KEYCLOAK-6749 Jetty App Server

This commit is contained in:
Sebastian Laskawiec 2019-02-12 10:12:40 +01:00 committed by Hynek Mlnařík
parent 2e7eb92f43
commit 406097a508
308 changed files with 2102 additions and 14279 deletions

View file

@ -32,7 +32,6 @@
<maven.compiler.target>1.7</maven.compiler.target> <maven.compiler.target>1.7</maven.compiler.target>
<maven.compiler.source>1.7</maven.compiler.source> <maven.compiler.source>1.7</maven.compiler.source>
<jetty9.version>8.1.17.v20150415</jetty9.version>
<keycloak.osgi.export> <keycloak.osgi.export>
org.keycloak.adapters.jetty.core.* org.keycloak.adapters.jetty.core.*
</keycloak.osgi.export> </keycloak.osgi.export>
@ -89,21 +88,21 @@
<dependency> <dependency>
<groupId>org.eclipse.jetty</groupId> <groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId> <artifactId>jetty-server</artifactId>
<version>${jetty9.version}</version> <version>${jetty81.version}</version>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.eclipse.jetty</groupId> <groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-util</artifactId> <artifactId>jetty-util</artifactId>
<version>${jetty9.version}</version> <version>${jetty81.version}</version>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.eclipse.jetty</groupId> <groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-security</artifactId> <artifactId>jetty-security</artifactId>
<version>${jetty9.version}</version> <version>${jetty81.version}</version>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>

View file

@ -22,6 +22,7 @@ import org.jboss.logging.Logger;
import org.keycloak.KeycloakPrincipal; import org.keycloak.KeycloakPrincipal;
import org.keycloak.KeycloakSecurityContext; import org.keycloak.KeycloakSecurityContext;
import org.keycloak.adapters.AdapterTokenStore; import org.keycloak.adapters.AdapterTokenStore;
import org.keycloak.adapters.AdapterUtils;
import org.keycloak.adapters.CookieTokenStore; import org.keycloak.adapters.CookieTokenStore;
import org.keycloak.adapters.KeycloakDeployment; import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.OidcKeycloakAccount; import org.keycloak.adapters.OidcKeycloakAccount;
@ -71,6 +72,10 @@ public class JettyCookieTokenStore implements AdapterTokenStore {
securityContext.setCurrentRequestInfo(deployment, this); securityContext.setCurrentRequestInfo(deployment, this);
request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext); request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext);
JettyRequestAuthenticator jettyAuthenticator = (JettyRequestAuthenticator) authenticator;
KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal = AdapterUtils.createPrincipal(deployment, securityContext);
jettyAuthenticator.principal = principal;
return true; return true;
} else { } else {
return false; return false;

View file

@ -31,8 +31,6 @@
<properties> <properties>
<maven.compiler.target>1.7</maven.compiler.target> <maven.compiler.target>1.7</maven.compiler.target>
<maven.compiler.source>1.7</maven.compiler.source> <maven.compiler.source>1.7</maven.compiler.source>
<jetty9.version>8.1.17.v20150415</jetty9.version>
<keycloak.osgi.export> <keycloak.osgi.export>
org.keycloak.adapters.jetty.* org.keycloak.adapters.jetty.*
</keycloak.osgi.export> </keycloak.osgi.export>
@ -88,21 +86,21 @@
<dependency> <dependency>
<groupId>org.eclipse.jetty</groupId> <groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId> <artifactId>jetty-server</artifactId>
<version>${jetty9.version}</version> <version>${jetty81.version}</version>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.eclipse.jetty</groupId> <groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-util</artifactId> <artifactId>jetty-util</artifactId>
<version>${jetty9.version}</version> <version>${jetty81.version}</version>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.eclipse.jetty</groupId> <groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-security</artifactId> <artifactId>jetty-security</artifactId>
<version>${jetty9.version}</version> <version>${jetty81.version}</version>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>

View file

@ -29,7 +29,6 @@
<artifactId>keycloak-jetty91-adapter</artifactId> <artifactId>keycloak-jetty91-adapter</artifactId>
<name>Keycloak Jetty 9.1.x Integration</name> <name>Keycloak Jetty 9.1.x Integration</name>
<properties> <properties>
<jetty9.version>9.1.5.v20140505</jetty9.version>
<keycloak.osgi.export> <keycloak.osgi.export>
org.keycloak.adapters.jetty.* org.keycloak.adapters.jetty.*
</keycloak.osgi.export> </keycloak.osgi.export>
@ -96,21 +95,21 @@
<dependency> <dependency>
<groupId>org.eclipse.jetty</groupId> <groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId> <artifactId>jetty-server</artifactId>
<version>${jetty9.version}</version> <version>${jetty91.version}</version>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.eclipse.jetty</groupId> <groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-util</artifactId> <artifactId>jetty-util</artifactId>
<version>${jetty9.version}</version> <version>${jetty91.version}</version>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.eclipse.jetty</groupId> <groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-security</artifactId> <artifactId>jetty-security</artifactId>
<version>${jetty9.version}</version> <version>${jetty91.version}</version>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>

View file

@ -31,8 +31,6 @@
<properties> <properties>
<maven.compiler.target>1.7</maven.compiler.target> <maven.compiler.target>1.7</maven.compiler.target>
<maven.compiler.source>1.7</maven.compiler.source> <maven.compiler.source>1.7</maven.compiler.source>
<jetty9.version>9.2.4.v20141103</jetty9.version>
<keycloak.osgi.export> <keycloak.osgi.export>
org.keycloak.adapters.jetty.* org.keycloak.adapters.jetty.*
</keycloak.osgi.export> </keycloak.osgi.export>
@ -85,21 +83,21 @@
<dependency> <dependency>
<groupId>org.eclipse.jetty</groupId> <groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId> <artifactId>jetty-server</artifactId>
<version>${jetty9.version}</version> <version>${jetty92.version}</version>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.eclipse.jetty</groupId> <groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-util</artifactId> <artifactId>jetty-util</artifactId>
<version>${jetty9.version}</version> <version>${jetty92.version}</version>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.eclipse.jetty</groupId> <groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-security</artifactId> <artifactId>jetty-security</artifactId>
<version>${jetty9.version}</version> <version>${jetty92.version}</version>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>

View file

@ -29,7 +29,6 @@
<artifactId>keycloak-jetty93-adapter</artifactId> <artifactId>keycloak-jetty93-adapter</artifactId>
<name>Keycloak Jetty 9.3.x Integration</name> <name>Keycloak Jetty 9.3.x Integration</name>
<properties> <properties>
<jetty9.version>9.3.9.v20160517</jetty9.version>
<keycloak.osgi.export> <keycloak.osgi.export>
org.keycloak.adapters.jetty.* org.keycloak.adapters.jetty.*
</keycloak.osgi.export> </keycloak.osgi.export>
@ -82,21 +81,21 @@
<dependency> <dependency>
<groupId>org.eclipse.jetty</groupId> <groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId> <artifactId>jetty-server</artifactId>
<version>${jetty9.version}</version> <version>${jetty93.version}</version>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.eclipse.jetty</groupId> <groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-util</artifactId> <artifactId>jetty-util</artifactId>
<version>${jetty9.version}</version> <version>${jetty93.version}</version>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.eclipse.jetty</groupId> <groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-security</artifactId> <artifactId>jetty-security</artifactId>
<version>${jetty9.version}</version> <version>${jetty93.version}</version>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>

View file

@ -29,7 +29,6 @@
<artifactId>keycloak-jetty94-adapter</artifactId> <artifactId>keycloak-jetty94-adapter</artifactId>
<name>Keycloak Jetty 9.4.x Integration</name> <name>Keycloak Jetty 9.4.x Integration</name>
<properties> <properties>
<jetty9.version>9.4.2.v20170220</jetty9.version>
<keycloak.osgi.export> <keycloak.osgi.export>
org.keycloak.adapters.jetty.* org.keycloak.adapters.jetty.*
</keycloak.osgi.export> </keycloak.osgi.export>
@ -82,21 +81,21 @@
<dependency> <dependency>
<groupId>org.eclipse.jetty</groupId> <groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId> <artifactId>jetty-server</artifactId>
<version>${jetty9.version}</version> <version>${jetty94.version}</version>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.eclipse.jetty</groupId> <groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-util</artifactId> <artifactId>jetty-util</artifactId>
<version>${jetty9.version}</version> <version>${jetty94.version}</version>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.eclipse.jetty</groupId> <groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-security</artifactId> <artifactId>jetty-security</artifactId>
<version>${jetty9.version}</version> <version>${jetty94.version}</version>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>

10
pom.xml
View file

@ -87,6 +87,11 @@
<undertow.version>2.0.15.Final</undertow.version> <undertow.version>2.0.15.Final</undertow.version>
<elytron.version>1.7.0.Final</elytron.version> <elytron.version>1.7.0.Final</elytron.version>
<elytron.undertow-server.version>1.3.0.Final</elytron.undertow-server.version> <elytron.undertow-server.version>1.3.0.Final</elytron.undertow-server.version>
<jetty81.version>8.1.17.v20150415</jetty81.version>
<jetty91.version>9.1.5.v20140505</jetty91.version>
<jetty92.version>9.2.4.v20141103</jetty92.version>
<jetty93.version>9.3.9.v20160517</jetty93.version>
<jetty94.version>9.4.2.v20170220</jetty94.version>
<woodstox.version>5.0.3</woodstox.version> <woodstox.version>5.0.3</woodstox.version>
<xmlsec.version>2.1.2</xmlsec.version> <xmlsec.version>2.1.2</xmlsec.version>
<glassfish.json.version>1.1.2</glassfish.json.version> <glassfish.json.version>1.1.2</glassfish.json.version>
@ -300,6 +305,11 @@
<artifactId>resteasy-jackson2-provider</artifactId> <artifactId>resteasy-jackson2-provider</artifactId>
<version>${resteasy.version}</version> <version>${resteasy.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-jaxb-provider</artifactId>
<version>${resteasy.version}</version>
</dependency>
<dependency> <dependency>
<groupId>org.jboss.resteasy</groupId> <groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-client</artifactId> <artifactId>resteasy-client</artifactId>

View file

@ -85,6 +85,21 @@ TODO: Add info about Wildfly logging
mvn -f testsuite/integration-arquillian/tests/base/pom.xml \ mvn -f testsuite/integration-arquillian/tests/base/pom.xml \
-Dtest=org.keycloak.testsuite.adapter.**.*Test -Dtest=org.keycloak.testsuite.adapter.**.*Test
### Jetty
At the moment we can run the testsuite with Jetty `9.1`, `9.2` and `9.4`.
Each version has its corresponding profile:
* Jetty `9.1`: `app-server-jetty91`
* Jetty `9.2`: `app-server-jetty92`
* Jetty `9.4`: `app-server-jetty94`
Here's how to run the tests with Jetty `9.4`:
mvn -f testsuite/integration-arquillian/tests/base/pom.xml \
-Papp-server-jetty94 \
-Dtest=org.keycloak.testsuite.adapter.**.*Test
### Wildfly ### Wildfly
# Run tests # Run tests

View file

@ -61,6 +61,7 @@
<arquillian-graphene.version>2.3.2</arquillian-graphene.version> <arquillian-graphene.version>2.3.2</arquillian-graphene.version>
<arquillian-wildfly-container.version>2.1.1.Final</arquillian-wildfly-container.version> <arquillian-wildfly-container.version>2.1.1.Final</arquillian-wildfly-container.version>
<arquillian-wls-container.version>1.0.1.Final</arquillian-wls-container.version> <arquillian-wls-container.version>1.0.1.Final</arquillian-wls-container.version>
<arquillian-jetty9-container.version>1.0.0.CR3</arquillian-jetty9-container.version>
<arquillian-container-karaf.version>2.2.0.Final</arquillian-container-karaf.version> <arquillian-container-karaf.version>2.2.0.Final</arquillian-container-karaf.version>
<arquillian-infinispan-container.version>1.2.0.Beta2</arquillian-infinispan-container.version> <arquillian-infinispan-container.version>1.2.0.Beta2</arquillian-infinispan-container.version>
<undertow-embedded.version>1.0.0.Alpha2</undertow-embedded.version> <undertow-embedded.version>1.0.0.Alpha2</undertow-embedded.version>

View file

@ -0,0 +1,87 @@
<?xml version="1.0"?>
<!--
~ Copyright 2018 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
<?xml version="1.0"?>
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<parent>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-servers-app-server-jetty</artifactId>
<version>5.0.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>integration-arquillian-servers-app-server-jetty-92</artifactId>
<dependencies>
<dependency>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-servers-app-server-jetty-common</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-jetty92-adapter</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-saml-jetty92-adapter</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.arquillian.container</groupId>
<artifactId>arquillian-jetty-embedded-9</artifactId>
<version>${arquillian-jetty9-container.version}</version>
</dependency>
<!-- Server support -->
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId>
<version>${jetty92.version}</version>
</dependency>
<!-- Deployer support -->
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-deploy</artifactId>
<version>${jetty92.version}</version>
</dependency>
<!-- KeycloakJettyAuthenticator support -->
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-jaas</artifactId>
<version>${jetty92.version}</version>
</dependency>
<!-- Web application annotations support -->
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-annotations</artifactId>
<version>${jetty92.version}</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-servers-app-server-jetty-common</artifactId>
<version>${project.version}</version>
<classifier>tests</classifier>
<type>test-jar</type>
</dependency>
</dependencies>
<name>App Server - Jetty 9.2</name>
</project>

View file

@ -0,0 +1,5 @@
package org.keycloak.testsuite.arquillian.jetty;
public class Jetty92AppServerTest extends AbstractJettyAppServerTest {
}

View file

@ -0,0 +1,87 @@
<?xml version="1.0"?>
<!--
~ Copyright 2018 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
<?xml version="1.0"?>
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<parent>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-servers-app-server-jetty</artifactId>
<version>5.0.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>integration-arquillian-servers-app-server-jetty-93</artifactId>
<dependencies>
<dependency>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-servers-app-server-jetty-common</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-jetty93-adapter</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-saml-jetty93-adapter</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.arquillian.container</groupId>
<artifactId>arquillian-jetty-embedded-9</artifactId>
<version>${arquillian-jetty9-container.version}</version>
</dependency>
<!-- Server support -->
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId>
<version>${jetty93.version}</version>
</dependency>
<!-- Deployer support -->
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-deploy</artifactId>
<version>${jetty93.version}</version>
</dependency>
<!-- KeycloakJettyAuthenticator support -->
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-jaas</artifactId>
<version>${jetty93.version}</version>
</dependency>
<!-- Web application annotations support -->
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-annotations</artifactId>
<version>${jetty93.version}</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-servers-app-server-jetty-common</artifactId>
<version>${project.version}</version>
<classifier>tests</classifier>
<type>test-jar</type>
</dependency>
</dependencies>
<name>App Server - Jetty 9.3</name>
</project>

View file

@ -0,0 +1,5 @@
package org.keycloak.testsuite.arquillian.jetty;
public class Jetty93AppServerTest extends AbstractJettyAppServerTest {
}

View file

@ -0,0 +1,87 @@
<?xml version="1.0"?>
<!--
~ Copyright 2018 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
<?xml version="1.0"?>
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<parent>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-servers-app-server-jetty</artifactId>
<version>5.0.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>integration-arquillian-servers-app-server-jetty-94</artifactId>
<dependencies>
<dependency>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-servers-app-server-jetty-common</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-jetty94-adapter</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-saml-jetty94-adapter</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.arquillian.container</groupId>
<artifactId>arquillian-jetty-embedded-9</artifactId>
<version>${arquillian-jetty9-container.version}</version>
</dependency>
<!-- Server support -->
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId>
<version>${jetty94.version}</version>
</dependency>
<!-- Deployer support -->
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-deploy</artifactId>
<version>${jetty94.version}</version>
</dependency>
<!-- KeycloakJettyAuthenticator support -->
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-jaas</artifactId>
<version>${jetty94.version}</version>
</dependency>
<!-- Web application annotations support -->
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-annotations</artifactId>
<version>${jetty94.version}</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-servers-app-server-jetty-common</artifactId>
<version>${project.version}</version>
<classifier>tests</classifier>
<type>test-jar</type>
</dependency>
</dependencies>
<name>App Server - Jetty 9.4</name>
</project>

View file

@ -0,0 +1,5 @@
package org.keycloak.testsuite.arquillian.jetty;
public class Jetty94AppServerTest extends AbstractJettyAppServerTest {
}

View file

@ -0,0 +1,137 @@
<?xml version="1.0"?>
<!--
~ Copyright 2018 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
<?xml version="1.0"?>
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<parent>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-servers-app-server-jetty</artifactId>
<version>5.0.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>integration-arquillian-servers-app-server-jetty-common</artifactId>
<dependencies>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-jetty94-adapter</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-saml-jetty94-adapter</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-saml-servlet-filter-adapter</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-servers-app-server-spi</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-util</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.jboss.arquillian.container</groupId>
<artifactId>arquillian-jetty-embedded-9</artifactId>
<version>${arquillian-jetty9-container.version}</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-jaxrs</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-jaxb-provider</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-client</artifactId>
</dependency>
<!-- Server support -->
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId>
<version>${jetty94.version}</version>
<optional>true</optional>
</dependency>
<!-- Deployer support -->
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-deploy</artifactId>
<version>${jetty94.version}</version>
<optional>true</optional>
</dependency>
<!-- KeycloakJettyAuthenticator support -->
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-jaas</artifactId>
<version>${jetty94.version}</version>
<optional>true</optional>
</dependency>
<!-- Web application annotations support -->
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-plus</artifactId>
<version>${jetty94.version}</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-annotations</artifactId>
<version>${jetty94.version}</version>
<optional>true</optional>
</dependency>
<!-- JSP Support -->
<!-- We can't use Jetty built-in support for JSPs since it conflicts with Undertow -->
<dependency>
<groupId>org.jboss.spec.javax.servlet.jsp</groupId>
<artifactId>jboss-jsp-api_2.3_spec</artifactId>
</dependency>
<!-- Test dependiencies -->
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<name>App Server - Jetty Common</name>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>test-jar</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>

