Merge pull request #4336 from wyvie/springboot

[KEYCLOAK-4290] Integration testsuite update to support springboot testing

testsuite/integration-arquillian/test-apps/spring-boot-adapter/mvnw

@@ -0,0 +1,225 @@
+#!/bin/sh
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+
+# ----------------------------------------------------------------------------
+# Maven2 Start Up Batch script
+#
+# Required ENV vars:
+# ------------------
+#   JAVA_HOME - location of a JDK home dir
+#
+# Optional ENV vars
+# -----------------
+#   M2_HOME - location of maven2's installed home dir
+#   MAVEN_OPTS - parameters passed to the Java VM when running Maven
+#     e.g. to debug Maven itself, use
+#       set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+#   MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+# ----------------------------------------------------------------------------
+
+if [ -z "$MAVEN_SKIP_RC" ] ; then
+
+  if [ -f /etc/mavenrc ] ; then
+    . /etc/mavenrc
+  fi
+
+  if [ -f "$HOME/.mavenrc" ] ; then
+    . "$HOME/.mavenrc"
+  fi
+
+fi
+
+# OS specific support.  $var _must_ be set to either true or false.
+cygwin=false;
+darwin=false;
+mingw=false
+case "`uname`" in
+  CYGWIN*) cygwin=true ;;
+  MINGW*) mingw=true;;
+  Darwin*) darwin=true
+    # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
+    # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
+    if [ -z "$JAVA_HOME" ]; then
+      if [ -x "/usr/libexec/java_home" ]; then
+        export JAVA_HOME="`/usr/libexec/java_home`"
+      else
+        export JAVA_HOME="/Library/Java/Home"
+      fi
+    fi
+    ;;
+esac
+
+if [ -z "$JAVA_HOME" ] ; then
+  if [ -r /etc/gentoo-release ] ; then
+    JAVA_HOME=`java-config --jre-home`
+  fi
+fi
+
+if [ -z "$M2_HOME" ] ; then
+  ## resolve links - $0 may be a link to maven's home
+  PRG="$0"
+
+  # need this for relative symlinks
+  while [ -h "$PRG" ] ; do
+    ls=`ls -ld "$PRG"`
+    link=`expr "$ls" : '.*-> \(.*\)$'`
+    if expr "$link" : '/.*' > /dev/null; then
+      PRG="$link"
+    else
+      PRG="`dirname "$PRG"`/$link"
+    fi
+  done
+
+  saveddir=`pwd`
+
+  M2_HOME=`dirname "$PRG"`/..
+
+  # make it fully qualified
+  M2_HOME=`cd "$M2_HOME" && pwd`
+
+  cd "$saveddir"
+  # echo Using m2 at $M2_HOME
+fi
+
+# For Cygwin, ensure paths are in UNIX format before anything is touched
+if $cygwin ; then
+  [ -n "$M2_HOME" ] &&
+    M2_HOME=`cygpath --unix "$M2_HOME"`
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
+  [ -n "$CLASSPATH" ] &&
+    CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
+fi
+
+# For Migwn, ensure paths are in UNIX format before anything is touched
+if $mingw ; then
+  [ -n "$M2_HOME" ] &&
+    M2_HOME="`(cd "$M2_HOME"; pwd)`"
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
+  # TODO classpath?
+fi
+
+if [ -z "$JAVA_HOME" ]; then
+  javaExecutable="`which javac`"
+  if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
+    # readlink(1) is not available as standard on Solaris 10.
+    readLink=`which readlink`
+    if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
+      if $darwin ; then
+        javaHome="`dirname \"$javaExecutable\"`"
+        javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
+      else
+        javaExecutable="`readlink -f \"$javaExecutable\"`"
+      fi
+      javaHome="`dirname \"$javaExecutable\"`"
+      javaHome=`expr "$javaHome" : '\(.*\)/bin'`
+      JAVA_HOME="$javaHome"
+      export JAVA_HOME
+    fi
+  fi
+fi
+
+if [ -z "$JAVACMD" ] ; then
+  if [ -n "$JAVA_HOME"  ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+      # IBM's JDK on AIX uses strange locations for the executables
+      JAVACMD="$JAVA_HOME/jre/sh/java"
+    else
+      JAVACMD="$JAVA_HOME/bin/java"
+    fi
+  else
+    JAVACMD="`which java`"
+  fi
+fi
+
+if [ ! -x "$JAVACMD" ] ; then
+  echo "Error: JAVA_HOME is not defined correctly." >&2
+  echo "  We cannot execute $JAVACMD" >&2
+  exit 1
+fi
+
+if [ -z "$JAVA_HOME" ] ; then
+  echo "Warning: JAVA_HOME environment variable is not set."
+fi
+
+CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
+
+# traverses directory structure from process work directory to filesystem root
+# first directory with .mvn subdirectory is considered project base directory
+find_maven_basedir() {
+
+  if [ -z "$1" ]
+  then
+    echo "Path not specified to find_maven_basedir"
+    return 1
+  fi
+
+  basedir="$1"
+  wdir="$1"
+  while [ "$wdir" != '/' ] ; do
+    if [ -d "$wdir"/.mvn ] ; then
+      basedir=$wdir
+      break
+    fi
+    # workaround for JBEAP-8937 (on Solaris 10/Sparc)
+    if [ -d "${wdir}" ]; then
+      wdir=`cd "$wdir/.."; pwd`
+    fi
+    # end of workaround
+  done
+  echo "${basedir}"
+}
+
+# concatenates all lines of a file
+concat_lines() {
+  if [ -f "$1" ]; then
+    echo "$(tr -s '\n' ' ' < "$1")"
+  fi
+}
+
+BASE_DIR=`find_maven_basedir "$(pwd)"`
+if [ -z "$BASE_DIR" ]; then
+  exit 1;
+fi
+
+export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}
+echo $MAVEN_PROJECTBASEDIR
+MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin; then
+  [ -n "$M2_HOME" ] &&
+    M2_HOME=`cygpath --path --windows "$M2_HOME"`
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
+  [ -n "$CLASSPATH" ] &&
+    CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
+  [ -n "$MAVEN_PROJECTBASEDIR" ] &&
+    MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"`
+fi
+
+WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+exec "$JAVACMD" \
+  $MAVEN_OPTS \
+  -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
+  "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
+  ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"

