keycloak-uncached
Changes
testsuite/integration-arquillian/servers/auth-server/jboss/common/crossdc/cross-dc-setup.cli 4(+4 -0)
testsuite/integration-arquillian/servers/cache-server/jboss/common/cache-authorization.xsl 90(+90 -0)
Details
diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/crossdc/cross-dc-setup.cli b/testsuite/integration-arquillian/servers/auth-server/jboss/common/crossdc/cross-dc-setup.cli
index fd08666..2e50470 100644
--- a/testsuite/integration-arquillian/servers/auth-server/jboss/common/crossdc/cross-dc-setup.cli
+++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/crossdc/cross-dc-setup.cli
@@ -139,4 +139,8 @@ echo *** Enable debug logging ***
echo *** Update undertow subsystem ***
/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true)
+echo *** Update keycloak-server subsystem, infinispan remoteStoreSecurity ***
+/subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:map-put(name=properties,key=remoteStoreSecurityEnabled,value=${keycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled:true})
+
+
echo **** End ****
diff --git a/testsuite/integration-arquillian/servers/cache-server/jboss/common/cache-authorization.xsl b/testsuite/integration-arquillian/servers/cache-server/jboss/common/cache-authorization.xsl
new file mode 100644
index 0000000..26ce283
--- /dev/null
+++ b/testsuite/integration-arquillian/servers/cache-server/jboss/common/cache-authorization.xsl
@@ -0,0 +1,90 @@
+<!--
+ ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+ ~ and other contributors as indicated by the @author tags.
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:xalan="http://xml.apache.org/xalan"
+ version="2.0"
+ exclude-result-prefixes="xalan #all">
+
+ <xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
+ <xsl:strip-space elements="*"/>
+
+ <xsl:variable name="nsCacheServer" select="'urn:infinispan:server:core:'"/>
+ <xsl:variable name="nsDomain" select="'urn:jboss:domain:'"/>
+ <xsl:variable name="nsEndpoint" select="'urn:infinispan:server:endpoint:'"/>
+
+ <!-- Configuration of infinispan caches in infinispan-subsystem -->
+ <xsl:template match="//*[local-name()='subsystem' and starts-with(namespace-uri(), $nsCacheServer)]
+ /*[local-name()='cache-container' and starts-with(namespace-uri(), $nsCacheServer) and @name='clustered']">
+ <xsl:copy>
+ <xsl:apply-templates select="@*" />
+
+ <security>
+ <authorization>
+ <identity-role-mapper/>
+ <role name="___script_manager" permissions="ALL"/>
+ </authorization>
+ </security>
+
+ <xsl:apply-templates select="node()" />
+
+ </xsl:copy>
+ </xsl:template>
+
+ <!-- Add "authentication" into HotRod connector configuration -->
+ <xsl:template match="//*[local-name()='subsystem' and starts-with(namespace-uri(), $nsEndpoint)]
+ /*[local-name()='hotrod-connector' and starts-with(namespace-uri(), $nsEndpoint) and @cache-container='clustered']">
+ <xsl:copy>
+ <xsl:apply-templates select="@* | node()" />
+
+ <authentication security-realm="AllowScriptManager">
+ <sasl mechanisms="DIGEST-MD5" qop="auth" server-name="keycloak-jdg-server">
+ <policy>
+ <no-anonymous value="false" />
+ </policy>
+ </sasl>
+ </authentication>
+ </xsl:copy>
+ </xsl:template>
+
+ <!-- Add "AllowScriptManager" security-realm -->
+ <xsl:template match="//*[local-name()='management' and starts-with(namespace-uri(), $nsDomain)]
+ /*[local-name()='security-realms' and starts-with(namespace-uri(), $nsDomain)]">
+ <xsl:copy>
+ <xsl:apply-templates select="@* | node()" />
+
+ <xsl:element name="security-realm" namespace="{namespace-uri()}">
+ <xsl:attribute name="name">AllowScriptManager</xsl:attribute>
+ <xsl:element name="authentication" namespace="{namespace-uri()}">
+ <xsl:element name="users" namespace="{namespace-uri()}">
+ <xsl:element name="user" namespace="{namespace-uri()}">
+ <xsl:attribute name="username">___script_manager</xsl:attribute>
+ <xsl:element name="password" namespace="{namespace-uri()}">not-so-secret-password</xsl:element>
+ </xsl:element>
+ </xsl:element>
+ </xsl:element>
+ </xsl:element>
+ </xsl:copy>
+ </xsl:template>
+
+ <xsl:template match="@*|node()">
+ <xsl:copy>
+ <xsl:apply-templates select="@*|node()" />
+ </xsl:copy>
+ </xsl:template>
+
