Merge pull request #2635 from ssilvert/migrate-oauth-client-2

KEYCLOAK-2743: Port OAuthClient to new testsuite
This commit is contained in:
Stian Thorgersen 2016-04-15 08:41:46 +02:00
commit 44c3a56a21
41 changed files with 1306 additions and 99 deletions

View file

@ -44,6 +44,11 @@ public class AssertEventsServletFilter implements Filter {
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) servletRequest;
if ("/clear-event-queue".equals(req.getRequestURI().substring(req.getContextPath().length()))) {
EventsListenerProvider.getInstance().clear();
return;
}
if ("/event-queue".equals(req.getRequestURI().substring(req.getContextPath().length()))) {
BlockingQueue<Event> events = EventsListenerProvider.getInstance();
HttpServletResponse resp = (HttpServletResponse) servletResponse;

View file

@ -69,6 +69,7 @@ public class EventsServer {
FilterInfo filter = Servlets.filter("EventsFilter", AssertEventsServletFilter.class);
di.addFilter(filter);
di.addFilterUrlMapping("EventsFilter", "/event-queue", DispatcherType.REQUEST);
di.addFilterUrlMapping("EventsFilter", "/clear-event-queue", DispatcherType.REQUEST);
DeploymentManager manager = container.addDeployment(di);
manager.deploy();

View file

@ -0,0 +1,74 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.rest;
import org.keycloak.models.KeycloakSession;
import org.keycloak.services.resource.RealmResourceProvider;
import org.keycloak.services.resources.RealmsResource;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.UriBuilder;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
* @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
*/
public class TestApplicationResourceProvider implements RealmResourceProvider {
private KeycloakSession session;
public TestApplicationResourceProvider(KeycloakSession session) {
this.session = session;
}
@GET
@Produces(MediaType.TEXT_HTML)
@Path("/{action}")
public String get(@PathParam("action") String action) {
//String requestUri = session.getContext().getUri().getRequestUri().toString();
String title = "APP_REQUEST";
if (action.equals("auth")) {
title = "AUTH_RESPONSE";
} else if (action.equals("logout")) {
title = "LOGOUT_REQUEST";
}
StringBuilder sb = new StringBuilder();
sb.append("<html><head><title>" + title + "</title></head><body>");
UriBuilder base = UriBuilder.fromUri("http://localhost:8180/auth");
sb.append("<a href=\"" + RealmsResource.accountUrl(base).build("test").toString() + "\" id=\"account\">account</a>");
sb.append("</body></html>");
return sb.toString();
}
@Override
public Object getResource() {
return this;
}
@Override
public void close() {
}
}

View file

@ -0,0 +1,53 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.rest;
import org.keycloak.Config.Scope;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.services.resource.RealmResourceProvider;
import org.keycloak.services.resource.RealmResourceProviderFactory;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class TestApplicationResourceProviderFactory implements RealmResourceProviderFactory {
@Override
public RealmResourceProvider create(KeycloakSession session) {
return new TestApplicationResourceProvider(session);
}
@Override
public void init(Scope config) {
}
@Override
public void postInit(KeycloakSessionFactory factory) {
}
@Override
public void close() {
}
@Override
public String getId() {
return "app";
}
}

View file

@ -16,3 +16,4 @@
#
org.keycloak.testsuite.rest.TimeOffsetResourceProviderFactory
org.keycloak.testsuite.rest.TestApplicationResourceProviderFactory

View file

@ -21,7 +21,7 @@ import org.jboss.arquillian.core.api.Instance;
import org.jboss.arquillian.core.api.annotation.Inject;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.jboss.arquillian.test.spi.enricher.resource.ResourceProvider;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.DeleteMeOAuthClient;
import java.lang.annotation.Annotation;
@ -31,11 +31,11 @@ import java.lang.annotation.Annotation;
public class OAuthClientProvider implements ResourceProvider {
@Inject
Instance<OAuthClient> oauthClient;
Instance<DeleteMeOAuthClient> oauthClient;
@Override
public boolean canProvide(Class<?> type) {
return OAuthClient.class.isAssignableFrom(type);
return DeleteMeOAuthClient.class.isAssignableFrom(type);
}
@Override

View file

@ -40,11 +40,11 @@ import java.util.List;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class OAuthClient {
public class DeleteMeOAuthClient {
private String baseUrl;
public OAuthClient(String baseUrl) {
public DeleteMeOAuthClient(String baseUrl) {
this.baseUrl = baseUrl;
}

View file

@ -60,19 +60,23 @@ import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
import org.keycloak.testsuite.arquillian.SuiteContext;
import org.keycloak.testsuite.auth.page.WelcomePage;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.DeleteMeOAuthClient;
import org.keycloak.util.JsonSerialization;
import org.openqa.selenium.WebDriver;
import org.keycloak.testsuite.auth.page.AuthServer;
import org.keycloak.testsuite.auth.page.AuthServerContextRoot;
import org.keycloak.testsuite.auth.page.AuthRealm;
import static org.keycloak.testsuite.auth.page.AuthRealm.ADMIN;
import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER;
import org.keycloak.testsuite.auth.page.account.Account;
import org.keycloak.testsuite.auth.page.login.OIDCLogin;
import org.keycloak.testsuite.auth.page.login.UpdatePassword;
import org.keycloak.testsuite.util.WaitUtils;
import static org.keycloak.testsuite.admin.Users.setPasswordFor;
import org.keycloak.testsuite.util.TestEventsLogger;
/**
@ -93,7 +97,7 @@ public abstract class AbstractKeycloakTest {
protected Keycloak adminClient;
protected OAuthClient oauthClient;
protected DeleteMeOAuthClient oauthClient;
protected List<RealmRepresentation> testRealmReps;
@ -128,7 +132,7 @@ public abstract class AbstractKeycloakTest {
public void beforeAbstractKeycloakTest() {
adminClient = Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth",
MASTER, ADMIN, ADMIN, Constants.ADMIN_CLI_CLIENT_ID);
oauthClient = new OAuthClient(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth");
oauthClient = new DeleteMeOAuthClient(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth");
adminUser = createAdminUserRepresentation();
@ -155,7 +159,7 @@ public abstract class AbstractKeycloakTest {
}
// removeTestRealms(); // keeping test realms after test to be able to inspect failures, instead deleting existing realms before import
// keycloak.close(); // keeping admin connection open
// adminClient.close(); // keeping admin connection open
}
private void updateMasterAdminPassword() {

