KEYCLOAK-4141
This commit is contained in:
parent
cbd6f7e1d0
commit
4df70c517d
12 changed files with 278 additions and 31 deletions
|
@ -173,10 +173,15 @@ public class KeycloakServletExtension implements ServletExtension {
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
log.debug("Setting jsession cookie path to: " + deploymentInfo.getContextPath());
|
ServletSessionConfig cookieConfig = deploymentInfo.getServletSessionConfig();
|
||||||
ServletSessionConfig cookieConfig = new ServletSessionConfig();
|
if (cookieConfig == null) {
|
||||||
cookieConfig.setPath(deploymentInfo.getContextPath());
|
cookieConfig = new ServletSessionConfig();
|
||||||
deploymentInfo.setServletSessionConfig(cookieConfig);
|
}
|
||||||
|
if (cookieConfig.getPath() == null) {
|
||||||
|
log.debug("Setting jsession cookie path to: " + deploymentInfo.getContextPath());
|
||||||
|
cookieConfig.setPath(deploymentInfo.getContextPath());
|
||||||
|
deploymentInfo.setServletSessionConfig(cookieConfig);
|
||||||
|
}
|
||||||
ChangeSessionId.turnOffChangeSessionIdOnLogin(deploymentInfo);
|
ChangeSessionId.turnOffChangeSessionIdOnLogin(deploymentInfo);
|
||||||
deploymentInfo.addListener(new ListenerInfo(UndertowNodesRegistrationManagementWrapper.class, new InstanceFactory<UndertowNodesRegistrationManagementWrapper>() {
|
deploymentInfo.addListener(new ListenerInfo(UndertowNodesRegistrationManagementWrapper.class, new InstanceFactory<UndertowNodesRegistrationManagementWrapper>() {
|
||||||
|
|
||||||
|
|
|
@ -182,10 +182,15 @@ public class SamlServletExtension implements ServletExtension {
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
log.debug("Setting jsession cookie path to: " + deploymentInfo.getContextPath());
|
ServletSessionConfig cookieConfig = deploymentInfo.getServletSessionConfig();
|
||||||
ServletSessionConfig cookieConfig = new ServletSessionConfig();
|
if (cookieConfig == null) {
|
||||||
cookieConfig.setPath(deploymentInfo.getContextPath());
|
cookieConfig = new ServletSessionConfig();
|
||||||
deploymentInfo.setServletSessionConfig(cookieConfig);
|
}
|
||||||
|
if (cookieConfig.getPath() == null) {
|
||||||
|
log.debug("Setting jsession cookie path to: " + deploymentInfo.getContextPath());
|
||||||
|
cookieConfig.setPath(deploymentInfo.getContextPath());
|
||||||
|
deploymentInfo.setServletSessionConfig(cookieConfig);
|
||||||
|
}
|
||||||
addEndpointConstraint(deploymentInfo);
|
addEndpointConstraint(deploymentInfo);
|
||||||
|
|
||||||
ChangeSessionId.turnOffChangeSessionIdOnLogin(deploymentInfo);
|
ChangeSessionId.turnOffChangeSessionIdOnLogin(deploymentInfo);
|
||||||
|
|
|
@ -0,0 +1,43 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||||
|
* and other contributors as indicated by the @author tags.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.keycloak.testsuite.adapter.page;
|
||||||
|
|
||||||
|
import org.jboss.arquillian.container.test.api.OperateOnDeployment;
|
||||||
|
import org.jboss.arquillian.test.api.ArquillianResource;
|
||||||
|
import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl;
|
||||||
|
|
||||||
|
import java.net.URL;
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @author tkyjovsk
|
||||||
|
*/
|
||||||
|
public class SecurePortalWithCustomSessionConfig extends AbstractPageWithInjectedUrl {
|
||||||
|
|
||||||
|
public static final String DEPLOYMENT_NAME = "secure-portal-with-custom-session-config";
|
||||||
|
|
||||||
|
@ArquillianResource
|
||||||
|
@OperateOnDeployment(DEPLOYMENT_NAME)
|
||||||
|
private URL url;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public URL getInjectedUrl() {
|
||||||
|
return url;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -24,6 +24,7 @@ import org.junit.Assert;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