+</xsl:stylesheet>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/servers/cache-server/jboss/infinispan/pom.xml b/testsuite/integration-arquillian/servers/cache-server/jboss/infinispan/pom.xml
index a060fdd..82dbb2d 100644
--- a/testsuite/integration-arquillian/servers/cache-server/jboss/infinispan/pom.xml
+++ b/testsuite/integration-arquillian/servers/cache-server/jboss/infinispan/pom.xml
@@ -34,10 +34,11 @@
<cache.server.container>cache-server-${cache.server}</cache.server.container>
<cache.server.home>${containers.home}/${cache.server.container}</cache.server.home>
+ <cache.server.jboss.cache-authorization-disabled>true</cache.server.jboss.cache-authorization-disabled>
<cache.server.jboss.groupId>org.infinispan.server</cache.server.jboss.groupId>
<cache.server.jboss.artifactId>infinispan-server</cache.server.jboss.artifactId>
<cache.server.jboss.version>${infinispan.version}</cache.server.jboss.version>
- <cache.server.jboss.unpacked.folder.name>${cache.server.jboss.artifactId}-${infinispan.version}</cache.server.jboss.unpacked.folder.name>
+ <cache.server.jboss.unpacked.folder.name>${cache.server.jboss.artifactId}-${cache.server.jboss.version}</cache.server.jboss.unpacked.folder.name>
<cache.server.worker.io-threads>${cache.default.worker.io-threads}</cache.server.worker.io-threads>
<cache.server.worker.task-max-threads>${cache.default.worker.task-max-threads}</cache.server.worker.task-max-threads>
diff --git a/testsuite/integration-arquillian/servers/cache-server/jboss/jdg/pom.xml b/testsuite/integration-arquillian/servers/cache-server/jboss/jdg/pom.xml
index f9780b7..16cfcbf 100644
--- a/testsuite/integration-arquillian/servers/cache-server/jboss/jdg/pom.xml
+++ b/testsuite/integration-arquillian/servers/cache-server/jboss/jdg/pom.xml
@@ -34,6 +34,7 @@
<cache.server.container>cache-server-${cache.server}</cache.server.container>
<cache.server.home>${containers.home}/${cache.server.container}</cache.server.home>
+ <cache.server.jboss.cache-authorization-disabled>false</cache.server.jboss.cache-authorization-disabled>
<cache.server.jboss.groupId>org.infinispan.server</cache.server.jboss.groupId>
<cache.server.jboss.artifactId>infinispan-server</cache.server.jboss.artifactId>
<cache.server.jboss.version>${jdg.version}</cache.server.jboss.version>
diff --git a/testsuite/integration-arquillian/servers/cache-server/jboss/pom.xml b/testsuite/integration-arquillian/servers/cache-server/jboss/pom.xml
index 96c80d1..2e9e1fc 100644
--- a/testsuite/integration-arquillian/servers/cache-server/jboss/pom.xml
+++ b/testsuite/integration-arquillian/servers/cache-server/jboss/pom.xml
@@ -33,6 +33,7 @@
<common.resources>${project.parent.basedir}/common</common.resources>
<assembly.xml>${project.parent.basedir}/assembly.xml</assembly.xml>
<cache.server.jboss.home>${containers.home}/${cache.server.jboss.unpacked.folder.name}</cache.server.jboss.home>
+ <cache.server.jboss.cache-authorization-disabled>true</cache.server.jboss.cache-authorization-disabled>
<security.xslt>security.xsl</security.xslt>
</properties>
@@ -59,6 +60,7 @@
<rules>
<requireProperty>
<property>cache.server</property>
+ <property>cache.server.jboss.cache-authorization-enabled</property>
<property>cache.server.jboss.groupId</property>
<property>cache.server.jboss.artifactId</property>
<property>cache.server.jboss.version</property>
@@ -165,6 +167,29 @@
</execution>
<execution>
+ <id>configure-keycloak-authorization</id>
+ <phase>process-test-resources</phase>
+ <goals>
+ <goal>transform</goal>
+ </goals>
+ <configuration>
+ <skip>${cache.server.jboss.cache-authorization-disabled}</skip>
+ <transformationSets>
+ <!-- Configure authorization in files clustered-__dc__.xml -->
+ <transformationSet>
+ <dir>${cache.server.jboss.home}/standalone/configuration</dir>
+ <includes>
+ <include>clustered-1.xml</include>
+ <include>clustered-2.xml</include>
+ </includes>
+ <stylesheet>${common.resources}/cache-authorization.xsl</stylesheet>
+ <outputDir>${cache.server.jboss.home}/standalone/configuration</outputDir>
+ </transformationSet>
+ </transformationSets>
+ </configuration>
+ </execution>
+
+ <execution>
<id>io-worker-threads</id>
<phase>process-resources</phase>
<goals>
