Merge remote-tracking branch 'upstream/master'

admin-ui-styles/src/main/resources/META-INF/resources/admin-ui/css/forms.css

@@ -453,7 +453,6 @@ input[type="email"].tiny {
   background-image: url(img/chosen-arrow-down.png), -moz-linear-gradient(center top, #eeeeee 0%, #ffffff 50%);
   border-bottom: none;
   border-radius: 2px 2px 0 0;
-  background-image: ;
   background-repeat: no-repeat;
   background-position: right top;
 }
@@ -524,7 +523,7 @@ input[type="email"].tiny {
   line-height: 1.45454545454545em;
 }
 .tokenfield.form-control .token .close {
-  text-indent: -9999999em;
+  text-indent: -99999em;
   width: 1.6em;
   height: 1.6em;
   line-height: 1.6em;
@@ -569,7 +568,7 @@ input[type="email"].tiny {
   line-height: 1.45454545454545em;
 }
 .token .close {
-  text-indent: -9999999em;
+  text-indent: -99999em;
   width: 1.6em;
   height: 1.6em;
   line-height: 1.6em;

admin-ui-styles/src/main/resources/META-INF/resources/admin-ui/css/forms.less

@@ -544,7 +544,6 @@ input[type="email"] {
         background-image: url(img/chosen-arrow-down.png), -moz-linear-gradient(center top , #eee 0%, #fff 50%);
         border-bottom: none;
         border-radius: 2px 2px 0 0;
-        background-image: ;
         background-repeat: no-repeat;
         background-position: right top;
     }
@@ -628,7 +627,7 @@ input[type="email"] {
         }
         
         .close {
-            text-indent: -9999999em;
+            text-indent: -99999em;
             width: 1.6em;
             height: 1.6em;
             line-height: 1.6em;
@@ -680,7 +679,7 @@ input[type="email"] {
     }
     
     .close {
-        text-indent: -9999999em;
+        text-indent: -99999em;
         width: 1.6em;
         height: 1.6em;
         line-height: 1.6em;

admin-ui-styles/src/main/resources/META-INF/resources/admin-ui/css/sprites.css

@@ -5,7 +5,7 @@
 	height: 16px;
 	background-image: url(img/sprites.png); /* Modified by Gabriel */
 	background-repeat: no-repeat;
-	text-indent: -9999999em;
+	text-indent: -99999em;
 	margin-right: 0.5em;
 	vertical-align: text-top;
 }

examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/realm-detail.html

@@ -60,8 +60,8 @@
                         <div class="form-group clearfix block">
                             <label class="control-label">User registration</label>
                             <div class="onoffswitch">
-                                <input type="checkbox" data-ng-model="realm.userRegistration" class="onoffswitch-checkbox" name="userRegistration" id="userRegistration">
+                                <input type="checkbox" data-ng-model="realm.registrationAllowed" class="onoffswitch-checkbox" name="registrationAllowed" id="registrationAllowed">
-                                <label for="userRegistration" class="onoffswitch-label">
+                                <label for="registrationAllowed" class="onoffswitch-label">
                                             <span class="onoffswitch-inner">
                                                 <span class="onoffswitch-active">ON</span>
                                                 <span class="onoffswitch-inactive">OFF</span>

examples/as7-eap-demo/server/src/main/webapp/saas/oauthGrantForm.jsp

@@ -1,4 +1,4 @@
-<%@ page import="org.keycloak.services.models.*,org.keycloak.services.resources.*,javax.ws.rs.core.*,java.util.*" language="java" contentType="text/html; charset=ISO-8859-1"
+<%@ page import="org.keycloak.models.*,org.keycloak.services.resources.*,javax.ws.rs.core.*,java.util.*" language="java" contentType="text/html; charset=ISO-8859-1"
  pageEncoding="ISO-8859-1"%>
 <%
         RealmModel realm = (RealmModel)request.getAttribute(RealmModel.class.getName());

examples/js/index.html

@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="keycloak.js"></script>
+</head>
+<body>
+
+	<script>
+		keycloak.init({
+			clientId : 'test-app',
+			clientSecret : 'password',
+			baseUrl : 'http://localhost:8081/auth-server',
+			realm : 'test'
+		});
+
+		if (keycloak.authenticated) {
+			document.write('User: ' + keycloak.user);
+		} else {
+			document.write('<a href="#" id="login" onclick="keycloak.login()">Login</a>');
+		}
+	</script>
+
+</body>
+</html>

