KEYCLOAK-5320 Configure SSL using creaper
This commit is contained in:
parent
1fb8846a7a
commit
330cb022eb
13 changed files with 200 additions and 401 deletions
|
@ -50,6 +50,7 @@
|
|||
<arquillian-infinispan-container.version>1.2.0.Beta2</arquillian-infinispan-container.version>
|
||||
<version.shrinkwrap.resolvers>2.2.6</version.shrinkwrap.resolvers>
|
||||
<undertow-embedded.version>1.0.0.Alpha2</undertow-embedded.version>
|
||||
<version.org.wildfly.extras.creaper>1.6.1</version.org.wildfly.extras.creaper>
|
||||
|
||||
<!--migration properties-->
|
||||
<migration.70.version>1.9.8.Final</migration.70.version>
|
||||
|
|
|
@ -1,51 +0,0 @@
|
|||
<!--
|
||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
~ and other contributors as indicated by the @author tags.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
|
||||
xmlns:xalan="http://xml.apache.org/xalan"
|
||||
xmlns:j="urn:jboss:domain:1.8"
|
||||
xmlns:w="urn:jboss:domain:web:2.2"
|
||||
version="2.0"
|
||||
exclude-result-prefixes="xalan j ds k sec">
|
||||
|
||||
<xsl:param name="config"/>
|
||||
|
||||
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
|
||||
<xsl:strip-space elements="*"/>
|
||||
|
||||
<xsl:template match="//w:connector[@name='http']">
|
||||
<xsl:copy-of select="."/>
|
||||
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
|
||||
<ssl name="https" password="secret" certificate-key-file="${{jboss.server.config.dir}}/adapter.jks"/>
|
||||
</connector>
|
||||
</xsl:template>
|
||||
|
||||
<xsl:template match="//j:extensions">
|
||||
<xsl:copy-of select="."/>
|
||||
<system-properties>
|
||||
<property name="javax.net.ssl.trustStore" value="${{jboss.server.config.dir}}/keycloak.truststore"/>
|
||||
<property name="javax.net.ssl.trustStorePassword" value="secret"/>
|
||||
</system-properties>
|
||||
</xsl:template>
|
||||
|
||||
<xsl:template match="@*|node()">
|
||||
<xsl:copy>
|
||||
<xsl:apply-templates select="@*|node()" />
|
||||
</xsl:copy>
|
||||
</xsl:template>
|
||||
|
||||
</xsl:stylesheet>
|
|
@ -1,64 +0,0 @@
|
|||
<!--
|
||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
~ and other contributors as indicated by the @author tags.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
|
||||
xmlns:xalan="http://xml.apache.org/xalan"
|
||||
version="2.0"
|
||||
exclude-result-prefixes="xalan">
|
||||
|
||||
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
|
||||
<xsl:strip-space elements="*"/>
|
||||
|
||||
<xsl:template match="//*[local-name()='security-realms']">
|
||||
<xsl:copy>
|
||||
<xsl:apply-templates select="node()[name(.)='security-realm']"/>
|
||||
<security-realm name="UndertowRealm">
|
||||
<server-identities>
|
||||
<ssl>
|
||||
<keystore path="adapter.jks" relative-to="jboss.server.config.dir" keystore-password="secret"/>
|
||||
</ssl>
|
||||
</server-identities>
|
||||
</security-realm>
|
||||
</xsl:copy>
|
||||
</xsl:template>
|
||||
<xsl:template match="//*[local-name()='http-listener']">
|
||||
<http-listener name="default" socket-binding="http" redirect-socket="proxy-https" proxy-address-forwarding="true"/>
|
||||
</xsl:template>
|
||||
<xsl:template match="//*[local-name()='host']">
|
||||
<https-listener name="https" socket-binding="proxy-https" security-realm="UndertowRealm"/>
|
||||
<xsl:copy-of select="."/>
|
||||
</xsl:template>
|
||||
|
||||
<xsl:template match="//*[local-name()='socket-binding' and @name='http']">
|
||||
<xsl:copy-of select="."/>
|
||||
<socket-binding name="proxy-https" port="8443"/>
|
||||
</xsl:template>
|
||||
|
||||
<xsl:template match="//*[local-name()='extensions']">
|
||||