View file

@ -57,7 +57,7 @@ public class AssertEvents {
static final String DEFAULT_REALM = "test";
static final String DEFAULT_USERNAME = "test-user@localhost";
String defaultRedirectUri = "http://localhost:8081/app/auth";
String defaultRedirectUri = "http://localhost:8180/auth/realms/master/app/auth";
String defaultEventsQueueUri = "http://localhost:8092";
private RealmResource realmResource;
@ -96,7 +96,23 @@ public class AssertEvents {
}
public void clear() {
realmResource.clearEvents();
CloseableHttpClient httpclient = HttpClients.createDefault();
try {
HttpPost post = new HttpPost(defaultEventsQueueUri + "/clear-event-queue");
CloseableHttpResponse response = httpclient.execute(post);
if (response.getStatusLine().getStatusCode() != 200) {
throw new RuntimeException("Failed to clear events from " + post.getURI() + ": " + response.getStatusLine().toString());
}
} catch (Exception e) {
throw new RuntimeException(e);
}
finally {
try {
httpclient.close();
} catch (IOException e) {
throw new RuntimeException(e);
}
}
}
public ExpectedEvent expectRequiredAction(EventType event) {

View file

@ -0,0 +1,66 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.testsuite;
import org.keycloak.testsuite.util.OAuthClient;
import java.util.List;
import org.junit.Before;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson;
/**
* This class provides loading of the testRealm called "test". It also
* provides an OAuthClient for the testRealm.
*
* @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
*/
public abstract class TestRealmKeycloakTest extends AbstractKeycloakTest {
protected OAuthClient oauth;
protected ClientRepresentation findTestApp(RealmRepresentation testRealm) {
for (ClientRepresentation client : testRealm.getClients()) {
if (client.getClientId().equals("test-app")) return client;
}
return null;
}
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
RealmRepresentation testRealm = loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class);
oauth = new OAuthClient(driver, testRealm.getPublicKey());
testRealms.add(testRealm);
configureTestRealm(testRealm);
}
/**
* This allows a subclass to change the configuration of the testRealm before
* it is imported. This method will be called prior to any @Before methods
* in the subclass.
*
* @param testRealm The realm read from /testrealm.json.
*/
public abstract void configureTestRealm(RealmRepresentation testRealm);
}

View file

@ -0,0 +1,132 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.testsuite.admin;
import java.io.IOException;
import java.io.InputStream;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.junit.After;
import org.junit.Before;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.TestRealmKeycloakTest;
import org.keycloak.util.JsonSerialization;
import static org.junit.Assert.assertArrayEquals;
/**
* This class adapts the functionality from the old testsuite to make tests
* easier to port.
*
* @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
*/
public abstract class AbstractAdminTest extends TestRealmKeycloakTest {
protected static final String REALM_NAME = "admin-client-test";
protected RealmResource realm;
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
findTestApp(testRealm).setDirectAccessGrantsEnabled(true);
}
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
super.addTestRealms(testRealms);
RealmRepresentation adminRealmRep = new RealmRepresentation();
adminRealmRep.setRealm(REALM_NAME);
adminRealmRep.setEnabled(true);
Map<String, String> config = new HashMap<>();
config.put("from", "auto@keycloak.org");
config.put("host", "localhost");
config.put("port", "3025");
adminRealmRep.setSmtpServer(config);
testRealms.add(adminRealmRep);
}
@Before
public void setRealm() {
realm = adminClient.realm(REALM_NAME);
}
// old testsuite expects this realm to be removed at the end of the test
// not sure if it really matters
@After
public void after() {
for (RealmRepresentation r : adminClient.realms().findAll()) {
if (r.getRealm().equals(REALM_NAME)) {
removeRealm(r);
}
}
}
// Taken from Keycloak class in old testsuite.
// So, code in old testsuite calling this looks like Keycloak.loadJson(.....)
public static <T> T loadJson(InputStream is, Class<T> type) {
try {
return JsonSerialization.readValue(is, type);
} catch (IOException e) {
throw new RuntimeException("Failed to parse json", e);
}
}
public static <T> void assertNames(List<T> actual, String... expected) {
Arrays.sort(expected);
String[] actualNames = names(actual);
assertArrayEquals("Expected: " + Arrays.toString(expected) + ", was: " + Arrays.toString(actualNames), expected, actualNames);
}
public static <T> List<T> sort(List<T> list) {
Collections.sort(list, new Comparator<Object>() {
@Override
public int compare(Object o1, Object o2) {
return name(o1).compareTo(name(o2));
}
});
return list;
}
public static <T> String[] names(List<T> list) {
String[] names = new String[list.size()];
for (int i = 0; i < list.size(); i++) {
names[i] = name(list.get(i));
}
Arrays.sort(names);
return names;
}
public static String name(Object o1) {
if (o1 instanceof RealmRepresentation) {
return ((RealmRepresentation) o1).getRealm();
} else if (o1 instanceof ClientRepresentation) {
return ((ClientRepresentation) o1).getClientId();
} else if (o1 instanceof IdentityProviderRepresentation) {
return ((IdentityProviderRepresentation) o1).getAlias();
}
throw new IllegalArgumentException();
}
}

View file

@ -0,0 +1,157 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.admin;
import org.jboss.logging.Logger;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import javax.ws.rs.core.Response;
import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.core.Response.StatusType;
import static org.keycloak.representations.idm.CredentialRepresentation.PASSWORD;
import org.keycloak.representations.idm.GroupRepresentation;
/**
* @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
*/
public class ApiUtil {
private static final Logger log = Logger.getLogger(ApiUtil.class);
public static String getCreatedId(Response response) {
URI location = response.getLocation();
if (!response.getStatusInfo().equals(Status.CREATED)) {
StatusType statusInfo = response.getStatusInfo();
throw new RuntimeException("Create method returned status " +
statusInfo.getReasonPhrase() + " (Code: " + statusInfo.getStatusCode() + "); expected status: Created (201)");
}
if (location == null) {
return null;
}
String path = location.getPath();
return path.substring(path.lastIndexOf('/') + 1);
}
public static ClientResource findClientResourceByClientId(RealmResource realm, String clientId) {
for (ClientRepresentation c : realm.clients().findAll()) {
if (c.getClientId().equals(clientId)) {
return realm.clients().get(c.getId());
}
}
return null;
}
public static ClientResource findClientResourceByName(RealmResource realm, String name) {
for (ClientRepresentation c : realm.clients().findAll()) {
if (c.getName().equals(name)) {
return realm.clients().get(c.getId());
}
}
return null;
}
public static ClientResource findClientByClientId(RealmResource realm, String clientId) {
for (ClientRepresentation c : realm.clients().findAll()) {
if (c.getClientId().equals(clientId)) {
return realm.clients().get(c.getId());
}
}
return null;
}
public static UserRepresentation findUserByUsername(RealmResource realm, String username) {
UserRepresentation user = null;
List<UserRepresentation> ur = realm.users().search(username, null, null);
if (ur.size() == 1) {
user = ur.get(0);
}
return user;
}
public static String createUserWithAdminClient(RealmResource realm, UserRepresentation user) {
Response response = realm.users().create(user);
String createdId = getCreatedId(response);
response.close();
return createdId;
}
public static String createUserAndResetPasswordWithAdminClient(RealmResource realm, UserRepresentation user, String password) {
String id = createUserWithAdminClient(realm, user);
resetUserPassword(realm.users().get(id), password, false);
return id;
}
public static void resetUserPassword(UserResource userResource, String newPassword, boolean temporary) {
CredentialRepresentation newCredential = new CredentialRepresentation();
newCredential.setType(PASSWORD);
newCredential.setValue(newPassword);
newCredential.setTemporary(temporary);
userResource.resetPassword(newCredential);
}
public static void assignClientRoles(RealmResource realm, String userId, String clientName, String... roles) {
String realmName = realm.toRepresentation().getRealm();
String clientId = "";
for (ClientRepresentation clientRepresentation : realm.clients().findAll()) {
if (clientRepresentation.getClientId().equals(clientName)) {
clientId = clientRepresentation.getId();
}
}
if (!clientId.isEmpty()) {
ClientResource clientResource = realm.clients().get(clientId);
List<RoleRepresentation> roleRepresentations = new ArrayList<>();
for (String roleName : roles) {
RoleRepresentation role = clientResource.roles().get(roleName).toRepresentation();
roleRepresentations.add(role);
}
UserResource userResource = realm.users().get(userId);
log.debug("assigning roles: " + Arrays.toString(roles) + " to user: \""
+ userResource.toRepresentation().getUsername() + "\" of client: \""
+ clientName + "\" in realm: \"" + realmName + "\"");
userResource.roles().clientLevel(clientId).add(roleRepresentations);
} else {
log.warn("client with name " + clientName + "doesn't exist in realm " + realmName);
}
}
public static boolean groupContainsSubgroup(GroupRepresentation group, GroupRepresentation subgroup) {
boolean contains = false;
for (GroupRepresentation sg : group.getSubGroups()) {
if (subgroup.getId().equals(sg.getId())) {
contains = true;
break;
}
}
return contains;
}
}

View file

@ -18,17 +18,12 @@
package org.keycloak.testsuite.admin;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.ProtocolMappersResource;
import org.keycloak.models.Constants;
import org.keycloak.protocol.oidc.OIDCLoginProtocolFactory;
import org.keycloak.representations.idm.*;
import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule;
import org.openqa.selenium.WebDriver;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.Response;
@ -36,6 +31,7 @@ import javax.ws.rs.core.Response;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.keycloak.testsuite.util.OAuthClient;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@ -47,16 +43,7 @@ import static org.junit.Assert.fail;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class ClientTest extends AbstractClientTest {
@Rule
public WebRule webRule = new WebRule(this);
@WebResource
protected WebDriver driver;
@WebResource
protected OAuthClient oauth;
public class ClientTest extends AbstractAdminTest {
@Test
public void getClients() {
@ -122,7 +109,7 @@ public class ClientTest extends AbstractClientTest {
OAuthClient.AccessTokenResponse response2 = oauth.doAccessTokenRequest(codeResponse.getCode(), "password");
assertEquals(200, response2.getStatusCode());
ClientResource app = ApiUtil.findClientByClientId(keycloak.realm("test"), "test-app");
ClientResource app = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app");
assertEquals(2, (long) app.getApplicationSessionCount().get("count"));

View file

@ -15,7 +15,7 @@
* limitations under the License.
*/
package org.keycloak.testsuite.admin.authentication;
package org.keycloak.testsuite.endpoint.authentication;
import org.junit.Assert;
import org.junit.Before;

View file

@ -15,7 +15,7 @@
* limitations under the License.
*/
package org.keycloak.testsuite.admin.authentication;
package org.keycloak.testsuite.endpoint.authentication;
import org.junit.Assert;
import org.junit.Test;

View file

@ -15,7 +15,7 @@
* limitations under the License.
*/
package org.keycloak.testsuite.admin.authentication;
package org.keycloak.testsuite.endpoint.authentication;
import org.junit.Assert;
import org.junit.Test;