examples/js/keycloak.js

@@ -0,0 +1,120 @@
+window.keycloak = (function() {
+	var kc = {};
+	var config = null;
+
+	kc.init = function(c) {
+		config = c;
+
+		var token = getTokenFromCode();
+		if (token) {
+			var t = parseToken(token);
+			kc.user = t.prn;
+			kc.authenticated = true;
+		} else {
+			kc.authenticated = false;
+		}
+	}
+
+	kc.login = function() {
+		var clientId = encodeURIComponent(config.clientId);
+		var redirectUri = encodeURIComponent(window.location.href);
+		var state = encodeURIComponent(createUUID());
+		var realm = encodeURIComponent(config.realm);
+		var url = config.baseUrl + '/rest/realms/' + realm + '/tokens/login?response_type=code&client_id=' + clientId + '&redirect_uri=' + redirectUri
+				+ '&state=' + state;
+		window.location.href = url;
+	}
+
+	return kc;
+
+	function parseToken(token) {
+		var t = base64Decode(token.split('.')[1]);
+		return JSON.parse(t);
+	}
+
+	function getTokenFromCode() {
+		var code = getQueryParam('code');
+		if (code) {
+			window.history.replaceState({}, document.title, location.protocol + "//" + location.host + location.pathname);
+			
+			var clientId = encodeURIComponent(config.clientId);
+			var clientSecret = encodeURIComponent(config.clientSecret);
+			var realm = encodeURIComponent(config.realm);
+
+			var params = 'code=' + code + '&client_id=' + config.clientId + '&password=' + config.clientSecret;
+			var url = config.baseUrl + '/rest/realms/' + realm + '/tokens/access/codes'
+
+			var http = new XMLHttpRequest();
+			http.open('POST', url, false);
+			http.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
+
+			http.send(params);
+			if (http.status == 200) {
+				return JSON.parse(http.responseText)['access_token'];
+			}
+		}
+		return undefined;
+	}
+
+	function getQueryParam(name) {
+		var params = window.location.search.substring(1).split('&');
+		for ( var i = 0; i < params.length; i++) {
+			var p = params[i].split('=');
+			if (decodeURIComponent(p[0]) == name) {
+				return p[1];
+			}
+		}
+	}
+
+	function createUUID() {
+		var s = [];
+		var hexDigits = '0123456789abcdef';
+		for ( var i = 0; i < 36; i++) {
+			s[i] = hexDigits.substr(Math.floor(Math.random() * 0x10), 1);
+		}
+		s[14] = '4';
+		s[19] = hexDigits.substr((s[19] & 0x3) | 0x8, 1);
+		s[8] = s[13] = s[18] = s[23] = '-';
+		var uuid = s.join('');
+		return uuid;
+	}
+
+	function base64Decode (data) {
+		  var b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
+		  var o1, o2, o3, h1, h2, h3, h4, bits, i = 0,
+		    ac = 0,
+		    dec = "",
+		    tmp_arr = [];
+
+		  if (!data) {
+		    return data;
+		  }
+
+		  data += '';
+
+		  do {
+		    h1 = b64.indexOf(data.charAt(i++));
+		    h2 = b64.indexOf(data.charAt(i++));
+		    h3 = b64.indexOf(data.charAt(i++));
+		    h4 = b64.indexOf(data.charAt(i++));
+
+		    bits = h1 << 18 | h2 << 12 | h3 << 6 | h4;
+
+		    o1 = bits >> 16 & 0xff;
+		    o2 = bits >> 8 & 0xff;
+		    o3 = bits & 0xff;
+
+		    if (h3 == 64) {
+		      tmp_arr[ac++] = String.fromCharCode(o1);
+		    } else if (h4 == 64) {
+		      tmp_arr[ac++] = String.fromCharCode(o1, o2);
+		    } else {
+		      tmp_arr[ac++] = String.fromCharCode(o1, o2, o3);
+		    }
+		  } while (i < data.length);
+
+		  dec = tmp_arr.join('');
+
+		  return dec;
+		}
+})();

examples/js/testrealm.json

@@ -0,0 +1,59 @@
+{
+    "id": "test",
+    "realm": "test",
+    "enabled": true,
+    "tokenLifespan": 300,
+    "accessCodeLifespan": 10,
+    "accessCodeLifespanUserAction": 600,
+    "sslNotRequired": true,
+    "cookieLoginAllowed": true,
+    "registrationAllowed": true,
+    "resetPasswordAllowed": true,
+    "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
+    "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+    "requiredCredentials": [ "password" ],
+    "requiredApplicationCredentials": [ "password" ],
+    "requiredOAuthClientCredentials": [ "password" ],
+    "defaultRoles": [ "user" ],
+    "users" : [
+        {
+            "username" : "test-user@localhost",
+            "enabled": true,
+            "email" : "test-user@localhost",
+            "credentials" : [
+                { "type" : "password",
+                    "value" : "password" }
+            ]
+        }
+    ],
+    "roles": [
+        {
+            "name": "user",
+            "description": "Have User privileges"
+        },
+        {
+            "name": "admin",
+            "description": "Have Administrator privileges"
+        }
+    ],
+    "roleMappings": [
+        {
+            "username": "test-user@localhost",
+            "roles": ["user"]
+        }
+    ],
+    "applications": [
+        {
+            "name": "test-app",
+            "enabled": true,
+            "adminUrl": "http://localhost:8081/app/logout",
+            "useRealmMappings": true,
+            "credentials": [
+                {
+                    "type": "password",
+                    "value": "password"
+                }
+            ]
+        }
+    ]
+}

forms/src/main/java/org/keycloak/forms/UrlBean.java

@@ -34,6 +34,16 @@ public class UrlBean {
 
     private RealmBean realm;
 
+    private boolean socialRegistration;
+
+    public boolean isSocialRegistration() {
+        return socialRegistration;
+    }
+
+    public void setSocialRegistration(boolean socialRegistration) {
+        this.socialRegistration = socialRegistration;
+    }
+
     public UrlBean(RealmBean realm, URI baseURI){
         this.realm = realm;
         this.baseURI = baseURI;
@@ -82,6 +92,8 @@ public class UrlBean {
     public String getRegistrationAction() {
         if (realm.isSaas()) {
             return Urls.saasRegisterAction(baseURI).toString();
+        } else if (socialRegistration){
+            return Urls.socialRegisterAction(baseURI, realm.getId()).toString();
         } else {
             return Urls.realmRegisterAction(baseURI, realm.getId()).toString();
         }

forms/src/main/java/org/keycloak/service/FormServiceImpl.java

@@ -65,12 +65,12 @@ public class FormServiceImpl implements FormService {
         commandMap.put(Pages.LOGIN_RESET_PASSWORD, new CommandPassword());
         commandMap.put(Pages.LOGIN_UPDATE_PASSWORD, new CommandPassword());
         commandMap.put(Pages.ACCESS, new CommandAccess());
-        commandMap.put(Pages.SECURITY_FAILURE, new CommandSecurityFailure());
         commandMap.put(Pages.SOCIAL, new CommandSocial());
         commandMap.put(Pages.TOTP, new CommandTotp());
         commandMap.put(Pages.LOGIN_CONFIG_TOTP, new CommandTotp());
         commandMap.put(Pages.LOGIN_TOTP, new CommandLoginTotp());
         commandMap.put(Pages.LOGIN_VERIFY_EMAIL, new CommandLoginTotp());
+        commandMap.put(Pages.ERROR, new CommandError());
     }
 
     public String getId(){
@@ -143,11 +143,6 @@ public class FormServiceImpl implements FormService {
         }
     }
 
-    private class CommandSecurityFailure implements Command {
-        public void exec(Map<String, Object> attributes, FormServiceDataBean dataBean) {
-        }
-    }
-
     private class CommandPassword implements Command {
         public void exec(Map<String, Object> attributes, FormServiceDataBean dataBean) {
             if (dataBean.getError() != null){
@@ -174,6 +169,7 @@ public class FormServiceImpl implements FormService {
             attributes.put("realm", realm);
 
             UrlBean url = new UrlBean(realm, dataBean.getBaseURI());
+            url.setSocialRegistration(dataBean.getSocialRegistration());
 
             attributes.put("url", url);
             attributes.put("user", new UserBean(dataBean.getUserModel()));
@@ -218,6 +214,7 @@ public class FormServiceImpl implements FormService {
             attributes.put("realm", realm);
 