<xsl:copy-of select="."/>
|
||||
<system-properties>
|
||||
<property name="javax.net.ssl.trustStore" value="${{jboss.server.config.dir}}/keycloak.truststore"/>
|
||||
<property name="javax.net.ssl.trustStorePassword" value="secret"/>
|
||||
</system-properties>
|
||||
</xsl:template>
|
||||
|
||||
<xsl:template match="@*|node()">
|
||||
<xsl:copy>
|
||||
<xsl:apply-templates select="@*|node()" />
|
||||
</xsl:copy>
|
||||
</xsl:template>
|
||||
|
||||
</xsl:stylesheet>
|
|
@ -182,6 +182,29 @@
|
|||
<overwrite>true</overwrite>
|
||||
</configuration>
|
||||
</execution>
|
||||
<execution>
|
||||
<id>copy-keystore</id>
|
||||
<phase>process-resources</phase>
|
||||
<goals>
|
||||
<goal>copy-resources</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<outputDirectory>${app.server.jboss.home}/standalone/configuration</outputDirectory>
|
||||
<resources>
|
||||
<resource>
|
||||
<directory>${common.resources}/keystore</directory>
|
||||
<includes>
|
||||
<include>adapter.jks</include>
|
||||
<include>keycloak.truststore</include>
|
||||
</includes>
|
||||
</resource>
|
||||
</resources>
|
||||
<nonFilteredFileExtensions>
|
||||
<nonFilteredFileExtension>jks</nonFilteredFileExtension>
|
||||
<nonFilteredFileExtension>truststore</nonFilteredFileExtension>
|
||||
</nonFilteredFileExtensions>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
|
||||
|
@ -323,79 +346,6 @@
|
|||
</pluginManagement>
|
||||
</build>
|
||||
</profile>
|
||||
<profile>
|
||||
<id>ssl</id>
|
||||
<activation>
|
||||
<property>
|
||||
<name>app.server.ssl.required</name>
|
||||
</property>
|
||||
</activation>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<artifactId>maven-resources-plugin</artifactId>
|
||||
</plugin>
|
||||
</plugins>
|
||||
<pluginManagement>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.codehaus.mojo</groupId>
|
||||
<artifactId>xml-maven-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>configure-adapter-subsystem-security</id>
|
||||
<phase>process-resources</phase>
|
||||
<goals>
|
||||
<goal>transform</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<transformationSets>
|
||||
<transformationSet>
|
||||
<dir>${app.server.jboss.home}/standalone/configuration</dir>
|
||||
<includes>
|
||||
<include>standalone.xml</include>
|
||||
</includes>
|
||||
<stylesheet>${common.resources}/${security.xslt}</stylesheet>
|
||||
<outputDir>${app.server.jboss.home}/standalone/configuration</outputDir>
|
||||
</transformationSet>
|
||||
</transformationSets>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<artifactId>maven-resources-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>copy-keystore</id>
|
||||
<phase>process-resources</phase>
|
||||
<goals>
|
||||
<goal>copy-resources</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<outputDirectory>${app.server.jboss.home}/standalone/configuration</outputDirectory>
|
||||
<resources>
|
||||
<resource>
|
||||
<directory>${common.resources}/keystore</directory>
|
||||
<includes>
|
||||
<include>adapter.jks</include>
|
||||
<include>keycloak.truststore</include>
|
||||
</includes>
|
||||
</resource>
|
||||
</resources>
|
||||
<nonFilteredFileExtensions>
|
||||
<nonFilteredFileExtension>jks</nonFilteredFileExtension>
|
||||
<nonFilteredFileExtension>truststore</nonFilteredFileExtension>
|
||||
</nonFilteredFileExtensions>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</pluginManagement>
|
||||
</build>
|
||||
</profile>
|
||||
|
||||
<profile>
|
||||
<id>app-server-as7</id>
|
||||
<modules>
|
||||
|
|
|
@ -1,67 +0,0 @@
|
|||
<!--
|
||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