testsuite/integration-arquillian/test-apps/spring-boot-adapter/mvnw.cmd

@@ -0,0 +1,143 @@
+@REM ----------------------------------------------------------------------------
+@REM Licensed to the Apache Software Foundation (ASF) under one
+@REM or more contributor license agreements.  See the NOTICE file
+@REM distributed with this work for additional information
+@REM regarding copyright ownership.  The ASF licenses this file
+@REM to you under the Apache License, Version 2.0 (the
+@REM "License"); you may not use this file except in compliance
+@REM with the License.  You may obtain a copy of the License at
+@REM
+@REM    http://www.apache.org/licenses/LICENSE-2.0
+@REM
+@REM Unless required by applicable law or agreed to in writing,
+@REM software distributed under the License is distributed on an
+@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+@REM KIND, either express or implied.  See the License for the
+@REM specific language governing permissions and limitations
+@REM under the License.
+@REM ----------------------------------------------------------------------------
+
+@REM ----------------------------------------------------------------------------
+@REM Maven2 Start Up Batch script
+@REM
+@REM Required ENV vars:
+@REM JAVA_HOME - location of a JDK home dir
+@REM
+@REM Optional ENV vars
+@REM M2_HOME - location of maven2's installed home dir
+@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
+@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending
+@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
+@REM     e.g. to debug Maven itself, use
+@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+@REM ----------------------------------------------------------------------------
+
+@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
+@echo off
+@REM enable echoing my setting MAVEN_BATCH_ECHO to 'on'
+@if "%MAVEN_BATCH_ECHO%" == "on"  echo %MAVEN_BATCH_ECHO%
+
+@REM set %HOME% to equivalent of $HOME
+if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
+
+@REM Execute a user defined script before this one
+if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
+@REM check for pre script, once with legacy .bat ending and once with .cmd ending
+if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat"
+if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd"
+:skipRcPre
+
+@setlocal
+
+set ERROR_CODE=0
+
+@REM To isolate internal variables from possible post scripts, we use another setlocal
+@setlocal
+
+@REM ==== START VALIDATION ====
+if not "%JAVA_HOME%" == "" goto OkJHome
+
+echo.
+echo Error: JAVA_HOME not found in your environment. >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+:OkJHome
+if exist "%JAVA_HOME%\bin\java.exe" goto init
+
+echo.
+echo Error: JAVA_HOME is set to an invalid directory. >&2
+echo JAVA_HOME = "%JAVA_HOME%" >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+@REM ==== END VALIDATION ====
+
+:init
+
+@REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
+@REM Fallback to current working directory if not found.
+
+set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
+IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
+
+set EXEC_DIR=%CD%
+set WDIR=%EXEC_DIR%
+:findBaseDir
+IF EXIST "%WDIR%"\.mvn goto baseDirFound
+cd ..
+IF "%WDIR%"=="%CD%" goto baseDirNotFound
+set WDIR=%CD%
+goto findBaseDir
+
+:baseDirFound
+set MAVEN_PROJECTBASEDIR=%WDIR%
+cd "%EXEC_DIR%"
+goto endDetectBaseDir
+
+:baseDirNotFound
+set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
+cd "%EXEC_DIR%"
+
+:endDetectBaseDir
+
+IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
+
+@setlocal EnableExtensions EnableDelayedExpansion
+for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
+@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
+
+:endReadAdditionalConfig
+
+SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
+
+set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
+set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+%MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
+if ERRORLEVEL 1 goto error
+goto end
+
+:error
+set ERROR_CODE=1
+
+:end
+@endlocal & set ERROR_CODE=%ERROR_CODE%
+
+if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost
+@REM check for post script, once with legacy .bat ending and once with .cmd ending
+if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat"
+if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd"
+:skipRcPost
+
+@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
+if "%MAVEN_BATCH_PAUSE%" == "on" pause
+
+if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE%
+
+exit /B %ERROR_CODE%