import org.junit.Ignore;
|
import org.junit.Ignore;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
||||||
import org.keycloak.OAuth2Constants;
|
import org.keycloak.OAuth2Constants;
|
||||||
import org.keycloak.admin.client.resource.ClientResource;
|
import org.keycloak.admin.client.resource.ClientResource;
|
||||||
import org.keycloak.common.Version;
|
import org.keycloak.common.Version;
|
||||||
|
@ -38,14 +39,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
import org.keycloak.representations.idm.UserRepresentation;
|
import org.keycloak.representations.idm.UserRepresentation;
|
||||||
import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest;
|
import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest;
|
||||||
import org.keycloak.testsuite.adapter.filter.AdapterActionsFilter;
|
import org.keycloak.testsuite.adapter.filter.AdapterActionsFilter;
|
||||||
import org.keycloak.testsuite.adapter.page.BasicAuth;
|
import org.keycloak.testsuite.adapter.page.*;
|
||||||
import org.keycloak.testsuite.adapter.page.CustomerDb;
|
|
||||||
import org.keycloak.testsuite.adapter.page.CustomerDbErrorPage;
|
|
||||||
import org.keycloak.testsuite.adapter.page.CustomerPortal;
|
|
||||||
import org.keycloak.testsuite.adapter.page.InputPortal;
|
|
||||||
import org.keycloak.testsuite.adapter.page.ProductPortal;
|
|
||||||
import org.keycloak.testsuite.adapter.page.SecurePortal;
|
|
||||||
import org.keycloak.testsuite.adapter.page.TokenMinTTLPage;
|
|
||||||
import org.keycloak.testsuite.admin.ApiUtil;
|
import org.keycloak.testsuite.admin.ApiUtil;
|
||||||
import org.keycloak.testsuite.auth.page.account.Applications;
|
import org.keycloak.testsuite.auth.page.account.Applications;
|
||||||
import org.keycloak.testsuite.auth.page.login.OAuthGrant;
|
import org.keycloak.testsuite.auth.page.login.OAuthGrant;
|
||||||
|
@ -53,6 +47,7 @@ import org.keycloak.testsuite.console.page.events.Config;
|
||||||
import org.keycloak.testsuite.console.page.events.LoginEvents;
|
import org.keycloak.testsuite.console.page.events.LoginEvents;
|
||||||
import org.keycloak.testsuite.util.URLUtils;
|
import org.keycloak.testsuite.util.URLUtils;
|
||||||
import org.keycloak.util.BasicAuthHelper;
|
import org.keycloak.util.BasicAuthHelper;
|
||||||
|
|
||||||
import org.openqa.selenium.By;
|
import org.openqa.selenium.By;
|
||||||
import org.openqa.selenium.WebElement;
|
import org.openqa.selenium.WebElement;
|
||||||
|
|
||||||
|
@ -73,12 +68,13 @@ import java.util.concurrent.TimeUnit;
|
||||||
import java.util.regex.Matcher;
|
import java.util.regex.Matcher;
|
||||||
import java.util.regex.Pattern;
|
import java.util.regex.Pattern;
|
||||||
|
|
||||||
import static org.junit.Assert.assertEquals;
|
import static org.junit.Assert.*;
|
||||||
import static org.junit.Assert.assertFalse;
|
|
||||||
import static org.junit.Assert.assertNotEquals;
|
import org.keycloak.testsuite.util.Matchers;
|
||||||
import static org.junit.Assert.assertNotNull;
|
|
||||||
import static org.junit.Assert.assertTrue;
|
import javax.ws.rs.core.Response.Status;
|
||||||
import org.keycloak.testsuite.adapter.page.CustomerPortalNoConf;
|
|
||||||
|
import static org.hamcrest.Matchers.*;
|
||||||
import static org.keycloak.testsuite.auth.page.AuthRealm.DEMO;
|
import static org.keycloak.testsuite.auth.page.AuthRealm.DEMO;
|
||||||
import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlEquals;
|
import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlEquals;
|
||||||
import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWithLoginUrlOf;
|
import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWithLoginUrlOf;
|
||||||
|
@ -98,6 +94,8 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
|
||||||
@Page
|