~ and other contributors as indicated by the @author tags.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
|
||||
xmlns:xalan="http://xml.apache.org/xalan"
|
||||
xmlns:j="urn:jboss:domain:4.0"
|
||||
xmlns:ds="urn:jboss:domain:datasources:4.0"
|
||||
xmlns:k="urn:jboss:domain:keycloak:1.1"
|
||||
xmlns:sec="urn:jboss:domain:security:1.2"
|
||||
xmlns:u="urn:jboss:domain:undertow:3.0"
|
||||
version="2.0"
|
||||
exclude-result-prefixes="xalan j ds k sec">
|
||||
|
||||
<xsl:param name="config"/>
|
||||
|
||||
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
|
||||
<xsl:strip-space elements="*"/>
|
||||
|
||||
<xsl:template match="//j:security-realms">
|
||||
<xsl:copy>
|
||||
<xsl:apply-templates select="node()[name(.)='security-realm']"/>
|
||||
<security-realm name="UndertowRealm">
|
||||
<server-identities>
|
||||
<ssl>
|
||||
<keystore path="keycloak.jks" relative-to="jboss.server.config.dir" keystore-password="secret"/>
|
||||
</ssl>
|
||||
</server-identities>
|
||||
<authentication>
|
||||
<truststore path="keycloak.truststore" relative-to="jboss.server.config.dir" keystore-password="secret"/>
|
||||
</authentication>
|
||||
</security-realm>
|
||||
</xsl:copy>
|
||||
</xsl:template>
|
||||
<xsl:template match="//u:http-listener">
|
||||
<http-listener name="default" socket-binding="http" redirect-socket="proxy-https" proxy-address-forwarding="true"/>
|
||||
</xsl:template>
|
||||
<xsl:template match="//u:host">
|
||||
<https-listener name="https" socket-binding="proxy-https" verify-client="REQUESTED" security-realm="UndertowRealm"/>
|
||||
<xsl:copy-of select="."/>
|
||||
</xsl:template>
|
||||
|
||||
<xsl:template match="//j:socket-binding[@name='http']">
|
||||
<xsl:copy-of select="."/>
|
||||
<socket-binding name="proxy-https" port="8443"/>
|
||||
</xsl:template>
|
||||
|
||||
<xsl:template match="@*|node()">
|
||||
<xsl:copy>
|
||||
<xsl:apply-templates select="@*|node()" />
|
||||
</xsl:copy>
|
||||
</xsl:template>
|
||||
|
||||
</xsl:stylesheet>
|
|
@ -1,64 +0,0 @@
|
|||
<!--
|
||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
~ and other contributors as indicated by the @author tags.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
|
||||
xmlns:xalan="http://xml.apache.org/xalan"
|
||||
xmlns:j="urn:jboss:domain:4.1"
|
||||
xmlns:ds="urn:jboss:domain:datasources:4.0"
|
||||
xmlns:k="urn:jboss:domain:keycloak:1.1"
|
||||
xmlns:sec="urn:jboss:domain:security:1.2"
|
||||
xmlns:u="urn:jboss:domain:undertow:3.1"
|
||||
version="2.0"
|
||||
exclude-result-prefixes="xalan j ds k sec">
|
||||
|
||||
<xsl:param name="config"/>
|
||||
|
||||
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
|
||||
<xsl:strip-space elements="*"/>
|
||||
|
||||
<xsl:template match="//j:security-realms">
|
||||
<xsl:copy>
|
||||
<xsl:apply-templates select="node()[name(.)='security-realm']"/>
|
||||
<security-realm name="UndertowRealm">
|
||||
<server-identities>
|
||||
<ssl>
|
||||
<keystore path="keycloak.jks" relative-to="jboss.server.config.dir" keystore-password="secret"/>
|
||||
</ssl>
|
||||
</server-identities>
|
||||
</security-realm>
|
||||
</xsl:copy>
|
||||
</xsl:template>
|
||||
<xsl:template match="//u:http-listener">
|
||||
<http-listener name="default" socket-binding="http" redirect-socket="proxy-https" proxy-address-forwarding="true"/>
|
||||
</xsl:template>
|
||||
<xsl:template match="//u:host">
|
||||
<https-listener name="https" socket-binding="proxy-https" security-realm="UndertowRealm"/>
|
||||
<xsl:copy-of select="."/>
|
||||
</xsl:template>
|
||||
|
||||