             UrlBean url = new UrlBean(realm, dataBean.getBaseURI());
+            url.setSocialRegistration(dataBean.getSocialRegistration());
 
             attributes.put("url", url);
             attributes.put("user", new UserBean(dataBean.getUserModel()));
@@ -241,6 +238,7 @@ public class FormServiceImpl implements FormService {
             attributes.put("realm", realm);
 
             UrlBean url = new UrlBean(realm, dataBean.getBaseURI());
+            url.setSocialRegistration(dataBean.getSocialRegistration());
 
             attributes.put("url", url);
             attributes.put("user", new UserBean(dataBean.getUserModel()));
@@ -253,6 +251,14 @@ public class FormServiceImpl implements FormService {
         }
     }
 
+    private class CommandError implements Command {
+        public void exec(Map<String, Object> attributes, FormServiceDataBean dataBean) {
+            if (dataBean.getError() != null){
+                attributes.put("error", new ErrorBean(dataBean.getError()));
+            }
+        }
+    }
+
     private interface Command {
         public void exec(Map<String, Object> attributes, FormServiceDataBean dataBean);
     }

forms/src/main/resources/META-INF/resources/forms/theme/default/error.ftl

@@ -1,6 +1,6 @@
 <#-- TODO: Only a placeholder, implementation needed -->
 <#import "template-login-action.ftl" as layout>
-<@layout.registrationLayout bodyClass="reset"; section>
+<@layout.registrationLayout bodyClass="reset" isErrorPage=true; section>
     <#if section = "title">
 
     We're sorry...
@@ -12,7 +12,7 @@
     <#elseif section = "form">
 
         <p class="instruction">Something happened and we could not process your request.</p>
-        <p class="instruction second">Please make sure the URL you entered is correct.</p>
+        <p class="instruction second">${error.summary}</p>
         <a href="saas-login.html" class="link-right">Go to the homepage »</a>
 
     <#elseif section = "info" >

forms/src/main/resources/META-INF/resources/forms/theme/default/template-login-action.ftl

@@ -1,4 +1,4 @@
-<#macro registrationLayout bodyClass>
+<#macro registrationLayout bodyClass isErrorPage=false>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 
@@ -37,7 +37,7 @@
                     <#nested "form">
                 </div>
 
-                <#if error?has_content>
+                <#if !isErrorPage && error?has_content>
                     <div class="feedback error bottom-left show">
                         <p>
                             <strong id="loginError">${rb.getString(error.summary)}</strong>

services/src/main/java/org/keycloak/services/resources/AccountService.java

@@ -296,6 +296,7 @@ public class AccountService {
             return Flows.forms(realm, request, uriInfo).setAccessCode(accessCode).setUser(user)
                     .forwardToAction(requiredActions.iterator().next());
         } else {
+            accessCode.setExpiration((System.currentTimeMillis() / 1000) + realm.getAccessCodeLifespan());
             return Flows.oauth(realm, request, uriInfo, authManager, tokenManager).redirectAccessCode(accessCode,
                     accessCode.getState(), accessCode.getRedirectUri());
         }

services/src/main/java/org/keycloak/services/resources/SocialResource.java

@@ -57,7 +57,6 @@ import org.keycloak.services.managers.RealmManager;
 import org.keycloak.services.managers.TokenManager;
 import org.keycloak.services.resources.flows.Flows;
 import org.keycloak.services.resources.flows.OAuthFlows;
-import org.keycloak.services.resources.flows.PageFlows;
 import org.keycloak.services.resources.flows.Urls;
 import org.keycloak.social.AuthCallback;
 import org.keycloak.social.AuthRequest;
@@ -221,9 +220,12 @@ public class SocialResource {
             @QueryParam("provider_id") final String providerId, @QueryParam("client_id") final String clientId,
             @QueryParam("scope") final String scope, @QueryParam("state") final String state,
             @QueryParam("redirect_uri") final String redirectUri) {
+        RealmManager realmManager = new RealmManager(session);
+        RealmModel realm = realmManager.getRealm(realmId);
+
         SocialProvider provider = getProvider(providerId);
         if (provider == null) {
-            return Flows.pages(request).forwardToSecurityFailure("Social provider not found");
+            return Flows.forms(realm, request, uriInfo).setError("Social provider not found").forwardToErrorPage();
         }
 
         String key = System.getProperty("keycloak.social." + providerId + ".key");
@@ -244,7 +246,7 @@ public class SocialResource {
 
             return Response.status(Status.FOUND).location(authRequest.getAuthUri()).build();
         } catch (Throwable t) {
-            return Flows.pages(request).forwardToSecurityFailure("Failed to redirect to social auth");
+            return Flows.forms(realm, request, uriInfo).setError("Failed to redirect to social auth").forwardToErrorPage();
         }
     }
 
@@ -253,24 +255,24 @@ public class SocialResource {
     @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
     public Response socialRegistration(@PathParam("realm") final String realmId,
                                        final MultivaluedMap<String, String> formData) {
-        PageFlows pageFlows = Flows.pages(request);
+        RealmManager realmManager = new RealmManager(session);
+        RealmModel realm = realmManager.getRealm(realmId);
+
         Cookie cookie = headers.getCookies().get(SocialConstants.SOCIAL_REGISTRATION_COOKIE);
         if (cookie == null) {
-            return pageFlows.forwardToSecurityFailure("Social registration cookie not found");
+            return Flows.forms(realm, request, uriInfo).setError("Social registration cookie not found").forwardToErrorPage();
         }
 
         String requestId = cookie.getValue();
         if (!socialRequestManager.isRequestId(requestId)) {
             logger.error("Unknown requestId found in cookie. Maybe it's expired. requestId=" + requestId);
-            return pageFlows.forwardToSecurityFailure("Unknown requestId found in cookie. Maybe it's expired.");
+            return Flows.forms(realm, request, uriInfo).setError("Unknown requestId found in cookie. Maybe it's expired.").forwardToErrorPage();
         }
 
         RequestDetails requestData = socialRequestManager.getData(requestId);
 