View file

@ -0,0 +1,187 @@
package org.keycloak.testsuite.arquillian.jetty;
import org.eclipse.jetty.deploy.App;
import org.eclipse.jetty.deploy.AppProvider;
import org.eclipse.jetty.deploy.DeploymentManager;
import org.eclipse.jetty.deploy.util.FileID;
import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.util.URIUtil;
import org.eclipse.jetty.util.component.AbstractLifeCycle;
import org.eclipse.jetty.util.resource.Resource;
import org.eclipse.jetty.webapp.WebAppContext;
import org.jboss.logging.Logger;
import org.jboss.shrinkwrap.api.Archive;
import org.jboss.shrinkwrap.api.exporter.ZipExporter;
import java.io.File;
import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.net.URI;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Locale;
/**
* Most of the bits of this class have been copied from <code>org.jboss.arquillian.container.jetty.embedded_9.ArquillianAppProvider</code>.
*
* Unfortunately Arquillian extension for Jetty 8 and 9 uses totally different mechanism, so we need to implement
* all the bits ourselves.
*
* @author Sebastian Łaskawiec
*/
class JettyAppProvider extends AbstractLifeCycle implements AppProvider {
private static final Logger log = Logger.getLogger(MethodHandles.lookup().lookupClass());
/**
* The prefix assigned to the temporary file where the archive is exported
*/
private static final String EXPORT_FILE_PREFIX = "export";
/**
* Directory into which we'll extract export the war files
*/
private static final File EXPORT_DIR;
static {
/*
* Use of java.io.tmpdir Should be a last-resort fallback for temp directory.
*
* Use of java.io.tmpdir on CI systems is dangerous (overwrite possibility is extremely high)
*
* Use of java.io.tmpdir on Unix systems is unreliable (due to common /tmp dir cleanup processes)
*/
File systemDefaultTmpDir = new File(AccessController.doPrivileged(new PrivilegedAction<String>() {
@Override
public String run() {
return System.getProperty("java.io.tmpdir");
}
}));
// If running under maven + surefire, use information provided by surefire.
String baseDirVal = AccessController.doPrivileged(new PrivilegedAction<String>() {
@Override
public String run() {
return System.getProperty("basedir");
}
});
File mavenTmpDir = null;
if (baseDirVal != null) {
File baseDir = new File(baseDirVal);
if (baseDir.exists() && baseDir.isDirectory()) {
File targetDir = new File(baseDir, "target");
if (targetDir.exists() && targetDir.isDirectory()) {
mavenTmpDir = new File(targetDir, "arquillian-jetty-temp");
mavenTmpDir.mkdirs();
}
}
}
if ((mavenTmpDir != null) && mavenTmpDir.exists() && mavenTmpDir.isDirectory()) {
EXPORT_DIR = mavenTmpDir;
} else {
EXPORT_DIR = systemDefaultTmpDir;
}
// If the temp location doesn't exist or isn't a directory
if (!EXPORT_DIR.exists() || !EXPORT_DIR.isDirectory()) {
throw new IllegalStateException("Could not obtain export directory \"" + EXPORT_DIR.getAbsolutePath() + "\"");
}
}
private final JettyAppServerConfiguration config;
private DeploymentManager deploymentManager;
public JettyAppProvider(JettyAppServerConfiguration config) {
this.config = config;
}
protected KeycloakAdapterApp createApp(final Archive<?> archive) {
String name = archive.getName();
int extOff = name.lastIndexOf('.');
if (extOff <= 0) {
throw new RuntimeException("Not a valid Web Archive filename: " + name);
}
String ext = name.substring(extOff).toLowerCase();
if (!ext.equals(".war")) {
throw new RuntimeException("Not a recognized Web Archive: " + name);
}
name = name.substring(0, extOff);
final File exported;
try {
// If this method returns successfully then it is guaranteed that:
// 1. The file denoted by the returned abstract pathname did not exist before this method was invoked, and
// 2. Neither this method nor any of its variants will return the same abstract pathname again in the current invocation of the virtual machine.
exported = File.createTempFile(EXPORT_FILE_PREFIX, archive.getName(), EXPORT_DIR);
} catch (IOException e) {
throw new RuntimeException("Could not create temporary File in " + EXPORT_DIR + " to write exported archive", e);
}
// We are overwriting the temporary file placeholder reserved by File#createTemplateFile()
archive.as(ZipExporter.class).exportTo(exported, true);
// Mark to delete when we come down
// exported.deleteOnExit();
// Add the context
URI uri = exported.toURI();
log.debug("Webapp archive location: " + uri.toASCIIString());
return new KeycloakAdapterApp(new App(deploymentManager, this, uri.toASCIIString()), archive);
}
@Override
public ContextHandler createContextHandler(final App app) throws Exception {
Resource resource = Resource.newResource(app.getOriginId());
File file = resource.getFile();
if (!resource.exists())
throw new IllegalStateException("App resouce does not exist " + resource);
String context = file.getName();
if (FileID.isWebArchiveFile(file)) {
// Context Path is the same as the archive.
context = context.substring(0, context.length() - 4);
} else {
throw new IllegalStateException("unable to create ContextHandler for " + app);
}
// Ensure "/" is Not Trailing in context paths.
if (context.endsWith("/") && context.length() > 0) {
context = context.substring(0, context.length() - 1);
}
// Start building the webapplication
WebAppContext webAppContext = new WebAppContext();
webAppContext.setDisplayName(context);
webAppContext.setLogUrlOnStart(true);
// special case of archive (or dir) named "root" is / context
if (context.equalsIgnoreCase("root")) {
context = URIUtil.SLASH;
} else if (context.toLowerCase(Locale.ENGLISH).startsWith("root-")) {
int dash = context.toLowerCase(Locale.ENGLISH).indexOf('-');
String virtual = context.substring(dash + 1);
webAppContext.setVirtualHosts(new String[]{virtual});
context = URIUtil.SLASH;
}
// Ensure "/" is Prepended to all context paths.
if (context.charAt(0) != '/') {
context = "/" + context;
}
webAppContext.setContextPath(context);
webAppContext.setWar(file.getAbsolutePath());
webAppContext.setExtractWAR(true);
webAppContext.setParentLoaderPriority(true);
return webAppContext;
}
@Override
public void setDeploymentManager(DeploymentManager deploymentManager) {
this.deploymentManager = deploymentManager;
}
}

View file

@ -0,0 +1,323 @@
/*
* Copyright 2018 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.arquillian.jetty;
import org.eclipse.jetty.annotations.AnnotationConfiguration;
import org.eclipse.jetty.deploy.App;
import org.eclipse.jetty.deploy.AppLifeCycle;
import org.eclipse.jetty.deploy.DeploymentManager;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.server.handler.ContextHandlerCollection;
import org.eclipse.jetty.server.handler.DefaultHandler;
import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.servlet.ServletHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.servlet.ServletMapping;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.webapp.WebAppContext;
import org.jboss.arquillian.container.spi.client.container.DeployableContainer;
import org.jboss.arquillian.container.spi.client.container.DeploymentException;
import org.jboss.arquillian.container.spi.client.container.LifecycleException;
import org.jboss.arquillian.container.spi.client.protocol.ProtocolDescription;
import org.jboss.arquillian.container.spi.client.protocol.metadata.HTTPContext;
import org.jboss.arquillian.container.spi.client.protocol.metadata.ProtocolMetaData;
import org.jboss.arquillian.container.spi.client.protocol.metadata.Servlet;
import org.jboss.logging.Logger;
import org.jboss.resteasy.plugins.server.servlet.HttpServlet30Dispatcher;
import org.jboss.resteasy.spi.ResteasyDeployment;
import org.jboss.shrinkwrap.api.Archive;
import org.jboss.shrinkwrap.api.asset.ClassAsset;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.jboss.shrinkwrap.descriptor.api.Descriptor;
import org.keycloak.adapters.jetty.KeycloakJettyAuthenticator;
import org.keycloak.adapters.saml.jetty.KeycloakSamlAuthenticator;
import org.keycloak.testsuite.arquillian.jetty.saml.util.RestSamlApplicationConfig;
import org.keycloak.testsuite.utils.tls.TLSUtils;
import javax.ws.rs.Path;
import java.lang.invoke.MethodHandles;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;
public class JettyAppServer implements DeployableContainer<JettyAppServerConfiguration> {
private static final Logger log = Logger.getLogger(MethodHandles.lookup().lookupClass());
private JettyAppServerConfiguration configuration;
private JettyAppProvider appProvider;
private DeploymentManager deployer;
private Server server;
Map<String, KeycloakAdapterApp> deployedApps = new ConcurrentHashMap<>();
@Override
public Class<JettyAppServerConfiguration> getConfigurationClass() {
return JettyAppServerConfiguration.class;
}
@Override
public void setup(JettyAppServerConfiguration configuration) {
this.configuration = configuration;
appProvider = new JettyAppProvider(this.configuration);
}
@Override
public void start() throws LifecycleException {
if (configuration == null) {
log.warn("Starting Jetty with default setup.");
setup(new JettyAppServerConfiguration());
}
long start = System.currentTimeMillis();
server = new Server(configuration.getBindHttpPort());
setupSSL();
ContextHandlerCollection contexts = new ContextHandlerCollection();
deployer = new DeploymentManager();
deployer.setContexts(contexts);
deployer.addAppProvider(appProvider);
server.addBean(deployer);
HandlerCollection handlers = new HandlerCollection();
handlers.addHandler(contexts);
handlers.addHandler(new DefaultHandler());
server.setHandler(handlers);
try {
server.start();
} catch (Exception e) {
throw new LifecycleException("Unable to start Jetty", e);
}
log.infof("App server started in %dms on http://%s:%d/", (System.currentTimeMillis() - start), configuration.getBindAddress(), configuration.getBindHttpPort());
}
private void setupSSL() {
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setSslContext(TLSUtils.initializeTLS());
ServerConnector connector = new ServerConnector(server);
connector.setPort(configuration.getBindHttpPort());
HttpConfiguration https = new HttpConfiguration();
ServerConnector sslConnector = new ServerConnector(server,
new SslConnectionFactory(sslContextFactory, "http/1.1"),
new HttpConnectionFactory(https));
sslConnector.setPort(configuration.getBindHttpsPort());
server.setConnectors(new Connector[] { connector, sslConnector });
}
@Override
public void stop() throws LifecycleException {
try {
server.stop();
} catch (Exception e) {
throw new LifecycleException("Unable to stop Jetty", e);
}
log.info("App Server stopped.");
}
@Override
public ProtocolDescription getDefaultProtocol() {
return new ProtocolDescription("Servlet 3.1");
}
@Override
public ProtocolMetaData deploy(Archive<?> archive) throws DeploymentException {
log.info("Deploying archive " + archive.getName());
if (!(archive instanceof WebArchive)) {
throw new IllegalArgumentException("JettyContainer only supports WebArchives.");
}
WebArchive webArchive = (WebArchive) archive;
try {
KeycloakAdapterApp app = appProvider.createApp(webArchive);
WebAppContext webAppContext = (WebAppContext) app.getContextHandler();
addAdditionalConfigurations(webAppContext);
setContextRoot(webArchive, app, webAppContext);
if (app.usesOIDCAuthenticator()) {
addOIDCAuthenticator(webAppContext);
}
if (app.usesSAMLAuthenticator()) {
addSAMLAuthenticator(webAppContext);
}
if (app.usesJaxrs()) {
addRestEasyServlet(webArchive, webAppContext);
}
setEmbeddedClassloaderForDeployment(webAppContext);
deployer.addApp(app);
deployer.requestAppGoal(app, AppLifeCycle.STARTED);
deployedApps.put(archive.getId(), app);
HTTPContext httpContext = new HTTPContext(configuration.getBindAddress(), configuration.getBindHttpPort());
ServletHandler servletHandler = webAppContext.getServletHandler();
for (ServletHolder servlet : servletHandler.getServlets()) {
log.debugf("Servlet context mapping: %s => %s", servlet.getName(), servlet.getContextPath());
httpContext.add(new Servlet(servlet.getName(), servlet.getContextPath()));
}
if (log.isInfoEnabled()) {
for (ServletMapping mapping : server.getChildHandlerByClass(ServletHandler.class).getServletMappings()) {
log.debugf("Servlet mapping: %s => %s", mapping.getServletName(), Arrays.toString(mapping.getPathSpecs()));
}
}
return new ProtocolMetaData().addContext(httpContext);
} catch (Exception e) {
throw new DeploymentException("Unable to deploy archive", e);
}
}
private void addAdditionalConfigurations(WebAppContext webAppContext) {
List<String> configurations = new ArrayList<>();
configurations.add(AnnotationConfiguration.class.getName());
//due to Jetty incompatibility between 8 and 9, we need to use reflections here
try {
Method m = webAppContext.getClass().getDeclaredMethod("getDefaultConfigurationClasses", null);
configurations.addAll(Arrays.asList((String[]) m.invoke(webAppContext)));
} catch (Exception e) {
throw new IllegalStateException("Critical Jetty incompatibility detected", e);
}
webAppContext.setConfigurationClasses(configurations.toArray(new String[0]));
}
private void setContextRoot(WebArchive archive, KeycloakAdapterApp app, WebAppContext webAppContext) {
if ("ROOT.war".equals(archive.getName())) {
webAppContext.setContextPath("/");
} else {
webAppContext.setContextPath("/" + app.getApplicationName());
}
}
private void addRestEasyServlet(WebArchive archive, WebAppContext webAppContext) {
log.debug("Starting Resteasy deployment");
boolean addServlet = true;
ServletHolder resteasyServlet = new ServletHolder("javax.ws.rs.core.Application", new HttpServlet30Dispatcher());
String jaxrsApplication = getJaxRsApplication(archive);
Set<Class<?>> pathAnnotatedClasses = getPathAnnotatedClasses(archive);
if (jaxrsApplication != null) {
log.debug("App has an Application.class: " + jaxrsApplication);
resteasyServlet.setInitParameter("javax.ws.rs.Application", jaxrsApplication);
} else if (!pathAnnotatedClasses.isEmpty()) {
log.debug("App has @Path annotated classes: " + pathAnnotatedClasses);
ResteasyDeployment deployment = new ResteasyDeployment();
deployment.setApplication(new RestSamlApplicationConfig(pathAnnotatedClasses));
webAppContext.setAttribute(ResteasyDeployment.class.getName(), deployment);
} else {
log.debug("An application doesn't have Application.class, nor @Path annotated classes. Skipping Resteasy initialization.");
addServlet = false;
}
if (addServlet) {
// this should be /* in general. However Jetty 9.2 (this is bug specific to this version),
// can not merge two instances of javax.ws.rs.Application together (one from web.xml
// and the other one added here). In 9.1 and 9.4 this works fine.
// Once we stop supporting 9.2, this should replaced with /* and this comment should be removed.
webAppContext.addServlet(resteasyServlet, "/");
}
log.debug("Finished Resteasy deployment");
}
private String getJaxRsApplication(WebArchive archive) {
return archive.getContent(archivePath ->
archivePath.get().startsWith("/WEB-INF/classes/") && archivePath.get().endsWith("Application.class"))
.values().stream().findFirst().map(node -> node.getPath().get()).orElse(null);
}
private void addSAMLAuthenticator(WebAppContext webAppContext) {
webAppContext.getSecurityHandler().setAuthenticator(new KeycloakSamlAuthenticator());
}
private void addOIDCAuthenticator(WebAppContext webAppContext) {
webAppContext.getSecurityHandler().setAuthenticator(new KeycloakJettyAuthenticator());
}
private void setEmbeddedClassloaderForDeployment(WebAppContext webAppContext) {
ClassLoader parentCl = Thread.currentThread().getContextClassLoader();
webAppContext.setClassLoader(parentCl);
}
private Set<Class<?>> getPathAnnotatedClasses(WebArchive webArchive) {
return webArchive.getContent(archivePath ->
archivePath.get().startsWith("/WEB-INF/classes/") &&
archivePath.get().endsWith(".class")
).values().stream()
.filter(node -> node.getAsset() instanceof ClassAsset)
.map(node -> ((ClassAsset)node.getAsset()).getSource())
.filter(clazz -> clazz.isAnnotationPresent(Path.class))
.collect(Collectors.toSet());
}
@Override
public void undeploy(Archive<?> archive) {
log.info("Undeploying archive " + archive.getName());
App app = deployedApps.get(archive.getId());
if (app != null) {
deployer.requestAppGoal(app, AppLifeCycle.UNDEPLOYED);
} else {
log.warnf("Deployment '%s' (name=%s) not found", archive.getId(), archive.getName());
}
}
@Override
public void deploy(Descriptor descriptor) {
throw new UnsupportedOperationException("Not implemented");
}
@Override
public void undeploy(Descriptor descriptor) {
throw new UnsupportedOperationException("Not implemented");
}
public String getJettyVersion() {
return Server.getVersion();
}
/*
* This is a non-public method that should not be used. Only for testing.
*/
protected Server getServer() {
return server;
}
}

View file

@ -0,0 +1,36 @@
/*
* Copyright 2019 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.arquillian.jetty;
import org.jboss.arquillian.container.spi.client.container.DeployableContainer;
import org.jboss.arquillian.container.test.spi.client.deployment.ApplicationArchiveProcessor;
import org.jboss.arquillian.core.spi.LoadableExtension;
import org.keycloak.testsuite.arquillian.jetty.container.JettyDeploymentArchiveProcessor;
public class JettyAppServerArquillianExtension implements LoadableExtension {
@Override
public void register(ExtensionBuilder builder) {
builder
.service(DeployableContainer.class, JettyAppServer.class)
.service(ApplicationArchiveProcessor.class, JettyDeploymentArchiveProcessor.class);
}
}

View file

@ -0,0 +1,76 @@
/*
* Copyright 2019 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.arquillian.jetty;
import org.jboss.arquillian.container.spi.ConfigurationException;
import org.jboss.arquillian.container.spi.client.container.ContainerConfiguration;
public class JettyAppServerConfiguration implements ContainerConfiguration {
private int bindHttpPortOffset = 0;
private int bindHttpsPortOffset = 0;
private int bindHttpPort = 8280;
private int bindHttpsPort = 8643;
private String bindAddress = "localhost";
@Override
public void validate() throws ConfigurationException {
setBindHttpPort(bindHttpPort + bindHttpPortOffset);
setBindHttpsPort(bindHttpsPort + bindHttpsPortOffset);
}
public int getBindHttpPortOffset() {
return bindHttpPortOffset;
}
public void setBindHttpPortOffset(int bindHttpPortOffset) {
this.bindHttpPortOffset = bindHttpPortOffset;
}
public int getBindHttpsPortOffset() {
return bindHttpsPortOffset;
}
public void setBindHttpsPortOffset(int bindHttpsPortOffset) {
this.bindHttpsPortOffset = bindHttpsPortOffset;
}
public int getBindHttpPort() {
return bindHttpPort;
}
public void setBindHttpPort(int bindHttpPort) {
this.bindHttpPort = bindHttpPort;
}
public int getBindHttpsPort() {
return bindHttpsPort;
}
public void setBindHttpsPort(int bindHttpsPort) {
this.bindHttpsPort = bindHttpsPort;
}
public String getBindAddress() {
return bindAddress;
}
public void setBindAddress(String bindAddress) {
this.bindAddress = bindAddress;
}
}