<xsl:template match="//j:socket-binding[@name='http']">
|
||||
<xsl:copy-of select="."/>
|
||||
<socket-binding name="proxy-https" port="8443"/>
|
||||
</xsl:template>
|
||||
|
||||
<xsl:template match="@*|node()">
|
||||
<xsl:copy>
|
||||
<xsl:apply-templates select="@*|node()" />
|
||||
</xsl:copy>
|
||||
</xsl:template>
|
||||
|
||||
</xsl:stylesheet>
|
|
@ -342,81 +342,6 @@
|
|||
</pluginManagement>
|
||||
</build>
|
||||
</profile>
|
||||
|
||||
<profile>
|
||||
<id>ssl</id>
|
||||
<activation>
|
||||
<property>
|
||||
<name>auth.server.ssl.required</name>
|
||||
</property>
|
||||
</activation>
|
||||
<properties>
|
||||
<!--disable exclusion pattern for x509 tests, which is enabled by default in the base/pom.xml-->
|
||||
<exclude.x509>-</exclude.x509>
|
||||
</properties>
|
||||
<build>
|
||||
<pluginManagement>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.codehaus.mojo</groupId>
|
||||
<artifactId>xml-maven-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>configure-adapter-subsystem-security</id>
|
||||
<phase>process-resources</phase>
|
||||
<goals>
|
||||
<goal>transform</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<transformationSets>
|
||||
<transformationSet>
|
||||
<dir>${auth.server.home}/standalone/configuration</dir>
|
||||
<includes>
|
||||
<include>standalone.xml</include>
|
||||
</includes>
|
||||
<stylesheet>${common.resources}/${security.xsl}</stylesheet>
|
||||
<outputDir>${auth.server.home}/standalone/configuration</outputDir>
|
||||
</transformationSet>
|
||||
</transformationSets>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<artifactId>maven-resources-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>copy-keystore</id>
|
||||
<phase>process-resources</phase>
|
||||
<goals>
|
||||
<goal>copy-resources</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<outputDirectory>${auth.server.home}/standalone/configuration</outputDirectory>
|
||||
<resources>
|
||||
<resource>
|
||||
<directory>${common.resources}/keystore</directory>
|
||||
<includes>
|
||||
<include>keycloak.jks</include>
|
||||
<include>keycloak.truststore</include>
|
||||
<include>client.jks</include>
|
||||
<include>ca.crt</include>
|
||||
<include>client.crt</include>
|
||||
<include>client.key</include>
|
||||
<include>intermediate-ca.crl</include>
|
||||
<include>empty.crl</include>
|
||||
</includes>
|
||||
</resource>
|
||||
</resources>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</pluginManagement>
|
||||
</build>
|
||||
</profile>
|
||||
|
||||
<profile>
|
||||
<id>jpa</id>
|
||||
<properties>
|
||||
|
|
|
@ -9,6 +9,10 @@ import org.jboss.arquillian.test.spi.annotation.ClassScoped;
|
|||
import org.jboss.arquillian.test.spi.event.suite.BeforeClass;
|
||||
import org.jboss.logging.Logger;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
|
||||
import org.wildfly.extras.creaper.core.ManagementClient;
|
||||
import org.wildfly.extras.creaper.core.online.ManagementProtocol;
|
||||
import org.wildfly.extras.creaper.core.online.OnlineManagementClient;
|
||||
import org.wildfly.extras.creaper.core.online.OnlineOptions;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.MalformedURLException;
|
||||
|
@ -91,6 +95,22 @@ public class AppServerTestEnricher {
|
|||
return appServerInfo;
|
||||
}
|
||||
|
||||
public static OnlineManagementClient getManagementClient() {
|
||||
OnlineManagementClient managementClient;
|
||||
try {
|
||||
managementClient = ManagementClient.online(OnlineOptions
|
||||
.standalone()
|
||||
.hostAndPort(System.getProperty("app.server.host"), System.getProperty("app.server","").startsWith("eap6") ? 10199 : 10190)