@Page
|
||||||
private SecurePortal securePortal;
|
private SecurePortal securePortal;
|
||||||
@Page
|
@Page
|
||||||
|
private SecurePortalWithCustomSessionConfig securePortalWithCustomSessionConfig;
|
||||||
|
@Page
|
||||||
private CustomerDb customerDb;
|
private CustomerDb customerDb;
|
||||||
@Page
|
@Page
|
||||||
private CustomerDbErrorPage customerDbErrorPage;
|
private CustomerDbErrorPage customerDbErrorPage;
|
||||||
|
@ -133,6 +131,11 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
|
||||||
return servletDeployment(SecurePortal.DEPLOYMENT_NAME, CallAuthenticatedServlet.class);
|
return servletDeployment(SecurePortal.DEPLOYMENT_NAME, CallAuthenticatedServlet.class);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Deployment(name = SecurePortalWithCustomSessionConfig.DEPLOYMENT_NAME)
|
||||||
|
protected static WebArchive securePortalWithCustomSessionConfig() {
|
||||||
|
return servletDeployment(SecurePortalWithCustomSessionConfig.DEPLOYMENT_NAME, CallAuthenticatedServlet.class);
|
||||||
|
}
|
||||||
|
|
||||||
@Deployment(name = CustomerDb.DEPLOYMENT_NAME)
|
@Deployment(name = CustomerDb.DEPLOYMENT_NAME)
|
||||||
protected static WebArchive customerDb() {
|
protected static WebArchive customerDb() {
|
||||||
return servletDeployment(CustomerDb.DEPLOYMENT_NAME, AdapterActionsFilter.class, CustomerDatabaseServlet.class);
|
return servletDeployment(CustomerDb.DEPLOYMENT_NAME, AdapterActionsFilter.class, CustomerDatabaseServlet.class);
|
||||||
|
@ -479,6 +482,27 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
|
||||||
assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
|
assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testAuthenticatedWithCustomSessionConfig() {
|
||||||
|
// test login to customer-portal which does a bearer request to customer-db
|
||||||
|
securePortalWithCustomSessionConfig.navigateTo();
|
||||||
|
assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
|
||||||
|
testRealmLoginPage.form().login("bburke@redhat.com", "password");
|
||||||
|
assertCurrentUrlEquals(securePortalWithCustomSessionConfig);
|
||||||
|
|
||||||
|
assertThat("Cookie CUSTOM_JSESSION_ID_NAME should exist", driver.manage().getCookieNamed("CUSTOM_JSESSION_ID_NAME"), notNullValue());
|
||||||
|
|
||||||
|
String pageSource = driver.getPageSource();
|
||||||
|
assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
|
||||||
|
// test logout
|
||||||
|
String logoutUri = OIDCLoginProtocolService.logoutUrl(authServerPage.createUriBuilder())
|
||||||
|
.queryParam(OAuth2Constants.REDIRECT_URI, securePortalWithCustomSessionConfig.toString()).build("demo").toString();
|
||||||
|
driver.navigate().to(logoutUri);
|
||||||
|
assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
|
||||||
|
securePortalWithCustomSessionConfig.navigateTo();
|
||||||
|
assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
|
||||||
|
}
|
||||||
|
|
||||||
// Tests "token-minimum-time-to-live" adapter configuration option
|
// Tests "token-minimum-time-to-live" adapter configuration option
|
||||||
@Test
|
@Test
|
||||||
public void testTokenMinTTL() {
|
public void testTokenMinTTL() {
|
||||||
|
@ -549,23 +573,19 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
|
||||||
Response response = client.target(basicAuthPage
|
Response response = client.target(basicAuthPage
|
||||||
.setTemplateValues("mposolda", "password", value).buildUri()).request().get();
|
.setTemplateValues("mposolda", "password", value).buildUri()).request().get();
|
||||||
|
|
||||||
assertEquals(200, response.getStatus());
|
assertThat(response, Matchers.statusCodeIs(Status.OK));
|
||||||
assertEquals(value, response.readEntity(String.class));
|
assertEquals(value, response.readEntity(String.class));
|
||||||