View file

@ -0,0 +1,92 @@
package org.keycloak.testsuite.arquillian.jetty;
import org.apache.commons.io.IOUtils;
import org.eclipse.jetty.deploy.App;
import org.jboss.shrinkwrap.api.Archive;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class KeycloakAdapterApp extends App {
public static final String WEB_XML_PATH = "/WEB-INF/web.xml";
private static final Pattern modulePattern = Pattern.compile("<module-name>(.*)</module-name>");
private static final Pattern authMethodPattern = Pattern.compile("<auth-method>(.*)</auth-method>");
private final boolean usesOIDCAuthenticator;
private final boolean usesSAMLAuthenticator;
private final boolean usesJaxrs;
private final String applicationName;
public KeycloakAdapterApp(App app, Archive<?> archive) {
super(app.getDeploymentManager(), app.getAppProvider(), app.getOriginId());
boolean usesJaxRS = false;
boolean usesOIDCAuthenticator = false;
boolean usesSAMLAuthenticator = false;
String applicationName = archive.getName();
if (archive.contains(WEB_XML_PATH)) {
try {
try (InputStream is = archive.get(WEB_XML_PATH).getAsset().openStream()) {
String webXml = IOUtils.toString(is, StandardCharsets.UTF_8);
usesJaxRS = webXml.contains("javax.ws.rs.core.Application");
for(String line : webXml.split("\n")) {
line = line.trim();
if (!usesOIDCAuthenticator && !usesSAMLAuthenticator) {
Matcher m = authMethodPattern.matcher(line);
if (m.find()) {
String authMethod = m.group(1);
switch (authMethod) {
case "KEYCLOAK": {
usesOIDCAuthenticator = true;
break;
}
case "KEYCLOAK-SAML": {
usesSAMLAuthenticator = true;
break;
}
default: {
throw new IllegalArgumentException("Unknown auth-method" + authMethod);
}
}
}
}
Matcher m = modulePattern.matcher(line.trim());
if (m.find()) {
applicationName = m.group(1);
}
}
}
} catch (IOException ignored) {
}
}
this.applicationName = applicationName;
this.usesJaxrs = usesJaxRS;
this.usesOIDCAuthenticator = usesOIDCAuthenticator;
this.usesSAMLAuthenticator = usesSAMLAuthenticator;
}
public boolean usesOIDCAuthenticator() {
return usesOIDCAuthenticator;
}
public boolean usesJaxrs() {
return usesJaxrs;
}
public boolean usesSAMLAuthenticator() {
return usesSAMLAuthenticator;
}
public String getApplicationName() {
return applicationName;
}
}

View file

@ -0,0 +1,25 @@
package org.keycloak.testsuite.arquillian.jetty.container;
import org.eclipse.jetty.util.Jetty;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
public enum AppServerVersion {
INSTANCE;
private String appServerVersion;
AppServerVersion() {
Pattern versionExtraction = Pattern.compile("(\\d\\.\\d).*");
Matcher m = versionExtraction.matcher(Jetty.VERSION);
if (!m.find()) {
throw new IllegalStateException("Could not parse Jetty version: " + Jetty.VERSION);
}
appServerVersion = m.group(1).replaceAll("\\.", "");
}
public String getAppServerVersion() {
return appServerVersion;
}
}

View file

@ -0,0 +1,83 @@
/*
* Copyright 2019 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.arquillian.jetty.container;
import org.jboss.shrinkwrap.descriptor.spi.node.Node;
import org.keycloak.testsuite.arquillian.container.AppServerContainerProvider;
import org.keycloak.testsuite.arquillian.jetty.JettyAppServer;
import java.util.ArrayList;
import java.util.List;
public class JettyAppServerProvider implements AppServerContainerProvider {
private Node configuration;
private static final String containerName = "jetty" + AppServerVersion.INSTANCE.getAppServerVersion();
@Override
public String getName() {
return containerName;
}
@Override
public List<Node> getContainers() {
List<Node> containers = new ArrayList<>();
containers.add(standaloneContainer());
//not supported yet
// containers.add(haNodeContainer(1));
// containers.add(haNodeContainer(2));
return containers;
}
private void createChild(String name, String text) {
configuration.createChild("property").attribute("name", name).text(text);
}
private Node standaloneContainer() {
Node container = new Node("container");
container.attribute("mode", "manual");
container.attribute("qualifier", AppServerContainerProvider.APP_SERVER + "-" + containerName);
configuration = container.createChild("configuration");
createChild("enabled", "true");
createChild("bindAddress", "0.0.0.0");
createChild("bindHttpPort", "8280");
createChild("adapterImplClass", JettyAppServer.class.getName());
return container;
}
private Node haNodeContainer(int number) {
Node container = new Node("container");
container.attribute("mode", "manual");
container.attribute("qualifier", AppServerContainerProvider.APP_SERVER + "-" + containerName + "-ha-node-" + number);
configuration = container.createChild("configuration");
createChild("enabled", "true");
createChild("bindAddress", "localhost");
createChild("bindHttpPort", "8280");
createChild("bindHttpPortOffset", Integer.toString(number));
createChild("adapterImplClass", JettyAppServer.class.getName());
return container;
}
}

View file

@ -0,0 +1,68 @@
/*
* Copyright 2019 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.arquillian.jetty.container;
import org.jboss.arquillian.container.test.spi.client.deployment.ApplicationArchiveProcessor;
import org.jboss.arquillian.test.spi.TestClass;
import org.jboss.logging.Logger;
import org.jboss.shrinkwrap.api.Archive;
import org.keycloak.testsuite.utils.annotation.UseServletFilter;
import org.keycloak.testsuite.utils.arquillian.DeploymentArchiveProcessorUtils;
public class JettyDeploymentArchiveProcessor implements ApplicationArchiveProcessor {
private final Logger log = Logger.getLogger(JettyDeploymentArchiveProcessor.class);
@Override
public void process(Archive<?> archive, TestClass testClass) {
if (DeploymentArchiveProcessorUtils.checkRunOnServerDeployment(archive)) return;
if (!System.getProperty("app.server", "jetty").contains("jetty")) return;
modifyWebXML(archive, testClass);
modifyOIDCAdapterConfig(archive, DeploymentArchiveProcessorUtils.ADAPTER_CONFIG_PATH);
modifySAMLAdapterConfig(archive, DeploymentArchiveProcessorUtils.SAML_ADAPTER_CONFIG_PATH);
modifySAMLAdapterConfig(archive, DeploymentArchiveProcessorUtils.SAML_ADAPTER_CONFIG_PATH_TENANT1);
modifySAMLAdapterConfig(archive, DeploymentArchiveProcessorUtils.SAML_ADAPTER_CONFIG_PATH_TENANT2);
modifyOIDCAdapterConfig(archive, DeploymentArchiveProcessorUtils.ADAPTER_CONFIG_PATH_JS);
}
private void modifyWebXML(Archive<?> archive, TestClass testClass) {
if (!archive.contains(DeploymentArchiveProcessorUtils.WEBXML_PATH)) return;
if (!testClass.getJavaClass().isAnnotationPresent(UseServletFilter.class)) return;
log.debug("Modifying WEB.XML in " + archive.getName() + " for Servlet Filter.");
DeploymentArchiveProcessorUtils.modifyWebXMLForServletFilter(archive, testClass);
}
private void modifyOIDCAdapterConfig(Archive<?> archive, String adapterConfigPath) {
if (!archive.contains(adapterConfigPath)) return;
log.debug("Modifying adapter config " + adapterConfigPath + " in " + archive.getName());
DeploymentArchiveProcessorUtils.modifyOIDCAdapterConfig(archive, adapterConfigPath);
}
private void modifySAMLAdapterConfig(Archive<?> archive, String adapterConfigPath) {
if (!archive.contains(adapterConfigPath)) return;
log.debug("Modifying adapter config " + adapterConfigPath + " in " + archive.getName());
DeploymentArchiveProcessorUtils.modifySAMLAdapterConfig(archive, adapterConfigPath);
}
}

View file

@ -0,0 +1,47 @@
/*
* Copyright 2019 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.arquillian.jetty.saml.util;
import javax.ws.rs.ApplicationPath;
import javax.ws.rs.core.Application;
import java.util.Set;
/**
* Wildfly JAX-RS Integration has support for scanning deployment for annotations.
*
* https://github.com/wildfly/wildfly/blob/14.0.1.Final/jaxrs/src/main/java/org/jboss/as/jaxrs/deployment/JaxrsAnnotationProcessor.java
*
* On undertow we have to set Application Class manually:
*
* ResteasyDeployment deployment = new ResteasyDeployment();
* deployment.setApplication(application);
*/
@ApplicationPath("/")
public class RestSamlApplicationConfig extends Application {
private final Set<Class<?>> classes;
public RestSamlApplicationConfig(Set<Class<?>> classes) {
this.classes = classes;
}
@Override
public Set<Class<?>> getClasses() {
return classes;
}
}

View file

@ -0,0 +1 @@
org.keycloak.testsuite.arquillian.jetty.JettyAppServerArquillianExtension

View file

@ -0,0 +1,248 @@
package org.keycloak.testsuite.arquillian.jetty;
import org.eclipse.jetty.deploy.DeploymentManager;
import org.eclipse.jetty.security.Authenticator;
import org.eclipse.jetty.security.SecurityHandler;
import org.jboss.arquillian.container.spi.client.protocol.metadata.HTTPContext;
import org.jboss.arquillian.container.spi.client.protocol.metadata.ProtocolMetaData;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.adapters.jetty.KeycloakJettyAuthenticator;
import org.keycloak.adapters.saml.jetty.KeycloakSamlAuthenticator;
import org.keycloak.testsuite.arquillian.jetty.container.JettyAppServerProvider;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.core.Response;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketAddress;
import java.net.URI;
import java.net.URL;
/**
* This is a basic set of sanity tests for checking Jetty server compatibility.
* If this test suite is green, it is OK to integrate it with the Arquillian testsuite.
*/
public abstract class AbstractJettyAppServerTest {
public static final String TEST_SERVLET_NAME = "TestServlet";
public static final String TEST_SERVLET_URL_MAPPING = "test-servlet";
@Test
public void testServerStartupAndShutdown() throws Exception {
// given
int httpPort = 8081;
int httpsPort = 8082;
JettyAppServerConfiguration configuration = new JettyAppServerConfiguration();
configuration.setBindHttpPort(httpPort);
configuration.setBindHttpsPort(httpsPort);
JettyAppServer server = new JettyAppServer();
server.setup(configuration);
// when
server.start();
boolean wasFreeOnHTTPPortWhenServerStarted = isFree("localhost", httpPort);
boolean wasFreeOnHTTPSPortWhenServerStarted = isFree("localhost", httpsPort);
server.stop();
boolean wasFreeOnHTTPWhenServerStopped = isFree("localhost", httpPort);
boolean wasFreeOnHTTPSWhenServerStopped = isFree("localhost", httpsPort);
// then
Assert.assertFalse(wasFreeOnHTTPPortWhenServerStarted);
Assert.assertTrue(wasFreeOnHTTPWhenServerStopped);
Assert.assertFalse(wasFreeOnHTTPSPortWhenServerStarted);
Assert.assertTrue(wasFreeOnHTTPSWhenServerStopped);
}
@Test
public void testDeployingServletApp() throws Exception {
// given
WebArchive archive = ShrinkWrap.create(WebArchive.class,"archive.war")
.addClasses(ExampleServlet.class);
JettyAppServer server = new JettyAppServer();
Response responseFromTheApp = null;
// when
try {
server.start();
ProtocolMetaData data = server.deploy(archive);
HTTPContext servletContext = data.getContexts(HTTPContext.class).iterator().next();
URI appURI = servletContext.getServletByName(TEST_SERVLET_NAME).getBaseURI().resolve(TEST_SERVLET_URL_MAPPING);
Client client = ClientBuilder.newClient();
responseFromTheApp = client.target(appURI).request().get();
} finally {
server.stop();
}
// assert
Assert.assertNotNull(responseFromTheApp);
Assert.assertEquals(200, responseFromTheApp.getStatus());
}
@Test
public void testDeployingRESTApp() throws Exception {
// given
WebArchive archive = ShrinkWrap.create(WebArchive.class,"archive.war")
.addClasses(ExampleRest.class);
JettyAppServer server = new JettyAppServer();
Response responseFromTheApp = null;
// when
try {
server.start();
ProtocolMetaData data = server.deploy(archive);
HTTPContext servletContext = data.getContexts(HTTPContext.class).iterator().next();
URI appURI = servletContext.getServlets().get(0).getBaseURI();
Client client = ClientBuilder.newClient();
responseFromTheApp = client.target(appURI).request().get();
} finally {
server.stop();
}
// assert
Assert.assertNotNull(responseFromTheApp);
Assert.assertEquals(200, responseFromTheApp.getStatus());
}
@Test
public void testDeployingAndUndeploying() throws Exception {
// given
WebArchive archive = ShrinkWrap.create(WebArchive.class,"archive.war")
.addClasses(ExampleRest.class);
JettyAppServer server = new JettyAppServer();
Response responseFromTheApp = null;
// when
try {
server.start();
ProtocolMetaData data = server.deploy(archive);
HTTPContext servletContext = data.getContexts(HTTPContext.class).iterator().next();
URI appURI = servletContext.getServlets().get(0).getBaseURI();
server.undeploy(archive);
Client client = ClientBuilder.newClient();
responseFromTheApp = client.target(appURI).request().get();
} finally {
server.stop();
}
// assert
Assert.assertNotNull(responseFromTheApp);
Assert.assertEquals(404, responseFromTheApp.getStatus());
}
@Test
public void testDetectingSAML() throws Exception {
// given
URL webXml = AbstractJettyAppServerTest.class.getResource("/web-saml.xml");
WebArchive archive = ShrinkWrap.create(WebArchive.class,"archive.war")
.addAsWebInfResource(webXml, "web.xml");
JettyAppServer server = new JettyAppServer();
// when
Authenticator installedAuthenticator = null;
try {
server.start();
server.deploy(archive);
installedAuthenticator = server.getServer()
.getBean(DeploymentManager.class).getApps().iterator().next()
.getContextHandler().getChildHandlerByClass(SecurityHandler.class).getAuthenticator();
} finally {
server.stop();
}
// assert
Assert.assertTrue(installedAuthenticator instanceof KeycloakSamlAuthenticator);
}
@Test
public void testDetectingOIDC() throws Exception {
// given
URL webXml = AbstractJettyAppServerTest.class.getResource("/web-oidc.xml");
WebArchive archive = ShrinkWrap.create(WebArchive.class,"archive.war")
.addAsWebInfResource(webXml, "web.xml");
JettyAppServer server = new JettyAppServer();
// when
Authenticator installedAuthenticator = null;
try {
server.start();
server.deploy(archive);
installedAuthenticator = server.getServer()
.getBean(DeploymentManager.class).getApps().iterator().next()
.getContextHandler().getChildHandlerByClass(SecurityHandler.class).getAuthenticator();
} finally {
server.stop();
}
// assert
Assert.assertTrue(installedAuthenticator instanceof KeycloakJettyAuthenticator);
}
@Test
public void testJettyVersion() throws Exception {
// given
String versionRegexp = "jetty\\d\\d";
// when
String appServerName = new JettyAppServerProvider().getName();
// assert
Assert.assertTrue(appServerName.matches(versionRegexp));
}
@WebServlet(name = TEST_SERVLET_NAME, urlPatterns = "/" + TEST_SERVLET_URL_MAPPING)
public static class ExampleServlet extends HttpServlet {
@Override
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
resp.getWriter().println("ok");
}
}
@Path("/")
public static class ExampleRest extends HttpServlet {
@GET
public Response doGet() {
return Response.ok().build();
}
}
public static boolean isFree(String hostName, int port) {
SocketAddress socketAddress = new InetSocketAddress(hostName, port);
Socket socket = new Socket();
try {
socket.connect(socketAddress, 2000);
socket.close();
return false;
} catch (Exception exception) {
return true;
}
}
}

View file

@ -0,0 +1,5 @@
log4j.rootLogger=info, stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d{HH:mm:ss,SSS} %-5p %t [%c] %m%n

View file

@ -0,0 +1,12 @@
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>demo</realm-name>
</login-config>
</web-app>

View file

@ -0,0 +1,12 @@
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<login-config>
<auth-method>KEYCLOAK-SAML</auth-method>
<realm-name>demo</realm-name>
</login-config>
</web-app>

View file

@ -0,0 +1,73 @@
<?xml version="1.0"?>
<!--
~ Copyright 2018 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
<?xml version="1.0"?>
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<parent>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-servers-app-server</artifactId>
<version>5.0.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>integration-arquillian-servers-app-server-jetty</artifactId>
<packaging>pom</packaging>
<name>App Server - Jetty Parent</name>
<profiles>
<profile>
<id>app-server-jetty94</id>
<activation>
<property>
<name>app.server</name>
<value>jetty94</value>
</property>
</activation>
<modules>
<module>common</module>
<module>94</module>
</modules>
</profile>
<profile>
<id>app-server-jetty93</id>
<activation>
<property>
<name>app.server</name>
<value>jetty93</value>
</property>
</activation>
<modules>
<module>common</module>
<module>93</module>
</modules>
</profile>
<profile>
<id>app-server-jetty92</id>
<activation>
<property>
<name>app.server</name>
<value>jetty92</value>
</property>
</activation>
<modules>
<module>common</module>
<module>92</module>
</modules>
</profile>
</profiles>
</project>

View file

@ -41,6 +41,7 @@
<module>karaf</module> <module>karaf</module>
<module>tomcat</module> <module>tomcat</module>
<module>undertow</module> <module>undertow</module>
<module>jetty</module>
</modules> </modules>
</project> </project>

View file

@ -134,7 +134,7 @@ public class UndertowAppServer implements DeployableContainer<UndertowAppServerC
if (isJaxrsApp(webArchive)) { if (isJaxrsApp(webArchive)) {
di = new UndertowDeployerHelper().getDeploymentInfo(configuration, webArchive, di = new UndertowDeployerHelper().getDeploymentInfo(configuration, webArchive,
undertow.undertowDeployment(getCustomResteasyDeployment(webArchive))); undertow.undertowDeployment(discoverPathAnnotatedClasses(webArchive)));
} else if (applicationClassNode.isPresent()) { } else if (applicationClassNode.isPresent()) {
String applicationPath = applicationClassNode.get().getPath().get(); String applicationPath = applicationClassNode.get().getPath().get();
@ -237,7 +237,7 @@ public class UndertowAppServer implements DeployableContainer<UndertowAppServerC
} }
} }
private ResteasyDeployment getCustomResteasyDeployment(WebArchive webArchive) { private ResteasyDeployment discoverPathAnnotatedClasses(WebArchive webArchive) {
//take all classes from war and add those with @Path annotation to RestSamlApplicationConfig //take all classes from war and add those with @Path annotation to RestSamlApplicationConfig
Set<Class<?>> classes = webArchive.getContent(archivePath -> Set<Class<?>> classes = webArchive.getContent(archivePath ->
archivePath.get().startsWith("/WEB-INF/classes/") && archivePath.get().startsWith("/WEB-INF/classes/") &&

View file

@ -49,23 +49,15 @@ import org.keycloak.services.filters.KeycloakSessionServletFilter;
import org.keycloak.services.managers.ApplianceBootstrap; import org.keycloak.services.managers.ApplianceBootstrap;
import org.keycloak.services.resources.KeycloakApplication; import org.keycloak.services.resources.KeycloakApplication;
import org.keycloak.testsuite.KeycloakServer; import org.keycloak.testsuite.KeycloakServer;
import org.keycloak.testsuite.utils.tls.TLSUtils;
import org.keycloak.testsuite.utils.undertow.UndertowDeployerHelper; import org.keycloak.testsuite.utils.undertow.UndertowDeployerHelper;
import org.keycloak.testsuite.utils.undertow.UndertowWarClassLoader; import org.keycloak.testsuite.utils.undertow.UndertowWarClassLoader;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.servlet.DispatcherType; import javax.servlet.DispatcherType;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import java.io.IOException; import java.io.IOException;
import java.lang.reflect.Field; import java.lang.reflect.Field;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection; import java.util.Collection;
import java.util.Map; import java.util.Map;
import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentHashMap;