|
||||
.protocol(System.getProperty("app.server","").startsWith("eap6") ? ManagementProtocol.REMOTE : ManagementProtocol.HTTP_REMOTING)
|
||||
.build()
|
||||
);
|
||||
} catch (IOException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
|
||||
return managementClient;
|
||||
}
|
||||
|
||||
@Inject
|
||||
private Instance<ContainerController> containerConrollerInstance;
|
||||
|
||||
|
|
|
@ -36,6 +36,9 @@ import org.keycloak.representations.idm.RealmRepresentation;
|
|||
import org.keycloak.testsuite.client.KeycloakTestingClient;
|
||||
import org.keycloak.testsuite.util.LogChecker;
|
||||
import org.keycloak.testsuite.util.OAuthClient;
|
||||
import org.wildfly.extras.creaper.core.ManagementClient;
|
||||
import org.wildfly.extras.creaper.core.online.OnlineManagementClient;
|
||||
import org.wildfly.extras.creaper.core.online.OnlineOptions;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.MalformedURLException;
|
||||
|
@ -117,6 +120,22 @@ public class AuthServerTestEnricher {
|
|||
return String.format("%s://%s:%s", scheme, host, port + clusterPortOffset);
|
||||
}
|
||||
|
||||
public static OnlineManagementClient getManagementClient() {
|
||||
OnlineManagementClient managementClient;
|
||||
try {
|
||||
managementClient = ManagementClient.online(OnlineOptions
|
||||
.standalone()
|
||||
.hostAndPort(System.getProperty("auth.server.host", "localhost"), Integer.parseInt(System.getProperty("auth.server.management.port", "10090")))
|
||||
.build()
|
||||
);
|
||||
} catch (IOException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
|
||||
|
||||
return managementClient;
|
||||
}
|
||||
|
||||
public void initializeSuiteContext(@Observes(precedence = 2) BeforeSuite event) {
|
||||
Set<ContainerInfo> containers = containerRegistry.get().getContainers().stream()
|
||||
.map(ContainerInfo::new)
|
||||
|
|
|
@ -144,7 +144,7 @@ public class DeploymentArchiveProcessor implements ApplicationArchiveProcessor {
|
|||
if (authServerSslRequired) {
|
||||
modifyDocElementAttribute(doc, "SingleSignOnService", "bindingUrl", "8080", System.getProperty("auth.server.https.port"));
|
||||
modifyDocElementAttribute(doc, "SingleSignOnService", "bindingUrl", "http", "https");
|
||||
modifyDocElementAttribute(doc, "SingleSignOnService", "assertionConsumerServiceUrl", "8081", System.getProperty("app.server.http.port"));
|
||||
modifyDocElementAttribute(doc, "SingleSignOnService", "assertionConsumerServiceUrl", "8081", System.getProperty("app.server.https.port"));
|
||||
modifyDocElementAttribute(doc, "SingleSignOnService", "assertionConsumerServiceUrl", "http", "https");
|
||||
modifyDocElementAttribute(doc, "SingleLogoutService", "postBindingUrl", "8080", System.getProperty("auth.server.https.port"));
|
||||
modifyDocElementAttribute(doc, "SingleLogoutService", "postBindingUrl", "http", "https");
|
||||
|
|
|
@ -18,11 +18,13 @@ package org.keycloak.testsuite;
|
|||
|
||||
import org.apache.commons.configuration.ConfigurationException;
|
||||
import org.apache.commons.configuration.PropertiesConfiguration;
|
||||
import org.junit.BeforeClass;
|
||||
import org.keycloak.common.util.KeycloakUriBuilder;
|
||||
import org.keycloak.common.util.Time;
|
||||
import org.keycloak.testsuite.arquillian.KcArquillian;
|
||||
import org.keycloak.testsuite.arquillian.TestContext;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.URI;
|
||||
import java.net.URISyntaxException;
|
||||
import java.util.ArrayList;
|
||||
|
@ -30,6 +32,7 @@ import java.util.Arrays;
|
|||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.TimeoutException;
