keycloak-uncached
Changes
adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AdapterDeploymentContext.java 10(+10 -0)
testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/ProductServlet.java 3(+3 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/InputPortalNoAccessToken.java 56(+56 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/ProductPortalAutodetectBearerOnly.java 43(+43 -0)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java 248(+225 -23)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/demorealm.json 26(+26 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/input-portal-no-access-token/META-INF/context.xml 20(+20 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/input-portal-no-access-token/WEB-INF/jetty-web.xml 46(+46 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/input-portal-no-access-token/WEB-INF/keycloak.json 12(+12 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/input-portal-no-access-token/WEB-INF/web.xml 57(+57 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal/META-INF/context.xml 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal-autodetect-bearer-only/META-INF/context.xml 20(+20 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal-autodetect-bearer-only/WEB-INF/keycloak.json 11(+11 -0)
Details
diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AdapterDeploymentContext.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AdapterDeploymentContext.java
index 5625c60..701cad8 100755
--- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AdapterDeploymentContext.java
+++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/AdapterDeploymentContext.java
@@ -206,6 +206,16 @@ public class AdapterDeploymentContext {
public void setBearerOnly(boolean bearerOnly) {
delegate.setBearerOnly(bearerOnly);
}
+
+ @Override
+ public boolean isAutodetectBearerOnly() {
+ return delegate.isAutodetectBearerOnly();
+ }
+
+ @Override
+ public void setAutodetectBearerOnly(boolean autodetectBearerOnly) {
+ delegate.setAutodetectBearerOnly(autodetectBearerOnly);
+ }
@Override
public boolean isEnableBasicAuth() {
diff --git a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/ProductServlet.java b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/ProductServlet.java
index 2580813..ce07a5d 100644
--- a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/ProductServlet.java
+++ b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/ProductServlet.java
@@ -38,6 +38,9 @@ public class ProductServlet extends HttpServlet {
pw.printf("<html><head><title>%s</title></head><body>", "Product Portal");
pw.println("iPhone");
pw.println("iPad");
+ String x = req.getParameter("encodeTest");
+ String encodeTest= Boolean.toString("a<b".equals(x));
+ pw.println("uriEncodeTest=" + encodeTest);
pw.print("</body></html>");
pw.flush();
diff --git a/testsuite/integration-arquillian/tests/base/offline-token.txt b/testsuite/integration-arquillian/tests/base/offline-token.txt
new file mode 100644
index 0000000..ec747fa
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/offline-token.txt
@@ -0,0 +1 @@
+null
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/InputPortalNoAccessToken.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/InputPortalNoAccessToken.java
new file mode 100644
index 0000000..5daa0de
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/InputPortalNoAccessToken.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.testsuite.adapter.page;
+
+import org.jboss.arquillian.container.test.api.OperateOnDeployment;
+import org.jboss.arquillian.test.api.ArquillianResource;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.FindBy;
+
+import java.net.URL;
+
+/**
+ *
+ * @author vramik
+ */
+public class InputPortalNoAccessToken extends SAMLServlet {
+
+ public static final String DEPLOYMENT_NAME = "input-portal-no-access-token";
+
+ @ArquillianResource
+ @OperateOnDeployment(DEPLOYMENT_NAME)
+ private URL url;
+
+ @Override
+ public URL getInjectedUrl() {
+ return url;
+ }
+
