorkerNodeClient.execute("/core-service=management/access=authorization:write-attribute(name=provider,value=rbac)");
|
||||
clientWorkerNodeClient.execute("/core-service=management/access=authorization:write-attribute(name=use-identity-roles,value=true)");
|
||||
|
||||
// Create a secure-server in order to publish the wildfly console configuration via mgmt interface
|
||||
clientWorkerNodeClient.execute("/subsystem=keycloak/secure-server=wildfly-console:add(realm=jboss-infra,resource=wildfly-console,public-client=true)");
|
||||
|
||||
// reload
|
||||
clientWorkerNodeClient.execute("reload");
|
||||
} catch (Exception cause) {
|
||||
throw new RuntimeException("Failed to configure app server", cause);
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testLogin() throws InterruptedException {
|
||||
appServerWelcomePage.navigateToConsole();
|
||||
appServerWelcomePage.login("admin", "admin");
|
||||
WaitUtils.pause(2000);
|
||||
assertTrue(appServerWelcomePage.isCurrent());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testUserCanAccessAccountService() throws InterruptedException {
|
||||
appServerWelcomePage.navigateToConsole();
|
||||
appServerWelcomePage.login("admin", "admin");
|
||||
WaitUtils.pause(2000);
|
||||
appServerWelcomePage.navigateToAccessControl();
|
||||
appServerWelcomePage.navigateManageProfile();
|
||||
assertTrue(accountUpdateProfilePage.isCurrent());
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue