KEYCLOAK-6750 Adapt Tomcat adapter tests to new structure

This commit is contained in:
mhajas 2019-02-13 12:53:45 +01:00 committed by Hynek Mlnařík
parent 4cde8d8534
commit 8a750c7fca
243 changed files with 1077 additions and 10554 deletions

View file

@ -32,7 +32,7 @@
<properties>
<fuse7.version>7.0.1-SNAPSHOT</fuse7.version>
<tomcat.version>8.0.14</tomcat.version>
<tomcat.version>${tomcat8.version}</tomcat.version>
<jetty9.version>9.4.2.v20170220</jetty9.version>
</properties>

View file

@ -30,7 +30,7 @@
<name>Keycloak Tomcat 7 Integration</name>
<properties>
<!--<tomcat.version>8.0.14</tomcat.version>-->
<tomcat.version>7.0.52</tomcat.version>
<tomcat.version>${tomcat7.version}</tomcat.version>
</properties>
<description />

View file

@ -32,7 +32,7 @@
<maven.compiler.target>1.7</maven.compiler.target>
<maven.compiler.source>1.7</maven.compiler.source>
<tomcat.version>8.0.14</tomcat.version>
<tomcat.version>${tomcat8.version}</tomcat.version>
</properties>
<description />

View file

@ -30,7 +30,7 @@
<name>Keycloak Tomcat 7 SAML Integration</name>
<properties>
<!--<tomcat.version>8.0.14</tomcat.version>-->
<tomcat.version>7.0.52</tomcat.version>
<tomcat.version>${tomcat7.version}</tomcat.version>
</properties>
<description />

View file

@ -32,7 +32,7 @@
<maven.compiler.target>1.7</maven.compiler.target>
<maven.compiler.source>1.7</maven.compiler.source>
<tomcat.version>8.0.14</tomcat.version>
<tomcat.version>${tomcat8.version}</tomcat.version>
</properties>
<description />

View file

@ -150,6 +150,11 @@
<!-- Surefire Settings -->
<surefire.memory.settings>-Xms512m -Xmx2048m -XX:MetaspaceSize=96m -XX:MaxMetaspaceSize=256m</surefire.memory.settings>
<!-- Tomcat versions -->
<tomcat7.version>7.0.92</tomcat7.version>
<tomcat8.version>8.5.38</tomcat8.version>
<tomcat9.version>9.0.16</tomcat9.version>
</properties>
<url>http://keycloak.org</url>

View file

@ -96,7 +96,7 @@ Each version has its corresponding profile:
Here's how to run the tests with Jetty `9.4`:
mvn -f testsuite/integration-arquillian/tests/base/pom.xml \
mvn -f testsuite/integration-arquillian/pom.xml \
-Papp-server-jetty94 \
-Dtest=org.keycloak.testsuite.adapter.**.*Test
@ -108,6 +108,19 @@ Here's how to run the tests with Jetty `9.4`:
-Papp-server-wildfly \
-Dtest=org.keycloak.testsuite.adapter.**
### Tomcat
We run testsuite with Tomcat 7, 8 and 9. For specific versions see properties `${tomcat[7,8,9].version}` in parent [pom.xml](../../pom.xml).
To run tests on Tomcat:
````
mvn -f testsuite/integration-arquillian/pom.xml \
clean install \
-Papp-server-tomcat[7,8,9] \
-Dtest=org.keycloak.testsuite.adapter.**
````
### Wildfly with legacy non-elytron adapter
mvn -f testsuite/integration-arquillian/pom.xml \

View file

@ -175,7 +175,6 @@ integration-arquillian
├──adapters (common settings for all adapter test modules - will be moved into base)
│ ├──jboss
│ ├──tomcat
│ └──karaf
├──console

View file

@ -64,6 +64,9 @@
<arquillian-jetty9-container.version>1.0.0.CR3</arquillian-jetty9-container.version>
<arquillian-container-karaf.version>2.2.0.Final</arquillian-container-karaf.version>
<arquillian-infinispan-container.version>1.2.0.Beta2</arquillian-infinispan-container.version>
<arquillian-tomcat7-container-version>1.0.1.Final</arquillian-tomcat7-container-version>
<arquillian-tomcat8-container-version>1.0.1.Final</arquillian-tomcat8-container-version>
<arquillian-tomcat9-container-version>1.0.1.Final</arquillian-tomcat9-container-version>
<undertow-embedded.version>1.0.0.Alpha2</undertow-embedded.version>
<version.org.wildfly.extras.creaper>1.6.1</version.org.wildfly.extras.creaper>
<testcontainers.version>1.5.1</testcontainers.version>

View file

@ -13,23 +13,23 @@ The artifacts are used by the Arquillian TestSuite.
### Auth Server
- JBoss
- Wildfly 10
- EAP 7
- Wildfly 10
- EAP 7
- Undertow
### App Server
- JBoss
- JBossAS 7
- Wildfly 8, 9, 10
- EAP 6, 7
- Relative (Wildfly 10 / EAP 7)
- JBossAS 7
- Wildfly 8, 9, 10
- EAP 6, 7
- Relative (Wildfly 10 / EAP 7)
- Karaf / Fuse
- Karaf 3
- Fuse 6.1, 6.2
- Karaf 3
- Fuse 6.1, 6.2
- Tomcat
- Tomcat 7, 8
- Tomcat 7, 8, 9
### Load Balancer

View file

@ -44,3 +44,4 @@ Submodules are enabled with profiles: `-Papp-server-MODULE`
### Modules
* __`tomcat7` Tomcat 7__
* __`tomcat8` Tomcat 8__
* __`tomcat9` Tomcat 9__

View file

@ -26,7 +26,7 @@
<xsl:template match="//*[local-name()='tomcat-users']">
<xsl:copy>
<xsl:apply-templates select="node()|@*"/>
<user username="manager" password="arquillian" roles="manager-script"/>
<user username="manager" password="arquillian" roles="manager-script,manager-gui"/>
</xsl:copy>
</xsl:template>

View file

@ -0,0 +1,28 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>integration-arquillian-servers-app-server-tomcat</artifactId>
<groupId>org.keycloak.testsuite</groupId>
<version>5.0.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>integration-arquillian-servers-app-server-tomcat-common</artifactId>
<name>App Server - Tomcat common classes</name>
<dependencies>
<dependency>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-servers-app-server-spi</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-util</artifactId>
<version>${project.version}</version>
</dependency>
</dependencies>
</project>

View file

@ -0,0 +1,12 @@
package org.keycloak.testsuite.adapter.servlet;
import javax.ws.rs.ApplicationPath;
import javax.ws.rs.core.Application;
/**
* Basic auth app.
*/
@ApplicationPath("/")
public class TomcatConfigApplication extends Application {
}

View file

@ -0,0 +1,81 @@
/*
* Copyright 2018 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.arquillian.tomcat.container;
import org.jboss.arquillian.core.spi.Validate;
import org.jboss.shrinkwrap.descriptor.spi.node.Node;
import org.keycloak.testsuite.arquillian.container.AppServerContainerProvider;
import org.keycloak.testsuite.utils.arquillian.tomcat.TomcatAppServerConfigurationUtils;
import java.util.ArrayList;
import java.util.List;
public abstract class AbstractTomcatAppServerProvider implements AppServerContainerProvider {
private final String catalinaHome;
private final String bindHttpPort;
private final String jmxPort;
private final String startupTimeoutInSeconds;
private final String USER = "manager";
private final String PASS = "arquillian";
public AbstractTomcatAppServerProvider() {
catalinaHome = System.getProperty("app.server.home");
bindHttpPort = determineHttpPort();
jmxPort = System.getProperty("app.server.management.port");
startupTimeoutInSeconds = System.getProperty("app.server.startup.timeout");
Validate.notNullOrEmpty(catalinaHome, "app.server.home is not set.");
Validate.notNullOrEmpty(bindHttpPort, "app.server.http.port is not set.");
Validate.notNullOrEmpty(jmxPort, "app.server.management.port is not set.");
Validate.notNullOrEmpty(startupTimeoutInSeconds, "app.server.startup.timeout is not set.");
}
protected abstract String getContainerClassName();
private String determineHttpPort() {
String httpPort = System.getProperty("app.server.http.port");
String portOffset = System.getProperty("app.server.port.offset", "0");
if (!portOffset.equals("0")) {
httpPort = String.valueOf(Integer.valueOf(httpPort) + Integer.valueOf(portOffset));
}
return httpPort;
}
@Override
public List<Node> getContainers() {
List<Node> containers = new ArrayList<>();
containers.add(standaloneContainer());
return containers;
}
private Node standaloneContainer() {
Node container = new Node("container");
container.attribute("mode", "manual");
container.attribute("qualifier", AppServerContainerProvider.APP_SERVER + "-" + getName());
return TomcatAppServerConfigurationUtils
.getStandaloneConfiguration(container, getContainerClassName(), catalinaHome,
bindHttpPort, jmxPort, USER, PASS, startupTimeoutInSeconds);
}
}

View file

@ -0,0 +1,78 @@
/*
* Copyright 2018 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.arquillian.tomcat.container;
import org.jboss.arquillian.container.test.spi.client.deployment.ApplicationArchiveProcessor;
import org.jboss.arquillian.test.spi.TestClass;
import org.jboss.logging.Logger;
import org.jboss.shrinkwrap.api.Archive;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.keycloak.testsuite.adapter.servlet.TomcatConfigApplication;
import org.keycloak.testsuite.utils.arquillian.DeploymentArchiveProcessorUtils;
import org.keycloak.testsuite.utils.arquillian.tomcat.TomcatDeploymentArchiveProcessorUtils;
public class CommonTomcatDeploymentArchiveProcessor implements ApplicationArchiveProcessor {
private final Logger log = Logger.getLogger(CommonTomcatDeploymentArchiveProcessor.class);
@Override
public void process(Archive<?> archive, TestClass testClass) {
if (DeploymentArchiveProcessorUtils.checkRunOnServerDeployment(archive)) return;
modifyOIDCAdapterConfig(archive, DeploymentArchiveProcessorUtils.ADAPTER_CONFIG_PATH);
DeploymentArchiveProcessorUtils.SAML_CONFIGS.forEach(path -> modifySAMLAdapterConfig(archive, path));
TomcatDeploymentArchiveProcessorUtils.copyWarClasspathFilesToCommonTomcatClasspath(archive);
// KEYCLOAK-9606 - might be unnecessary, however for now we need to test what is in docs
TomcatDeploymentArchiveProcessorUtils.replaceKEYCLOAKMethodWithBASIC(archive);
if (containsSAMLAdapterConfig(archive)) {
TomcatDeploymentArchiveProcessorUtils.replaceOIDCValveWithSAMLValve(archive);
}
if (TomcatDeploymentArchiveProcessorUtils.isJaxRSApp(archive)) {
TomcatDeploymentArchiveProcessorUtils.removeServletConfigurationInWebXML(archive);
if (!TomcatDeploymentArchiveProcessorUtils.containsApplicationConfigClass(archive)) {
((WebArchive) archive).addClass(TomcatConfigApplication.class);
}
}
}
private boolean containsSAMLAdapterConfig(Archive<?> archive) {
return DeploymentArchiveProcessorUtils.SAML_CONFIGS
.stream()
.anyMatch(archive::contains);
}
private void modifyOIDCAdapterConfig(Archive<?> archive, String adapterConfigPath) {
if (!archive.contains(adapterConfigPath)) return;
log.debug("Modifying adapter config " + adapterConfigPath + " in " + archive.getName());
DeploymentArchiveProcessorUtils.modifyOIDCAdapterConfig(archive, adapterConfigPath);
}
private void modifySAMLAdapterConfig(Archive<?> archive, String adapterConfigPath) {
if (!archive.contains(adapterConfigPath)) return;
log.debug("Modifying adapter config " + adapterConfigPath + " in " + archive.getName());
DeploymentArchiveProcessorUtils.modifySAMLAdapterConfig(archive, adapterConfigPath);
}
}

View file

@ -30,9 +30,20 @@
<name>App Server - Tomcat</name>
<properties>
<common.resources>${project.parent.basedir}/common</common.resources>
<common.resources>${project.parent.basedir}/common/common-files</common.resources>
<assembly.xml>${project.parent.basedir}/assembly.xml</assembly.xml>
<app.server.tomcat.home>${containers.home}/${app.server.tomcat.unpacked.folder.name}</app.server.tomcat.home>
<tomcat.resteasy.version>${resteasy.version}</tomcat.resteasy.version>
<skip.dependencies.for.tomcat7>true</skip.dependencies.for.tomcat7>
<skip.dependencies.for.tomcat8>true</skip.dependencies.for.tomcat8>
<tomcat.scannotation.version>1.0.3</tomcat.scannotation.version>
<tomcat.javassist.version>3.18.2-GA</tomcat.javassist.version>
<tomcat.javaee-api.version>7.0</tomcat.javaee-api.version>
<tomcat.org.glassfish.web.el-impl.version>2.2</tomcat.org.glassfish.web.el-impl.version>
<tomcat.reactive-streams.version>1.0.2</tomcat.reactive-streams.version>
<tomcat.javax.json.bind-api.version>1.0</tomcat.javax.json.bind-api.version>
<tomcat.validation-api.version>1.0.0.GA</tomcat.validation-api.version>
</properties>
<profiles>
@ -40,7 +51,7 @@
<id>app-server-tomcat-submodules</id>
<activation>
<file>
<exists>src</exists>
<exists>src/tomcat-submodule</exists>
</file>
</activation>
<build>
@ -99,29 +110,98 @@
</configuration>
</execution>
<execution>
<id>libs-for-tomcat</id>
<id>libs-for-tomcat-7</id>
<phase>generate-test-resources</phase>
<goals>
<goal>copy</goal>
</goals>
<configuration>
<skip>${skip.dependencies.for.tomcat7}</skip>
<artifactItems>
<artifactItem>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-client</artifactId>
<artifactId>resteasy-jaxrs</artifactId>
<version>${tomcat.resteasy.version}</version>
</artifactItem>
<artifactItem>
<groupId>org.scannotation</groupId>
<artifactId>scannotation</artifactId>
<version>${tomcat.scannotation.version}</version>
</artifactItem>
<artifactItem>
<groupId>org.javassist</groupId>
<artifactId>javassist</artifactId>
<version>${tomcat.javassist.version}</version>
</artifactItem>
<artifactItem>
<groupId>javax</groupId>
<artifactId>javaee-api</artifactId>
<version>${tomcat.javaee-api.version}</version>
</artifactItem>
<artifactItem>
<!-- JSP compilation failed without this -->
<groupId>org.glassfish.web</groupId>
<artifactId>el-impl</artifactId>
<version>${tomcat.org.glassfish.web.el-impl.version}</version>
</artifactItem>
</artifactItems>
<outputDirectory>${app.server.tomcat.home}/lib</outputDirectory>
<overWriteIfNewer>true</overWriteIfNewer>
</configuration>
</execution>
<execution>
<id>libs-for-tomcat-8-and-9</id>
<phase>generate-test-resources</phase>
<goals>
<goal>copy</goal>
</goals>
<configuration>
<skip>${skip.dependencies.for.tomcat8}</skip>
<artifactItems>
<artifactItem>
<groupId>org.jboss.spec.javax.ws.rs</groupId>
<artifactId>jboss-jaxrs-api_2.1_spec</artifactId>
<version>${jboss-jaxrs-api_2.1_spec}</version>
</artifactItem>
<artifactItem>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-jaxrs</artifactId>
<version>${tomcat.resteasy.version}</version>
</artifactItem>
<artifactItem>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>1.4</version>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-servlet-initializer</artifactId>
<version>${tomcat.resteasy.version}</version>
</artifactItem>
<artifactItem>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpcore</artifactId>
<version>${apache.httpcomponents.httpcore.version}</version>
</artifactItem>
<artifactItem>
<groupId>org.reactivestreams</groupId>
<artifactId>reactive-streams</artifactId>
<version>${tomcat.reactive-streams.version}</version>
</artifactItem>
<artifactItem>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson.version}</version>
</artifactItem>
<artifactItem>
<groupId>org.jboss.logging</groupId>
<artifactId>jboss-logging</artifactId>
<version>${jboss.logging.version}</version>
</artifactItem>
<artifactItem>
<groupId>javax.json.bind</groupId>
<artifactId>javax.json.bind-api</artifactId>
<version>${tomcat.javax.json.bind-api.version}</version>
</artifactItem>
<artifactItem>
<groupId>javax.validation</groupId>
<artifactId>validation-api</artifactId>
<version>${tomcat.validation-api.version}</version>
</artifactItem>
</artifactItems>
<outputDirectory>${app.server.tomcat.home}/lib</outputDirectory>
@ -155,50 +235,6 @@
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-antrun-plugin</artifactId>
<executions>
<execution>
<id>parametrize-server-ports</id>
<phase>process-test-resources</phase>
<goals>
<goal>run</goal>
</goals>
<configuration>
<tasks>
<replace file="${app.server.tomcat.home}/conf/server.xml">
<replacetoken>8005</replacetoken>
<replacevalue>${tomcat.server.port}</replacevalue>
</replace>
<replace file="${app.server.tomcat.home}/conf/server.xml">
<replacetoken>8080</replacetoken>
<replacevalue>${tomcat.http.port}</replacevalue>
</replace>
<replace file="${app.server.tomcat.home}/conf/server.xml">
<replacetoken>8443</replacetoken>
<replacevalue>${tomcat.server.port}</replacevalue>
</replace>
<replace file="${app.server.tomcat.home}/conf/server.xml">
<replacetoken>8009</replacetoken>
<replacevalue>${tomcat.ajp.port}</replacevalue>
</replace>
<propertyfile
file="${app.server.tomcat.home}/conf/catalina.properties"
comment="Parametrized Tomcat Ports in server.xml">
<entry key="tomcat.server.port" value="8005"/>
<entry key="tomcat.http.port" value="8080"/>
<entry key="tomcat.https.port" value="8443"/>
<entry key="tomcat.ajp.port" value="8009"/>
</propertyfile>
</tasks>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<executions>
@ -273,6 +309,34 @@
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<executions>
<execution>
<id>copy-keycloak-truststore</id>
<phase>generate-resources</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>${app.server.tomcat.home}/lib</outputDirectory>
<resources>
<resource>
<directory>${common.resources}</directory>
<includes>
<include>keycloak.truststore</include>
</includes>
<filtering>true</filtering>
</resource>
</resources>
<nonFilteredFileExtensions>
<nonFilteredFileExtension>truststore</nonFilteredFileExtension>
</nonFilteredFileExtensions>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
@ -281,22 +345,23 @@
<id>app-server-tomcat7</id>
<modules>
<module>tomcat7</module>
<module>common</module>
</modules>
</profile>
<profile>
<id>app-server-tomcat8</id>
<modules>
<module>tomcat8</module>
<module>common</module>
</modules>
</profile>
<profile>
<id>app-server-tomcat9</id>
<modules>
<module>tomcat9</module>
<module>common</module>
</modules>
</profile>
</profiles>
</project>