testsuite/integration-arquillian/test-apps/spring-boot-adapter/pom.xml

@@ -0,0 +1,134 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<groupId>org.keycloak</groupId>
+	<artifactId>spring-boot-adapter</artifactId>
+	<version>0.0.1-SNAPSHOT</version>
+	<packaging>jar</packaging>
+
+	<name>spring-boot-adapter</name>
+	<description>Spring boot adapter test application</description>
+
+	<parent>
+		<groupId>org.springframework.boot</groupId>
+		<artifactId>spring-boot-starter-parent</artifactId>
+		<version>1.5.3.RELEASE</version>
+		<relativePath/> <!-- lookup parent from repository -->
+	</parent>
+
+	<properties>
+		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+		<java.version>1.8</java.version>
+
+        <keycloak.version>3.3.0.CR1-SNAPSHOT</keycloak.version>
+	</properties>
+
+	<dependencies>
+	
+		<dependency>
+		    <groupId>org.springframework.boot</groupId>
+		    <artifactId>spring-boot-starter-thymeleaf</artifactId>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-test</artifactId>
+			<scope>test</scope>
+		</dependency>
+		 
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-web</artifactId>
+		</dependency>
+		
+		<dependency>
+			<groupId>org.keycloak</groupId>
+			<artifactId>keycloak-spring-boot-adapter</artifactId>
+			<version>${keycloak.version}</version>
+		</dependency>
+
+	</dependencies>
+
+	<profiles>
+		<profile>
+			<id>spring-boot-adapter-tomcat</id>
+			<dependencies>
+				<dependency>
+					<groupId>org.springframework.boot</groupId>
+					<artifactId>spring-boot-starter-web</artifactId>
+				</dependency>
+				<dependency>
+					<groupId>org.keycloak</groupId>
+					<artifactId>keycloak-tomcat8-adapter</artifactId>
+					<version>${keycloak.version}</version>
+				</dependency>
+			</dependencies>
+		</profile>
+
+		<profile>
+			<id>spring-boot-adapter-jetty</id>
+			<dependencies>
+				<dependency>
+					<groupId>org.springframework.boot</groupId>
+					<artifactId>spring-boot-starter-web</artifactId>
+					<exclusions>
+						<exclusion>
+							<groupId>org.springframework.boot</groupId>
+							<artifactId>spring-boot-starter-tomcat</artifactId>
+						</exclusion>
+					</exclusions>
+				</dependency>
+				<dependency>
+					<groupId>org.springframework.boot</groupId>
+					<artifactId>spring-boot-starter-jetty</artifactId>
+				</dependency>
+
+				<dependency>
+					<groupId>org.keycloak</groupId>
+					<artifactId>keycloak-jetty94-adapter</artifactId>
+					<version>${keycloak.version}</version>
+				</dependency>
+			</dependencies>
+		</profile>
+
+		<profile>
+			<id>spring-boot-adapter-undertow</id>
+			<dependencies>
+				<dependency>
+					<groupId>org.springframework.boot</groupId>
+					<artifactId>spring-boot-starter-web</artifactId>
+					<exclusions>
+						<exclusion>
+							<groupId>org.springframework.boot</groupId>
+							<artifactId>spring-boot-starter-tomcat</artifactId>
+						</exclusion>
+					</exclusions>
+				</dependency>
+				<dependency>
+					<groupId>org.springframework.boot</groupId>
+					<artifactId>spring-boot-starter-undertow</artifactId>
+				</dependency>
+
+				<dependency>
+					<groupId>org.keycloak</groupId>
+					<artifactId>keycloak-undertow-adapter</artifactId>
+					<version>${keycloak.version}</version>
+				</dependency>
+			</dependencies>
+		</profile>
+	</profiles>
+
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.springframework.boot</groupId>
+				<artifactId>spring-boot-maven-plugin</artifactId>
+			</plugin>
+		</plugins>
+	</build>
+
+
+</project>

testsuite/integration-arquillian/test-apps/spring-boot-adapter/src/main/java/org/keycloak/AdminController.java

@@ -0,0 +1,59 @@
+package org.keycloak;
+
+import java.io.IOException;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
+import org.keycloak.common.util.Time;
+import org.keycloak.jose.jws.JWSInput;
+import org.keycloak.jose.jws.JWSInputException;
+import org.keycloak.representations.RefreshToken;
+import org.keycloak.util.JsonSerialization;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.util.NumberUtils;
+import org.springframework.util.StringUtils;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.context.request.WebRequest;
+
+@Controller
+@RequestMapping(path = "/admin")
+public class AdminController {
+	
+	@RequestMapping(path = "/TokenServlet", method = RequestMethod.GET)
+	public String showTokens(WebRequest req, Model model, @RequestParam Map<String, String> attributes) throws IOException {
+	    String timeOffset = attributes.get("timeOffset");
+	    if (!StringUtils.isEmpty(timeOffset)) {
+	        int offset;
+	        try {
+                offset = Integer.parseInt(timeOffset, 10);
+            }
+            catch (NumberFormatException e) {
+	            offset = 0;
+            }
+
+            Time.setOffset(offset);
+        }
+
+        RefreshableKeycloakSecurityContext ctx =
+        		(RefreshableKeycloakSecurityContext) req.getAttribute(KeycloakSecurityContext.class.getName(), WebRequest.SCOPE_REQUEST);
+        String accessTokenPretty = JsonSerialization.writeValueAsPrettyString(ctx.getToken());
+        RefreshToken refreshToken;
+        try {
+            refreshToken = new JWSInput(ctx.getRefreshToken()).readJsonContent(RefreshToken.class);
+        } catch (JWSInputException e) {
+            throw new IOException(e);
+        }
+        String refreshTokenPretty = JsonSerialization.writeValueAsPrettyString(refreshToken);
+        
+        model.addAttribute("accessToken", accessTokenPretty);
+        model.addAttribute("refreshToken", refreshTokenPretty);
+        model.addAttribute("accessTokenString", ctx.getTokenString());
+        
+        return "tokens";
+	}
+}