|
||||
|
||||
import javax.ws.rs.NotFoundException;
|
||||
import org.jboss.arquillian.container.test.api.RunAsClient;
|
||||
|
@ -65,6 +68,16 @@ import org.keycloak.testsuite.util.OAuthClient;
|
|||
import org.keycloak.testsuite.util.TestCleanup;
|
||||
import org.keycloak.testsuite.util.TestEventsLogger;
|
||||
import org.openqa.selenium.WebDriver;
|
||||
import org.wildfly.extras.creaper.commands.undertow.AddUndertowListener;
|
||||
import org.wildfly.extras.creaper.commands.undertow.RemoveUndertowListener;
|
||||
import org.wildfly.extras.creaper.commands.undertow.UndertowListenerType;
|
||||
import org.wildfly.extras.creaper.core.CommandFailedException;
|
||||
import org.wildfly.extras.creaper.core.online.CliException;
|
||||
import org.wildfly.extras.creaper.core.online.OnlineManagementClient;
|
||||
import org.wildfly.extras.creaper.core.online.operations.Address;
|
||||
import org.wildfly.extras.creaper.core.online.operations.OperationException;
|
||||
import org.wildfly.extras.creaper.core.online.operations.Operations;
|
||||
import org.wildfly.extras.creaper.core.online.operations.admin.Administration;
|
||||
|
||||
import static org.keycloak.testsuite.admin.Users.setPasswordFor;
|
||||
import static org.keycloak.testsuite.auth.page.AuthRealm.ADMIN;
|
||||
|
@ -78,6 +91,8 @@ import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER;
|
|||
@RunAsClient
|
||||
public abstract class AbstractKeycloakTest {
|
||||
|
||||
protected static final boolean AUTH_SERVER_SSL_REQUIRED = Boolean.parseBoolean(System.getProperty("auth.server.ssl.required", "false"));
|
||||
|
||||
protected Logger log = Logger.getLogger(this.getClass());
|
||||
|
||||
@ArquillianResource
|
||||
|
@ -122,6 +137,13 @@ public abstract class AbstractKeycloakTest {
|
|||
|
||||
private boolean resetTimeOffset;
|
||||
|
||||
@BeforeClass
|
||||
public static void setUpAuthServer() throws Exception {
|
||||
if (AUTH_SERVER_SSL_REQUIRED) {
|
||||
enableHTTPSForAuthServer();
|
||||
}
|
||||
}
|
||||
|
||||
@Before
|
||||
public void beforeAbstractKeycloakTest() throws Exception {
|
||||
adminClient = testContext.getAdminClient();
|
||||
|
@ -155,6 +177,7 @@ public abstract class AbstractKeycloakTest {
|
|||
}
|
||||
|
||||
oauth.init(adminClient, driver);
|
||||
|
||||
}
|
||||
|
||||
protected void beforeAbstractKeycloakTestRealmImport() throws Exception {
|
||||
|
@ -307,20 +330,21 @@ public abstract class AbstractKeycloakTest {
|
|||
} catch (NotFoundException e) {
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
public RealmsResource realmsResouce() {
|
||||
return adminClient.realms();
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a user in the given realm and returns its ID.
|
||||
* @param realm Realm name
|
||||
* @param username Username
|
||||
* @param password Password
|
||||
*
|
||||
* @param realm Realm name
|
||||
* @param username Username
|
||||
* @param password Password
|
||||
* @param requiredActions
|
||||
* @return ID of the newly created user
|
||||
*/
|
||||
public String createUser(String realm, String username, String password, String ... requiredActions) {
|
||||
public String createUser(String realm, String username, String password, String... requiredActions) {
|
||||
List<String> requiredUserActions = Arrays.asList(requiredActions);
|
||||
|
||||
UserRepresentation homer = new UserRepresentation();
|
||||
|
@ -359,6 +383,7 @@ public abstract class AbstractKeycloakTest {
|
|||
|
||||
/**
|
||||
* Sets time offset in seconds that will be added to Time.currentTime() and Time.currentTimeMillis() both for client and server.