View file

@ -26,8 +26,7 @@
<modelVersion>4.0.0</modelVersion>
<artifactId>integration-arquillian-servers-app-server-tomcat7</artifactId>
<packaging>pom</packaging>
<name>App Server - Tomcat - Tomcat 7</name>
<name>App Server - Tomcat 7</name>
<properties>
<app.server.tomcat>tomcat7</app.server.tomcat>
@ -39,6 +38,22 @@
<app.server.oidc.adapter.artifactId>keycloak-tomcat7-adapter-dist</app.server.oidc.adapter.artifactId>
<app.server.saml.adapter.artifactId>keycloak-saml-tomcat7-adapter-dist</app.server.saml.adapter.artifactId>
<!-- newer resteasy-jaxrs is not compatible with annotation-api which is provided by Tomcat7 -->
<tomcat.resteasy.version>2.3.1.GA</tomcat.resteasy.version>
<skip.dependencies.for.tomcat7>false</skip.dependencies.for.tomcat7>
</properties>
<dependencies>
<dependency>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-servers-app-server-tomcat-common</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.jboss.arquillian.container</groupId>
<artifactId>arquillian-tomcat-managed-7</artifactId>
<version>${arquillian-tomcat7-container-version}</version>
</dependency>
</dependencies>
</project>

View file

@ -1,5 +1,5 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* Copyright 2018 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -14,17 +14,17 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.adapter.example;
package org.keycloak.testsuite.arquillian.tomcat;
import org.keycloak.testsuite.adapter.example.authorization.AbstractPhotozExampleAdapterTest;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.jboss.arquillian.container.test.spi.client.deployment.ApplicationArchiveProcessor;
import org.jboss.arquillian.core.spi.LoadableExtension;
import org.keycloak.testsuite.arquillian.tomcat.container.Tomcat7DeploymentArchiveProcessor;
/**
*
* @author tkyjovsk
*/
@AppServerContainer("app-server-tomcat8")
//@AdapterLibsLocationProperty("adapter.libs.wildfly")
public class Tomcat8PhotozExampleAdapterTest extends AbstractPhotozExampleAdapterTest {
public class Tomcat7AppServerArquillianExtension implements LoadableExtension {
@Override
public void register(ExtensionBuilder builder) {
builder.service(ApplicationArchiveProcessor.class, Tomcat7DeploymentArchiveProcessor.class);
}
}

View file

@ -0,0 +1,41 @@
/*
* Copyright 2018 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.arquillian.tomcat.container;
import java.util.ArrayList;
import java.util.List;
import org.jboss.arquillian.container.tomcat.managed.Tomcat7ManagedContainer;
import org.jboss.arquillian.core.spi.Validate;
import org.jboss.shrinkwrap.descriptor.spi.node.Node;
import org.keycloak.testsuite.arquillian.container.AppServerContainerProvider;
import org.keycloak.testsuite.utils.arquillian.tomcat.TomcatAppServerConfigurationUtils;
public class Tomcat7AppServerProvider extends AbstractTomcatAppServerProvider {
@Override
public String getName() {
return "tomcat7";
}
@Override
protected String getContainerClassName() {
return Tomcat7ManagedContainer.class.getName();
}
}

View file

@ -0,0 +1,113 @@
/*
* Copyright 2018 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.arquillian.tomcat.container;
import org.jboss.arquillian.container.test.spi.client.deployment.ApplicationArchiveProcessor;
import org.jboss.arquillian.test.spi.TestClass;
import org.jboss.logging.Logger;
import org.jboss.shrinkwrap.api.Archive;
import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.keycloak.testsuite.utils.annotation.UseServletFilter;
import org.keycloak.testsuite.utils.arquillian.DeploymentArchiveProcessorUtils;
import org.keycloak.testsuite.utils.arquillian.tomcat.TomcatDeploymentArchiveProcessorUtils;
import org.keycloak.testsuite.utils.io.IOUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import java.util.Set;
import static org.keycloak.testsuite.utils.arquillian.DeploymentArchiveProcessorUtils.WEBXML_PATH;
import static org.keycloak.testsuite.utils.io.IOUtil.documentToString;
public class Tomcat7DeploymentArchiveProcessor extends CommonTomcatDeploymentArchiveProcessor {
@Override
public void process(Archive<?> archive, TestClass testClass) {
super.process(archive, testClass);
if (DeploymentArchiveProcessorUtils.checkRunOnServerDeployment(archive)) return;
Set<Class<?>> configClasses = TomcatDeploymentArchiveProcessorUtils.getApplicationConfigClasses(archive);
if (!configClasses.isEmpty()) {
// Tomcat 7 doesn't work with resteasy-servlet-initializer therefore we need to configure Tomcat the old way
// jax-rs docs: http://docs.jboss.org/resteasy/docs/3.6.1.Final/userguide/html_single/#d4e161
Document webXmlDoc;
try {
webXmlDoc = IOUtil.loadXML(
archive.get(WEBXML_PATH).getAsset().openStream());
} catch (Exception ex) {
throw new RuntimeException("Error when processing " + archive.getName(), ex);
}
addContextParam(webXmlDoc);
addServlet(webXmlDoc, configClasses.iterator().next().getName());
addServletMapping(webXmlDoc);
archive.add(new StringAsset((documentToString(webXmlDoc))), DeploymentArchiveProcessorUtils.WEBXML_PATH);
}
}
private void addServletMapping(Document doc) {
Element servletMapping = doc.createElement("servlet-mapping");
Element servetName = doc.createElement("servlet-name");
Element urlPattern = doc.createElement("url-pattern");
servetName.setTextContent("Resteasy");
urlPattern.setTextContent("/*");
servletMapping.appendChild(servetName);
servletMapping.appendChild(urlPattern);
IOUtil.appendChildInDocument(doc, "web-app", servletMapping);
}
private void addServlet(Document doc, String configClassName) {
Element servlet = doc.createElement("servlet");
Element servletName = doc.createElement("servlet-name");
Element servletClass = doc.createElement("servlet-class");
Element initParam = doc.createElement("init-param");
Element paramName = doc.createElement("param-name");
Element paramValue = doc.createElement("param-value");
servletName.setTextContent("Resteasy");
servletClass.setTextContent("org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher");
paramName.setTextContent("javax.ws.rs.Application");
paramValue.setTextContent(configClassName);
servlet.appendChild(servletName);
servlet.appendChild(servletClass);
initParam.appendChild(paramName);
initParam.appendChild(paramValue);
servlet.appendChild(initParam);
IOUtil.appendChildInDocument(doc, "web-app", servlet);
}
private void addContextParam(Document doc) {
Element contextParam = doc.createElement("context-param");
Element paramName = doc.createElement("param-name");
Element paramValue = doc.createElement("param-value");
paramName.setTextContent("resteasy.scan.resources");
paramValue.setTextContent("true");
contextParam.appendChild(paramName);
contextParam.appendChild(paramValue);
IOUtil.appendChildInDocument(doc, "web-app", contextParam);
}
}

View file

@ -0,0 +1 @@
org.keycloak.testsuite.arquillian.tomcat.Tomcat7AppServerArquillianExtension

View file

@ -0,0 +1 @@
org.keycloak.testsuite.arquillian.tomcat.container.Tomcat7AppServerProvider

View file

@ -26,8 +26,7 @@
<modelVersion>4.0.0</modelVersion>
<artifactId>integration-arquillian-servers-app-server-tomcat8</artifactId>
<packaging>pom</packaging>
<name>App Server - Tomcat - Tomcat 8</name>
<name>App Server - Tomcat 8</name>
<properties>
<app.server.tomcat>tomcat8</app.server.tomcat>
@ -39,6 +38,20 @@
<app.server.oidc.adapter.artifactId>keycloak-tomcat8-adapter-dist</app.server.oidc.adapter.artifactId>
<app.server.saml.adapter.artifactId>keycloak-saml-tomcat8-adapter-dist</app.server.saml.adapter.artifactId>
<skip.dependencies.for.tomcat8>false</skip.dependencies.for.tomcat8>
</properties>
<dependencies>
<dependency>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-servers-app-server-tomcat-common</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.jboss.arquillian.container</groupId>
<artifactId>arquillian-tomcat-managed-8</artifactId>
<version>${arquillian-tomcat8-container-version}</version>
</dependency>
</dependencies>
</project>

View file

@ -0,0 +1,30 @@
/*
* Copyright 2018 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.arquillian.tomcat;
import org.jboss.arquillian.container.test.spi.client.deployment.ApplicationArchiveProcessor;
import org.jboss.arquillian.core.spi.LoadableExtension;
import org.keycloak.testsuite.arquillian.tomcat.container.CommonTomcatDeploymentArchiveProcessor;
public class Tomcat8AppServerArquillianExtension implements LoadableExtension {
@Override
public void register(ExtensionBuilder builder) {
builder.service(ApplicationArchiveProcessor.class, CommonTomcatDeploymentArchiveProcessor.class);
}
}

View file

@ -0,0 +1,40 @@
/*
* Copyright 2018 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.arquillian.tomcat.container;
import java.util.ArrayList;
import java.util.List;
import org.jboss.arquillian.container.tomcat.managed.Tomcat8ManagedContainer;
import org.jboss.arquillian.core.spi.Validate;
import org.jboss.shrinkwrap.descriptor.spi.node.Node;
import org.keycloak.testsuite.arquillian.container.AppServerContainerProvider;
import org.keycloak.testsuite.utils.arquillian.tomcat.TomcatAppServerConfigurationUtils;
public class Tomcat8AppServerProvider extends AbstractTomcatAppServerProvider {
@Override
public String getName() {
return "tomcat8";
}
@Override
protected String getContainerClassName() {
return Tomcat8ManagedContainer.class.getName();
}
}

View file

@ -0,0 +1 @@
org.keycloak.testsuite.arquillian.tomcat.Tomcat8AppServerArquillianExtension

View file

@ -0,0 +1 @@
org.keycloak.testsuite.arquillian.tomcat.container.Tomcat8AppServerProvider

View file

@ -26,8 +26,7 @@
<modelVersion>4.0.0</modelVersion>
<artifactId>integration-arquillian-servers-app-server-tomcat9</artifactId>
<packaging>pom</packaging>
<name>App Server - Tomcat - Tomcat 9</name>
<name>App Server - Tomcat 9</name>
<properties>
<app.server.tomcat>tomcat9</app.server.tomcat>
@ -37,8 +36,24 @@
<app.server.tomcat.version>${tomcat9.version}</app.server.tomcat.version>
<app.server.tomcat.unpacked.folder.name>apache-tomcat-${tomcat9.version}</app.server.tomcat.unpacked.folder.name>
<!-- KEYCLOAK-9598 - There are no adapters for Tomcat 9 for now we use adapters for Tomcat 8 -->
<app.server.oidc.adapter.artifactId>keycloak-tomcat8-adapter-dist</app.server.oidc.adapter.artifactId>
<app.server.saml.adapter.artifactId>keycloak-saml-tomcat8-adapter-dist</app.server.saml.adapter.artifactId>
<skip.dependencies.for.tomcat8>false</skip.dependencies.for.tomcat8>
</properties>
<dependencies>
<dependency>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-servers-app-server-tomcat-common</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.jboss.arquillian.container</groupId>
<!-- There is no arquillian container for Tomcat 9 yet, for now we use container for Tomcat 8 -->
<artifactId>arquillian-tomcat-managed-8</artifactId>
<version>${arquillian-tomcat9-container-version}</version>
</dependency>
</dependencies>
</project>

View file

@ -0,0 +1,30 @@
/*
* Copyright 2018 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.arquillian.tomcat;
import org.jboss.arquillian.container.test.spi.client.deployment.ApplicationArchiveProcessor;
import org.jboss.arquillian.core.spi.LoadableExtension;
import org.keycloak.testsuite.arquillian.tomcat.container.CommonTomcatDeploymentArchiveProcessor;
public class Tomcat9AppServerArquillianExtension implements LoadableExtension {
@Override
public void register(ExtensionBuilder builder) {
builder.service(ApplicationArchiveProcessor.class, CommonTomcatDeploymentArchiveProcessor.class);
}
}

View file

@ -1,5 +1,5 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* Copyright 2018 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -14,17 +14,20 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.adapter.example;
import org.keycloak.testsuite.adapter.example.authorization.DefaultAuthzConfigAdapterTest;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
package org.keycloak.testsuite.arquillian.tomcat.container;
/**
*
* @author tkyjovsk
*/
@AppServerContainer("app-server-tomcat8")
//@AdapterLibsLocationProperty("adapter.libs.wildfly")
public class Tomcat8DefaultAuthzConfigAdapterTest extends DefaultAuthzConfigAdapterTest {
import org.jboss.arquillian.container.tomcat.managed.Tomcat8ManagedContainer;
public class Tomcat9AppServerProvider extends AbstractTomcatAppServerProvider {
@Override
public String getName() {
return "tomcat9";
}
@Override
protected String getContainerClassName() {
return Tomcat8ManagedContainer.class.getName();
}
}

View file

@ -0,0 +1 @@
org.keycloak.testsuite.arquillian.tomcat.Tomcat9AppServerArquillianExtension

View file

@ -0,0 +1 @@
org.keycloak.testsuite.arquillian.tomcat.container.Tomcat9AppServerProvider

View file

@ -36,9 +36,6 @@
<eap6.version>7.5.21.Final-redhat-1</eap6.version>
<eap71.version>7.1.5.GA-redhat-00002</eap71.version>
<jboss.as.version>7.1.1.Final</jboss.as.version>
<tomcat7.version>7.0.68</tomcat7.version>
<tomcat8.version>8.0.32</tomcat8.version>
<tomcat9.version>9.0.0.M3</tomcat9.version>
<karaf3.version>3.0.3</karaf3.version>
<fuse61.version>6.1.0.redhat-379</fuse61.version>
<!--<fuse62.version>6.2.0.redhat-133</fuse62.version>-->

View file

@ -15,6 +15,6 @@
~ limitations under the License.
-->
<Context path="/customer-portal">
<Context path="/hello-world-authz-service">
<Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
</Context>

View file

@ -15,6 +15,6 @@
~ limitations under the License.
-->
<Context path="/customer-portal">
<Context path="/servlet-authz-app">
<Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
</Context>

View file

@ -15,6 +15,6 @@
~ limitations under the License.
-->
<Context path="/customer-portal">
<Context path="/servlet-policy-enforcer">
<Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
</Context>

View file

@ -25,7 +25,6 @@ import org.keycloak.adapters.spi.AuthenticationError;
import org.keycloak.saml.processing.core.saml.v2.constants.X500SAMLProfileConstants;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
@ -48,7 +47,7 @@ import java.util.List;
* @version $Revision: 1 $
*/
@Path("/")
public class SendUsernameServlet extends HttpServlet {
public class SendUsernameServlet {
private static boolean checkRoles = false;
private static SamlAuthenticationError authError;
@ -60,7 +59,7 @@ public class SendUsernameServlet extends HttpServlet {
@GET
@NoCache
public Response doGet(@QueryParam("checkRoles") boolean checkRolesFlag) throws ServletException, IOException {
public Response doGet(@QueryParam("checkRoles") boolean checkRolesFlag) throws IOException {
System.out.println("In SendUsername Servlet doGet() check roles is " + (checkRolesFlag || checkRoles));
if (httpServletRequest.getUserPrincipal() != null && (checkRolesFlag || checkRoles) && !checkRoles()) {
return Response.status(Response.Status.FORBIDDEN).entity("Forbidden").build();
@ -71,7 +70,7 @@ public class SendUsernameServlet extends HttpServlet {
@POST
@NoCache
public Response doPost(@QueryParam("checkRoles") boolean checkRolesFlag) throws ServletException, IOException {
public Response doPost(@QueryParam("checkRoles") boolean checkRolesFlag) {
System.out.println("In SendUsername Servlet doPost() check roles is " + (checkRolesFlag || checkRoles));
if (httpServletRequest.getUserPrincipal() != null && (checkRolesFlag || checkRoles) && !checkRoles()) {
@ -94,14 +93,14 @@ public class SendUsernameServlet extends HttpServlet {
@GET
@Path("{path}")
public Response doGetElseWhere(@PathParam("path") String path, @QueryParam("checkRoles") boolean checkRolesFlag) throws ServletException, IOException {
public Response doGetElseWhere(@PathParam("path") String path, @QueryParam("checkRoles") boolean checkRolesFlag) throws IOException {
System.out.println("In SendUsername Servlet doGetElseWhere() - path: " + path);
return doGet(checkRolesFlag);
}
@POST
@Path("{path}")
public Response doPostElseWhere(@PathParam("path") String path, @QueryParam("checkRoles") boolean checkRolesFlag) throws ServletException, IOException {
public Response doPostElseWhere(@PathParam("path") String path, @QueryParam("checkRoles") boolean checkRolesFlag) throws IOException {
System.out.println("In SendUsername Servlet doPostElseWhere() - path: " + path);
return doPost(checkRolesFlag);
}