+ @FindBy(id = "parameter")
+ private WebElement parameter;
+
+ @FindBy(name = "submit")
+ private WebElement submit;
+
+ public void execute(String param) {
+ parameter.clear();
+ parameter.sendKeys(param);
+ submit.click();
+ }
+
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/ProductPortalAutodetectBearerOnly.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/ProductPortalAutodetectBearerOnly.java
new file mode 100644
index 0000000..134c33f
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/ProductPortalAutodetectBearerOnly.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.testsuite.adapter.page;
+
+import org.jboss.arquillian.container.test.api.OperateOnDeployment;
+import org.jboss.arquillian.test.api.ArquillianResource;
+import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl;
+
+import java.net.URL;
+
+/**
+ *
+ * @author vramik
+ */
+public class ProductPortalAutodetectBearerOnly extends AbstractPageWithInjectedUrl {
+
+ public static final String DEPLOYMENT_NAME = "product-portal-autodetect-bearer-only";
+
+ @ArquillianResource
+ @OperateOnDeployment(DEPLOYMENT_NAME)
+ private URL url;
+
+ @Override
+ public URL getInjectedUrl() {
+ return url;
+ }
+
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java
index 6a8930f..bc3c812 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java
@@ -16,8 +16,24 @@
*/
package org.keycloak.testsuite.adapter.servlet;
+import java.io.File;
+import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.nio.charset.StandardCharsets;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.TimeUnit;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
import org.apache.commons.io.FileUtils;
import org.apache.http.client.utils.URLEncodedUtils;
+import org.apache.http.conn.params.ConnManagerParams;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.shrinkwrap.api.spec.WebArchive;
@@ -38,6 +54,7 @@ import org.keycloak.models.utils.SessionTimeoutHelper;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.representations.AccessToken;
+import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.VersionRepresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
@@ -45,13 +62,24 @@ import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest;
import org.keycloak.testsuite.adapter.filter.AdapterActionsFilter;
-import org.keycloak.testsuite.adapter.page.*;
+import org.keycloak.testsuite.adapter.page.BasicAuth;
+import org.keycloak.testsuite.adapter.page.CustomerDb;
+import org.keycloak.testsuite.adapter.page.CustomerDbErrorPage;
+import org.keycloak.testsuite.adapter.page.CustomerPortal;
+import org.keycloak.testsuite.adapter.page.CustomerPortalNoConf;
+import org.keycloak.testsuite.adapter.page.InputPortal;
+import org.keycloak.testsuite.adapter.page.InputPortalNoAccessToken;
+import org.keycloak.testsuite.adapter.page.ProductPortal;
+import org.keycloak.testsuite.adapter.page.ProductPortalAutodetectBearerOnly;
+import org.keycloak.testsuite.adapter.page.SecurePortal;
+import org.keycloak.testsuite.adapter.page.SecurePortalWithCustomSessionConfig;
+import org.keycloak.testsuite.adapter.page.TokenMinTTLPage;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.auth.page.account.Applications;
import org.keycloak.testsuite.auth.page.login.OAuthGrant;
import org.keycloak.testsuite.console.page.events.Config;
import org.keycloak.testsuite.console.page.events.LoginEvents;
-import org.keycloak.testsuite.util.*;
+import org.keycloak.testsuite.util.Matchers;
import org.keycloak.testsuite.util.URLUtils;
import org.keycloak.util.BasicAuthHelper;
@@ -62,31 +90,21 @@ import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
-import java.io.File;
-import java.io.IOException;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.nio.charset.StandardCharsets;
-import java.util.Arrays;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.TimeUnit;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-import java.util.stream.Collectors;
-import java.util.stream.Stream;
-
-import static org.junit.Assert.*;
-
import javax.ws.rs.core.Response.Status;
-import static org.hamcrest.Matchers.*;
+import static org.hamcrest.Matchers.anyOf;
+import static org.hamcrest.Matchers.containsString;
+import static org.hamcrest.Matchers.notNullValue;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertThat;
+import static org.junit.Assert.assertTrue;
import static org.keycloak.testsuite.auth.page.AuthRealm.DEMO;
import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlEquals;
-import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith;
import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWithLoginUrlOf;
-import static org.keycloak.testsuite.util.WaitUtils.*;
+import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
/**
*
@@ -109,8 +127,12 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
@Page
private ProductPortal productPortal;
@Page
+ private ProductPortalAutodetectBearerOnly productPortalAutodetectBearerOnly;
+ @Page
private InputPortal inputPortal;
@Page
+ private InputPortalNoAccessToken inputPortalNoAccessToken;
+ @Page
private TokenMinTTLPage tokenMinTTLPage;
@Page
private OAuthGrant oAuthGrantPage;
@@ -160,11 +182,21 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
protected static WebArchive productPortal() {
return servletDeployment(ProductPortal.DEPLOYMENT_NAME, ProductServlet.class);
}
+
+ @Deployment(name = ProductPortalAutodetectBearerOnly.DEPLOYMENT_NAME)
+ protected static WebArchive productPortalAutodetectBearerOnly() {
+ return servletDeployment(ProductPortalAutodetectBearerOnly.DEPLOYMENT_NAME, ProductServlet.class);
+ }
@Deployment(name = InputPortal.DEPLOYMENT_NAME)
protected static WebArchive inputPortal() {
return servletDeployment(InputPortal.DEPLOYMENT_NAME, "keycloak.json", InputServlet.class, ServletTestUtils.class);
}
+
+ @Deployment(name = InputPortalNoAccessToken.DEPLOYMENT_NAME)
+ protected static WebArchive inputPortalNoAccessToken() {
+ return servletDeployment(InputPortalNoAccessToken.DEPLOYMENT_NAME, "keycloak.json", InputServlet.class, ServletTestUtils.class);
+ }
@Deployment(name = TokenMinTTLPage.DEPLOYMENT_NAME)
protected static WebArchive tokenMinTTLPage() {
@@ -184,7 +216,7 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
applicationsPage.setAuthRealm(DEMO);
loginEventsPage.setConsoleRealm(DEMO);
}
-
+
@Before
public void beforeDemoServletsAdapterTest() {
// Delete all cookies from token-min-ttl page to be sure we are logged out
@@ -813,5 +845,175 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
String pageSource = driver.getPageSource();
assertTrue(pageSource.contains("Forbidden") || pageSource.contains("HTTP Status 401"));
}
+
+ // KEYCLOAK-3509
+ @Test
+ public void testLoginEncodedRedirectUri() {
+ // test login to customer-portal which does a bearer request to customer-db
+ driver.navigate().to(productPortal.getInjectedUrl() + "?encodeTest=a%3Cb");
+ System.out.println("Current url: " + driver.getCurrentUrl());
+ assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
+ testRealmLoginPage.form().login("bburke@redhat.com", "password");
+ System.out.println("Current url: " + driver.getCurrentUrl());
+
+ assertCurrentUrlEquals(productPortal + "?encodeTest=a%3Cb");
+ String pageSource = driver.getPageSource();
+ Assert.assertTrue(pageSource.contains("iPhone"));
+ Assert.assertTrue(pageSource.contains("uriEncodeTest=true"));
+
+ driver.navigate().to(productPortal.getInjectedUrl());
+ assertCurrentUrlEquals(productPortal);
+ System.out.println(driver.getCurrentUrl());
+ Assert.assertTrue(driver.getPageSource().contains("uriEncodeTest=false"));
+
+ // test logout
+ String logoutUri = OIDCLoginProtocolService.logoutUrl(authServerPage.createUriBuilder())
+ .queryParam(OAuth2Constants.REDIRECT_URI, customerPortal.toString())
+ .build("demo").toString();
+ driver.navigate().to(logoutUri);
+ assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
+ productPortal.navigateTo();
+ assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
+ customerPortal.navigateTo();
+ assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
+
+ }
+
+ @Test
+ public void testAutodetectBearerOnly() {
+ Client client = ClientBuilder.newClient();
+
+ // Do not redirect client to login page if it's an XHR
+ System.out.println(productPortalAutodetectBearerOnly.getInjectedUrl().toString());
+ WebTarget target = client.target(productPortalAutodetectBearerOnly.getInjectedUrl().toString());
+ Response response = target.request().header("X-Requested-With", "XMLHttpRequest").get();
+ Assert.assertEquals(401, response.getStatus());
+ response.close();
+
+ // Do not redirect client to login page if it's a partial Faces request
+ response = target.request().header("Faces-Request", "partial/ajax").get();
+ Assert.assertEquals(401, response.getStatus());
+ response.close();
+
+ // Do not redirect client to login page if it's a SOAP request
+ response = target.request().header("SOAPAction", "").get();
+ Assert.assertEquals(401, response.getStatus());
+ response.close();
+
+ // Do not redirect client to login page if Accept header is missing
+ response = target.request().get();
+ Assert.assertEquals(401, response.getStatus());
+ response.close();
+
+ // Do not redirect client to login page if client does not understand HTML reponses
+ response = target.request().header(HttpHeaders.ACCEPT, "application/json,text/xml").get();
+ Assert.assertEquals(401, response.getStatus());
+ response.close();
+
+ // Redirect client to login page if it's not an XHR
+ response = target.request().header("X-Requested-With", "Dont-Know").header(HttpHeaders.ACCEPT, "*/*").get();
+ Assert.assertEquals(302, response.getStatus());
+ Assert.assertTrue(response.getHeaderString(HttpHeaders.LOCATION).contains("response_type=code"));
+ response.close();
+
+ // Redirect client to login page if client explicitely understands HTML responses
+ response = target.request().header(HttpHeaders.ACCEPT, "text/html,application/xhtml+xml,application/xml;q=0.9").get();
+ Assert.assertEquals(302, response.getStatus());
+ Assert.assertTrue(response.getHeaderString(HttpHeaders.LOCATION).contains("response_type=code"));
+ response.close();
+
+ // Redirect client to login page if client understands all response types
+ response = target.request().header(HttpHeaders.ACCEPT, "*/*").get();
+ Assert.assertEquals(302, response.getStatus());
+ Assert.assertTrue(response.getHeaderString(HttpHeaders.LOCATION).contains("response_type=code"));
+ response.close();
+ client.close();
+ }
+
+ // KEYCLOAK-3016
+ @Test
+ public void testBasicAuthErrorHandling() {
+ Client client = ClientBuilder.newClient();
+ WebTarget target = client.target(customerDb.getInjectedUrl().toString());
+ Response response = target.request().get();
+ Assert.assertEquals(401, response.getStatus());
+ response.close();
+
+ // The number of iterations should be HttpClient's connection pool size + 1.
+ final int LIMIT = ConnManagerParams.DEFAULT_MAX_TOTAL_CONNECTIONS + 1;
+ for (int i = 0; i < LIMIT; i++) {
+ System.out.println("Testing Basic Auth with bad credentials " + i);
+ response = target.request().header(HttpHeaders.AUTHORIZATION, "Basic dXNlcm5hbWU6cGFzc3dvcmQ=").get();
+ Assert.assertEquals(401, response.getStatus());
+ response.close();
+ }
+
+ client.close();
+ }
+
+ // KEYCLOAK-1733
+ @Test
+ public void testNullQueryParameterAccessToken() {
+ Client client = ClientBuilder.newClient();
+
+ WebTarget target = client.target(customerDb.getInjectedUrl().toString());
+ Response response = target.request().get();
+ Assert.assertEquals(401, response.getStatus());
+ response.close();
+
+ target = client.target(customerDb.getInjectedUrl().toString() + "?access_token=");
+ response = target.request().get();
+ Assert.assertEquals(401, response.getStatus());
+ response.close();
+
+ client.close();
+ }
+
+ // KEYCLOAK-1733
+ @Test
+ public void testRestCallWithAccessTokenAsQueryParameter() {
+
+ Client client = ClientBuilder.newClient();
+ try {
+ WebTarget webTarget = client.target(testRealmPage.toString() + "/protocol/openid-connect/token");