response.close();
|
response.close();
|
||||||
|
|
||||||
response = client.target(basicAuthPage
|
response = client.target(basicAuthPage
|
||||||
.setTemplateValues("invalid-user", "password", value).buildUri()).request().get();
|
.setTemplateValues("invalid-user", "password", value).buildUri()).request().get();
|
||||||
assertEquals(401, response.getStatus());
|
assertThat(response, Matchers.statusCodeIs(Status.UNAUTHORIZED));
|
||||||
String readResponse = response.readEntity(String.class);
|
assertThat(response, Matchers.body(anyOf(containsString("Unauthorized"), containsString("Status 401"))));
|
||||||
assertTrue(readResponse.contains("Unauthorized") || readResponse.contains("Status 401"));
|
|
||||||
response.close();
|
|
||||||
|
|
||||||
response = client.target(basicAuthPage
|
response = client.target(basicAuthPage
|
||||||
.setTemplateValues("admin", "invalid-password", value).buildUri()).request().get();
|
.setTemplateValues("admin", "invalid-password", value).buildUri()).request().get();
|
||||||
assertEquals(401, response.getStatus());
|
assertThat(response, Matchers.statusCodeIs(Status.UNAUTHORIZED));
|
||||||
readResponse = response.readEntity(String.class);
|
assertThat(response, Matchers.body(anyOf(containsString("Unauthorized"), containsString("Status 401"))));
|
||||||
assertTrue(readResponse.contains("Unauthorized") || readResponse.contains("Status 401"));
|
|
||||||
response.close();
|
|
||||||
|
|
||||||
client.close();
|
client.close();
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,9 +20,16 @@ package org.keycloak.testsuite.adapter.undertow.servlet;
|
||||||
import org.keycloak.testsuite.adapter.servlet.AbstractDemoFilterServletAdapterTest;
|
import org.keycloak.testsuite.adapter.servlet.AbstractDemoFilterServletAdapterTest;
|
||||||
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
|
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
|
||||||
|
|
||||||
|
import org.junit.Ignore;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||||
*/
|
*/
|
||||||
@AppServerContainer("auth-server-undertow")
|
@AppServerContainer("auth-server-undertow")
|
||||||
public class UndertowDemoFilterServletAdapterTest extends AbstractDemoFilterServletAdapterTest {
|
public class UndertowDemoFilterServletAdapterTest extends AbstractDemoFilterServletAdapterTest {
|
||||||
|
@Ignore
|
||||||
|
@Override
|
||||||
|
public void testAuthenticatedWithCustomSessionConfig() {
|
||||||
|
// Undertow deployment ignores session cookie settings in web.xml, see org.keycloak.testsuite.arquillian.undertow.SimpleWebXmlParser class
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,9 +20,17 @@ package org.keycloak.testsuite.adapter.undertow.servlet;
|
||||||
import org.keycloak.testsuite.adapter.servlet.AbstractDemoServletsAdapterTest;
|
import org.keycloak.testsuite.adapter.servlet.AbstractDemoServletsAdapterTest;
|
||||||
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
|
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
|
||||||
|
|
||||||
|
import org.junit.Ignore;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||||
*/
|
*/
|
||||||
@AppServerContainer("auth-server-undertow")
|
@AppServerContainer("auth-server-undertow")
|
||||||
public class UndertowDemoServletsAdapterTest extends AbstractDemoServletsAdapterTest {
|
public class UndertowDemoServletsAdapterTest extends AbstractDemoServletsAdapterTest {
|
||||||
|
|
||||||
|
@Ignore
|
||||||
|
@Override
|
||||||
|
public void testAuthenticatedWithCustomSessionConfig() {
|
||||||
|
// Undertow deployment ignores session cookie settings in web.xml, see org.keycloak.testsuite.arquillian.undertow.SimpleWebXmlParser class
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -214,6 +214,19 @@
|
||||||