View file

@ -817,6 +817,105 @@
</plugins>
</build>
</profile>
<profile>
<id>app-server-tomcat7</id>
<activation>
<property>
<name>app.server</name>
<value>tomcat7</value>
</property>
</activation>
<properties>
<app.server>tomcat7</app.server> <!--in case the profile is called directly-->
<app.server.skip.unpack>false</app.server.skip.unpack>
<app.server.artifactId>integration-arquillian-servers-app-server-tomcat7</app.server.artifactId><!-- Need to override -->
<app.server.port.offset>0</app.server.port.offset>
<app.server.http.port>8080</app.server.http.port>
<app.server.management.port>9990</app.server.management.port>
</properties>
<dependencies>
<dependency>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-servers-app-server-tomcat7</artifactId>
<version>${project.version}</version>
<scope>runtime</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.commonjava.maven.plugins</groupId>
<artifactId>directory-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>app-server-tomcat8</id>
<activation>
<property>
<name>app.server</name>
<value>tomcat8</value>
</property>
</activation>
<properties>
<app.server>tomcat8</app.server> <!--in case the profile is called directly-->
<app.server.skip.unpack>false</app.server.skip.unpack>
<app.server.artifactId>integration-arquillian-servers-app-server-tomcat8</app.server.artifactId><!-- Need to override -->
<app.server.port.offset>0</app.server.port.offset>
<app.server.http.port>8080</app.server.http.port>
<app.server.management.port>9990</app.server.management.port>
</properties>
<dependencies>
<dependency>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-servers-app-server-tomcat8</artifactId>
<version>${project.version}</version>
<scope>runtime</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.commonjava.maven.plugins</groupId>
<artifactId>directory-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>app-server-tomcat9</id>
<activation>
<property>
<name>app.server</name>
<value>tomcat9</value>
</property>
</activation>
<properties>
<app.server>tomcat9</app.server> <!--in case the profile is called directly-->
<app.server.skip.unpack>false</app.server.skip.unpack>
<app.server.artifactId>integration-arquillian-servers-app-server-tomcat9</app.server.artifactId><!-- Need to override -->
<app.server.port.offset>0</app.server.port.offset>
<app.server.http.port>8080</app.server.http.port>
<app.server.management.port>9990</app.server.management.port>
</properties>
<dependencies>
<dependency>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-servers-app-server-tomcat9</artifactId>
<version>${project.version}</version>
<scope>runtime</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.commonjava.maven.plugins</groupId>
<artifactId>directory-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>auth-servers-crossdc-undertow</id>
<properties>

View file

@ -267,7 +267,7 @@ public class AppServerTestEnricher {
}
public static boolean isTomcatAppServer() {
return CURRENT_APP_SERVER.equals("tomcat");
return CURRENT_APP_SERVER.startsWith("tomcat");
}
public static boolean isEAP6AppServer() {

View file

@ -42,4 +42,8 @@ public interface ContainerConstants {
public static final String APP_SERVER_JETTY93 = APP_SERVER_PREFIX + "jetty93";
public static final String APP_SERVER_JETTY92 = APP_SERVER_PREFIX + "jetty92";
public static final String APP_SERVER_TOMCAT7 = APP_SERVER_PREFIX + "tomcat7";
public static final String APP_SERVER_TOMCAT8 = APP_SERVER_PREFIX + "tomcat8";
public static final String APP_SERVER_TOMCAT9 = APP_SERVER_PREFIX + "tomcat9";
}

View file

@ -89,7 +89,7 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest {
log.info("Setting redirect-uris in test realm '" + tr.getRealm() + "' as " + (isRelative() ? "" : "non-") + "relative");
modifyClientRedirectUris(tr, "http://localhost:8080", "");
modifyClientRedirectUris(tr, "^(/.*/\\*)",
modifyClientRedirectUris(tr, "^(.*/\\*)",
"http://localhost:" + System.getProperty("app.server.http.port", "8280") + "$1",
"http://localhost:" + System.getProperty("auth.server.http.port", "8180") + "$1",
"https://localhost:" + System.getProperty("app.server.https.port", "8643") + "$1",
@ -102,6 +102,8 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest {
"https://localhost:" + System.getProperty("auth.server.http.port", "8543"));
modifyClientUrls(tr, "http://localhost:8080", "");
modifySamlMasterURLs(tr, "http://localhost:8080", "");
modifySAMLClientsAttributes(tr, "http://localhost:8080", "");
if (isRelative()) {
modifyClientUrls(tr, appServerContextRootPage.toString(), "");
@ -109,8 +111,8 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest {
modifySAMLClientsAttributes(tr, "8080", System.getProperty("auth.server.http.port", "8180"));
} else {
modifyClientUrls(tr, "^(/.*)", appServerContextRootPage.toString() + "$1");
modifySamlMasterURLs(tr, "8080", AUTH_SERVER_PORT);
modifySAMLClientsAttributes(tr, "http://localhost:8080", appServerContextRootPage.toString());
modifySamlMasterURLs(tr, "^(/.*)", appServerContextRootPage.toString() + "$1");
modifySAMLClientsAttributes(tr, "^(/.*)", appServerContextRootPage.toString() + "$1");
modifyClientJWKSUrl(tr, "^(/.*)", appServerContextRootPage.toString() + "$1");
}
if (AUTH_SERVER_SSL_REQUIRED) {

View file

@ -20,7 +20,7 @@ package org.keycloak.testsuite.adapter;
import org.apache.commons.io.IOUtils;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.jboss.shrinkwrap.api.spec.JavaArchive;
import org.jboss.shrinkwrap.api.importer.ZipImporter;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.Assert;
import org.keycloak.testsuite.utils.arquillian.DeploymentArchiveProcessorUtils;
@ -30,7 +30,6 @@ import java.io.IOException;
import java.net.URL;
import java.nio.file.Paths;
import java.util.function.Consumer;
import java.util.function.Supplier;
/**
*
@ -63,9 +62,10 @@ public abstract class AbstractExampleAdapterTest extends AbstractAdapterTest {
}
protected static WebArchive exampleDeployment(String name, Consumer<WebArchive> additionalResources) {
WebArchive webArchive = ShrinkWrap.createFromZipFile(WebArchive.class,
new File(EXAMPLES_HOME + "/" + name + "-" + EXAMPLES_VERSION_SUFFIX + ".war"))
.addAsWebInfResource(jbossDeploymentStructure, JBOSS_DEPLOYMENT_STRUCTURE_XML);
WebArchive webArchive = ShrinkWrap.create(ZipImporter.class, name + ".war")
.importFrom(new File(EXAMPLES_HOME + "/" + name + "-" + EXAMPLES_VERSION_SUFFIX + ".war"))
.as(WebArchive.class)
.addAsWebInfResource(jbossDeploymentStructure, JBOSS_DEPLOYMENT_STRUCTURE_XML);
additionalResources.accept(webArchive);
@ -92,8 +92,9 @@ public abstract class AbstractExampleAdapterTest extends AbstractAdapterTest {
URL webXML = Paths.get(EXAMPLES_WEB_XML).toUri().toURL();
String webXmlContent = IOUtils.toString(webXML.openStream(), "UTF-8")
.replace("%CONTEXT_PATH%", contextPath);
WebArchive webArchive = ShrinkWrap.createFromZipFile(WebArchive.class,
new File(EXAMPLES_HOME + "/" + name + "-" + EXAMPLES_VERSION_SUFFIX + ".war"))
WebArchive webArchive = ShrinkWrap.create(ZipImporter.class, name + ".war")
.importFrom(new File(EXAMPLES_HOME + "/" + name + "-" + EXAMPLES_VERSION_SUFFIX + ".war"))
.as(WebArchive.class)
.addAsWebInfResource(jbossDeploymentStructure, JBOSS_DEPLOYMENT_STRUCTURE_XML)
.add(new StringAsset(webXmlContent), "/WEB-INF/web.xml");

View file

@ -52,6 +52,9 @@ import static org.keycloak.testsuite.utils.io.IOUtil.loadRealm;
@AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
@AppServerContainer(ContainerConstants.APP_SERVER_UNDERTOW)
@AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT7)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9)
public class DefaultAuthzConfigAdapterTest extends AbstractExampleAdapterTest {
private static final String REALM_NAME = "hello-world-authz";

View file

@ -16,17 +16,18 @@
*/
package org.keycloak.testsuite.adapter.example.authorization;
import static org.junit.Assert.assertTrue;
import java.io.File;
import java.io.IOException;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.Test;
import org.keycloak.testsuite.arquillian.AppServerTestEnricher;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.arquillian.containers.ContainerConstants;
import static org.assertj.core.api.Java6Assertions.assertThat;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
@ -36,6 +37,9 @@ import org.keycloak.testsuite.arquillian.containers.ContainerConstants;
@AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
@AppServerContainer(ContainerConstants.APP_SERVER_UNDERTOW)
@AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT7)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9)
public class PermissiveModeAdapterTest extends AbstractBaseServletAuthzAdapterTest {
@Deployment(name = RESOURCE_SERVER_ID, managed = false)
@ -50,11 +54,11 @@ public class PermissiveModeAdapterTest extends AbstractBaseServletAuthzAdapterTe
login("jdoe", "jdoe");
driver.navigate().to(getResourceServerUrl() + "/enforcing/resource");
if (System.getProperty("app.server","").startsWith("eap6")) {
assertTrue(driver.getPageSource().contains("HTTP Status 404"));
if (AppServerTestEnricher.isEAP6AppServer() || AppServerTestEnricher.isTomcatAppServer()) {
assertThat(driver.getPageSource()).contains("HTTP Status 404");
} else {
assertTrue(driver.getTitle().equals("Error"));
assertTrue(driver.getPageSource().contains("Not Found"));
assertThat(driver.getTitle()).isEqualTo("Error");
assertThat(driver.getPageSource()).contains("Not Found");
}
driver.navigate().to(getResourceServerUrl() + "/protected/admin");

View file

@ -34,6 +34,9 @@ import org.keycloak.testsuite.arquillian.containers.ContainerConstants;
@AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
@AppServerContainer(ContainerConstants.APP_SERVER_UNDERTOW)
@AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT7)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9)
public class ServletAuthzCIPAdapterTest extends AbstractServletAuthzAdapterTest {
@Deployment(name = RESOURCE_SERVER_ID, managed = false)

View file

@ -36,6 +36,9 @@ import org.keycloak.testsuite.arquillian.containers.ContainerConstants;
@AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
@AppServerContainer(ContainerConstants.APP_SERVER_UNDERTOW)
@AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT7)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9)
public class ServletAuthzCacheDisabledAdapterTest extends AbstractServletAuthzAdapterTest {
@Deployment(name = RESOURCE_SERVER_ID, managed = false)

View file

@ -35,6 +35,9 @@ import org.keycloak.testsuite.arquillian.containers.ContainerConstants;
@AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
@AppServerContainer(ContainerConstants.APP_SERVER_UNDERTOW)
@AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT7)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9)
public class ServletAuthzCacheLifespanAdapterTest extends AbstractServletAuthzAdapterTest {
@Deployment(name = RESOURCE_SERVER_ID, managed = false)

View file

@ -34,6 +34,9 @@ import org.keycloak.testsuite.arquillian.containers.ContainerConstants;
@AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
@AppServerContainer(ContainerConstants.APP_SERVER_UNDERTOW)
@AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT7)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9)
public class ServletAuthzLazyLoadPathsAdapterTest extends AbstractServletAuthzAdapterTest {
@Deployment(name = RESOURCE_SERVER_ID, managed = false)

View file

@ -32,6 +32,9 @@ import org.keycloak.testsuite.arquillian.containers.ContainerConstants;
@AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
@AppServerContainer(ContainerConstants.APP_SERVER_UNDERTOW)
@AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT7)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9)
public class ServletAuthzNoLazyLoadPathsAdapterTest extends AbstractServletAuthzAdapterTest {
@Deployment(name = RESOURCE_SERVER_ID, managed = false)

View file

@ -58,6 +58,9 @@ import org.openqa.selenium.By;
@AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
@AppServerContainer(ContainerConstants.APP_SERVER_UNDERTOW)
@AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT7)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9)
public class ServletPolicyEnforcerTest extends AbstractExampleAdapterTest {
protected static final String REALM_NAME = "servlet-policy-enforcer-authz";

View file

@ -126,9 +126,6 @@ public class ClientInitiatedAccountLinkTest extends AbstractServletsAdapterTest
servlet.setClientId("client-linking");
servlet.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
String uri = "/client-linking";
if (!isRelative()) {
uri = appServerContextRootPage.toString() + uri;
}
servlet.setAdminUrl(uri);
servlet.setDirectAccessGrantsEnabled(true);
servlet.setBaseUrl(uri);

View file

@ -132,6 +132,9 @@ import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
@AppServerContainer(ContainerConstants.APP_SERVER_EAP)
@AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
@AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT7)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9)
public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
// Javascript browser needed KEYCLOAK-4703

View file

@ -172,6 +172,9 @@ import org.xml.sax.SAXException;
@AppServerContainer(ContainerConstants.APP_SERVER_EAP)
@AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
@AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT7)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9)
public class SAMLServletAdapterTest extends AbstractServletsAdapterTest {
@Page
protected BadClientSalesPostSigServlet badClientSalesPostSigServletPage;

View file

@ -55,6 +55,9 @@ import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWithLo
@AppServerContainer(ContainerConstants.APP_SERVER_EAP)
@AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
@AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT7)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8)
@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9)
public class SessionServletAdapterTest extends AbstractServletsAdapterTest {
@Page
@ -208,3 +211,4 @@ public class SessionServletAdapterTest extends AbstractServletsAdapterTest {
}
}

View file

@ -175,7 +175,7 @@
"enabled": true,
"baseUrl": "/",
"redirectUris": [
"http://localhost:8280/*"
"http://localhost:8080/*"
],
"secret": "password"
},

View file

@ -100,7 +100,6 @@
<modules>
<module>jboss</module>
<module>karaf</module>
<module>tomcat</module>
<module>was</module>
<module>wls</module>
</modules>

View file

@ -1,56 +0,0 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xalan="http://xml.apache.org/xalan"
xmlns:a="http://jboss.org/schema/arquillian"
version="2.0"
exclude-result-prefixes="xalan a">
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
<xsl:strip-space elements="*"/>
<xsl:template match="/a:arquillian">
<xsl:copy>
<xsl:apply-templates select="node()|@*"/>
<container qualifier="app-server-${{app.server}}" mode="manual" >
<configuration>
<property name="enabled">true</property>
<property name="adapterImplClass">org.jboss.arquillian.container.tomcat.managed_7.TomcatManagedContainer</property>
<property name="catalinaHome">${app.server.home}</property>
<property name="catalinaBase">${app.server.home}</property>
<property name="bindHttpPort">${app.server.http.port}</property>
<property name="jmxPort">${app.server.management.port}</property>
<property name="user">manager</property>
<property name="pass">arquillian</property>
<property name="javaVmArguments">${adapter.test.props}</property>
</configuration>
</container>
</xsl:copy>
</xsl:template>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()" />
</xsl:copy>
</xsl:template>
</xsl:stylesheet>

View file

@ -1,65 +0,0 @@
<?xml version="1.0"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-tests-adapters</artifactId>
<version>5.0.0-SNAPSHOT</version>
</parent>
<artifactId>integration-arquillian-tests-adapters-tomcat</artifactId>
<packaging>pom</packaging>
<name>Adapter Tests - Tomcat</name>
<properties>
<common.resources>${project.parent.basedir}/common</common.resources>
<!--TODO: implement "port offset" for tomcat-->
<app.server.port.offset>0</app.server.port.offset>
<app.server.http.port>8080</app.server.http.port>
<app.server.management.port>9990</app.server.management.port>
</properties>
<profiles>
<profile>
<id>app-server-tomcat7</id>
<modules>
<module>tomcat7</module>
</modules>
</profile>
<profile>
<id>app-server-tomcat8</id>
<modules>
<module>tomcat8</module>
</modules>
</profile>
<profile>
<id>app-server-tomcat9</id>
<modules>
<module>tomcat9</module>
</modules>
</profile>
</profiles>
</project>

View file

@ -1,46 +0,0 @@
<?xml version="1.0"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-tests-adapters-tomcat</artifactId>
<version>5.0.0-SNAPSHOT</version>
</parent>
<artifactId>integration-arquillian-tests-adapters-tomcat7</artifactId>
<name>Adapter Tests - Tomcat - Tomcat 7</name>
<properties>
<app.server>tomcat7</app.server>
</properties>
<dependencies>
<dependency>
<groupId>org.jboss.arquillian.container</groupId>
<artifactId>arquillian-tomcat-managed-7</artifactId>
<version>1.0.0.CR7</version>
</dependency>
</dependencies>
</project>

View file

@ -1,13 +0,0 @@
package org.keycloak.testsuite.adapter;
import org.keycloak.testsuite.adapter.servlet.DemoServletsAdapterTest;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
/**
*
* @author tkyjovsk
*/
@AppServerContainer("app-server-tomcat7")
public class Tomcat7OIDCAdapterTest extends DemoServletsAdapterTest {
}

View file

@ -1,13 +0,0 @@
package org.keycloak.testsuite.adapter;
import org.keycloak.testsuite.adapter.servlet.SessionServletAdapterTest;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
/**
*
* @author tkyjovsk
*/
@AppServerContainer("app-server-tomcat7")
public class Tomcat7OIDCSessionAdapterTest extends SessionServletAdapterTest {
}

View file

@ -1,46 +0,0 @@
<?xml version="1.0"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-tests-adapters-tomcat</artifactId>
<version>5.0.0-SNAPSHOT</version>
</parent>
<artifactId>integration-arquillian-tests-adapters-tomcat8</artifactId>
<name>Adapter Tests - Tomcat - Tomcat 8</name>
<properties>
<app.server>tomcat8</app.server>
</properties>
<dependencies>
<dependency>
<groupId>org.jboss.arquillian.container</groupId>
<artifactId>arquillian-tomcat-managed-7</artifactId>
<version>1.0.0.CR7</version>
</dependency>
</dependencies>
</project>

View file

@ -1,13 +0,0 @@
package org.keycloak.testsuite.adapter;
import org.keycloak.testsuite.adapter.servlet.DemoServletsAdapterTest;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
/**
*
* @author tkyjovsk
*/
@AppServerContainer("app-server-tomcat8")
public class Tomcat8OIDCAdapterTest extends DemoServletsAdapterTest {
}