View file

@ -15,7 +15,7 @@
* limitations under the License.
*/
package org.keycloak.testsuite.admin.authentication;
package org.keycloak.testsuite.endpoint.authentication;
import org.junit.Assert;
import org.junit.Test;

View file

@ -15,7 +15,7 @@
* limitations under the License.
*/
package org.keycloak.testsuite.admin.authentication;
package org.keycloak.testsuite.endpoint.authentication;
import org.junit.Assert;
import org.junit.Test;

View file

@ -15,7 +15,7 @@
* limitations under the License.
*/
package org.keycloak.testsuite.admin.authentication;
package org.keycloak.testsuite.endpoint.authentication;
import org.junit.Assert;
import org.junit.Test;

View file

@ -15,7 +15,7 @@
* limitations under the License.
*/
package org.keycloak.testsuite.admin.authentication;
package org.keycloak.testsuite.endpoint.authentication;
import org.junit.Assert;
import org.junit.Test;

View file

@ -15,7 +15,7 @@
* the License.
*/
package org.keycloak.testsuite.admin.client;
package org.keycloak.testsuite.endpoint.client;
import java.util.List;
import javax.ws.rs.core.Response;

View file

@ -15,7 +15,7 @@
* the License.
*/
package org.keycloak.testsuite.admin.client;
package org.keycloak.testsuite.endpoint.client;
import java.util.ArrayList;
import java.util.HashMap;

View file

@ -15,7 +15,7 @@
* the License.
*/
package org.keycloak.testsuite.admin.client;
package org.keycloak.testsuite.endpoint.client;
import org.junit.After;
import org.junit.Before;

View file

@ -15,7 +15,7 @@
* limitations under the License.
*/
package org.keycloak.testsuite.admin.client;
package org.keycloak.testsuite.endpoint.client;
import java.util.Collections;
import java.util.List;

View file

@ -15,7 +15,7 @@
* the License.
*/
package org.keycloak.testsuite.admin.client;
package org.keycloak.testsuite.endpoint.client;
import java.util.List;
import org.junit.Test;

View file

@ -15,7 +15,7 @@
* the License.
*/
package org.keycloak.testsuite.admin.client;
package org.keycloak.testsuite.endpoint.client;
import org.junit.Before;
import org.junit.Test;

View file

@ -15,7 +15,7 @@
* the License.
*/
package org.keycloak.testsuite.admin.client;
package org.keycloak.testsuite.endpoint.client;
import org.junit.After;
import org.junit.Before;

View file

@ -15,7 +15,7 @@
* the License.
*/
package org.keycloak.testsuite.admin.client;
package org.keycloak.testsuite.endpoint.client;
import java.util.List;
import org.jboss.arquillian.graphene.page.Page;

View file

@ -15,7 +15,7 @@
* the License.
*/
package org.keycloak.testsuite.admin.event;
package org.keycloak.testsuite.endpoint.event;
import java.util.Collections;
import org.junit.Before;

View file

@ -15,7 +15,7 @@
* the License.
*/
package org.keycloak.testsuite.admin.event;
package org.keycloak.testsuite.endpoint.event;
import java.util.Arrays;
import java.util.Collections;

View file

@ -15,7 +15,7 @@
* the License.
*/
package org.keycloak.testsuite.admin.event;
package org.keycloak.testsuite.endpoint.event;
import java.util.Arrays;
import java.util.Collections;

View file

@ -15,7 +15,7 @@
* the License.
*/
package org.keycloak.testsuite.admin.event;
package org.keycloak.testsuite.endpoint.event;
import java.util.Arrays;
import java.util.List;

View file

@ -15,7 +15,7 @@
* limitations under the License.
*/
package org.keycloak.testsuite.admin.group;
package org.keycloak.testsuite.endpoint.group;
import org.junit.Before;
import org.keycloak.OAuth2Constants;
@ -45,6 +45,7 @@ public abstract class AbstractGroupTest extends AbstractKeycloakTest {
@Before
public void initAssertEvents() throws Exception {
events = new AssertEvents(this);
events.clear();
}
AccessToken login(String login, String clientId, String clientSecret, String userId) throws Exception {

View file

@ -15,7 +15,7 @@
* limitations under the License.
*/
package org.keycloak.testsuite.admin.group;
package org.keycloak.testsuite.endpoint.group;
import org.junit.Assert;
import org.junit.Test;

View file

@ -15,7 +15,7 @@
* limitations under the License.
*/
package org.keycloak.testsuite.admin.group;
package org.keycloak.testsuite.endpoint.group;
import org.junit.Assert;
import org.junit.Test;

View file

@ -14,7 +14,7 @@
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.testsuite.admin.partialimport;
package org.keycloak.testsuite.endpoint.partialimport;
import java.util.ArrayList;
import java.util.Arrays;

View file

@ -41,7 +41,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
/**
* Test importing JSON files exported from previous keycloak versions
* Test importing JSON files exported from previous adminClient versions
*
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/