"jwt.credential.certificate" : "MIICqTCCAZECBgFT0Ngs/DANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1zZWN1cmUtcG9ydGFsMB4XDTE2MDQwMTA4MDA0MVoXDTI2MDQwMTA4MDIyMVowGDEWMBQGA1UEAwwNc2VjdXJlLXBvcnRhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJa4GixpmzP511AmI0eLPLORyJwXS8908MUvdG3hmh8jMOIhe28XjIFeZSY09vFxh22F2SUMjxU/B2Hw4PDJUkebuNR7rXhOIYCJAo6eEZzjSBY/wngFtfm74zJ/eLCobBtDvIld7jobdHTfE1Oz9+GzvtG0k7cm7ubrLT0J4I1UsFZj3b//3wa+O0vNaTwHC1Jz/m59VbtXqyO4xEzIdl416cnGCmEmk5qd5h1de2UoLi/CTad8HftIJhzN1qhlySzW/9Ha70aYlDH2hiibDsXDTrNaMdaaLik7I8Rv/nIbggysG863PKZo8wknDe62QctH5VYSSktiy4gjSJkGh7ECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAZnnx+AHQ8txugGcFK8gWjildDgk+v31fBHBDvmLQaSzsUaIOJaK4wnlwUI+VfR46HmBXhjlDCobFLUptd+kz0G7xapcIn3b5jLrySUUD7L+LAp1vNOQU4mKhTGS3IEvNB73D3GH9rQ+M3KEcoN3f99fNKqKsUdxbmZqGf4VOQ57PUfLBw4PJJGlROPosBc7ivPRyeYnKekhoCTynq30BAD1FA1BA8ppcY4ZVGADPTAgMJxpglpFY9LiqCwdLAGW1ttnsyIJ7DpT+kybhhk7c+MU7gyQdv8xPnMR0bSCB9hndowgBn5oZ393aMscwMNCzwJ0aWBs1sUyn3X0RIsu9Jg=="
|
"jwt.credential.certificate" : "MIICqTCCAZECBgFT0Ngs/DANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1zZWN1cmUtcG9ydGFsMB4XDTE2MDQwMTA4MDA0MVoXDTI2MDQwMTA4MDIyMVowGDEWMBQGA1UEAwwNc2VjdXJlLXBvcnRhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJa4GixpmzP511AmI0eLPLORyJwXS8908MUvdG3hmh8jMOIhe28XjIFeZSY09vFxh22F2SUMjxU/B2Hw4PDJUkebuNR7rXhOIYCJAo6eEZzjSBY/wngFtfm74zJ/eLCobBtDvIld7jobdHTfE1Oz9+GzvtG0k7cm7ubrLT0J4I1UsFZj3b//3wa+O0vNaTwHC1Jz/m59VbtXqyO4xEzIdl416cnGCmEmk5qd5h1de2UoLi/CTad8HftIJhzN1qhlySzW/9Ha70aYlDH2hiibDsXDTrNaMdaaLik7I8Rv/nIbggysG863PKZo8wknDe62QctH5VYSSktiy4gjSJkGh7ECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAZnnx+AHQ8txugGcFK8gWjildDgk+v31fBHBDvmLQaSzsUaIOJaK4wnlwUI+VfR46HmBXhjlDCobFLUptd+kz0G7xapcIn3b5jLrySUUD7L+LAp1vNOQU4mKhTGS3IEvNB73D3GH9rQ+M3KEcoN3f99fNKqKsUdxbmZqGf4VOQ57PUfLBw4PJJGlROPosBc7ivPRyeYnKekhoCTynq30BAD1FA1BA8ppcY4ZVGADPTAgMJxpglpFY9LiqCwdLAGW1ttnsyIJ7DpT+kybhhk7c+MU7gyQdv8xPnMR0bSCB9hndowgBn5oZ393aMscwMNCzwJ0aWBs1sUyn3X0RIsu9Jg=="
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"clientId": "secure-portal-with-custom-session-config",
|
||||||
|
"enabled": true,
|
||||||
|
"adminUrl": "/secure-portal-with-custom-session-config",
|
||||||
|
"baseUrl": "/secure-portal-with-custom-session-config",
|
||||||
|
"clientAuthenticatorType": "client-jwt",
|
||||||
|
"redirectUris": [
|
||||||
|
"/secure-portal-with-custom-session-config/*"
|
||||||
|
],
|
||||||
|
"attributes" : {
|
||||||
|
"jwt.credential.certificate" : "MIICqTCCAZECBgFT0Ngs/DANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1zZWN1cmUtcG9ydGFsMB4XDTE2MDQwMTA4MDA0MVoXDTI2MDQwMTA4MDIyMVowGDEWMBQGA1UEAwwNc2VjdXJlLXBvcnRhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJa4GixpmzP511AmI0eLPLORyJwXS8908MUvdG3hmh8jMOIhe28XjIFeZSY09vFxh22F2SUMjxU/B2Hw4PDJUkebuNR7rXhOIYCJAo6eEZzjSBY/wngFtfm74zJ/eLCobBtDvIld7jobdHTfE1Oz9+GzvtG0k7cm7ubrLT0J4I1UsFZj3b//3wa+O0vNaTwHC1Jz/m59VbtXqyO4xEzIdl416cnGCmEmk5qd5h1de2UoLi/CTad8HftIJhzN1qhlySzW/9Ha70aYlDH2hiibDsXDTrNaMdaaLik7I8Rv/nIbggysG863PKZo8wknDe62QctH5VYSSktiy4gjSJkGh7ECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAZnnx+AHQ8txugGcFK8gWjildDgk+v31fBHBDvmLQaSzsUaIOJaK4wnlwUI+VfR46HmBXhjlDCobFLUptd+kz0G7xapcIn3b5jLrySUUD7L+LAp1vNOQU4mKhTGS3IEvNB73D3GH9rQ+M3KEcoN3f99fNKqKsUdxbmZqGf4VOQ57PUfLBw4PJJGlROPosBc7ivPRyeYnKekhoCTynq30BAD1FA1BA8ppcY4ZVGADPTAgMJxpglpFY9LiqCwdLAGW1ttnsyIJ7DpT+kybhhk7c+MU7gyQdv8xPnMR0bSCB9hndowgBn5oZ393aMscwMNCzwJ0aWBs1sUyn3X0RIsu9Jg=="
|
||||||
|
}
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"clientId": "session-portal",
|
"clientId": "session-portal",
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
<!--
|
||||||
|
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||||
|
~ and other contributors as indicated by the @author tags.