-        RealmManager realmManager = new RealmManager(session);
-        RealmModel realm = realmManager.getRealm(realmId);
         if (realm == null || !realm.isEnabled()) {
-            return pageFlows.forwardToSecurityFailure("Realm doesn't exists or is not enabled.");
+            return Flows.forms(realm, request, uriInfo).setError("Realm doesn't exists or is not enabled.").forwardToErrorPage();
         }
         TokenService tokenService = new TokenService(realm, tokenManager);
         resourceContext.initResource(tokenService);

services/src/main/java/org/keycloak/services/resources/TokenService.java

@@ -544,6 +544,7 @@ public class TokenService {
             return redirectAccessDenied(redirect, state);
         }
 
+        accessCodeEntry.setExpiration((System.currentTimeMillis() / 1000) + realm.getAccessCodeLifespan());
         return oauth.redirectAccessCode(accessCodeEntry, state, redirect);
     }
 

services/src/main/java/org/keycloak/services/resources/flows/Flows.java

@@ -36,10 +36,6 @@ public class Flows {
     private Flows() {
     }
 
-    public static PageFlows pages(HttpRequest request) {
-        return new PageFlows(request);
-    }
-
     public static FormFlows forms(RealmModel realm, HttpRequest request, UriInfo uriInfo) {
         return new FormFlows(realm, request, uriInfo);
     }

services/src/main/java/org/keycloak/services/resources/flows/FormFlows.java

@@ -168,6 +168,10 @@ public class FormFlows {
         return forwardToForm(Pages.TOTP);
     }
 
+    public Response forwardToErrorPage() {
+        return forwardToForm(Pages.ERROR);
+    }
+
     public FormFlows setAccessCode(AccessCodeEntry accessCode) {
         this.accessCode = accessCode;
         return this;

services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java

@@ -126,7 +126,7 @@ public class OAuthFlows {
     }
 
     public Response forwardToSecurityFailure(String message) {
-        return Flows.pages(request).forwardToSecurityFailure(message);
+        return Flows.forms(realm, request, uriInfo).setError(message).forwardToErrorPage();
     }
 
 }

services/src/main/java/org/keycloak/services/resources/flows/PageFlows.java

@@ -1,52 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2012, Red Hat, Inc., and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.keycloak.services.resources.flows;
-
-import org.jboss.resteasy.logging.Logger;
-import org.jboss.resteasy.spi.HttpRequest;
-import org.keycloak.services.JspRequestParameters;
-
-import javax.ws.rs.core.Response;
-
-/**
- * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
- */
-public class PageFlows {
-
-    private static final Logger log = Logger.getLogger(PageFlows.class);
-
-    private HttpRequest request;
-
-    PageFlows(HttpRequest request) {
-        this.request = request;
-    }
-
-    public Response forwardToSecurityFailure(String message) {
-        log.error(message);
-
-        request.setAttribute(JspRequestParameters.KEYCLOAK_SECURITY_FAILURE_MESSAGE, message);
-
-        request.forward(Pages.SECURITY_FAILURE);
-        return null;
-    }
-
-}

services/src/main/java/org/keycloak/services/resources/flows/Pages.java

@@ -48,7 +48,7 @@ public class Pages {
 
     public final static String REGISTER = "/forms/register.ftl";
 
-    public final static String SECURITY_FAILURE = "/saas/securityFailure.jsp";
+    public final static String ERROR = "/forms/error.ftl";
 
     public final static String SOCIAL = "/forms/social.ftl";
 

services/src/test/java/TotpUtil.java

@@ -1,14 +0,0 @@
-import org.picketlink.common.util.Base32;
-import org.picketlink.idm.credential.util.TimeBasedOTP;
-
-public class TotpUtil {
-
-    public static void main(String[] args) {
-        String google = "PJBX GURY NZIT C2JX I44T S3D2 JBKD G6SB";
-        google = google.replace(" ", "");
-        google = new String(Base32.decode(google));
-        TimeBasedOTP otp = new TimeBasedOTP();
-        System.out.println(otp.generate(google));
-    }
-
-}

testsuite/README.md

@@ -6,4 +6,49 @@ Browser
 
 The testsuite uses Sellenium. By default it uses the HtmlUnit WebDriver, but can also be executed with Chrome or Firefox.
 
-To run the tests with Firefox add `-Dbrowser=firefox` or for Chrome add `-Dbrowser=chrome`
+To run the tests with Firefox add `-Dbrowser=firefox` or for Chrome add `-Dbrowser=chrome`
+
+
+Test utils
+==========
+
+Keycloak server
+---------------
+
+To start a basic Keycloak server for testing run:
+
+    mvn exec:java -Dexec.mainClass=org.keycloak.testutils.KeycloakServer
+    
+or just run KeycloakServer from your favourite IDE!
+     
+When starting the server it can also import a realm from a json file:
+
+    mvn exec:java -Dexec.mainClass=org.keycloak.testutils.KeycloakServer -Dexec.args="-import testrealm.json"
+    
+You can also change the host and port the server is bound to:
+
+    mvn exec:java -Dexec.mainClass=org.keycloak.testutils.KeycloakServer -Dexec.args="-b host -p 8080"
+
+TOTP codes
+----------
+
+To generate totp codes without Google authenticator run:
+
+    mvn exec:java -Dexec.mainClass=org.keycloak.testutils.TotpGenerator -Dexec.args="PJBX GURY NZIT C2JX I44T S3D2 JBKD G6SB"
+    
+or just run TotpGenerator from your favourite IDE!
+
+Replace value of -Dexec.args with the secret from the totp configuration page
+
+Mail server
+-----------
+
+To start a test mail server for testing email sending run:
+
+    mvn exec:java -Dexec.mainClass=org.keycloak.testutils.MailServer
+    
+or just run MailServer from your favourite IDE!
+
+To configure Keycloak to use the above server add:
+
+    -Dkeycloak.mail.smtp.from=auto@keycloak.org -Dkeycloak.mail.smtp.host=localhost -Dkeycloak.mail.smtp.port=3025