View file

@ -18,49 +18,47 @@ package org.keycloak.testsuite.oauth;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.junit.ClassRule;
import org.junit.Rule;
import java.util.ArrayList;
import java.util.List;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.common.util.Time;
import org.keycloak.events.Event;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.testsuite.util.KeycloakModelUtils;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.oidc.TokenMetadataRepresentation;
import org.keycloak.services.managers.ClientManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.OAuthClient.AccessTokenResponse;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.rule.KeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule;
import org.keycloak.testsuite.TestRealmKeycloakTest;
import org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse;
//import org.adminClient.testsuite.pages.LoginPage;
//import org.adminClient.testsuite.rule.KeycloakRule;
//import org.adminClient.testsuite.rule.WebResource;
//import org.adminClient.testsuite.rule.WebRule;
import org.keycloak.util.JsonSerialization;
import org.openqa.selenium.WebDriver;
import static org.junit.Assert.*;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
* @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
*/
public class TokenIntrospectionTest {
public class TokenIntrospectionTest extends TestRealmKeycloakTest {
protected static Keycloak keycloak;
private AssertEvents events;
@ClassRule
/* @ClassRule >>> now implemented in configureTestRealm()
public static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() {
@Override
vvv "test" realm
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
vvv Done in TestRealmKeycloakTest vvv
appRealm.getClientByClientId("test-app").setDirectAccessGrantsEnabled(true);
ClientModel confApp = KeycloakModelUtils.createClient(appRealm, "confidential-cli");
confApp.setSecret("secret1");
new ClientManager(manager).enableServiceAccount(confApp);
@ -74,25 +72,39 @@ public class TokenIntrospectionTest {
user.grantRole(role);
}
keycloak = Keycloak.getInstance("http://localhost:8081/auth", "master", "admin", "admin", Constants.ADMIN_CLI_CLIENT_ID);
adminClient = Keycloak.getInstance("http://localhost:8081/auth", "master", "admin", "admin", Constants.ADMIN_CLI_CLIENT_ID);
}
});
}); */
@Rule
public WebRule webRule = new WebRule(this);
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
ClientRepresentation confApp = KeycloakModelUtils.createClient(testRealm, "confidential-cli");
confApp.setSecret("secret1");
confApp.setServiceAccountsEnabled(Boolean.TRUE);
@WebResource
protected WebDriver driver;
ClientRepresentation pubApp = KeycloakModelUtils.createClient(testRealm, "public-cli");
pubApp.setPublicClient(Boolean.TRUE);
@WebResource
protected OAuthClient oauth;
UserRepresentation user = new UserRepresentation();
user.setUsername("no-permissions");
CredentialRepresentation credential = new CredentialRepresentation();
credential.setType("password");
credential.setValue("password");
List<CredentialRepresentation> creds = new ArrayList<>();
creds.add(credential);
user.setCredentials(creds);
user.setEnabled(Boolean.TRUE);
List<String> realmRoles = new ArrayList<>();
realmRoles.add("user");
user.setRealmRoles(realmRoles);
testRealm.getUsers().add(user);
}
@WebResource
protected LoginPage loginPage;
@Rule
public AssertEvents events = new AssertEvents(keycloakRule);
@Before
public void setUpAssertEvents() throws Exception {
events = new AssertEvents(this);
}
@Test
public void testConfidentialClientCredentialsBasicAuthentication() throws Exception {
@ -146,7 +158,7 @@ public class TokenIntrospectionTest {
public void testIntrospectRefreshToken() throws Exception {
oauth.doLogin("test-user@localhost", "password");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
Event loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = events.expectLogin().assertEvent();
String sessionId = loginEvent.getSessionId();
AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(code, "password");
String tokenResponse = oauth.introspectAccessTokenWithClientCredential("confidential-cli", "secret1", accessTokenResponse.getAccessToken());
@ -215,7 +227,7 @@ public class TokenIntrospectionTest {
public void testIntrospectAccessToken() throws Exception {
oauth.doLogin("test-user@localhost", "password");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
Event loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = events.expectLogin().assertEvent();
AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(code, "password");
String tokenResponse = oauth.introspectAccessTokenWithClientCredential("confidential-cli", "secret1", accessTokenResponse.getAccessToken());
TokenMetadataRepresentation rep = JsonSerialization.readValue(tokenResponse, TokenMetadataRepresentation.class);
@ -252,12 +264,12 @@ public class TokenIntrospectionTest {
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(code, "password");
Event loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = events.expectLogin().assertEvent();
UserRepresentation userRep = new UserRepresentation();
try {
userRep.setEnabled(false);
keycloak.realm(oauth.getRealm()).users().get(loginEvent.getUserId()).update(userRep);
adminClient.realm(oauth.getRealm()).users().get(loginEvent.getUserId()).update(userRep);
String tokenResponse = oauth.introspectAccessTokenWithClientCredential("confidential-cli", "secret1", accessTokenResponse.getAccessToken());
TokenMetadataRepresentation rep = JsonSerialization.readValue(tokenResponse, TokenMetadataRepresentation.class);
@ -270,7 +282,7 @@ public class TokenIntrospectionTest {
events.clear();
} finally {
userRep.setEnabled(true);
keycloak.realm(oauth.getRealm()).users().get(loginEvent.getUserId()).update(userRep);
adminClient.realm(oauth.getRealm()).users().get(loginEvent.getUserId()).update(userRep);
}
}
@ -281,7 +293,7 @@ public class TokenIntrospectionTest {
AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(code, "password");
try {
Time.setOffset(keycloak.realm(oauth.getRealm()).toRepresentation().getAccessTokenLifespan() + 1);
Time.setOffset(adminClient.realm(oauth.getRealm()).toRepresentation().getAccessTokenLifespan() + 1);
String tokenResponse = oauth.introspectAccessTokenWithClientCredential("confidential-cli", "secret1", accessTokenResponse.getAccessToken());
TokenMetadataRepresentation rep = JsonSerialization.readValue(tokenResponse, TokenMetadataRepresentation.class);

View file

@ -0,0 +1,53 @@
/*
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
* as indicated by the @author tags. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package org.keycloak.testsuite.util;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import static org.keycloak.models.utils.KeycloakModelUtils.getDefaultClientAuthenticatorType;
/**
* This is a client-side version of KeycloakModelUtils that uses the adminClient to
* manipulate the model.
*
* @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
*/
public class KeycloakModelUtils {
public static ClientRepresentation createClient(RealmRepresentation realm, String name) {
ClientRepresentation app = new ClientRepresentation();
app.setName(name);
app.setClientId(name);
realm.getClients().add(app);
app.setClientAuthenticatorType(getDefaultClientAuthenticatorType());
generateSecret(app);
app.setFullScopeAllowed(true);
return app;
}
public static CredentialRepresentation generateSecret(ClientRepresentation client) {
UserCredentialModel secret = UserCredentialModel.generateSecret();
client.setSecret(secret.getValue());
return ModelToRepresentation.toRepresentation(secret);
}
}