View file

@ -1,13 +0,0 @@
package org.keycloak.testsuite.adapter;
import org.keycloak.testsuite.adapter.servlet.SessionServletAdapterTest;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
/**
*
* @author tkyjovsk
*/
@AppServerContainer("app-server-tomcat8")
public class Tomcat8OIDCSessionAdapterTest extends SessionServletAdapterTest {
}

View file

@ -1,46 +0,0 @@
<?xml version="1.0"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-tests-adapters-tomcat</artifactId>
<version>5.0.0-SNAPSHOT</version>
</parent>
<artifactId>integration-arquillian-tests-adapters-tomcat9</artifactId>
<name>Adapter Tests - Tomcat - Tomcat 9</name>
<properties>
<app.server>tomcat9</app.server>
</properties>
<dependencies>
<dependency>
<groupId>org.jboss.arquillian.container</groupId>
<artifactId>arquillian-tomcat-managed-7</artifactId>
<version>1.0.0.CR7</version>
</dependency>
</dependencies>
</project>

View file

@ -1,13 +0,0 @@
package org.keycloak.testsuite.adapter;
import org.keycloak.testsuite.adapter.servlet.DemoServletsAdapterTest;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
/**
*
* @author tkyjovsk
*/
@AppServerContainer("app-server-tomcat9")
public class Tomcat9OIDCAdapterTest extends DemoServletsAdapterTest {
}

View file

@ -1,13 +0,0 @@
package org.keycloak.testsuite.adapter;
import org.keycloak.testsuite.adapter.servlet.SessionServletAdapterTest;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
/**
*
* @author tkyjovsk
*/
@AppServerContainer("app-server-tomcat9")
public class Tomcat9OIDCSessionAdapterTest extends SessionServletAdapterTest {
}

View file

@ -71,5 +71,21 @@
<artifactId>jastow</artifactId>
<version>2.1.0.Final</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.5</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.6</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.jboss.spec.javax.ws.rs</groupId>
<artifactId>jboss-jaxrs-api_2.1_spec</artifactId>
<version>1.0.1.Final</version>
</dependency>
</dependencies>
</project>

View file

@ -18,6 +18,8 @@ package org.keycloak.testsuite.utils.arquillian;
import java.io.File;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpression;
@ -59,6 +61,8 @@ public class DeploymentArchiveProcessorUtils {
public static final String SAML_ADAPTER_CONFIG_PATH_TENANT1 = "/WEB-INF/classes/tenant1-keycloak-saml.xml";
public static final String SAML_ADAPTER_CONFIG_PATH_TENANT2 = "/WEB-INF/classes/tenant2-keycloak-saml.xml";
public static final String TRUSTSTORE_PASSWORD = "secret";
public static final Collection<String> SAML_CONFIGS = Arrays.asList(SAML_ADAPTER_CONFIG_PATH,
SAML_ADAPTER_CONFIG_PATH_TENANT1, SAML_ADAPTER_CONFIG_PATH_TENANT2);
/**
* @return true iff archive's name equals run-on-server-classes.war

View file

@ -0,0 +1,49 @@
package org.keycloak.testsuite.utils.arquillian.tomcat;
import org.jboss.shrinkwrap.descriptor.spi.node.Node;
public class TomcatAppServerConfigurationUtils {
private static void createChild(Node configuration, String name, String text) {
configuration.createChild("property").attribute("name", name).text(text);
}
/**
* Original XSL transformation
* <p>
* <container qualifier="app-server-${{app.server}}" mode="manual" >
* <configuration>
* <property name="enabled">true</property>
* <property name="adapterImplClass">org.jboss.arquillian.container.tomcat.managed_7.TomcatManagedContainer</property>
* <property name="catalinaHome">${app.server.home}</property>
* <property name="catalinaBase">${app.server.home}</property>
* <property name="bindHttpPort">${app.server.http.port}</property>
* <property name="jmxPort">${app.server.management.port}</property>
* <property name="user">manager</property>
* <property name="pass">arquillian</property>
* <property name="javaVmArguments">${adapter.test.props}</property>
* </configuration>
* </container>
*
* @return arquillian configuration for tomcat container
*/
public static Node getStandaloneConfiguration(Node container, String adapterImplClass,
String catalinaHome, String bindHttpPort, String jmxPort,
String user, String pass, String startupTimeoutInSeconds) {
Node configuration = container.createChild("configuration");
createChild(configuration, "enabled", "true");
createChild(configuration, "adapterImplClass", adapterImplClass);
createChild(configuration, "catalinaHome", catalinaHome);
createChild(configuration, "catalinaBase", catalinaHome);
createChild(configuration, "bindHttpPort", bindHttpPort);
createChild(configuration, "jmxPort", jmxPort);
createChild(configuration, "user", user);
createChild(configuration, "pass", pass);
createChild(configuration, "javaVmArguments",
System.getProperty("adapter.test.props", " ") + " " +
System.getProperty("app.server.jboss.jvm.debug.args", " "));
createChild(configuration,"startupTimeoutInSeconds", startupTimeoutInSeconds);
return container;
}
}

View file

@ -0,0 +1,138 @@
package org.keycloak.testsuite.utils.arquillian.tomcat;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.io.IOUtils;
import org.jboss.logging.Logger;
import org.jboss.shrinkwrap.api.Archive;
import org.jboss.shrinkwrap.api.Node;
import org.jboss.shrinkwrap.api.asset.ClassAsset;
import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.keycloak.testsuite.utils.arquillian.DeploymentArchiveProcessorUtils;
import org.w3c.dom.Document;
import javax.ws.rs.ApplicationPath;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import static org.keycloak.testsuite.utils.io.IOUtil.documentToString;
import static org.keycloak.testsuite.utils.io.IOUtil.loadXML;
import static org.keycloak.testsuite.utils.io.IOUtil.modifyDocElementValue;
import static org.keycloak.testsuite.utils.io.IOUtil.removeElementFromDoc;
public class TomcatDeploymentArchiveProcessorUtils {
private static final String WAR_CLASSPATH = "/WEB-INF/classes/";
private static final String CONTEXT_PATH = "/META-INF/context.xml";
private static final String OIDC_VALVE_CLASS = "org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve";
private static final String SAML_VALVE_CLASS = "org.keycloak.adapters.saml.tomcat.SamlAuthenticatorValve";
private static final Logger LOG = Logger.getLogger(DeploymentArchiveProcessorUtils.class);
/**
* Tomcat doesn't load files (e. g. secure-portal keystore) from webarchive classpath
* we need to copy it to common classpath /catalina_home/lib
* @param archive
*/
public static void copyWarClasspathFilesToCommonTomcatClasspath(Archive<?> archive) {
Stream<Node> contentOfArchiveClasspath = archive.getContent(archivePath ->
archivePath.get().startsWith(WAR_CLASSPATH)).values().stream() // get all nodes in WAR classpath
.filter(node -> StringUtils.countMatches(node.toString(), "/")
== StringUtils.countMatches(WAR_CLASSPATH, "/") // get only files not directories
&& node.toString().contains("."));
String catalinaHome = System.getProperty("app.server.home");
contentOfArchiveClasspath.forEach(
(Node node) -> {
Path p = Paths.get(node.toString());
File outputFile = new File(catalinaHome + "/lib/" + p.getFileName().toString());
if (!outputFile.exists()) {
try {
Files.copy(node.getAsset().openStream(), outputFile.toPath());
} catch (IOException e) {
throw new RuntimeException("Couldn't copy classpath files from deployed war to common classpath of tomcat", e);
}
}
}
);
}
public static void replaceKEYCLOAKMethodWithBASIC(Archive<?> archive) {
if (!archive.contains(DeploymentArchiveProcessorUtils.WEBXML_PATH)) return;
try {
Document webXmlDoc = loadXML(archive.get(DeploymentArchiveProcessorUtils.WEBXML_PATH).getAsset().openStream());
LOG.debug("Setting BASIC as auth-method in WEB.XML for " + archive.getName());
modifyDocElementValue(webXmlDoc, "auth-method", "KEYCLOAK-SAML", "BASIC");
modifyDocElementValue(webXmlDoc, "auth-method", "KEYCLOAK", "BASIC");
archive.add(new StringAsset((documentToString(webXmlDoc))), DeploymentArchiveProcessorUtils.WEBXML_PATH);
} catch (IllegalArgumentException ex) {
throw new RuntimeException("Error when processing " + archive.getName(), ex);
}
}
public static void removeServletConfigurationInWebXML(Archive<?> archive) {
if (!archive.contains(DeploymentArchiveProcessorUtils.WEBXML_PATH)) return;
try {
Document webXmlDoc = loadXML(archive.get(DeploymentArchiveProcessorUtils.WEBXML_PATH).getAsset().openStream());
LOG.debug("Removing web.xml servlet configuration for " + archive.getName());
removeElementFromDoc(webXmlDoc, "web-app/servlet");
removeElementFromDoc(webXmlDoc, "web-app/servlet-mapping");
archive.add(new StringAsset((documentToString(webXmlDoc))), DeploymentArchiveProcessorUtils.WEBXML_PATH);
} catch (IllegalArgumentException ex) {
throw new RuntimeException("Error when processing " + archive.getName(), ex);
}
}
public static void replaceOIDCValveWithSAMLValve(Archive<?> archive) {
try {
String contextXmlContent = IOUtils.toString(archive.get(CONTEXT_PATH).getAsset().openStream(), "UTF-8")
.replace(OIDC_VALVE_CLASS, SAML_VALVE_CLASS);
archive.add(new StringAsset(contextXmlContent), CONTEXT_PATH);
} catch (IOException ex) {
throw new RuntimeException(ex);
}
}
public static boolean isJaxRSApp(Archive<?> archive) {
WebArchive webArchive = (WebArchive) archive;
Set<Class<?>> classes = webArchive.getContent(archivePath ->
archivePath.get().startsWith("/WEB-INF/classes/") &&
archivePath.get().endsWith(".class")
).values().stream()
.filter(node -> node.getAsset() instanceof ClassAsset)
.map(node -> ((ClassAsset)node.getAsset()).getSource())
.filter(clazz -> clazz.isAnnotationPresent(javax.ws.rs.Path.class))
.collect(Collectors.toSet());
return !classes.isEmpty();
}
public static Set<Class<?>> getApplicationConfigClasses(Archive<?> archive) {
WebArchive webArchive = (WebArchive) archive;
return webArchive.getContent(archivePath ->
archivePath.get().startsWith("/WEB-INF/classes/") &&
archivePath.get().endsWith(".class")
).values().stream()
.filter(node -> node.getAsset() instanceof ClassAsset)
.map(node -> ((ClassAsset)node.getAsset()).getSource())
.filter(clazz -> clazz.isAnnotationPresent(ApplicationPath.class))
.collect(Collectors.toSet());
}
public static boolean containsApplicationConfigClass(Archive<?> archive) {
return !getApplicationConfigClasses(archive).isEmpty();
}
}