View file

@ -40,7 +40,7 @@ import io.undertow.util.Headers;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import org.keycloak.common.util.reflections.Reflections; import org.keycloak.common.util.reflections.Reflections;
import org.keycloak.services.managers.AuthenticationSessionManager; import org.keycloak.services.managers.AuthenticationSessionManager;
import org.keycloak.testsuite.arquillian.undertow.TLSUtils; import org.keycloak.testsuite.utils.tls.TLSUtils;
import java.util.LinkedHashMap; import java.util.LinkedHashMap;
import java.util.StringTokenizer; import java.util.StringTokenizer;

View file

@ -43,7 +43,7 @@
<fuse61.version>6.1.0.redhat-379</fuse61.version> <fuse61.version>6.1.0.redhat-379</fuse61.version>
<!--<fuse62.version>6.2.0.redhat-133</fuse62.version>--> <!--<fuse62.version>6.2.0.redhat-133</fuse62.version>-->
<fuse62.version>6.2.1.redhat-084</fuse62.version> <fuse62.version>6.2.1.redhat-084</fuse62.version>
<!-- cache server versions --> <!-- cache server versions -->
<!--<infinispan.version>8.2.8.Final</infinispan.version>--><!-- Use same infinspan-server version as our version --> <!--<infinispan.version>8.2.8.Final</infinispan.version>--><!-- Use same infinspan-server version as our version -->
<jdg.version>9.4.6.Final-redhat-00002</jdg.version><!-- JDG 7.3.0 --> <jdg.version>9.4.6.Final-redhat-00002</jdg.version><!-- JDG 7.3.0 -->

View file

@ -413,6 +413,94 @@
</plugins> </plugins>
</build> </build>
</profile> </profile>
<profile>
<id>app-server-jetty94</id>
<activation>
<property>
<name>app.server</name>
<value>jetty94</value>
</property>
</activation>
<properties>
<app.server>jetty94</app.server> <!--in case the profile is called directly-->
<app.server.skip.unpack>true</app.server.skip.unpack>
</properties>
<dependencies>
<dependency>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-servers-app-server-jetty-94</artifactId>
<version>${project.version}</version>
<scope>runtime</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.commonjava.maven.plugins</groupId>
<artifactId>directory-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>app-server-jetty93</id>
<activation>
<property>
<name>app.server</name>
<value>jetty93</value>
</property>
</activation>
<properties>
<app.server>jetty93</app.server> <!--in case the profile is called directly-->
<app.server.skip.unpack>true</app.server.skip.unpack>
</properties>
<dependencies>
<dependency>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-servers-app-server-jetty-93</artifactId>
<version>${project.version}</version>
<scope>runtime</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.commonjava.maven.plugins</groupId>
<artifactId>directory-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>app-server-jetty92</id>
<activation>
<property>
<name>app.server</name>
<value>jetty92</value>
</property>
</activation>
<properties>
<app.server>jetty92</app.server> <!--in case the profile is called directly-->
<app.server.skip.unpack>true</app.server.skip.unpack>
</properties>
<dependencies>
<dependency>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-servers-app-server-jetty-92</artifactId>
<version>${project.version}</version>
<scope>runtime</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.commonjava.maven.plugins</groupId>
<artifactId>directory-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</profile>
<profile> <profile>
<id>app-server-wildfly</id> <id>app-server-wildfly</id>
<activation> <activation>

View file

@ -35,11 +35,7 @@ public class CustomerCookiePortalRoot extends AbstractPageWithInjectedUrl {
@Override @Override
public URL getInjectedUrl() { public URL getInjectedUrl() {
try { return url;
return new URL(url.toString() + "/");
} catch (MalformedURLException e) {
throw new RuntimeException(e);
}
} }
public String logoutURL() { public String logoutURL() {

View file

@ -21,6 +21,8 @@ import org.jboss.arquillian.container.test.api.OperateOnDeployment;
import org.jboss.arquillian.test.api.ArquillianResource; import org.jboss.arquillian.test.api.ArquillianResource;
import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl; import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl;
import javax.ws.rs.core.UriBuilder;
import java.net.URI;
import java.net.URL; import java.net.URL;
/** /**
@ -40,18 +42,18 @@ public class CustomerPortal extends AbstractPageWithInjectedUrl {
return url; return url;
} }
public String logout() { public URI logout() {
return url + "/logout"; return getUriBuilder().clone().path("logout").build();
} }
public String callCustomerDbAudienceRequiredUrl(boolean attachAudienceScope) { public URI callCustomerDbAudienceRequiredUrl(boolean attachAudienceScope) {
String url = this.url + "/call-customer-db-audience-required"; UriBuilder builder = getUriBuilder().clone().path("call-customer-db-audience-required");
if (attachAudienceScope) { if (attachAudienceScope) {
url = url + "?scope=customer-db-audience-required"; builder.queryParam("scope", "customer-db-audience-required");
} }
return url; return builder.build();
} }
} }

View file

@ -37,7 +37,7 @@ public class MultiTenant1Saml extends SAMLServlet {
@Override @Override
public URL getInjectedUrl() { public URL getInjectedUrl() {
try { try {
return new URL(url + "/?realm=tenant1"); return new URL(url + "?realm=tenant1");
} catch (MalformedURLException e) { } catch (MalformedURLException e) {
throw new IllegalStateException(e); throw new IllegalStateException(e);
} }

View file

@ -37,7 +37,7 @@ public class MultiTenant2Saml extends SAMLServlet {
@Override @Override
public URL getInjectedUrl() { public URL getInjectedUrl() {
try { try {
return new URL(url + "/?realm=tenant2"); return new URL(url + "?realm=tenant2");
} catch (MalformedURLException e) { } catch (MalformedURLException e) {
throw new IllegalStateException(e); throw new IllegalStateException(e);
} }

View file

@ -294,7 +294,7 @@ public class PhotozClientAuthzTestApp extends AbstractPageWithInjectedUrl {
@Override @Override
public void navigateTo() { public void navigateTo() {
driver.navigate().to(toString() + "/"); driver.navigate().to(toString());
waitForPageToLoad(); waitForPageToLoad();
} }

View file

@ -35,42 +35,34 @@ import org.keycloak.testsuite.arquillian.annotation.AppServerContainers;
public class AdapterTestExecutionDecider implements TestExecutionDecider { public class AdapterTestExecutionDecider implements TestExecutionDecider {
private final Logger log = Logger.getLogger(AdapterTestExecutionDecider.class); private final Logger log = Logger.getLogger(AdapterTestExecutionDecider.class);
private static final Map<Method, CachedRecord> cache = new HashMap<>();
@Inject private Instance<TestContext> testContextInstance; @Inject private Instance<TestContext> testContextInstance;
@Override @Override
public ExecutionDecision decide(Method method) { public ExecutionDecision decide(Method method) {
ExecutionDecision decision = getFromCache(method);
if (decision != null) {
return decision;
}
TestContext testContext = testContextInstance.get(); TestContext testContext = testContextInstance.get();
if (!testContext.isAdapterTest()) { if (!testContext.isAdapterTest()) {
return execute(method, Boolean.TRUE, null); return ExecutionDecision.execute();
} }
if (testContext.isAdapterContainerEnabled() || testContext.isAdapterContainerEnabledCluster()) { if (testContext.isAdapterContainerEnabled() || testContext.isAdapterContainerEnabledCluster()) {
if (method.isAnnotationPresent(AppServerContainer.class)) { // taking method level annotation first as it has higher priority if (method.isAnnotationPresent(AppServerContainer.class)) { // taking method level annotation first as it has higher priority
if (getCorrespondingAnnotation(method) == null) { //no corresponding annotation - taking class level annotation if (getCorrespondingAnnotation(method) == null) { //no corresponding annotation - taking class level annotation
if (getCorrespondingAnnotation(testContext.getTestClass()).skip()) { if (getCorrespondingAnnotation(testContext.getTestClass()).skip()) {
return execute(method, Boolean.FALSE, "Skipped by @AppServerContainer class level annotation."); return ExecutionDecision.dontExecute("Skipped by @AppServerContainer class level annotation.");
} }
} else if (getCorrespondingAnnotation(method).skip()) { //corresponding annotation } else if (getCorrespondingAnnotation(method).skip()) { //corresponding annotation
return execute(method, Boolean.FALSE, "Skipped by @AppServerContainer method level annotation."); return ExecutionDecision.dontExecute("Skipped by @AppServerContainer method level annotation.");
} }
} else { //taking class level annotation } else { //taking class level annotation
if (getCorrespondingAnnotation(testContext.getTestClass()).skip()) { if (getCorrespondingAnnotation(testContext.getTestClass()).skip()) {
return execute(method, Boolean.FALSE, "Skipped by @AppServerContainer class level annotation."); return ExecutionDecision.dontExecute("Skipped by @AppServerContainer class level annotation.");
} }
} }
// execute otherwise // execute otherwise
return execute(method, Boolean.TRUE, null); return ExecutionDecision.execute();
} else {
return execute(method, Boolean.FALSE, "Not enabled by @AppServerContainer annotations.");
} }
return ExecutionDecision.dontExecute("Not enabled by @AppServerContainer annotations.");
} }
@Override @Override
@ -113,38 +105,4 @@ public class AdapterTestExecutionDecider implements TestExecutionDecider {
.findFirst() .findFirst()
.orElse(null); .orElse(null);
} }
private ExecutionDecision execute(Method method, Boolean execute, String message) {
if (execute) {
cache.put(method, new CachedRecord(Boolean.TRUE, ""));
return ExecutionDecision.execute();
} else {
cache.put(method, new CachedRecord(Boolean.FALSE, message));
log.debug(method.getName() + " " + message);
return ExecutionDecision.dontExecute(message);
}
}
private ExecutionDecision getFromCache(Method method) {
if (cache.containsKey(method)) {
CachedRecord cachedRecord = cache.get(method);
if (cachedRecord.execute) {
return ExecutionDecision.execute(cachedRecord.message);
} else {
return ExecutionDecision.dontExecute(cachedRecord.message);
}
}
return null;
}
private class CachedRecord {
private final Boolean execute;
private final String message;
public CachedRecord(Boolean execute, String message) {
this.execute = execute;
this.message = message;
}
}
} }

View file

@ -16,44 +16,40 @@
*/ */
package org.keycloak.testsuite.arquillian; package org.keycloak.testsuite.arquillian;
import java.io.File;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.io.FileUtils; import org.apache.commons.io.FileUtils;
import static org.hamcrest.Matchers.lessThan; import org.jboss.arquillian.container.spi.event.StopContainer;
import org.jboss.arquillian.container.spi.event.StopSuiteContainers;
import org.jboss.arquillian.container.test.api.ContainerController; import org.jboss.arquillian.container.test.api.ContainerController;
import org.jboss.arquillian.core.api.Event;
import org.jboss.arquillian.core.api.Instance; import org.jboss.arquillian.core.api.Instance;
import org.jboss.arquillian.core.spi.Validate;
import org.jboss.arquillian.core.api.annotation.Inject; import org.jboss.arquillian.core.api.annotation.Inject;
import org.jboss.arquillian.core.api.annotation.Observes; import org.jboss.arquillian.core.api.annotation.Observes;
import org.jboss.arquillian.core.spi.Validate;
import org.jboss.arquillian.test.spi.event.suite.After; import org.jboss.arquillian.test.spi.event.suite.After;
import org.jboss.arquillian.test.spi.event.suite.AfterSuite;
import org.jboss.arquillian.test.spi.event.suite.Before; import org.jboss.arquillian.test.spi.event.suite.Before;
import org.jboss.arquillian.test.spi.event.suite.BeforeClass;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import static org.junit.Assert.assertThat;
import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.Keycloak;
import org.keycloak.models.Constants; import org.keycloak.models.Constants;
import org.keycloak.testsuite.arquillian.annotation.InitialDcState; import org.keycloak.testsuite.arquillian.annotation.InitialDcState;
import org.keycloak.testsuite.arquillian.undertow.TLSUtils;
import org.keycloak.testsuite.auth.page.AuthRealm; import org.keycloak.testsuite.auth.page.AuthRealm;
import org.keycloak.testsuite.client.KeycloakTestingClient; import org.keycloak.testsuite.client.KeycloakTestingClient;
import org.keycloak.testsuite.crossdc.DC; import org.keycloak.testsuite.crossdc.DC;
import org.keycloak.testsuite.crossdc.ServerSetup; import org.keycloak.testsuite.crossdc.ServerSetup;
import org.keycloak.testsuite.utils.tls.TLSUtils;
import java.io.File;
import java.io.IOException;
import java.util.Collection; import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.function.Consumer; import java.util.function.Consumer;
import java.util.stream.Stream; import java.util.stream.Stream;
import org.jboss.arquillian.container.spi.Container;
import org.jboss.arquillian.container.spi.event.StopContainer; import static org.hamcrest.Matchers.lessThan;
import org.jboss.arquillian.container.spi.event.StopSuiteContainers; import static org.junit.Assert.assertThat;
import org.jboss.arquillian.core.api.Event;
import org.jboss.arquillian.test.spi.event.suite.AfterSuite;
import org.wildfly.extras.creaper.core.ManagementClient;
import org.wildfly.extras.creaper.core.online.OnlineManagementClient;
import org.wildfly.extras.creaper.core.online.OnlineOptions;
/** /**
* *

View file

@ -38,4 +38,8 @@ public interface ContainerConstants {
public static final String APP_SERVER_FUSE63 = APP_SERVER_PREFIX + "fuse63"; public static final String APP_SERVER_FUSE63 = APP_SERVER_PREFIX + "fuse63";
public static final String APP_SERVER_FUSE7X = APP_SERVER_PREFIX + "fuse7x"; public static final String APP_SERVER_FUSE7X = APP_SERVER_PREFIX + "fuse7x";
public static final String APP_SERVER_JETTY94 = APP_SERVER_PREFIX + "jetty94";
public static final String APP_SERVER_JETTY93 = APP_SERVER_PREFIX + "jetty93";
public static final String APP_SERVER_JETTY92 = APP_SERVER_PREFIX + "jetty92";
} }

View file

@ -38,6 +38,7 @@ import java.util.HashSet;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
import org.keycloak.testsuite.arquillian.ContainerInfo; import org.keycloak.testsuite.arquillian.ContainerInfo;
import org.keycloak.testsuite.util.URLUtils;
public class URLProvider extends URLResourceProvider { public class URLProvider extends URLResourceProvider {
@ -82,7 +83,6 @@ public class URLProvider extends URLResourceProvider {
try { try {
url = fixLocalhost(url); url = fixLocalhost(url);
url = fixBoundToAll(url); url = fixBoundToAll(url);
url = removeTrailingSlash(url);
if (appServerSslRequired) { if (appServerSslRequired) {
url = fixSsl(url); url = fixSsl(url);
} }
@ -153,13 +153,4 @@ public class URLProvider extends URLResourceProvider {
return new URL(urlString); return new URL(urlString);
} }
public URL removeTrailingSlash(URL url) throws MalformedURLException {
URL urlWithoutSlash = url;
String urlS = url.toExternalForm();
if (urlS.endsWith("/")) {
urlWithoutSlash = new URL(urlS.substring(0, urlS.length() - 1));
}
return urlWithoutSlash;
}
} }

View file

@ -8,10 +8,12 @@ import org.openqa.selenium.ie.InternetExplorerDriver;
import org.openqa.selenium.support.ui.ExpectedCondition; import org.openqa.selenium.support.ui.ExpectedCondition;
import org.openqa.selenium.support.ui.WebDriverWait; import org.openqa.selenium.support.ui.WebDriverWait;
import java.net.URI;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
import java.util.regex.Pattern; import java.util.regex.Pattern;
import static org.junit.Assert.assertEquals;
import static org.keycloak.testsuite.util.DroneUtils.getCurrentDriver; import static org.keycloak.testsuite.util.DroneUtils.getCurrentDriver;
import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad; import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
import static org.openqa.selenium.support.ui.ExpectedConditions.not; import static org.openqa.selenium.support.ui.ExpectedConditions.not;

View file

@ -206,6 +206,7 @@ public class ClientInitiatedAccountLinkTest extends AbstractServletsAdapterTest
@Test @Test
public void testErrorConditions() throws Exception { public void testErrorConditions() throws Exception {
String helloUrl = appPage.getUriBuilder().clone().path("hello").build().toASCIIString();
RealmResource realm = adminClient.realms().realm(CHILD_IDP); RealmResource realm = adminClient.realms().realm(CHILD_IDP);
List<FederatedIdentityRepresentation> links = realm.users().get(childUserId).getFederatedIdentity(); List<FederatedIdentityRepresentation> links = realm.users().get(childUserId).getFederatedIdentity();
@ -239,10 +240,11 @@ public class ClientInitiatedAccountLinkTest extends AbstractServletsAdapterTest
// now log in // now log in
navigateTo( appPage.getInjectedUrl() + "/hello");
navigateTo(helloUrl);
Assert.assertTrue(loginPage.isCurrent(CHILD_IDP)); Assert.assertTrue(loginPage.isCurrent(CHILD_IDP));
loginPage.login("child", "password"); loginPage.login("child", "password");
Assert.assertTrue(driver.getCurrentUrl().startsWith(appPage.getInjectedUrl() + "/hello")); Assert.assertTrue(driver.getCurrentUrl().startsWith(helloUrl));
Assert.assertTrue(driver.getPageSource().contains("Unknown request:")); Assert.assertTrue(driver.getPageSource().contains("Unknown request:"));
// now test CSRF with bad hash. // now test CSRF with bad hash.
@ -268,10 +270,10 @@ public class ClientInitiatedAccountLinkTest extends AbstractServletsAdapterTest
roles.add(userRole); roles.add(userRole);
clientResource.getScopeMappings().realmLevel().add(roles); clientResource.getScopeMappings().realmLevel().add(roles);
navigateTo( appPage.getInjectedUrl() + "/hello"); navigateTo(helloUrl);
Assert.assertTrue(loginPage.isCurrent(CHILD_IDP)); Assert.assertTrue(loginPage.isCurrent(CHILD_IDP));
loginPage.login("child", "password"); loginPage.login("child", "password");
Assert.assertTrue(driver.getCurrentUrl().startsWith(appPage.getInjectedUrl() + "/hello")); Assert.assertTrue(driver.getCurrentUrl().startsWith(helloUrl));
Assert.assertTrue(driver.getPageSource().contains("Unknown request:")); Assert.assertTrue(driver.getPageSource().contains("Unknown request:"));
@ -375,12 +377,6 @@ public class ClientInitiatedAccountLinkTest extends AbstractServletsAdapterTest
Assert.assertTrue(links.isEmpty()); Assert.assertTrue(links.isEmpty());
logoutAll(); logoutAll();
} }
@Test @Test