+ Form form = new Form();
+ form.param("grant_type", "password");
+ form.param("client_id", "customer-portal-public");
+ form.param("username", "bburke@redhat.com");
+ form.param("password", "password");
+ Response response = webTarget.request().post(Entity.form(form));
+
+ Assert.assertEquals(200, response.getStatus());
+ AccessTokenResponse tokenResponse = response.readEntity(AccessTokenResponse.class);
+ response.close();
+
+ String accessToken = tokenResponse.getToken();
+
+ // test without token
+ response = client.target(customerDb.getInjectedUrl().toString()).request().get();
+ Assert.assertEquals(401, response.getStatus());
+ response.close();
+ // test with access_token as QueryParamter
+ response = client.target(customerDb.getInjectedUrl().toString()).queryParam("access_token", accessToken).request().get();
+ Assert.assertEquals(200, response.getStatus());
+ response.close();
+ } finally {
+ client.close();
+ }
+ }
+
+ //KEYCLOAK-4765
+ @Test
+ @Ignore
+ public void testCallURLWithAccessToken() {
+ // test login to customer-portal which does a bearer request to customer-db
+ String applicationURL = inputPortalNoAccessToken.getInjectedUrl().toString() + "?access_token=invalid_token";
+ driver.navigate().to(applicationURL);
+ System.out.println("Current url: " + driver.getCurrentUrl());
+
+ Assert.assertEquals(applicationURL, driver.getCurrentUrl());
+ System.out.println(driver.getPageSource());
+ inputPortalNoAccessToken.execute("hello");
+ }
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/demorealm.json b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/demorealm.json
index a046827..1570278 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/demorealm.json
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/demorealm.json
@@ -182,6 +182,12 @@
]
},
{
+ "clientId": "customer-portal-public",
+ "enabled": true,
+ "publicClient": true,
+ "directAccessGrantsEnabled": true
+ },
+ {
"clientId": "product-portal",
"enabled": true,
"adminUrl": "/product-portal",
@@ -202,6 +208,16 @@
"secret": "password"
},
{
+ "clientId": "product-portal-autodetect-bearer-only",
+ "enabled": true,
+ "adminUrl": "/product-portal-autodetect-bearer-only",
+ "baseUrl": "/product-portal-autodetect-bearer-only",
+ "redirectUris": [
+ "/product-portal-autodetect-bearer-only/*"
+ ],
+ "secret": "password"
+ },
+ {
"clientId": "secure-portal",
"enabled": true,
"adminUrl": "/secure-portal",
@@ -248,6 +264,16 @@
"secret": "password"
},
{
+ "clientId": "input-portal-no-access-token",
+ "enabled": true,
+ "adminUrl": "/input-portal-no-access-token",
+ "baseUrl": "/input-portal-no-access-token",
+ "redirectUris": [
+ "/input-portal-no-access-token/*"
+ ],
+ "secret": "password"
+ },
+ {
"clientId": "token-min-ttl",
"enabled": true,
"adminUrl": "/token-min-ttl",
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/input-portal-no-access-token/META-INF/context.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/input-portal-no-access-token/META-INF/context.xml
new file mode 100644
index 0000000..12ec58c
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/input-portal-no-access-token/META-INF/context.xml
@@ -0,0 +1,20 @@
+<!--
+ ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+ ~ and other contributors as indicated by the @author tags.
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<Context path="/input-portal">
+ <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
+</Context>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/input-portal-no-access-token/WEB-INF/jetty-web.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/input-portal-no-access-token/WEB-INF/jetty-web.xml
new file mode 100644
index 0000000..8c59313
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/input-portal-no-access-token/WEB-INF/jetty-web.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0"?>
+<!--
+ ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+ ~ and other contributors as indicated by the @author tags.
