Merge pull request #2585 from mhajas/secureDeployment-PR

KEYCLOAK-2199 Add tests for secure deployment
This commit is contained in:
Bill Burke 2016-04-12 17:53:29 -04:00
commit 6b261cd6e9
9 changed files with 283 additions and 1 deletions

View file

@ -0,0 +1,43 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.adapter.page;
import org.jboss.arquillian.container.test.api.OperateOnDeployment;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl;
import java.net.URL;
/**
*
* @author tkyjovsk
*/
public class CustomerPortalSubsystem extends AbstractPageWithInjectedUrl {
public static final String DEPLOYMENT_NAME = "customer-portal-subsystem";
@ArquillianResource
@OperateOnDeployment(DEPLOYMENT_NAME)
private URL url;
@Override
public URL getInjectedUrl() {
return url;
}
}

View file

@ -45,7 +45,6 @@ public abstract class AbstractServletsAdapterTest extends AbstractAdapterTest {
WebArchive deployment = ShrinkWrap.create(WebArchive.class, name + ".war") WebArchive deployment = ShrinkWrap.create(WebArchive.class, name + ".war")
.addClasses(servletClasses) .addClasses(servletClasses)
.addAsWebInfResource(webXML, "web.xml") .addAsWebInfResource(webXML, "web.xml")
.addAsWebInfResource(keycloakJSON, "keycloak.json")
.addAsWebInfResource(jbossDeploymentStructure, JBOSS_DEPLOYMENT_STRUCTURE_XML); .addAsWebInfResource(jbossDeploymentStructure, JBOSS_DEPLOYMENT_STRUCTURE_XML);
URL keystore = AbstractServletsAdapterTest.class.getResource(webInfPath + "keystore.jks"); URL keystore = AbstractServletsAdapterTest.class.getResource(webInfPath + "keystore.jks");
@ -53,6 +52,10 @@ public abstract class AbstractServletsAdapterTest extends AbstractAdapterTest {
deployment.addAsWebInfResource(keystore, "classes/keystore.jks"); deployment.addAsWebInfResource(keystore, "classes/keystore.jks");
} }
if (keycloakJSON != null) {
deployment.addAsWebInfResource(keycloakJSON, "keycloak.json");
}
addContextXml(deployment, name); addContextXml(deployment, name);
return deployment; return deployment;

View file

@ -59,6 +59,8 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
@Page @Page
private CustomerPortal customerPortal; private CustomerPortal customerPortal;
@Page @Page
private CustomerPortalSubsystem customerPortalSubsystem;
@Page
private SecurePortal securePortal; private SecurePortal securePortal;
@Page @Page
private CustomerDb customerDb; private CustomerDb customerDb;
@ -74,6 +76,11 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
return servletDeployment(CustomerPortal.DEPLOYMENT_NAME, CustomerServlet.class, ErrorServlet.class); return servletDeployment(CustomerPortal.DEPLOYMENT_NAME, CustomerServlet.class, ErrorServlet.class);
} }
@Deployment(name = CustomerPortalSubsystem.DEPLOYMENT_NAME)
protected static WebArchive customerPortalSubsystem() {
return servletDeployment(CustomerPortalSubsystem.DEPLOYMENT_NAME, CustomerServlet.class, ErrorServlet.class);
}
@Deployment(name = SecurePortal.DEPLOYMENT_NAME) @Deployment(name = SecurePortal.DEPLOYMENT_NAME)
protected static WebArchive securePortal() { protected static WebArchive securePortal() {
return servletDeployment(SecurePortal.DEPLOYMENT_NAME, CallAuthenticatedServlet.class); return servletDeployment(SecurePortal.DEPLOYMENT_NAME, CallAuthenticatedServlet.class);
@ -99,6 +106,14 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
return servletDeployment(InputPortal.DEPLOYMENT_NAME, "keycloak.json", InputServlet.class); return servletDeployment(InputPortal.DEPLOYMENT_NAME, "keycloak.json", InputServlet.class);
} }
@Test
public void testCustomerPortalWithSubsystemSettings() {
customerPortalSubsystem.navigateTo();
assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
testRealmLoginPage.form().login("bburke@redhat.com", "password");
assertTrue(driver.getPageSource().contains("Bill Burke") && driver.getPageSource().contains("Stian Thorgersen"));
}
@Test @Test
public void testSavedPostRequest() throws InterruptedException { public void testSavedPostRequest() throws InterruptedException {
// test login to customer-portal which does a bearer request to customer-db // test login to customer-portal which does a bearer request to customer-db