|
||||
*
|
||||
* @param offset
|
||||
*/
|
||||
public void setTimeOffset(int offset) {
|
||||
|
@ -403,4 +428,27 @@ public abstract class AbstractKeycloakTest {
|
|||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private static void enableHTTPSForAuthServer() throws IOException, CommandFailedException, TimeoutException, InterruptedException, CliException, OperationException {
|
||||
OnlineManagementClient client = AuthServerTestEnricher.getManagementClient();
|
||||
Administration administration = new Administration(client);
|
||||
Operations operations = new Operations(client);
|
||||
|
||||
if(!operations.exists(Address.coreService("management").and("security-realm", "UndertowRealm"))) {
|
||||
client.execute("/core-service=management/security-realm=UndertowRealm:add()");
|
||||
client.execute("/core-service=management/security-realm=UndertowRealm/server-identity=ssl:add(keystore-relative-to=jboss.server.config.dir,keystore-password=secret,keystore-path=keycloak.jks");
|
||||
}
|
||||
|
||||
client.apply(new RemoveUndertowListener.Builder(UndertowListenerType.HTTPS_LISTENER, "https")
|
||||
.forDefaultServer());
|
||||
|
||||
administration.reloadIfRequired();
|
||||
|
||||
client.apply(new AddUndertowListener.HttpsBuilder("https", "default-server", "https")
|
||||
.securityRealm("UndertowRealm")
|
||||
.build());
|
||||
|
||||
administration.reloadIfRequired();
|
||||
client.close();
|
||||
}
|
||||
}
|
|
@ -21,17 +21,32 @@ import org.apache.commons.io.IOUtils;
|
|||
import org.jboss.arquillian.graphene.page.Page;
|
||||
import org.jboss.shrinkwrap.api.Archive;
|
||||
import org.jboss.shrinkwrap.api.asset.StringAsset;
|
||||
import org.junit.BeforeClass;
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.testsuite.AbstractAuthTest;
|
||||
import org.keycloak.testsuite.adapter.page.AppServerContextRoot;
|
||||
import org.keycloak.testsuite.arquillian.AppServerTestEnricher;
|
||||
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
|
||||
import org.wildfly.extras.creaper.commands.undertow.AddUndertowListener;
|
||||
import org.wildfly.extras.creaper.commands.undertow.RemoveUndertowListener;
|
||||
import org.wildfly.extras.creaper.commands.undertow.UndertowListenerType;
|
||||
import org.wildfly.extras.creaper.commands.web.AddConnector;
|
||||
import org.wildfly.extras.creaper.commands.web.AddConnectorSslConfig;
|
||||
import org.wildfly.extras.creaper.core.CommandFailedException;
|
||||
import org.wildfly.extras.creaper.core.online.CliException;
|
||||
import org.wildfly.extras.creaper.core.online.OnlineManagementClient;
|
||||
import org.wildfly.extras.creaper.core.online.operations.Address;
|
||||
import org.wildfly.extras.creaper.core.online.operations.OperationException;
|
||||
import org.wildfly.extras.creaper.core.online.operations.Operations;
|
||||
import org.wildfly.extras.creaper.core.online.operations.admin.Administration;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.URL;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.TimeoutException;
|
||||
|
||||
/**
|
||||
*
|
||||
|
@ -43,6 +58,9 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest {
|
|||
@Page
|
||||
protected AppServerContextRoot appServerContextRootPage;
|
||||
|
||||
protected static final boolean APP_SERVER_SSL_REQUIRED = Boolean.parseBoolean(System.getProperty("app.server.ssl.required", "false"));
|
||||
protected static final String APP_SERVER_CONTAINER = System.getProperty("app.server", "");
|
||||
|
||||
public static final String JBOSS_DEPLOYMENT_STRUCTURE_XML = "jboss-deployment-structure.xml";