testsuite/integration-arquillian/test-apps/spring-boot-adapter/src/main/java/org/keycloak/SpringBootAdapterApplication.java

@@ -0,0 +1,12 @@
+package org.keycloak;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class SpringBootAdapterApplication {
+
+	public static void main(String[] args) {
+		SpringApplication.run(SpringBootAdapterApplication.class, args);
+	}
+}

testsuite/integration-arquillian/test-apps/spring-boot-adapter/src/main/resources/application.properties

@@ -0,0 +1,12 @@
+server.port=8280
+
+keycloak.realm=test
+keycloak.auth-server-url=http://localhost:8180/auth
+keycloak.ssl-required=external
+keycloak.resource=spring-boot-app
+keycloak.credentials.secret=e3789ac5-bde6-4957-a7b0-612823dac101
+keycloak.realm-key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB
+
+keycloak.security-constraints[0].authRoles[0]=admin
+keycloak.security-constraints[0].securityCollections[0].name=Admin zone
+keycloak.security-constraints[0].securityCollections[0].patterns[0]=/admin/*

testsuite/integration-arquillian/test-apps/spring-boot-adapter/src/main/resources/static/admin/index.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>springboot admin page</title>
+</head>
+<body>
+
+    <div class="test">You are now admin</div>
+
+</body>
+</html>

testsuite/integration-arquillian/test-apps/spring-boot-adapter/src/main/resources/static/index.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>springboot test page</title>
+</head>
+<body>
+
+    <div class="test">Click <a href="admin/index.html" class="adminlink">here</a> to go admin</div>
+
+</body>
+</html>

testsuite/integration-arquillian/test-apps/spring-boot-adapter/src/main/resources/templates/tokens.html

@@ -0,0 +1,11 @@
+<!DOCTYPE HTML>
+<html xmlns:th="http://www.thymeleaf.org/">
+	<head>
+		<title>Tokens from spring boot</title>
+	</head>
+	<body>
+		<span id="accessToken" th:text="${accessToken}"></span>
+		<span id="refreshToken" th:text="${refreshToken}"></span>
+		<span id="accessTokenString" th:text="${accessTokenString}"></span>
+	</body>
+</html>

testsuite/integration-arquillian/test-apps/spring-boot-adapter/src/test/java/org/keycloak/SpringBootAdapterApplicationTests.java

@@ -0,0 +1,16 @@
+package org.keycloak;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.junit4.SpringRunner;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest
+public class SpringBootAdapterApplicationTests {
+
+	@Test
+	public void contextLoads() {
+	}
+
+}

testsuite/integration-arquillian/tests/other/pom.xml

@@ -39,6 +39,7 @@
     <modules>
         <module>adapters</module>
         <module>sssd</module>
+        <module>springboot-tests</module>
     </modules>
 
     <build>

testsuite/integration-arquillian/tests/other/springboot-tests/pom.xml

@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>integration-arquillian-tests-other</artifactId>
+        <groupId>org.keycloak.testsuite</groupId>
+        <version>3.3.0.CR1-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>integration-arquillian-tests-springboot</artifactId>
+
+    <properties>
+        <exclude.springboot>**/springboot/**/*Test.java</exclude.springboot>
+
+        <adapter.container>tomcat</adapter.container>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-test-helper</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+
+            <plugin>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <configuration>
+                    <excludes>
+                        <exclude>${exclude.springboot}</exclude>
+                    </excludes>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+    <profiles>
+        <profile>
+            <id>test-springboot</id>
+            <properties>
+                <exclude.springboot>-</exclude.springboot>
+            </properties>
+
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>com.bazaarvoice.maven.plugins</groupId>
+                        <artifactId>process-exec-maven-plugin</artifactId>
+                        <version>0.7</version>
+                        <executions>
+                            <execution>
+                                <id>spring-boot-application-process</id>
+                                <phase>generate-test-resources</phase>
+                                <goals>
+                                    <goal>start</goal>
+                                </goals>
+                                <configuration>
+                                    <name>springboot</name>
+                                    <workingDir>../../../../test-apps/spring-boot-adapter</workingDir>
+                                    <arguments>
+                                        <argument>mvn</argument>
+                                        <argument>spring-boot:run</argument>
+                                        <argument>-Dkeycloak.version=${project.version}</argument>
+                                        <argument>-Pspring-boot-adapter-${adapter.container}</argument>
+                                    </arguments>
+                                </configuration>
+                            </execution>
+
+                            <execution>
+                                <id>kill-processes</id>
+                                <phase>post-integration-test</phase>
+                                <goals>
+                                    <goal>stop-all</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
+
+
+</project>

testsuite/integration-arquillian/tests/other/springboot-tests/src/main/java/org/keycloak/testsuite/springboot/SpringAdminPage.java

