Merge pull request #26792 from sberyozkin/test_security_principal

Add TestPrincipalProducer
quarkusio · Jul 18, 2022 · c328e8e · c328e8e
2 parents aadc299 + fdab669
commit c328e8e
Show file tree

Hide file tree

Showing 7 changed files with 54 additions and 11 deletions.
diff --git a/...ion-tests/elytron-resteasy/src/main/java/io/quarkus/it/resteasy/elytron/RootResource.java b/...ion-tests/elytron-resteasy/src/main/java/io/quarkus/it/resteasy/elytron/RootResource.java
@@ -1,5 +1,6 @@
 package io.quarkus.it.resteasy.elytron;
 
+import java.security.Principal;
 import java.util.Map;
 import java.util.stream.Collectors;
 
@@ -21,6 +22,8 @@
 public class RootResource {
     @Inject
     SecurityIdentity identity;
+    @Inject
+    Principal principal;
 
     @POST
     @Consumes(MediaType.TEXT_PLAIN)
@@ -54,7 +57,7 @@ public String getSecure() {
     @Path("/user")
     @RolesAllowed("user")
     public String user(@Context SecurityContext sec) {
-        return sec.getUserPrincipal().getName();
+        return sec.getUserPrincipal().getName() + ":" + identity.getPrincipal().getName() + ":" + principal.getName();
     }
 
     @GET

diff --git a/...s/elytron-resteasy/src/test/java/io/quarkus/it/resteasy/elytron/TestSecurityTestCase.java b/...s/elytron-resteasy/src/test/java/io/quarkus/it/resteasy/elytron/TestSecurityTestCase.java
@@ -80,7 +80,7 @@ void testTestUserCorrectRole() {
                 .get("/user")
                 .then()
                 .statusCode(200)
-                .body(is("testUser"));
+                .body(is("testUser:testUser:testUser"));
     }
 
     @Test

diff --git a/integration-tests/oidc-code-flow/src/main/java/io/quarkus/it/keycloak/ProtectedResource.java b/integration-tests/oidc-code-flow/src/main/java/io/quarkus/it/keycloak/ProtectedResource.java
@@ -1,5 +1,6 @@
 package io.quarkus.it.keycloak;
 
+import java.security.Principal;
 import java.util.stream.Collectors;
 
 import javax.inject.Inject;
@@ -32,6 +33,9 @@ public class ProtectedResource {
     @Inject
     SecurityIdentity identity;
 
+    @Inject
+    Principal principal;
+
     @Inject
     OidcConfigurationMetadata configMetadata;
 
@@ -63,13 +67,15 @@ public class ProtectedResource {
     @GET
     @Path("test-security")
     public String testSecurity() {
-        return securityContext.getUserPrincipal().getName();
+        return securityContext.getUserPrincipal().getName() + ":" + identity.getPrincipal().getName() + ":"
+                + principal.getName();
     }
 
     @GET
     @Path("test-security-oidc")
     public String testSecurityJwt() {
-        return idToken.getName() + ":" + idToken.getGroups().iterator().next()
+        return idToken.getName() + ":" + identity.getPrincipal().getName() + ":" + principal.getName()
+                + ":" + idToken.getGroups().iterator().next()
                 + ":" + idToken.getClaim("email")
                 + ":" + userInfo.getString("sub")
                 + ":" + configMetadata.get("audience");

diff --git a/...n-tests/oidc-code-flow/src/test/java/io/quarkus/it/keycloak/TestSecurityLazyAuthTest.java b/...n-tests/oidc-code-flow/src/test/java/io/quarkus/it/keycloak/TestSecurityLazyAuthTest.java
@@ -21,7 +21,7 @@ public class TestSecurityLazyAuthTest {
     @TestSecurity(user = "user1", roles = "viewer")
     public void testWithDummyUser() {
         RestAssured.when().get("test-security").then()
-                .body(is("user1"));
+                .body(is("user1:user1:user1"));
     }
 