View file

@ -16,44 +16,20 @@
*/ */
package org.keycloak.testsuite.adapter.servlet; package org.keycloak.testsuite.adapter.servlet;
import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.core.UriBuilder;
import org.apache.commons.io.FileUtils; import org.apache.commons.io.FileUtils;
import org.apache.http.client.utils.URLEncodedUtils; import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.conn.params.ConnManagerParams;
import org.jboss.arquillian.container.test.api.Deployment; import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.drone.api.annotation.Drone; import org.jboss.arquillian.drone.api.annotation.Drone;
import org.jboss.arquillian.graphene.page.Page; import org.jboss.arquillian.graphene.page.Page;
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder; import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.spec.WebArchive; import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.Assert; import org.junit.Assert;
import org.junit.Before; import org.junit.Before;
import org.junit.Rule; import org.junit.Rule;
import org.junit.Test; import org.junit.Test;
import org.keycloak.OAuth2Constants; import org.keycloak.OAuth2Constants;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.adapters.OIDCAuthenticationError; import org.keycloak.adapters.OIDCAuthenticationError;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.common.util.Time; import org.keycloak.common.util.Time;
import org.keycloak.constants.AdapterConstants; import org.keycloak.constants.AdapterConstants;
import org.keycloak.events.Details; import org.keycloak.events.Details;
@ -96,6 +72,7 @@ import org.keycloak.testsuite.auth.page.login.OAuthGrant;
import org.keycloak.testsuite.auth.page.login.OIDCLogin; import org.keycloak.testsuite.auth.page.login.OIDCLogin;
import org.keycloak.testsuite.console.page.events.Config; import org.keycloak.testsuite.console.page.events.Config;
import org.keycloak.testsuite.console.page.events.LoginEvents; import org.keycloak.testsuite.console.page.events.LoginEvents;
import org.keycloak.testsuite.util.FollowRedirectsEngine;
import org.keycloak.testsuite.util.JavascriptBrowser; import org.keycloak.testsuite.util.JavascriptBrowser;
import org.keycloak.testsuite.util.Matchers; import org.keycloak.testsuite.util.Matchers;
import org.keycloak.testsuite.util.URLUtils; import org.keycloak.testsuite.util.URLUtils;
@ -105,6 +82,27 @@ import org.openqa.selenium.By;
import org.openqa.selenium.Cookie; import org.openqa.selenium.Cookie;
import org.openqa.selenium.WebDriver; import org.openqa.selenium.WebDriver;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.core.UriBuilder;
import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import static org.hamcrest.Matchers.allOf; import static org.hamcrest.Matchers.allOf;
import static org.hamcrest.Matchers.anyOf; import static org.hamcrest.Matchers.anyOf;
import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.containsString;
@ -198,7 +196,7 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
protected static WebArchive customerCookiePortal() { protected static WebArchive customerCookiePortal() {
return servletDeployment(CustomerCookiePortal.DEPLOYMENT_NAME, AdapterActionsFilter.class, CustomerServlet.class, ErrorServlet.class, ServletTestUtils.class); return servletDeployment(CustomerCookiePortal.DEPLOYMENT_NAME, AdapterActionsFilter.class, CustomerServlet.class, ErrorServlet.class, ServletTestUtils.class);
} }
@Deployment(name = CustomerPortalNoConf.DEPLOYMENT_NAME) @Deployment(name = CustomerPortalNoConf.DEPLOYMENT_NAME)
protected static WebArchive customerPortalNoConf() { protected static WebArchive customerPortalNoConf() {
return servletDeployment(CustomerPortalNoConf.DEPLOYMENT_NAME, CustomerServletNoConf.class, ErrorServlet.class); return servletDeployment(CustomerPortalNoConf.DEPLOYMENT_NAME, CustomerServletNoConf.class, ErrorServlet.class);
@ -238,7 +236,7 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
protected static WebArchive productPortal() { protected static WebArchive productPortal() {
return servletDeployment(ProductPortal.DEPLOYMENT_NAME, ProductServlet.class); return servletDeployment(ProductPortal.DEPLOYMENT_NAME, ProductServlet.class);
} }
@Deployment(name = ProductPortalAutodetectBearerOnly.DEPLOYMENT_NAME) @Deployment(name = ProductPortalAutodetectBearerOnly.DEPLOYMENT_NAME)
protected static WebArchive productPortalAutodetectBearerOnly() { protected static WebArchive productPortalAutodetectBearerOnly() {
return servletDeployment(ProductPortalAutodetectBearerOnly.DEPLOYMENT_NAME, ProductServlet.class); return servletDeployment(ProductPortalAutodetectBearerOnly.DEPLOYMENT_NAME, ProductServlet.class);
@ -248,7 +246,7 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
protected static WebArchive inputPortal() { protected static WebArchive inputPortal() {
return servletDeployment(InputPortal.DEPLOYMENT_NAME, "keycloak.json", InputServlet.class, ServletTestUtils.class); return servletDeployment(InputPortal.DEPLOYMENT_NAME, "keycloak.json", InputServlet.class, ServletTestUtils.class);
} }
@Deployment(name = InputPortalNoAccessToken.DEPLOYMENT_NAME) @Deployment(name = InputPortalNoAccessToken.DEPLOYMENT_NAME)
protected static WebArchive inputPortalNoAccessToken() { protected static WebArchive inputPortalNoAccessToken() {
return servletDeployment(InputPortalNoAccessToken.DEPLOYMENT_NAME, "keycloak.json", InputServlet.class, ServletTestUtils.class); return servletDeployment(InputPortalNoAccessToken.DEPLOYMENT_NAME, "keycloak.json", InputServlet.class, ServletTestUtils.class);
@ -343,7 +341,7 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
assertCurrentUrlEquals(customerPortal); assertCurrentUrlEquals(customerPortal);
assertLogged(); assertLogged();
driver.navigate().to(customerPortal.logout()); driver.navigate().to(customerPortal.logout().toASCIIString());
WaitUtils.waitUntilElement(By.id("customer_portal_logout")).is().present(); WaitUtils.waitUntilElement(By.id("customer_portal_logout")).is().present();
customerPortal.navigateTo(); customerPortal.navigateTo();
assertCurrentUrlStartsWithLoginUrlOf(testRealmPage); assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
@ -427,7 +425,7 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
assertCurrentUrlStartsWithLoginUrlOf(testRealmPage); assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
testRealmLoginPage.form().login("bburke@redhat.com", "password"); testRealmLoginPage.form().login("bburke@redhat.com", "password");
assertCurrentUrlEquals(inputPortal + "/secured/post"); assertCurrentUrlEquals(inputPortal.getUriBuilder().clone().path("secured").path("post").build());
waitForPageToLoad(); waitForPageToLoad();
assertPageContains("parameter=hello"); assertPageContains("parameter=hello");
@ -585,7 +583,7 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
@Test @Test
public void testLoginSSOMax() throws InterruptedException { public void testLoginSSOMax() throws InterruptedException {
// Delete cookies // Delete cookies
driver.navigate().to(customerPortal + "/error.html"); driver.navigate().to(customerPortal.getUriBuilder().clone().path("error.html").build().toASCIIString());
driver.manage().deleteAllCookies(); driver.manage().deleteAllCookies();
// test login to customer-portal which does a bearer request to customer-db // test login to customer-portal which does a bearer request to customer-db
@ -613,7 +611,7 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
//KEYCLOAK-518 //KEYCLOAK-518
@Test @Test
public void testNullBearerToken() { public void testNullBearerToken() {
Client client = ClientBuilder.newClient(); Client client = new ResteasyClientBuilder().httpEngine(new FollowRedirectsEngine()).build();
WebTarget target = client.target(customerDb.toString()); WebTarget target = client.target(customerDb.toString());
Response response = target.request().get(); Response response = target.request().get();
assertEquals(401, response.getStatus()); assertEquals(401, response.getStatus());
@ -627,7 +625,7 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
//KEYCLOAK-1368 //KEYCLOAK-1368
@Test @Test
public void testNullBearerTokenCustomErrorPage() { public void testNullBearerTokenCustomErrorPage() {
Client client = ClientBuilder.newClient(); Client client = new ResteasyClientBuilder().httpEngine(new FollowRedirectsEngine()).build();
WebTarget target = client.target(customerDbErrorPage.toString()); WebTarget target = client.target(customerDbErrorPage.toString());
Response response = target.request().get(); Response response = target.request().get();
@ -855,7 +853,7 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
@Test @Test
public void testVerifyTokenAudience() { public void testVerifyTokenAudience() throws Exception {
// Generate audience client scope // Generate audience client scope
String clientScopeId = testingClient.testing().generateAudienceClientScope("demo", "customer-db-audience-required"); String clientScopeId = testingClient.testing().generateAudienceClientScope("demo", "customer-db-audience-required");
@ -863,7 +861,7 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
client.addOptionalClientScope(clientScopeId); client.addOptionalClientScope(clientScopeId);
// Login without audience scope. Invoke service should end with failure // Login without audience scope. Invoke service should end with failure
driver.navigate().to(customerPortal.callCustomerDbAudienceRequiredUrl(false)); driver.navigate().to(customerPortal.callCustomerDbAudienceRequiredUrl(false).toURL());
assertTrue(testRealmLoginPage.form().isUsernamePresent()); assertTrue(testRealmLoginPage.form().isUsernamePresent());
assertCurrentUrlStartsWithLoginUrlOf(testRealmPage); assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
testRealmLoginPage.form().login("bburke@redhat.com", "password"); testRealmLoginPage.form().login("bburke@redhat.com", "password");
@ -874,11 +872,11 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
Assert.assertFalse(pageSource.contains("Stian Thorgersen")); Assert.assertFalse(pageSource.contains("Stian Thorgersen"));
// Logout TODO: will be good to not request logout to force adapter to use additional scope (and other request parameters) // Logout TODO: will be good to not request logout to force adapter to use additional scope (and other request parameters)
driver.navigate().to(customerPortal.logout()); driver.navigate().to(customerPortal.logout().toURL());
waitForPageToLoad(); waitForPageToLoad();
// Login with requested audience // Login with requested audience
driver.navigate().to(customerPortal.callCustomerDbAudienceRequiredUrl(true)); driver.navigate().to(customerPortal.callCustomerDbAudienceRequiredUrl(true).toURL());
assertTrue(testRealmLoginPage.form().isUsernamePresent()); assertTrue(testRealmLoginPage.form().isUsernamePresent());
assertCurrentUrlStartsWithLoginUrlOf(testRealmPage); assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
testRealmLoginPage.form().login("bburke@redhat.com", "password"); testRealmLoginPage.form().login("bburke@redhat.com", "password");
@ -955,7 +953,9 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
.user(userId) .user(userId)
.detail(Details.USERNAME, "bburke@redhat.com") .detail(Details.USERNAME, "bburke@redhat.com")
.detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED) .detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
.detail(Details.REDIRECT_URI, customerPortal.getInjectedUrl().toString()) .detail(Details.REDIRECT_URI,
org.hamcrest.Matchers.anyOf(org.hamcrest.Matchers.equalTo(customerPortal.getInjectedUrl().toString()),
org.hamcrest.Matchers.equalTo(customerPortal.getInjectedUrl().toString() + "/")))
.removeDetail(Details.CODE_ID) .removeDetail(Details.CODE_ID)
.assertEvent(); .assertEvent();
@ -1012,7 +1012,9 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
.user(userId) .user(userId)
.detail(Details.USERNAME, "bburke@redhat.com") .detail(Details.USERNAME, "bburke@redhat.com")
.detail(Details.CONSENT, Details.CONSENT_VALUE_NO_CONSENT_REQUIRED) .detail(Details.CONSENT, Details.CONSENT_VALUE_NO_CONSENT_REQUIRED)
.detail(Details.REDIRECT_URI, customerPortal.getInjectedUrl().toString()) .detail(Details.REDIRECT_URI,
org.hamcrest.Matchers.anyOf(org.hamcrest.Matchers.equalTo(customerPortal.getInjectedUrl().toString()),
org.hamcrest.Matchers.equalTo(customerPortal.getInjectedUrl().toString() + "/")))
.removeDetail(Details.CODE_ID) .removeDetail(Details.CODE_ID)
.assertEvent(); .assertEvent();
@ -1032,7 +1034,9 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
.realm(realm.getId()) .realm(realm.getId())
.user(userId) .user(userId)
.session(AssertEvents.isUUID()) .session(AssertEvents.isUUID())
.detail(Details.REDIRECT_URI, customerPortal.getInjectedUrl().toString()) .detail(Details.REDIRECT_URI,
org.hamcrest.Matchers.anyOf(org.hamcrest.Matchers.equalTo(customerPortal.getInjectedUrl().toString()),
org.hamcrest.Matchers.equalTo(customerPortal.getInjectedUrl().toString() + "/")))
.assertEvent(); .assertEvent();
assertEvents.assertEmpty(); assertEvents.assertEmpty();
@ -1109,7 +1113,7 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
// Do not redirect client to login page if it's an XHR // Do not redirect client to login page if it's an XHR
System.out.println(productPortalAutodetectBearerOnly.getInjectedUrl().toString()); System.out.println(productPortalAutodetectBearerOnly.getInjectedUrl().toString());
WebTarget target = client.target(productPortalAutodetectBearerOnly.getInjectedUrl().toString()); WebTarget target = client.target(productPortalAutodetectBearerOnly.getInjectedUrl().toString() + "/");
Response response = target.request().header("X-Requested-With", "XMLHttpRequest").get(); Response response = target.request().header("X-Requested-With", "XMLHttpRequest").get();
Assert.assertEquals(401, response.getStatus()); Assert.assertEquals(401, response.getStatus());
response.close(); response.close();
@ -1158,7 +1162,7 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
@Test @Test
public void testBasicAuthErrorHandling() { public void testBasicAuthErrorHandling() {
int numberOfConnections = 10; int numberOfConnections = 10;
Client client = new ResteasyClientBuilder().connectionPoolSize(numberOfConnections).build(); Client client = new ResteasyClientBuilder().connectionPoolSize(numberOfConnections).httpEngine(new FollowRedirectsEngine()).build();
WebTarget target = client.target(customerDb.getInjectedUrl().toString()); WebTarget target = client.target(customerDb.getInjectedUrl().toString());
Response response = target.request().get(); Response response = target.request().get();
Assert.assertEquals(401, response.getStatus()); Assert.assertEquals(401, response.getStatus());
@ -1178,7 +1182,7 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
// KEYCLOAK-1733 // KEYCLOAK-1733
@Test @Test
public void testNullQueryParameterAccessToken() { public void testNullQueryParameterAccessToken() {
Client client = ClientBuilder.newClient(); Client client = new ResteasyClientBuilder().httpEngine(new FollowRedirectsEngine()).build();
WebTarget target = client.target(customerDb.getInjectedUrl().toString()); WebTarget target = client.target(customerDb.getInjectedUrl().toString());
Response response = target.request().get(); Response response = target.request().get();
@ -1197,7 +1201,7 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
@Test @Test
public void testRestCallWithAccessTokenAsQueryParameter() { public void testRestCallWithAccessTokenAsQueryParameter() {
Client client = ClientBuilder.newClient(); Client client = new ResteasyClientBuilder().httpEngine(new FollowRedirectsEngine()).build();
try { try {
WebTarget webTarget = client.target(testRealmPage.toString() + "/protocol/openid-connect/token"); WebTarget webTarget = client.target(testRealmPage.toString() + "/protocol/openid-connect/token");
@ -1229,14 +1233,15 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
//KEYCLOAK-4765 //KEYCLOAK-4765
@Test @Test
public void testCallURLWithAccessToken() { public void testCallURLWithAccessToken() throws Exception {
// test login to customer-portal which does a bearer request to customer-db // test login to customer-portal which does a bearer request to customer-db
String applicationURL = inputPortalNoAccessToken.getInjectedUrl().toString() + "?access_token=invalid_token"; URI applicationURL = inputPortalNoAccessToken.getUriBuilder().clone()
driver.navigate().to(applicationURL); .queryParam("access_token", "invalid_token")
System.out.println("Current url: " + driver.getCurrentUrl()); .build();
Assert.assertEquals(applicationURL, driver.getCurrentUrl()); driver.navigate().to(applicationURL.toURL());
System.out.println(driver.getPageSource());
assertEquals(applicationURL.toASCIIString(), driver.getCurrentUrl());
inputPortalNoAccessToken.execute("hello"); inputPortalNoAccessToken.execute("hello");
assertCurrentUrlStartsWithLoginUrlOf(testRealmPage); assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
} }
@ -1353,7 +1358,9 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
.user(userId) .user(userId)
.detail(Details.USERNAME, "bburke@redhat.com") .detail(Details.USERNAME, "bburke@redhat.com")
.detail(Details.CONSENT, Details.CONSENT_VALUE_NO_CONSENT_REQUIRED) .detail(Details.CONSENT, Details.CONSENT_VALUE_NO_CONSENT_REQUIRED)
.detail(Details.REDIRECT_URI, clientSecretJwtSecurePortal.getInjectedUrl().toString()) .detail(Details.REDIRECT_URI,
org.hamcrest.Matchers.anyOf(org.hamcrest.Matchers.equalTo(clientSecretJwtSecurePortal.getInjectedUrl().toString()),
org.hamcrest.Matchers.equalTo(clientSecretJwtSecurePortal.getInjectedUrl().toString() + "/")))
.removeDetail(Details.CODE_ID) .removeDetail(Details.CODE_ID)
.assertEvent(); .assertEvent();
@ -1385,7 +1392,9 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
.user(userId) .user(userId)
.detail(Details.USERNAME, "bburke@redhat.com") .detail(Details.USERNAME, "bburke@redhat.com")
.detail(Details.CONSENT, Details.CONSENT_VALUE_NO_CONSENT_REQUIRED) .detail(Details.CONSENT, Details.CONSENT_VALUE_NO_CONSENT_REQUIRED)
.detail(Details.REDIRECT_URI, clientSecretJwtSecurePortal.getInjectedUrl().toString()) .detail(Details.REDIRECT_URI,
org.hamcrest.Matchers.anyOf(org.hamcrest.Matchers.equalTo(clientSecretJwtSecurePortal.getInjectedUrl().toString()),
org.hamcrest.Matchers.equalTo(clientSecretJwtSecurePortal.getInjectedUrl().toString() + "/")))
.removeDetail(Details.CODE_ID) .removeDetail(Details.CODE_ID)
.assertEvent(); .assertEvent();