testsuite/pom.xml

@@ -26,7 +26,6 @@
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk16</artifactId>
-            <scope>provided</scope>
         </dependency>
 		<dependency>
 			<groupId>org.keycloak</groupId>
@@ -38,6 +37,11 @@
 			<artifactId>keycloak-services</artifactId>
 			<version>${project.version}</version>
 		</dependency>
+		<dependency>
+			<groupId>org.keycloak</groupId>
+			<artifactId>keycloak-server</artifactId>
+			<version>${project.version}</version>
+		</dependency>
 		<dependency>
 			<groupId>org.keycloak</groupId>
 			<artifactId>keycloak-social-core</artifactId>
@@ -67,37 +71,30 @@
         <dependency>
             <groupId>org.jboss.logging</groupId>
             <artifactId>jboss-logging</artifactId>
-            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.picketlink</groupId>
             <artifactId>picketlink-idm-api</artifactId>
-            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.picketlink</groupId>
             <artifactId>picketlink-common</artifactId>
-            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.picketlink</groupId>
             <artifactId>picketlink-idm-impl</artifactId>
-            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.picketlink</groupId>
             <artifactId>picketlink-idm-simple-schema</artifactId>
-            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.picketlink</groupId>
             <artifactId>picketlink-config</artifactId>
-            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.jboss.resteasy</groupId>
             <artifactId>resteasy-jaxrs</artifactId>
-            <scope>provided</scope>
             <exclusions>
                 <exclusion>
                     <groupId>log4j</groupId>
@@ -116,89 +113,72 @@
          <dependency>
             <groupId>org.jboss.resteasy</groupId>
             <artifactId>jaxrs-api</artifactId>
-            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.jboss.resteasy</groupId>
             <artifactId>resteasy-client</artifactId>
-            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.jboss.resteasy</groupId>
             <artifactId>resteasy-crypto</artifactId>
-            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.jboss.resteasy</groupId>
             <artifactId>jose-jwt</artifactId>
-            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.jboss.resteasy</groupId>
             <artifactId>resteasy-undertow</artifactId>
-            <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>io.undertow</groupId>
             <artifactId>undertow-servlet</artifactId>
-            <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>io.undertow</groupId>
             <artifactId>undertow-core</artifactId>
-            <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.codehaus.jackson</groupId>
             <artifactId>jackson-core-asl</artifactId>
-            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.codehaus.jackson</groupId>
             <artifactId>jackson-mapper-asl</artifactId>
-            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.jboss.spec.javax.servlet</groupId>
             <artifactId>jboss-servlet-api_3.0_spec</artifactId>
-            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.codehaus.jackson</groupId>
             <artifactId>jackson-xc</artifactId>
-            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
-            <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.hibernate.javax.persistence</groupId>
             <artifactId>hibernate-jpa-2.0-api</artifactId>
-            <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>com.h2database</groupId>
             <artifactId>h2</artifactId>
             <version>1.3.161</version>
-            <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.hibernate</groupId>
             <artifactId>hibernate-entitymanager</artifactId>
             <version>3.6.6.Final</version>
-            <scope>test</scope>
         </dependency>
 		<dependency>
     		<groupId>com.icegreen</groupId>
     		<artifactId>greenmail</artifactId>
-            <scope>test</scope>
 		</dependency>     
 		<dependency>
 			<groupId>org.seleniumhq.selenium</groupId>
 			<artifactId>selenium-java</artifactId>
-			<scope>test</scope>
   		</dependency>
 	</dependencies>
 	<build>