@@ -0,0 +1,22 @@
+package org.keycloak.testsuite.springboot;
+
+import org.keycloak.testsuite.pages.AbstractPage;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.FindBy;
+
+public class SpringAdminPage extends AbstractPage {
+
+    @FindBy(className = "test")
+    private WebElement testDiv;
+
+
+    @Override
+    public boolean isCurrent() {
+        return driver.getTitle().equalsIgnoreCase("springboot admin page");
+    }
+
+    @Override
+    public void open() throws Exception {
+
+    }
+}

testsuite/integration-arquillian/tests/other/springboot-tests/src/main/java/org/keycloak/testsuite/springboot/SpringApplicationPage.java

@@ -0,0 +1,40 @@
+package org.keycloak.testsuite.springboot;
+
+import org.keycloak.testsuite.pages.AbstractPage;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.FindBy;
+
+public class SpringApplicationPage extends AbstractPage {
+
+    @FindBy(className = "test")
+    private WebElement testDiv;
+
+    @FindBy(className = "adminlink")
+    private WebElement adminLink;
+
+    private String title;
+
+    public SpringApplicationPage() {
+        super();
+
+        title = "springboot test page";
+    }
+
+    public String getTitle() {
+        return title;
+    }
+
+    @Override
+    public boolean isCurrent() {
+        return driver.getTitle().equalsIgnoreCase(title);
+    }
+
+    @Override
+    public void open() throws Exception {
+
+    }
+
+    public void goAdmin() {
+        adminLink.click();
+    }
+}

testsuite/integration-arquillian/tests/other/springboot-tests/src/main/java/org/keycloak/testsuite/springboot/TokenPage.java

@@ -0,0 +1,19 @@
+package org.keycloak.testsuite.springboot;
+
+import java.net.URL;
+
+import org.jboss.arquillian.test.api.ArquillianResource;
+import org.keycloak.testsuite.adapter.page.AbstractShowTokensPage;
+
+public class TokenPage extends AbstractShowTokensPage {
+
+	@Override
+	public boolean isCurrent() {
+		return driver.getTitle().equalsIgnoreCase("tokens from spring boot");
+	}
+
+	@Override
+	public URL getInjectedUrl() {
+		return null;
+	}
+}

testsuite/integration-arquillian/tests/other/springboot-tests/src/test/java/org/keycloak/testsuite/springboot/AbstractSpringBootTest.java