     @Test
@@ -35,7 +35,7 @@ public void testWithDummyUser() {
     })
     public void testJwtWithDummyUser() {
         RestAssured.when().get("test-security-oidc").then()
-                .body(is("userOidc:viewer:[email protected]:subject:aud"));
+                .body(is("userOidc:userOidc:userOidc:viewer:[email protected]:subject:aud"));
     }
 
 }
diff --git a/...lrye-jwt-token-propagation/src/main/java/io/quarkus/it/keycloak/ProtectedJwtResource.java b/...lrye-jwt-token-propagation/src/main/java/io/quarkus/it/keycloak/ProtectedJwtResource.java
@@ -1,5 +1,7 @@
 package io.quarkus.it.keycloak;
 
+import java.security.Principal;
+
 import javax.annotation.security.RolesAllowed;
 import javax.inject.Inject;
 import javax.ws.rs.Consumes;
@@ -21,6 +23,9 @@ public class ProtectedJwtResource {
     @Inject
     SecurityIdentity identity;
 
+    @Inject
+    Principal principal;
+
     @Inject
     JsonWebToken accessToken;
 
@@ -31,7 +36,8 @@ public class ProtectedJwtResource {
     @Path("test-security")
     @RolesAllowed("viewer")
     public String testSecurity() {
-        return securityContext.getUserPrincipal().getName();
+        return securityContext.getUserPrincipal().getName() + ":" + identity.getPrincipal().getName() + ":"
+                + principal.getName();
     }
 
     @POST
@@ -46,7 +52,7 @@ public String testSecurityJson(User user) {
     @Path("test-security-jwt")
     @RolesAllowed("viewer")
     public String testSecurityJwt() {
-        return accessToken.getName() + ":" + accessToken.getGroups().iterator().next()
-                + ":" + accessToken.getClaim("email");
+        return accessToken.getName() + ":" + identity.getPrincipal().getName() + ":" + principal.getName()
+                + ":" + accessToken.getGroups().iterator().next() + ":" + accessToken.getClaim("email");
     }
 }
diff --git a/...-jwt-token-propagation/src/test/java/io/quarkus/it/keycloak/TestSecurityLazyAuthTest.java b/...-jwt-token-propagation/src/test/java/io/quarkus/it/keycloak/TestSecurityLazyAuthTest.java
@@ -20,7 +20,7 @@ public class TestSecurityLazyAuthTest {
     @TestSecurity(user = "user1", roles = "viewer")
     public void testWithDummyUser() {
         RestAssured.when().get("test-security").then()
-                .body(is("user1"));
+                .body(is("user1:user1:user1"));
     }
 
     @Test
@@ -50,7 +50,7 @@ public void testPostWithDummyUserForbidden() {
     })
     public void testJwtGetWithDummyUser() {
         RestAssured.when().get("test-security-jwt").then()
-                .body(is("userJwt:viewer:[email protected]"));
+                .body(is("userJwt:userJwt:userJwt:viewer:[email protected]"));
     }
 
 }
diff --git a/test-framework/security/src/main/java/io/quarkus/test/security/TestPrincipalProducer.java b/test-framework/security/src/main/java/io/quarkus/test/security/TestPrincipalProducer.java
@@ -0,0 +1,28 @@
+package io.quarkus.test.security;
+
+import java.security.Principal;
+
+import javax.annotation.Priority;
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.context.RequestScoped;
+import javax.enterprise.inject.Alternative;
+import javax.enterprise.inject.Produces;
+import javax.inject.Inject;
+import javax.interceptor.Interceptor;
+
+import io.quarkus.security.identity.SecurityIdentity;
+
+@Alternative
+@Priority(Interceptor.Priority.LIBRARY_AFTER)
+@ApplicationScoped
+public class TestPrincipalProducer {
+
+    @Inject
+    SecurityIdentity testIdentity;
+
+    @Produces
+    @RequestScoped
+    public Principal getTestIdentity() {
+        return testIdentity.getPrincipal();
+    }
+}