View file

@ -0,0 +1,645 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.util;
import org.apache.commons.io.IOUtils;
import org.apache.commons.io.output.ByteArrayOutputStream;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.junit.Assert;
import org.keycloak.OAuth2Constants;
import org.keycloak.RSATokenVerifier;
import org.keycloak.common.VerificationException;
import org.keycloak.common.util.PemUtils;
import org.keycloak.constants.AdapterConstants;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.crypto.RSAProvider;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.RefreshToken;
import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
import org.keycloak.util.BasicAuthHelper;
import org.keycloak.util.JsonSerialization;
import org.openqa.selenium.By;
import org.openqa.selenium.WebDriver;
import javax.ws.rs.core.UriBuilder;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.PublicKey;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
* @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
*/
public class OAuthClient {
public static final String SERVER_ROOT = AuthServerTestEnricher.getAuthServerContextRoot();
public static final String AUTH_SERVER_ROOT = SERVER_ROOT + "/auth";
public static final String APP_ROOT = AUTH_SERVER_ROOT + "/realms/master/app";
private WebDriver driver;
private String baseUrl = AUTH_SERVER_ROOT;
private String realm = "test";
private String clientId = "test-app";
private String redirectUri = APP_ROOT + "/auth";
private String state = "mystate";
private String scope;
private String uiLocales = null;
private PublicKey realmPublicKey;
private String clientSessionState;
private String clientSessionHost;
public OAuthClient(WebDriver driver, String publicKey) {
this.driver = driver;
try {
realmPublicKey = PemUtils.decodePublicKey(publicKey);
} catch (Exception e) {
throw new RuntimeException("Failed to retrieve realm public key", e);
}
}
public AuthorizationCodeResponse doLogin(String username, String password) {
openLoginForm();
String src = driver.getPageSource();
driver.findElement(By.id("username")).sendKeys(username);
driver.findElement(By.id("password")).sendKeys(password);
driver.findElement(By.name("login")).click();
return new AuthorizationCodeResponse(this);
}
public void doLoginGrant(String username, String password) {
openLoginForm();
driver.findElement(By.id("username")).sendKeys(username);
driver.findElement(By.id("password")).sendKeys(password);
driver.findElement(By.name("login")).click();
}
public AccessTokenResponse doAccessTokenRequest(String code, String password) {
CloseableHttpClient client = new DefaultHttpClient();
try {
HttpPost post = new HttpPost(getAccessTokenUrl());
List<NameValuePair> parameters = new LinkedList<NameValuePair>();
parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.AUTHORIZATION_CODE));
if (code != null) {
parameters.add(new BasicNameValuePair(OAuth2Constants.CODE, code));
}
if (redirectUri != null) {
parameters.add(new BasicNameValuePair(OAuth2Constants.REDIRECT_URI, redirectUri));
}
if (clientId != null && password != null) {
String authorization = BasicAuthHelper.createHeader(clientId, password);
post.setHeader("Authorization", authorization);
} else if (clientId != null) {
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, clientId));
}
if (clientSessionState != null) {
parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_STATE, clientSessionState));
}
if (clientSessionHost != null) {
parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_HOST, clientSessionHost));
}
UrlEncodedFormEntity formEntity = null;
try {
formEntity = new UrlEncodedFormEntity(parameters, "UTF-8");
} catch (UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
post.setEntity(formEntity);
try {
return new AccessTokenResponse(client.execute(post));
} catch (Exception e) {
throw new RuntimeException("Failed to retrieve access token", e);
}
} finally {
closeClient(client);
}
}
public String introspectAccessTokenWithClientCredential(String clientId, String clientSecret, String tokenToIntrospect) {
return introspectTokenWithClientCredential(clientId, clientSecret, "access_token", tokenToIntrospect);
}
public String introspectRefreshTokenWithClientCredential(String clientId, String clientSecret, String tokenToIntrospect) {
return introspectTokenWithClientCredential(clientId, clientSecret, "refresh_token", tokenToIntrospect);
}
public String introspectTokenWithClientCredential(String clientId, String clientSecret, String tokenType, String tokenToIntrospect) {
CloseableHttpClient client = new DefaultHttpClient();
try {
HttpPost post = new HttpPost(getTokenIntrospectionUrl());
String authorization = BasicAuthHelper.createHeader(clientId, clientSecret);
post.setHeader("Authorization", authorization);
List<NameValuePair> parameters = new LinkedList<>();
parameters.add(new BasicNameValuePair("token", tokenToIntrospect));
parameters.add(new BasicNameValuePair("token_type_hint", tokenType));
UrlEncodedFormEntity formEntity;
try {
formEntity = new UrlEncodedFormEntity(parameters, "UTF-8");
} catch (UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
post.setEntity(formEntity);
try {
ByteArrayOutputStream out = new ByteArrayOutputStream();
client.execute(post).getEntity().writeTo(out);
return new String(out.toByteArray());
} catch (Exception e) {
throw new RuntimeException("Failed to retrieve access token", e);
}
} finally {
closeClient(client);
}
}
public AccessTokenResponse doGrantAccessTokenRequest(String clientSecret, String username, String password) throws Exception {
return doGrantAccessTokenRequest(realm, username, password, null, clientId, clientSecret);
}
public AccessTokenResponse doGrantAccessTokenRequest(String clientSecret, String username, String password, String otp) throws Exception {
return doGrantAccessTokenRequest(realm, username, password, otp, clientId, clientSecret);
}
public AccessTokenResponse doGrantAccessTokenRequest(String realm, String username, String password, String totp,