@@ -0,0 +1,217 @@
+package org.keycloak.testsuite.springboot;
+
+import static org.keycloak.testsuite.admin.ApiUtil.assignRealmRoles;
+import static org.keycloak.testsuite.admin.ApiUtil.createUserWithAdminClient;
+import static org.keycloak.testsuite.admin.ApiUtil.resetUserPassword;
+import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith;
+
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import javax.ws.rs.core.UriBuilder;
+
+import org.jboss.arquillian.graphene.page.Page;
+import org.jboss.logging.Logger;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.keycloak.OAuth2Constants;
+import org.keycloak.admin.client.resource.RealmResource;
+import org.keycloak.admin.client.resource.RoleResource;
+import org.keycloak.representations.idm.ClientRepresentation;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.representations.idm.RoleRepresentation;
+import org.keycloak.representations.idm.UserRepresentation;
+import org.keycloak.testsuite.AbstractKeycloakTest;
+import org.keycloak.testsuite.admin.ApiUtil;
+import org.keycloak.testsuite.arquillian.SuiteContext;
+import org.keycloak.testsuite.pages.LoginPage;
+import org.keycloak.testsuite.util.WaitUtils;
+import org.keycloak.util.TokenUtil;
+import org.openqa.selenium.By;
+
+public abstract class AbstractSpringBootTest extends AbstractKeycloakTest {
+
+    protected static final String REALM_ID = "cd8ee421-5100-41ba-95dd-b27c8e5cf042";
+
+    protected static final String REALM_NAME = "test";
+
+    protected static final String CLIENT_ID = "spring-boot-app";
+    protected static final String SECRET = "e3789ac5-bde6-4957-a7b0-612823dac101";
+
+    protected static final String APPLICATION_URL = "http://localhost:8280";
+    protected static final String BASE_URL = APPLICATION_URL + "/admin";
+
+    protected static final String USER_LOGIN = "testuser";
+    protected static final String USER_EMAIL = "user@email.test";
+    protected static final String USER_PASSWORD = "user-password";
+
+    protected static final String USER_LOGIN_2 = "testuser2";
+    protected static final String USER_EMAIL_2 = "user2@email.test";
+    protected static final String USER_PASSWORD_2 = "user2-password";
+
+    protected static final String CORRECT_ROLE = "admin";
+    protected static final String INCORRECT_ROLE = "wrong-admin";
+
+    protected static final String REALM_PUBLIC_KEY = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5" +
+            "mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi7" +
+            "9NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB";
+
+    protected static final String REALM_PRIVATE_KEY = "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3Bj" +
+            "LGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vj" +
+            "O2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jY" +
+            "lQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn" +
+            "9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEK" +
+            "Xalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2w" +
+            "Vl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJ" +
+            "AY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZ" +
+            "N39fOYAlo+nTixgeW7X8Y=";
+
+    @Page
+    protected LoginPage loginPage;
+
+    @Page
+    protected SpringApplicationPage applicationPage;
+
+    @Page
+    protected SpringAdminPage adminPage;
+    
+    @Page
+    protected TokenPage tokenPage;
+
+    @Override
+    public void addTestRealms(List<RealmRepresentation> testRealms) {
+        RealmRepresentation realm = new RealmRepresentation();
+
+        realm.setId(REALM_ID);
+        realm.setRealm(REALM_NAME);
+        realm.setEnabled(true);
+
+        realm.setPublicKey(REALM_PUBLIC_KEY);
+        realm.setPrivateKey(REALM_PRIVATE_KEY);
+
+        realm.setClients(Collections.singletonList(createClient()));
+
+        List<String> eventListeners = new ArrayList<>();
+        eventListeners.add("jboss-logging");
+        eventListeners.add("event-queue");
+        realm.setEventsListeners(eventListeners);
+
+        testRealms.add(realm);
+    }
+
+    private ClientRepresentation createClient() {
+        ClientRepresentation clientRepresentation = new ClientRepresentation();
+
+        clientRepresentation.setId(CLIENT_ID);
+        clientRepresentation.setSecret(SECRET);
+
+        clientRepresentation.setBaseUrl(BASE_URL);
+        clientRepresentation.setRedirectUris(Collections.singletonList(BASE_URL + "/*"));
+        clientRepresentation.setAdminUrl(BASE_URL);
+
+        return clientRepresentation;
+    }
+
+    private void addUser(String login, String email, String password, String... roles) {
+        UserRepresentation userRepresentation = new UserRepresentation();
+
+        userRepresentation.setUsername(login);
+        userRepresentation.setEmail(email);
+        userRepresentation.setEmailVerified(true);
+        userRepresentation.setEnabled(true);
+
+        RealmResource realmResource = adminClient.realm(REALM_NAME);
+        String userId = createUserWithAdminClient(realmResource, userRepresentation);
+
+        resetUserPassword(realmResource.users().get(userId), password, false);
+
+        for (String role : roles)
+            assignRealmRoles(realmResource, userId, role);
+    }
+
+    private String getAuthRoot(SuiteContext suiteContext) {
+        return suiteContext.getAuthServerInfo().getContextRoot().toString();
+    }
+
+    private String encodeUrl(String url) {
+        String result;
+        try {
+            result = URLEncoder.encode(url, "UTF-8");
+        } catch (UnsupportedEncodingException e) {
+            result = url;
+        }
+
+        return result;
+    }
+    
+    protected String logoutPage(String redirectUrl) {
+    	return getAuthRoot(suiteContext)
+                + "/auth/realms/" + REALM_NAME
+                + "/protocol/" + "openid-connect"
+                + "/logout?redirect_uri=" + encodeUrl(redirectUrl);
+    }
+
+    protected void setAdapterAndServerTimeOffset(int timeOffset, String url) {
+        setTimeOffset(timeOffset);
+
+        String timeOffsetUri = UriBuilder.fromUri(url)
+                .queryParam("timeOffset", timeOffset)
+                .build().toString();
+
+        driver.navigate().to(timeOffsetUri);
+        WaitUtils.waitUntilElement(By.tagName("body")).is().visible();
+    }
+
+    protected String getCorrectUserId() {
+        return adminClient.realms().realm(REALM_NAME).users().search(USER_LOGIN)
+                .get(0).getId();
+    }
+
+    @Before
+    public void createRoles() {
+        RealmResource realm = realmsResouce().realm(REALM_NAME);
+
+        RoleRepresentation correct = new RoleRepresentation(CORRECT_ROLE, CORRECT_ROLE, false);
+        realm.roles().create(correct);
+
+        RoleRepresentation incorrect = new RoleRepresentation(INCORRECT_ROLE, INCORRECT_ROLE, false);
+        realm.roles().create(incorrect);
+    }
+
+    @Before
+    public void addUsers() {
+        addUser(USER_LOGIN, USER_EMAIL, USER_PASSWORD, CORRECT_ROLE);
+        addUser(USER_LOGIN_2, USER_EMAIL_2, USER_PASSWORD_2, INCORRECT_ROLE);
+    }
+
+    @After
+    public void cleanupUsers() {
+        RealmResource providerRealm = adminClient.realm(REALM_NAME);
+        UserRepresentation userRep = ApiUtil.findUserByUsername(providerRealm, USER_LOGIN);
+        if (userRep != null) {
+            providerRealm.users().get(userRep.getId()).remove();
+        }
+
+        RealmResource childRealm = adminClient.realm(REALM_NAME);
+        userRep = ApiUtil.findUserByUsername(childRealm, USER_LOGIN_2);
+        if (userRep != null) {
+            childRealm.users().get(userRep.getId()).remove();
+        }
+    }
+
+    @After
+    public void cleanupRoles() {
+        RealmResource realm = realmsResouce().realm(REALM_NAME);
+
+        RoleResource correctRole = realm.roles().get(CORRECT_ROLE);
+        correctRole.remove();
+
+        RoleResource incorrectRole = realm.roles().get(INCORRECT_ROLE);
+        incorrectRole.remove();
+    }
+}

testsuite/integration-arquillian/tests/other/springboot-tests/src/test/java/org/keycloak/testsuite/springboot/BasicSpringBootTest.java