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/AbstractCrossDCTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/AbstractCrossDCTest.java
index 0ae1117..0dad533 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/AbstractCrossDCTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/AbstractCrossDCTest.java
@@ -377,10 +377,10 @@ public abstract class AbstractCrossDCTest extends AbstractTestRealmKeycloakTest
File dir = new File(cleanServerBaseDir);
if (dir.exists()) {
try {
- FileUtils.cleanDirectory(dir);
+ dir.renameTo(new File(dir.getParentFile(), dir.getName() + "--" + System.currentTimeMillis()));
File deploymentsDir = new File(dir, "deployments");
- deploymentsDir.mkdir();
+ FileUtils.forceMkdir(deploymentsDir);
} catch (IOException ioe) {
throw new RuntimeException("Failed to clean directory: " + cleanServerBaseDir, ioe);
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml
index 0592856..4c5ccfa 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml
@@ -384,6 +384,7 @@
-Djboss.node.name=auth-server-${node.name}-cross-dc-0_1
-Dauth.server.truststore=${auth.server.truststore}
-Dauth.server.truststore.password=${auth.server.truststore.password}
+ -Dkeycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled=${keycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled}
</property>
<property name="javaVmArguments">
-Djava.net.preferIPv4Stack=true
@@ -409,6 +410,7 @@
-Djboss.node.name=auth-server-${node.name}-cross-dc-0_2-manual
-Dauth.server.truststore=${auth.server.truststore}
-Dauth.server.truststore.password=${auth.server.truststore.password}
+ -Dkeycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled=${keycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled}
</property>
<property name="javaVmArguments">
-Djava.net.preferIPv4Stack=true
@@ -435,6 +437,7 @@
-Djboss.node.name=auth-server-${node.name}-cross-dc-1_1
-Dauth.server.truststore=${auth.server.truststore}
-Dauth.server.truststore.password=${auth.server.truststore.password}
+ -Dkeycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled=${keycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled}
</property>
<property name="javaVmArguments">
-Djava.net.preferIPv4Stack=true
@@ -460,6 +463,7 @@
-Djboss.node.name=auth-server-${node.name}-cross-dc-1_2-manual
-Dauth.server.truststore=${auth.server.truststore}
-Dauth.server.truststore.password=${auth.server.truststore.password}
+ -Dkeycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled=${keycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled}
</property>
<property name="javaVmArguments">
-Djava.net.preferIPv4Stack=true
diff --git a/testsuite/integration-arquillian/tests/pom.xml b/testsuite/integration-arquillian/tests/pom.xml
index a178e4f..c8664a5 100755
--- a/testsuite/integration-arquillian/tests/pom.xml
+++ b/testsuite/integration-arquillian/tests/pom.xml
@@ -608,6 +608,8 @@
<auth.server.crossdc11.home>${auth.server.crossdc11.home}</auth.server.crossdc11.home>
<auth.server.crossdc12.home>${auth.server.crossdc12.home}</auth.server.crossdc12.home>
+ <keycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled>${keycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled}</keycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled>
+
<!--8101-->
<auth.server.crossdc01.port.offset>21</auth.server.crossdc01.port.offset>
<!--8102-->
@@ -658,6 +660,7 @@
<cache.server.jboss>true</cache.server.jboss>
<cache.server.config.dir>${cache.server.home}/standalone/configuration</cache.server.config.dir>
<keycloak.testsuite.logging.pattern>%d{HH:mm:ss,SSS} [%t] %-5p [%c{1.}] %m%n</keycloak.testsuite.logging.pattern>
+ <keycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled>false</keycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled>
</properties>
<dependencies>
<dependency>
@@ -730,6 +733,7 @@
<cache.server.jboss>true</cache.server.jboss>
<cache.server.config.dir>${cache.server.home}/standalone/configuration</cache.server.config.dir>
<keycloak.testsuite.logging.pattern>%d{HH:mm:ss,SSS} [%t] %-5p [%c{1.}] %m%n</keycloak.testsuite.logging.pattern>
+ <keycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled>true</keycloak.connectionsInfinispan.default.remoteStoreSecurityEnabled>
</properties>
<dependencies>
<dependency>