String clientId, String clientSecret) throws Exception {
CloseableHttpClient client = new DefaultHttpClient();
try {
HttpPost post = new HttpPost(getResourceOwnerPasswordCredentialGrantUrl(realm));
List<NameValuePair> parameters = new LinkedList<NameValuePair>();
parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.PASSWORD));
parameters.add(new BasicNameValuePair("username", username));
parameters.add(new BasicNameValuePair("password", password));
if (totp != null) {
parameters.add(new BasicNameValuePair("totp", totp));
}
if (clientSecret != null) {
String authorization = BasicAuthHelper.createHeader(clientId, clientSecret);
post.setHeader("Authorization", authorization);
} else {
parameters.add(new BasicNameValuePair("client_id", clientId));
}
if (clientSessionState != null) {
parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_STATE, clientSessionState));
}
if (clientSessionHost != null) {
parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_HOST, clientSessionHost));
}
if (scope != null) {
parameters.add(new BasicNameValuePair(OAuth2Constants.SCOPE, scope));
}
UrlEncodedFormEntity formEntity;
try {
formEntity = new UrlEncodedFormEntity(parameters, "UTF-8");
} catch (UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
post.setEntity(formEntity);
return new AccessTokenResponse(client.execute(post));
} finally {
closeClient(client);
}
}
public AccessTokenResponse doClientCredentialsGrantAccessTokenRequest(String clientSecret) throws Exception {
CloseableHttpClient client = new DefaultHttpClient();
try {
HttpPost post = new HttpPost(getServiceAccountUrl());
String authorization = BasicAuthHelper.createHeader(clientId, clientSecret);
post.setHeader("Authorization", authorization);
List<NameValuePair> parameters = new LinkedList<NameValuePair>();
parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.CLIENT_CREDENTIALS));
if (scope != null) {
parameters.add(new BasicNameValuePair(OAuth2Constants.SCOPE, scope));
}
UrlEncodedFormEntity formEntity;
try {
formEntity = new UrlEncodedFormEntity(parameters, "UTF-8");
} catch (UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
post.setEntity(formEntity);
return new AccessTokenResponse(client.execute(post));
} finally {
closeClient(client);
}
}
public HttpResponse doLogout(String refreshToken, String clientSecret) throws IOException {
CloseableHttpClient client = new DefaultHttpClient();
try {
HttpPost post = new HttpPost(getLogoutUrl(null, null));
List<NameValuePair> parameters = new LinkedList<NameValuePair>();
if (refreshToken != null) {
parameters.add(new BasicNameValuePair(OAuth2Constants.REFRESH_TOKEN, refreshToken));
}
if (clientId != null && clientSecret != null) {
String authorization = BasicAuthHelper.createHeader(clientId, clientSecret);
post.setHeader("Authorization", authorization);
} else if (clientId != null) {
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, clientId));
}
UrlEncodedFormEntity formEntity;
try {
formEntity = new UrlEncodedFormEntity(parameters, "UTF-8");
} catch (UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
post.setEntity(formEntity);
return client.execute(post);
} finally {
closeClient(client);
}
}
public AccessTokenResponse doRefreshTokenRequest(String refreshToken, String password) {
CloseableHttpClient client = new DefaultHttpClient();
try {
HttpPost post = new HttpPost(getRefreshTokenUrl());
List<NameValuePair> parameters = new LinkedList<NameValuePair>();
parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.REFRESH_TOKEN));
if (refreshToken != null) {
parameters.add(new BasicNameValuePair(OAuth2Constants.REFRESH_TOKEN, refreshToken));
}
if (clientId != null && password != null) {
String authorization = BasicAuthHelper.createHeader(clientId, password);
post.setHeader("Authorization", authorization);
} else if (clientId != null) {
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, clientId));
}
if (clientSessionState != null) {
parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_STATE, clientSessionState));
}
if (clientSessionHost != null) {
parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_HOST, clientSessionHost));
}
UrlEncodedFormEntity formEntity;
try {
formEntity = new UrlEncodedFormEntity(parameters, "UTF-8");
} catch (UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
post.setEntity(formEntity);
try {
return new AccessTokenResponse(client.execute(post));
} catch (Exception e) {
throw new RuntimeException("Failed to retrieve access token", e);
}
} finally {
closeClient(client);
}
}
public void closeClient(CloseableHttpClient client) {
try {
client.close();
} catch (IOException ioe) {
throw new RuntimeException(ioe);
}
}
public AccessToken verifyToken(String token) {
try {
return RSATokenVerifier.verifyToken(token, realmPublicKey, baseUrl + "/realms/" + realm);
} catch (VerificationException e) {
throw new RuntimeException("Failed to verify token", e);
}
}
public RefreshToken verifyRefreshToken(String refreshToken) {
try {
JWSInput jws = new JWSInput(refreshToken);
if (!RSAProvider.verify(jws, realmPublicKey)) {
throw new RuntimeException("Invalid refresh token");
}
return jws.readJsonContent(RefreshToken.class);
} catch (Exception e) {
throw new RuntimeException("Invalid refresh token", e);
}
}
public String getClientId() {
return clientId;
}
public String getCurrentRequest() {
return driver.getCurrentUrl().substring(0, driver.getCurrentUrl().indexOf('?'));
}
public URI getCurrentUri() {
try {
return new URI(driver.getCurrentUrl());
} catch (URISyntaxException e) {
throw new RuntimeException(e);
}
}
public Map<String, String> getCurrentQuery() {
Map<String, String> m = new HashMap<String, String>();
List<NameValuePair> pairs = URLEncodedUtils.parse(getCurrentUri(), "UTF-8");
for (NameValuePair p : pairs) {
m.put(p.getName(), p.getValue());
}
return m;
}
public void openLoginForm() {
driver.navigate().to(getLoginFormUrl());
}
public void openLogout() {