|
||||||
|
~
|
||||||
|
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
~ you may not use this file except in compliance with the License.
|
||||||
|
~ You may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing, software
|
||||||
|
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
~ See the License for the specific language governing permissions and
|
||||||
|
~ limitations under the License.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<Context path="/customer-portal">
|
||||||
|
<Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
|
||||||
|
</Context>
|
|
@ -0,0 +1,46 @@
|
||||||
|
<?xml version="1.0"?>
|
||||||
|
<!--
|
||||||
|
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||||
|
~ and other contributors as indicated by the @author tags.
|
||||||
|
~
|
||||||
|
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
~ you may not use this file except in compliance with the License.
|
||||||
|
~ You may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing, software
|
||||||
|
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
~ See the License for the specific language governing permissions and
|
||||||
|
~ limitations under the License.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
|
||||||
|
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
|
||||||
|
<Get name="securityHandler">
|
||||||
|
<Set name="authenticator">
|
||||||
|
<New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
|
||||||
|
<!--
|
||||||
|
<Set name="adapterConfig">
|
||||||
|
<New class="org.keycloak.representations.adapters.config.AdapterConfig">
|
||||||
|
<Set name="realm">tomcat</Set>
|
||||||
|
<Set name="resource">customer-portal</Set>
|
||||||
|
<Set name="authServerUrl">http://localhost:8180/auth</Set>
|
||||||
|
<Set name="sslRequired">external</Set>
|
||||||
|
<Set name="credentials">
|
||||||
|
<Map>
|
||||||
|
<Entry>
|
||||||
|
<Item>secret</Item>
|
||||||
|
<Item>password</Item>
|
||||||
|
</Entry>
|
||||||
|
</Map>
|
||||||
|
</Set>
|
||||||
|
<Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
-->
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
</Get>
|
||||||
|
</Configure>
|
|
@ -0,0 +1,16 @@
|
||||||
|
{
|
||||||
|
"realm": "demo",
|
||||||
|
"auth-server-url": "http://localhost:8180/auth",
|
||||||
|
"ssl-required": "external",
|
||||||
|
"resource": "secure-portal-with-custom-session-config",
|
||||||
|
"credentials": {
|
||||||
|
"jwt": {
|
||||||
|
"client-key-password": "password",
|
||||||
|
"client-keystore-file": "classpath:keystore.jks",
|
||||||
|
"client-keystore-password": "password",
|
||||||
|
"client-key-alias": "secure-portal",
|
||||||
|
"token-timeout": 10,
|
||||||
|
"client-keystore-type": "jks"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
Binary file not shown.
|
@ -0,0 +1,64 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!--
|
||||||
|
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||||
|
~ and other contributors as indicated by the @author tags.
|
||||||
|
~
|
||||||
|
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
~ you may not use this file except in compliance with the License.
|
||||||
|
~ You may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing, software
|
||||||
|
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
~ See the License for the specific language governing permissions and
|
||||||
|
~ limitations under the License.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>secure-portal-with-custom-session-config</module-name>
|
||||||
|
|
||||||
|
<servlet>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<servlet-class>org.keycloak.testsuite.adapter.servlet.CallAuthenticatedServlet</servlet-class>
|
||||||
|
</servlet>
|
||||||
|
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>Servlet</servlet-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
|
||||||
|
<security-constraint>
|
||||||
|
<web-resource-collection>
|
||||||
|
<web-resource-name>Permit all</web-resource-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</web-resource-collection>
|
||||||
|
<auth-constraint>
|
||||||
|
<role-name>*</role-name>
|
||||||
|
</auth-constraint>
|
||||||
|
</security-constraint>
|
||||||
|
|
||||||
|
<session-config>
|
||||||
|
<cookie-config>
|
||||||
|
<http-only>true</http-only>
|
||||||
|
<name>CUSTOM_JSESSION_ID_NAME</name>
|
||||||
|
</cookie-config>
|
||||||
|
</session-config>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>KEYCLOAK</auth-method>
|
||||||
|
<realm-name>demo</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
Loading…
Reference in a new issue