-
Notifications
You must be signed in to change notification settings - Fork 282
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[ELY-2034] Add tests for the OpenID Connect mechanism
- Loading branch information
Showing
8 changed files
with
803 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
131 changes: 131 additions & 0 deletions
131
http/oidc/src/test/java/org/wildfly/security/http/oidc/KeycloakConfiguration.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,131 @@ | ||
| /* | ||
| * JBoss, Home of Professional Open Source. | ||
| * Copyright 2021 Red Hat, Inc., and individual contributors | ||
| * as indicated by the @author tags. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package org.wildfly.security.http.oidc; | ||
|
|
||
| import java.util.ArrayList; | ||
| import java.util.Arrays; | ||
| import java.util.List; | ||
|
|
||
| import org.keycloak.representations.AccessTokenResponse; | ||
| import org.keycloak.representations.idm.ClientRepresentation; | ||
| import org.keycloak.representations.idm.CredentialRepresentation; | ||
| import org.keycloak.representations.idm.RealmRepresentation; | ||
| import org.keycloak.representations.idm.RoleRepresentation; | ||
| import org.keycloak.representations.idm.RolesRepresentation; | ||
| import org.keycloak.representations.idm.UserRepresentation; | ||
|
|
||
| import io.restassured.RestAssured; | ||
|
|
||
| /** | ||
| * Keycloak configuration for testing. | ||
| * | ||
| * @author <a href="mailto:[email protected]">Farah Juma</a> | ||
| */ | ||
| public class KeycloakConfiguration { | ||
|
|
||
| private static final String USER_ROLE = "user"; | ||
| private static final String ADMIN_ROLE = "admin"; | ||
| public static final String ALICE = "alice"; | ||
| public static final String ALICE_PASSWORD = "alice123+"; | ||
| private static final String BOB = "bob"; | ||
| private static final String BOB_PASSWORD = "bob123+"; | ||
|
|
||
| /** | ||
| * Configure RealmRepresentation as follows: | ||
| * <ul> | ||
| * <li>Two realm roles ("admin", "user")</li> | ||
| * <li>Two users:<li> | ||
| * <ul> | ||
| * <li>user named alice and password alice123+ with "admin" and "user" role</li> | ||
| * <li>user named bob and password bob123+ with "user" role</li> | ||
| * </ul> | ||
| * </ul> | ||
| */ | ||
| public static RealmRepresentation getRealmRepresentation(final String realmName, String clientId, String clientSecret, | ||
| String clientHostName, int clientPort, String clientApp) { | ||
| return createRealm(realmName, clientId, clientSecret, clientHostName, clientPort, clientApp); | ||
| } | ||
|
|
||
| public static String getAdminAccessToken(String authServerUrl) { | ||
| return RestAssured | ||
| .given() | ||
| .param("grant_type", "password") | ||
| .param("username", KeycloakContainer.KEYCLOAK_ADMIN_USER) | ||
| .param("password", KeycloakContainer.KEYCLOAK_ADMIN_PASSWORD) | ||
| .param("client_id", "admin-cli") | ||
| .when() | ||
| .post(authServerUrl + "/realms/master/protocol/openid-connect/token") | ||
| .as(AccessTokenResponse.class).getToken(); | ||
| } | ||
|
|
||
| private static RealmRepresentation createRealm(String name, String clientId, String clientSecret, | ||
| String clientHostName, int clientPort, String clientApp) { | ||
| RealmRepresentation realm = new RealmRepresentation(); | ||
|
|
||
| realm.setRealm(name); | ||
| realm.setEnabled(true); | ||
| realm.setUsers(new ArrayList<>()); | ||
| realm.setClients(new ArrayList<>()); | ||
| realm.setAccessTokenLifespan(3); | ||
| realm.setSsoSessionMaxLifespan(3); | ||
|
|
||
| RolesRepresentation roles = new RolesRepresentation(); | ||
| List<RoleRepresentation> realmRoles = new ArrayList<>(); | ||
|
|
||
| roles.setRealm(realmRoles); | ||
| realm.setRoles(roles); | ||
|
|
||