View file

@ -1,653 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.helper.adapter;
import org.keycloak.testsuite.pages.InputPage;
import org.junit.Assert;
import org.junit.rules.ExternalResource;
import org.keycloak.OAuth2Constants;
import org.keycloak.adapters.OIDCAuthenticationError;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.common.util.Time;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.SessionTimeoutHelper;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.ResourceAdminManager;
import org.keycloak.testsuite.KeycloakServer;
import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.pages.AccountSessionsPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.keycloak.testsuite.rule.ErrorServlet;
import org.keycloak.testsuite.rule.KeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule;
import org.keycloak.util.BasicAuthHelper;
import org.openqa.selenium.WebDriver;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import java.net.URI;
import java.util.List;
import java.util.Map;
import java.util.concurrent.atomic.AtomicInteger;
/**
* Tests Jetty/Tomcat Adapter
*
* Methods from this class are used by testsuite/jetty/* and testsuite/tomcat* modules
*
* TODO: remove this when testsuite/jetty/* and testsuite/tomcat* modules will be migrated to arquillian testsuite
*
* @author <a href="mailto:bburke@redhat.com">Bill Burke</a>
* @author <a href="mailto:john.ament@spartasystems.com">John Ament</a>
*/
public class AdapterTestStrategy extends ExternalResource {
protected String AUTH_SERVER_URL = "http://localhost:8081/auth";
protected String APP_SERVER_BASE_URL = "http://localhost:8081";
protected AbstractKeycloakRule keycloakRule;
// some servlet containers redirect to root + "/" if you visit root context
protected String slash = "";
public WebRule webRule = new WebRule(this);
@WebResource
protected WebDriver driver;
@WebResource
protected OAuthClient oauth;
@WebResource
protected LoginPage loginPage;
@WebResource
protected InputPage inputPage;
@WebResource
protected AccountSessionsPage accountSessionsPage;
protected String LOGIN_URL = OIDCLoginProtocolService.authUrl(UriBuilder.fromUri(AUTH_SERVER_URL)).build("demo").toString();
public AdapterTestStrategy(String AUTH_SERVER_URL, String APP_SERVER_BASE_URL, AbstractKeycloakRule keycloakRule) {
this.AUTH_SERVER_URL = AUTH_SERVER_URL;
this.APP_SERVER_BASE_URL = APP_SERVER_BASE_URL;
this.keycloakRule = keycloakRule;
}
public AdapterTestStrategy(String AUTH_SERVER_URL, String APP_SERVER_BASE_URL, AbstractKeycloakRule keycloakRule, boolean addSlash) {
this.AUTH_SERVER_URL = AUTH_SERVER_URL;
this.APP_SERVER_BASE_URL = APP_SERVER_BASE_URL;
this.keycloakRule = keycloakRule;
// some servlet containers redirect to root + "/" if you visit root context
if (addSlash) slash = "/";
}
public static RealmModel baseAdapterTestInitialization(KeycloakSession session, RealmManager manager, RealmModel adminRealm, Class<?> clazz) {
RealmRepresentation representation = KeycloakServer.loadJson(clazz.getResourceAsStream("/adapter-test/demorealm.json"), RealmRepresentation.class);
RealmModel demoRealm = manager.importRealm(representation);
return demoRealm;
}
@Override
protected void before() throws Throwable {
super.before();
webRule.before();
}
@Override
protected void after() {
super.after();
webRule.after();
// Revert notBefore
KeycloakSession session = keycloakRule.startSession();
RealmModel realm = session.realms().getRealmByName("demo");
session.getContext().setRealm(realm);
UserModel user = session.users().getUserByUsername("bburke@redhat.com", realm);
session.users().setNotBeforeForUser(realm, user, 0);
session.getTransactionManager().commit();
session.close();
}
public void testSavedPostRequest() throws Exception {
// test login to customer-portal which does a bearer request to customer-db
driver.navigate().to(APP_SERVER_BASE_URL + "/input-portal");
System.out.println("Current url: " + driver.getCurrentUrl());
Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/input-portal" + slash);
inputPage.execute("hello");
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
loginPage.login("bburke@redhat.com", "password");
System.out.println("Current url: " + driver.getCurrentUrl());
Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/input-portal/secured/post");
String pageSource = driver.getPageSource();
System.out.println(pageSource);
Assert.assertTrue(pageSource.contains("parameter=hello"));
// test that user principal and KeycloakSecurityContext available
driver.navigate().to(APP_SERVER_BASE_URL + "/input-portal/insecure");
System.out.println("insecure: ");
System.out.println(driver.getPageSource());
Assert.assertTrue(driver.getPageSource().contains("Insecure Page"));
if (System.getProperty("insecure.user.principal.unsupported") == null)
Assert.assertTrue(driver.getPageSource().contains("UserPrincipal"));
// test logout
String logoutUri = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
.queryParam(OAuth2Constants.REDIRECT_URI, APP_SERVER_BASE_URL + "/customer-portal").build("demo").toString();
driver.navigate().to(logoutUri);
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
// test unsecured POST KEYCLOAK-901
Client client = ClientBuilder.newClient();
Form form = new Form();
form.param("parameter", "hello");
String text = client.target(APP_SERVER_BASE_URL + "/input-portal/unsecured").request().post(Entity.form(form), String.class);
Assert.assertTrue(text.contains("parameter=hello"));
client.close();
}
public void testLoginSSOAndLogout() throws Exception {
// test login to customer-portal which does a bearer request to customer-db
driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
System.out.println("Current url: " + driver.getCurrentUrl());
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
loginPage.login("bburke@redhat.com", "password");
System.out.println("Current url: " + driver.getCurrentUrl());
Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/customer-portal" + slash);
String pageSource = driver.getPageSource();
System.out.println(pageSource);
Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
// test SSO
driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/product-portal" + slash);
pageSource = driver.getPageSource();
System.out.println(pageSource);
Assert.assertTrue(pageSource.contains("iPhone") && pageSource.contains("iPad"));
// View stats
try (Keycloak adminClient = Keycloak.getInstance("http://localhost:8081/auth", "master", "admin", "admin", Constants.ADMIN_CLI_CLIENT_ID)) {
List<Map<String, String>> stats = adminClient.realm("demo").getClientSessionStats();
Map<String, String> customerPortalStats = null;
Map<String, String> productPortalStats = null;
for (Map<String, String> s : stats) {
if (s.get("clientId").equals("customer-portal")) {
customerPortalStats = s;
} else if (s.get("clientId").equals("product-portal")) {
productPortalStats = s;
}
}
Assert.assertEquals(1, Integer.parseInt(customerPortalStats.get("active")));
Assert.assertEquals(1, Integer.parseInt(productPortalStats.get("active")));
}
// test logout
String logoutUri = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
.queryParam(OAuth2Constants.REDIRECT_URI, APP_SERVER_BASE_URL + "/customer-portal").build("demo").toString();
driver.navigate().to(logoutUri);
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
}
/**
* KEYCLOAK-3509
*
* @throws Exception
*/
public void testLoginEncodedRedirectUri() throws Exception {
// test login to customer-portal which does a bearer request to customer-db
driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal?encodeTest=a%3Cb");
System.out.println("Current url: " + driver.getCurrentUrl());
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
loginPage.login("bburke@redhat.com", "password");
System.out.println("Current url: " + driver.getCurrentUrl());
Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/product-portal" + slash + "?encodeTest=a%3Cb");
String pageSource = driver.getPageSource();
System.out.println(pageSource);
Assert.assertTrue(pageSource.contains("iPhone"));
Assert.assertTrue(pageSource.contains("uriEncodeTest=true"));
// test logout
String logoutUri = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
.queryParam(OAuth2Constants.REDIRECT_URI, APP_SERVER_BASE_URL + "/product-portal").build("demo").toString();
driver.navigate().to(logoutUri);
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
}
public void testServletRequestLogout() throws Exception {
// test login to customer-portal which does a bearer request to customer-db
driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
System.out.println("Current url: " + driver.getCurrentUrl());
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
loginPage.login("bburke@redhat.com", "password");
System.out.println("Current url: " + driver.getCurrentUrl());
Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/customer-portal" + slash);
String pageSource = driver.getPageSource();
System.out.println(pageSource);
Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
// test SSO
driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/product-portal" + slash);
pageSource = driver.getPageSource();
System.out.println(pageSource);
Assert.assertTrue(pageSource.contains("iPhone") && pageSource.contains("iPad"));
// back
driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
System.out.println("Current url: " + driver.getCurrentUrl());
Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/customer-portal" + slash);
pageSource = driver.getPageSource();
System.out.println(pageSource);
Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
// test logout
driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal/logout");
Assert.assertTrue(driver.getPageSource().contains("servlet logout ok"));
driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
String currentUrl = driver.getCurrentUrl();
Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
}
public void testLoginSSOIdle() throws Exception {
// test login to customer-portal which does a bearer request to customer-db
driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
System.out.println("Current url: " + driver.getCurrentUrl());
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
loginPage.login("bburke@redhat.com", "password");
System.out.println("Current url: " + driver.getCurrentUrl());
Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/customer-portal" + slash);
String pageSource = driver.getPageSource();
System.out.println(pageSource);
Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
KeycloakSession session = keycloakRule.startSession();
RealmModel realm = session.realms().getRealmByName("demo");
session.getContext().setRealm(realm);
int originalIdle = realm.getSsoSessionIdleTimeout();
realm.setSsoSessionIdleTimeout(1);
session.getTransactionManager().commit();
session.close();
// Needs to add some additional time due the tolerance allowed by IDLE_TIMEOUT_WINDOW_SECONDS
Time.setOffset(2 + SessionTimeoutHelper.IDLE_TIMEOUT_WINDOW_SECONDS);
// test SSO
driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
session = keycloakRule.startSession();
realm = session.realms().getRealmByName("demo");
session.getContext().setRealm(realm);
realm.setSsoSessionIdleTimeout(originalIdle);
session.getTransactionManager().commit();
session.close();
Time.setOffset(0);
}
public void testLoginSSOIdleRemoveExpiredUserSessions() throws Exception {
// test login to customer-portal which does a bearer request to customer-db
driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
System.out.println("Current url: " + driver.getCurrentUrl());
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
loginPage.login("bburke@redhat.com", "password");
System.out.println("Current url: " + driver.getCurrentUrl());
Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/customer-portal" + slash);
String pageSource = driver.getPageSource();
System.out.println(pageSource);
Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
KeycloakSession session = keycloakRule.startSession();
RealmModel realm = session.realms().getRealmByName("demo");
session.getContext().setRealm(realm);
int originalIdle = realm.getSsoSessionIdleTimeout();
realm.setSsoSessionIdleTimeout(1);
session.getTransactionManager().commit();
session.close();
// Needs to add some additional time due the tolerance allowed by IDLE_TIMEOUT_WINDOW_SECONDS
Time.setOffset(2 + SessionTimeoutHelper.IDLE_TIMEOUT_WINDOW_SECONDS);
session = keycloakRule.startSession();
realm = session.realms().getRealmByName("demo");
session.getContext().setRealm(realm);
session.sessions().removeExpired(realm);
session.getTransactionManager().commit();
session.close();
// test SSO
driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
session = keycloakRule.startSession();
realm = session.realms().getRealmByName("demo");
session.getContext().setRealm(realm);
// need to cleanup so other tests don't fail, so invalidate http sessions on remote clients.
UserModel user = session.users().getUserByUsername("bburke@redhat.com", realm);
new ResourceAdminManager(session).logoutUser(null, realm, user, session);
realm.setSsoSessionIdleTimeout(originalIdle);
session.getTransactionManager().commit();
session.close();
Time.setOffset(0);
}
public void testLoginSSOMax() throws Exception {
// test login to customer-portal which does a bearer request to customer-db
driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
System.out.println("Current url: " + driver.getCurrentUrl());
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
loginPage.login("bburke@redhat.com", "password");
System.out.println("Current url: " + driver.getCurrentUrl());
Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/customer-portal" + slash);
String pageSource = driver.getPageSource();
System.out.println(pageSource);
Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
KeycloakSession session = keycloakRule.startSession();
RealmModel realm = session.realms().getRealmByName("demo");
session.getContext().setRealm(realm);
int original = realm.getSsoSessionMaxLifespan();
realm.setSsoSessionMaxLifespan(1);
session.getTransactionManager().commit();
session.close();
Time.setOffset(2);
// test SSO
driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
session = keycloakRule.startSession();
realm = session.realms().getRealmByName("demo");
session.getContext().setRealm(realm);
realm.setSsoSessionMaxLifespan(original);
session.getTransactionManager().commit();
session.close();
Time.setOffset(0);
}
/**
* KEYCLOAK-518
* @throws Exception
*/
public void testNullBearerToken() throws Exception {
Client client = ClientBuilder.newClient();
WebTarget target = client.target(APP_SERVER_BASE_URL + "/customer-db/");
Response response = target.request().get();
Assert.assertEquals(401, response.getStatus());
response.close();
response = target.request().header(HttpHeaders.AUTHORIZATION, "Bearer null").get();
Assert.assertEquals(401, response.getStatus());
response.close();
client.close();
}
/**
* KEYCLOAK-1368
* @throws Exception
*/
public void testNullBearerTokenCustomErrorPage() throws Exception {
ErrorServlet.authError = null;
Client client = ClientBuilder.newClient();
WebTarget target = client.target(APP_SERVER_BASE_URL + "/customer-db-error-page/");
Response response = target.request().get();
// TODO: follow redirects automatically if possible
if (response.getStatus() == 302) {
String location = response.getHeaderString(HttpHeaders.LOCATION);
response.close();
response = client.target(location).request().get();
}
Assert.assertEquals(401, response.getStatus());
String errorPageResponse = response.readEntity(String.class);
Assert.assertTrue(errorPageResponse.contains("Error Page"));
response.close();
Assert.assertNotNull(ErrorServlet.authError);
OIDCAuthenticationError error = (OIDCAuthenticationError) ErrorServlet.authError;
Assert.assertEquals(OIDCAuthenticationError.Reason.NO_BEARER_TOKEN, error.getReason());
ErrorServlet.authError = null;
response = target.request().header(HttpHeaders.AUTHORIZATION, "Bearer null").get();
// TODO: follow redirects automatically if possible
if (response.getStatus() == 302) {
String location = response.getHeaderString(HttpHeaders.LOCATION);
response.close();
response = client.target(location).request().get();
}
Assert.assertEquals(401, response.getStatus());
errorPageResponse = response.readEntity(String.class);
Assert.assertTrue(errorPageResponse.contains("Error Page"));
response.close();
Assert.assertNotNull(ErrorServlet.authError);
error = (OIDCAuthenticationError) ErrorServlet.authError;
Assert.assertEquals(OIDCAuthenticationError.Reason.INVALID_TOKEN, error.getReason());
client.close();
}
/**
* KEYCLOAK-518
* @throws Exception
*/
public void testBadUser() throws Exception {
Client client = ClientBuilder.newClient();
UriBuilder builder = UriBuilder.fromUri(AUTH_SERVER_URL);
URI uri = OIDCLoginProtocolService.tokenUrl(builder).build("demo");
WebTarget target = client.target(uri);
String header = BasicAuthHelper.createHeader("customer-portal", "password");
Form form = new Form();
form.param(OAuth2Constants.GRANT_TYPE, OAuth2Constants.PASSWORD)
.param("username", "monkey@redhat.com")
.param("password", "password");
Response response = target.request()
.header(HttpHeaders.AUTHORIZATION, header)
.post(Entity.form(form));
Assert.assertEquals(401, response.getStatus());
response.close();
client.close();
}
/**
* KEYCLOAK-732
*
* @throws Throwable
*/
public void testSingleSessionInvalidated() throws Throwable {
AdapterTestStrategy browser1 = this;
AdapterTestStrategy browser2 = new AdapterTestStrategy(AUTH_SERVER_URL, APP_SERVER_BASE_URL, keycloakRule);
loginAndCheckSession(browser1.driver, browser1.loginPage);
// Open browser2
browser2.webRule.before();
try {
loginAndCheckSession(browser2.driver, browser2.loginPage);
// Logout in browser1
String logoutUri = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
.queryParam(OAuth2Constants.REDIRECT_URI, APP_SERVER_BASE_URL + "/session-portal").build("demo").toString();
browser1.driver.navigate().to(logoutUri);
Assert.assertTrue(browser1.driver.getCurrentUrl().startsWith(LOGIN_URL));
// Assert that I am logged out in browser1
browser1.driver.navigate().to(APP_SERVER_BASE_URL + "/session-portal");
Assert.assertTrue(browser1.driver.getCurrentUrl().startsWith(LOGIN_URL));
// Assert that I am still logged in browser2 and same session is still preserved
browser2.driver.navigate().to(APP_SERVER_BASE_URL + "/session-portal");
Assert.assertEquals(browser2.driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/session-portal" + slash);
String pageSource = browser2.driver.getPageSource();
Assert.assertTrue(pageSource.contains("Counter=3"));
browser2.driver.navigate().to(logoutUri);
Assert.assertTrue(browser2.driver.getCurrentUrl().startsWith(LOGIN_URL));
} finally {
browser2.webRule.after();
}
}
/**
* KEYCLOAK-741
*/
public void testSessionInvalidatedAfterFailedRefresh() throws Throwable {
final AtomicInteger origTokenLifespan = new AtomicInteger();
// Delete adminUrl and set short accessTokenLifespan
keycloakRule.update(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel demoRealm) {
ClientModel sessionPortal = demoRealm.getClientByClientId("session-portal");
sessionPortal.setManagementUrl(null);
origTokenLifespan.set(demoRealm.getAccessTokenLifespan());
demoRealm.setAccessTokenLifespan(1);
}
}, "demo");
// Login
loginAndCheckSession(driver, loginPage);
// Logout
String logoutUri = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
.queryParam(OAuth2Constants.REDIRECT_URI, APP_SERVER_BASE_URL + "/session-portal").build("demo").toString();
driver.navigate().to(logoutUri);
// Wait until accessToken is expired
Time.setOffset(2);
// Assert that http session was invalidated
driver.navigate().to(APP_SERVER_BASE_URL + "/session-portal");
String currentUrl = driver.getCurrentUrl();
Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
loginPage.login("bburke@redhat.com", "password");
Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/session-portal" + slash);
String pageSource = driver.getPageSource();
Assert.assertTrue(pageSource.contains("Counter=1"));
keycloakRule.update(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel demoRealm) {
ClientModel sessionPortal = demoRealm.getClientByClientId("session-portal");
sessionPortal.setManagementUrl(APP_SERVER_BASE_URL + "/session-portal");
demoRealm.setAccessTokenLifespan(origTokenLifespan.get());
}
}, "demo");
Time.setOffset(0);
}
/**
* KEYCLOAK-942
*/
public void testAdminApplicationLogout() throws Throwable {
// login as bburke
loginAndCheckSession(driver, loginPage);
// logout mposolda with admin client
try (Keycloak keycloakAdmin = Keycloak.getInstance(AUTH_SERVER_URL, "master", "admin", "admin", Constants.ADMIN_CLI_CLIENT_ID)) {
UserRepresentation mposolda = keycloakAdmin.realm("demo").users().search("mposolda", null, null, null, null, null).get(0);
keycloakAdmin.realm("demo").users().get(mposolda.getId()).logout();
// bburke should be still logged with original httpSession in our browser window
driver.navigate().to(APP_SERVER_BASE_URL + "/session-portal");
Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/session-portal" + slash);
String pageSource = driver.getPageSource();
Assert.assertTrue(pageSource.contains("Counter=3"));
}
}
/**
* KEYCLOAK-1216
*/
public void testAccountManagementSessionsLogout() throws Throwable {
// login as bburke
loginAndCheckSession(driver, loginPage);
// logout sessions in account management
accountSessionsPage.realm("demo");
accountSessionsPage.open();
Assert.assertTrue(accountSessionsPage.isCurrent());
accountSessionsPage.logoutAll();
// Assert I need to login again (logout was propagated to the app)
loginAndCheckSession(driver, loginPage);
}
protected void loginAndCheckSession(WebDriver driver, LoginPage loginPage) {
driver.navigate().to(APP_SERVER_BASE_URL + "/session-portal");
String currentUrl = driver.getCurrentUrl();
Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
loginPage.login("bburke@redhat.com", "password");
System.out.println("Current url: " + driver.getCurrentUrl());
Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/session-portal" + slash);
String pageSource = driver.getPageSource();
Assert.assertTrue(pageSource.contains("Counter=1"));
// Counter increased now
driver.navigate().to(APP_SERVER_BASE_URL + "/session-portal");
pageSource = driver.getPageSource();
Assert.assertTrue(pageSource.contains("Counter=2"));
}
}