testsuite/src/main/java/org/keycloak/testutils/KeycloakServer.java

@@ -0,0 +1,264 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2012, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.keycloak.testutils;
+
+import io.undertow.Undertow;
+import io.undertow.Undertow.Builder;
+import io.undertow.server.handlers.resource.ClassPathResourceManager;
+import io.undertow.servlet.Servlets;
+import io.undertow.servlet.api.DeploymentInfo;
+import io.undertow.servlet.api.FilterInfo;
+
+import java.io.ByteArrayOutputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+import javax.servlet.DispatcherType;
+
+import org.jboss.resteasy.jwt.JsonSerialization;
+import org.jboss.resteasy.logging.Logger;
+import org.jboss.resteasy.plugins.server.undertow.UndertowJaxrsServer;
+import org.jboss.resteasy.spi.ResteasyDeployment;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.KeycloakSessionFactory;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.RoleModel;
+import org.keycloak.models.UserModel;
+import org.keycloak.representations.idm.CredentialRepresentation;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.services.FormService;
+import org.keycloak.services.filters.KeycloakSessionServletFilter;
+import org.keycloak.services.managers.RealmManager;
+import org.keycloak.services.resources.KeycloakApplication;
+import org.keycloak.services.resources.SaasService;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+public class KeycloakServer {
+
+    private static final Logger log = Logger.getLogger(KeycloakServer.class);
+
+    private boolean sysout = false;
+
+    public static class KeycloakServerConfig {
+        private String host = "localhost";
+        private int port = 8081;
+
+        public String getHost() {
+            return host;
+        }
+
+        public int getPort() {
+            return port;
+        }
+
+        public void setHost(String host) {
+            this.host = host;
+        }
+
+        public void setPort(int port) {
+            this.port = port;
+        }
+    }
+
+    private static <T> T loadJson(InputStream is, Class<T> type) {
+        try {
+            ByteArrayOutputStream os = new ByteArrayOutputStream();
+            int c;
+            while ((c = is.read()) != -1) {
+                os.write(c);
+            }
+            byte[] bytes = os.toByteArray();
+            return JsonSerialization.fromBytes(type, bytes);
+        } catch (IOException e) {
+            throw new RuntimeException("Failed to parse json", e);
+        }
+    }
+
+    public static void main(String[] args) throws Throwable {
+        KeycloakServerConfig config = new KeycloakServerConfig();
+
+        for (int i = 0; i < args.length; i++) {
+            if (args[i].equals("-b")) {
+                config.setHost(args[++i]);
+            }
+
+            if (args[i].equals("-p")) {
+                config.setPort(Integer.valueOf(args[++i]));
+            }
+        }
+
+        final KeycloakServer keycloak = new KeycloakServer(config);
+        keycloak.sysout = true;
+        keycloak.start();
+
+        for (int i = 0; i < args.length; i++) {
+            if (args[i].equals("-import")) {
+                keycloak.importRealm(new FileInputStream(args[++i]));
+            }
+        }
+
+        Runtime.getRuntime().addShutdownHook(new Thread() {
+            @Override
+            public void run() {
+                keycloak.stop();
+            }
+        });
+    }
+
+    private KeycloakServerConfig config;
+
+    private KeycloakSessionFactory factory;
+
+    private UndertowJaxrsServer server;
+
+    public KeycloakServer() {
+        this(new KeycloakServerConfig());
+    }
+
+    public KeycloakServer(KeycloakServerConfig config) {
+        this.config = config;
+    }
+
+    public KeycloakSessionFactory getKeycloakSessionFactory() {
+        return factory;
+    }
+
+    public UndertowJaxrsServer getServer() {
+        return server;
+    }
+
+    public void importRealm(InputStream realm) {
+        RealmRepresentation rep = loadJson(realm, RealmRepresentation.class);
+        importRealm(rep);
+    }
+
+    public void importRealm(RealmRepresentation rep) {
+        KeycloakSession session = factory.createSession();
+        session.getTransaction().begin();
+
+        try {
+            RealmManager manager = new RealmManager(session);
+
+            if (rep.getId() == null) {
+                throw new RuntimeException("Realm id not specified");
+            }
+
+            if (manager.getRealm(rep.getId()) != null) {
+                info("Not importing realm " + rep.getRealm() + " realm already exists");
+                return;
+            }
+
+            RealmModel realm = manager.createRealm(rep.getId(), rep.getRealm());
+            manager.importRealm(rep, realm);
+
+            info("Imported realm " + realm.getName());
+
+            session.getTransaction().commit();
+        } finally {
+            session.close();
+        }
+    }
+
+    protected void setupDefaultRealm() {
+        KeycloakSession session = factory.createSession();
+        session.getTransaction().begin();
+
+        try {
+            RealmManager manager = new RealmManager(session);
+
+            if (manager.getRealm(RealmModel.DEFAULT_REALM) != null) {
+                return;
+            }
+
+            RealmModel defaultRealm = manager.createRealm(RealmModel.DEFAULT_REALM, RealmModel.DEFAULT_REALM);
+            manager.generateRealmKeys(defaultRealm);
+
+            defaultRealm.setEnabled(true);
+            defaultRealm.setTokenLifespan(300);
+            defaultRealm.setAccessCodeLifespan(60);
+            defaultRealm.setAccessCodeLifespanUserAction(600);
+            defaultRealm.setSslNotRequired(false);
+            defaultRealm.setCookieLoginAllowed(true);
+            defaultRealm.setRegistrationAllowed(true);
+            defaultRealm.setAutomaticRegistrationAfterSocialLogin(false);
+            defaultRealm.setVerifyEmail(false);
+
+            defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
+            RoleModel role = defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
+            UserModel admin = defaultRealm.addUser("admin");
+            defaultRealm.grantRole(admin, role);
+
+            session.getTransaction().commit();
+        } finally {
+            session.close();
+        }
+    }
+
+    public void start() throws Throwable {
+        long start = System.currentTimeMillis();
+
+        ResteasyDeployment deployment = new ResteasyDeployment();
+        deployment.setApplicationClass(KeycloakApplication.class.getName());
+
+        Builder builder = Undertow.builder().addListener(config.getPort(), config.getHost());
+
+        server = new UndertowJaxrsServer().start(builder);
+
+        DeploymentInfo di = server.undertowDeployment(deployment, "rest");
+        di.setClassLoader(getClass().getClassLoader());
+        di.setContextPath("/auth-server");
+        di.setDeploymentName("Keycloak");
+        di.setResourceManager(new ClassPathResourceManager(FormService.class.getClassLoader(), "META-INF/resources"));
+
+        FilterInfo filter = Servlets.filter("SessionFilter", KeycloakSessionServletFilter.class);
+        di.addFilter(filter);
+        di.addFilterUrlMapping("SessionFilter", "/rest/*", DispatcherType.REQUEST);
+
+        server.deploy(di);
+
+        factory = KeycloakApplication.buildSessionFactory();
+
+        setupDefaultRealm();
+
+        info("Started Keycloak (http://" + config.getHost() + ":" + config.getPort() + "/auth-server) in "
+                + (System.currentTimeMillis() - start) + " ms\n");
+    }
+
+    private void info(String message) {
+        if (sysout) {
+            System.out.println(message);
+        } else {
+            log.info(message);
+        }
+    }
+
+    public void stop() {
+        factory.close();
+        server.stop();
+
+        info("Stopped Keycloak");
+    }
+
+}

testsuite/src/main/java/org/keycloak/testutils/MailServer.java

@@ -0,0 +1,30 @@
+package org.keycloak.testutils;
+
+import javax.mail.internet.MimeMessage;
+import javax.mail.internet.MimeMessage.RecipientType;
+
+import com.icegreen.greenmail.util.GreenMail;
+import com.icegreen.greenmail.util.ServerSetup;
+
+public class MailServer {
+
+    public static void main(String[] args) throws Exception {
+        ServerSetup setup = new ServerSetup(3025, "localhost", "smtp");
+
+        GreenMail greenMail = new GreenMail(setup);
+        greenMail.start();
+        
+        while (true) {
+            int c = greenMail.getReceivedMessages().length;
+
+            if (greenMail.waitForIncomingEmail(Long.MAX_VALUE, c + 1)) {
+                MimeMessage message = greenMail.getReceivedMessages()[c++];
+                System.out.println("Received mail to " + message.getRecipients(RecipientType.TO)[0]);
+                System.out.println();
+                System.out.println(message.getContent());
+                System.out.println("-------------------------------------------------------");
+            }
+        }
+    }
+
+}

testsuite/src/main/java/org/keycloak/testutils/TotpGenerator.java

@@ -0,0 +1,31 @@
+package org.keycloak.testutils;
+
+import java.util.Timer;
+import java.util.TimerTask;
+import java.util.concurrent.TimeUnit;
+
+import org.picketlink.common.util.Base32;
+import org.picketlink.idm.credential.util.TimeBasedOTP;
+
+public class TotpGenerator {
+
+    public static void main(String[] args) {
+        String totp = "";
+        for (String a : args) {
+            totp += a.trim();
+        }
+        totp = totp.replace(" ", "");
+
+        final String google = new String(Base32.decode(totp));
+        final TimeBasedOTP otp = new TimeBasedOTP();
+
+        Timer t = new Timer();
+        t.schedule(new TimerTask() {
+            @Override
+            public void run() {
+                System.out.println(otp.generate(google));
+            }
+        }, 0, TimeUnit.SECONDS.toMillis(TimeBasedOTP.DEFAULT_INTERVAL_SECONDS));
+    }
+
+}

testsuite/src/test/java/org/keycloak/testsuite/OAuthClient.java

@@ -24,6 +24,7 @@ package org.keycloak.testsuite;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.nio.charset.Charset;
+import java.security.PublicKey;
 import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
@@ -40,8 +41,11 @@ import org.apache.http.client.methods.HttpPost;
 import org.apache.http.client.utils.URLEncodedUtils;
 import org.apache.http.impl.client.DefaultHttpClient;
 import org.apache.http.message.BasicNameValuePair;
+import org.jboss.resteasy.security.PemUtils;
 import org.json.JSONObject;
 import org.junit.Assert;
+import org.keycloak.RSATokenVerifier;
+import org.keycloak.representations.SkeletonKeyToken;
 import org.openqa.selenium.By;
 import org.openqa.selenium.WebDriver;
 