| realm.getRoles().getRealm().add(new RoleRepresentation("user", null, false)); | ||
| realm.getRoles().getRealm().add(new RoleRepresentation("admin", null, false)); | ||
|
|
||
| realm.getClients().add(createWebAppClient(clientId, clientSecret, clientHostName, clientPort, clientApp)); | ||
|
|
||
| realm.getUsers().add(createUser(ALICE, ALICE_PASSWORD, Arrays.asList(USER_ROLE, ADMIN_ROLE))); | ||
| realm.getUsers().add(createUser(BOB, BOB_PASSWORD, Arrays.asList(USER_ROLE))); | ||
| return realm; | ||
| } | ||
|
|
||
| private static ClientRepresentation createWebAppClient(String clientId, String clientSecret, String clientHostName, int clientPort, String clientApp) { | ||
| ClientRepresentation client = new ClientRepresentation(); | ||
| client.setClientId(clientId); | ||
| client.setPublicClient(false); | ||
| client.setSecret(clientSecret); | ||
| //client.setRedirectUris(Arrays.asList("*")); | ||
| client.setRedirectUris(Arrays.asList("http://" + clientHostName + ":" + clientPort + "/" + clientApp)); | ||
| client.setEnabled(true); | ||
| return client; | ||
| } | ||
|
|
||
| private static UserRepresentation createUser(String username, String password, List<String> realmRoles) { | ||
| UserRepresentation user = new UserRepresentation(); | ||
| user.setUsername(username); | ||
| user.setEnabled(true); | ||
| user.setCredentials(new ArrayList<>()); | ||
| user.setRealmRoles(realmRoles); | ||
| user.setEmail(username + "@gmail.com"); | ||
|
|
||
| CredentialRepresentation credential = new CredentialRepresentation(); | ||
| credential.setType(CredentialRepresentation.PASSWORD); | ||
| credential.setValue(password); | ||
| credential.setTemporary(false); | ||
| user.getCredentials().add(credential); | ||
| return user; | ||
| } | ||
|
|
||
| } |
61 changes: 61 additions & 0 deletions
61
http/oidc/src/test/java/org/wildfly/security/http/oidc/KeycloakContainer.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,61 @@ | ||
| /* | ||
| * JBoss, Home of Professional Open Source. | ||
| * Copyright 2021 Red Hat, Inc., and individual contributors | ||
| * as indicated by the @author tags. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package org.wildfly.security.http.oidc; | ||
|
|
||
| import org.testcontainers.containers.GenericContainer; | ||
| import org.testcontainers.containers.wait.strategy.Wait; | ||
|
|
||
| /** | ||
| * KeycloakContainer for testing. | ||
| * | ||
| * @author <a href="mailto:[email protected]">Farah Juma</a> | ||
| */ | ||
| public class KeycloakContainer extends GenericContainer<KeycloakContainer> { | ||
| public static final String KEYCLOAK_ADMIN_USER = "admin"; | ||
| public static final String KEYCLOAK_ADMIN_PASSWORD = "admin"; | ||
| private static final String KEYCLOAK_AUTH_PATH = "/auth"; | ||
|
|
||
| private static final String KEYCLOAK_IMAGE = "quay.io/keycloak/keycloak:latest"; | ||
| private static final int KEYCLOAK_PORT_HTTP = 8080; | ||
| private static final int KEYCLOAK_PORT_HTTPS = 8443; | ||
|
|
||
| private boolean useHttps; | ||
|
|
||
| public KeycloakContainer() { | ||
| this(false); | ||
| } | ||
|
|
||
| public KeycloakContainer(final boolean useHttps) { | ||
| super(KEYCLOAK_IMAGE); | ||
| this.useHttps = useHttps; | ||
|
|
||
| } | ||
|
|
||
| @Override | ||
| protected void configure() { | ||
| withExposedPorts(KEYCLOAK_PORT_HTTP, KEYCLOAK_PORT_HTTPS); | ||
| waitingFor(Wait.forHttp("/auth").forPort(8080)); | ||
| withEnv("KEYCLOAK_USER", KEYCLOAK_ADMIN_USER); | ||
| withEnv("KEYCLOAK_PASSWORD", KEYCLOAK_ADMIN_PASSWORD); | ||
| } | ||
|
|
||
| public String getAuthServerUrl() { | ||
| return String.format("http://%s:%s%s", getContainerIpAddress(), useHttps ? getMappedPort(KEYCLOAK_PORT_HTTPS) : getMappedPort(KEYCLOAK_PORT_HTTP), KEYCLOAK_AUTH_PATH); | ||
| } | ||
| } |
Oops, something went wrong.