View file

@ -1,675 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.helper.adapter;
import org.apache.commons.io.IOUtils;
import org.junit.Assert;
import org.junit.rules.ExternalResource;
import org.keycloak.adapters.saml.SamlAuthenticationError;
import org.keycloak.adapters.saml.SamlPrincipal;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.common.util.KeyUtils;
import org.keycloak.common.util.Retry;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.saml.mappers.*;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.saml.BaseSAML2BindingBuilder;
import org.keycloak.saml.SAML2ErrorResponseBuilder;
import org.keycloak.saml.SignatureAlgorithm;
import org.keycloak.saml.common.constants.GeneralConstants;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.processing.core.saml.v2.constants.X500SAMLProfileConstants;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.KeycloakServer;
import org.keycloak.testsuite.PageUtils;
import org.keycloak.testsuite.adapter.servlet.SamlSPFacade;
import org.keycloak.testsuite.pages.InputPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.keycloak.testsuite.rule.ErrorServlet;
import org.keycloak.testsuite.rule.KeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule;
import org.openqa.selenium.WebDriver;
import org.w3c.dom.Document;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.Response;
import java.io.IOException;
import java.net.URI;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.*;
import java.util.logging.Level;
import java.util.logging.Logger;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertThat;
import static org.hamcrest.collection.IsIterableContainingInAnyOrder.containsInAnyOrder;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class SamlAdapterTestStrategy extends ExternalResource {
protected String AUTH_SERVER_URL = "http://localhost:8081/auth";
protected String APP_SERVER_BASE_URL = "http://localhost:8081";
protected AbstractKeycloakRule keycloakRule;
private static final String REALM_PRIVATE_KEY_STR = "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=";
private static PrivateKey REALM_PRIVATE_KEY;
private static final String REALM_PUBLIC_KEY_STR = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB";
private static PublicKey REALM_PUBLIC_KEY;
static {
try {
KeyFactory kf = KeyFactory.getInstance("RSA");
byte[] encoded = Base64.getDecoder().decode(REALM_PUBLIC_KEY_STR);
REALM_PUBLIC_KEY = (PublicKey) kf.generatePublic(new X509EncodedKeySpec(encoded));
encoded = Base64.getDecoder().decode(REALM_PRIVATE_KEY_STR);
REALM_PRIVATE_KEY = (PrivateKey) kf.generatePrivate(new PKCS8EncodedKeySpec(encoded));
} catch (NoSuchAlgorithmException | InvalidKeySpecException ex) {
Logger.getLogger(SamlAdapterTestStrategy.class.getName()).log(Level.SEVERE, null, ex);
}
}
public SamlAdapterTestStrategy(String AUTH_SERVER_URL, String APP_SERVER_BASE_URL, AbstractKeycloakRule keycloakRule) {
this.AUTH_SERVER_URL = AUTH_SERVER_URL;
this.APP_SERVER_BASE_URL = APP_SERVER_BASE_URL;
this.keycloakRule = keycloakRule;
}
public WebRule webRule = new WebRule(this);
@WebResource
protected WebDriver driver;
@WebResource
protected LoginPage loginPage;
@WebResource
protected InputPage inputPage;
@Override
protected void before() throws Throwable {
super.before();
webRule.before();
}
@Override
protected void after() {
super.after();
webRule.after();
}
public static RealmModel baseAdapterTestInitialization(KeycloakSession session, RealmManager manager, RealmModel adminRealm, Class<?> clazz) {
RealmRepresentation representation = KeycloakServer.loadJson(clazz.getResourceAsStream("/keycloak-saml/testsaml.json"), RealmRepresentation.class);
RealmModel demoRealm = manager.importRealm(representation);
return demoRealm;
}
protected void checkLoggedOut(String mainUrl, boolean postBinding) {
String pageSource = driver.getPageSource();
System.out.println("*** logout pagesource ***");
System.out.println(pageSource);
System.out.println("driver url: " + driver.getCurrentUrl());
Assert.assertTrue(pageSource.contains("request-path: /logout.jsp"));
driver.navigate().to(mainUrl);
checkAtLoginPage(postBinding);
}
protected void checkAtLoginPage(boolean postBinding) {
if (postBinding) assertAtLoginPagePostBinding();
else assertAtLoginPageRedirectBinding();
}
protected void assertAtLoginPageRedirectBinding() {
Assert.assertTrue(driver.getCurrentUrl().startsWith(AUTH_SERVER_URL + "/realms/demo/protocol/saml"));
}
protected void assertAtLoginPagePostBinding() {
Assert.assertTrue(driver.getCurrentUrl().startsWith(AUTH_SERVER_URL + "/realms/demo/login-actions/authenticate"));
}
public void testSavedPostRequest() throws Exception {
// test login to customer-portal which does a bearer request to customer-db
driver.navigate().to(APP_SERVER_BASE_URL + "/input-portal");
System.err.println("*********** Current url: " + driver.getCurrentUrl());
Assert.assertTrue(driver.getCurrentUrl().startsWith(APP_SERVER_BASE_URL + "/input-portal"));
inputPage.execute("hello");
assertAtLoginPagePostBinding();
loginPage.login("bburke@redhat.com", "password");
System.out.println("Current url: " + driver.getCurrentUrl());
Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/input-portal/secured/post");
String pageSource = driver.getPageSource();
System.out.println(pageSource);
Assert.assertTrue(pageSource.contains("parameter=hello"));
// test that user principal and KeycloakSecurityContext available
driver.navigate().to(APP_SERVER_BASE_URL + "/input-portal/insecure");
System.out.println("insecure: ");
System.out.println(driver.getPageSource());
Assert.assertTrue(driver.getPageSource().contains("Insecure Page"));
if (System.getProperty("insecure.user.principal.unsupported") == null) Assert.assertTrue(driver.getPageSource().contains("UserPrincipal"));
// test logout
driver.navigate().to(APP_SERVER_BASE_URL + "/input-portal?GLO=true");
// test unsecured POST KEYCLOAK-901
Client client = ClientBuilder.newClient();
Form form = new Form();
form.param("parameter", "hello");
String text = client.target(APP_SERVER_BASE_URL + "/input-portal/unsecured").request().post(Entity.form(form), String.class);
Assert.assertTrue(text.contains("parameter=hello"));
client.close();
}
public void testErrorHandlingUnsigned() throws Exception {
ErrorServlet.authError = null;
Client client = ClientBuilder.newClient();
// make sure
Response response = client.target(APP_SERVER_BASE_URL + "/employee-sig/").request().get();
response.close();
SAML2ErrorResponseBuilder builder = new SAML2ErrorResponseBuilder()
.destination(APP_SERVER_BASE_URL + "/employee-sig/saml")
.issuer(AUTH_SERVER_URL + "/realms/demo")
.status(JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get());
BaseSAML2BindingBuilder binding = new BaseSAML2BindingBuilder()
.relayState(null);
Document document = builder.buildDocument();
URI uri = binding.redirectBinding(document).generateURI(APP_SERVER_BASE_URL + "/employee-sig/saml", false);
response = client.target(uri).request().get();
String errorPage = response.readEntity(String.class);
response.close();
Assert.assertTrue(errorPage.contains("Error Page"));
client.close();
Assert.assertNotNull(ErrorServlet.authError);
SamlAuthenticationError error = (SamlAuthenticationError)ErrorServlet.authError;
Assert.assertEquals(SamlAuthenticationError.Reason.INVALID_SIGNATURE, error.getReason());
Assert.assertNotNull(error.getStatus());
ErrorServlet.authError = null;
}
public void testErrorHandlingSigned() throws Exception {
ErrorServlet.authError = null;
Client client = ClientBuilder.newClient();
// make sure
Response response = client.target(APP_SERVER_BASE_URL + "/employee-sig/").request().get();
response.close();
SAML2ErrorResponseBuilder builder = new SAML2ErrorResponseBuilder()
.destination(APP_SERVER_BASE_URL + "/employee-sig/saml")
.issuer(AUTH_SERVER_URL + "/realms/demo")
.status(JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get());
BaseSAML2BindingBuilder binding = new BaseSAML2BindingBuilder()
.relayState(null)
.signatureAlgorithm(SignatureAlgorithm.RSA_SHA256)
.signWith(KeyUtils.createKeyId(REALM_PRIVATE_KEY), REALM_PRIVATE_KEY, REALM_PUBLIC_KEY)
.signDocument();
Document document = builder.buildDocument();
URI uri = binding.generateRedirectUri(GeneralConstants.SAML_RESPONSE_KEY, APP_SERVER_BASE_URL + "/employee-sig/saml", document);
response = client.target(uri).request().get();
String errorPage = response.readEntity(String.class);
response.close();
Assert.assertTrue(errorPage.contains("Error Page"));
client.close();
Assert.assertNotNull(ErrorServlet.authError);
SamlAuthenticationError error = (SamlAuthenticationError)ErrorServlet.authError;
Assert.assertEquals(SamlAuthenticationError.Reason.ERROR_STATUS, error.getReason());
Assert.assertNotNull(error.getStatus());
ErrorServlet.authError = null;
}
public void testPostSimpleLoginLogout() {
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post/");
assertAtLoginPagePostBinding();
loginPage.login("bburke", "password");
assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/sales-post/");
System.out.println(driver.getPageSource());
Assert.assertTrue(driver.getPageSource().contains("bburke"));
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post?GLO=true");
checkLoggedOut(APP_SERVER_BASE_URL + "/sales-post/", true);
}
public void testPostPassiveLoginLogout(boolean forbiddenIfNotauthenticated) {
// first request on passive app - no login page shown, user not logged in as we are in passive mode.
// Shown page depends on used authentication mechanism, some may return forbidden error, some return requested page with anonymous user (not logged in)
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-passive/");
assertEquals(APP_SERVER_BASE_URL + "/sales-post-passive/saml", driver.getCurrentUrl());
System.out.println(driver.getPageSource());
if (forbiddenIfNotauthenticated) {
Assert.assertTrue(driver.getPageSource().contains("HTTP status code: 403"));
} else {
Assert.assertTrue(driver.getPageSource().contains("principal=null"));
}
// login user by asking login from other app
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post/");
loginPage.login("bburke", "password");
// navigate to the passive app again, we have to be logged in now
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-passive/");
assertEquals(APP_SERVER_BASE_URL + "/sales-post-passive/", driver.getCurrentUrl());
System.out.println(driver.getPageSource());
Assert.assertTrue(driver.getPageSource().contains("bburke"));
// logout from both app
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-passive?GLO=true");
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post?GLO=true");
// refresh passive app page, not logged in again as we are in passive mode
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-passive/");
assertEquals(APP_SERVER_BASE_URL + "/sales-post-passive/saml", driver.getCurrentUrl());
Assert.assertFalse(driver.getPageSource().contains("bburke"));
}
public void testPostSimpleUnauthorized(CheckAuthError error) {
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post/");
assertAtLoginPagePostBinding();
loginPage.login("unauthorized", "password");
assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/sales-post/");
System.out.println(driver.getPageSource());
error.check(driver);
}
public void testPostSimpleLoginLogoutIdpInitiated() {
driver.navigate().to(AUTH_SERVER_URL + "/realms/demo/protocol/saml/clients/sales-post");
loginPage.login("bburke", "password");
Assert.assertTrue(driver.getCurrentUrl().startsWith(APP_SERVER_BASE_URL + "/sales-post"));
System.out.println(driver.getPageSource());
Assert.assertTrue(driver.getPageSource().contains("bburke"));
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post?GLO=true");
checkLoggedOut(APP_SERVER_BASE_URL + "/sales-post/", true);
}
public void testPostSimpleLoginLogoutIdpInitiatedRedirectTo() {
driver.navigate().to(AUTH_SERVER_URL + "/realms/demo/protocol/saml/clients/sales-post2");
loginPage.login("bburke", "password");
assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/sales-post2/foo");
System.out.println(driver.getPageSource());
Assert.assertTrue(driver.getPageSource().contains("bburke"));
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post2?GLO=true");
checkLoggedOut(APP_SERVER_BASE_URL + "/sales-post2/", true);
}
public void testPostSignedLoginLogout() {
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-sig/");
assertAtLoginPagePostBinding();
loginPage.login("bburke", "password");
assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/sales-post-sig/");
Assert.assertTrue(driver.getPageSource().contains("bburke"));
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-sig?GLO=true");
checkLoggedOut(APP_SERVER_BASE_URL + "/sales-post-sig/", true);
}
public void testPostSignedResponseAndAssertionLoginLogout() {
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-assertion-and-response-sig/");
assertAtLoginPagePostBinding();
loginPage.login("bburke", "password");
assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/sales-post-assertion-and-response-sig/");
Assert.assertTrue(driver.getPageSource().contains("bburke"));
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-assertion-and-response-sig?GLO=true");
checkLoggedOut(APP_SERVER_BASE_URL + "/sales-post-assertion-and-response-sig/", true);
}
public void testPostSignedLoginLogoutTransientNameID() {
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-sig-transient/");
assertAtLoginPagePostBinding();
loginPage.login("bburke", "password");
assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/sales-post-sig-transient/");
System.out.println(driver.getPageSource());
Assert.assertFalse(driver.getPageSource().contains("bburke"));
Assert.assertTrue(driver.getPageSource().contains("principal=G-"));
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-sig-transient?GLO=true");
checkLoggedOut(APP_SERVER_BASE_URL + "/sales-post-sig-transient/", true);
}
public void testPostSignedLoginLogoutPersistentNameID() {
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-sig-persistent/");
assertAtLoginPagePostBinding();
loginPage.login("bburke", "password");
assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/sales-post-sig-persistent/");
System.out.println(driver.getPageSource());
Assert.assertFalse(driver.getPageSource().contains("bburke"));
Assert.assertTrue(driver.getPageSource().contains("principal=G-"));
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-sig-persistent?GLO=true");
checkLoggedOut(APP_SERVER_BASE_URL + "/sales-post-sig-persistent/", true);
}
public void testPostSignedLoginLogoutEmailNameID() {
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-sig-email/");
assertAtLoginPagePostBinding();
loginPage.login("bburke", "password");
assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/sales-post-sig-email/");
System.out.println(driver.getPageSource());
Assert.assertTrue(driver.getPageSource().contains("principal=bburke@redhat.com"));
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-sig-email?GLO=true");
checkLoggedOut(APP_SERVER_BASE_URL + "/sales-post-sig-email/", true);
}
public void testRelayStateEncoding() throws Exception {
// this test has a hardcoded SAMLRequest and we hack a SP face servlet to get the SAMLResponse so we can look
// at the relay state
SamlSPFacade.samlResponse = null;
driver.navigate().to(APP_SERVER_BASE_URL + "/employee/");
assertAtLoginPageRedirectBinding();
System.out.println(driver.getCurrentUrl());
loginPage.login("bburke", "password");
assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/employee/");
assertEquals(SamlSPFacade.sentRelayState, SamlSPFacade.RELAY_STATE);
Assert.assertNotNull(SamlSPFacade.samlResponse);
}
public void testAttributes() throws Exception {
keycloakRule.update(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
ClientModel app = appRealm.getClientByClientId(APP_SERVER_BASE_URL + "/employee2/");
app.addProtocolMapper(GroupMembershipMapper.create("groups", "group", null, null, true));
app.addProtocolMapper(UserAttributeStatementMapper.createAttributeMapper("topAttribute", "topAttribute", "topAttribute", "Basic", null));
app.addProtocolMapper(UserAttributeStatementMapper.createAttributeMapper("level2Attribute", "level2Attribute", "level2Attribute", "Basic", null));
app.addProtocolMapper(ScriptBasedMapper.create("test-script-mapper1", "script-single-value", "Basic", null, "'hello_' + user.getUsername()", true));
app.addProtocolMapper(ScriptBasedMapper.create("test-script-mapper2", "script-multiple-values-single-attribute-array", "Basic", null, "Java.to(['A', 'B', 'C'], Java.type('java.lang.String[]'))", true));
app.addProtocolMapper(ScriptBasedMapper.create("test-script-mapper3", "script-multiple-values-single-attribute-list", "Basic", null, "new java.util.ArrayList(['D', 'E', 'F'])", true));
app.addProtocolMapper(ScriptBasedMapper.create("test-script-mapper4", "script-multiple-values-multiple-attributes-set", "Basic", null, "new java.util.HashSet(['G', 'H', 'I'])", false));
}
}, "demo");
{
SendUsernameServlet.sentPrincipal = null;
SendUsernameServlet.checkRoles = null;
driver.navigate().to(APP_SERVER_BASE_URL + "/employee2/");
assertAtLoginPagePostBinding();
List<String> requiredRoles = new LinkedList<>();
requiredRoles.add("manager");
requiredRoles.add("user");
SendUsernameServlet.checkRoles = requiredRoles;
loginPage.login("level2GroupUser", "password");
assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/employee2/");
SendUsernameServlet.checkRoles = null;
SamlPrincipal principal = (SamlPrincipal) SendUsernameServlet.sentPrincipal;
Assert.assertNotNull(principal);
assertEquals("level2@redhat.com", principal.getAttribute(X500SAMLProfileConstants.EMAIL.get()));
assertEquals("true", principal.getAttribute("topAttribute"));
assertEquals("true", principal.getAttribute("level2Attribute"));
List<String> groups = principal.getAttributes("group");
Assert.assertNotNull(groups);
Set<String> groupSet = new HashSet<>();
assertEquals("level2@redhat.com", principal.getFriendlyAttribute("email"));
assertEquals("hello_level2groupuser", principal.getAttribute("script-single-value"));
assertThat(principal.getAttributes("script-multiple-values-single-attribute-array"), containsInAnyOrder("A","B","C"));
assertEquals(1, principal.getAssertion().getAttributeStatements().stream().
flatMap(x -> x.getAttributes().stream()).
filter(x -> x.getAttribute().getName().equals("script-multiple-values-single-attribute-array"))
.count());
assertThat(principal.getAttributes("script-multiple-values-single-attribute-list"), containsInAnyOrder("D","E","F"));
assertEquals(1, principal.getAssertion().getAttributeStatements().stream().
flatMap(x -> x.getAttributes().stream()).
filter(x -> x.getAttribute().getName().equals("script-multiple-values-single-attribute-list"))
.count());
assertThat(principal.getAttributes("script-multiple-values-multiple-attributes-set"), containsInAnyOrder("G","H","I"));
assertEquals(3, principal.getAssertion().getAttributeStatements().stream().
flatMap(x -> x.getAttributes().stream()).
filter(x -> x.getAttribute().getName().equals("script-multiple-values-multiple-attributes-set"))
.count());
driver.navigate().to(APP_SERVER_BASE_URL + "/employee2/?GLO=true");
checkLoggedOut(APP_SERVER_BASE_URL + "/employee2/", true);
}
{
SendUsernameServlet.sentPrincipal = null;
SendUsernameServlet.checkRoles = null;
driver.navigate().to(APP_SERVER_BASE_URL + "/employee2/");
assertAtLoginPagePostBinding();
List<String> requiredRoles = new LinkedList<>();
requiredRoles.add("manager");
requiredRoles.add("employee");
requiredRoles.add("user");
SendUsernameServlet.checkRoles = requiredRoles;
loginPage.login("bburke", "password");
assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/employee2/");
SendUsernameServlet.checkRoles = null;
SamlPrincipal principal = (SamlPrincipal) SendUsernameServlet.sentPrincipal;
Assert.assertNotNull(principal);
assertEquals("bburke@redhat.com", principal.getAttribute(X500SAMLProfileConstants.EMAIL.get()));
assertEquals("bburke@redhat.com", principal.getFriendlyAttribute("email"));
assertEquals("617", principal.getAttribute("phone"));
Assert.assertNull(principal.getFriendlyAttribute("phone"));
assertEquals("hello_bburke", principal.getAttribute("script-single-value"));
driver.navigate().to(APP_SERVER_BASE_URL + "/employee2/?GLO=true");
checkLoggedOut(APP_SERVER_BASE_URL + "/employee2/", true);
}
keycloakRule.update(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
ClientModel app = appRealm.getClientByClientId(APP_SERVER_BASE_URL + "/employee2/");
for (ProtocolMapperModel mapper : app.getProtocolMappers()) {
if (mapper.getName().equals("role-list")) {
app.removeProtocolMapper(mapper);
mapper.setId(null);
mapper.getConfig().put(RoleListMapper.SINGLE_ROLE_ATTRIBUTE, "true");
mapper.getConfig().put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "memberOf");
app.addProtocolMapper(mapper);
}
}
app.addProtocolMapper(HardcodedAttributeMapper.create("hardcoded-attribute", "hardcoded-attribute", "Basic", null, "hard"));
app.addProtocolMapper(HardcodedRole.create("hardcoded-role", "hardcoded-role"));
app.addProtocolMapper(RoleNameMapper.create("renamed-role", "manager", "el-jefe"));
app.addProtocolMapper(RoleNameMapper.create("renamed-employee-role", APP_SERVER_BASE_URL + "/employee/.employee", "pee-on"));
}
}, "demo");
System.out.println(">>>>>>>>>> single role attribute <<<<<<<<");
{
SendUsernameServlet.sentPrincipal = null;
SendUsernameServlet.checkRoles = null;
driver.navigate().to(APP_SERVER_BASE_URL + "/employee2/");
assertAtLoginPagePostBinding();
List<String> requiredRoles = new LinkedList<>();
requiredRoles.add("el-jefe");
requiredRoles.add("user");
requiredRoles.add("hardcoded-role");
requiredRoles.add("pee-on");
SendUsernameServlet.checkRoles = requiredRoles;
loginPage.login("bburke", "password");
assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/employee2/");
SendUsernameServlet.checkRoles = null;
SamlPrincipal principal = (SamlPrincipal) SendUsernameServlet.sentPrincipal;
Assert.assertNotNull(principal);
assertEquals("hard", principal.getAttribute("hardcoded-attribute"));
}
}
public void testRedirectSignedLoginLogout() {
driver.navigate().to(APP_SERVER_BASE_URL + "/employee-sig/");
assertAtLoginPageRedirectBinding();
loginPage.login("bburke", "password");
assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/employee-sig/");
Assert.assertTrue(driver.getPageSource().contains("bburke"));
driver.navigate().to(APP_SERVER_BASE_URL + "/employee-sig?GLO=true");
checkLoggedOut(APP_SERVER_BASE_URL + "/employee-sig/", false);
}
public void testRedirectSignedLoginLogoutFrontNoSSO() {
driver.navigate().to(APP_SERVER_BASE_URL + "/employee-sig-front/");
assertAtLoginPageRedirectBinding();
loginPage.login("bburke", "password");
assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/employee-sig-front/");
Assert.assertTrue(driver.getPageSource().contains("bburke"));
driver.navigate().to(APP_SERVER_BASE_URL + "/employee-sig-front?GLO=true");
checkLoggedOut(APP_SERVER_BASE_URL + "/employee-sig-front/", false);
}
public void testRedirectSignedLoginLogoutFront() {
// visit 1st app an logg in
System.out.println("visit 1st app ");
driver.navigate().to(APP_SERVER_BASE_URL + "/employee-sig/");
assertAtLoginPageRedirectBinding();
System.out.println("login to form");
loginPage.login("bburke", "password");
assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/employee-sig/");
Assert.assertTrue(driver.getPageSource().contains("bburke"));
// visit 2nd app
System.out.println("visit 2nd app ");
driver.navigate().to(APP_SERVER_BASE_URL + "/employee-sig-front/");
assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/employee-sig-front/");
Assert.assertTrue(driver.getPageSource().contains("bburke"));
// visit 3rd app
System.out.println("visit 3rd app ");
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-sig/");
assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/sales-post-sig/");
Assert.assertTrue(driver.getPageSource().contains("bburke"));
// logout of first app
System.out.println("GLO");
driver.navigate().to(APP_SERVER_BASE_URL + "/employee-sig?GLO=true");
checkLoggedOut(APP_SERVER_BASE_URL + "/employee-sig/", false);
driver.navigate().to(APP_SERVER_BASE_URL + "/employee-sig-front/");
String currentUrl = driver.getCurrentUrl();
Assert.assertTrue(currentUrl.startsWith(AUTH_SERVER_URL + "/realms/demo/protocol/saml"));
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-sig/");
assertAtLoginPagePostBinding();
}
public void testPostEncryptedLoginLogout() {
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-enc/");
assertAtLoginPagePostBinding();
loginPage.login("bburke", "password");
Retry.execute(new Runnable() {
@Override
public void run() {
assertEquals(APP_SERVER_BASE_URL + "/sales-post-enc/", driver.getCurrentUrl());
}
}, 10, 100);
Assert.assertTrue(driver.getPageSource().contains("bburke"));
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-enc?GLO=true");
checkLoggedOut(APP_SERVER_BASE_URL + "/sales-post-enc/", true);
}
public void testPostBadClientSignature() {
driver.navigate().to(APP_SERVER_BASE_URL + "/bad-client-sales-post-sig/");
System.out.println(driver.getCurrentUrl());
Assert.assertTrue(driver.getCurrentUrl().startsWith(AUTH_SERVER_URL + "/realms/demo/protocol/saml"));
assertEquals(PageUtils.getPageTitle(driver), "We're sorry...");
}
public static interface CheckAuthError {
void check(WebDriver driver);
}
public void testPostBadRealmSignature() {
ErrorServlet.authError = null;
driver.navigate().to(APP_SERVER_BASE_URL + "/bad-realm-sales-post-sig/");
assertAtLoginPagePostBinding();
loginPage.login("bburke", "password");
assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/bad-realm-sales-post-sig/saml");
System.out.println(driver.getPageSource());
Assert.assertNotNull(ErrorServlet.authError);
SamlAuthenticationError error = (SamlAuthenticationError)ErrorServlet.authError;
Assert.assertEquals(SamlAuthenticationError.Reason.INVALID_SIGNATURE, error.getReason());
ErrorServlet.authError = null;
}
public void testPostBadAssertionSignature() {
ErrorServlet.authError = null;
driver.navigate().to(APP_SERVER_BASE_URL + "/bad-assertion-sales-post-sig/");
assertAtLoginPagePostBinding();
loginPage.login("bburke", "password");
assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/bad-assertion-sales-post-sig/saml");
System.out.println(driver.getPageSource());
Assert.assertNotNull(ErrorServlet.authError);
SamlAuthenticationError error = (SamlAuthenticationError)ErrorServlet.authError;
Assert.assertEquals(SamlAuthenticationError.Reason.INVALID_SIGNATURE, error.getReason());
ErrorServlet.authError = null;
}
public void testMissingAssertionSignature() {
ErrorServlet.authError = null;
driver.navigate().to(APP_SERVER_BASE_URL + "/missing-assertion-sig/");
assertAtLoginPagePostBinding();
loginPage.login("bburke", "password");
assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/missing-assertion-sig/saml");
System.out.println(driver.getPageSource());
Assert.assertNotNull(ErrorServlet.authError);
SamlAuthenticationError error = (SamlAuthenticationError)ErrorServlet.authError;
Assert.assertEquals(SamlAuthenticationError.Reason.INVALID_SIGNATURE, error.getReason());
ErrorServlet.authError = null;
}
public void testMetadataPostSignedLoginLogout() throws Exception {
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-metadata/");
assertAtLoginPagePostBinding();
loginPage.login("bburke", "password");
assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/sales-metadata/");
String pageSource = driver.getPageSource();
Assert.assertTrue(pageSource.contains("bburke"));
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-metadata?GLO=true");
checkLoggedOut(APP_SERVER_BASE_URL + "/sales-metadata/", true);
}
public static void uploadSP(String AUTH_SERVER_URL) {
try {
Keycloak keycloak = Keycloak.getInstance(AUTH_SERVER_URL, "master", "admin", "admin", Constants.ADMIN_CLI_CLIENT_ID, (String) null);
RealmResource admin = keycloak.realm("demo");
admin.toRepresentation();
ClientRepresentation clientRep = admin.convertClientDescription(IOUtils.toString(SamlAdapterTestStrategy.class.getResourceAsStream("/keycloak-saml/sp-metadata.xml")));
Response response = admin.clients().create(clientRep);
assertEquals(201, response.getStatus());
keycloak.close();
} catch (IOException e) {
throw new RuntimeException(e);
}
}
}