@@ -0,0 +1,61 @@
+package org.keycloak.testsuite.springboot;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class BasicSpringBootTest extends AbstractSpringBootTest {
+    @Test
+    public void testCorrectUser() {
+        driver.navigate().to(APPLICATION_URL + "/index.html");
+
+        Assert.assertTrue("Must be on application page", applicationPage.isCurrent());
+
+        applicationPage.goAdmin();
+
+        Assert.assertTrue("Must be on login page", loginPage.isCurrent());
+
+        loginPage.login(USER_LOGIN, USER_PASSWORD);
+
+        Assert.assertTrue("Must be on admin page", adminPage.isCurrent());
+        Assert.assertTrue("Admin page must contain correct div",
+                driver.getPageSource().contains("You are now admin"));
+
+        driver.navigate().to(logoutPage(BASE_URL));
+
+        Assert.assertTrue("Must be on login page", loginPage.isCurrent());
+
+    }
+
+    @Test
+    public void testIncorrectUser() {
+        driver.navigate().to(APPLICATION_URL + "/index.html");
+
+        Assert.assertTrue("Must be on application page", applicationPage.isCurrent());
+
+        applicationPage.goAdmin();
+
+        Assert.assertTrue("Must be on login page", loginPage.isCurrent());
+
+        loginPage.login(USER_LOGIN_2, USER_PASSWORD_2);
+
+        Assert.assertTrue("Must return 403 because of incorrect role",
+                driver.getPageSource().contains("There was an unexpected error (type=Forbidden, status=403)")
+                || driver.getPageSource().contains("\"status\":403,\"error\":\"Forbidden\""));
+    }
+
+    @Test
+    public void testIncorrectCredentials() {
+        driver.navigate().to(APPLICATION_URL + "/index.html");
+
+        Assert.assertTrue("Must be on application page", applicationPage.isCurrent());
+
+        applicationPage.goAdmin();
+
+        Assert.assertTrue("Must be on login page", loginPage.isCurrent());
+
+        loginPage.login(USER_LOGIN, USER_PASSWORD_2);
+
+        Assert.assertEquals("Error message about password",
+                "Invalid username or password.", loginPage.getError());
+    }
+}

testsuite/integration-arquillian/tests/other/springboot-tests/src/test/java/org/keycloak/testsuite/springboot/OfflineTokenSpringBootTest.java