|
||||
public static final URL jbossDeploymentStructure = AbstractServletsAdapterTest.class
|
||||
.getResource("/adapter-test/" + JBOSS_DEPLOYMENT_STRUCTURE_XML);
|
||||
|
@ -50,6 +68,13 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest {
|
|||
public static final URL tomcatContext = AbstractServletsAdapterTest.class
|
||||
.getResource("/adapter-test/" + TOMCAT_CONTEXT_XML);
|
||||
|
||||
@BeforeClass
|
||||
public static void setUpAppServer() throws Exception {
|
||||
if (APP_SERVER_SSL_REQUIRED && (APP_SERVER_CONTAINER.contains("eap") || APP_SERVER_CONTAINER.contains("wildfly"))) { // Other containers need some external configuraiton to run SSL tests
|
||||
enableHTTPSForAppServer();
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
||||
addAdapterTestRealms(testRealms);
|
||||
|
@ -216,4 +241,46 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest {
|
|||
}
|
||||
}
|
||||
|
||||
private static void enableHTTPSForAppServer() throws CommandFailedException, InterruptedException, TimeoutException, IOException, CliException, OperationException {
|
||||
OnlineManagementClient client = AppServerTestEnricher.getManagementClient();
|
||||
Administration administration = new Administration(client);
|
||||
Operations operations = new Operations(client);
|
||||
|
||||
if(!operations.exists(Address.coreService("management").and("security-realm", "UndertowRealm"))) {
|
||||
client.execute("/core-service=management/security-realm=UndertowRealm:add()");
|
||||
client.execute("/core-service=management/security-realm=UndertowRealm/server-identity=ssl:add(keystore-relative-to=jboss.server.config.dir,keystore-password=secret,keystore-path=adapter.jks");
|
||||
}
|
||||
|
||||
client.execute("/system-property=javax.net.ssl.trustStore:add(value=${jboss.server.config.dir}/keycloak.truststore)");
|
||||
client.execute("/system-property=javax.net.ssl.trustStorePassword:add(value=secret)");
|
||||
|
||||
if (APP_SERVER_CONTAINER.contains("eap6")) {
|
||||
if(!operations.exists(Address.subsystem("web").and("connector", "https"))) {
|
||||
client.apply(new AddConnector.Builder("https")
|
||||
.protocol("HTTP/1.1")
|
||||
.scheme("https")
|
||||
.socketBinding("https")
|
||||
.secure(true)
|
||||
.build());
|
||||
|
||||
client.apply(new AddConnectorSslConfig.Builder("https")
|
||||
.password("secret")
|
||||
.certificateKeyFile("${jboss.server.config.dir}/adapter.jks")
|
||||
.build());
|
||||
}
|
||||
} else {
|
||||
client.apply(new RemoveUndertowListener.Builder(UndertowListenerType.HTTPS_LISTENER, "https")
|
||||
.forDefaultServer());
|
||||
|
||||
administration.reloadIfRequired();
|
||||
|
||||
client.apply(new AddUndertowListener.HttpsBuilder("https", "default-server", "https")
|
||||
.securityRealm("UndertowRealm")
|
||||
.build());
|
||||
}
|
||||
|
||||
administration.reloadIfRequired();
|
||||
client.close();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -971,6 +971,21 @@
|
|||
<groupId>junit</groupId>
|
||||
<artifactId>junit</artifactId>
|
||||
</dependency>
|
||||
|
||||
<!--Dependencies for creaper:-->
|
||||
|
||||
<dependency>
|
||||
<groupId>org.wildfly.extras.creaper</groupId>
|
||||
<artifactId>creaper-commands</artifactId>
|
||||
<version>${version.org.wildfly.extras.creaper}</version>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>com.google.guava</groupId>
|
||||
<artifactId>guava</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.jboss.arquillian.junit</groupId>
|
||||
<artifactId>arquillian-junit-container</artifactId>
|
||||
|
|
Loading…
Reference in a new issue