@@ -52,7 +56,7 @@ public class OAuthClient {
 
     private WebDriver driver;
 
-    private String baseUrl = "http://localhost:8081/auth-server/rest";
+    private String baseUrl = Constants.AUTH_SERVER_ROOT + "/rest";
 
     private String realm = "test";
 
@@ -68,8 +72,13 @@ public class OAuthClient {
 
     private String state;
 
-    public OAuthClient(WebDriver driver) {
+    private PublicKey realmPublicKey;
+
+    public OAuthClient(WebDriver driver) throws Exception {
         this.driver = driver;
+
+        JSONObject realmJson = new JSONObject(IOUtils.toString(getClass().getResourceAsStream("/testrealm.json")));
+        realmPublicKey = PemUtils.decodePublicKey(realmJson.getString("publicKey"));
     }
 
     public AuthorizationCodeResponse doLogin(String username, String password) {
@@ -109,6 +118,10 @@ public class OAuthClient {
         return new AccessTokenResponse(client.execute(post));
     }
 
+    public SkeletonKeyToken verifyToken(String token) throws Exception {
+        return RSATokenVerifier.verifyToken(token, realmPublicKey, realm);
+    }
+
     public boolean isAuthorizationResponse() {
         return getCurrentRequest().equals(redirectUri) && getCurrentQuery().containsKey("code");
     }

testsuite/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java

@@ -21,17 +21,10 @@
  */
 package org.keycloak.testsuite.oauth;
 
-import java.security.PublicKey;
-
-import org.apache.commons.io.IOUtils;
-import org.jboss.resteasy.security.PemUtils;
-import org.json.JSONObject;
 import org.junit.Assert;
-import org.junit.Before;
 import org.junit.ClassRule;
 import org.junit.Rule;
 import org.junit.Test;
-import org.keycloak.RSATokenVerifier;
 import org.keycloak.representations.SkeletonKeyToken;
 import org.keycloak.testsuite.OAuthClient;
 import org.keycloak.testsuite.OAuthClient.AccessTokenResponse;
@@ -61,14 +54,6 @@ public class AccessTokenTest {
     @WebResource
     protected LoginPage loginPage;
 
-    private PublicKey realmPublicKey;
-
-    @Before
-    public void before() throws Exception {
-        JSONObject realmJson = new JSONObject(IOUtils.toString(getClass().getResourceAsStream("/testrealm.json")));
-        realmPublicKey = PemUtils.decodePublicKey(realmJson.getString("publicKey"));
-    }
-
     @Test
     public void accessTokenRequest() throws Exception {
         oauth.doLogin("test-user@localhost", "password");
@@ -82,7 +67,8 @@ public class AccessTokenTest {
 
         Assert.assertEquals("bearer", response.getTokenType());
 
-        SkeletonKeyToken token = RSATokenVerifier.verifyToken(response.getAccessToken(), realmPublicKey, oauth.getRealm());
+        SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken());
+
         Assert.assertEquals("test-user@localhost", token.getPrincipal());
 
         Assert.assertEquals(1, token.getRealmAccess().getRoles().size());

testsuite/src/test/java/org/keycloak/testsuite/rule/KeycloakRule.java

@@ -21,81 +21,45 @@
  */
 package org.keycloak.testsuite.rule;
 
-import io.undertow.server.handlers.resource.ClassPathResourceManager;
-import io.undertow.servlet.Servlets;
 import io.undertow.servlet.api.DeploymentInfo;
-import io.undertow.servlet.api.FilterInfo;
 import io.undertow.servlet.api.ServletInfo;
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 
-import javax.servlet.DispatcherType;
 import javax.servlet.Servlet;
 
 import org.jboss.resteasy.jwt.JsonSerialization;
-import org.jboss.resteasy.plugins.server.undertow.UndertowJaxrsServer;
-import org.jboss.resteasy.spi.ResteasyDeployment;
 import org.junit.rules.ExternalResource;
-import org.keycloak.representations.idm.CredentialRepresentation;
-import org.keycloak.representations.idm.RealmRepresentation;
-import org.keycloak.services.filters.KeycloakSessionServletFilter;
-import org.keycloak.services.managers.RealmManager;
 import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.KeycloakSessionFactory;
 import org.keycloak.models.RealmModel;
-import org.keycloak.models.RoleModel;
+import org.keycloak.representations.idm.RealmRepresentation;
-import org.keycloak.models.UserModel;
+import org.keycloak.services.managers.RealmManager;
-import org.keycloak.services.resources.KeycloakApplication;
-import org.keycloak.services.resources.SaasService;
 import org.keycloak.testsuite.ApplicationServlet;
+import org.keycloak.testutils.KeycloakServer;
 
 /**
  * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
  */
 public class KeycloakRule extends ExternalResource {
 
-    private String testRealm = "testrealm.json";
+    private KeycloakServer server;
-
-    private UndertowJaxrsServer server;
-    private KeycloakSessionFactory factory;
 
     private KeycloakSetup setup;
 
     public KeycloakRule() {
     }
 
-    public KeycloakRule(String testRealm) {
-        this.testRealm = testRealm;
-    }
-    
     public KeycloakRule(KeycloakSetup setup) {
         this.setup = setup;
     }
 
     protected void before() throws Throwable {
-        ResteasyDeployment deployment = new ResteasyDeployment();
+        server = new KeycloakServer();
-        deployment.setApplicationClass(KeycloakApplication.class.getName());
+        server.start();
-        server = new UndertowJaxrsServer().start();
 