View file

@ -1,140 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.helper.adapter;
import io.undertow.security.idm.Account;
import io.undertow.security.idm.Credential;
import io.undertow.security.idm.IdentityManager;
import io.undertow.server.handlers.resource.Resource;
import io.undertow.server.handlers.resource.ResourceChangeListener;
import io.undertow.server.handlers.resource.ResourceManager;
import io.undertow.server.handlers.resource.URLResource;
import io.undertow.servlet.api.DeploymentInfo;
import io.undertow.servlet.api.FilterInfo;
import io.undertow.servlet.api.ServletInfo;
import org.keycloak.adapters.saml.servlet.SamlFilter;
import org.keycloak.adapters.saml.undertow.SamlServletExtension;
import org.keycloak.testsuite.helper.adapter.SendUsernameServlet;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import javax.servlet.DispatcherType;
import java.io.IOException;
import java.net.URL;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public abstract class SamlKeycloakRule extends AbstractKeycloakRule {
public static class TestResourceManager implements ResourceManager {
private final String basePath;
public TestResourceManager(String basePath){
this.basePath = basePath;
}
@Override
public Resource getResource(String path) throws IOException {
String temp = path;
String fullPath = basePath + temp;
URL url = getClass().getResource(fullPath);
if (url == null) {
System.out.println("url is null: " + fullPath);
}
return new URLResource(url, url.openConnection(), path);
}
@Override
public boolean isResourceChangeListenerSupported() {
throw new RuntimeException();
}
@Override
public void registerResourceChangeListener(ResourceChangeListener listener) {
throw new RuntimeException();
}
@Override
public void removeResourceChangeListener(ResourceChangeListener listener) {
throw new RuntimeException();
}
@Override
public void close() throws IOException {
throw new RuntimeException();
}
}
public static class TestIdentityManager implements IdentityManager {
@Override
public Account verify(Account account) {
return account;
}
@Override
public Account verify(String userName, Credential credential) {
throw new RuntimeException("WTF");
}
@Override
public Account verify(Credential credential) {
throw new RuntimeException();
}
}
@Override
protected void setupKeycloak() {
String realmJson = getRealmJson();
server.importRealm(getClass().getResourceAsStream(realmJson));
initWars();
}
public abstract void initWars();
public void initializeSamlSecuredWar(String warResourcePath, String contextPath, String warDeploymentName, ClassLoader classLoader) {
ServletInfo regularServletInfo = new ServletInfo("servlet", SendUsernameServlet.class)
.addMapping("/*");
FilterInfo samlFilter = new FilterInfo("saml-filter", SamlFilter.class);
ResourceManager resourceManager = new TestResourceManager(warResourcePath);
DeploymentInfo deploymentInfo = new DeploymentInfo()
.setClassLoader(classLoader)
.setIdentityManager(new TestIdentityManager())
.setContextPath(contextPath)
.setDeploymentName(warDeploymentName)
.setResourceManager(resourceManager)
.addServlets(regularServletInfo)
.addFilter(samlFilter)
.addFilterUrlMapping("saml-filter", "/*", DispatcherType.REQUEST)
.addServletExtension(new SamlServletExtension());
addErrorPage("/error.html", deploymentInfo);
server.getServer().deploy(deploymentInfo);
}
public String getRealmJson() {
return "/keycloak-saml/testsaml.json";
}
}

View file

@ -1,95 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.helper.adapter;
import org.junit.Assert;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.OutputStream;
import java.security.Principal;
import java.util.List;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class SendUsernameServlet extends HttpServlet {
public static Principal sentPrincipal;
public static List<String> checkRoles;
@Override
protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
System.out.println("In SendUsername Servlet doGet()");
if (checkRoles != null) {
for (String role : checkRoles) {
System.out.println("check role: " + role);
//Assert.assertTrue(req.isUserInRole(role));
if (!req.isUserInRole(role)) {
resp.sendError(403);
return;
}
}
}
resp.setContentType("text/plain");
OutputStream stream = resp.getOutputStream();
Principal principal = req.getUserPrincipal();
stream.write("request-path: ".getBytes());
if (req.getPathInfo() != null) stream.write(req.getPathInfo().getBytes());
stream.write("\n".getBytes());
stream.write("principal=".getBytes());
if (principal == null) {
stream.write("null".getBytes());
return;
}
String name = principal.getName();
stream.write(name.getBytes());
sentPrincipal = principal;
}
@Override
protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
System.out.println("In SendUsername Servlet doPost()");
if (checkRoles != null) {
for (String role : checkRoles) {
System.out.println("check role: " + role);
Assert.assertTrue(req.isUserInRole(role));
}
}
resp.setContentType("text/plain");
OutputStream stream = resp.getOutputStream();
Principal principal = req.getUserPrincipal();
stream.write("request-path: ".getBytes());
stream.write(req.getPathInfo().getBytes());
stream.write("\n".getBytes());
stream.write("principal=".getBytes());
if (principal == null) {
stream.write("null".getBytes());
return;
}
String name = principal.getName();
stream.write(name.getBytes());
sentPrincipal = principal;
}
}

View file

@ -1,74 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.pages;
import org.keycloak.services.Urls;
import org.keycloak.testsuite.Constants;
import org.openqa.selenium.By;
import org.openqa.selenium.WebElement;
import org.openqa.selenium.support.FindBy;
import javax.ws.rs.core.UriBuilder;
import java.util.LinkedList;
import java.util.List;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class AccountSessionsPage extends AbstractAccountPage {
private String realmName = "test";
private String path = Urls.accountSessionsPage(UriBuilder.fromUri(Constants.AUTH_SERVER_ROOT).build(), "test").toString();
@FindBy(id = "logout-all-sessions")
private WebElement logoutAllLink;
public boolean isCurrent() {
return driver.getTitle().contains("Account Management") && driver.getCurrentUrl().endsWith("/account/sessions");
}
public void realm(String realmName) {
this.realmName = realmName;
}
public String getPath() {
return Urls.accountSessionsPage(UriBuilder.fromUri(Constants.AUTH_SERVER_ROOT).build(), realmName).toString();
}
public void open() {
driver.navigate().to(getPath());
}
public void logoutAll() {
logoutAllLink.click();
}
public List<List<String>> getSessions() {
List<List<String>> table = new LinkedList<List<String>>();
for (WebElement r : driver.findElements(By.tagName("tr"))) {
List<String> row = new LinkedList<String>();
for (WebElement col : r.findElements(By.tagName("td"))) {
row.add(col.getText());
}
table.add(row);
}
table.remove(0);
return table;
}
}

View file

@ -1,52 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.pages;
import org.keycloak.testsuite.pages.AbstractPage;
import org.openqa.selenium.WebElement;
import org.openqa.selenium.support.FindBy;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class InputPage extends AbstractPage {
@FindBy(id = "parameter")
private WebElement parameter;
@FindBy(name = "submit")
private WebElement submit;
public void execute(String param) {
parameter.clear();
parameter.sendKeys(param);
submit.click();
}
public boolean isCurrent() {
return driver.getTitle().equals("Input Page");
}
@Override
public void open() {
}
}

View file

@ -44,34 +44,11 @@
</build>
<modules>
<module>integration-deprecated</module>
<module>tomcat8</module>
<module>integration-arquillian</module>
<module>utils</module>
</modules>
<profiles>
<profile>
<id>community</id>
<activation>
<property>
<name>!product</name>
</property>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
<modules>
<module>tomcat7</module>
</modules>
</profile>
<profile>
<id>performance</id>
<modules>

View file

@ -1,398 +0,0 @@
<?xml version="1.0"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<artifactId>keycloak-testsuite-pom</artifactId>
<groupId>org.keycloak</groupId>
<version>5.0.0-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>keycloak-testsuite-tomcat7</artifactId>
<name>Keycloak Tomcat 7 Integration TestSuite</name>
<properties>
<maven.compiler.target>1.7</maven.compiler.target>
<maven.compiler.source>1.7</maven.compiler.source>
<!--<tomcat.version>8.0.14</tomcat.version>-->
<tomcat.version>7.0.59</tomcat.version>
</properties>
<description />
<dependencies>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-catalina</artifactId>
<version>7.0.59</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-util</artifactId>
<version>7.0.59</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
<version>7.0.59</version>
</dependency>
<!-- Undertow's fork of Jasper JSP parser -->
<dependency>
<groupId>io.undertow.jastow</groupId>
<artifactId>jastow</artifactId>
<version>2.0.0.Final</version>
</dependency>
<dependency>
<groupId>org.jboss.spec.javax.servlet.jsp</groupId>
<artifactId>jboss-jsp-api_2.3_spec</artifactId>
<version>1.0.1.Final</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-dependencies-server-all</artifactId>
<type>pom</type>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-admin-client</artifactId>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.spec.javax.servlet</groupId>
<artifactId>jboss-servlet-api_3.0_spec</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.spec.javax.ws.rs</groupId>
<artifactId>jboss-jaxrs-api_2.1_spec</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-jaxrs</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-saml-tomcat7-adapter</artifactId>
<exclusions>
<exclusion>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-servlet-api</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-catalina</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.tomcat</groupId>
<artifactId>catalina</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-client</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-multipart-provider</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-jackson2-provider</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-undertow</artifactId>
</dependency>
<dependency>
<groupId>com.google.zxing</groupId>
<artifactId>javase</artifactId>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-ldap-federation</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-kerberos-federation</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-undertow-adapter</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-tomcat7-adapter</artifactId>
</dependency>
<dependency>
<groupId>org.jboss.logging</groupId>
<artifactId>jboss-logging</artifactId>
</dependency>
<dependency>
<groupId>io.undertow</groupId>
<artifactId>undertow-servlet</artifactId>
</dependency>
<dependency>
<groupId>io.undertow</groupId>
<artifactId>undertow-core</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
</dependency>
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest-all</artifactId>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
</dependency>
<dependency>
<groupId>com.icegreen</groupId>
<artifactId>greenmail</artifactId>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.infinispan</groupId>
<artifactId>infinispan-core</artifactId>
</dependency>
<dependency>
<groupId>org.seleniumhq.selenium</groupId>
<artifactId>selenium-java</artifactId>
</dependency>
<dependency>
<groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
</dependency>
<dependency>
<groupId>org.seleniumhq.selenium</groupId>
<artifactId>selenium-chrome-driver</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-testsuite-integration-deprecated</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-testsuite-integration-deprecated</artifactId>
<type>test-jar</type>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-test-apps-servlets</artifactId>
<version>${project.version}</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>2.2</version>
<executions>
<execution>
<goals>
<goal>test-jar</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<configuration>
<workingDirectory>${project.basedir}</workingDirectory>
</configuration>
</plugin>
</plugins>
</build>
<profiles>
<profile>
<id>keycloak-server</id>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<configuration>
<mainClass>org.keycloak.testsuite.KeycloakServer</mainClass>
</configuration>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>mail-server</id>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<configuration>
<mainClass>org.keycloak.testsuite.MailServer</mainClass>
</configuration>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>totp</id>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<configuration>
<mainClass>org.keycloak.testsuite.TotpGenerator</mainClass>
</configuration>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>jpa</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<systemPropertyVariables>
<keycloak.realm.provider>jpa</keycloak.realm.provider>
<keycloak.user.provider>jpa</keycloak.user.provider>
<keycloak.eventStore.provider>jpa</keycloak.eventStore.provider>
</systemPropertyVariables>
</configuration>
</plugin>
</plugins>
</build>
</profile>
<!-- MySQL -->
<profile>
<activation>
<property>
<name>keycloak.connectionsJpa.driver</name>
<value>com.mysql.jdbc.Driver</value>
</property>
</activation>
<id>mysql</id>
<dependencies>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>${mysql.version}</version>
</dependency>
</dependencies>
</profile>
<!-- PostgreSQL -->
<profile>
<activation>
<property>
<name>keycloak.connectionsJpa.driver</name>
<value>org.postgresql.Driver</value>
</property>
</activation>
<id>postgresql</id>
<dependencies>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<version>${postgresql.version}</version>
</dependency>
</dependencies>
</profile>
<profile>
<id>clean-jpa</id>
<build>
<plugins>
<plugin>
<groupId>org.liquibase</groupId>
<artifactId>liquibase-maven-plugin</artifactId>
<configuration>
<changeLogFile>META-INF/jpa-changelog-master.xml</changeLogFile>
<url>${keycloak.connectionsJpa.url}</url>
<driver>${keycloak.connectionsJpa.driver}</driver>
<username>${keycloak.connectionsJpa.user}</username>
<password>${keycloak.connectionsJpa.password}</password>
<promptOnNonLocalDatabase>false</promptOnNonLocalDatabase>
</configuration>
<executions>
<execution>
<id>clean-jpa</id>
<phase>clean</phase>
<goals>
<goal>dropAll</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>