UriBuilder b = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(baseUrl));
if (redirectUri != null) {
b.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri);
}
driver.navigate().to(b.build(realm).toString());
}
public String getRedirectUri() {
return redirectUri;
}
public String getLoginFormUrl() {
UriBuilder b = OIDCLoginProtocolService.authUrl(UriBuilder.fromUri(SERVER_ROOT + "/auth"));
b.queryParam(OAuth2Constants.RESPONSE_TYPE, OAuth2Constants.CODE);
if (clientId != null) {
b.queryParam(OAuth2Constants.CLIENT_ID, clientId);
}
if (redirectUri != null) {
b.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri);
}
if (state != null) {
b.queryParam(OAuth2Constants.STATE, state);
}
if(uiLocales != null){
b.queryParam(OAuth2Constants.UI_LOCALES_PARAM, uiLocales);
}
if (scope != null) {
b.queryParam(OAuth2Constants.SCOPE, scope);
}
return b.build(realm).toString();
}
public String getAccessTokenUrl() {
UriBuilder b = OIDCLoginProtocolService.tokenUrl(UriBuilder.fromUri(baseUrl));
return b.build(realm).toString();
}
public String getTokenIntrospectionUrl() {
UriBuilder b = OIDCLoginProtocolService.tokenIntrospectionUrl(UriBuilder.fromUri(baseUrl));
return b.build(realm).toString();
}
public String getLogoutUrl(String redirectUri, String sessionState) {
UriBuilder b = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(baseUrl));
if (redirectUri != null) {
b.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri);
}
if (sessionState != null) {
b.queryParam("session_state", sessionState);
}
return b.build(realm).toString();
}
public String getResourceOwnerPasswordCredentialGrantUrl() {
UriBuilder b = OIDCLoginProtocolService.tokenUrl(UriBuilder.fromUri(baseUrl));
return b.build(realm).toString();
}
public String getResourceOwnerPasswordCredentialGrantUrl(String realm) {
UriBuilder b = OIDCLoginProtocolService.tokenUrl(UriBuilder.fromUri(baseUrl));
return b.build(realm).toString();
}
public String getServiceAccountUrl() {
return getResourceOwnerPasswordCredentialGrantUrl();
}
public String getRefreshTokenUrl() {
UriBuilder b = OIDCLoginProtocolService.tokenUrl(UriBuilder.fromUri(baseUrl));
return b.build(realm).toString();
}
public OAuthClient realm(String realm) {
this.realm = realm;
return this;
}
public OAuthClient realmPublicKey(PublicKey key) {
this.realmPublicKey = key;
return this;
}
public OAuthClient clientId(String clientId) {
this.clientId = clientId;
return this;
}
public OAuthClient redirectUri(String redirectUri) {
this.redirectUri = redirectUri;
return this;
}
public OAuthClient state(String state) {
this.state = state;
return this;
}
public OAuthClient scope(String scope) {
this.scope = scope;
return this;
}
public OAuthClient uiLocales(String uiLocales){
this.uiLocales = uiLocales;
return this;
}
public OAuthClient clientSessionState(String client_session_state) {
this.clientSessionState = client_session_state;
return this;
}
public OAuthClient clientSessionHost(String client_session_host) {
this.clientSessionHost = client_session_host;
return this;
}
public String getRealm() {
return realm;
}
public static class AuthorizationCodeResponse {
private boolean isRedirected;
private String code;
private String state;
private String error;
public AuthorizationCodeResponse(OAuthClient client) {
isRedirected = client.getCurrentRequest().equals(client.getRedirectUri());
code = client.getCurrentQuery().get(OAuth2Constants.CODE);
state = client.getCurrentQuery().get(OAuth2Constants.STATE);
error = client.getCurrentQuery().get(OAuth2Constants.ERROR);
}
public boolean isRedirected() {
return isRedirected;
}
public String getCode() {
return code;
}
public String getState() {
return state;
}
public String getError() {
return error;
}
}
public static class AccessTokenResponse {
private int statusCode;
private String accessToken;
private String tokenType;
private int expiresIn;
private int refreshExpiresIn;
private String refreshToken;
private String error;
private String errorDescription;
public AccessTokenResponse(HttpResponse response) throws Exception {
statusCode = response.getStatusLine().getStatusCode();
if (!"application/json".equals(response.getHeaders("Content-Type")[0].getValue())) {
Assert.fail("Invalid content type");
}
String s = IOUtils.toString(response.getEntity().getContent());
Map responseJson = JsonSerialization.readValue(s, Map.class);
if (statusCode == 200) {
accessToken = (String)responseJson.get("access_token");
tokenType = (String)responseJson.get("token_type");
expiresIn = (Integer)responseJson.get("expires_in");
refreshExpiresIn = (Integer)responseJson.get("refresh_expires_in");
if (responseJson.containsKey(OAuth2Constants.REFRESH_TOKEN)) {
refreshToken = (String)responseJson.get(OAuth2Constants.REFRESH_TOKEN);
}
} else {
error = (String)responseJson.get(OAuth2Constants.ERROR);
errorDescription = responseJson.containsKey(OAuth2Constants.ERROR_DESCRIPTION) ? (String)responseJson.get(OAuth2Constants.ERROR_DESCRIPTION) : null;
}
}
public String getAccessToken() {
return accessToken;
}
public String getError() {
return error;
}
public String getErrorDescription() {
return errorDescription;
}
public int getExpiresIn() {
return expiresIn;
}
public int getRefreshExpiresIn() {
return refreshExpiresIn;
}
public int getStatusCode() {
return statusCode;
}
public String getRefreshToken() {
return refreshToken;
}
public String getTokenType() {
return tokenType;
}
}
}

View file

@ -101,11 +101,11 @@
{
"clientId": "test-app",
"enabled": true,
"baseUrl": "http://localhost:8081/app",
"baseUrl": "http://localhost:8180/auth/realms/master/app",
"redirectUris": [
"http://localhost:8081/app/*"
"http://localhost:8180/auth/realms/master/app/*"
],
"adminUrl": "http://localhost:8081/app/logout",
"adminUrl": "http://localhost:8180/auth/realms/master/app/logout",
"secret": "password"
},
{
@ -114,7 +114,7 @@
"consentRequired": true,
"redirectUris": [
"http://localhost:8081/app/*"
"http://localhost:8180/app/*"
],
"secret": "password"
}