View file

@ -236,6 +236,10 @@ public class OIDCPublicKeyRotationAdapterTest extends AbstractServletsAdapterTes
@Test @Test
public void testPublicKeyCacheInvalidatedWhenPushedNotBefore() { public void testPublicKeyCacheInvalidatedWhenPushedNotBefore() {
driver.manage().timeouts().pageLoadTimeout(1000, TimeUnit.SECONDS); driver.manage().timeouts().pageLoadTimeout(1000, TimeUnit.SECONDS);
String customerDBUnsecuredUrl = customerDb.getUriBuilder().clone().path("unsecured").path("foo").build().toASCIIString();
String customerDBUrlNoTrailSlash = customerDb.getUriBuilder().build().toASCIIString();
customerDBUrlNoTrailSlash = customerDBUrlNoTrailSlash.substring(0, customerDBUrlNoTrailSlash.length() - 1);
String tokenMinTTLUnsecuredUrl = tokenMinTTLPage.getUriBuilder().clone().path("unsecured").path("foo").build().toASCIIString();
// increase accessTokenLifespan to 1200 // increase accessTokenLifespan to 1200
RealmRepresentation demoRealm = adminClient.realm(DEMO).toRepresentation(); RealmRepresentation demoRealm = adminClient.realm(DEMO).toRepresentation();
@ -259,21 +263,21 @@ public class OIDCPublicKeyRotationAdapterTest extends AbstractServletsAdapterTes
adminClient.realm(DEMO).components().component(oldActiveKeyProviderId).remove(); adminClient.realm(DEMO).components().component(oldActiveKeyProviderId).remove();
// Set some offset to ensure pushing notBefore will pass // Set some offset to ensure pushing notBefore will pass
setAdapterAndServerTimeOffset(130, customerDb.toString() + "/unsecured/foo", tokenMinTTLPage.toString() + "/unsecured/foo"); setAdapterAndServerTimeOffset(130, customerDBUnsecuredUrl, tokenMinTTLUnsecuredUrl);
// Send notBefore policy from the realm // Send notBefore policy from the realm
demoRealm.setNotBefore(Time.currentTime() - 1); demoRealm.setNotBefore(Time.currentTime() - 1);
adminClient.realm(DEMO).update(demoRealm); adminClient.realm(DEMO).update(demoRealm);
GlobalRequestResult result = adminClient.realm(DEMO).pushRevocation(); GlobalRequestResult result = adminClient.realm(DEMO).pushRevocation();
Assert.assertTrue(result.getSuccessRequests().contains(customerDb.toString())); Assert.assertTrue(result.getSuccessRequests().contains(customerDBUrlNoTrailSlash));
// Send REST request. New request to the publicKey cache should be sent, and key is no longer returned as token contains the old kid // Send REST request. New request to the publicKey cache should be sent, and key is no longer returned as token contains the old kid
status = invokeRESTEndpoint(accessTokenString); status = invokeRESTEndpoint(accessTokenString);
Assert.assertEquals(401, status); Assert.assertEquals(401, status);
// Revert public keys change and time offset // Revert public keys change and time offset
resetKeycloakDeploymentForAdapter(customerDb.toString() + "/unsecured/foo"); resetKeycloakDeploymentForAdapter(customerDBUnsecuredUrl);
resetKeycloakDeploymentForAdapter(tokenMinTTLPage.toString() + "/unsecured/foo"); resetKeycloakDeploymentForAdapter(tokenMinTTLUnsecuredUrl);
} }

View file

@ -1070,7 +1070,7 @@ public class SAMLServletAdapterTest extends AbstractServletsAdapterTest {
assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage); assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage);
testRealmLoginPage.form().login("bburke@redhat.com", "password"); testRealmLoginPage.form().login("bburke@redhat.com", "password");
Assert.assertEquals(driver.getCurrentUrl(), inputPortalPage + "/secured/post"); Assert.assertThat(URI.create(driver.getCurrentUrl()).getPath(), endsWith("secured/post"));
waitUntilElement(By.xpath("//body")).text().contains("parameter=hello"); waitUntilElement(By.xpath("//body")).text().contains("parameter=hello");
// test that user principal and KeycloakSecurityContext available // test that user principal and KeycloakSecurityContext available
@ -1101,7 +1101,7 @@ public class SAMLServletAdapterTest extends AbstractServletsAdapterTest {
samlidpInitiatedLoginPage.form().login(bburkeUser); samlidpInitiatedLoginPage.form().login(bburkeUser);
assertCurrentUrlStartsWith(salesPost2ServletPage); assertCurrentUrlStartsWith(salesPost2ServletPage);
Assert.assertThat(driver.getCurrentUrl(), endsWith("/foo")); Assert.assertThat(URI.create(driver.getCurrentUrl()).getPath(), endsWith("foo"));
waitUntilElement(By.xpath("//body")).text().contains("principal=bburke"); waitUntilElement(By.xpath("//body")).text().contains("principal=bburke");
salesPost2ServletPage.logout(); salesPost2ServletPage.logout();
checkLoggedOut(salesPost2ServletPage, testRealmSAMLPostLoginPage); checkLoggedOut(salesPost2ServletPage, testRealmSAMLPostLoginPage);
@ -1119,7 +1119,7 @@ public class SAMLServletAdapterTest extends AbstractServletsAdapterTest {
testRealmSAMLPostLoginPage.form().login("bburke", "password"); testRealmSAMLPostLoginPage.form().login("bburke", "password");
waitUntilElement(By.xpath("//body")).text().contains("Error info: SamlAuthenticationError [reason=INVALID_SIGNATURE"); waitUntilElement(By.xpath("//body")).text().contains("Error info: SamlAuthenticationError [reason=INVALID_SIGNATURE");
Assert.assertEquals(driver.getCurrentUrl(), badAssertionSalesPostSigPage + "/saml"); Assert.assertEquals(driver.getCurrentUrl(), badAssertionSalesPostSigPage.getUriBuilder().clone().path("saml").build().toASCIIString());
} }
@Test @Test
@ -1129,7 +1129,7 @@ public class SAMLServletAdapterTest extends AbstractServletsAdapterTest {
testRealmSAMLPostLoginPage.form().login("bburke", "password"); testRealmSAMLPostLoginPage.form().login("bburke", "password");
waitUntilElement(By.xpath("//body")).text().contains("Error info: SamlAuthenticationError [reason=INVALID_SIGNATURE"); waitUntilElement(By.xpath("//body")).text().contains("Error info: SamlAuthenticationError [reason=INVALID_SIGNATURE");
Assert.assertEquals(driver.getCurrentUrl(), missingAssertionSigPage + "/saml"); Assert.assertEquals(driver.getCurrentUrl(), missingAssertionSigPage.getUriBuilder().clone().path("saml").build().toASCIIString());
} }
@Test @Test
@ -1218,7 +1218,7 @@ public class SAMLServletAdapterTest extends AbstractServletsAdapterTest {
assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage); assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage);
testRealmSAMLPostLoginPage.form().login("bburke", "password"); testRealmSAMLPostLoginPage.form().login("bburke", "password");
driver.navigate().to(employee2ServletPage.toString() + "/getAttributes"); driver.navigate().to(employee2ServletPage.getUriBuilder().clone().path("getAttributes").build().toURL());
waitForPageToLoad(); waitForPageToLoad();
String body = driver.findElement(By.xpath("//body")).getText(); String body = driver.findElement(By.xpath("//body")).getText();
@ -1270,7 +1270,7 @@ public class SAMLServletAdapterTest extends AbstractServletsAdapterTest {
assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage); assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage);
testRealmSAMLPostLoginPage.form().login("bburke", "password"); testRealmSAMLPostLoginPage.form().login("bburke", "password");
driver.navigate().to(employee2ServletPage.toString() + "/getAttributes"); driver.navigate().to(employee2ServletPage.getUriBuilder().clone().path("getAttributes").build().toURL());
waitForPageToLoad(); waitForPageToLoad();
String body = driver.findElement(By.xpath("//body")).getText(); String body = driver.findElement(By.xpath("//body")).getText();
@ -1324,7 +1324,7 @@ public class SAMLServletAdapterTest extends AbstractServletsAdapterTest {
assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage); assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage);
testRealmSAMLPostLoginPage.form().login("bburke", "password"); testRealmSAMLPostLoginPage.form().login("bburke", "password");
driver.navigate().to(employee2ServletPage.toString() + "/getAttributes"); driver.navigate().to(employee2ServletPage.getUriBuilder().clone().path("getAttributes").build().toURL());
waitForPageToLoad(); waitForPageToLoad();
String body = driver.findElement(By.xpath("//body")).getText(); String body = driver.findElement(By.xpath("//body")).getText();
@ -1379,7 +1379,7 @@ public class SAMLServletAdapterTest extends AbstractServletsAdapterTest {
assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage); assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage);
testRealmSAMLPostLoginPage.form().login("bburke", "password"); testRealmSAMLPostLoginPage.form().login("bburke", "password");
driver.navigate().to(employee2ServletPage.toString() + "/getAttributes"); driver.navigate().to(employee2ServletPage.getUriBuilder().clone().path("getAttributes").build().toURL());
waitForPageToLoad(); waitForPageToLoad();
String body = driver.findElement(By.xpath("//body")).getText(); String body = driver.findElement(By.xpath("//body")).getText();
@ -1430,7 +1430,7 @@ public class SAMLServletAdapterTest extends AbstractServletsAdapterTest {
assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage); assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage);
testRealmSAMLPostLoginPage.form().login("level2GroupUser", "password"); testRealmSAMLPostLoginPage.form().login("level2GroupUser", "password");
driver.navigate().to(employee2ServletPage.toString() + "/getAttributes"); driver.navigate().to(employee2ServletPage.getUriBuilder().clone().path("getAttributes").build().toURL());
waitUntilElement(By.xpath("//body")).text().contains("topAttribute: true"); waitUntilElement(By.xpath("//body")).text().contains("topAttribute: true");
waitUntilElement(By.xpath("//body")).text().contains("level2Attribute: true"); waitUntilElement(By.xpath("//body")).text().contains("level2Attribute: true");
waitUntilElement(By.xpath("//body")).text().contains("attribute email: level2@redhat.com"); waitUntilElement(By.xpath("//body")).text().contains("attribute email: level2@redhat.com");
@ -1447,7 +1447,7 @@ public class SAMLServletAdapterTest extends AbstractServletsAdapterTest {
assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage); assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage);
testRealmSAMLPostLoginPage.form().login(bburkeUser); testRealmSAMLPostLoginPage.form().login(bburkeUser);
driver.navigate().to(employee2ServletPage.toString() + "/getAttributes"); driver.navigate().to(employee2ServletPage.getUriBuilder().clone().path("getAttributes").build().toURL());
waitUntilElement(By.xpath("//body")).text().contains("attribute email: bburke@redhat.com"); waitUntilElement(By.xpath("//body")).text().contains("attribute email: bburke@redhat.com");
waitUntilElement(By.xpath("//body")).text().contains("friendlyAttribute email: bburke@redhat.com"); waitUntilElement(By.xpath("//body")).text().contains("friendlyAttribute email: bburke@redhat.com");
waitUntilElement(By.xpath("//body")).text().contains("phone: 617"); waitUntilElement(By.xpath("//body")).text().contains("phone: 617");
@ -1493,7 +1493,7 @@ public class SAMLServletAdapterTest extends AbstractServletsAdapterTest {
assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage); assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage);
testRealmSAMLPostLoginPage.form().login(bburkeUser); testRealmSAMLPostLoginPage.form().login(bburkeUser);
driver.navigate().to(employee2ServletPage.toString() + "/getAttributes"); driver.navigate().to(employee2ServletPage.getUriBuilder().clone().path("getAttributes").build().toURL());
waitUntilElement(By.xpath("//body")).text().contains("hardcoded-attribute: hard"); waitUntilElement(By.xpath("//body")).text().contains("hardcoded-attribute: hard");
employee2ServletPage.checkRolesEndPoint(false); employee2ServletPage.checkRolesEndPoint(false);
employee2ServletPage.logout(); employee2ServletPage.logout();
@ -1543,7 +1543,7 @@ public class SAMLServletAdapterTest extends AbstractServletsAdapterTest {
}) })
.build() .build()
.navigateTo(employee2ServletPage.toString() + "/getAttributes") .navigateTo(employee2ServletPage.getUriBuilder().clone().path("getAttributes").build())
.execute(r -> { .execute(r -> {
Assert.assertThat(r, statusCodeIsHC(Response.Status.OK)); Assert.assertThat(r, statusCodeIsHC(Response.Status.OK));
@ -1743,7 +1743,7 @@ public class SAMLServletAdapterTest extends AbstractServletsAdapterTest {
StatusCodeType statusCode = responseType.getStatus().getStatusCode(); StatusCodeType statusCode = responseType.getStatus().getStatusCode();
Assert.assertThat(statusCode.getValue().toString(), is(JBossSAMLURIConstants.STATUS_SUCCESS.get())); Assert.assertThat(statusCode.getValue().toString(), is(JBossSAMLURIConstants.STATUS_SUCCESS.get()));
Assert.assertThat(responseType.getDestination(), is(ecpSPPage.toString() + "/")); Assert.assertThat(responseType.getDestination(), is(ecpSPPage.toString()));
Assert.assertThat(responseType.getSignature(), notNullValue()); Assert.assertThat(responseType.getSignature(), notNullValue());
Assert.assertThat(responseType.getAssertions().size(), is(1)); Assert.assertThat(responseType.getAssertions().size(), is(1));

View file

@ -0,0 +1,66 @@
package org.keycloak.testsuite.adapter.servlet.jetty;
import org.junit.Ignore;
import org.keycloak.testsuite.adapter.servlet.DemoServletsAdapterTest;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.arquillian.containers.ContainerConstants;
@AppServerContainer(ContainerConstants.APP_SERVER_JETTY94)
@AppServerContainer(ContainerConstants.APP_SERVER_JETTY93)
@AppServerContainer(ContainerConstants.APP_SERVER_JETTY92)
public class JettyDemoServletAdapterTest extends DemoServletsAdapterTest {
@Ignore("KEYCLOAK-9614")
@Override
public void testAuthenticated() {
}
@Ignore("KEYCLOAK-9614")
@Override
public void testAuthenticatedWithCustomSessionConfig() {
}
@Ignore("KEYCLOAK-9616")
@Override
public void testOIDCParamsForwarding() {
}
@Ignore("KEYCLOAK-9616")
@Override
public void testOIDCUiLocalesParamForwarding() {
}
@Ignore("KEYCLOAK-9615")
@Override
public void testInvalidTokenCookie() {
}
@Ignore("KEYCLOAK-9615")
@Override
public void testTokenInCookieRefresh() {
}
@Ignore("KEYCLOAK-9615")
@Override
public void testTokenInCookieSSO() {
}
@Ignore("KEYCLOAK-9615")
@Override
public void testTokenInCookieSSORoot() {
}
@Ignore("KEYCLOAK-9617")
@Override
public void testWithoutKeycloakConf() {
}
}

View file

@ -0,0 +1,24 @@
package org.keycloak.testsuite.adapter.servlet.jetty;
import org.junit.Ignore;
import org.keycloak.testsuite.adapter.servlet.SAMLServletAdapterTest;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.arquillian.containers.ContainerConstants;
@AppServerContainer(ContainerConstants.APP_SERVER_JETTY94)
@AppServerContainer(ContainerConstants.APP_SERVER_JETTY93)
@AppServerContainer(ContainerConstants.APP_SERVER_JETTY92)
public class JettySAMLServletAdapterTest extends SAMLServletAdapterTest {
@Ignore("KEYCLOAK-9687")
@Override
public void multiTenant1SamlTest() throws Exception {
}
@Ignore("KEYCLOAK-9687")
@Override
public void multiTenant2SamlTest() throws Exception {
}
}

View file

@ -140,7 +140,7 @@ public class UndertowRelaviteUriAdapterTest extends AbstractServletsAdapterTest
Assert.assertTrue(driver.getPageSource().contains("iPhone")); Assert.assertTrue(driver.getPageSource().contains("iPhone"));
// test logout // test logout
driver.navigate().to(customerPortal.logout()); driver.navigate().to(customerPortal.logout().toASCIIString());
Assert.assertTrue(driver.getPageSource().contains("servlet logout ok")); Assert.assertTrue(driver.getPageSource().contains("servlet logout ok"));
customerPortal.navigateTo(); customerPortal.navigateTo();

View file

@ -28,10 +28,10 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.arquillian.AuthServerTestEnricher; import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
import org.keycloak.testsuite.arquillian.undertow.TLSUtils;
import org.keycloak.testsuite.util.ClientBuilder; import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.RealmBuilder; import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.UserBuilder; import org.keycloak.testsuite.util.UserBuilder;
import org.keycloak.testsuite.utils.tls.TLSUtils;
import javax.ws.rs.ClientErrorException; import javax.ws.rs.ClientErrorException;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;

View file

@ -48,10 +48,10 @@ import org.keycloak.services.resources.admin.permissions.GroupPermissionManageme
import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.AuthServerTestEnricher; import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
import org.keycloak.testsuite.arquillian.undertow.TLSUtils;
import org.keycloak.testsuite.auth.page.AuthRealm; import org.keycloak.testsuite.auth.page.AuthRealm;
import org.keycloak.testsuite.runonserver.RunOnServerDeployment; import org.keycloak.testsuite.runonserver.RunOnServerDeployment;
import org.keycloak.testsuite.util.AdminClientUtil; import org.keycloak.testsuite.util.AdminClientUtil;
import org.keycloak.testsuite.utils.tls.TLSUtils;
import javax.ws.rs.ClientErrorException; import javax.ws.rs.ClientErrorException;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;

View file

@ -57,7 +57,6 @@ import org.keycloak.services.resources.admin.AdminAuth.Resource;
import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.arquillian.AuthServerTestEnricher; import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
import org.keycloak.testsuite.arquillian.undertow.TLSUtils;
import org.keycloak.testsuite.util.AdminClientUtil; import org.keycloak.testsuite.util.AdminClientUtil;
import org.keycloak.testsuite.util.ClientBuilder; import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.CredentialBuilder; import org.keycloak.testsuite.util.CredentialBuilder;
@ -83,6 +82,7 @@ import static org.junit.Assert.fail;
import static org.keycloak.services.resources.admin.AdminAuth.Resource.AUTHORIZATION; import static org.keycloak.services.resources.admin.AdminAuth.Resource.AUTHORIZATION;
import static org.keycloak.services.resources.admin.AdminAuth.Resource.CLIENT; import static org.keycloak.services.resources.admin.AdminAuth.Resource.CLIENT;
import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.utils.tls.TLSUtils;
/** /**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a> * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>

View file

@ -17,13 +17,12 @@
package org.keycloak.testsuite.admin.concurrency; package org.keycloak.testsuite.admin.concurrency;
import org.jboss.logging.Logger;
import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.arquillian.undertow.TLSUtils; import org.keycloak.testsuite.utils.tls.TLSUtils;
import java.util.Collections; import java.util.Collections;
import java.util.HashSet; import java.util.HashSet;

View file

@ -34,12 +34,12 @@ import org.keycloak.testsuite.AbstractAuthTest;
import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.AuthServerTestEnricher; import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
import org.keycloak.testsuite.arquillian.undertow.TLSUtils;
import org.keycloak.testsuite.util.AdminEventPaths; import org.keycloak.testsuite.util.AdminEventPaths;
import org.keycloak.testsuite.util.AssertAdminEvents; import org.keycloak.testsuite.util.AssertAdminEvents;
import org.keycloak.testsuite.util.ClientBuilder; import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.RealmBuilder; import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.UserBuilder; import org.keycloak.testsuite.util.UserBuilder;
import org.keycloak.testsuite.utils.tls.TLSUtils;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;

View file

@ -36,12 +36,12 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.undertow.TLSUtils;
import org.keycloak.testsuite.util.AdminEventPaths; import org.keycloak.testsuite.util.AdminEventPaths;
import org.keycloak.testsuite.util.ClientBuilder; import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.RoleBuilder; import org.keycloak.testsuite.util.RoleBuilder;
import org.keycloak.testsuite.util.URLAssert; import org.keycloak.testsuite.util.URLAssert;
import org.keycloak.testsuite.util.UserBuilder; import org.keycloak.testsuite.util.UserBuilder;
import org.keycloak.testsuite.utils.tls.TLSUtils;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;
import javax.ws.rs.NotFoundException; import javax.ws.rs.NotFoundException;