-        DeploymentInfo di = server.undertowDeployment(deployment, "rest");
+        server.importRealm(getClass().getResourceAsStream("/testrealm.json"));
-        di.setClassLoader(getClass().getClassLoader());
-        di.setContextPath("/auth-server");
-        di.setDeploymentName("Keycloak");
-        di.setResourceManager(new ClassPathResourceManager(getClass().getClassLoader(), "META-INF/resources"));
-
-        FilterInfo filter = Servlets.filter("SessionFilter", KeycloakSessionServletFilter.class);
-        di.addFilter(filter);
-        di.addFilterUrlMapping("SessionFilter", "/rest/*", DispatcherType.REQUEST);
-
-        server.deploy(di);
-
-        factory = KeycloakApplication.buildSessionFactory();
-
-        setupDefaultRealm();
-
-        importRealm(testRealm);
 
         if (setup != null) {
             configure(setup);
@@ -114,12 +78,11 @@ public class KeycloakRule extends ExternalResource {
         servlet.addMapping("/*");
 
         deploymentInfo.addServlet(servlet);
-        server.deploy(deploymentInfo);
+        server.getServer().deploy(deploymentInfo);
     }
 
     @Override
     protected void after() {
-        factory.close();
         server.stop();
     }
 
@@ -131,78 +94,31 @@ public class KeycloakRule extends ExternalResource {
             os.write(c);
         }
         byte[] bytes = os.toByteArray();
-        System.out.println(new String(bytes));
-
         return JsonSerialization.fromBytes(RealmRepresentation.class, bytes);
     }
 
-    public void setupDefaultRealm() {
-        KeycloakSession session = createSession();
-        session.getTransaction().begin();
-
-        RealmManager manager = new RealmManager(session);
-
-        RealmModel defaultRealm = manager.createRealm(RealmModel.DEFAULT_REALM, RealmModel.DEFAULT_REALM);
-        defaultRealm.setName(RealmModel.DEFAULT_REALM);
-        defaultRealm.setEnabled(true);
-        defaultRealm.setTokenLifespan(300);
-        defaultRealm.setAccessCodeLifespan(60);
-        defaultRealm.setAccessCodeLifespanUserAction(600);
-        defaultRealm.setSslNotRequired(false);
-        defaultRealm.setCookieLoginAllowed(true);
-        defaultRealm.setRegistrationAllowed(true);
-        defaultRealm.setAutomaticRegistrationAfterSocialLogin(false);
-        manager.generateRealmKeys(defaultRealm);
-        defaultRealm.addRequiredCredential(CredentialRepresentation.PASSWORD);
-        RoleModel role = defaultRealm.addRole(SaasService.REALM_CREATOR_ROLE);
-        UserModel admin = defaultRealm.addUser("admin");
-        defaultRealm.grantRole(admin, role);
-
-        session.getTransaction().commit();
-        session.close();
-    }
-
-    public void importRealm(String name) throws IOException {
-        KeycloakSession session = createSession();
-        session.getTransaction().begin();
-
-        RealmManager manager = new RealmManager(session);
-
-        RealmModel defaultRealm = manager.getRealm(RealmModel.DEFAULT_REALM);
-        UserModel admin = defaultRealm.getUser("admin");
-
-        RealmRepresentation rep = loadJson(name);
-        RealmModel realm = manager.createRealm("test", rep.getRealm());
-        manager.importRealm(rep, realm);
-        realm.addRealmAdmin(admin);
-
-        session.getTransaction().commit();
-        session.close();
-    }
-
     public void configure(KeycloakSetup configurer) {
-        KeycloakSession session = createSession();
+        KeycloakSession session = server.getKeycloakSessionFactory().createSession();
         session.getTransaction().begin();
 
-        RealmManager manager = new RealmManager(session);
+        try {
+            RealmManager manager = new RealmManager(session);
 
-        RealmModel defaultRealm = manager.getRealm(RealmModel.DEFAULT_REALM);
+            RealmModel defaultRealm = manager.getRealm(RealmModel.DEFAULT_REALM);
-        RealmModel appRealm = manager.getRealm("test");
+            RealmModel appRealm = manager.getRealm("test");
 
-        configurer.config(manager, defaultRealm, appRealm);
+            configurer.config(manager, defaultRealm, appRealm);
 
-        session.getTransaction().commit();
+            session.getTransaction().commit();
-        session.close();
+        } finally {
+            session.close();
+        }
     }
 
-    public KeycloakSession createSession() {
-        return factory.createSession();
-    }
-    
     public interface KeycloakSetup {
-        
+
         void config(RealmManager manager, RealmModel defaultRealm, RealmModel appRealm);
-        
+
     }
 
 }

testsuite/src/test/java/org/keycloak/testsuite/social/SocialLoginTest.java

@@ -26,12 +26,15 @@ import org.junit.BeforeClass;
 import org.junit.ClassRule;
 import org.junit.Rule;
 import org.junit.Test;
+import org.keycloak.representations.SkeletonKeyToken;
 import org.keycloak.services.managers.RealmManager;
 import org.keycloak.models.RealmModel;
 import org.keycloak.testsuite.DummySocialServlet;
+import org.keycloak.testsuite.OAuthClient;
+import org.keycloak.testsuite.OAuthClient.AccessTokenResponse;
 import org.keycloak.testsuite.pages.AppPage;
-import org.keycloak.testsuite.pages.LoginPage;
 import org.keycloak.testsuite.pages.AppPage.RequestType;
+import org.keycloak.testsuite.pages.LoginPage;
 import org.keycloak.testsuite.rule.KeycloakRule;
 import org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup;
 import org.keycloak.testsuite.rule.WebResource;
@@ -65,13 +68,16 @@ public class SocialLoginTest {
     @WebResource
     protected LoginPage loginPage;
 
+    @WebResource
+    protected OAuthClient oauth;
+
     @BeforeClass
     public static void before() {
         keycloakRule.deployServlet("dummy-social", "/dummy-social", DummySocialServlet.class);
     }
 
     @Test
-    public void loginSuccess() {
+    public void loginSuccess() throws Exception {
         loginPage.open();
 
         loginPage.clickSocial("dummy");
@@ -80,6 +86,15 @@ public class SocialLoginTest {
         driver.findElement(By.id("submit")).click();
 
         Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
+
+        AccessTokenResponse response = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get("code"), "password");
+
+        SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken());
+
+        Assert.assertEquals("dummy-user", token.getPrincipal());
+
+        Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
+        Assert.assertTrue(token.getRealmAccess().isUserInRole("user"));
     }
 
 }

testsuite/src/test/resources/testrealm.json

@@ -1,4 +1,5 @@
 {
+    "id": "test",
     "realm": "test",
     "enabled": true,
     "tokenLifespan": 300,