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+<Configure class="org.eclipse.jetty.webapp.WebAppContext">
+ <Get name="securityHandler">
+ <Set name="authenticator">
+ <New class="org.keycloak.adapters.jetty.KeycloakJettyAuthenticator">
+ <!--
+ <Set name="adapterConfig">
+ <New class="org.keycloak.representations.adapters.config.AdapterConfig">
+ <Set name="realm">tomcat</Set>
+ <Set name="resource">customer-portal</Set>
+ <Set name="authServerUrl">http://localhost:8180/auth</Set>
+ <Set name="sslRequired">external</Set>
+ <Set name="credentials">
+ <Map>
+ <Entry>
+ <Item>secret</Item>
+ <Item>password</Item>
+ </Entry>
+ </Map>
+ </Set>
+ <Set name="realmKey">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB</Set>
+ </New>
+ </Set>
+ -->
+ </New>
+ </Set>
+ </Get>
+</Configure>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/input-portal-no-access-token/WEB-INF/keycloak.json b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/input-portal-no-access-token/WEB-INF/keycloak.json
new file mode 100644
index 0000000..92446db
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/input-portal-no-access-token/WEB-INF/keycloak.json
@@ -0,0 +1,12 @@
+{
+ "realm" : "demo",
+ "resource" : "input-portal-no-access-token",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "auth-server-url" : "http://${my.host.name}:8180/auth",
+ "ssl-required" : "external",
+ "min-time-between-jwks-requests": 120,
+ "credentials" : {
+ "secret": "password"
+ },
+ "ignore-oauth-query-parameter": true
+}
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/input-portal-no-access-token/WEB-INF/web.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/input-portal-no-access-token/WEB-INF/web.xml
new file mode 100644
index 0000000..272a262
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/input-portal-no-access-token/WEB-INF/web.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+ ~ and other contributors as indicated by the @author tags.
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>input-portal-no-access-token</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.servlet.InputServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Users</web-resource-name>
+ <url-pattern>/secured/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>KEYCLOAK</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal/META-INF/context.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal/META-INF/context.xml
index b4ddcce..5fb1b92 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal/META-INF/context.xml
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal/META-INF/context.xml
@@ -15,6 +15,6 @@
~ limitations under the License.
-->
-<Context path="/customer-portal">
+<Context path="/product-portal">
<Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
</Context>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal-autodetect-bearer-only/META-INF/context.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal-autodetect-bearer-only/META-INF/context.xml
new file mode 100644
index 0000000..5fb1b92
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal-autodetect-bearer-only/META-INF/context.xml
@@ -0,0 +1,20 @@
+<!--
+ ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+ ~ and other contributors as indicated by the @author tags.
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<Context path="/product-portal">
+ <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
+</Context>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal-autodetect-bearer-only/WEB-INF/keycloak.json b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal-autodetect-bearer-only/WEB-INF/keycloak.json
new file mode 100644
index 0000000..3daaed6
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal-autodetect-bearer-only/WEB-INF/keycloak.json
@@ -0,0 +1,11 @@
+{
+ "realm" : "demo",
+ "resource" : "product-portal-autodetect-bearer-only",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "auth-server-url" : "http://localhost:8180/auth",
+ "ssl-required" : "external",
+ "credentials" : {
+ "secret": "password"
+ },
+ "autodetect-bearer-only" : true
+}
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal-autodetect-bearer-only/WEB-INF/web.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal-autodetect-bearer-only/WEB-INF/web.xml
new file mode 100644
index 0000000..0f41c30
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal-autodetect-bearer-only/WEB-INF/web.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+ ~ and other contributors as indicated by the @author tags.
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>product-portal-autodetect-bearer-only</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.servlet.ProductServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Users</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>KEYCLOAK</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal-subsystem/META-INF/context.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal-subsystem/META-INF/context.xml
index b4ddcce..5fb1b92 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal-subsystem/META-INF/context.xml
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal-subsystem/META-INF/context.xml
@@ -15,6 +15,6 @@
~ limitations under the License.
-->
-<Context path="/customer-portal">
+<Context path="/product-portal">
<Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
</Context>
\ No newline at end of file