View file

@ -48,7 +48,6 @@ import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.AbstractAdminTest; import org.keycloak.testsuite.admin.AbstractAdminTest;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.AuthServerTestEnricher; import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
import org.keycloak.testsuite.arquillian.undertow.TLSUtils;
import org.keycloak.testsuite.auth.page.AuthRealm; import org.keycloak.testsuite.auth.page.AuthRealm;
import org.keycloak.testsuite.client.KeycloakTestingClient; import org.keycloak.testsuite.client.KeycloakTestingClient;
import org.keycloak.testsuite.runonserver.RunOnServerDeployment; import org.keycloak.testsuite.runonserver.RunOnServerDeployment;
@ -60,6 +59,7 @@ import org.keycloak.testsuite.util.CredentialBuilder;
import org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse; import org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse;
import org.keycloak.testsuite.util.RealmBuilder; import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.UserBuilder; import org.keycloak.testsuite.util.UserBuilder;
import org.keycloak.testsuite.utils.tls.TLSUtils;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;
import javax.ws.rs.NotFoundException; import javax.ws.rs.NotFoundException;

View file

@ -11,9 +11,9 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.arquillian.AuthServerTestEnricher; import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
import org.keycloak.testsuite.arquillian.ContainerInfo; import org.keycloak.testsuite.arquillian.ContainerInfo;
import org.keycloak.testsuite.arquillian.undertow.TLSUtils;
import org.keycloak.testsuite.client.KeycloakTestingClient; import org.keycloak.testsuite.client.KeycloakTestingClient;
import org.keycloak.testsuite.util.ContainerAssume; import org.keycloak.testsuite.util.ContainerAssume;
import org.keycloak.testsuite.utils.tls.TLSUtils;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;

View file

@ -48,10 +48,8 @@ import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.account.AccountFormServiceTest;
import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.AuthServerTestEnricher; import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
import org.keycloak.testsuite.arquillian.undertow.TLSUtils;
import org.keycloak.testsuite.auth.page.AuthRealm; import org.keycloak.testsuite.auth.page.AuthRealm;
import org.keycloak.testsuite.pages.AccountApplicationsPage; import org.keycloak.testsuite.pages.AccountApplicationsPage;
import org.keycloak.testsuite.pages.LoginPage; import org.keycloak.testsuite.pages.LoginPage;
@ -63,6 +61,7 @@ import org.keycloak.testsuite.util.RealmManager;
import org.keycloak.testsuite.util.RoleBuilder; import org.keycloak.testsuite.util.RoleBuilder;
import org.keycloak.testsuite.util.TokenSignatureUtil; import org.keycloak.testsuite.util.TokenSignatureUtil;
import org.keycloak.testsuite.util.UserBuilder; import org.keycloak.testsuite.util.UserBuilder;
import org.keycloak.testsuite.utils.tls.TLSUtils;
import org.keycloak.util.TokenUtil; import org.keycloak.util.TokenUtil;
import javax.ws.rs.NotFoundException; import javax.ws.rs.NotFoundException;

View file

@ -0,0 +1,17 @@
package org.keycloak.testsuite.util;
import org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine;
/**
* A simple wrapper for the HTTP Client Engine to follow redirects.
*
* <p>
* When hitting a Servlet deployed on Jetty without trailing slash, we get a <code>302</code> in return.
* Our testsuite doesn't work well with this. This engine solves this problem.
* </p>
*/
public class FollowRedirectsEngine extends ApacheHttpClient4Engine {
public FollowRedirectsEngine() {
this.followRedirects = true;
}
}

View file

@ -33,8 +33,10 @@ import java.io.InputStreamReader;
import java.io.Reader; import java.io.Reader;
import java.io.StringWriter; import java.io.StringWriter;
import java.net.URI; import java.net.URI;
import java.net.URL;
import java.nio.charset.Charset; import java.nio.charset.Charset;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
import static org.keycloak.testsuite.util.URLUtils.currentUrlDoesntStartWith; import static org.keycloak.testsuite.util.URLUtils.currentUrlDoesntStartWith;
import static org.keycloak.testsuite.util.URLUtils.currentUrlEquals; import static org.keycloak.testsuite.util.URLUtils.currentUrlEquals;
@ -60,12 +62,15 @@ public class URLAssert {
assertCurrentUrlEquals(page.toString()); assertCurrentUrlEquals(page.toString());
} }
public static void assertCurrentUrlEquals(final URI url) {
assertCurrentUrlEquals(url.toASCIIString());
}
public static void assertCurrentUrlEquals(final String url) { public static void assertCurrentUrlEquals(final String url) {
assertTrue("Expected URL: " + url + "; actual: " + DroneUtils.getCurrentDriver().getCurrentUrl(), assertTrue("Expected URL: " + url + "; actual: " + DroneUtils.getCurrentDriver().getCurrentUrl(),
currentUrlEquals(url)); currentUrlEquals(url));
} }
public static void assertCurrentUrlStartsWith(final AbstractPage page, WebDriver driver) { public static void assertCurrentUrlStartsWith(final AbstractPage page, WebDriver driver) {
assertCurrentUrlStartsWith(page.toString(), driver); assertCurrentUrlStartsWith(page.toString(), driver);
} }

View file

@ -1,7 +1,4 @@
package org.keycloak.testsuite.arquillian.undertow; package org.keycloak.testsuite.utils.tls;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.KeyManagerFactory;
@ -9,6 +6,8 @@ import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager; import javax.net.ssl.X509TrustManager;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
public class TLSUtils { public class TLSUtils {
@ -30,7 +29,7 @@ public class TLSUtils {
public static SSLContext initializeTLS() { public static SSLContext initializeTLS() {
try { try {
KeyStore keystore = KeyStore.getInstance("jks"); KeyStore keystore = KeyStore.getInstance("jks");
keystore.load(KeycloakOnUndertow.class.getResourceAsStream("/keycloak.jks"), "secret".toCharArray()); keystore.load(TLSUtils.class.getResourceAsStream("/keycloak.jks"), "secret".toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keystore, "secret".toCharArray()); keyManagerFactory.init(keystore, "secret".toCharArray());
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers(); KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
@ -38,7 +37,7 @@ public class TLSUtils {
// Essentially, this is REQUEST CLIENT AUTH behavior. It doesn't fail if the client doesn't have a cert. // Essentially, this is REQUEST CLIENT AUTH behavior. It doesn't fail if the client doesn't have a cert.
// However it will challenge him to send it. // However it will challenge him to send it.
KeyStore truststore = KeyStore.getInstance("jks"); KeyStore truststore = KeyStore.getInstance("jks");
truststore.load(KeycloakOnUndertow.class.getResourceAsStream("/keycloak.truststore"), "secret".toCharArray()); truststore.load(TLSUtils.class.getResourceAsStream("/keycloak.truststore"), "secret".toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(truststore); trustManagerFactory.init(truststore);
TrustManager[] trustManagers = new TrustManager[trustManagerFactory.getTrustManagers().length + 1]; TrustManager[] trustManagers = new TrustManager[trustManagerFactory.getTrustManagers().length + 1];

View file

@ -1,403 +0,0 @@
<?xml version="1.0"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<artifactId>keycloak-testsuite-pom</artifactId>
<groupId>org.keycloak</groupId>
<version>5.0.0-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>keycloak-testsuite-jetty92</artifactId>
<name>Keycloak Jetty 9.2.x Integration TestSuite</name>
<properties>
<maven.compiler.target>1.7</maven.compiler.target>
<maven.compiler.source>1.7</maven.compiler.source>
<jetty9.version>9.2.4.v20141103</jetty9.version>
</properties>
<description />
<dependencies>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-dependencies-server-all</artifactId>
<type>pom</type>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-admin-client</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-saml-jetty92-adapter</artifactId>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.spec.javax.servlet</groupId>
<artifactId>jboss-servlet-api_3.0_spec</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.spec.javax.ws.rs</groupId>
<artifactId>jboss-jaxrs-api_2.1_spec</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-jaxrs</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-client</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-multipart-provider</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-jackson2-provider</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-undertow</artifactId>
</dependency>
<dependency>
<groupId>com.google.zxing</groupId>
<artifactId>javase</artifactId>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-ldap-federation</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-kerberos-federation</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-undertow-adapter</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-jetty92-adapter</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.logging</groupId>
<artifactId>jboss-logging</artifactId>
</dependency>
<dependency>
<groupId>io.undertow</groupId>
<artifactId>undertow-servlet</artifactId>
</dependency>
<dependency>
<groupId>io.undertow</groupId>
<artifactId>undertow-core</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
</dependency>
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest-all</artifactId>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
</dependency>
<dependency>
<groupId>com.icegreen</groupId>
<artifactId>greenmail</artifactId>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.infinispan</groupId>
<artifactId>infinispan-core</artifactId>
</dependency>
<dependency>
<groupId>org.seleniumhq.selenium</groupId>
<artifactId>selenium-java</artifactId>
</dependency>
<dependency>
<groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
</dependency>
<dependency>
<groupId>org.seleniumhq.selenium</groupId>
<artifactId>selenium-chrome-driver</artifactId>
</dependency>
<dependency>
<groupId>org.wildfly</groupId>
<artifactId>wildfly-undertow</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-testsuite-integration-deprecated</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-testsuite-integration-deprecated</artifactId>
<type>test-jar</type>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-test-apps-servlets</artifactId>
<version>${project.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-jaas</artifactId>
<version>${jetty9.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-util</artifactId>
<version>${jetty9.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-webapp</artifactId>
<version>${jetty9.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-security</artifactId>
<version>${jetty9.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-servlet</artifactId>
<version>${jetty9.version}</version>
<scope>provided</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>2.2</version>
<executions>
<execution>
<goals>
<goal>test-jar</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<configuration>
<workingDirectory>${project.basedir}</workingDirectory>
</configuration>
</plugin>
</plugins>
</build>
<profiles>
<profile>
<id>keycloak-server</id>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<configuration>
<mainClass>org.keycloak.testsuite.KeycloakServer</mainClass>
</configuration>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>mail-server</id>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<configuration>
<mainClass>org.keycloak.testsuite.MailServer</mainClass>
</configuration>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>totp</id>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<configuration>
<mainClass>org.keycloak.testsuite.TotpGenerator</mainClass>
</configuration>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>jpa</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<systemPropertyVariables>
<keycloak.realm.provider>jpa</keycloak.realm.provider>
<keycloak.user.provider>jpa</keycloak.user.provider>
<keycloak.eventStore.provider>jpa</keycloak.eventStore.provider>
</systemPropertyVariables>
</configuration>
</plugin>
</plugins>
</build>
</profile>
<!-- MySQL -->
<profile>
<activation>
<property>
<name>keycloak.connectionsJpa.driver</name>
<value>com.mysql.jdbc.Driver</value>
</property>
</activation>
<id>mysql</id>
<dependencies>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>${mysql.version}</version>
</dependency>
</dependencies>
</profile>
<!-- PostgreSQL -->
<profile>
<activation>
<property>
<name>keycloak.connectionsJpa.driver</name>
<value>org.postgresql.Driver</value>
</property>
</activation>
<id>postgresql</id>
<dependencies>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<version>${postgresql.version}</version>
</dependency>
</dependencies>
</profile>
<profile>
<id>clean-jpa</id>
<build>
<plugins>
<plugin>
<groupId>org.liquibase</groupId>
<artifactId>liquibase-maven-plugin</artifactId>
<configuration>
<changeLogFile>META-INF/jpa-changelog-master.xml</changeLogFile>
<url>${keycloak.connectionsJpa.url}</url>
<driver>${keycloak.connectionsJpa.driver}</driver>
<username>${keycloak.connectionsJpa.user}</username>
<password>${keycloak.connectionsJpa.password}</password>
<promptOnNonLocalDatabase>false</promptOnNonLocalDatabase>
</configuration>
<executions>
<execution>
<id>clean-jpa</id>
<phase>clean</phase>
<goals>
<goal>dropAll</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>

View file

@ -1,191 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.webapp.WebAppContext;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.helper.adapter.AdapterTestStrategy;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import java.io.File;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class Jetty9Test {
@ClassRule
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
@Override
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
AdapterTestStrategy.baseAdapterTestInitialization(session, manager, adminRealm, getClass());
}
};
public static Server server = null;
@BeforeClass
public static void initJetty() throws Exception {
server = new Server(8082);
List<Handler> list = new ArrayList<Handler>();
System.setProperty("app.server.base.url", "http://localhost:8082");
System.setProperty("my.host.name", "localhost");
URL dir = Jetty9Test.class.getResource("/adapter-test/demorealm.json");
File base = new File(dir.getFile()).getParentFile();
list.add(new WebAppContext(new File(base, "customer-portal").toString(), "/customer-portal"));
list.add(new WebAppContext(new File(base, "customer-db").toString(), "/customer-db"));
list.add(new WebAppContext(new File(base, "customer-db-error-page").toString(), "/customer-db-error-page"));
list.add(new WebAppContext(new File(base, "product-portal").toString(), "/product-portal"));
list.add(new WebAppContext(new File(base, "session-portal").toString(), "/session-portal"));
list.add(new WebAppContext(new File(base, "input-portal").toString(), "/input-portal"));
list.add(new WebAppContext(new File(base, "secure-portal").toString(), "/secure-portal"));
HandlerCollection handlers = new HandlerCollection();
handlers.setHandlers(list.toArray(new Handler[list.size()]));
server.setHandler(handlers);
server.start();
}
@AfterClass
public static void shutdownJetty() throws Exception {
try {
server.stop();
server.destroy();
Thread.sleep(100);
} catch (Exception e) {}
}
@Rule
public AdapterTestStrategy testStrategy = new AdapterTestStrategy("http://localhost:8081/auth", "http://localhost:8082", keycloakRule, true);
@Test
public void testLoginSSOAndLogout() throws Exception {
testStrategy.testLoginSSOAndLogout();
}
@Test
public void testLoginEncodedRedirectUri() throws Exception {
testStrategy.testLoginEncodedRedirectUri();
}
@Test
public void testSavedPostRequest() throws Exception {
testStrategy.testSavedPostRequest();
}
@Test
public void testServletRequestLogout() throws Exception {
testStrategy.testServletRequestLogout();
}
@Test
public void testLoginSSOIdle() throws Exception {
testStrategy.testLoginSSOIdle();
}
@Test
public void testLoginSSOIdleRemoveExpiredUserSessions() throws Exception {
testStrategy.testLoginSSOIdleRemoveExpiredUserSessions();
}
@Test
public void testLoginSSOMax() throws Exception {
testStrategy.testLoginSSOMax();
}
/**
* KEYCLOAK-518
* @throws Exception
*/
@Test
public void testNullBearerToken() throws Exception {
testStrategy.testNullBearerToken();
}
/**
* KEYCLOAK-1368
* @throws Exception
*/
@Test
public void testNullBearerTokenCustomErrorPage() throws Exception {
testStrategy.testNullBearerTokenCustomErrorPage();
}
/**
* KEYCLOAK-518
* @throws Exception
*/
@Test
public void testBadUser() throws Exception {
testStrategy.testBadUser();
}
/**
* KEYCLOAK-732
*
* @throws Throwable
*/
@Test
public void testSingleSessionInvalidated() throws Throwable {
testStrategy.testSingleSessionInvalidated();
}
/**
* KEYCLOAK-741
*/
@Test
public void testSessionInvalidatedAfterFailedRefresh() throws Throwable {
testStrategy.testSessionInvalidatedAfterFailedRefresh();
}
/**
* KEYCLOAK-942
*/
@Test
public void testAdminApplicationLogout() throws Throwable {
testStrategy.testAdminApplicationLogout();
}
/**
* KEYCLOAK-1216
*/
@Test
public void testAccountManagementSessionsLogout() throws Throwable {
testStrategy.testAccountManagementSessionsLogout();
}
}

View file

@ -1,204 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.webapp.WebAppContext;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.helper.adapter.SamlAdapterTestStrategy;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.openqa.selenium.WebDriver;
import java.io.File;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class JettySamlTest {
@Rule
public SamlAdapterTestStrategy testStrategy = new SamlAdapterTestStrategy("http://localhost:8081/auth", "http://localhost:8082", keycloakRule);
@ClassRule
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
@Override
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
SamlAdapterTestStrategy.baseAdapterTestInitialization(session, manager, adminRealm, getClass());
}
};
public static Server server = null;
@BeforeClass
public static void initJetty() throws Exception {
server = new Server(8082);
List<Handler> list = new ArrayList<Handler>();
System.setProperty("app.server.base.url", "http://localhost:8082");
System.setProperty("my.host.name", "localhost");
URL dir = JettySamlTest.class.getResource("/keycloak-saml/testsaml.json");
File base = new File(dir.getFile()).getParentFile();
//list.add(new WebAppContext(new File(base, "customer-portal").toString(), "/customer-portal"));
list.add(new WebAppContext(new File(base, "simple-post").toString(), "/sales-post"));
list.add(new WebAppContext(new File(base, "simple-post2").toString(), "/sales-post2"));
list.add(new WebAppContext(new File(base, "simple-input").toString(), "/input-portal"));
list.add(new WebAppContext(new File(base, "signed-post").toString(), "/sales-post-sig"));
list.add(new WebAppContext(new File(base, "signed-post-email").toString(), "/sales-post-sig-email"));
list.add(new WebAppContext(new File(base, "signed-post-transient").toString(), "/sales-post-sig-transient"));
list.add(new WebAppContext(new File(base, "signed-post-persistent").toString(), "/sales-post-sig-persistent"));
list.add(new WebAppContext(new File(base, "signed-metadata").toString(), "/sales-metadata"));
list.add(new WebAppContext(new File(base, "signed-get").toString(), "/employee-sig"));
list.add(new WebAppContext(new File(base, "mappers").toString(), "/employee2"));
list.add(new WebAppContext(new File(base, "signed-front-get").toString(), "/employee-sig-front"));
list.add(new WebAppContext(new File(base, "bad-client-signed-post").toString(), "/bad-client-sales-post-sig"));
list.add(new WebAppContext(new File(base, "bad-realm-signed-post").toString(), "/bad-realm-sales-post-sig"));
list.add(new WebAppContext(new File(base, "encrypted-post").toString(), "/sales-post-enc"));
SamlAdapterTestStrategy.uploadSP("http://localhost:8081/auth");
HandlerCollection handlers = new HandlerCollection();
handlers.setHandlers(list.toArray(new Handler[list.size()]));
server.setHandler(handlers);
server.start();
}
@AfterClass
public static void shutdownJetty() throws Exception {
try {
server.stop();
server.destroy();
Thread.sleep(100);
} catch (Exception e) {}
}
@Test
public void testSavedPostRequest() throws Exception {
testStrategy.testSavedPostRequest();
}
@Test
public void testPostSimpleLoginLogoutIdpInitiatedRedirectTo() {
testStrategy.testPostSimpleLoginLogoutIdpInitiatedRedirectTo();
}
@Test
public void testErrorHandlingSigned() throws Exception {
testStrategy.testErrorHandlingSigned();
}
@Test
public void testErrorHandlingUnsigned() throws Exception {
testStrategy.testErrorHandlingUnsigned();
}
@Test
public void testPostSimpleLoginLogout() {
testStrategy.testPostSimpleLoginLogout();
}
@Test
public void testPostSimpleLoginLogoutIdpInitiated() {
testStrategy.testPostSimpleLoginLogoutIdpInitiated();
}
@Test
public void testPostSignedLoginLogout() {
testStrategy.testPostSignedLoginLogout();
}
@Test
public void testPostSignedLoginLogoutTransientNameID() {
testStrategy.testPostSignedLoginLogoutTransientNameID();
}
@Test
public void testPostSignedLoginLogoutPersistentNameID() {
testStrategy.testPostSignedLoginLogoutPersistentNameID();
}
@Test
public void testPostSignedLoginLogoutEmailNameID() {
testStrategy.testPostSignedLoginLogoutEmailNameID();
}
@Test
public void testAttributes() throws Exception {
testStrategy.testAttributes();
}
@Test
public void testRedirectSignedLoginLogout() {
testStrategy.testRedirectSignedLoginLogout();
}
@Test
public void testRedirectSignedLoginLogoutFrontNoSSO() {
testStrategy.testRedirectSignedLoginLogoutFrontNoSSO();
}
@Test
public void testRedirectSignedLoginLogoutFront() {
testStrategy.testRedirectSignedLoginLogoutFront();
}
@Test
public void testPostEncryptedLoginLogout() {
testStrategy.testPostEncryptedLoginLogout();
}
@Test
public void testPostBadClientSignature() {
testStrategy.testPostBadClientSignature();
}
@Test
public void testPostBadRealmSignature() {
testStrategy.testPostBadRealmSignature( );
}
@Test
public void testPostSimpleUnauthorized() {
testStrategy.testPostSimpleUnauthorized( new SamlAdapterTestStrategy.CheckAuthError() {
@Override
public void check(WebDriver driver) {
Assert.assertTrue(driver.getPageSource().contains("Error 403 !role"));
}
});
}
@Test
public void testMetadataPostSignedLoginLogout() throws Exception {
testStrategy.testMetadataPostSignedLoginLogout();
}
}