View file

@ -1,205 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite;
import org.apache.catalina.startup.Tomcat;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.helper.adapter.AdapterTestStrategy;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import java.io.File;
import java.net.URL;
import java.util.regex.Matcher;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class Tomcat7Test {
@ClassRule
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
@Override
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
AdapterTestStrategy.baseAdapterTestInitialization(session, manager, adminRealm, getClass());
}
};
static Tomcat tomcat = null;
@BeforeClass
public static void initTomcat() throws Exception {
tomcat = new Tomcat();
String baseDir = getBaseDirectory();
tomcat.setBaseDir(baseDir);
tomcat.setPort(8082);
System.setProperty("app.server.base.url", "http://localhost:8082");
System.setProperty("my.host.name", "localhost");
URL dir = Tomcat7Test.class.getResource("/adapter-test/demorealm.json");
File base = new File(dir.getFile()).getParentFile();
tomcat.addWebapp("/customer-portal", new File(base, "customer-portal").toString());
tomcat.addWebapp("/customer-db", new File(base, "customer-db").toString());
tomcat.addWebapp("/customer-db-error-page", new File(base, "customer-db-error-page").toString());
tomcat.addWebapp("/product-portal", new File(base, "product-portal").toString());
tomcat.addWebapp("/secure-portal", new File(base, "secure-portal").toString());
tomcat.addWebapp("/session-portal", new File(base, "session-portal").toString());
tomcat.addWebapp("/input-portal", new File(base, "input-portal").toString());
tomcat.start();
//tomcat.getServer().await();
}
@AfterClass
public static void shutdownTomcat() throws Exception {
tomcat.stop();
tomcat.destroy();
}
@Rule
public AdapterTestStrategy testStrategy = new AdapterTestStrategy("http://localhost:8081/auth", "http://localhost:8082", keycloakRule);
@Test
public void testLoginSSOAndLogout() throws Exception {
testStrategy.testLoginSSOAndLogout();
}
@Test
public void testLoginEncodedRedirectUri() throws Exception {
testStrategy.testLoginEncodedRedirectUri();
}
@Test
public void testSavedPostRequest() throws Exception {
testStrategy.testSavedPostRequest();
}
@Test
public void testServletRequestLogout() throws Exception {
testStrategy.testServletRequestLogout();
}
@Test
public void testLoginSSOIdle() throws Exception {
testStrategy.testLoginSSOIdle();
}
@Test
public void testLoginSSOIdleRemoveExpiredUserSessions() throws Exception {
testStrategy.testLoginSSOIdleRemoveExpiredUserSessions();
}
@Test
public void testLoginSSOMax() throws Exception {
testStrategy.testLoginSSOMax();
}
/**
* KEYCLOAK-518
* @throws Exception
*/
@Test
public void testNullBearerToken() throws Exception {
testStrategy.testNullBearerToken();
}
/**
* KEYCLOAK-1368
* @throws Exception
*/
@Test
public void testNullBearerTokenCustomErrorPage() throws Exception {
testStrategy.testNullBearerTokenCustomErrorPage();
}
/**
* KEYCLOAK-518
* @throws Exception
*/
@Test
public void testBadUser() throws Exception {
testStrategy.testBadUser();
}
/**
* KEYCLOAK-732
*
* @throws Throwable
*/
@Test
public void testSingleSessionInvalidated() throws Throwable {
testStrategy.testSingleSessionInvalidated();
}
/**
* KEYCLOAK-741
*/
@Test
public void testSessionInvalidatedAfterFailedRefresh() throws Throwable {
testStrategy.testSessionInvalidatedAfterFailedRefresh();
}
/**
* KEYCLOAK-942
*/
@Test
public void testAdminApplicationLogout() throws Throwable {
testStrategy.testAdminApplicationLogout();
}
/**
* KEYCLOAK-1216
*/
@Test
public void testAccountManagementSessionsLogout() throws Throwable {
testStrategy.testAccountManagementSessionsLogout();
}
private static String getBaseDirectory() {
String dirPath = null;
String relativeDirPath = "testsuite" + File.separator + "tomcat7" + File.separator + "target";
if (System.getProperties().containsKey("maven.home")) {
dirPath = System.getProperty("user.dir").replaceFirst("testsuite.tomcat7.*", Matcher.quoteReplacement(relativeDirPath));
} else {
for (String c : System.getProperty("java.class.path").split(File.pathSeparator)) {
if (c.contains(File.separator + "testsuite" + File.separator + "tomcat7")) {
dirPath = c.replaceFirst("testsuite.tomcat7.*", Matcher.quoteReplacement(relativeDirPath));
break;
}
}
}
String absolutePath = new File(dirPath).getAbsolutePath();
return absolutePath;
}
}

View file

@ -1,207 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite;
import org.apache.catalina.startup.Tomcat;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.helper.adapter.SamlAdapterTestStrategy;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.openqa.selenium.WebDriver;
import java.io.File;
import java.net.URL;
import java.util.regex.Matcher;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class TomcatSamlTest {
@Rule
public SamlAdapterTestStrategy testStrategy = new SamlAdapterTestStrategy("http://localhost:8081/auth", "http://localhost:8082", keycloakRule);
@ClassRule
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
@Override
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
SamlAdapterTestStrategy.baseAdapterTestInitialization(session, manager, adminRealm, getClass());
}
};
static Tomcat tomcat = null;
@BeforeClass
public static void initTomcat() throws Exception {
tomcat = new Tomcat();
String baseDir = getBaseDirectory();
tomcat.setBaseDir(baseDir);
tomcat.setPort(8082);
System.setProperty("app.server.base.url", "http://localhost:8082");
System.setProperty("my.host.name", "localhost");
URL dir = TomcatSamlTest.class.getResource("/keycloak-saml/testsaml.json");
File base = new File(dir.getFile()).getParentFile();
tomcat.addWebapp("/sales-post", new File(base, "simple-post").toString());
tomcat.addWebapp("/sales-post-sig", new File(base, "signed-post").toString());
tomcat.addWebapp("/sales-post-sig-email", new File(base, "signed-post-email").toString());
tomcat.addWebapp("/sales-post-sig-transient", new File(base, "signed-post-transient").toString());
tomcat.addWebapp("/sales-post-sig-persistent", new File(base, "signed-post-persistent").toString());
tomcat.addWebapp("/sales-metadata", new File(base, "signed-metadata").toString());
tomcat.addWebapp("/employee-sig", new File(base, "signed-get").toString());
tomcat.addWebapp("/employee2", new File(base, "mappers").toString());
tomcat.addWebapp("/employee-sig-front", new File(base, "signed-front-get").toString());
tomcat.addWebapp("/bad-client-sales-post-sig", new File(base, "bad-client-signed-post").toString());
tomcat.addWebapp("/bad-realm-sales-post-sig", new File(base, "bad-realm-signed-post").toString());
tomcat.addWebapp("/sales-post-enc", new File(base, "encrypted-post").toString());
tomcat.addWebapp("/sales-post2", new File(base, "simple-post2").toString());
tomcat.addWebapp("/input-portal", new File(base, "simple-input").toString());
SamlAdapterTestStrategy.uploadSP("http://localhost:8081/auth");
tomcat.start();
//tomcat.getServer().await();
}
@AfterClass
public static void shutdownTomcat() throws Exception {
tomcat.stop();
tomcat.destroy();
}
@Test
public void testSavedPostRequest() throws Exception {
testStrategy.testSavedPostRequest();
}
@Test
public void testPostSimpleLoginLogoutIdpInitiatedRedirectTo() {
testStrategy.testPostSimpleLoginLogoutIdpInitiatedRedirectTo();
}
@Test
public void testErrorHandlingSigned() throws Exception {
testStrategy.testErrorHandlingSigned();
}
@Test
public void testErrorHandlingUnsigned() throws Exception {
testStrategy.testErrorHandlingUnsigned();
}
@Test
public void testPostSimpleLoginLogout() {
testStrategy.testPostSimpleLoginLogout();
}
@Test
public void testPostSimpleLoginLogoutIdpInitiated() {
testStrategy.testPostSimpleLoginLogoutIdpInitiated();
}
@Test
public void testPostSignedLoginLogout() {
testStrategy.testPostSignedLoginLogout();
}
@Test
public void testPostSignedLoginLogoutTransientNameID() {
testStrategy.testPostSignedLoginLogoutTransientNameID();
}
@Test
public void testPostSignedLoginLogoutPersistentNameID() {
testStrategy.testPostSignedLoginLogoutPersistentNameID();
}
@Test
public void testPostSignedLoginLogoutEmailNameID() {
testStrategy.testPostSignedLoginLogoutEmailNameID();
}
@Test
public void testAttributes() throws Exception {
testStrategy.testAttributes();
}
@Test
public void testRedirectSignedLoginLogout() {
testStrategy.testRedirectSignedLoginLogout();
}
@Test
public void testRedirectSignedLoginLogoutFrontNoSSO() {
testStrategy.testRedirectSignedLoginLogoutFrontNoSSO();
}
@Test
public void testRedirectSignedLoginLogoutFront() {
testStrategy.testRedirectSignedLoginLogoutFront();
}
@Test
public void testPostEncryptedLoginLogout() {
testStrategy.testPostEncryptedLoginLogout();
}
@Test
public void testPostBadClientSignature() {
testStrategy.testPostBadClientSignature();
}
@Test
public void testPostBadRealmSignature() {
testStrategy.testPostBadRealmSignature();
}
@Test
public void testPostSimpleUnauthorized() {
testStrategy.testPostSimpleUnauthorized( new SamlAdapterTestStrategy.CheckAuthError() {
@Override
public void check(WebDriver driver) {
Assert.assertTrue(driver.getPageSource().contains("forbidden"));
}
});
}
@Test
public void testMetadataPostSignedLoginLogout() throws Exception {
testStrategy.testMetadataPostSignedLoginLogout();
}
private static String getBaseDirectory() {
String dirPath = null;
String relativeDirPath = "testsuite" + File.separator + "tomcat7" + File.separator + "target";
if (System.getProperties().containsKey("maven.home")) {
dirPath = System.getProperty("user.dir").replaceFirst("testsuite.tomcat7.*", Matcher.quoteReplacement(relativeDirPath));
} else {
for (String c : System.getProperty("java.class.path").split(File.pathSeparator)) {
if (c.contains(File.separator + "testsuite" + File.separator + "tomcat7")) {
dirPath = c.replaceFirst("testsuite.tomcat7.*", Matcher.quoteReplacement(relativeDirPath));
break;
}
}
}
String absolutePath = new File(dirPath).getAbsolutePath();
return absolutePath;
}
}

View file

@ -1,20 +0,0 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<Context path="/customer-db-error-page">
<Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
</Context>

View file

@ -1,10 +0,0 @@
{
"realm" : "demo",
"resource" : "customer-db",
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-server-url": "http://localhost:8081/auth",
"ssl-required" : "external",
"bearer-only" : true,
"enable-cors" : true
}

View file

@ -1,96 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>adapter-test</module-name>
<servlet>
<servlet-name>Servlet</servlet-name>
<servlet-class>org.keycloak.testsuite.adapter.servlet.CustomerDatabaseServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>Error Servlet</servlet-name>
<servlet-class>org.keycloak.testsuite.rule.ErrorServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Servlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Error Servlet</servlet-name>
<url-pattern>/error.html</url-pattern>
</servlet-mapping>
<error-page>
<error-code>400</error-code>
<location>/error.html</location>
</error-page>
<error-page>
<error-code>401</error-code>
<location>/error.html</location>
</error-page>
<error-page>
<error-code>403</error-code>
<location>/error.html</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/error.html</location>
</error-page>
<security-constraint>
<web-resource-collection>
<web-resource-name>Users</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Errors</web-resource-name>
<url-pattern>/error.html</url-pattern>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>demo</realm-name>
<form-login-config>
<form-login-page>/error.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>

View file

@ -1,10 +0,0 @@
{
"realm" : "demo",
"resource" : "customer-db",
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-server-url": "http://localhost:8081/auth",
"ssl-required" : "external",
"bearer-only" : true,
"enable-cors" : true
}

View file

@ -1,57 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>adapter-test</module-name>
<servlet>
<servlet-name>Servlet</servlet-name>
<servlet-class>org.keycloak.testsuite.adapter.servlet.CustomerDatabaseServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Servlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Users</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>demo</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>

View file

@ -1,11 +0,0 @@
{
"realm": "demo",
"resource": "customer-portal",
"realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-server-url": "http://localhost:8081/auth",
"ssl-required" : "external",
"expose-token": true,
"credentials": {
"secret": "password"
}
}

View file

@ -1,76 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>adapter-test</module-name>
<servlet>
<servlet-name>Servlet</servlet-name>
<servlet-class>org.keycloak.testsuite.adapter.servlet.CustomerServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>Error Servlet</servlet-name>
<servlet-class>org.keycloak.testsuite.rule.ErrorServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Servlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Error Servlet</servlet-name>
<url-pattern>/error.html</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Users</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Errors</web-resource-name>
<url-pattern>/error.html</url-pattern>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>demo</realm-name>
<form-login-config>
<form-login-page>/error.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>

View file

@ -1,164 +0,0 @@
{
"id": "demo",
"realm": "demo",
"enabled": true,
"accessTokenLifespan": 3000,
"accessCodeLifespan": 10,
"accessCodeLifespanUserAction": 6000,
"sslRequired": "external",
"registrationAllowed": false,
"privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
"publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"requiredCredentials": [ "password" ],
"users" : [
{
"username" : "bburke@redhat.com",
"enabled": true,
"email" : "bburke@redhat.com",
"firstName": "Bill",
"lastName": "Burke",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"realmRoles": [ "user" ],
"applicationRoles": {
"account": [ "manage-account" ]
}
},
{
"username" : "mposolda",
"enabled": true,
"email" : "mposolda@redhat.com",
"firstName": "Marek",
"lastName": "Posolda",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"realmRoles": [ "user" ],
"applicationRoles": {
"account": [ "manage-account" ]
}
}
],
"roles" : {
"realm" : [
{
"name": "user",
"description": "User privileges"
},
{
"name": "admin",
"description": "Administrator privileges"
}
]
},
"scopeMappings": [
{
"client": "third-party",
"roles": ["user"]
},
{
"client": "customer-portal",
"roles": ["user"]
},
{
"client": "product-portal",
"roles": ["user"]
}
],
"applications": [
{
"name": "customer-portal",
"enabled": true,
"adminUrl": "http://localhost:8082/customer-portal",
"baseUrl": "http://localhost:8082/customer-portal",
"directAccessGrantsEnabled": true,
"redirectUris": [
"http://localhost:8082/customer-portal/*"
],
"secret": "password"
},
{
"name": "customer-cookie-portal",
"enabled": true,
"baseUrl": "http://localhost:8082/customer-cookie-portal",
"redirectUris": [
"http://localhost:8082/customer-cookie-portal/*"
],
"secret": "password"
},
{
"name": "customer-portal-js",
"enabled": true,
"publicClient": true,
"adminUrl": "http://localhost:8082/customer-portal-js",
"baseUrl": "http://localhost:8082/customer-portal-js",
"redirectUris": [
"http://localhost:8080/customer-portal-js/*"
]
},
{
"name": "customer-portal-cli",
"enabled": true,
"publicClient": true,
"redirectUris": [
"urn:ietf:wg:oauth:2.0:oob",
"http://localhost"
]
},
{
"name": "product-portal",
"enabled": true,
"adminUrl": "http://localhost:8082/product-portal",
"baseUrl": "http://localhost:8082/product-portal",
"redirectUris": [
"http://localhost:8082/product-portal/*"
],
"secret": "password"
},
{
"name": "secure-portal",
"enabled": true,
"adminUrl": "http://localhost:8082/secure-portal",
"baseUrl": "http://localhost:8082/secure-portal",
"redirectUris": [
"http://localhost:8082/secure-portal/*"
],
"secret": "password"
},
{
"name": "session-portal",
"enabled": true,
"adminUrl": "http://localhost:8082/session-portal",
"baseUrl": "http://localhost:8082/session-portal",
"redirectUris": [
"http://localhost:8082/session-portal/*"
],
"secret": "password"
},
{
"name": "input-portal",
"enabled": true,
"adminUrl": "http://localhost:8082/input-portal",
"baseUrl": "http://localhost:8082/input-portal",
"redirectUris": [
"http://localhost:8082/input-portal/*"
],
"secret": "password"
}
],
"oauthClients": [
{
"name": "third-party",
"enabled": true,
"redirectUris": [
"http://localhost:8082/oauth-client/*",
"http://localhost:8082/oauth-client-cdi/*"
],
"secret": "password"
}
]
}

View file

@ -1,10 +0,0 @@
{
"realm" : "demo",
"resource" : "input-portal",
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-server-url" : "http://${my.host.name}:8081/auth",
"ssl-required" : "external",
"credentials" : {
"secret": "password"
}
}

View file

@ -1,57 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>adapter-test</module-name>
<servlet>
<servlet-name>Servlet</servlet-name>
<servlet-class>org.keycloak.testsuite.adapter.servlet.InputServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Servlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Users</web-resource-name>
<url-pattern>/secured/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>demo</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>

View file

@ -1,20 +0,0 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<Context path="/customer-portal">
<Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
</Context>

View file

@ -1,10 +0,0 @@
{
"realm" : "demo",
"resource" : "product-portal",
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-server-url" : "http://localhost:8081/auth",
"ssl-required" : "external",
"credentials" : {
"secret": "password"
}
}

View file

@ -1,57 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>adapter-test</module-name>
<servlet>
<servlet-name>Servlet</servlet-name>
<servlet-class>org.keycloak.testsuite.adapter.servlet.ProductServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Servlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Users</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>demo</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>

View file

@ -1,20 +0,0 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<Context path="/customer-portal">
<Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
</Context>

Some files were not shown because too many files have changed in this diff Show more