View file

@ -0,0 +1,20 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<Context path="/customer-portal-subsystem">
<Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
</Context>

View file

@ -0,0 +1,46 @@
<?xml version="1.0"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Get name="securityHandler">
<Set name="authenticator">
<New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
<!--
<Set name="adapterConfig">
<New class="org.keycloak.representations.adapters.config.AdapterConfig">
<Set name="realm">tomcat</Set>
<Set name="resource">customer-portal</Set>
<Set name="authServerUrl">http://localhost:8180/auth</Set>
<Set name="sslRequired">external</Set>
<Set name="credentials">
<Map>
<Entry>
<Item>secret</Item>
<Item>password</Item>
</Entry>
</Map>
</Set>
<Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
</New>
</Set>
-->
</New>
</Set>
</Get>
</Configure>

View file

@ -0,0 +1,76 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>customer-portal-subsystem</module-name>
<servlet>
<servlet-name>Servlet</servlet-name>
<servlet-class>org.keycloak.testsuite.adapter.servlet.CustomerServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>Error Servlet</servlet-name>
<servlet-class>org.keycloak.testsuite.adapter.servlet.ErrorServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Servlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Error Servlet</servlet-name>
<url-pattern>/error.html</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Users</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Errors</web-resource-name>
<url-pattern>/error.html</url-pattern>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>demo</realm-name>
<form-login-config>
<form-login-page>/error.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>

View file

@ -127,6 +127,16 @@
], ],
"secret": "password" "secret": "password"
}, },
{
"clientId": "customer-portal-subsystem",
"enabled": true,
"adminUrl": "/customer-portal-subsystem",
"baseUrl": "/customer-portal-subsystem",
"redirectUris": [
"/customer-portal-subsystem/*"
],
"secret": "password"
},
{ {
"clientId": "customer-cookie-portal", "clientId": "customer-cookie-portal",
"enabled": true, "enabled": true,

View file

@ -0,0 +1,33 @@
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xalan="http://xml.apache.org/xalan"
version="2.0"
exclude-result-prefixes="xalan">
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
<xsl:strip-space elements="*"/>
<xsl:variable name="keycloakSubsystem" select="'urn:jboss:domain:keycloak:1.1'"/>
<xsl:param name="auth-server-port"/>
<xsl:template match="//*[local-name()='subsystem' and starts-with(namespace-uri(), $keycloakSubsystem)]">
<xsl:copy>
<xsl:apply-templates select="@* | node()" />
<secure-deployment name="customer-portal-subsystem.war">
<realm>demo</realm>
<realm-public-key>MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</realm-public-key>
<auth-server-url>http://localhost:<xsl:value-of select="$auth-server-port"/>/auth</auth-server-url>
<ssl-required>EXTERNAL</ssl-required>
<resource>customer-portal-subsystem</resource>
<credential name="secret">password</credential>
</secure-deployment>
</xsl:copy>
</xsl:template>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()" />
</xsl:copy>
</xsl:template>
</xsl:stylesheet>

View file

@ -37,6 +37,42 @@
<common.resources>${project.parent.basedir}/common</common.resources> <common.resources>${project.parent.basedir}/common</common.resources>
<adapter.libs.home>${app.server.home}/modules/system/add-ons/keycloak</adapter.libs.home> <adapter.libs.home>${app.server.home}/modules/system/add-ons/keycloak</adapter.libs.home>
</properties> </properties>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>xml-maven-plugin</artifactId>
<executions>
<execution>
<id>Configure keycloak subsystem</id>
<phase>process-test-resources</phase>
<goals>
<goal>transform</goal>
</goals>
<configuration>
<transformationSets>
<transformationSet>
<dir>${app.server.home}/standalone/configuration</dir>
<includes>
<include>standalone.xml</include>
</includes>
<stylesheet>${common.resources}/xslt/keycloak-subsystem.xsl</stylesheet>
<outputDir>${app.server.home}/standalone/configuration</outputDir>
<parameters>
<parameter>
<name>auth-server-port</name>
<value>${auth.server.http.port}</value>
</parameter>
</parameters>
</transformationSet>
</transformationSets>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
<profiles> <profiles>
<profile> <profile>