View file

@ -1,46 +0,0 @@
<?xml version="1.0"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Get name="securityHandler">
<Set name="authenticator">
<New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
<!--
<Set name="adapterConfig">
<New class="org.keycloak.representations.adapters.config.AdapterConfig">
<Set name="realm">tomcat</Set>
<Set name="resource">customer-portal</Set>
<Set name="authServerUrl">http://localhost:8081/auth</Set>
<Set name="sslRequired">external</Set>
<Set name="credentials">
<Map>
<Entry>
<Item>secret</Item>
<Item>password</Item>
</Entry>
</Map>
</Set>
<Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
</New>
</Set>
-->
</New>
</Set>
</Get>
</Configure>

View file

@ -1,10 +0,0 @@
{
"realm" : "demo",
"resource" : "customer-db",
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-server-url": "http://localhost:8081/auth",
"ssl-required" : "external",
"bearer-only" : true,
"enable-cors" : true
}

View file

@ -1,96 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>adapter-test</module-name>
<servlet>
<servlet-name>Servlet</servlet-name>
<servlet-class>org.keycloak.testsuite.adapter.servlet.CustomerDatabaseServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>Error Servlet</servlet-name>
<servlet-class>org.keycloak.testsuite.rule.ErrorServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Servlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Error Servlet</servlet-name>
<url-pattern>/error.html</url-pattern>
</servlet-mapping>
<error-page>
<error-code>400</error-code>
<location>/error.html</location>
</error-page>
<error-page>
<error-code>401</error-code>
<location>/error.html</location>
</error-page>
<error-page>
<error-code>403</error-code>
<location>/error.html</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/error.html</location>
</error-page>
<security-constraint>
<web-resource-collection>
<web-resource-name>Users</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Errors</web-resource-name>
<url-pattern>/error.html</url-pattern>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>demo</realm-name>
<form-login-config>
<form-login-page>/error.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>

View file

@ -1,46 +0,0 @@
<?xml version="1.0"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Get name="securityHandler">
<Set name="authenticator">
<New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
<!--
<Set name="adapterConfig">
<New class="org.keycloak.representations.adapters.config.AdapterConfig">
<Set name="realm">tomcat</Set>
<Set name="resource">customer-portal</Set>
<Set name="authServerUrl">http://localhost:8081/auth</Set>
<Set name="sslRequired">external</Set>
<Set name="credentials">
<Map>
<Entry>
<Item>secret</Item>
<Item>password</Item>
</Entry>
</Map>
</Set>
<Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
</New>
</Set>
-->
</New>
</Set>
</Get>
</Configure>

View file

@ -1,10 +0,0 @@
{
"realm" : "demo",
"resource" : "customer-db",
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-server-url": "http://localhost:8081/auth",
"ssl-required" : "external",
"bearer-only" : true,
"enable-cors" : true
}

View file

@ -1,57 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>adapter-test</module-name>
<servlet>
<servlet-name>Servlet</servlet-name>
<servlet-class>org.keycloak.testsuite.adapter.servlet.CustomerDatabaseServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Servlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Users</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>demo</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>

View file

@ -1,46 +0,0 @@
<?xml version="1.0"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Get name="securityHandler">
<Set name="authenticator">
<New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
<!--
<Set name="adapterConfig">
<New class="org.keycloak.representations.adapters.config.AdapterConfig">
<Set name="realm">tomcat</Set>
<Set name="resource">customer-portal</Set>
<Set name="authServerUrl">http://localhost:8081/auth</Set>
<Set name="sslRequired">external</Set>
<Set name="credentials">
<Map>
<Entry>
<Item>secret</Item>
<Item>password</Item>
</Entry>
</Map>
</Set>
<Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
</New>
</Set>
-->
</New>
</Set>
</Get>
</Configure>

View file

@ -1,11 +0,0 @@
{
"realm": "demo",
"resource": "customer-portal",
"realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-server-url": "http://localhost:8081/auth",
"ssl-required" : "external",
"expose-token": true,
"credentials": {
"secret": "password"
}
}

View file

@ -1,76 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>adapter-test</module-name>
<servlet>
<servlet-name>Servlet</servlet-name>
<servlet-class>org.keycloak.testsuite.adapter.servlet.CustomerServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>Error Servlet</servlet-name>
<servlet-class>org.keycloak.testsuite.rule.ErrorServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Servlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Error Servlet</servlet-name>
<url-pattern>/error.html</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Users</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Errors</web-resource-name>
<url-pattern>/error.html</url-pattern>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>demo</realm-name>
<form-login-config>
<form-login-page>/error.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>

View file

@ -1,164 +0,0 @@
{
"id": "demo",
"realm": "demo",
"enabled": true,
"accessTokenLifespan": 3000,
"accessCodeLifespan": 10,
"accessCodeLifespanUserAction": 6000,
"sslRequired": "external",
"registrationAllowed": false,
"privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
"publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"requiredCredentials": [ "password" ],
"users" : [
{
"username" : "bburke@redhat.com",
"enabled": true,
"email" : "bburke@redhat.com",
"firstName": "Bill",
"lastName": "Burke",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"realmRoles": [ "user" ],
"applicationRoles": {
"account": [ "manage-account" ]
}
},
{
"username" : "mposolda",
"enabled": true,
"email" : "mposolda@redhat.com",
"firstName": "Marek",
"lastName": "Posolda",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"realmRoles": [ "user" ],
"applicationRoles": {
"account": [ "manage-account" ]
}
}
],
"roles" : {
"realm" : [
{
"name": "user",
"description": "User privileges"
},
{
"name": "admin",
"description": "Administrator privileges"
}
]
},
"scopeMappings": [
{
"client": "third-party",
"roles": ["user"]
},
{
"client": "customer-portal",
"roles": ["user"]
},
{
"client": "product-portal",
"roles": ["user"]
}
],
"applications": [
{
"name": "customer-portal",
"enabled": true,
"adminUrl": "http://localhost:8082/customer-portal",
"baseUrl": "http://localhost:8082/customer-portal",
"directAccessGrantsEnabled": true,
"redirectUris": [
"http://localhost:8082/customer-portal/*"
],
"secret": "password"
},
{
"name": "customer-cookie-portal",
"enabled": true,
"baseUrl": "http://localhost:8082/customer-cookie-portal",
"redirectUris": [
"http://localhost:8082/customer-cookie-portal/*"
],
"secret": "password"
},
{
"name": "customer-portal-js",
"enabled": true,
"publicClient": true,
"adminUrl": "http://localhost:8082/customer-portal-js",
"baseUrl": "http://localhost:8082/customer-portal-js",
"redirectUris": [
"http://localhost:8080/customer-portal-js/*"
]
},
{
"name": "customer-portal-cli",
"enabled": true,
"publicClient": true,
"redirectUris": [
"urn:ietf:wg:oauth:2.0:oob",
"http://localhost"
]
},
{
"name": "product-portal",
"enabled": true,
"adminUrl": "http://localhost:8082/product-portal",
"baseUrl": "http://localhost:8082/product-portal",
"redirectUris": [
"http://localhost:8082/product-portal/*"
],
"secret": "password"
},
{
"name": "secure-portal",
"enabled": true,
"adminUrl": "http://localhost:8082/secure-portal",
"baseUrl": "http://localhost:8082/secure-portal",
"redirectUris": [
"http://localhost:8082/secure-portal/*"
],
"secret": "password"
},
{
"name": "session-portal",
"enabled": true,
"adminUrl": "http://localhost:8082/session-portal",
"baseUrl": "http://localhost:8082/session-portal",
"redirectUris": [
"http://localhost:8082/session-portal/*"
],
"secret": "password"
},
{
"name": "input-portal",
"enabled": true,
"adminUrl": "http://localhost:8082/input-portal",
"baseUrl": "http://localhost:8082/input-portal",
"redirectUris": [
"http://localhost:8082/input-portal/*"
],
"secret": "password"
}
],
"oauthClients": [
{
"name": "third-party",
"enabled": true,
"redirectUris": [
"http://localhost:8082/oauth-client/*",
"http://localhost:8082/oauth-client-cdi/*"
],
"secret": "password"
}
]
}

View file

@ -1,46 +0,0 @@
<?xml version="1.0"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Get name="securityHandler">
<Set name="authenticator">
<New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
<!--
<Set name="adapterConfig">
<New class="org.keycloak.representations.adapters.config.AdapterConfig">
<Set name="realm">tomcat</Set>
<Set name="resource">customer-portal</Set>
<Set name="authServerUrl">http://localhost:8081/auth</Set>
<Set name="sslRequired">external</Set>
<Set name="credentials">
<Map>
<Entry>
<Item>secret</Item>
<Item>password</Item>
</Entry>
</Map>
</Set>
<Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
</New>
</Set>
-->
</New>
</Set>
</Get>
</Configure>

View file

@ -1,10 +0,0 @@
{
"realm" : "demo",
"resource" : "input-portal",
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-server-url" : "http://${my.host.name}:8081/auth",
"ssl-required" : "external",
"credentials" : {
"secret": "password"
}
}

View file

@ -1,57 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>adapter-test</module-name>
<servlet>
<servlet-name>Servlet</servlet-name>
<servlet-class>org.keycloak.testsuite.adapter.servlet.InputServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Servlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Users</web-resource-name>
<url-pattern>/secured/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>demo</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>

View file

@ -1,46 +0,0 @@
<?xml version="1.0"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Get name="securityHandler">
<Set name="authenticator">
<New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
<!--
<Set name="adapterConfig">
<New class="org.keycloak.representations.adapters.config.AdapterConfig">
<Set name="realm">tomcat</Set>
<Set name="resource">customer-portal</Set>
<Set name="authServerUrl">http://localhost:8081/auth</Set>
<Set name="sslRequired">external</Set>
<Set name="credentials">
<Map>
<Entry>
<Item>secret</Item>
<Item>password</Item>
</Entry>
</Map>
</Set>
<Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
</New>
</Set>
-->
</New>
</Set>
</Get>
</Configure>

View file

@ -1,10 +0,0 @@
{
"realm" : "demo",
"resource" : "product-portal",
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-server-url" : "http://localhost:8081/auth",
"ssl-required" : "external",
"credentials" : {
"secret": "password"
}
}

View file

@ -1,57 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>adapter-test</module-name>
<servlet>
<servlet-name>Servlet</servlet-name>
<servlet-class>org.keycloak.testsuite.adapter.servlet.ProductServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Servlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Users</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>demo</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>

View file

@ -1,46 +0,0 @@
<?xml version="1.0"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Get name="securityHandler">
<Set name="authenticator">
<New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
<!--
<Set name="adapterConfig">
<New class="org.keycloak.representations.adapters.config.AdapterConfig">
<Set name="realm">tomcat</Set>
<Set name="resource">customer-portal</Set>
<Set name="authServerUrl">http://localhost:8081/auth</Set>
<Set name="sslRequired">external</Set>
<Set name="credentials">
<Map>
<Entry>
<Item>secret</Item>
<Item>password</Item>
</Entry>
</Map>
</Set>
<Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
</New>
</Set>
-->
</New>
</Set>
</Get>
</Configure>

View file

@ -1,10 +0,0 @@
{
"realm" : "demo",
"resource" : "secure-portal",
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-server-url" : "http://localhost:8080/auth",
"ssl-required" : "external",
"credentials" : {
"secret": "password"
}
}

View file

@ -1,47 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>adapter-test</module-name>
<servlet>
<servlet-name>Servlet</servlet-name>
<servlet-class>org.keycloak.testsuite.adapter.servlet.CallAuthenticatedServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Servlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>demo</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>

View file

@ -1,46 +0,0 @@
<?xml version="1.0"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Get name="securityHandler">
<Set name="authenticator">
<New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
<!--
<Set name="adapterConfig">
<New class="org.keycloak.representations.adapters.config.AdapterConfig">
<Set name="realm">tomcat</Set>
<Set name="resource">customer-portal</Set>
<Set name="authServerUrl">http://localhost:8081/auth</Set>
<Set name="sslRequired">external</Set>
<Set name="credentials">
<Map>
<Entry>
<Item>secret</Item>
<Item>password</Item>
</Entry>
</Map>
</Set>
<Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
</New>
</Set>
-->
</New>
</Set>
</Get>
</Configure>

View file

@ -1,10 +0,0 @@
{
"realm" : "demo",
"resource" : "session-portal",
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-server-url" : "http://${my.host.name}:8081/auth",
"ssl-required" : "external",
"credentials" : {
"secret": "password"
}
}

View file

@ -1,57 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>adapter-test</module-name>
<servlet>
<servlet-name>Servlet</servlet-name>
<servlet-class>org.keycloak.testsuite.adapter.servlet.SessionServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Servlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Users</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>demo</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>

View file

@ -1,46 +0,0 @@
<?xml version="1.0"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Get name="securityHandler">
<Set name="authenticator">
<New class="org.keycloak.adapters.saml.jetty.KeycloakSamlAuthenticator">
<!--
<Set name="adapterConfig">
<New class="org.keycloak.representations.adapters.config.AdapterConfig">
<Set name="realm">tomcat</Set>
<Set name="resource">customer-portal</Set>
<Set name="authServerUrl">http://localhost:8081/auth</Set>
<Set name="sslRequired">external</Set>
<Set name="credentials">
<Map>
<Entry>
<Item>secret</Item>
<Item>password</Item>
</Entry>
</Map>
</Set>
<Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
</New>
</Set>
-->
</New>
</Set>
</Get>
</Configure>

View file

@ -1,64 +0,0 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
<SP entityID="http://localhost:8082/bad-client-sales-post-sig/"
sslPolicy="EXTERNAL"
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
logoutPage="/logout.jsp"
forceAuthentication="false">
<Keys>
<Key signing="true" >
<KeyStore resource="/WEB-INF/keystore.jks" password="store123">
<PrivateKey alias="http://localhost:8081/bad-client-sales-post-sig/" password="test123"/>
<Certificate alias="http://localhost:8081/bad-client-sales-post-sig/"/>
</KeyStore>
</Key>
</Keys>
<PrincipalNameMapping policy="FROM_NAME_ID"/>
<RoleIdentifiers>
<Attribute name="Role"/>
</RoleIdentifiers>
<IDP entityID="idp">
<SingleSignOnService signRequest="true"
validateResponseSignature="true"
requestBinding="POST"
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
/>
<SingleLogoutService
validateRequestSignature="true"
validateResponseSignature="true"
signRequest="true"
signResponse="true"
requestBinding="POST"
responseBinding="POST"
postBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
redirectBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
/>
<Keys>
<Key signing="true">
<KeyStore resource="/WEB-INF/keystore.jks" password="store123">
<Certificate alias="demo"/>
</KeyStore>
</Key>
</Keys>
</IDP>
</SP>
</keycloak-saml-adapter>

View file

@ -1,60 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>adapter-test</module-name>
<servlet>
<servlet-name>SendUsernameServlet</servlet-name>
<servlet-class>org.keycloak.testsuite.helper.adapter.SendUsernameServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>SendUsernameServlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Users</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>demo</realm-name>
<form-login-config>
<form-login-page>/error.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>manager</role-name>
</security-role>
<security-role>
<role-name>el-jefe</role-name>
</security-role>
</web-app>

View file

@ -1,46 +0,0 @@
<?xml version="1.0"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Get name="securityHandler">
<Set name="authenticator">
<New class="org.keycloak.adapters.saml.jetty.KeycloakSamlAuthenticator">
<!--
<Set name="adapterConfig">
<New class="org.keycloak.representations.adapters.config.AdapterConfig">
<Set name="realm">tomcat</Set>
<Set name="resource">customer-portal</Set>
<Set name="authServerUrl">http://localhost:8081/auth</Set>
<Set name="sslRequired">external</Set>
<Set name="credentials">
<Map>
<Entry>
<Item>secret</Item>
<Item>password</Item>
</Entry>
</Map>
</Set>
<Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
</New>
</Set>
-->
</New>
</Set>
</Get>
</Configure>

View file

@ -1,64 +0,0 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
<SP entityID="http://localhost:8082/bad-realm-sales-post-sig/"
sslPolicy="EXTERNAL"
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
logoutPage="/logout.jsp"
forceAuthentication="false">
<Keys>
<Key signing="true" >
<KeyStore resource="/WEB-INF/keystore.jks" password="store123">
<PrivateKey alias="http://localhost:8081/bad-realm-sales-post-sig/" password="test123"/>
<Certificate alias="http://localhost:8081/bad-realm-sales-post-sig/"/>
</KeyStore>
</Key>
</Keys>
<PrincipalNameMapping policy="FROM_NAME_ID"/>
<RoleIdentifiers>
<Attribute name="Role"/>
</RoleIdentifiers>
<IDP entityID="idp">
<SingleSignOnService signRequest="true"
validateResponseSignature="true"
requestBinding="POST"
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
/>
<SingleLogoutService
validateRequestSignature="true"
validateResponseSignature="true"
signRequest="true"
signResponse="true"
requestBinding="POST"
responseBinding="POST"
postBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
redirectBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
/>
<Keys>
<Key signing="true">
<KeyStore resource="/WEB-INF/keystore.jks" password="store123">
<Certificate alias="demo"/>
</KeyStore>
</Key>
</Keys>
</IDP>
</SP>
</keycloak-saml-adapter>

Some files were not shown because too many files have changed in this diff Show more