@@ -0,0 +1,154 @@
+package org.keycloak.testsuite.springboot;
+
+import org.jboss.arquillian.graphene.page.Page;
+import org.junit.Assert;
+import org.junit.Rule;
+import org.junit.Test;
+import org.keycloak.OAuth2Constants;
+import org.keycloak.events.Details;
+import org.keycloak.events.EventType;
+import org.keycloak.services.Urls;
+import org.keycloak.testsuite.AssertEvents;
+import org.keycloak.testsuite.pages.AccountApplicationsPage;
+import org.keycloak.testsuite.pages.OAuthGrantPage;
+import org.keycloak.testsuite.util.ClientManager;
+import org.keycloak.testsuite.util.WaitUtils;
+import org.keycloak.util.TokenUtil;
+import org.openqa.selenium.By;
+
+import javax.ws.rs.core.UriBuilder;
+import java.util.List;
+
+import static org.keycloak.testsuite.util.WaitUtils.pause;
+
+public class OfflineTokenSpringBootTest extends AbstractSpringBootTest {
+    private static final String SERVLET_URI = APPLICATION_URL + "/admin/TokenServlet";
+
+    @Rule
+    public AssertEvents events = new AssertEvents(this);
+
+    @Page
+    private AccountApplicationsPage accountAppPage;
+
+    @Page
+    private OAuthGrantPage oauthGrantPage;
+
+    @Test
+    public void testTokens() {
+        String servletUri = UriBuilder.fromUri(SERVLET_URI)
+                .queryParam(OAuth2Constants.SCOPE, OAuth2Constants.OFFLINE_ACCESS)
+                .build().toString();
+        driver.navigate().to(servletUri);
+
+        Assert.assertTrue("Must be on login page", loginPage.isCurrent());
+        loginPage.login(USER_LOGIN, USER_PASSWORD);
+
+        WaitUtils.waitUntilElement(By.tagName("body")).is().visible();
+
+        Assert.assertTrue(tokenPage.isCurrent());
+
+        Assert.assertEquals(tokenPage.getRefreshToken().getType(), TokenUtil.TOKEN_TYPE_OFFLINE);
+        Assert.assertEquals(tokenPage.getRefreshToken().getExpiration(), 0);
+
+        String accessTokenId = tokenPage.getAccessToken().getId();
+        String refreshTokenId = tokenPage.getRefreshToken().getId();
+
+        setAdapterAndServerTimeOffset(9999, SERVLET_URI);
+
+        driver.navigate().to(SERVLET_URI);
+        Assert.assertTrue("Must be on tokens page", tokenPage.isCurrent());
+        Assert.assertNotEquals(tokenPage.getRefreshToken().getId(), refreshTokenId);
+        Assert.assertNotEquals(tokenPage.getAccessToken().getId(), accessTokenId);
+
+        setAdapterAndServerTimeOffset(0, SERVLET_URI);
+
+        driver.navigate().to(logoutPage(SERVLET_URI));
+        Assert.assertTrue("Must be on login page", loginPage.isCurrent());
+    }
+
+    @Test
+    public void testRevoke() {
+        // Login to servlet first with offline token
+        String servletUri = UriBuilder.fromUri(SERVLET_URI)
+                .queryParam(OAuth2Constants.SCOPE, OAuth2Constants.OFFLINE_ACCESS)
+                .build().toString();
+        driver.navigate().to(servletUri);
+        WaitUtils.waitUntilElement(By.tagName("body")).is().visible();
+
+        loginPage.login(USER_LOGIN, USER_PASSWORD);
+        Assert.assertTrue("Must be on token page", tokenPage.isCurrent());
+
+        Assert.assertEquals(tokenPage.getRefreshToken().getType(), TokenUtil.TOKEN_TYPE_OFFLINE);
+
+        // Assert refresh works with increased time
+        setAdapterAndServerTimeOffset(9999, SERVLET_URI);
+        driver.navigate().to(SERVLET_URI);
+        Assert.assertTrue("Must be on token page", tokenPage.isCurrent());
+        setAdapterAndServerTimeOffset(0, SERVLET_URI);
+
+        events.clear();
+
+        // Go to account service and revoke grant
+        accountAppPage.open();
+
+        List<String> additionalGrants = accountAppPage.getApplications().get(CLIENT_ID).getAdditionalGrants();
+        Assert.assertEquals(additionalGrants.size(), 1);
+        Assert.assertEquals(additionalGrants.get(0), "Offline Token");
+        accountAppPage.revokeGrant(CLIENT_ID);
+        pause(500);
+        Assert.assertEquals(accountAppPage.getApplications().get(CLIENT_ID).getAdditionalGrants().size(), 0);
+
+        events.expect(EventType.REVOKE_GRANT).realm(REALM_ID).user(getCorrectUserId())
+                .client("account").detail(Details.REVOKED_CLIENT, CLIENT_ID).assertEvent();
+
+        // Assert refresh doesn't work now (increase time one more time)
+        setAdapterAndServerTimeOffset(9999, SERVLET_URI);
+        driver.navigate().to(SERVLET_URI);
+        loginPage.assertCurrent();
+        setAdapterAndServerTimeOffset(0, SERVLET_URI);
+    }
+
+    @Test
+    public void testConsent() {
+        ClientManager.realm(adminClient.realm(REALM_NAME)).clientId(CLIENT_ID).consentRequired(true);
+
+        // Assert grant page doesn't have 'Offline Access' role when offline token is not requested
+        driver.navigate().to(SERVLET_URI);
+        loginPage.login(USER_LOGIN, USER_PASSWORD);
+        oauthGrantPage.assertCurrent();
+        WaitUtils.waitUntilElement(By.xpath("//body")).text().not().contains("Offline access");
+        oauthGrantPage.cancel();
+
+        // Assert grant page has 'Offline Access' role now
+        String servletUri = UriBuilder.fromUri(SERVLET_URI)
+                .queryParam(OAuth2Constants.SCOPE, OAuth2Constants.OFFLINE_ACCESS)
+                .build().toString();
+        driver.navigate().to(servletUri);
+        WaitUtils.waitUntilElement(By.tagName("body")).is().visible();
+
+        loginPage.login(USER_LOGIN, USER_PASSWORD);
+        oauthGrantPage.assertCurrent();
+        WaitUtils.waitUntilElement(By.xpath("//body")).text().contains("Offline access");
+
+        oauthGrantPage.accept();
+
+        Assert.assertTrue("Must be on token page", tokenPage.isCurrent());
+        Assert.assertEquals(tokenPage.getRefreshToken().getType(), TokenUtil.TOKEN_TYPE_OFFLINE);
+
+        String accountAppPageUrl =
+            Urls.accountApplicationsPage(getAuthServerRoot(), REALM_NAME).toString();
+        driver.navigate().to(accountAppPageUrl);
+        AccountApplicationsPage.AppEntry offlineClient = accountAppPage.getApplications().get(CLIENT_ID);
+        Assert.assertTrue(offlineClient.getRolesGranted().contains("Offline access"));
+        Assert.assertTrue(offlineClient.getAdditionalGrants().contains("Offline Token"));
+
+        //This was necessary to be introduced, otherwise other testcases will fail
+        driver.navigate().to(logoutPage(SERVLET_URI));
+        loginPage.assertCurrent();
+
+        events.clear();
+
+        // Revert change
+        ClientManager.realm(adminClient.realm(REALM_NAME)).clientId(CLIENT_ID).consentRequired(false);
+    }
+}